use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeWithHostNoRealm.
@Test
public void testSaslAuthSchemeWithHostNoRealm() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi/host");
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project xian by happyyangyuan.
the class TestFrameworkBackground method testErrorListener.
@Test
public void testErrorListener() throws Exception {
ACLProvider badAclProvider = new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
throw new UnsupportedOperationException();
}
@Override
public List<ACL> getAclForPath(String path) {
throw new UnsupportedOperationException();
}
};
CuratorFramework client = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(new RetryOneTime(1)).aclProvider(badAclProvider).build();
try {
client.start();
final CountDownLatch errorLatch = new CountDownLatch(1);
UnhandledErrorListener listener = new UnhandledErrorListener() {
@Override
public void unhandledError(String message, Throwable e) {
if (e instanceof UnsupportedOperationException) {
errorLatch.countDown();
}
}
};
client.create().inBackground().withUnhandledErrorListener(listener).forPath("/foo");
Assert.assertTrue(new Timing().awaitLatch(errorLatch));
} finally {
CloseableUtils.closeQuietly(client);
}
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project xian by happyyangyuan.
the class TestLeaderAcls method testAclErrorWithLeader.
@Test(description = "Validation test for CURATOR-365")
public void testAclErrorWithLeader() throws Exception {
ACLProvider provider = new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return ZooDefs.Ids.OPEN_ACL_UNSAFE;
}
@Override
public List<ACL> getAclForPath(String path) {
if (path.equals("/base")) {
try {
String testDigest = DigestAuthenticationProvider.generateDigest("test:test");
return Collections.singletonList(new ACL(ZooDefs.Perms.ALL, new Id("digest", testDigest)));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
return getDefaultAcl();
}
};
RetryPolicy retryPolicy = new ExponentialBackoffRetry(timing.milliseconds(), 3);
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(retryPolicy).aclProvider(provider).authorization("digest", "test:test".getBytes());
CuratorFramework client = builder.build();
LeaderLatch latch = null;
try {
client.start();
latch = new LeaderLatch(client, "/base");
latch.start();
Assert.assertTrue(latch.await(timing.forWaiting().seconds(), TimeUnit.SECONDS));
latch.close();
latch = null;
CuratorFramework noAuthClient = CuratorFrameworkFactory.newClient(server.getConnectString(), retryPolicy);
try {
noAuthClient.start();
final CountDownLatch noAuthLatch = new CountDownLatch(1);
UnhandledErrorListener listener = new UnhandledErrorListener() {
@Override
public void unhandledError(String message, Throwable e) {
if (e instanceof KeeperException.NoAuthException) {
noAuthLatch.countDown();
}
}
};
noAuthClient.getUnhandledErrorListenable().addListener(listener);
// use a path below "base" as noAuthClient is not authorized to create nodes in "/base"
// but also making sure that the code goes through the backgroundCreateParentsThenNode() codepath
latch = new LeaderLatch(noAuthClient, "/base/second");
latch.start();
Assert.assertTrue(timing.awaitLatch(noAuthLatch));
} finally {
CloseableUtils.closeQuietly(noAuthClient);
}
} finally {
CloseableUtils.closeQuietly(latch);
CloseableUtils.closeQuietly(client);
}
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project atlas by apache.
the class CuratorFactory method enhanceBuilderWithSecurityParameters.
@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
ACLProvider aclProvider = getAclProvider(zookeeperProperties);
AuthInfo authInfo = null;
if (zookeeperProperties.hasAuth()) {
authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
}
if (aclProvider != null) {
LOG.info("Setting up acl provider.");
builder.aclProvider(aclProvider);
if (authInfo != null) {
byte[] auth = authInfo.getAuth();
LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
builder.authorization(authInfo.getScheme(), auth);
}
}
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project flink by apache.
the class ZooKeeperUtils method startCuratorFramework.
/**
* Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper quorum.
*
* @param configuration {@link Configuration} object containing the configuration values
* @param fatalErrorHandler {@link FatalErrorHandler} fatalErrorHandler to handle unexpected
* errors of {@link CuratorFramework}
* @return {@link CuratorFrameworkWithUnhandledErrorListener} instance
*/
public static CuratorFrameworkWithUnhandledErrorListener startCuratorFramework(Configuration configuration, FatalErrorHandler fatalErrorHandler) {
checkNotNull(configuration, "configuration");
String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
}
int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
boolean disableSaslClient = configuration.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE);
ACLProvider aclProvider;
ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
String errorMessage = "Cannot set ACL role to " + ZkClientACLMode.CREATOR + " since SASL authentication is " + "disabled through the " + SecurityOptions.ZOOKEEPER_SASL_DISABLE.key() + " property";
LOG.warn(errorMessage);
throw new IllegalConfigurationException(errorMessage);
}
if (aclMode == ZkClientACLMode.CREATOR) {
LOG.info("Enforcing creator for ZK connections");
aclProvider = new SecureAclProvider();
} else {
LOG.info("Enforcing default ACL for ZK connections");
aclProvider = new DefaultACLProvider();
}
String rootWithNamespace = generateZookeeperPath(root, namespace);
LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
final CuratorFrameworkFactory.Builder curatorFrameworkBuilder = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(trimStartingSlash(rootWithNamespace)).aclProvider(aclProvider);
if (configuration.get(HighAvailabilityOptions.ZOOKEEPER_TOLERATE_SUSPENDED_CONNECTIONS)) {
curatorFrameworkBuilder.connectionStateErrorPolicy(new SessionConnectionStateErrorPolicy());
}
return startCuratorFramework(curatorFrameworkBuilder, fatalErrorHandler);
}
Aggregations