Examples with DefaultACLProvider org.apache.curator.framework.imps.DefaultACLProvider used on opensource projects

Example 1 with DefaultACLProvider

use of org.apache.curator.framework.imps.DefaultACLProvider in project druid by druid-io.

the class CuratorModule method makeCurator.

@Provides
@LazySingleton
public CuratorFramework makeCurator(CuratorConfig config, EnsembleProvider ensembleProvider, Lifecycle lifecycle) throws IOException {
    final CuratorFramework framework = CuratorFrameworkFactory.builder().ensembleProvider(ensembleProvider).sessionTimeoutMs(config.getZkSessionTimeoutMs()).retryPolicy(new BoundedExponentialBackoffRetry(BASE_SLEEP_TIME_MS, MAX_SLEEP_TIME_MS, MAX_RETRIES)).compressionProvider(new PotentiallyGzippedCompressionProvider(config.getEnableCompression())).aclProvider(config.getEnableAcl() ? new SecuredACLProvider() : new DefaultACLProvider()).build();
    lifecycle.addHandler(new Lifecycle.Handler() {

        @Override
        public void start() throws Exception {
            log.info("Starting Curator");
            framework.start();
        }

        @Override
        public void stop() {
            log.info("Stopping Curator");
            framework.close();
        }
    });
    return framework;
}

Example 2 with DefaultACLProvider

use of org.apache.curator.framework.imps.DefaultACLProvider in project nifi by apache.

the class TestCuratorACLProviderFactory method testSaslAuthSchemeWithHostNoRealm.

@Test
public void testSaslAuthSchemeWithHostNoRealm() {
    final NiFiProperties nifiProperties;
    final CuratorACLProviderFactory factory;
    otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
    otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
    nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
    factory = new CuratorACLProviderFactory();
    ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
    ACLProvider provider = factory.create(config);
    assertFalse(provider instanceof DefaultACLProvider);
    List<ACL> acls = provider.getDefaultAcl();
    assertNotNull(acls);
    assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi/host");
}

Example 3 with DefaultACLProvider

use of org.apache.curator.framework.imps.DefaultACLProvider in project flink by apache.

the class ZooKeeperUtils method startCuratorFramework.

/**
 * Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper quorum.
 *
 * @param configuration {@link Configuration} object containing the configuration values
 * @param fatalErrorHandler {@link FatalErrorHandler} fatalErrorHandler to handle unexpected
 *     errors of {@link CuratorFramework}
 * @return {@link CuratorFrameworkWithUnhandledErrorListener} instance
 */
public static CuratorFrameworkWithUnhandledErrorListener startCuratorFramework(Configuration configuration, FatalErrorHandler fatalErrorHandler) {
    checkNotNull(configuration, "configuration");
    String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
    if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
        throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
    }
    int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
    int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
    int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
    int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
    String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
    String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
    boolean disableSaslClient = configuration.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE);
    ACLProvider aclProvider;
    ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
    if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
        String errorMessage = "Cannot set ACL role to " + ZkClientACLMode.CREATOR + "  since SASL authentication is " + "disabled through the " + SecurityOptions.ZOOKEEPER_SASL_DISABLE.key() + " property";
        LOG.warn(errorMessage);
        throw new IllegalConfigurationException(errorMessage);
    }
    if (aclMode == ZkClientACLMode.CREATOR) {
        LOG.info("Enforcing creator for ZK connections");
        aclProvider = new SecureAclProvider();
    } else {
        LOG.info("Enforcing default ACL for ZK connections");
        aclProvider = new DefaultACLProvider();
    }
    String rootWithNamespace = generateZookeeperPath(root, namespace);
    LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
    final CuratorFrameworkFactory.Builder curatorFrameworkBuilder = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(trimStartingSlash(rootWithNamespace)).aclProvider(aclProvider);
    if (configuration.get(HighAvailabilityOptions.ZOOKEEPER_TOLERATE_SUSPENDED_CONNECTIONS)) {
        curatorFrameworkBuilder.connectionStateErrorPolicy(new SessionConnectionStateErrorPolicy());
    }
    return startCuratorFramework(curatorFrameworkBuilder, fatalErrorHandler);
}

Example 4 with DefaultACLProvider

use of org.apache.curator.framework.imps.DefaultACLProvider in project hadoop by apache.

the class ZKSignerSecretProvider method createCuratorClient.

/**
   * This method creates the Curator client and connects to ZooKeeper.
   * @param config configuration properties
   * @return A Curator client
   * @throws Exception thrown if an error occurred
   */
protected CuratorFramework createCuratorClient(Properties config) throws Exception {
    String connectionString = config.getProperty(ZOOKEEPER_CONNECTION_STRING, "localhost:2181");
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
    ACLProvider aclProvider;
    String authType = config.getProperty(ZOOKEEPER_AUTH_TYPE, "none");
    if (authType.equals("sasl")) {
        LOG.info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs");
        String principal = setJaasConfiguration(config);
        System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME);
        System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
        aclProvider = new SASLOwnerACLProvider(principal);
    } else {
        // "none"
        LOG.info("Connecting to ZooKeeper without authentication");
        // open to everyone
        aclProvider = new DefaultACLProvider();
    }
    CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(connectionString).retryPolicy(retryPolicy).aclProvider(aclProvider).build();
    cf.start();
    return cf;
}

Example 5 with DefaultACLProvider

use of org.apache.curator.framework.imps.DefaultACLProvider in project flink by apache.

the class ZooKeeperUtils method startCuratorFramework.

/**
	 * Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper
	 * quorum.
	 *
	 * @param configuration {@link Configuration} object containing the configuration values
	 * @return {@link CuratorFramework} instance
	 */
public static CuratorFramework startCuratorFramework(Configuration configuration) {
    Preconditions.checkNotNull(configuration, "configuration");
    String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
    if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
        throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
    }
    int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
    int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
    int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
    int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
    String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
    String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
    boolean disableSaslClient = configuration.getBoolean(ConfigConstants.ZOOKEEPER_SASL_DISABLE, ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE);
    ACLProvider aclProvider;
    ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
    if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
        String errorMessage = "Cannot set ACL role to " + aclMode + "  since SASL authentication is " + "disabled through the " + ConfigConstants.ZOOKEEPER_SASL_DISABLE + " property";
        LOG.warn(errorMessage);
        throw new IllegalConfigurationException(errorMessage);
    }
    if (aclMode == ZkClientACLMode.CREATOR) {
        LOG.info("Enforcing creator for ZK connections");
        aclProvider = new SecureAclProvider();
    } else {
        LOG.info("Enforcing default ACL for ZK connections");
        aclProvider = new DefaultACLProvider();
    }
    String rootWithNamespace = generateZookeeperPath(root, namespace);
    LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
    CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(rootWithNamespace.startsWith("/") ? rootWithNamespace.substring(1) : rootWithNamespace).aclProvider(aclProvider).build();
    cf.start();
    return cf;
}