Examples with ACLProvider org.apache.curator.framework.api.ACLProvider used on opensource projects

Example 6 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project elastic-job by dangdangdotcom.

the class ZookeeperRegistryCenter method init.

@Override
public void init() {
    log.debug("Elastic job: zookeeper registry center init, server lists is: {}.", zkConfig.getServerLists());
    CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(zkConfig.getServerLists()).retryPolicy(new ExponentialBackoffRetry(zkConfig.getBaseSleepTimeMilliseconds(), zkConfig.getMaxRetries(), zkConfig.getMaxSleepTimeMilliseconds())).namespace(zkConfig.getNamespace());
    if (0 != zkConfig.getSessionTimeoutMilliseconds()) {
        builder.sessionTimeoutMs(zkConfig.getSessionTimeoutMilliseconds());
    }
    if (0 != zkConfig.getConnectionTimeoutMilliseconds()) {
        builder.connectionTimeoutMs(zkConfig.getConnectionTimeoutMilliseconds());
    }
    if (!Strings.isNullOrEmpty(zkConfig.getDigest())) {
        builder.authorization("digest", zkConfig.getDigest().getBytes(Charsets.UTF_8)).aclProvider(new ACLProvider() {

            @Override
            public List<ACL> getDefaultAcl() {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }

            @Override
            public List<ACL> getAclForPath(final String path) {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }
        });
    }
    client = builder.build();
    client.start();
    try {
        if (!client.blockUntilConnected(zkConfig.getMaxSleepTimeMilliseconds() * zkConfig.getMaxRetries(), TimeUnit.MILLISECONDS)) {
            client.close();
            throw new KeeperException.OperationTimeoutException();
        }
    //CHECKSTYLE:OFF
    } catch (final Exception ex) {
        //CHECKSTYLE:ON
        RegExceptionHandler.handleException(ex);
    }
}

Example 7 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project hadoop by apache.

the class TestZKDelegationTokenSecretManager method testACLs.

@Test
public void testACLs() throws Exception {
    DelegationTokenManager tm1;
    String connectString = zkServer.getConnectString();
    Configuration conf = getSecretConf(connectString);
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
    String userPass = "myuser:mypass";
    final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(userPass)));
    ACLProvider digestAclProvider = new ACLProvider() {

        @Override
        public List<ACL> getAclForPath(String path) {
            return getDefaultAcl();
        }

        @Override
        public List<ACL> getDefaultAcl() {
            List<ACL> ret = new ArrayList<ACL>();
            ret.add(digestACL);
            return ret;
        }
    };
    CuratorFramework curatorFramework = CuratorFrameworkFactory.builder().connectString(connectString).retryPolicy(retryPolicy).aclProvider(digestAclProvider).authorization("digest", userPass.getBytes("UTF-8")).build();
    curatorFramework.start();
    ZKDelegationTokenSecretManager.setCurator(curatorFramework);
    tm1 = new DelegationTokenManager(conf, new Text("bla"));
    tm1.init();
    // check ACL
    String workingPath = conf.get(ZKDelegationTokenSecretManager.ZK_DTSM_ZNODE_WORKING_PATH);
    verifyACL(curatorFramework, "/" + workingPath, digestACL);
    tm1.destroy();
    ZKDelegationTokenSecretManager.setCurator(null);
    curatorFramework.close();
}

Example 8 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project hadoop by apache.

the class ZKSignerSecretProvider method createCuratorClient.

/**
   * This method creates the Curator client and connects to ZooKeeper.
   * @param config configuration properties
   * @return A Curator client
   * @throws Exception thrown if an error occurred
   */
protected CuratorFramework createCuratorClient(Properties config) throws Exception {
    String connectionString = config.getProperty(ZOOKEEPER_CONNECTION_STRING, "localhost:2181");
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
    ACLProvider aclProvider;
    String authType = config.getProperty(ZOOKEEPER_AUTH_TYPE, "none");
    if (authType.equals("sasl")) {
        LOG.info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs");
        String principal = setJaasConfiguration(config);
        System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME);
        System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
        aclProvider = new SASLOwnerACLProvider(principal);
    } else {
        // "none"
        LOG.info("Connecting to ZooKeeper without authentication");
        // open to everyone
        aclProvider = new DefaultACLProvider();
    }
    CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(connectionString).retryPolicy(retryPolicy).aclProvider(aclProvider).build();
    cf.start();
    return cf;
}

Example 9 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project flink by apache.

the class ZooKeeperUtils method startCuratorFramework.

