Examples with ACLProvider org.apache.curator.framework.api.ACLProvider used on opensource projects

Example 1 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project exhibitor by soabase.

the class ExhibitorCreator method getAclProvider.

private ACLProvider getAclProvider(ExhibitorCLI cli, String aclId, String aclScheme, String aclPerms) throws ExhibitorCreatorExit {
    int perms;
    if (notNullOrEmpty(aclPerms)) {
        perms = 0;
        for (String verb : aclPerms.split(",")) {
            verb = verb.trim();
            if (verb.equalsIgnoreCase("read")) {
                perms |= ZooDefs.Perms.READ;
            } else if (verb.equalsIgnoreCase("write")) {
                perms |= ZooDefs.Perms.WRITE;
            } else if (verb.equalsIgnoreCase("create")) {
                perms |= ZooDefs.Perms.CREATE;
            } else if (verb.equalsIgnoreCase("delete")) {
                perms |= ZooDefs.Perms.DELETE;
            } else if (verb.equalsIgnoreCase("admin")) {
                perms |= ZooDefs.Perms.ADMIN;
            } else {
                log.error("Unknown ACL perm value: " + verb);
                throw new ExhibitorCreatorExit(cli);
            }
        }
    } else {
        perms = ZooDefs.Perms.ALL;
    }
    if (aclId == null) {
        aclId = "";
    }
    if (aclScheme == null) {
        aclScheme = "";
    }
    final ACL acl = new ACL(perms, new Id(aclScheme, aclId));
    return new ACLProvider() {

        @Override
        public List<ACL> getDefaultAcl() {
            return Collections.singletonList(acl);
        }

        @Override
        public List<ACL> getAclForPath(String path) {
            return Collections.singletonList(acl);
        }
    };
}

Example 2 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project helios by spotify.

the class MasterService method setupZookeeperClient.

/**
   * Create a Zookeeper client and create the control and state nodes if needed.
   *
   * @param config The service configuration.
   * @return A zookeeper client.
   */
private ZooKeeperClient setupZookeeperClient(final MasterConfig config) {
    ACLProvider aclProvider = null;
    List<AuthInfo> authorization = null;
    final String masterUser = config.getZookeeperAclMasterUser();
    final String masterPassword = config.getZooKeeperAclMasterPassword();
    final String agentUser = config.getZookeeperAclAgentUser();
    final String agentDigest = config.getZooKeeperAclAgentDigest();
    if (!isNullOrEmpty(masterPassword)) {
        if (isNullOrEmpty(masterUser)) {
            throw new HeliosRuntimeException("Master username must be set if a password is set");
        }
        authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", masterUser, masterPassword).getBytes()));
    }
    if (config.isZooKeeperEnableAcls()) {
        if (isNullOrEmpty(masterUser) || isNullOrEmpty(masterPassword)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but master username and/or password not set");
        }
        if (isNullOrEmpty(agentUser) || isNullOrEmpty(agentDigest)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but agent username and/or digest not set");
        }
        aclProvider = heliosAclProvider(masterUser, digest(masterUser, masterPassword), agentUser, agentDigest);
    }
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = curatorClientFactory.newClient(config.getZooKeeperConnectionString(), config.getZooKeeperSessionTimeoutMillis(), config.getZooKeeperConnectionTimeoutMillis(), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, config.getZooKeeperClusterId());
    client.start();
    zkRegistrar = ZooKeeperRegistrarService.newBuilder().setZooKeeperClient(client).setZooKeeperRegistrar(new MasterZooKeeperRegistrar(config.getName())).build();
    // place where we have access to the ACL provider.
    if (aclProvider != null) {
        // effects are limited to a spurious log line.
        try {
            final List<ACL> curAcls = client.getAcl("/");
            final List<ACL> wantedAcls = aclProvider.getAclForPath("/");
            if (!Sets.newHashSet(curAcls).equals(Sets.newHashSet(wantedAcls))) {
                log.info("Current ACL's on the zookeeper root node differ from desired, updating: {} -> {}", curAcls, wantedAcls);
                client.getCuratorFramework().setACL().withACL(wantedAcls).forPath("/");
            }
        } catch (Exception e) {
            log.error("Failed to get/set ACLs on the zookeeper root node", e);
        }
    }
    return client;
}

Example 3 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project helios by spotify.

the class ZooKeeperAclInitializer method initializeAcl.

static void initializeAcl(final String zooKeeperConnectionString, final String zooKeeperClusterId, final String masterUser, final String masterPassword, final String agentUser, final String agentPassword) throws KeeperException {
    final ACLProvider aclProvider = heliosAclProvider(masterUser, digest(masterUser, masterPassword), agentUser, digest(agentUser, agentPassword));
    final List<AuthInfo> authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", masterUser, masterPassword).getBytes()));
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = new CuratorClientFactoryImpl().newClient(zooKeeperConnectionString, (int) TimeUnit.SECONDS.toMillis(60), (int) TimeUnit.SECONDS.toMillis(15), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, zooKeeperClusterId);
    try {
        client.start();
        initializeAclRecursive(client, "/", aclProvider);
    } finally {
        client.close();
    }
}

Example 4 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project incubator-atlas by apache.

the class CuratorFactoryTest method shouldAddAclProviderWithRightACL.

@Test
public void shouldAddAclProviderWithRightACL() {
    when(zookeeperProperties.hasAcl()).thenReturn(true);
    when(zookeeperProperties.getAcl()).thenReturn("sasl:myclient@EXAMPLE.COM");
    when(zookeeperProperties.hasAuth()).thenReturn(false);
    CuratorFactory curatorFactory = new CuratorFactory(configuration) {

        @Override
        protected void initializeCuratorFramework() {
        }
    };
    curatorFactory.enhanceBuilderWithSecurityParameters(zookeeperProperties, builder);
    verify(builder).aclProvider(argThat(new ArgumentMatcher<ACLProvider>() {

        @Override
        public boolean matches(Object o) {
            ACLProvider aclProvider = (ACLProvider) o;
            ACL acl = aclProvider.getDefaultAcl().get(0);
            return acl.getId().getId().equals("myclient@EXAMPLE.COM") && acl.getId().getScheme().equals("sasl");
        }
    }));
}

Example 5 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project incubator-atlas by apache.

the class CuratorFactory method enhanceBuilderWithSecurityParameters.

@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
    ACLProvider aclProvider = getAclProvider(zookeeperProperties);
    AuthInfo authInfo = null;
    if (zookeeperProperties.hasAuth()) {
        authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
    }
    if (aclProvider != null) {
        LOG.info("Setting up acl provider.");
        builder.aclProvider(aclProvider);
        if (authInfo != null) {
            byte[] auth = authInfo.getAuth();
            LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
            builder.authorization(authInfo.getScheme(), auth);
        }
    }
}