maojian
/
MTtranslateService
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
m2m模型翻译
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
48 MiB
Tree: 6f05e59e9b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f05e59e9b'
${ noResults }
MTtranslateService/Lib/site-packages/kafka/admin/acl_resource.py

244 lines
8.1 KiB
Raw Normal View History

m2m模型翻译
6 months ago
  1. from __future__ import absolute_import
  2. from kafka.errors import IllegalArgumentError
  4. # enum in stdlib as of py3.4
  5. try:
  6. from enum import IntEnum # pylint: disable=import-error
  7. except ImportError:
  8. # vendored backport module
  9. from kafka.vendor.enum34 import IntEnum
  12. class ResourceType(IntEnum):
  13. """Type of kafka resource to set ACL for
  15. The ANY value is only valid in a filter context
  16. """
  18. UNKNOWN = 0,
  19. ANY = 1,
  20. CLUSTER = 4,
  21. DELEGATION_TOKEN = 6,
  22. GROUP = 3,
  23. TOPIC = 2,
  24. TRANSACTIONAL_ID = 5
  27. class ACLOperation(IntEnum):
  28. """Type of operation
  30. The ANY value is only valid in a filter context
  31. """
  33. ANY = 1,
  34. ALL = 2,
  35. READ = 3,
  36. WRITE = 4,
  37. CREATE = 5,
  38. DELETE = 6,
  39. ALTER = 7,
  40. DESCRIBE = 8,
  41. CLUSTER_ACTION = 9,
  42. DESCRIBE_CONFIGS = 10,
  43. ALTER_CONFIGS = 11,
  44. IDEMPOTENT_WRITE = 12
  47. class ACLPermissionType(IntEnum):
  48. """An enumerated type of permissions
  50. The ANY value is only valid in a filter context
  51. """
  53. ANY = 1,
  54. DENY = 2,
  55. ALLOW = 3
  58. class ACLResourcePatternType(IntEnum):
  59. """An enumerated type of resource patterns
  61. More details on the pattern types and how they work
  62. can be found in KIP-290 (Support for prefixed ACLs)
  63. https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs
  64. """
  66. ANY = 1,
  67. MATCH = 2,
  68. LITERAL = 3,
  69. PREFIXED = 4
  72. class ACLFilter(object):
  73. """Represents a filter to use with describing and deleting ACLs
  75. The difference between this class and the ACL class is mainly that
  76. we allow using ANY with the operation, permission, and resource type objects
  77. to fetch ALCs matching any of the properties.
  79. To make a filter matching any principal, set principal to None
  80. """
  82. def __init__(
  83. self,
  84. principal,
  85. host,
  86. operation,
  87. permission_type,
  88. resource_pattern
  89. ):
  90. self.principal = principal
  91. self.host = host
  92. self.operation = operation
  93. self.permission_type = permission_type
  94. self.resource_pattern = resource_pattern
  96. self.validate()
  98. def validate(self):
  99. if not isinstance(self.operation, ACLOperation):
  100. raise IllegalArgumentError("operation must be an ACLOperation object, and cannot be ANY")
  101. if not isinstance(self.permission_type, ACLPermissionType):
  102. raise IllegalArgumentError("permission_type must be an ACLPermissionType object, and cannot be ANY")
  103. if not isinstance(self.resource_pattern, ResourcePatternFilter):
  104. raise IllegalArgumentError("resource_pattern must be a ResourcePatternFilter object")
  106. def __repr__(self):
  107. return "<ACL principal={principal}, resource={resource}, operation={operation}, type={type}, host={host}>".format(
  108. principal=self.principal,
  109. host=self.host,
  110. operation=self.operation.name,
  111. type=self.permission_type.name,
  112. resource=self.resource_pattern
  113. )
  115. def __eq__(self, other):
  116. return all((
  117. self.principal == other.principal,
  118. self.host == other.host,
  119. self.operation == other.operation,
  120. self.permission_type == other.permission_type,
  121. self.resource_pattern == other.resource_pattern
  122. ))
  124. def __hash__(self):
  125. return hash((
  126. self.principal,
  127. self.host,
  128. self.operation,
  129. self.permission_type,
  130. self.resource_pattern,
  131. ))
  134. class ACL(ACLFilter):
  135. """Represents a concrete ACL for a specific ResourcePattern
  137. In kafka an ACL is a 4-tuple of (principal, host, operation, permission_type)
  138. that limits who can do what on a specific resource (or since KIP-290 a resource pattern)
  140. Terminology:
  141. Principal -> This is the identifier for the user. Depending on the authorization method used (SSL, SASL etc)
  142. the principal will look different. See http://kafka.apache.org/documentation/#security_authz for details.
