Example 51 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project flink by apache.
the class ZooKeeperLeaderElectionTest method testUnExpectedErrorForwarding.
/**
* Test that background errors in the {@link LeaderElectionDriver} are correctly forwarded to
* the {@link FatalErrorHandler}.
*/
@Test
public void testUnExpectedErrorForwarding() throws Exception {
LeaderElectionDriver leaderElectionDriver = null;
final TestingLeaderElectionEventHandler electionEventHandler = new TestingLeaderElectionEventHandler(LEADER_ADDRESS);
final TestingFatalErrorHandler fatalErrorHandler = new TestingFatalErrorHandler();
final FlinkRuntimeException testException = new FlinkRuntimeException("testUnExpectedErrorForwarding");
final CuratorFrameworkFactory.Builder curatorFrameworkBuilder = CuratorFrameworkFactory.builder().connectString(testingServer.getConnectString()).retryPolicy(new ExponentialBackoffRetry(1, 0)).aclProvider(new ACLProvider() {
// trigger background exception
@Override
public List<ACL> getDefaultAcl() {
throw testException;
}
@Override
public List<ACL> getAclForPath(String s) {
throw testException;
}
}).namespace("flink");
try (CuratorFrameworkWithUnhandledErrorListener curatorFrameworkWrapper = ZooKeeperUtils.startCuratorFramework(curatorFrameworkBuilder, fatalErrorHandler)) {
CuratorFramework clientWithErrorHandler = curatorFrameworkWrapper.asCuratorFramework();
assertFalse(fatalErrorHandler.getErrorFuture().isDone());
leaderElectionDriver = createAndInitLeaderElectionDriver(clientWithErrorHandler, electionEventHandler);
assertThat(fatalErrorHandler.getErrorFuture().join(), FlinkMatchers.containsCause(testException));
} finally {
electionEventHandler.close();
if (leaderElectionDriver != null) {
leaderElectionDriver.close();
}
}
}
Also used :
TestingFatalErrorHandler(org.apache.flink.runtime.util.TestingFatalErrorHandler)
ACLProvider(org.apache.flink.shaded.curator5.org.apache.curator.framework.api.ACLProvider)
CuratorFramework(org.apache.flink.shaded.curator5.org.apache.curator.framework.CuratorFramework)
CuratorFrameworkFactory(org.apache.flink.shaded.curator5.org.apache.curator.framework.CuratorFrameworkFactory)
ExponentialBackoffRetry(org.apache.flink.shaded.curator5.org.apache.curator.retry.ExponentialBackoffRetry)
FlinkRuntimeException(org.apache.flink.util.FlinkRuntimeException)
CuratorFrameworkWithUnhandledErrorListener(org.apache.flink.runtime.highavailability.zookeeper.CuratorFrameworkWithUnhandledErrorListener)
ACL(org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL)
Mockito.anyString(org.mockito.Mockito.anyString)
Test(org.junit.Test)
Example 52 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project helios by spotify.
the class ZooKeeperAclProviders method heliosAclProvider.
public static ACLProvider heliosAclProvider(final String masterUser, final String masterDigest, final String agentUser, final String agentDigest) {
final Id masterId = new Id(DIGEST_SCHEME, String.format("%s:%s", masterUser, masterDigest));
final Id agentId = new Id(DIGEST_SCHEME, String.format("%s:%s", agentUser, agentDigest));
return RuleBasedZooKeeperAclProvider.builder().defaultAcl(new ACL(CREATE | READ | WRITE | DELETE, masterId), new ACL(READ, agentId)).rule(".*", CREATE | READ | WRITE | DELETE, masterId).rule(".*", READ, agentId).rule(Paths.configHosts(), CREATE | DELETE, agentId).rule(Paths.configHost(PATH_COMPONENT_WILDCARD), CREATE | DELETE, agentId).rule(Paths.configHostId(PATH_COMPONENT_WILDCARD), CREATE | DELETE, agentId).rule(Paths.configHostPorts(PATH_COMPONENT_WILDCARD), CREATE | DELETE, agentId).rule(Paths.statusHosts(), CREATE | DELETE, agentId).rule(Paths.statusHost(PATH_COMPONENT_WILDCARD), CREATE | DELETE, agentId).rule(Paths.statusHostJobs(PATH_COMPONENT_WILDCARD), CREATE | DELETE, agentId).rule(Paths.statusHostJob(PATH_COMPONENT_WILDCARD, PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.statusHostAgentInfo(PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.statusHostInfo(PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.statusHostLabels(PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.statusHostEnvVars(PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.statusHostUp(PATH_COMPONENT_WILDCARD), WRITE, agentId).rule(Paths.historyJobs() + "(/.+)?", CREATE, agentId).rule(Paths.historyJobHostEvents(PATH_COMPONENT_WILDCARD, PATH_COMPONENT_WILDCARD), DELETE, agentId).build();
}Example 53 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project helios by spotify.
