use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.
the class ZKAccessControl method deserialize.
static AccessControlEntry deserialize(String zkPath, byte[] data) throws IOException {
if (data.length == 0) {
return DEFAULT_ACCESS_CONTROL_ENTRY;
}
AccessControlEntry ace = new AccessControlEntry();
TMemoryInputTransport transport = new TMemoryInputTransport(data);
TJSONProtocol protocol = new TJSONProtocol(transport);
try {
ace.read(protocol);
} catch (TException e) {
throw new CorruptedAccessControlException(zkPath, e);
}
return ace;
}
use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.
the class TestZKAccessControl method testDeleteZKAccessControl.
@Test(timeout = 60000)
public void testDeleteZKAccessControl() throws Exception {
String zkPath = "/delete-zk-access-control";
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyDelete(true);
ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
Utils.ioResult(zkac.create(zkc));
ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(zkac, readZKAC);
Utils.ioResult(ZKAccessControl.delete(zkc, zkPath));
try {
FutureUtils.result(ZKAccessControl.read(zkc, zkPath, null));
} catch (KeeperException.NoNodeException nne) {
// expected.
}
Utils.ioResult(ZKAccessControl.delete(zkc, zkPath));
}
use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.
the class TestZKAccessControl method testUpdateZKAccessControl.
@Test(timeout = 60000)
public void testUpdateZKAccessControl() throws Exception {
String zkPath = "/update-zk-access-control";
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyDelete(true);
ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
Utils.ioResult(zkac.create(zkc));
ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(zkac, readZKAC);
ace.setDenyRelease(true);
ZKAccessControl newZKAC = new ZKAccessControl(ace, zkPath);
Utils.ioResult(newZKAC.update(zkc));
ZKAccessControl readZKAC2 = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(newZKAC, readZKAC2);
try {
FutureUtils.result(readZKAC.update(zkc));
} catch (KeeperException.BadVersionException bve) {
// expected
}
readZKAC2.getAccessControlEntry().setDenyTruncate(true);
Utils.ioResult(readZKAC2.update(zkc));
ZKAccessControl readZKAC3 = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(readZKAC2, readZKAC3);
}
use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.
the class TestZKAccessControl method testCreateZKAccessControl.
@Test(timeout = 60000)
public void testCreateZKAccessControl() throws Exception {
AccessControlEntry ace = new AccessControlEntry();
ace.setDenyWrite(true);
String zkPath = "/create-zk-access-control";
ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
Utils.ioResult(zkac.create(zkc));
ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
assertEquals(zkac, readZKAC);
ZKAccessControl another = new ZKAccessControl(ace, zkPath);
try {
FutureUtils.result(another.create(zkc));
} catch (KeeperException.NodeExistsException ke) {
// expected
}
}
use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.
the class TestZKAccessControlManager method testZKAccessControlManager.
@Test(timeout = 60000)
public void testZKAccessControlManager() throws Exception {
String zkRootPath = "/test-zk-access-control-manager";
String stream1 = "test-acm-1";
String stream2 = "test-acm-2";
logger.info("Creating ACL Manager for {}", zkRootPath);
ZKAccessControlManager zkcm = new ZKAccessControlManager(conf, zkc, zkRootPath, executorService);
logger.info("Created ACL Manager for {}", zkRootPath);
try {
verifyStreamPermissions(zkcm, stream1, true, true, true, true, true);
// create stream1 (denyDelete = true)
String zkPath1 = zkRootPath + "/" + stream1;
AccessControlEntry ace1 = new AccessControlEntry();
ace1.setDenyDelete(true);
ZKAccessControl accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Create ACL for stream {} : {}", stream1, accessControl1);
while (zkcm.allowDelete(stream1)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, true, true, true, false, true);
// update stream1 (denyDelete = false, denyWrite = true)
ace1 = new AccessControlEntry();
ace1.setDenyWrite(true);
accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
// create stream2 (denyTruncate = true)
String zkPath2 = zkRootPath + "/" + stream2;
AccessControlEntry ace2 = new AccessControlEntry();
ace2.setDenyTruncate(true);
ZKAccessControl accessControl2 = new ZKAccessControl(ace2, zkPath2);
setACL(accessControl2);
logger.info("Create ACL for stream {} : {}", stream2, accessControl2);
while (zkcm.allowWrite(stream1)) {
Thread.sleep(100);
}
while (zkcm.allowTruncate(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
verifyStreamPermissions(zkcm, stream2, true, false, true, true, true);
// delete stream2
Utils.ioResult(ZKAccessControl.delete(zkc, zkPath2));
logger.info("Delete ACL for stream {}", stream2);
while (!zkcm.allowTruncate(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
verifyStreamPermissions(zkcm, stream2, true, true, true, true, true);
// expire session
ZooKeeperClientUtils.expireSession(zkc, zkServers, 1000);
// update stream1 (denyDelete = false, denyWrite = true)
ace1 = new AccessControlEntry();
ace1.setDenyRelease(true);
accessControl1 = new ZKAccessControl(ace1, zkPath1);
setACL(accessControl1);
logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
// create stream2 (denyTruncate = true)
ace2 = new AccessControlEntry();
ace2.setDenyAcquire(true);
accessControl2 = new ZKAccessControl(ace2, zkPath2);
setACL(accessControl2);
logger.info("Created ACL for stream {} again : {}", stream2, accessControl2);
while (zkcm.allowRelease(stream1)) {
Thread.sleep(100);
}
while (zkcm.allowAcquire(stream2)) {
Thread.sleep(100);
}
verifyStreamPermissions(zkcm, stream1, true, true, false, true, true);
verifyStreamPermissions(zkcm, stream2, true, true, true, true, false);
} finally {
zkcm.close();
}
}
Aggregations