Examples with ACLProvider org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider used on opensource projects

Example 21 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project nifi by apache.

the class TestCuratorACLProviderFactory method testSaslAuthSchemeNoHostWithRealm.

@Test
public void testSaslAuthSchemeNoHostWithRealm() {
    final NiFiProperties nifiProperties;
    final CuratorACLProviderFactory factory;
    otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
    otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "false");
    nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
    factory = new CuratorACLProviderFactory();
    ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
    ACLProvider provider = factory.create(config);
    assertFalse(provider instanceof DefaultACLProvider);
    List<ACL> acls = provider.getDefaultAcl();
    assertNotNull(acls);
    assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi@REALM.COM");
}

Example 22 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project atlas by apache.

the class CuratorFactoryTest method shouldAddAclProviderWithRightACL.

@Test
public void shouldAddAclProviderWithRightACL() {
    when(zookeeperProperties.hasAcl()).thenReturn(true);
    when(zookeeperProperties.getAcl()).thenReturn("sasl:myclient@EXAMPLE.COM");
    when(zookeeperProperties.hasAuth()).thenReturn(false);
    CuratorFactory curatorFactory = new CuratorFactory(configuration) {

        @Override
        protected void initializeCuratorFramework() {
        }
    };
    curatorFactory.enhanceBuilderWithSecurityParameters(zookeeperProperties, builder);
    verify(builder).aclProvider(argThat(new ArgumentMatcher<ACLProvider>() {

        @Override
        public boolean matches(Object o) {
            ACLProvider aclProvider = (ACLProvider) o;
            ACL acl = aclProvider.getDefaultAcl().get(0);
            return acl.getId().getId().equals("myclient@EXAMPLE.COM") && acl.getId().getScheme().equals("sasl");
        }
    }));
}

Example 23 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project atlas by apache.

the class CuratorFactory method getAclProvider.

private ACLProvider getAclProvider(HAConfiguration.ZookeeperProperties zookeeperProperties) {
    ACLProvider aclProvider = null;
    if (zookeeperProperties.hasAcl()) {
        final ACL acl = AtlasZookeeperSecurityProperties.parseAcl(zookeeperProperties.getAcl());
        LOG.info("Setting ACL for id {} with scheme {} and perms {}.", getIdForLogging(acl.getId().getScheme(), acl.getId().getId()), acl.getId().getScheme(), acl.getPerms());
        LOG.info("Current logged in user: {}", getCurrentUser());
        final List<ACL> acls = Arrays.asList(acl);
        aclProvider = new ACLProvider() {

            @Override
            public List<ACL> getDefaultAcl() {
                return acls;
            }

            @Override
            public List<ACL> getAclForPath(String path) {
                return acls;
            }
        };
    }
    return aclProvider;
}

Example 24 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project oozie by apache.

the class ZKUtils method createClient.

private void createClient() throws Exception {
    // Connect to the ZooKeeper server
    RetryPolicy retryPolicy = ZKUtils.getRetryPolicy();
    String zkConnectionString = ConfigurationService.get(ZK_CONNECTION_STRING);
    String zkNamespace = getZKNameSpace();
    int zkConnectionTimeout = ConfigurationService.getInt(ZK_CONNECTION_TIMEOUT);
    int zkSessionTimeout = ConfigurationService.getInt(ZK_SESSION_TIMEOUT, 300);
    ACLProvider aclProvider;
    if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
        log.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
        setJaasConfiguration();
        System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
        System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
        saslACL = Collections.singletonList(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal())));
        aclProvider = new SASLOwnerACLProvider();
    } else {
        log.info("Connecting to ZooKeeper without authentication");
        // open to everyone
        aclProvider = new DefaultACLProvider();
    }
    client = CuratorFrameworkFactory.builder().namespace(zkNamespace).connectString(zkConnectionString).retryPolicy(retryPolicy).aclProvider(aclProvider).connectionTimeoutMs(// in ms
    zkConnectionTimeout * 1000).sessionTimeoutMs(// in ms
    zkSessionTimeout * 1000).build();
    client.start();
    client.getConnectionStateListenable().addListener(new ZKConnectionListener());
}

Example 25 with ACLProvider

use of org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider in project helios by spotify.

the class AgentService method setupZookeeperClient.

/**
 * Create a Zookeeper client and create the control and state nodes if needed.
 *
 * @param config The service configuration.
 *
 * @return A zookeeper client.
 */
private ZooKeeperClient setupZookeeperClient(final AgentConfig config, final String id, final CountDownLatch zkRegistrationSignal) {
    ACLProvider aclProvider = null;
    List<AuthInfo> authorization = null;
    final String agentUser = config.getZookeeperAclAgentUser();
    final String agentPassword = config.getZooKeeperAclAgentPassword();
    final String masterUser = config.getZookeeperAclMasterUser();
    final String masterDigest = config.getZooKeeperAclMasterDigest();
    if (!isNullOrEmpty(agentPassword)) {
        if (isNullOrEmpty(agentUser)) {
            throw new HeliosRuntimeException("Agent username must be set if a password is set");
        }
        authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", agentUser, agentPassword).getBytes()));
    }
    if (config.isZooKeeperEnableAcls()) {
        if (isNullOrEmpty(agentUser) || isNullOrEmpty(agentPassword)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but agent username and/or password not set");
        }
        if (isNullOrEmpty(masterUser) || isNullOrEmpty(masterDigest)) {
            throw new HeliosRuntimeException("ZooKeeper ACLs enabled but master username and/or digest not set");
        }
        aclProvider = heliosAclProvider(masterUser, masterDigest, agentUser, digest(agentUser, agentPassword));
    }
    final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
    final CuratorFramework curator = new CuratorClientFactoryImpl().newClient(config.getZooKeeperConnectionString(), config.getZooKeeperSessionTimeoutMillis(), config.getZooKeeperConnectionTimeoutMillis(), zooKeeperRetryPolicy, aclProvider, authorization);
    final ZooKeeperClient client = new DefaultZooKeeperClient(curator, config.getZooKeeperClusterId());
    client.start();
    // Register the agent
    final AgentZooKeeperRegistrar agentZooKeeperRegistrar = new AgentZooKeeperRegistrar(config.getName(), id, config.getZooKeeperRegistrationTtlMinutes(), new SystemClock());
    zkRegistrar = ZooKeeperRegistrarService.newBuilder().setZooKeeperClient(client).setZooKeeperRegistrar(agentZooKeeperRegistrar).setZkRegistrationSignal(zkRegistrationSignal).build();
    return client;
}