/**
	 * Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper
	 * quorum.
	 *
	 * @param configuration {@link Configuration} object containing the configuration values
	 * @return {@link CuratorFramework} instance
	 */
public static CuratorFramework startCuratorFramework(Configuration configuration) {
    Preconditions.checkNotNull(configuration, "configuration");
    String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
    if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
        throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
    }
    int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
    int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
    int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
    int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
    String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
    String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
    boolean disableSaslClient = configuration.getBoolean(ConfigConstants.ZOOKEEPER_SASL_DISABLE, ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE);
    ACLProvider aclProvider;
    ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
    if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
        String errorMessage = "Cannot set ACL role to " + aclMode + "  since SASL authentication is " + "disabled through the " + ConfigConstants.ZOOKEEPER_SASL_DISABLE + " property";
        LOG.warn(errorMessage);
        throw new IllegalConfigurationException(errorMessage);
    }
    if (aclMode == ZkClientACLMode.CREATOR) {
        LOG.info("Enforcing creator for ZK connections");
        aclProvider = new SecureAclProvider();
    } else {
        LOG.info("Enforcing default ACL for ZK connections");
        aclProvider = new DefaultACLProvider();
    }
    String rootWithNamespace = generateZookeeperPath(root, namespace);
    LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
    CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(rootWithNamespace.startsWith("/") ? rootWithNamespace.substring(1) : rootWithNamespace).aclProvider(aclProvider).build();
    cf.start();
    return cf;
}

Example 10 with ACLProvider

use of org.apache.curator.framework.api.ACLProvider in project helios by spotify.

the class AgentService method setupZookeeperClient.

/**
   * Create a Zookeeper client and create the control and state nodes if needed.
   *
   * @param config The service configuration.
   * @return A zookeeper client.
   */
private ZooKeeperClient setupZookeeperClient(final AgentConfig config, final String id, final CountDownLatch zkRegistrationSignal) {
    ACLProvider aclProvider = null;
    List<AuthInfo> authorization = null;
    final String agentUser = config.getZookeeperAclAgentUser();
    final String agentPassword = config.getZooKeeperAclAgentPassword();
    final String masterUser = config.getZookeeperAclMasterUser();
    final String masterDigest = config.getZooKeeperAclMasterDigest();
    if (!isNullOrEmpty(agentPassword)) {
        if (isNullOrEmpty(agentUser)) {
            throw new HeliosRuntimeException("Agent username must be set if a password is set");
        }
        authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", agentUser, agentPassword).getBytes()));
    }
    if (config.isZooKeeperEnableAcls()) {
        if (isNullOrEmpty(agentUser) || isNullOrEmpty(agentPassword)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but agent username and/or password not set");
        }
        if (isNullOrEmpty(masterUser) || isNullOrEmpty(masterDigest)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but master username and/or digest not set");
        }
        aclProvider = heliosAclProvider(masterUser, masterDigest, agentUser, digest(agentUser, agentPassword));
    }
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = new CuratorClientFactoryImpl().newClient(config.getZooKeeperConnectionString(), config.getZooKeeperSessionTimeoutMillis(), config.getZooKeeperConnectionTimeoutMillis(), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, config.getZooKeeperClusterId());
    client.start();
    // Register the agent
    final AgentZooKeeperRegistrar agentZooKeeperRegistrar = new AgentZooKeeperRegistrar(config.getName(), id, config.getZooKeeperRegistrationTtlMinutes(), new SystemClock());
    zkRegistrar = ZooKeeperRegistrarService.newBuilder().setZooKeeperClient(client).setZooKeeperRegistrar(agentZooKeeperRegistrar).setZkRegistrationSignal(zkRegistrationSignal).build();
    return client;
}