Package org.apache.kafka.server.authorizer

Class Action

java.lang.Object

org.apache.kafka.server.authorizer.Action

@Evolving
public class Action
extends Object

Constructor Summary

Constructors

Constructor	Description
Action(AclOperation operation, ResourcePattern resourcePattern, int resourceReferenceCount, boolean logIfAllowed, boolean logIfDenied)

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
int	hashCode()
boolean	logIfAllowed()	Indicates if audit logs tracking ALLOWED access should include this action if result is ALLOWED.
boolean	logIfDenied()	Indicates if audit logs tracking DENIED access should include this action if result is DENIED.
AclOperation	operation()
ResourcePattern	resourcePattern()
int	resourceReferenceCount()	Number of times the resource being authorized is referenced within the request.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

Action

public Action(AclOperation operation,
 ResourcePattern resourcePattern,
 int resourceReferenceCount,
 boolean logIfAllowed,
 boolean logIfDenied)

Parameters:

operation - non-null operation being performed

resourcePattern - non-null resource pattern on which this action is being performed

Method Details

resourcePattern

public ResourcePattern resourcePattern()

Returns:

a non-null resource pattern on which this action is being performed

operation

public AclOperation operation()

Returns:

a non-null operation being performed

logIfAllowed

public boolean logIfAllowed()

Indicates if audit logs tracking ALLOWED access should include this action if result is ALLOWED. The flag is true if access to a resource is granted while processing the request as a result of this authorization. The flag is false only for requests used to describe access where no operation on the resource is actually performed based on the authorization result.

logIfDenied

public boolean logIfDenied()

Indicates if audit logs tracking DENIED access should include this action if result is DENIED. The flag is true if access to a resource was explicitly requested and request is denied as a result of this authorization request. The flag is false if request was filtering out authorized resources (e.g. to subscribe to regex pattern). The flag is also false if this is an optional authorization where an alternative resource authorization is applied if this fails (e.g. Cluster:Create which is subsequently overridden by Topic:Create).

resourceReferenceCount

public int resourceReferenceCount()

Number of times the resource being authorized is referenced within the request. For example, a single request may reference `n` topic partitions of the same topic. Brokers will authorize the topic once with `resourceReferenceCount=n`. Authorizers may include the count in audit logs.

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object