Search in sources :

Example 1 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project nifi by apache.

the class TestCuratorACLProviderFactory method testSaslAuthSchemeWithHostNoRealm.

@Test
public void testSaslAuthSchemeWithHostNoRealm() {
    final NiFiProperties nifiProperties;
    final CuratorACLProviderFactory factory;
    otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
    otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
    nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
    factory = new CuratorACLProviderFactory();
    ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
    ACLProvider provider = factory.create(config);
    assertFalse(provider instanceof DefaultACLProvider);
    List<ACL> acls = provider.getDefaultAcl();
    assertNotNull(acls);
    assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi/host");
}
Also used : NiFiProperties(org.apache.nifi.util.NiFiProperties) ACLProvider(org.apache.curator.framework.api.ACLProvider) DefaultACLProvider(org.apache.curator.framework.imps.DefaultACLProvider) ZooKeeperClientConfig(org.apache.nifi.controller.cluster.ZooKeeperClientConfig) DefaultACLProvider(org.apache.curator.framework.imps.DefaultACLProvider) ACL(org.apache.zookeeper.data.ACL) Test(org.junit.Test)

Example 2 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project xian by happyyangyuan.

the class TestFrameworkBackground method testErrorListener.

@Test
public void testErrorListener() throws Exception {
    ACLProvider badAclProvider = new ACLProvider() {

        @Override
        public List<ACL> getDefaultAcl() {
            throw new UnsupportedOperationException();
        }

        @Override
        public List<ACL> getAclForPath(String path) {
            throw new UnsupportedOperationException();
        }
    };
    CuratorFramework client = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(new RetryOneTime(1)).aclProvider(badAclProvider).build();
    try {
        client.start();
        final CountDownLatch errorLatch = new CountDownLatch(1);
        UnhandledErrorListener listener = new UnhandledErrorListener() {

            @Override
            public void unhandledError(String message, Throwable e) {
                if (e instanceof UnsupportedOperationException) {
                    errorLatch.countDown();
                }
            }
        };
        client.create().inBackground().withUnhandledErrorListener(listener).forPath("/foo");
        Assert.assertTrue(new Timing().awaitLatch(errorLatch));
    } finally {
        CloseableUtils.closeQuietly(client);
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) CuratorFramework(org.apache.curator.framework.CuratorFramework) RetryOneTime(org.apache.curator.retry.RetryOneTime) ACL(org.apache.zookeeper.data.ACL) UnhandledErrorListener(org.apache.curator.framework.api.UnhandledErrorListener) Timing(org.apache.curator.test.Timing) CountDownLatch(java.util.concurrent.CountDownLatch) Test(org.testng.annotations.Test)

Example 3 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project xian by happyyangyuan.

the class TestLeaderAcls method testAclErrorWithLeader.

@Test(description = "Validation test for CURATOR-365")
public void testAclErrorWithLeader() throws Exception {
    ACLProvider provider = new ACLProvider() {

        @Override
        public List<ACL> getDefaultAcl() {
            return ZooDefs.Ids.OPEN_ACL_UNSAFE;
        }

        @Override
        public List<ACL> getAclForPath(String path) {
            if (path.equals("/base")) {
                try {
                    String testDigest = DigestAuthenticationProvider.generateDigest("test:test");
                    return Collections.singletonList(new ACL(ZooDefs.Perms.ALL, new Id("digest", testDigest)));
                } catch (NoSuchAlgorithmException e) {
                    e.printStackTrace();
                }
            }
            return getDefaultAcl();
        }
    };
    RetryPolicy retryPolicy = new ExponentialBackoffRetry(timing.milliseconds(), 3);
    CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(retryPolicy).aclProvider(provider).authorization("digest", "test:test".getBytes());
    CuratorFramework client = builder.build();
    LeaderLatch latch = null;
    try {
        client.start();
        latch = new LeaderLatch(client, "/base");
        latch.start();
        Assert.assertTrue(latch.await(timing.forWaiting().seconds(), TimeUnit.SECONDS));
        latch.close();
        latch = null;
        CuratorFramework noAuthClient = CuratorFrameworkFactory.newClient(server.getConnectString(), retryPolicy);
        try {
            noAuthClient.start();
            final CountDownLatch noAuthLatch = new CountDownLatch(1);
            UnhandledErrorListener listener = new UnhandledErrorListener() {

                @Override
                public void unhandledError(String message, Throwable e) {
                    if (e instanceof KeeperException.NoAuthException) {
                        noAuthLatch.countDown();
                    }
                }
            };
            noAuthClient.getUnhandledErrorListenable().addListener(listener);
            // use a path below "base" as noAuthClient is not authorized to create nodes in "/base"
            // but also making sure that the code goes through the backgroundCreateParentsThenNode() codepath
            latch = new LeaderLatch(noAuthClient, "/base/second");
            latch.start();
            Assert.assertTrue(timing.awaitLatch(noAuthLatch));
        } finally {
            CloseableUtils.closeQuietly(noAuthClient);
        }
    } finally {
        CloseableUtils.closeQuietly(latch);
        CloseableUtils.closeQuietly(client);
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) CuratorFrameworkFactory(org.apache.curator.framework.CuratorFrameworkFactory) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) ACL(org.apache.zookeeper.data.ACL) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CountDownLatch(java.util.concurrent.CountDownLatch) CuratorFramework(org.apache.curator.framework.CuratorFramework) Id(org.apache.zookeeper.data.Id) UnhandledErrorListener(org.apache.curator.framework.api.UnhandledErrorListener) RetryPolicy(org.apache.curator.RetryPolicy) Test(org.testng.annotations.Test)

Example 4 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project atlas by apache.

the class CuratorFactory method enhanceBuilderWithSecurityParameters.

