use of org.apache.zookeeper.data.ACL in project hive by apache.
the class TestZooKeeperTokenStore method testAclInvalid.
public void testAclInvalid() throws Exception {
String ZK_PATH = "/zktokenstore-testAclInvalid";
String aclString = "sasl:hive/host@TEST.DOMAIN:cdrwa, fail-parse-ignored";
Configuration conf = createConf(ZK_PATH);
conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL, aclString);
List<ACL> aclList = ZooKeeperTokenStore.parseACLs(aclString);
assertEquals(1, aclList.size());
ts = new ZooKeeperTokenStore();
try {
ts.setConf(conf);
ts.init(null, ServerMode.METASTORE);
fail("expected ACL exception");
} catch (DelegationTokenStore.TokenStoreException e) {
assertEquals(KeeperException.InvalidACLException.class, e.getCause().getClass());
}
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class SaslAuthTest method testValidSaslIds.
@Test
public void testValidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> validIds = new ArrayList<String>();
validIds.add("user");
validIds.add("service/host.name.com");
validIds.add("user@KERB.REALM");
validIds.add("service/host.name.com@KERB.REALM");
int i = 0;
for (String validId : validIds) {
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(0, new Id("sasl", validId));
aclList.add(acl);
zk.create("/valid" + i, null, aclList, CreateMode.PERSISTENT);
i++;
}
}
use of org.apache.zookeeper.data.ACL in project storm by apache.
the class AdminCommands method initialize.
private static void initialize() {
conf = ConfigUtils.readStormConfig();
nimbusBlobStore = Utils.getNimbusBlobStore(conf, NimbusInfo.fromConf(conf));
List<String> servers = (List<String>) conf.get(Config.STORM_ZOOKEEPER_SERVERS);
Object port = conf.get(Config.STORM_ZOOKEEPER_PORT);
List<ACL> acls = null;
if (Utils.isZkAuthenticationConfiguredStormServer(conf)) {
acls = adminZkAcls();
}
try {
stormClusterState = ClusterUtils.mkStormClusterState(conf, acls, new ClusterStateContext(DaemonType.NIMBUS));
} catch (Exception e) {
LOG.error("admin can't create stormClusterState");
new RuntimeException(e);
}
CuratorFramework zk = Zookeeper.mkClient(conf, servers, port, "", new DefaultWatcherCallBack(), conf);
}
use of org.apache.zookeeper.data.ACL in project hbase by apache.
the class TestZooKeeper method testCreateSilentIsReallySilent.
/**
* A test for HBASE-3238
* @throws IOException A connection attempt to zk failed
* @throws InterruptedException One of the non ZKUtil actions was interrupted
* @throws KeeperException Any of the zookeeper connections had a
* KeeperException
*/
@Test
public void testCreateSilentIsReallySilent() throws InterruptedException, KeeperException, IOException {
Configuration c = TEST_UTIL.getConfiguration();
String aclZnode = "/aclRoot";
String quorumServers = ZKConfig.getZKQuorumServersString(c);
// 5 seconds
int sessionTimeout = 5 * 1000;
ZooKeeper zk = new ZooKeeper(quorumServers, sessionTimeout, EmptyWatcher.instance);
zk.addAuthInfo("digest", "hbase:rox".getBytes());
// Assumes the root of the ZooKeeper space is writable as it creates a node
// wherever the cluster home is defined.
ZooKeeperWatcher zk2 = new ZooKeeperWatcher(TEST_UTIL.getConfiguration(), "testCreateSilentIsReallySilent", null);
// Save the previous ACL
Stat s = null;
List<ACL> oldACL = null;
while (true) {
try {
s = new Stat();
oldACL = zk.getACL("/", s);
break;
} catch (KeeperException e) {
switch(e.code()) {
case CONNECTIONLOSS:
case SESSIONEXPIRED:
case OPERATIONTIMEOUT:
LOG.warn("Possibly transient ZooKeeper exception", e);
Threads.sleep(100);
break;
default:
throw e;
}
}
}
// Add retries in case of retryable zk exceptions.
while (true) {
try {
zk.setACL("/", ZooDefs.Ids.CREATOR_ALL_ACL, -1);
break;
} catch (KeeperException e) {
switch(e.code()) {
case CONNECTIONLOSS:
case SESSIONEXPIRED:
case OPERATIONTIMEOUT:
LOG.warn("Possibly transient ZooKeeper exception: " + e);
Threads.sleep(100);
break;
default:
throw e;
}
}
}
while (true) {
try {
zk.create(aclZnode, null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT);
break;
} catch (KeeperException e) {
switch(e.code()) {
case CONNECTIONLOSS:
case SESSIONEXPIRED:
case OPERATIONTIMEOUT:
LOG.warn("Possibly transient ZooKeeper exception: " + e);
Threads.sleep(100);
break;
default:
throw e;
}
}
}
zk.close();
ZKUtil.createAndFailSilent(zk2, aclZnode);
// Restore the ACL
ZooKeeper zk3 = new ZooKeeper(quorumServers, sessionTimeout, EmptyWatcher.instance);
zk3.addAuthInfo("digest", "hbase:rox".getBytes());
try {
zk3.setACL("/", oldACL, -1);
} finally {
zk3.close();
}
}
use of org.apache.zookeeper.data.ACL in project hive by apache.
the class ZooKeeperTokenStore method parseACLs.
/**
* Parse comma separated list of ACL entries to secure generated nodes, e.g.
* <code>sasl:hive/host1@MY.DOMAIN:cdrwa,sasl:hive/host2@MY.DOMAIN:cdrwa</code>
* @param aclString
* @return ACL list
*/
public static List<ACL> parseACLs(String aclString) {
String[] aclComps = StringUtils.splitByWholeSeparator(aclString, ",");
List<ACL> acl = new ArrayList<ACL>(aclComps.length);
for (String a : aclComps) {
if (StringUtils.isBlank(a)) {
continue;
}
a = a.trim();
// from ZooKeeperMain private method
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
LOGGER.error(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}
Aggregations