Search in sources :

Example 11 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project hive by apache.

the class HiveServer2 method getACLProvider.

private ACLProvider getACLProvider(HiveConf hiveConf) {
    final boolean isSecure = ZookeeperUtils.isKerberosEnabled(hiveConf);
    return new ACLProvider() {

        @Override
        public List<ACL> getDefaultAcl() {
            List<ACL> nodeAcls = new ArrayList<ACL>();
            if (isSecure) {
                // Read all to the world
                nodeAcls.addAll(Ids.READ_ACL_UNSAFE);
                // Create/Delete/Write/Admin to the authenticated user
                nodeAcls.add(new ACL(Perms.ALL, Ids.AUTH_IDS));
            } else {
                // ACLs for znodes on a non-kerberized cluster
                // Create/Read/Delete/Write/Admin to the world
                nodeAcls.addAll(Ids.OPEN_ACL_UNSAFE);
            }
            return nodeAcls;
        }

        @Override
        public List<ACL> getAclForPath(String path) {
            return getDefaultAcl();
        }
    };
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) ArrayList(java.util.ArrayList) ACL(org.apache.zookeeper.data.ACL)

Example 12 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project incubator-atlas by apache.

the class CuratorFactory method enhanceBuilderWithSecurityParameters.

@VisibleForTesting
void enhanceBuilderWithSecurityParameters(HAConfiguration.ZookeeperProperties zookeeperProperties, CuratorFrameworkFactory.Builder builder) {
    ACLProvider aclProvider = getAclProvider(zookeeperProperties);
    AuthInfo authInfo = null;
    if (zookeeperProperties.hasAuth()) {
        authInfo = AtlasZookeeperSecurityProperties.parseAuth(zookeeperProperties.getAuth());
    }
    if (aclProvider != null) {
        LOG.info("Setting up acl provider.");
        builder.aclProvider(aclProvider);
        if (authInfo != null) {
            byte[] auth = authInfo.getAuth();
            LOG.info("Setting up auth provider with scheme: {} and id: {}", authInfo.getScheme(), getIdForLogging(authInfo.getScheme(), new String(auth, Charsets.UTF_8)));
            builder.authorization(authInfo.getScheme(), auth);
        }
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) AuthInfo(org.apache.curator.framework.AuthInfo) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 13 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project Saturn by vipshop.

the class ZookeeperRegistryCenter method buildZkClient.

private CuratorFramework buildZkClient() {
    if (zkConfig.isUseNestedZookeeper()) {
        NestedZookeeperServers.getInstance().startServerIfNotStarted(zkConfig.getNestedPort(), zkConfig.getNestedDataDir());
    }
    Builder builder = CuratorFrameworkFactory.builder().connectString(zkConfig.getServerLists()).retryPolicy(new ExponentialBackoffRetry(zkConfig.getBaseSleepTimeMilliseconds(), zkConfig.getMaxRetries(), zkConfig.getMaxSleepTimeMilliseconds())).namespace(zkConfig.getNamespace());
    if (0 != zkConfig.getSessionTimeoutMilliseconds()) {
        sessionTimeout = zkConfig.getSessionTimeoutMilliseconds();
    } else {
        sessionTimeout = calculateSessionTimeout();
    }
    builder.sessionTimeoutMs(sessionTimeout);
    int connectionTimeout;
    if (0 != zkConfig.getConnectionTimeoutMilliseconds()) {
        connectionTimeout = zkConfig.getConnectionTimeoutMilliseconds();
    } else {
        connectionTimeout = calculateConnectionTimeout();
    }
    builder.connectionTimeoutMs(connectionTimeout);
    if (!Strings.isNullOrEmpty(zkConfig.getDigest())) {
        builder.authorization("digest", zkConfig.getDigest().getBytes(Charset.forName(Constant.CHARSET_UTF8))).aclProvider(new ACLProvider() {

            @Override
            public List<ACL> getDefaultAcl() {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }

            @Override
            public List<ACL> getAclForPath(final String path) {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }
        });
    }
    LogUtils.info(log, LogEvents.ExecutorEvent.COMMON, "Saturn job: zookeeper registry center init, server lists is: {}, connection_timeout: {}, session_timeout: {}, retry_times: {}", zkConfig.getServerLists(), connectionTimeout, sessionTimeout, zkConfig.getMaxRetries());
    return builder.build();
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) Builder(org.apache.curator.framework.CuratorFrameworkFactory.Builder) List(java.util.List)

Example 14 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project Saturn by vipshop.

the class CuratorRepositoryImpl method connect.

