use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project druid by druid-io.
the class CuratorModule method makeCurator.
@Provides
@LazySingleton
public CuratorFramework makeCurator(CuratorConfig config, EnsembleProvider ensembleProvider, Lifecycle lifecycle) throws IOException {
final CuratorFramework framework = CuratorFrameworkFactory.builder().ensembleProvider(ensembleProvider).sessionTimeoutMs(config.getZkSessionTimeoutMs()).retryPolicy(new BoundedExponentialBackoffRetry(BASE_SLEEP_TIME_MS, MAX_SLEEP_TIME_MS, MAX_RETRIES)).compressionProvider(new PotentiallyGzippedCompressionProvider(config.getEnableCompression())).aclProvider(config.getEnableAcl() ? new SecuredACLProvider() : new DefaultACLProvider()).build();
lifecycle.addHandler(new Lifecycle.Handler() {
@Override
public void start() throws Exception {
log.info("Starting Curator");
framework.start();
}
@Override
public void stop() {
log.info("Stopping Curator");
framework.close();
}
});
return framework;
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeWithHostNoRealm.
@Test
public void testSaslAuthSchemeWithHostNoRealm() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi/host");
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project flink by apache.
the class ZooKeeperUtils method startCuratorFramework.
/**
* Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper quorum.
*
* @param configuration {@link Configuration} object containing the configuration values
* @param fatalErrorHandler {@link FatalErrorHandler} fatalErrorHandler to handle unexpected
* errors of {@link CuratorFramework}
* @return {@link CuratorFrameworkWithUnhandledErrorListener} instance
*/
public static CuratorFrameworkWithUnhandledErrorListener startCuratorFramework(Configuration configuration, FatalErrorHandler fatalErrorHandler) {
checkNotNull(configuration, "configuration");
String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
}
int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
boolean disableSaslClient = configuration.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE);
ACLProvider aclProvider;
ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
String errorMessage = "Cannot set ACL role to " + ZkClientACLMode.CREATOR + " since SASL authentication is " + "disabled through the " + SecurityOptions.ZOOKEEPER_SASL_DISABLE.key() + " property";
LOG.warn(errorMessage);
throw new IllegalConfigurationException(errorMessage);
}
if (aclMode == ZkClientACLMode.CREATOR) {
LOG.info("Enforcing creator for ZK connections");
aclProvider = new SecureAclProvider();
} else {
LOG.info("Enforcing default ACL for ZK connections");
aclProvider = new DefaultACLProvider();
}
String rootWithNamespace = generateZookeeperPath(root, namespace);
LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
final CuratorFrameworkFactory.Builder curatorFrameworkBuilder = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(trimStartingSlash(rootWithNamespace)).aclProvider(aclProvider);
if (configuration.get(HighAvailabilityOptions.ZOOKEEPER_TOLERATE_SUSPENDED_CONNECTIONS)) {
curatorFrameworkBuilder.connectionStateErrorPolicy(new SessionConnectionStateErrorPolicy());
}
return startCuratorFramework(curatorFrameworkBuilder, fatalErrorHandler);
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project druid by druid-io.
the class CuratorModule method makeCurator.
@Provides
@LazySingleton
@SuppressForbidden(reason = "System#err")
public CuratorFramework makeCurator(ZkEnablementConfig zkEnablementConfig, CuratorConfig config, EnsembleProvider ensembleProvider, Lifecycle lifecycle) {
if (!zkEnablementConfig.isEnabled()) {
throw new RuntimeException("Zookeeper is disabled, Can't create CuratorFramework.");
}
final CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder();
if (!Strings.isNullOrEmpty(config.getZkUser()) && !Strings.isNullOrEmpty(config.getZkPwd())) {
builder.authorization(config.getAuthScheme(), StringUtils.format("%s:%s", config.getZkUser(), config.getZkPwd()).getBytes(StandardCharsets.UTF_8));
}
RetryPolicy retryPolicy = new BoundedExponentialBackoffRetry(BASE_SLEEP_TIME_MS, MAX_SLEEP_TIME_MS, MAX_RETRIES);
final CuratorFramework framework = builder.ensembleProvider(ensembleProvider).sessionTimeoutMs(config.getZkSessionTimeoutMs()).connectionTimeoutMs(config.getZkConnectionTimeoutMs()).retryPolicy(retryPolicy).compressionProvider(new PotentiallyGzippedCompressionProvider(config.getEnableCompression())).aclProvider(config.getEnableAcl() ? new SecuredACLProvider() : new DefaultACLProvider()).build();
framework.getUnhandledErrorListenable().addListener((message, e) -> {
log.error(e, "Unhandled error in Curator, stopping server.");
shutdown(lifecycle);
});
lifecycle.addHandler(new Lifecycle.Handler() {
@Override
public void start() {
log.debug("Starting Curator");
framework.start();
}
@Override
public void stop() {
log.debug("Stopping Curator");
framework.close();
}
});
return framework;
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project hadoop by apache.
the class ZKSignerSecretProvider method createCuratorClient.
/**
* This method creates the Curator client and connects to ZooKeeper.
* @param config configuration properties
* @return A Curator client
* @throws Exception thrown if an error occurred
*/
protected CuratorFramework createCuratorClient(Properties config) throws Exception {
String connectionString = config.getProperty(ZOOKEEPER_CONNECTION_STRING, "localhost:2181");
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
ACLProvider aclProvider;
String authType = config.getProperty(ZOOKEEPER_AUTH_TYPE, "none");
if (authType.equals("sasl")) {
LOG.info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs");
String principal = setJaasConfiguration(config);
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME);
System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
aclProvider = new SASLOwnerACLProvider(principal);
} else {
// "none"
LOG.info("Connecting to ZooKeeper without authentication");
// open to everyone
aclProvider = new DefaultACLProvider();
}
CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(connectionString).retryPolicy(retryPolicy).aclProvider(aclProvider).build();
cf.start();
return cf;
}
Aggregations