Search in sources :

Example 1 with AccessControlEntry

use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.

the class TestZKAccessControlManager method testZKAccessControlManager.

@Test(timeout = 60000)
public void testZKAccessControlManager() throws Exception {
    String zkRootPath = "/test-zk-access-control-manager";
    String stream1 = "test-acm-1";
    String stream2 = "test-acm-2";
    logger.info("Creating ACL Manager for {}", zkRootPath);
    ZKAccessControlManager zkcm = new ZKAccessControlManager(conf, zkc, zkRootPath, executorService);
    logger.info("Created ACL Manager for {}", zkRootPath);
    try {
        verifyStreamPermissions(zkcm, stream1, true, true, true, true, true);
        // create stream1 (denyDelete = true)
        String zkPath1 = zkRootPath + "/" + stream1;
        AccessControlEntry ace1 = new AccessControlEntry();
        ace1.setDenyDelete(true);
        ZKAccessControl accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Create ACL for stream {} : {}", stream1, accessControl1);
        while (zkcm.allowDelete(stream1)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, true, false, true);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyWrite(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        String zkPath2 = zkRootPath + "/" + stream2;
        AccessControlEntry ace2 = new AccessControlEntry();
        ace2.setDenyTruncate(true);
        ZKAccessControl accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Create ACL for stream {} : {}", stream2, accessControl2);
        while (zkcm.allowWrite(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, false, true, true, true);
        // delete stream2
        Await.result(ZKAccessControl.delete(zkc, zkPath2));
        logger.info("Delete ACL for stream {}", stream2);
        while (!zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, true);
        // expire session
        ZooKeeperClientUtils.expireSession(zkc, zkServers, 1000);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyRelease(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        ace2 = new AccessControlEntry();
        ace2.setDenyAcquire(true);
        accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Created ACL for stream {} again : {}", stream2, accessControl2);
        while (zkcm.allowRelease(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowAcquire(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, false, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, false);
    } finally {
        zkcm.close();
    }
}
Also used : AccessControlEntry(com.twitter.distributedlog.thrift.AccessControlEntry) Test(org.junit.Test)

Example 2 with AccessControlEntry

use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.

the class ZKAccessControl method deserialize.

static AccessControlEntry deserialize(String zkPath, byte[] data) throws IOException {
    if (data.length == 0) {
        return DEFAULT_ACCESS_CONTROL_ENTRY;
    }
    AccessControlEntry ace = new AccessControlEntry();
    TMemoryInputTransport transport = new TMemoryInputTransport(data);
    TJSONProtocol protocol = new TJSONProtocol(transport);
    try {
        ace.read(protocol);
    } catch (TException e) {
        throw new CorruptedAccessControlException(zkPath, e);
    }
    return ace;
}
Also used : TException(org.apache.thrift.TException) TJSONProtocol(org.apache.thrift.protocol.TJSONProtocol) AccessControlEntry(com.twitter.distributedlog.thrift.AccessControlEntry) TMemoryInputTransport(org.apache.thrift.transport.TMemoryInputTransport)

Example 3 with AccessControlEntry

use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.

the class TestDistributedLogServer method testRequestDenied.