@Override
public CuratorFramework connect(final String connectString, final String namespace, final String digest) {
    Builder builder = CuratorFrameworkFactory.builder().connectString(connectString).sessionTimeoutMs(SESSION_TIMEOUT).connectionTimeoutMs(CONNECTION_TIMEOUT).retryPolicy(new ExponentialBackoffRetry(1000, 3, 3000));
    if (namespace != null) {
        builder.namespace(namespace);
    }
    if (!Strings.isNullOrEmpty(digest)) {
        builder.authorization("digest", digest.getBytes(Charset.forName("UTF-8"))).aclProvider(new ACLProvider() {

            @Override
            public List<ACL> getDefaultAcl() {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }

            @Override
            public List<ACL> getAclForPath(final String path) {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }
        });
    }
    CuratorFramework client = builder.build();
    client.start();
    boolean established = false;
    try {
        established = client.blockUntilConnected(WAITING_SECONDS, TimeUnit.SECONDS);
    } catch (final InterruptedException ex) {
        Thread.currentThread().interrupt();
    }
    if (established) {
        return client;
    }
    CloseableUtils.closeQuietly(client);
    return null;
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) CuratorFramework(org.apache.curator.framework.CuratorFramework) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) Builder(org.apache.curator.framework.CuratorFrameworkFactory.Builder) List(java.util.List)

Example 15 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project elastic-job by dangdangdotcom.

the class ZookeeperRegistryCenter method init.

@Override
public void init() {
    log.debug("Elastic job: zookeeper registry center init, server lists is: {}.", zkConfig.getServerLists());
    CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder().connectString(zkConfig.getServerLists()).retryPolicy(new ExponentialBackoffRetry(zkConfig.getBaseSleepTimeMilliseconds(), zkConfig.getMaxRetries(), zkConfig.getMaxSleepTimeMilliseconds())).namespace(zkConfig.getNamespace());
    if (0 != zkConfig.getSessionTimeoutMilliseconds()) {
        builder.sessionTimeoutMs(zkConfig.getSessionTimeoutMilliseconds());
    }
    if (0 != zkConfig.getConnectionTimeoutMilliseconds()) {
        builder.connectionTimeoutMs(zkConfig.getConnectionTimeoutMilliseconds());
    }
    if (!Strings.isNullOrEmpty(zkConfig.getDigest())) {
        builder.authorization("digest", zkConfig.getDigest().getBytes(Charsets.UTF_8)).aclProvider(new ACLProvider() {

            @Override
            public List<ACL> getDefaultAcl() {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }

            @Override
            public List<ACL> getAclForPath(final String path) {
                return ZooDefs.Ids.CREATOR_ALL_ACL;
            }
        });
    }
    client = builder.build();
    client.start();
    try {
        if (!client.blockUntilConnected(zkConfig.getMaxSleepTimeMilliseconds() * zkConfig.getMaxRetries(), TimeUnit.MILLISECONDS)) {
            client.close();
            throw new KeeperException.OperationTimeoutException();
        }
    //CHECKSTYLE:OFF
    } catch (final Exception ex) {
        //CHECKSTYLE:ON
        RegExceptionHandler.handleException(ex);
    }
}
Also used : ACLProvider(org.apache.curator.framework.api.ACLProvider) CuratorFrameworkFactory(org.apache.curator.framework.CuratorFrameworkFactory) ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry) List(java.util.List) KeeperException(org.apache.zookeeper.KeeperException)

Aggregations

ACLProvider (org.apache.curator.framework.api.ACLProvider)26 ACL (org.apache.zookeeper.data.ACL)15 ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)12 CuratorFramework (org.apache.curator.framework.CuratorFramework)10 DefaultACLProvider (org.apache.curator.framework.imps.DefaultACLProvider)8 RetryPolicy (org.apache.curator.RetryPolicy)7 Test (org.junit.Test)6 List (java.util.List)5 AuthInfo (org.apache.curator.framework.AuthInfo)5 ZooKeeperClientConfig (org.apache.nifi.controller.cluster.ZooKeeperClientConfig)4 NiFiProperties (org.apache.nifi.util.NiFiProperties)4 Id (org.apache.zookeeper.data.Id)4 Test (org.testng.annotations.Test)4 DefaultZooKeeperClient (com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)3 ZooKeeperClient (com.spotify.helios.servicescommon.coordination.ZooKeeperClient)3 CuratorFrameworkFactory (org.apache.curator.framework.CuratorFrameworkFactory)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 HeliosRuntimeException (com.spotify.helios.common.HeliosRuntimeException)2 CuratorClientFactoryImpl (com.spotify.helios.servicescommon.coordination.CuratorClientFactoryImpl)2 ArrayList (java.util.ArrayList)2