use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.
the class TestZKAccessControlManager method testZKAccessControlManager.
@Test(timeout = 60000)
public void testZKAccessControlManager() throws Exception {
String zkRootPath = "/test-zk-access-control-manager";
String stream1 = "test-acm-1";
String stream2 = "test-acm-2";
logger.info("Creating ACL Manager for {}", zkRootPath);
ZKAccessControlManager zkcm = new ZKAccessControlManager(conf, zkc, zkRootPath, executorService);
logger.info("Created ACL Manager for {}", zkRootPath);
try {
verifyStreamPermissions(zkcm, stream1, true, true, true, true, true);
// create stream1 (denyDelete = true)
String zkPath1 = zkRootPath + "/" + stream1;
AccessControlEntry ace1 = new AccessControlEntry();
ace1.setDenyDelete(true);
ZKAccessControl accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Create ACL for stream {} : {}", stream1, accessControl1);
while (zkcm.allowDelete(stream1)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, true, true, true, false, true);
// update stream1 (denyDelete = false, denyWrite = true)
ace1 = new AccessControlEntry();
ace1.setDenyWrite(true);
accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
// create stream2 (denyTruncate = true)
String zkPath2 = zkRootPath + "/" + stream2;
AccessControlEntry ace2 = new AccessControlEntry();
ace2.setDenyTruncate(true);
ZKAccessControl accessControl2 = new ZKAccessControl(ace2, zkPath2);
setACL(accessControl2);
logger.info("Create ACL for stream {} : {}", stream2, accessControl2);
while (zkcm.allowWrite(stream1)) {
Thread.sleep(100);
}
while (zkcm.allowTruncate(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
verifyStreamPermissions(zkcm, stream2, true, false, true, true, true);
// delete stream2
Await.result(ZKAccessControl.delete(zkc, zkPath2));
logger.info("Delete ACL for stream {}", stream2);
while (!zkcm.allowTruncate(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
verifyStreamPermissions(zkcm, stream2, true, true, true, true, true);
// expire session
ZooKeeperClientUtils.expireSession(zkc, zkServers, 1000);
// update stream1 (denyDelete = false, denyWrite = true)
ace1 = new AccessControlEntry();
ace1.setDenyRelease(true);
accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
// create stream2 (denyTruncate = true)
ace2 = new AccessControlEntry();
ace2.setDenyAcquire(true);
accessControl2 = new ZKAccessControl(ace2, zkPath2);
setACL(accessControl2);
logger.info("Created ACL for stream {} again : {}", stream2, accessControl2);
while (zkcm.allowRelease(stream1)) {
Thread.sleep(100);
}
while (zkcm.allowAcquire(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, true, true, false, true, true);
verifyStreamPermissions(zkcm, stream2, true, true, true, true, false);
} finally {
zkcm.close();
}
}
use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.
the class ZKAccessControl method deserialize.
static AccessControlEntry deserialize(String zkPath, byte[] data) throws IOException {
if (data.length == 0) {
return DEFAULT_ACCESS_CONTROL_ENTRY;
}
AccessControlEntry ace = new AccessControlEntry();
TMemoryInputTransport transport = new TMemoryInputTransport(data);
TJSONProtocol protocol = new TJSONProtocol(transport);
try {
ace.read(protocol);
} catch (TException e) {
throw new CorruptedAccessControlException(zkPath, e);
}
return ace;
}
use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.
the class TestDistributedLogServer method testRequestDenied.
@Test(timeout = 60000)
public void testRequestDenied() throws Exception {
String name = "request-denied";
dlClient.routingService.addHost(name, dlServer.getAddress());
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyWrite(true);
ZooKeeperClient zkc = TestZooKeeperClientBuilder.newBuilder().uri(getUri()).connectionTimeoutMs(60000).sessionTimeoutMs(60000).build();
DistributedLogNamespace dlNamespace = dlServer.dlServer.getLeft().getDistributedLogNamespace();
BKDLConfig bkdlConfig = BKDLConfig.resolveDLConfig(zkc, getUri());
String zkPath = getUri().getPath() + "/" + bkdlConfig.getACLRootPath() + "/" + name;
ZKAccessControl accessControl = new ZKAccessControl(ace, zkPath);
accessControl.create(zkc);
AccessControlManager acm = dlNamespace.createAccessControlManager();
while (acm.allowWrite(name)) {
Thread.sleep(100);
}
try {
Await.result(dlClient.dlClient.write(name, ByteBuffer.wrap("1".getBytes(UTF_8))));
fail("Should fail with request denied exception");
} catch (DLException dle) {
assertEquals(StatusCode.REQUEST_DENIED, dle.getCode());
}
}
use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.
the class TestZKAccessControl method testCreateZKAccessControl.
@Test(timeout = 60000)
public void testCreateZKAccessControl() throws Exception {
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyWrite(true);
String zkPath = "/create-zk-access-control";
ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
Await.result(zkac.create(zkc));
ZKAccessControl readZKAC = Await.result(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(zkac, readZKAC);
ZKAccessControl another = new ZKAccessControl(ace, zkPath);
try {
Await.result(another.create(zkc));
} catch (KeeperException.NodeExistsException ke) {
// expected
}
}
use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.
the class TestZKAccessControl method testUpdateZKAccessControl.
@Test(timeout = 60000)
public void testUpdateZKAccessControl() throws Exception {
String zkPath = "/update-zk-access-control";
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyDelete(true);
ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
Await.result(zkac.create(zkc));
ZKAccessControl readZKAC = Await.result(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(zkac, readZKAC);
ace.setDenyRelease(true);
ZKAccessControl newZKAC = new ZKAccessControl(ace, zkPath);
Await.result(newZKAC.update(zkc));
ZKAccessControl readZKAC2 = Await.result(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(newZKAC, readZKAC2);
try {
Await.result(readZKAC.update(zkc));
} catch (KeeperException.BadVersionException bve) {
// expected
}
readZKAC2.accessControlEntry.setDenyTruncate(true);
Await.result(readZKAC2.update(zkc));
ZKAccessControl readZKAC3 = Await.result(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(readZKAC2, readZKAC3);
}
Aggregations