@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
    ACLProvider aclProvider = getAclProvider(zookeeperProperties);
    AuthInfo authInfo = null;
    if (zookeeperProperties.hasAuth()) {
        authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
    }
    if (aclProvider != null) {
        LOG.info("Setting up acl provider.");
        builder.aclProvider(aclProvider);
        if (authInfo != null) {
            byte[] auth = authInfo.getAuth();
            LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
            builder.authorization(authInfo.getScheme(), auth);
        }
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) AuthInfo(org.apache.curator.framework.AuthInfo) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 5 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project flink by apache.

the class ZooKeeperUtils method startCuratorFramework.

/**
 * Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper quorum.
 *
 * @param configuration {@link Configuration} object containing the configuration values
 * @param fatalErrorHandler {@link FatalErrorHandler} fatalErrorHandler to handle unexpected
 *     errors of {@link CuratorFramework}
 * @return {@link CuratorFrameworkWithUnhandledErrorListener} instance
 */
public static CuratorFrameworkWithUnhandledErrorListener startCuratorFramework(Configuration configuration, FatalErrorHandler fatalErrorHandler) {
    checkNotNull(configuration, "configuration");
    String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
    if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
        throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
    }
    int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
    int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
    int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
    int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
    String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
    String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
    boolean disableSaslClient = configuration.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE);
    ACLProvider aclProvider;
    ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
    if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
        String errorMessage = "Cannot set ACL role to " + ZkClientACLMode.CREATOR + "  since SASL authentication is " + "disabled through the " + SecurityOptions.ZOOKEEPER_SASL_DISABLE.key() + " property";
        LOG.warn(errorMessage);
        throw new IllegalConfigurationException(errorMessage);
    }
    if (aclMode == ZkClientACLMode.CREATOR) {
        LOG.info("Enforcing creator for ZK connections");
        aclProvider = new SecureAclProvider();
    } else {
        LOG.info("Enforcing default ACL for ZK connections");
        aclProvider = new DefaultACLProvider();
    }
    String rootWithNamespace = generateZookeeperPath(root, namespace);
    LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
    final CuratorFrameworkFactory.Builder curatorFrameworkBuilder = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(trimStartingSlash(rootWithNamespace)).aclProvider(aclProvider);
    if (configuration.get(HighAvailabilityOptions.ZOOKEEPER_TOLERATE_SUSPENDED_CONNECTIONS)) {
        curatorFrameworkBuilder.connectionStateErrorPolicy(new SessionConnectionStateErrorPolicy());
    }
    return startCuratorFramework(curatorFrameworkBuilder, fatalErrorHandler);
}
Also used : ACLProvider(org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider) DefaultACLProvider(org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider) CuratorFrameworkFactory(org.apache.flink.shaded.curator5.org.apache.curator.framework.CuratorFrameworkFactory) ExponentialBackoffRetry(org.apache.flink.shaded.curator5.org.apache.curator.retry.ExponentialBackoffRetry) IllegalConfigurationException(org.apache.flink.configuration.IllegalConfigurationException) CompletedCheckpoint(org.apache.flink.runtime.checkpoint.CompletedCheckpoint) SessionConnectionStateErrorPolicy(org.apache.flink.shaded.curator5.org.apache.curator.framework.state.SessionConnectionStateErrorPolicy) DefaultACLProvider(org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider)

Aggregations

ACLProvider (org.apache.curator.framework.api.ACLProvider)26 ACL (org.apache.zookeeper.data.ACL)15 ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)12 CuratorFramework (org.apache.curator.framework.CuratorFramework)10 DefaultACLProvider (org.apache.curator.framework.imps.DefaultACLProvider)8 RetryPolicy (org.apache.curator.RetryPolicy)7 Test (org.junit.Test)6 List (java.util.List)5 AuthInfo (org.apache.curator.framework.AuthInfo)5 ZooKeeperClientConfig (org.apache.nifi.controller.cluster.ZooKeeperClientConfig)4 NiFiProperties (org.apache.nifi.util.NiFiProperties)4 Id (org.apache.zookeeper.data.Id)4 Test (org.testng.annotations.Test)4 DefaultZooKeeperClient (com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)3 ZooKeeperClient (com.spotify.helios.servicescommon.coordination.ZooKeeperClient)3 CuratorFrameworkFactory (org.apache.curator.framework.CuratorFrameworkFactory)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 HeliosRuntimeException (com.spotify.helios.common.HeliosRuntimeException)2 CuratorClientFactoryImpl (com.spotify.helios.servicescommon.coordination.CuratorClientFactoryImpl)2 ArrayList (java.util.ArrayList)2