@Test(timeout = 60000)
public void testRequestDenied() throws Exception {
    String name = "request-denied";
    dlClient.routingService.addHost(name, dlServer.getAddress());
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyWrite(true);
    ZooKeeperClient zkc = TestZooKeeperClientBuilder.newBuilder().uri(getUri()).connectionTimeoutMs(60000).sessionTimeoutMs(60000).build();
    DistributedLogNamespace dlNamespace = dlServer.dlServer.getLeft().getDistributedLogNamespace();
    BKDLConfig bkdlConfig = BKDLConfig.resolveDLConfig(zkc, getUri());
    String zkPath = getUri().getPath() + "/" + bkdlConfig.getACLRootPath() + "/" + name;
    ZKAccessControl accessControl = new ZKAccessControl(ace, zkPath);
    accessControl.create(zkc);
    AccessControlManager acm = dlNamespace.createAccessControlManager();
    while (acm.allowWrite(name)) {
        Thread.sleep(100);
    }
    try {
        Await.result(dlClient.dlClient.write(name, ByteBuffer.wrap("1".getBytes(UTF_8))));
        fail("Should fail with request denied exception");
    } catch (DLException dle) {
        assertEquals(StatusCode.REQUEST_DENIED, dle.getCode());
    }
}
Also used : AccessControlManager(com.twitter.distributedlog.acl.AccessControlManager) ZooKeeperClient(com.twitter.distributedlog.ZooKeeperClient) DistributedLogNamespace(com.twitter.distributedlog.namespace.DistributedLogNamespace) DLException(com.twitter.distributedlog.exceptions.DLException) AccessControlEntry(com.twitter.distributedlog.thrift.AccessControlEntry) BKDLConfig(com.twitter.distributedlog.metadata.BKDLConfig) ZKAccessControl(com.twitter.distributedlog.acl.ZKAccessControl) Test(org.junit.Test)

Example 4 with AccessControlEntry

use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.

the class TestZKAccessControl method testCreateZKAccessControl.

@Test(timeout = 60000)
public void testCreateZKAccessControl() throws Exception {
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyWrite(true);
    String zkPath = "/create-zk-access-control";
    ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
    Await.result(zkac.create(zkc));
    ZKAccessControl readZKAC = Await.result(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(zkac, readZKAC);
    ZKAccessControl another = new ZKAccessControl(ace, zkPath);
    try {
        Await.result(another.create(zkc));
    } catch (KeeperException.NodeExistsException ke) {
    // expected
    }
}
Also used : AccessControlEntry(com.twitter.distributedlog.thrift.AccessControlEntry) KeeperException(org.apache.zookeeper.KeeperException) Test(org.junit.Test)

Example 5 with AccessControlEntry

use of com.twitter.distributedlog.thrift.AccessControlEntry in project distributedlog by twitter.

the class TestZKAccessControl method testUpdateZKAccessControl.

@Test(timeout = 60000)
public void testUpdateZKAccessControl() throws Exception {
    String zkPath = "/update-zk-access-control";
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyDelete(true);
    ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
    Await.result(zkac.create(zkc));
    ZKAccessControl readZKAC = Await.result(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(zkac, readZKAC);
    ace.setDenyRelease(true);
    ZKAccessControl newZKAC = new ZKAccessControl(ace, zkPath);
    Await.result(newZKAC.update(zkc));
    ZKAccessControl readZKAC2 = Await.result(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(newZKAC, readZKAC2);
    try {
        Await.result(readZKAC.update(zkc));
    } catch (KeeperException.BadVersionException bve) {
    // expected
    }
    readZKAC2.accessControlEntry.setDenyTruncate(true);
    Await.result(readZKAC2.update(zkc));
    ZKAccessControl readZKAC3 = Await.result(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(readZKAC2, readZKAC3);
}
Also used : AccessControlEntry(com.twitter.distributedlog.thrift.AccessControlEntry) KeeperException(org.apache.zookeeper.KeeperException) Test(org.junit.Test)

Aggregations

AccessControlEntry (com.twitter.distributedlog.thrift.AccessControlEntry)6 Test (org.junit.Test)5 KeeperException (org.apache.zookeeper.KeeperException)3 ZooKeeperClient (com.twitter.distributedlog.ZooKeeperClient)1 AccessControlManager (com.twitter.distributedlog.acl.AccessControlManager)1 ZKAccessControl (com.twitter.distributedlog.acl.ZKAccessControl)1 DLException (com.twitter.distributedlog.exceptions.DLException)1 BKDLConfig (com.twitter.distributedlog.metadata.BKDLConfig)1 DistributedLogNamespace (com.twitter.distributedlog.namespace.DistributedLogNamespace)1 TException (org.apache.thrift.TException)1 TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1 TMemoryInputTransport (org.apache.thrift.transport.TMemoryInputTransport)1