Search in sources :

Example 1 with AccessControlEntry

use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.

the class ZKAccessControl method deserialize.

static AccessControlEntry deserialize(String zkPath, byte[] data) throws IOException {
    if (data.length == 0) {
        return DEFAULT_ACCESS_CONTROL_ENTRY;
    }
    AccessControlEntry ace = new AccessControlEntry();
    TMemoryInputTransport transport = new TMemoryInputTransport(data);
    TJSONProtocol protocol = new TJSONProtocol(transport);
    try {
        ace.read(protocol);
    } catch (TException e) {
        throw new CorruptedAccessControlException(zkPath, e);
    }
    return ace;
}
Also used : TException(org.apache.thrift.TException) TJSONProtocol(org.apache.thrift.protocol.TJSONProtocol) AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) TMemoryInputTransport(org.apache.thrift.transport.TMemoryInputTransport)

Example 2 with AccessControlEntry

use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.

the class TestZKAccessControl method testDeleteZKAccessControl.

@Test(timeout = 60000)
public void testDeleteZKAccessControl() throws Exception {
    String zkPath = "/delete-zk-access-control";
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyDelete(true);
    ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
    Utils.ioResult(zkac.create(zkc));
    ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(zkac, readZKAC);
    Utils.ioResult(ZKAccessControl.delete(zkc, zkPath));
    try {
        FutureUtils.result(ZKAccessControl.read(zkc, zkPath, null));
    } catch (KeeperException.NoNodeException nne) {
    // expected.
    }
    Utils.ioResult(ZKAccessControl.delete(zkc, zkPath));
}
Also used : AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) ZKAccessControl(org.apache.distributedlog.impl.acl.ZKAccessControl) KeeperException(org.apache.zookeeper.KeeperException) Test(org.junit.Test)

Example 3 with AccessControlEntry

use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.

the class TestZKAccessControl method testUpdateZKAccessControl.

@Test(timeout = 60000)
public void testUpdateZKAccessControl() throws Exception {
    String zkPath = "/update-zk-access-control";
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyDelete(true);
    ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
    Utils.ioResult(zkac.create(zkc));
    ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(zkac, readZKAC);
    ace.setDenyRelease(true);
    ZKAccessControl newZKAC = new ZKAccessControl(ace, zkPath);
    Utils.ioResult(newZKAC.update(zkc));
    ZKAccessControl readZKAC2 = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(newZKAC, readZKAC2);
    try {
        FutureUtils.result(readZKAC.update(zkc));
    } catch (KeeperException.BadVersionException bve) {
    // expected
    }
    readZKAC2.getAccessControlEntry().setDenyTruncate(true);
    Utils.ioResult(readZKAC2.update(zkc));
    ZKAccessControl readZKAC3 = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(readZKAC2, readZKAC3);
}
Also used : AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) ZKAccessControl(org.apache.distributedlog.impl.acl.ZKAccessControl) KeeperException(org.apache.zookeeper.KeeperException) Test(org.junit.Test)

Example 4 with AccessControlEntry

use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.

the class TestZKAccessControl method testCreateZKAccessControl.

@Test(timeout = 60000)
public void testCreateZKAccessControl() throws Exception {
    AccessControlEntry ace = new AccessControlEntry();
    ace.setDenyWrite(true);
    String zkPath = "/create-zk-access-control";
    ZKAccessControl zkac = new ZKAccessControl(ace, zkPath);
    Utils.ioResult(zkac.create(zkc));
    ZKAccessControl readZKAC = Utils.ioResult(ZKAccessControl.read(zkc, zkPath, null));
    assertEquals(zkac, readZKAC);
    ZKAccessControl another = new ZKAccessControl(ace, zkPath);
    try {
        FutureUtils.result(another.create(zkc));
    } catch (KeeperException.NodeExistsException ke) {
    // expected
    }
}
Also used : AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) ZKAccessControl(org.apache.distributedlog.impl.acl.ZKAccessControl) KeeperException(org.apache.zookeeper.KeeperException) Test(org.junit.Test)

Example 5 with AccessControlEntry

use of org.apache.distributedlog.thrift.AccessControlEntry in project bookkeeper by apache.

the class TestZKAccessControlManager method testZKAccessControlManager.

@Test(timeout = 60000)
public void testZKAccessControlManager() throws Exception {
    String zkRootPath = "/test-zk-access-control-manager";
    String stream1 = "test-acm-1";
    String stream2 = "test-acm-2";
    logger.info("Creating ACL Manager for {}", zkRootPath);
    ZKAccessControlManager zkcm = new ZKAccessControlManager(conf, zkc, zkRootPath, executorService);
    logger.info("Created ACL Manager for {}", zkRootPath);
    try {
        verifyStreamPermissions(zkcm, stream1, true, true, true, true, true);
        // create stream1 (denyDelete = true)
        String zkPath1 = zkRootPath + "/" + stream1;
        AccessControlEntry ace1 = new AccessControlEntry();
        ace1.setDenyDelete(true);
        ZKAccessControl accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Create ACL for stream {} : {}", stream1, accessControl1);
        while (zkcm.allowDelete(stream1)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, true, false, true);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyWrite(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        String zkPath2 = zkRootPath + "/" + stream2;
        AccessControlEntry ace2 = new AccessControlEntry();
        ace2.setDenyTruncate(true);
        ZKAccessControl accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Create ACL for stream {} : {}", stream2, accessControl2);
        while (zkcm.allowWrite(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, false, true, true, true);
        // delete stream2
        Utils.ioResult(ZKAccessControl.delete(zkc, zkPath2));
        logger.info("Delete ACL for stream {}", stream2);
        while (!zkcm.allowTruncate(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, false, true, true, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, true);
        // expire session
        ZooKeeperClientUtils.expireSession(zkc, zkServers, 1000);
        // update stream1 (denyDelete = false, denyWrite = true)
        ace1 = new AccessControlEntry();
        ace1.setDenyRelease(true);
        accessControl1 = new ZKAccessControl(ace1, zkPath1);
        setACL(accessControl1);
        logger.info("Update ACL for stream {} : {}", stream1, accessControl1);
        // create stream2 (denyTruncate = true)
        ace2 = new AccessControlEntry();
        ace2.setDenyAcquire(true);
        accessControl2 = new ZKAccessControl(ace2, zkPath2);
        setACL(accessControl2);
        logger.info("Created ACL for stream {} again : {}", stream2, accessControl2);
        while (zkcm.allowRelease(stream1)) {
            Thread.sleep(100);
        }
        while (zkcm.allowAcquire(stream2)) {
            Thread.sleep(100);
        }
        verifyStreamPermissions(zkcm, stream1, true, true, false, true, true);
        verifyStreamPermissions(zkcm, stream2, true, true, true, true, false);
    } finally {
        zkcm.close();
    }
}
Also used : ZKAccessControlManager(org.apache.distributedlog.impl.acl.ZKAccessControlManager) AccessControlEntry(org.apache.distributedlog.thrift.AccessControlEntry) ZKAccessControl(org.apache.distributedlog.impl.acl.ZKAccessControl) Test(org.junit.Test)

Aggregations

AccessControlEntry (org.apache.distributedlog.thrift.AccessControlEntry)5 ZKAccessControl (org.apache.distributedlog.impl.acl.ZKAccessControl)4 Test (org.junit.Test)4 KeeperException (org.apache.zookeeper.KeeperException)3 ZKAccessControlManager (org.apache.distributedlog.impl.acl.ZKAccessControlManager)1 TException (org.apache.thrift.TException)1 TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1 TMemoryInputTransport (org.apache.thrift.transport.TMemoryInputTransport)1