use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project hive by apache.
the class HiveServer2 method getACLProvider.
private ACLProvider getACLProvider(HiveConf hiveConf) {
final boolean isSecure = ZookeeperUtils.isKerberosEnabled(hiveConf);
return new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
List<ACL> nodeAcls = new ArrayList<ACL>();
if (isSecure) {
// Read all to the world
nodeAcls.addAll(Ids.READ_ACL_UNSAFE);
// Create/Delete/Write/Admin to the authenticated user
nodeAcls.add(new ACL(Perms.ALL, Ids.AUTH_IDS));
} else {
// ACLs for znodes on a non-kerberized cluster
// Create/Read/Delete/Write/Admin to the world
nodeAcls.addAll(Ids.OPEN_ACL_UNSAFE);
}
return nodeAcls;
}
@Override
public List<ACL> getAclForPath(String path) {
return getDefaultAcl();
}
};
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project incubator-atlas by apache.
the class CuratorFactory method enhanceBuilderWithSecurityParameters.
@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
ACLProvider aclProvider = getAclProvider(zookeeperProperties);
AuthInfo authInfo = null;
if (zookeeperProperties.hasAuth()) {
authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
}
if (aclProvider != null) {
LOG.info("Setting up acl provider.");
builder.aclProvider(aclProvider);
if (authInfo != null) {
byte[] auth = authInfo.getAuth();
LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
builder.authorization(authInfo.getScheme(), auth);
}
}
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project Saturn by vipshop.
the class ZookeeperRegistryCenter method buildZkClient.
private CuratorFramework buildZkClient() {
if (zkConfig.isUseNestedZookeeper()) {
NestedZookeeperServers.getInstance().startServerIfNotStarted(zkConfig.getNestedPort(), zkConfig.getNestedDataDir());
}
Builder builder = CuratorFrameworkFactory.builder().connectString(zkConfig.getServerLists()).retryPolicy(new ExponentialBackoffRetry(zkConfig.getBaseSleepTimeMilliseconds(), zkConfig.getMaxRetries(), zkConfig.getMaxSleepTimeMilliseconds())).namespace(zkConfig.getNamespace());
if (0 != zkConfig.getSessionTimeoutMilliseconds()) {
sessionTimeout = zkConfig.getSessionTimeoutMilliseconds();
} else {
sessionTimeout = calculateSessionTimeout();
}
builder.sessionTimeoutMs(sessionTimeout);
int connectionTimeout;
if (0 != zkConfig.getConnectionTimeoutMilliseconds()) {
connectionTimeout = zkConfig.getConnectionTimeoutMilliseconds();
} else {
connectionTimeout = calculateConnectionTimeout();
}
builder.connectionTimeoutMs(connectionTimeout);
if (!Strings.isNullOrEmpty(zkConfig.getDigest())) {
builder.authorization("digest", zkConfig.getDigest().getBytes(Charset.forName(Constant.CHARSET_UTF8))).aclProvider(new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
@Override
public List<ACL> getAclForPath(final String path) {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
});
}
LogUtils.info(log, LogEvents.ExecutorEvent.COMMON, "Saturn job: zookeeper registry center init, server lists is: {}, connection_timeout: {}, session_timeout: {}, retry_times: {}", zkConfig.getServerLists(), connectionTimeout, sessionTimeout, zkConfig.getMaxRetries());
return builder.build();
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project Saturn by vipshop.
the class CuratorRepositoryImpl method connect.
@Override
public CuratorFramework connect(final String connectString, final String namespace, final String digest) {
Builder builder = CuratorFrameworkFactory.builder().connectString(connectString).sessionTimeoutMs(SESSION_TIMEOUT).connectionTimeoutMs(CONNECTION_TIMEOUT).retryPolicy(new ExponentialBackoffRetry(1000, 3, 3000));
if (namespace != null) {
builder.namespace(namespace);
}
if (!Strings.isNullOrEmpty(digest)) {
builder.authorization("digest", digest.getBytes(Charset.forName("UTF-8"))).aclProvider(new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
@Override
public List<ACL> getAclForPath(final String path) {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
});
}
CuratorFramework client = builder.build();
client.start();
boolean established = false;
try {
established = client.blockUntilConnected(WAITING_SECONDS, TimeUnit.SECONDS);
} catch (final InterruptedException ex) {
Thread.currentThread().interrupt();
}
if (established) {
return client;
}
CloseableUtils.closeQuietly(client);
return null;
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project elastic-job by dangdangdotcom.
the class ZookeeperRegistryCenter method init.
@Override
public void init() {
log.debug("Elastic job: zookeeper registry center init, server lists is: {}.", zkConfig.getServerLists());
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(zkConfig.getServerLists()).retryPolicy(new ExponentialBackoffRetry(zkConfig.getBaseSleepTimeMilliseconds(), zkConfig.getMaxRetries(), zkConfig.getMaxSleepTimeMilliseconds())).namespace(zkConfig.getNamespace());
if (0 != zkConfig.getSessionTimeoutMilliseconds()) {
builder.sessionTimeoutMs(zkConfig.getSessionTimeoutMilliseconds());
}
if (0 != zkConfig.getConnectionTimeoutMilliseconds()) {
builder.connectionTimeoutMs(zkConfig.getConnectionTimeoutMilliseconds());
}
if (!Strings.isNullOrEmpty(zkConfig.getDigest())) {
builder.authorization("digest", zkConfig.getDigest().getBytes(Charsets.UTF_8)).aclProvider(new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
@Override
public List<ACL> getAclForPath(final String path) {
return ZooDefs.Ids.CREATOR_ALL_ACL;
}
});
}
client = builder.build();
client.start();
try {
if (!client.blockUntilConnected(zkConfig.getMaxSleepTimeMilliseconds() * zkConfig.getMaxRetries(), TimeUnit.MILLISECONDS)) {
client.close();
throw new KeeperException.OperationTimeoutException();
}
//CHECKSTYLE:OFF
} catch (final Exception ex) {
//CHECKSTYLE:ON
RegExceptionHandler.handleException(ex);
}
}
Aggregations