Google Git
Sign in
apache / pulsar-site / refs/heads/asf-site / . / content / ja / Authorization / index.html
blob: 02201cc22bf305aad1057b2b88e7161491e9bce5 [file] [log] [blame]
<!DOCTYPE html>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html>
<head>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<script type="text/javascript">
var shiftWindow = function() { scrollBy(0, -108) };
window.addEventListener("hashchange", shiftWindow);
window.addEventListener("pageshow", shiftWindow);
function load() { if (window.location.hash) shiftWindow(); }
</script>
<title>Pulsarにおける認可</title>
<meta charset="utf-8">
<link rel="stylesheet" href="/css/style.css">
<link rel="shortcut icon" href="/img/favicon.ico">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js"></script>
<script src="/js/jquery.tocify.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" integrity="sha384-vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk+02D9phzyeVkE+jo0ieGizqPLForn" crossorigin="anonymous"></script>
<script src="/js/jquery.scrollTo.min.js"></script>
<script async src="/js/main.js"></script>
</head>
<body class="body">
<main class="main">
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<nav class="navbar navbar-toggleable-md navbar-light sticky-top">
<button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse" data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="/">
<img class="main-logo" src="/img/pulsar-logo.png" alt="Pulsar logo">
</a>
<a class="navbar-nav"></a>
<div class="collapse navbar-collapse justify-content-end" id="navbarNavDropdown">
<ul class="navbar-nav">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="clientLibsDropdown" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Documentation</a>
<div class="dropdown-menu" aria-labelledby="documentationDropdown">
<a class="dropdown-item" href="/docs/latest/getting-started/LocalCluster">Latest</a>
<div class="dropdown-divider"></div>
<h3 class="dropdown-header">Stable release</h3>
<a class="dropdown-item" href="/docs/v1.19.0-incubating/getting-started/LocalCluster">1.19.0-incubating</a>
</div>
</li>
<li class="nav-item">
<a class="nav-link" href="/download">Download</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="clientLibsDropdown" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Client libraries
</a>
<div class="dropdown-menu" aria-labelledby="clientLibsDropdown">
<a class="dropdown-item" href="/docs/latest/clients/Java">
Java
</a>
<a class="dropdown-item" href="/docs/latest/clients/Python">
Python
</a>
<a class="dropdown-item" href="/docs/latest/clients/Cpp">
C++
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="/api/client">
Java client Javadoc
</a>
<a class="dropdown-item" href="/api/admin">
Java admin Javadoc
</a>
<a class="dropdown-item" href="/api/python">
Python API docs
</a>
<a class="dropdown-item" href="/api/cpp">
C++ API docs
</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="versionsDropdown" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Community
</a>
<div class="dropdown-menu dropdown-left" aria-labelledby="versionsDropdown">
<h3 class="dropdown-header">Get in touch</h3>
<a class="dropdown-item" href="/contact">Contact</a>
<a class="dropdown-item" href="https://twitter.com/Apache_Pulsar">Twitter</a>
<a class="dropdown-item" href="https://github.com/apache/incubator-pulsar/wiki">Wiki</a>
<a class="dropdown-item" href="https://github.com/apache/incubator-pulsar/issues">Issue tracking</a>
<div class="dropdown-divider"></div>
<h3 class="dropdown-header">Resources</h3>
<a class="dropdown-item" href="/presentations">Presentations</a>
<a class="dropdown-item" href="/team">Team</a>
<div class="dropdown-divider"></div>
<h3 class="dropdown-header">Apache</h3>
<a class="dropdown-item" href="http://www.apache.org/">The Apache Software Foundation</a>
<a class="dropdown-item" href="http://www.apache.org/licenses/">License</a>
<a class="dropdown-item" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
<a class="dropdown-item" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
<a class="dropdown-item" href="http://www.apache.org/security">Security</a>
</div>
</li>
