import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.AdminClientConfig;
import org.apache.kafka.clients.admin.DeleteAclsResult;
import org.apache.kafka.clients.admin.DescribeAclsResult;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
//kafka创建用户授权
public class KafkaPress {
public static final AclBindingFilter ANY = new AclBindingFilter(ResourcePatternFilter.ANY, AccessControlEntryFilter.ANY);
public static void main(String[] args) {
//setPermissions();//创建用户赋权限
describeAllACL();//查看全部用户信息
//deleteAcls();//删除用户权限
}
//创建用户赋权限
public static void setPermissions(){
AdminClient adminClient = getClient();
// principal:User:test2是需要赋予权限的帐号
// host:主机 (*号即可)
// operation:权限操作
// permissionType:权限类型
AccessControlEntry ace = new AccessControlEntry("User:bbb", "*", AclOperation.ALL, AclPermissionType.ALLOW);
// resourceType:资源类型(topic)
// name:topic名称
// patternType:资源模式类型
ResourcePattern rp = new ResourcePattern(ResourceType.TOPIC, "test_log", PatternType.LITERAL);
AclBinding ab = new AclBinding(rp, ace);
// 多个权限赋予可以传list
List<AclBinding> ablist = Arrays.asList(ab);
adminClient.createAcls(ablist);
// 可以查看赋予用户的所有权限
DescribeAclsResult result = adminClient.describeAcls(AclBindingFilter.ANY);
try {
Collection<AclBinding> gets = result.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name());
System.out.println(get.pattern().patternType());
System.out.println(get.pattern().resourceType());
System.out.println(get.entry().principal());
System.out.println(get.entry().permissionType());
System.out.println(get.entry().operation());
System.out.println("-------------------------");
}
} catch (InterruptedException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
adminClient.close();
}
public static void deleteAcls() {
AdminClient adminClient = getClient();
ResourcePatternFilter resourcePatternFilter = new ResourcePatternFilter(ResourceType.TOPIC, "test_log", PatternType.LITERAL);
AccessControlEntryFilter accessControlEntryFilter=new AccessControlEntryFilter("User:bbb","*", AclOperation.ALL, AclPermissionType.ALLOW);
AclBindingFilter aclBinding=new AclBindingFilter(resourcePatternFilter,accessControlEntryFilter);
Collection<AclBindingFilter> aclBindingCollection= new ArrayList<>();
aclBindingCollection.add(aclBinding);
DeleteAclsResult aclResult = adminClient.deleteAcls(aclBindingCollection);
KafkaFuture<Collection<AclBinding>> result = aclResult.all();
try {
result.get();
if (result.isDone()){
System.out.println(result.toString());
}
DescribeAclsResult re = adminClient.describeAcls(AclBindingFilter.ANY);
Collection<AclBinding> gets = re.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name());
System.out.println(get.pattern().patternType());
System.out.println(get.pattern().resourceType());
System.out.println(get.entry().principal());
System.out.println(get.entry().permissionType());
System.out.println(get.entry().operation());
System.out.println("-------------------------");
}
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
}
//查看全部用户信息
public static void describeAllACL(){
AdminClient adminClient = getClient();
DescribeAclsResult result = adminClient.describeAcls(AclBindingFilter.ANY);
try {
Collection<AclBinding> gets = result.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name());
System.out.println(get.pattern().patternType());
System.out.println(get.pattern().resourceType());
System.out.println(get.entry().principal());
System.out.println(get.entry().permissionType());
System.out.println(get.entry().operation());
System.out.println("-------------------------");
}
} catch (InterruptedException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
//查看指定用户信息
public static void describeAccount(String user){
try{
//构造kaf_java_int的资源对象。这里ResourceType.ANY改为ResourceType.GROUP那么就只能输出kaf_java_int账号相关的Group ID信息。
ResourcePatternFilter resourcePatternFilter = new ResourcePatternFilter(ResourceType.ANY, user, PatternType.ANY);
//绑定查询权限
AclBindingFilter aclBindingFilter=new AclBindingFilter(resourcePatternFilter,AccessControlEntryFilter.ANY);
AdminClient adminClient = getClient();
//查询
DescribeAclsResult result = adminClient.describeAcls(aclBindingFilter);
Collection<AclBinding> gets = result.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name()); //输出当前Topic名
System.out.println(get.pattern().patternType());//输出当前写入模式
System.out.println(get.pattern().resourceType());//输出当前资源类型
System.out.println(get.entry().principal());//输出当前账户名
System.out.println(get.entry().permissionType());//输出允许类型
System.out.println(get.entry().operation());//输出操作
System.out.println("-------------------------");
}
System.out.println();
}catch(Exception e){
e.printStackTrace();
}
}
public static AdminClient getClient(){
Properties properties = new Properties();
properties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, "10.0.114.3:9092");
properties.put("connections.max.idle.ms", 10000);
properties.put("request.timeout.ms", 5000);
properties.put("security.protocol", "SASL_PLAINTEXT");
properties.put("sasl.mechanism", "PLAIN");
properties.put("sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=mooc password=moocpswd;");
AdminClient adminClient = AdminClient.create(properties);
return adminClient;
}
}