Search in sources :

Example 1 with AuthInfo

use of org.apache.curator.framework.AuthInfo in project atlas by apache.

the class CuratorFactory method enhanceBuilderWithSecurityParameters.

@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
    ACLProvider aclProvider = getAclProvider(zookeeperProperties);
    AuthInfo authInfo = null;
    if (zookeeperProperties.hasAuth()) {
        authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
    }
    if (aclProvider != null) {
        LOG.info("Setting up acl provider.");
        builder.aclProvider(aclProvider);
        if (authInfo != null) {
            byte[] auth = authInfo.getAuth();
            LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
            builder.authorization(authInfo.getScheme(), auth);
        }
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) AuthInfo(org.apache.curator.framework.AuthInfo) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 2 with AuthInfo

use of org.apache.curator.framework.AuthInfo in project atlas by apache.

the class AtlasZookeeperSecurityPropertiesTest method shouldGetAuth.

@Test
public void shouldGetAuth() {
    AuthInfo authInfo = AtlasZookeeperSecurityProperties.parseAuth("digest:user:password");
    assertEquals(authInfo.getScheme(), "digest");
    assertEquals(authInfo.getAuth(), "user:password".getBytes(Charsets.UTF_8));
}
Also used : AuthInfo(org.apache.curator.framework.AuthInfo) Test(org.testng.annotations.Test)

Example 3 with AuthInfo

use of org.apache.curator.framework.AuthInfo in project helios by spotify.

the class ZooKeeperAclInitializer method initializeAcl.

static void initializeAcl(final String zooKeeperConnectionString, final String zooKeeperClusterId, final String masterUser, final String masterPassword, final String agentUser, final String agentPassword) throws KeeperException {
    final ACLProvider aclProvider = heliosAclProvider(masterUser, digest(masterUser, masterPassword), agentUser, digest(agentUser, agentPassword));
    final List<AuthInfo> authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", masterUser, masterPassword).getBytes()));
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = new CuratorClientFactoryImpl().newClient(zooKeeperConnectionString, (int) TimeUnit.SECONDS.toMillis(60), (int) TimeUnit.SECONDS.toMillis(15), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, zooKeeperClusterId);
    try {
        client.start();
        initializeAclRecursive(client, "/", aclProvider);
    } finally {
        client.close();
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) AuthInfo(org.apache.curator.framework.AuthInfo) CuratorFramework(org.apache.curator.framework.CuratorFramework) ZooKeeperClient(com.spotify.helios.servicescommon.coordination.ZooKeeperClient) DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) CuratorClientFactoryImpl(com.spotify.helios.servicescommon.coordination.CuratorClientFactoryImpl) DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient) RetryPolicy(org.apache.curator.RetryPolicy)

Example 4 with AuthInfo

use of org.apache.curator.framework.AuthInfo in project helios by spotify.

the class MasterService method setupZookeeperClient.