  143. The principal must be on the format "User:<name>" or kafka will treat it as invalid. It's possible to use
  144. other principal types than "User" if using a custom authorizer for the cluster.
  145. Host -> This must currently be an IP address. It cannot be a range, and it cannot be a domain name.
  146. It can be set to "*", which is special cased in kafka to mean "any host"
  147. Operation -> Which client operation this ACL refers to. Has different meaning depending
  148. on the resource type the ACL refers to. See https://docs.confluent.io/current/kafka/authorization.html#acl-format
  149. for a list of which combinations of resource/operation that unlocks which kafka APIs
  150. Permission Type: Whether this ACL is allowing or denying access
  151. Resource Pattern -> This is a representation of the resource or resource pattern that the ACL
  152. refers to. See the ResourcePattern class for details.
  154. """
  156. def __init__(
  157. self,
  158. principal,
  159. host,
  160. operation,
  161. permission_type,
  162. resource_pattern
  163. ):
  164. super(ACL, self).__init__(principal, host, operation, permission_type, resource_pattern)
  165. self.validate()
  167. def validate(self):
  168. if self.operation == ACLOperation.ANY:
  169. raise IllegalArgumentError("operation cannot be ANY")
  170. if self.permission_type == ACLPermissionType.ANY:
  171. raise IllegalArgumentError("permission_type cannot be ANY")
  172. if not isinstance(self.resource_pattern, ResourcePattern):
  173. raise IllegalArgumentError("resource_pattern must be a ResourcePattern object")
  176. class ResourcePatternFilter(object):
  177. def __init__(
  178. self,
  179. resource_type,
  180. resource_name,
  181. pattern_type
  182. ):
  183. self.resource_type = resource_type
  184. self.resource_name = resource_name
  185. self.pattern_type = pattern_type
  187. self.validate()
  189. def validate(self):
  190. if not isinstance(self.resource_type, ResourceType):
  191. raise IllegalArgumentError("resource_type must be a ResourceType object")
  192. if not isinstance(self.pattern_type, ACLResourcePatternType):
  193. raise IllegalArgumentError("pattern_type must be an ACLResourcePatternType object")
  195. def __repr__(self):
  196. return "<ResourcePattern type={}, name={}, pattern={}>".format(
  197. self.resource_type.name,
  198. self.resource_name,
  199. self.pattern_type.name
  200. )
  202. def __eq__(self, other):
  203. return all((
  204. self.resource_type == other.resource_type,
  205. self.resource_name == other.resource_name,
  206. self.pattern_type == other.pattern_type,
  207. ))
  209. def __hash__(self):
  210. return hash((
  211. self.resource_type,
  212. self.resource_name,
  213. self.pattern_type
  214. ))
  217. class ResourcePattern(ResourcePatternFilter):
  218. """A resource pattern to apply the ACL to
  220. Resource patterns are used to be able to specify which resources an ACL
  221. describes in a more flexible way than just pointing to a literal topic name for example.
  222. Since KIP-290 (kafka 2.0) it's possible to set an ACL for a prefixed resource name, which
  223. can cut down considerably on the number of ACLs needed when the number of topics and
  224. consumer groups start to grow.
  225. The default pattern_type is LITERAL, and it describes a specific resource. This is also how
  226. ACLs worked before the introduction of prefixed ACLs
  227. """
  229. def __init__(
  230. self,
  231. resource_type,
  232. resource_name,
  233. pattern_type=ACLResourcePatternType.LITERAL
  234. ):
  235. super(ResourcePattern, self).__init__(resource_type, resource_name, pattern_type)
  236. self.validate()
  238. def validate(self):
  239. if self.resource_type == ResourceType.ANY:
  240. raise IllegalArgumentError("resource_type cannot be ANY")
  241. if self.pattern_type in [ACLResourcePatternType.ANY, ACLResourcePatternType.MATCH]:
  242. raise IllegalArgumentError(
  243. "pattern_type cannot be {} on a concrete ResourcePattern".format(self.pattern_type.name)
  244. )