the class ZooKeeperAclTest method testAgentCreatedNodesHaveAcls.
/**
* Simple test to make sure nodes created by agents use the ACLs provided by the ACL provider.
*/
@Test
public void testAgentCreatedNodesHaveAcls() throws Exception {
startDefaultMaster();
startDefaultAgent(TEST_HOST);
awaitHostRegistered(TEST_HOST, WAIT_TIMEOUT_SECONDS, TimeUnit.SECONDS);
final CuratorFramework curator = zk().curatorWithSuperAuth();
final String path = Paths.configHost(TEST_HOST);
final List<ACL> acls = curator.getACL().forPath(path);
assertEquals(Sets.newHashSet(aclProvider.getAclForPath(path)), Sets.newHashSet(acls));
}
Also used :
CuratorFramework(org.apache.curator.framework.CuratorFramework)
ACL(org.apache.zookeeper.data.ACL)
Test(org.junit.Test)
Example 54 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project helios by spotify.
the class MasterService method setupZookeeperClient.
/**
* Create a Zookeeper client and create the control and state nodes if needed.
*
* @param config The service configuration.
*
* @return A zookeeper client.
*/
private ZooKeeperClient setupZookeeperClient(final MasterConfig config) {
ACLProvider aclProvider = null;
List<AuthInfo> authorization = null;
final String masterUser = config.getZookeeperAclMasterUser();
final String masterPassword = config.getZooKeeperAclMasterPassword();
final String agentUser = config.getZookeeperAclAgentUser();
final String agentDigest = config.getZooKeeperAclAgentDigest();
if (!isNullOrEmpty(masterPassword)) {
if (isNullOrEmpty(masterUser)) {
throw new HeliosRuntimeException("Master username must be set if a password is set");
}
authorization = Lists.newArrayList(new AuthInfo("digest", String.format("%s:%s", masterUser, masterPassword).getBytes()));
}
if (config.isZooKeeperEnableAcls()) {
if (isNullOrEmpty(masterUser) || isNullOrEmpty(masterPassword)) {
throw new HeliosRuntimeException("ZooKeeper ACLs enabled but master username and/or password not set");
}
if (isNullOrEmpty(agentUser) || isNullOrEmpty(agentDigest)) {
throw new HeliosRuntimeException("ZooKeeper ACLs enabled but agent username and/or digest not set");
}
aclProvider = heliosAclProvider(masterUser, digest(masterUser, masterPassword), agentUser, agentDigest);
}
final RetryPolicy zooKeeperRetryPolicy = new ExponentialBackoffRetry(1000, 3);
final CuratorFramework curator = curatorClientFactory.newClient(config.getZooKeeperConnectionString(), config.getZooKeeperSessionTimeoutMillis(), config.getZooKeeperConnectionTimeoutMillis(), zooKeeperRetryPolicy, aclProvider, authorization);
final ZooKeeperClient client = new DefaultZooKeeperClient(curator, config.getZooKeeperClusterId());
client.start();
zkRegistrar = ZooKeeperRegistrarService.newBuilder().setZooKeeperClient(client).setZooKeeperRegistrar(new MasterZooKeeperRegistrar(config.getName())).build();
// place where we have access to the ACL provider.
