이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuring the Authorization filter

This procedure describes how to set up the Authorization filter by configuring it in Streams for Apache Kafka Proxy.

Prerequisites

An instance of Streams for Apache Kafka Proxy. For information on deploying Streams for Apache Kafka Proxy, see the Deploying and Managing Streams for Apache Kafka Proxy on OpenShift guide.

Procedure

Configure an Authorization type filter.
- In an OpenShift deployment using a KafkaProtocolFilter resource. See Section 4.1, “Example KafkaProtocolFilter resource”
Configure the ACL rules.
- In an OpenShift deployment use a ConfigMap resource. See Section 4.2, “Example ACL Rules”

4.1. Example KafkaProtocolFilter resource
링크 복사

If your instance of Streams for Apache Kafka Proxy runs on OpenShift, you must use a KafkaProtocolFilter resource to contain the filter configuration.

Here’s a complete example of a KafkaProtocolFilter resource configured for authorization:

kind: KafkaProtocolFilter
metadata:
  name: my-authorization
spec:
  type: Authorization
  configTemplate:
    authorizer: AclAuthorizerService
    authorizerConfig:
      aclFile: ${configmap:acl-rules:acl-rules.txt}

kind: KafkaProtocolFilter
metadata:
  name: my-authorization
spec:
  type: Authorization
  configTemplate:
    authorizer: AclAuthorizerService
    authorizerConfig:
      aclFile: ${configmap:acl-rules:acl-rules.txt}

Copy to Clipboard

Toggle word wrap

authorizer is the name of the authorizer service implementation. Currently, this must be AclAuthorizerService.
aclFile is the reference file containing the ACL rules. You can use an interpolation reference to reference rules stored within a Kubernetes ConfigMap or Secret resource.

4.2. Example ACL Rules
링크 복사

If your instance of Streams for Apache Kafka Proxy runs on OpenShift, you must use a ConfigMap resource to contain the ACL rules.

Here’s a complete example of a ConfigMap resource configured for authorization:

Example ConfigMap resource containing the ACL rules

apiVersion: v1
kind: ConfigMap
metadata:
  name: acl-rules
data:
  acl-rules.txt: |
    from io.kroxylicious.filter.authorization import TopicResource as Topic;
    deny User with name = "alice" to * Topic with name = "payments-received";
    allow User with name = "alice" to * Topic with name like "payments-*";
    allow User with name = "bob" to * Topic with name = "payments-received";
    otherwise deny;

apiVersion: v1
kind: ConfigMap
metadata:
  name: acl-rules
data:
  acl-rules.txt: |
    from io.kroxylicious.filter.authorization import TopicResource as Topic;
    deny User with name = "alice" to * Topic with name = "payments-received";
    allow User with name = "alice" to * Topic with name like "payments-*";
    allow User with name = "bob" to * Topic with name = "payments-received";
    otherwise deny;

Copy to Clipboard

Toggle word wrap

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuring the Authorization filter

4.1. Example KafkaProtocolFilter resource
링크 복사

4.2. Example ACL Rules
링크 복사

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuring the Authorization filter

4.1. Example KafkaProtocolFilter resource링크 복사링크가 클립보드에 복사되었습니다!

4.2. Example ACL Rules링크 복사링크가 클립보드에 복사되었습니다!

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

4.1. Example KafkaProtocolFilter resource
링크 복사

4.2. Example ACL Rules
링크 복사