use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project flink by apache.
the class ZooKeeperUtils method startCuratorFramework.
/**
* Starts a {@link CuratorFramework} instance and connects it to the given ZooKeeper
* quorum.
*
* @param configuration {@link Configuration} object containing the configuration values
* @return {@link CuratorFramework} instance
*/
public static CuratorFramework startCuratorFramework(Configuration configuration) {
Preconditions.checkNotNull(configuration, "configuration");
String zkQuorum = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM);
if (zkQuorum == null || StringUtils.isBlank(zkQuorum)) {
throw new RuntimeException("No valid ZooKeeper quorum has been specified. " + "You can specify the quorum via the configuration key '" + HighAvailabilityOptions.HA_ZOOKEEPER_QUORUM.key() + "'.");
}
int sessionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_SESSION_TIMEOUT);
int connectionTimeout = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_CONNECTION_TIMEOUT);
int retryWait = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_RETRY_WAIT);
int maxRetryAttempts = configuration.getInteger(HighAvailabilityOptions.ZOOKEEPER_MAX_RETRY_ATTEMPTS);
String root = configuration.getValue(HighAvailabilityOptions.HA_ZOOKEEPER_ROOT);
String namespace = configuration.getValue(HighAvailabilityOptions.HA_CLUSTER_ID);
boolean disableSaslClient = configuration.getBoolean(ConfigConstants.ZOOKEEPER_SASL_DISABLE, ConfigConstants.DEFAULT_ZOOKEEPER_SASL_DISABLE);
ACLProvider aclProvider;
ZkClientACLMode aclMode = ZkClientACLMode.fromConfig(configuration);
if (disableSaslClient && aclMode == ZkClientACLMode.CREATOR) {
String errorMessage = "Cannot set ACL role to " + aclMode + " since SASL authentication is " + "disabled through the " + ConfigConstants.ZOOKEEPER_SASL_DISABLE + " property";
LOG.warn(errorMessage);
throw new IllegalConfigurationException(errorMessage);
}
if (aclMode == ZkClientACLMode.CREATOR) {
LOG.info("Enforcing creator for ZK connections");
aclProvider = new SecureAclProvider();
} else {
LOG.info("Enforcing default ACL for ZK connections");
aclProvider = new DefaultACLProvider();
}
String rootWithNamespace = generateZookeeperPath(root, namespace);
LOG.info("Using '{}' as Zookeeper namespace.", rootWithNamespace);
CuratorFramework cf = CuratorFrameworkFactory.builder().connectString(zkQuorum).sessionTimeoutMs(sessionTimeout).connectionTimeoutMs(connectionTimeout).retryPolicy(new ExponentialBackoffRetry(retryWait, maxRetryAttempts)).namespace(rootWithNamespace.startsWith("/") ? rootWithNamespace.substring(1) : rootWithNamespace).aclProvider(aclProvider).build();
cf.start();
return cf;
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeNoHostNoRealm.
@Test
public void testSaslAuthSchemeNoHostNoRealm() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi");
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeHeadless.
@Test
public void testSaslAuthSchemeHeadless() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
otherProps.put("nifi.kerberos.service.principal", "nifi@REALM.COM");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi");
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeNoHostWithRealm.
@Test
public void testSaslAuthSchemeNoHostWithRealm() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "true");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "false");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi@REALM.COM");
}
use of org.apache.flink.shaded.curator5.org.apache.curator.framework.imps.DefaultACLProvider in project oozie by apache.
the class ZKUtils method createClient.
private void createClient() throws Exception {
// Connect to the ZooKeeper server
RetryPolicy retryPolicy = ZKUtils.getRetryPolicy();
String zkConnectionString = ConfigurationService.get(ZK_CONNECTION_STRING);
String zkNamespace = getZKNameSpace();
int zkConnectionTimeout = ConfigurationService.getInt(ZK_CONNECTION_TIMEOUT);
int zkSessionTimeout = ConfigurationService.getInt(ZK_SESSION_TIMEOUT, 300);
ACLProvider aclProvider;
if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
log.info("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
setJaasConfiguration();
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
saslACL = Collections.singletonList(new ACL(Perms.ALL, new Id("sasl", getServicePrincipal())));
aclProvider = new SASLOwnerACLProvider();
} else {
log.info("Connecting to ZooKeeper without authentication");
// open to everyone
aclProvider = new DefaultACLProvider();
}
client = CuratorFrameworkFactory.builder().namespace(zkNamespace).connectString(zkConnectionString).retryPolicy(retryPolicy).aclProvider(aclProvider).connectionTimeoutMs(// in ms
zkConnectionTimeout * 1000).sessionTimeoutMs(// in ms
zkSessionTimeout * 1000).build();
client.start();
client.getConnectionStateListenable().addListener(new ZKConnectionListener());
}
Aggregations