</ul>
</div>
<a class="hidden-md-down" href="http://www.apache.org/">
<img class="asf-logo" title="Apache Software Foundation" src="/img/feather.png" />
</a>
</nav>
<!--
<nav class="navbar navbar-toggleable-md navbar-light" style="border: 1px solid red;">
<button class="navbar-toggler navbar-toggler-right" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="/">
<img src="/img/pulsar-logo.png" class="d-inline-block align-top" alt="Pulsar logo" height="40" width="60">
</a>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item active">
<a class="nav-link" href="#">Home <span class="sr-only">(current)</span></a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Link</a>
</li>
<li class="nav-item">
<a class="nav-link disabled" href="#">Disabled</a>
</li>
</ul>
</div>
</nav>-->
<main>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<div class="docs-container container-fluid">
<div class="row">
<nav class="sidebar-nav col-sm-3 col-lg-3">
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<ul class="sidebar">
<section class="sidebar-group">
<h4>Getting started</h4>
<ul>
<li><a href="/ja/GettingStarted/"><i class="fa fa-file-text-o"></i>Pulsar入門</a></li>
<li><a href="/ja/Architecture/"><i class="fa fa-file-text-o"></i>システム概要</a></li>
</ul>
</section>
<section class="sidebar-group">
<h4>運用管理</h4>
<ul>
<li><a href="/ja/ClusterSetup/"><i class="fa fa-file-text-o"></i>クラスタのセットアップ</a></li>
<li><a href="/ja/AdminTools/"><i class="fa fa-file-text-o"></i>adminツールとAPI</a></li>
</ul>
</section>
</ul>
</nav>
<article class="col-sm-7 col-lg-7">
<section class="docs-header">
<h1 class="docs-title">Pulsarにおける認可</h1>
<hr />
</section>
<section class="content">
<h2 id="認可モデル">認可モデル</h2>
<p>Pulsarにおいて、認証プロバイダは特定のクライアントを識別し<strong><em>ロール</em></strong>トークンと関連付けます。</p>
<p>ロールは単一または複数のクライアントを表す文字列で、<br />
これらのクライアントは、特定のトピックに対してproduceまたはconsumeを行う権限、または特定の<a href="Architecture.md#プロパティとネームスペース">プロパティ</a>の設定を管理する権限が付与されます。</p>
<h2 id="新規プロパティの作成">新規プロパティの作成</h2>
<p>Pulsarのプロパティはテナントを示す識別子で、一般的にPulsarインスタンスの管理者またはセルフサービスのポータルなどによって提供されます。</p>
<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>bin/pulsar-admin properties create my-property <span class="se">\</span>
--admin-roles my-admin-role <span class="se">\</span>
--allowed-clusters us-west,us-east
</code></pre>
</div>
<p>このコマンドはクラスタ<code class="highlighter-rouge">us-west</code><code class="highlighter-rouge">us-east</code>を利用可能な新規プロパティ<code class="highlighter-rouge">my-property</code>を作成します。</p>
<p>ロール<code class="highlighter-rouge">my-admin-role</code>と識別されたクライアントは、このプロパティ上での全ての管理操作が許可されます。</p>
<h2 id="ネームスペースの管理">ネームスペースの管理</h2>
<p>プロパティ管理者は指定されたクラスタ内に複数ネームスペースを作成できます。</p>
<div class="highlighter-rouge"><pre class="highlight"><code>$ bin/pulsar-admin namespaces create my-property/us-west/my-namespace
</code></pre>
</div>
<p>作成後、このネームスペースの利用権限の付与ができます:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>$ bin/pulsar-admin namespaces grant-permission \
my-property/us-west/my-namespace \
--role my-client-role \
--actions produce,consume
</code></pre>
</div>
<p>コマンド実行後、ロール<code class="highlighter-rouge">my-client-role</code>と識別されたクライアントは指定されたネームスペースのトピックを利用可能になります。</p>
<h2 id="スーパーユーザ">スーパーユーザ</h2>
<p>Pulsarでは、システムの<em>スーパーユーザ</em>を特定のロールに割り当てることができます。</p>
<p>スーパーユーザは全てのプロパティとネームスペースに対する全ての管理操作、および全てのトピックに対する発行と購読が許可されます。</p>
<p>スーパーユーザはBrokerの設定ファイル<code class="highlighter-rouge">conf/broker.conf</code>で設定されます:</p>
<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="nv">superUserRoles</span><span class="o">=</span>my-super-user-1,my-super-user-2
</code></pre>
</div>
<p>一般的に、スーパーユーザロールはadminクライアントやBroker間の認可で利用されます。<br />
ジオレプリケーションにおいては、各Brokerが他クラスタのトピックに発行できる必要があります。</p>
</section>
</article>
<nav class="toc-bar col-sm-2 col-lg-2">
<div id="toc"></div>
</nav>
</div>
</div>
</main>
</main>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<footer class="footer">
<div class="container">
<p class="text-center">Copyright 2017 The Apache Software Foundation. All Rights Reserved.</p>
</div>
</footer>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-102219959-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>