/**
 * Create a Zookeeper client and create the control and state nodes if needed.
 *
 * @param config The service configuration.
 *
 * @return A zookeeper client.
 */
private ZooKeeperClient setupZookeeperClient(final MasterConfig config) {
    ACLProvider aclProvider = null;
    List<AuthInfo> authorization = null;
    final String masterUser = config.getZookeeperAclMasterUser();
    final String masterPassword = config.getZooKeeperAclMasterPassword();
    final String agentUser = config.getZookeeperAclAgentUser();
    final String agentDigest = config.getZooKeeperAclAgentDigest();
    if (!isNullOrEmpty(masterPassword)) {
        if (isNullOrEmpty(masterUser)) {
            throw new HeliosRuntimeException("Master username must be set if a password is set");
        }
        authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", masterUser, masterPassword).getBytes()));
    }
    if (config.isZooKeeperEnableAcls()) {
        if (isNullOrEmpty(masterUser) || isNullOrEmpty(masterPassword)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but master username and/or password not set");
        }
        if (isNullOrEmpty(agentUser) || isNullOrEmpty(agentDigest)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but agent username and/or digest not set");
        }
        aclProvider = heliosAclProvider(masterUser, digest(masterUser, masterPassword), agentUser, agentDigest);
    }
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = curatorClientFactory.newClient(config.getZooKeeperConnectionString(), config.getZooKeeperSessionTimeoutMillis(), config.getZooKeeperConnectionTimeoutMillis(), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, config.getZooKeeperClusterId());
    client.start();
    zkRegistrar = ZooKeeperRegistrarService.newBuilder().setZooKeeperClient(client).setZooKeeperRegistrar(new MasterZooKeeperRegistrar(config.getName())).build();
    // place where we have access to the ACL provider.
    if (aclProvider != null) {
        // effects are limited to a spurious log line.
        try {
            final List<ACL> curAcls = client.getAcl("/");
            final List<ACL> wantedAcls = aclProvider.getAclForPath("/");
            if (!Sets.newHashSet(curAcls).equals(Sets.newHashSet(wantedAcls))) {
                log.info("Current ACL's on the zookeeper root node differ from desired, updating: {} -> {}", curAcls, wantedAcls);
                client.getCuratorFramework().setACL().withACL(wantedAcls).forPath("/");
            }
        } catch (Exception e) {
            log.error("Failed to get/set ACLs on the zookeeper root node", e);
        }
    }
    return client;
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) AuthInfo(org.apache.curator.framework.AuthInfo) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) HeliosRuntimeException(com.spotify.helios.common.HeliosRuntimeException) ACL(org.apache.zookeeper.data.ACL) DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient) HeliosRuntimeException(com.spotify.helios.common.HeliosRuntimeException) ConfigurationException(io.dropwizard.configuration.ConfigurationException) IOException(java.io.IOException) CuratorFramework(org.apache.curator.framework.CuratorFramework) ZooKeeperClient(com.spotify.helios.servicescommon.coordination.ZooKeeperClient) DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient) RetryPolicy(org.apache.curator.RetryPolicy)

Example 5 with AuthInfo

use of org.apache.curator.framework.AuthInfo in project incubator-atlas by apache.

the class AtlasZookeeperSecurityPropertiesTest method shouldGetAuth.

@Test
public void shouldGetAuth() {
    AuthInfo authInfo = AtlasZookeeperSecurityProperties.parseAuth("digest:user:password");
    assertEquals(authInfo.getScheme(), "digest");
    assertEquals(authInfo.getAuth(), "user:password".getBytes(Charsets.UTF_8));
}
Also used : AuthInfo(org.apache.curator.framework.AuthInfo) Test(org.testng.annotations.Test)

Aggregations

AuthInfo (org.apache.curator.framework.AuthInfo)12 CuratorFramework (org.apache.curator.framework.CuratorFramework)6 ACLProvider (org.apache.curator.framework.api.ACLProvider)5 RetryPolicy (org.apache.curator.RetryPolicy)4 ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)4 DefaultZooKeeperClient (com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)3 ZooKeeperClient (com.spotify.helios.servicescommon.coordination.ZooKeeperClient)3 ArrayList (java.util.ArrayList)3 CuratorFrameworkFactory (org.apache.curator.framework.CuratorFrameworkFactory)3 Test (org.testng.annotations.Test)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 HeliosRuntimeException (com.spotify.helios.common.HeliosRuntimeException)2 CuratorClientFactoryImpl (com.spotify.helios.servicescommon.coordination.CuratorClientFactoryImpl)2 ACL (org.apache.zookeeper.data.ACL)2 RegistryConfig (com.alipay.sofa.ark.config.RegistryConfig)1 SystemClock (com.spotify.helios.common.SystemClock)1 ConfigurationException (io.dropwizard.configuration.ConfigurationException)1 IOException (java.io.IOException)1 ConnectionState (org.apache.curator.framework.state.ConnectionState)1 ConnectionStateListener (org.apache.curator.framework.state.ConnectionStateListener)1