Merge pull request #683 from zalando/ARUHA-759-per-event-type-authz

Aruha 759 per event type authz

build.gradle

@@ -146,7 +146,7 @@ dependencies {
     compile "io.dropwizard.metrics:metrics-servlets:$dropwizardVersion"
     compile "io.dropwizard.metrics:metrics-jvm:$dropwizardVersion"
     compile 'org.apache.commons:commons-lang3:3.5'
-    compile 'org.zalando:nakadi-plugin-api:1.0.5'
+    compile 'org.zalando:nakadi-plugin-api:1.1.0'
     compile 'org.echocat.jomon:runtime:1.6.3'
 
     // kafka & zookeeper

src/main/java/org/zalando/nakadi/config/NakadiConfig.java

@@ -2,23 +2,16 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
-import org.springframework.core.io.DefaultResourceLoader;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.core.task.TaskExecutor;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.zalando.nakadi.domain.Storage;
-import org.zalando.nakadi.exceptions.runtime.DuplicatedStorageException;
 import org.zalando.nakadi.exceptions.InternalNakadiException;
-import org.zalando.nakadi.plugin.api.ApplicationService;
-import org.zalando.nakadi.plugin.api.ApplicationServiceFactory;
-import org.zalando.nakadi.plugin.api.SystemProperties;
+import org.zalando.nakadi.exceptions.runtime.DuplicatedStorageException;
 import org.zalando.nakadi.repository.db.StorageDbRepository;
 import org.zalando.nakadi.repository.zookeeper.ZooKeeperHolder;
 import org.zalando.nakadi.repository.zookeeper.ZooKeeperLockFactory;
@@ -39,27 +32,6 @@ public ZooKeeperLockFactory zooKeeperLockFactory(final ZooKeeperHolder zooKeeper
         return new ZooKeeperLockFactory(zooKeeperHolder);
     }
 
-    @Bean
-    public SystemProperties systemProperties(final ApplicationContext context) {
-        return name -> context.getEnvironment().getProperty(name);
-    }
-
-    @Bean
-    @SuppressWarnings("unchecked")
-    public ApplicationService applicationService(@Value("${nakadi.auth.plugin.factory}") final String factoryName,
-                                                 final SystemProperties systemProperties,
-                                                 final DefaultResourceLoader loader) {
-        try {
-            LOGGER.info("Initialize application service factory: " + factoryName);
-            final Class<ApplicationServiceFactory> factoryClass =
-                    (Class<ApplicationServiceFactory>) loader.getClassLoader().loadClass(factoryName);
-            final ApplicationServiceFactory factory = factoryClass.newInstance();
-            return factory.init(systemProperties);
-        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
-            throw new BeanCreationException("Can't create ApplicationService " + factoryName, e);
-        }
-    }
-
     @Bean
     @Qualifier("default_storage")
     public Storage defaultStorage(final StorageDbRepository storageDbRepository,

src/main/java/org/zalando/nakadi/config/PluginsConfig.java

@@ -0,0 +1,57 @@
+package org.zalando.nakadi.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.zalando.nakadi.plugin.api.ApplicationService;
+import org.zalando.nakadi.plugin.api.ApplicationServiceFactory;
+import org.zalando.nakadi.plugin.api.SystemProperties;
+import org.zalando.nakadi.plugin.api.authz.AuthorizationService;
+import org.zalando.nakadi.plugin.api.authz.AuthorizationServiceFactory;
+
+@Configuration
+public class PluginsConfig {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(PluginsConfig.class);
+
+    @Bean
+    public SystemProperties systemProperties(final ApplicationContext context) {
+        return name -> context.getEnvironment().getProperty(name);
+    }
+
+    @Bean
+    @SuppressWarnings("unchecked")
+    public ApplicationService applicationService(@Value("${nakadi.plugins.auth.factory}") final String factoryName,
+                                                 final SystemProperties systemProperties,
+                                                 final DefaultResourceLoader loader) {
+        try {
+            LOGGER.info("Initialize application service factory: " + factoryName);
+            final Class<ApplicationServiceFactory> factoryClass =
+                    (Class<ApplicationServiceFactory>) loader.getClassLoader().loadClass(factoryName);
+            final ApplicationServiceFactory factory = factoryClass.newInstance();
+            return factory.init(systemProperties);
+        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
+            throw new BeanCreationException("Can't create ApplicationService " + factoryName, e);
+        }
+    }
+
+    @Bean
+    public AuthorizationService authorizationService(@Value("${nakadi.plugins.authz.factory}") final String factoryName,
+                                                     final SystemProperties systemProperties,
+                                                     final DefaultResourceLoader loader) {
+        try {
+            LOGGER.info("Initialize per-resource authorization service factory: " + factoryName);
+            final Class<AuthorizationServiceFactory> factoryClass =
+                    (Class<AuthorizationServiceFactory>) loader.getClassLoader().loadClass(factoryName);
+            final AuthorizationServiceFactory factory = factoryClass.newInstance();
+            return factory.init(systemProperties);
+        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {
+            throw new BeanCreationException("Can't create AuthorizationService " + factoryName, e);
+        }
+    }
+}

src/main/java/org/zalando/nakadi/plugin/auth/DefaultAuthorizationService.java

@@ -0,0 +1,19 @@
+package org.zalando.nakadi.plugin.auth;
+
+import org.zalando.nakadi.plugin.api.authz.AuthorizationAttribute;
+import org.zalando.nakadi.plugin.api.authz.AuthorizationService;
+import org.zalando.nakadi.plugin.api.authz.Resource;
+import org.zalando.nakadi.plugin.api.authz.Subject;
+
+public class DefaultAuthorizationService implements AuthorizationService {
+
+    @Override
+    public boolean isAuthorized(final Subject subject, final Operation operation, final Resource resource) {
+        return true;
+    }
+
+    @Override
+    public boolean isAuthorizationAttributeValid(final AuthorizationAttribute authorizationAttribute) {
+        return true;
+    }
+}

src/main/java/org/zalando/nakadi/plugin/auth/DefaultAuthorizationServiceFactory.java

@@ -0,0 +1,13 @@
+package org.zalando.nakadi.plugin.auth;
+
+import org.zalando.nakadi.plugin.api.SystemProperties;
+import org.zalando.nakadi.plugin.api.authz.AuthorizationService;
+import org.zalando.nakadi.plugin.api.authz.AuthorizationServiceFactory;
+
+public class DefaultAuthorizationServiceFactory implements AuthorizationServiceFactory {
+
+    @Override
+    public AuthorizationService init(final SystemProperties systemProperties) {
+        return new DefaultAuthorizationService();
+    }
+}

src/main/resources/application.yml

@@ -78,9 +78,11 @@ nakadi:
       eventTypeWrite: nakadi.event_type.write
       eventStreamRead: nakadi.event_stream.read
       eventStreamWrite: nakadi.event_stream.write
-  auth:
-    plugin:
+  plugins:
+    auth:
       factory: org.zalando.nakadi.plugin.auth.DefaultApplicationServiceFactory
+    authz:
+      factory: org.zalando.nakadi.plugin.auth.DefaultAuthorizationServiceFactory
   event.max.bytes: 999000
   timeline.wait.timeoutMs: 40000
   subscription: