Examples with ZKAccessControlManager - org.apache.distributedlog.impl.acl.ZKAccessControlManager

Example 1 with ZKAccessControlManager

use of org.apache.distributedlog.impl.acl.ZKAccessControlManager in project bookkeeper by apache.

the class TestZKAccessControlManager method testZKAccessControlManager.

@Test(timeout = 60000)
public void testZKAccessControlManager() throws Exception {
    String zkRootPath = "/test-zk-access-control-manager";
    String stream1 = "test-acm-1";
    String stream2 = "test-acm-2";
    logger.info("Creating ACL Manager for {}", zkRootPath);
    ZKAccessControlManager zkcm = new ZKAccessControlManager(conf, zkc, zkRootPath, executorService);
    logger.info("Created ACL Manager for {}", zkRootPath);
    try {
        verifyStreamPermissions(zkcm, stream1, true, true, true, true, true);
        // create stream1 (denyDelete = true)
        String zkPath1 = zkRootPath + "/" + stream1;
        AccessControlEntry ace1 = new AccessControlEntry();
        ace1.setDenyDelete(true);
        ZKAccessControl accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Create ACL for stream {} : {}", stream1, accessControl1);
        while (zkcm.allowDelete(stream1)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, true, false, true);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyWrite(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        String zkPath2 = zkRootPath + "/" + stream2;
        AccessControlEntry ace2 = new AccessControlEntry();
        ace2.setDenyTruncate(true);
        ZKAccessControl accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Create ACL for stream {} : {}", stream2, accessControl2);
        while (zkcm.allowWrite(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, false, true, true, true);
        // delete stream2
        Utils.ioResult(ZKAccessControl.delete(zkc, zkPath2));
        logger.info("Delete ACL for stream {}", stream2);
        while (!zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, true);
        // expire session
        ZooKeeperClientUtils.expireSession(zkc, zkServers, 1000);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyRelease(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        ace2 = new AccessControlEntry();
        ace2.setDenyAcquire(true);
        accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Created ACL for stream {} again : {}", stream2, accessControl2);
        while (zkcm.allowRelease(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowAcquire(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, false, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, false);
    } finally {
        zkcm.close();
    }
}

Also used : ZKAccessControlManager(org.apache.distributedlog.impl.acl.ZKAccessControlManager) AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) ZKAccessControl(org.apache.distributedlog.impl.acl.ZKAccessControl) Test(org.junit.Test)

Example 2 with ZKAccessControlManager

use of org.apache.distributedlog.impl.acl.ZKAccessControlManager in project bookkeeper by apache.

the class BKNamespaceDriver method getAccessControlManager.

@Override
public AccessControlManager getAccessControlManager() throws IOException {
    if (null == accessControlManager) {
        String aclRootPath = getBkdlConfig().getACLRootPath();
        // Build the access control manager
        if (aclRootPath == null) {
            accessControlManager = DefaultAccessControlManager.INSTANCE;
            LOG.info("Created default access control manager for {}", namespace);
        } else {
            if (!isReservedStreamName(aclRootPath)) {
                throw new IOException("Invalid Access Control List Root Path : " + aclRootPath);
            }
            String zkRootPath = namespace.getPath() + "/" + aclRootPath;
            LOG.info("Creating zk based access control manager @ {} for {}", zkRootPath, namespace);
            accessControlManager = new ZKAccessControlManager(conf, readerZKC, zkRootPath, scheduler);
            LOG.info("Created zk based access control manager @ {} for {}", zkRootPath, namespace);
        }
    }
    return accessControlManager;
}

Also used : ZKAccessControlManager(org.apache.distributedlog.impl.acl.ZKAccessControlManager) IOException(java.io.IOException)

Aggregations

ZKAccessControlManager (org.apache.distributedlog.impl.acl.ZKAccessControlManager)2 IOException (java.io.IOException)1 ZKAccessControl (org.apache.distributedlog.impl.acl.ZKAccessControl)1 AccessControlEntry (org.apache.distributedlog.thrift.AccessControlEntry)1 Test (org.junit.Test)1