if (aclProvider != null) {
// effects are limited to a spurious log line.
try {
final List<ACL> curAcls = client.getAcl("/");
final List<ACL> wantedAcls = aclProvider.getAclForPath("/");
if (!Sets.newHashSet(curAcls).equals(Sets.newHashSet(wantedAcls))) {
log.info("Current ACL's on the zookeeper root node differ from desired, updating: {} -> {}", curAcls, wantedAcls);
client.getCuratorFramework().setACL().withACL(wantedAcls).forPath("/");
}
} catch (Exception e) {
log.error("Failed to get/set ACLs on the zookeeper root node", e);
}
}
return client;
}
Also used :
ACLProvider(org.apache.curator.framework.api.ACLProvider)
AuthInfo(org.apache.curator.framework.AuthInfo)
ExponentialBackoffRetry(org.apache.curator.retry.ExponentialBackoffRetry)
HeliosRuntimeException(com.spotify.helios.common.HeliosRuntimeException)
ACL(org.apache.zookeeper.data.ACL)
DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)
HeliosRuntimeException(com.spotify.helios.common.HeliosRuntimeException)
ConfigurationException(io.dropwizard.configuration.ConfigurationException)
IOException(java.io.IOException)
CuratorFramework(org.apache.curator.framework.CuratorFramework)
ZooKeeperClient(com.spotify.helios.servicescommon.coordination.ZooKeeperClient)
DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)
RetryPolicy(org.apache.curator.RetryPolicy)
Example 55 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project helios by spotify.
the class ZooKeeperAclInitializerTest method testInitializeAcl.
@Test
public void testInitializeAcl() throws Exception {
// setup the initial helios tree
final ZooKeeperClient zkClient = new DefaultZooKeeperClient(zk.curatorWithSuperAuth());
zkClient.ensurePath(Paths.configId(CLUSTER_ID));
new MasterZooKeeperRegistrar("helios-master").tryToRegister(zkClient);
// to start with, nothing should have permissions
for (final String path : zkClient.listRecursive("/")) {
assertEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, zkClient.getAcl(path));
}
// initialize ACL's
ZooKeeperAclInitializer.initializeAcl(zk.connectString(), CLUSTER_ID, MASTER_USER, MASTER_PASSWORD, AGENT_USER, AGENT_PASSWORD);
for (final String path : zkClient.listRecursive("/")) {
final List<ACL> expected = aclProvider.getAclForPath(path);
final List<ACL> actual = zkClient.getAcl(path);
assertEquals(expected.size(), actual.size());
assertTrue(expected.containsAll(actual));
}
}
Also used :
ZooKeeperClient(com.spotify.helios.servicescommon.coordination.ZooKeeperClient)
DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)
MasterZooKeeperRegistrar(com.spotify.helios.master.MasterZooKeeperRegistrar)
ACL(org.apache.zookeeper.data.ACL)
DefaultZooKeeperClient(com.spotify.helios.servicescommon.coordination.DefaultZooKeeperClient)
Test(org.junit.Test)
Aggregations
ACL (org.apache.zookeeper.data.ACL)215
Id (org.apache.zookeeper.data.Id)85
ArrayList (java.util.ArrayList)61
Test (org.junit.Test)56
Stat (org.apache.zookeeper.data.Stat)45
KeeperException (org.apache.zookeeper.KeeperException)35
Test (org.testng.annotations.Test)32
CuratorFramework (org.apache.curator.framework.CuratorFramework)20
Test (org.junit.jupiter.api.Test)18
Configuration (org.apache.hadoop.conf.Configuration)17
ZooKeeper (org.apache.zookeeper.ZooKeeper)16
ACLProvider (org.apache.curator.framework.api.ACLProvider)15
List (java.util.List)11
IOException (java.io.IOException)10
CountDownLatch (java.util.concurrent.CountDownLatch)9
ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)8
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)7
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
HashMap (java.util.HashMap)6
CreateMode (org.apache.zookeeper.CreateMode)6
