Package com.linkedin.venice.controller.server

Class VeniceControllerAccessManager

java.lang.Object

com.linkedin.venice.controller.server.VeniceControllerAccessManager

public class VeniceControllerAccessManager
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	UNKNOWN_USER

Constructor Summary

Constructors

Constructor	Description
VeniceControllerAccessManager(DynamicAccessController accessController)

Method Summary

Modifier and Type	Method	Description
String	getPrincipalId(X509Certificate x509Certificate)
protected boolean	hasAccess(String resourceName, X509Certificate x509Certificate, Method accessMethod, String requesterHostname, String requesterIp)	Checks whether the user certificate in the request grants access of the specified Method type to the given resource.
boolean	hasAccessToStore(String resourceName, X509Certificate x509Certificate, String requesterHostname, String requesterIp)
boolean	hasReadAccessToPubSubTopic(String resourceName, X509Certificate x509Certificate, String requesterHostname, String requesterIp)
boolean	hasWriteAccessToPubSubTopic(String resourceName, X509Certificate x509Certificate, String requesterHostname, String requesterIp)
protected boolean	isAclEnabled()
boolean	isAllowListUser(String resourceName, X509Certificate x509Certificate)	Check whether the user is within the admin users allowlist.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

UNKNOWN_USER

protected static final String UNKNOWN_USER

See Also:

• Constant Field Values

Constructor Details

VeniceControllerAccessManager

public VeniceControllerAccessManager(DynamicAccessController accessController)

Method Details

hasAccess

protected boolean hasAccess(@Nonnull
 String resourceName,
 @Nullable
 X509Certificate x509Certificate,
 @Nonnull
 Method accessMethod,
 @Nullable
 String requesterHostname,
 @Nullable
 String requesterIp)

Checks whether the user certificate in the request grants access of the specified Method type to the given resource.

Parameters:

resourceName - The name of the resource to access.

x509Certificate - The user's X.509 certificate (nullable).

accessMethod - The method of access (e.g., GET, POST).

requesterHostname - The hostname of the requester (optional).

requesterIp - The IP address of the requester (optional).

Returns:

true if access is granted; false otherwise.

hasWriteAccessToPubSubTopic

public boolean hasWriteAccessToPubSubTopic(String resourceName,
 X509Certificate x509Certificate,
 String requesterHostname,
 String requesterIp)

hasReadAccessToPubSubTopic

public boolean hasReadAccessToPubSubTopic(String resourceName,
 X509Certificate x509Certificate,
 String requesterHostname,
 String requesterIp)

hasAccessToStore

public boolean hasAccessToStore(String resourceName,
 X509Certificate x509Certificate,
 String requesterHostname,
 String requesterIp)

isAllowListUser

public boolean isAllowListUser(String resourceName,
 X509Certificate x509Certificate)

Check whether the user is within the admin users allowlist.

getPrincipalId

public String getPrincipalId(X509Certificate x509Certificate)

isAclEnabled

protected boolean isAclEnabled()

Returns:

whether ACL check is enabled.