Example 81 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class SaslAuthTest method testValidSaslIds.
@Test
public void testValidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> validIds = new ArrayList<String>();
validIds.add("user");
validIds.add("service/host.name.com");
validIds.add("user@KERB.REALM");
validIds.add("service/host.name.com@KERB.REALM");
int i = 0;
for (String validId : validIds) {
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(0, new Id("sasl", validId));
aclList.add(acl);
zk.create("/valid" + i, null, aclList, CreateMode.PERSISTENT);
i++;
}
}Example 82 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ZooKeeperTest method testDeleteRecursiveFail.
@Test
public void testDeleteRecursiveFail() throws IOException, InterruptedException, KeeperException {
final ZooKeeper zk = createClient();
setupDataTree(zk);
ACL deleteProtection = new ACL(ZooDefs.Perms.DELETE, new Id("digest", "user:tl+z3z0vO6PfPfEENfLF96E6pM0="));
List<ACL> acls = Arrays.asList(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE), deleteProtection);
// poison the well
zk.create("/a/c/0/surprise", "".getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
assertEquals(1, zk.getACL("/a/c/0", new Stat()).size());
zk.setACL("/a/c/0", acls, -1);
assertEquals(2, zk.getACL("/a/c/0", new Stat()).size());
assertFalse(ZKUtil.deleteRecursive(zk, "/a/c", 1000));
List<String> children = zk.getChildren("/a", false);
assertEquals(2, children.size(), "2 children - c should fail to be deleted ");
assertTrue(children.contains("b"));
assertTrue(ZKUtil.deleteRecursive(zk, "/a/b", 1000));
children = zk.getChildren("/a", false);
assertEquals(1, children.size(), "1 children - b should be deleted ");
// acquire immunity to poison
zk.addAuthInfo(deleteProtection.getId().getScheme(), "user:test".getBytes());
assertTrue(ZKUtil.deleteRecursive(zk, "/a", 1000));
assertNull(zk.exists("/a", null));
}Example 83 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ZooKeeperTest method testInsufficientPermission.
@Test
public void testInsufficientPermission() throws Exception {
final ZooKeeper zk = createClient();
zk.create("/permZNode", "".getBytes(), Ids.READ_ACL_UNSAFE, CreateMode.PERSISTENT);
ZooKeeperMain zkMain = new ZooKeeperMain(zk);
String zNodeToBeCreated = "/permZNode/child1";
String errorMessage = executeLine(zkMain, "create " + zNodeToBeCreated);
assertEquals("Insufficient permission : " + zNodeToBeCreated, errorMessage);
// Test Get command error message when there is not read access
List<ACL> writeAcl = Arrays.asList(new ACL(ZooDefs.Perms.WRITE, Ids.ANYONE_ID_UNSAFE));
String noReadPermZNodePath = "/noReadPermZNode";
zk.create(noReadPermZNodePath, "newData".getBytes(), writeAcl, CreateMode.PERSISTENT);
errorMessage = executeLine(zkMain, "get " + noReadPermZNodePath);
assertEquals("Insufficient permission : " + noReadPermZNodePath, errorMessage);
}Example 84 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ZooKeeperServer method checkACL.
/**
* Grant or deny authorization to an operation on a node as a function of:
* @param cnxn : the server connection
* @param acl : set of ACLs for the node
* @param perm : the permission that the client is requesting
* @param ids : the credentials supplied by the client
* @param path : the ZNode path
* @param setAcls : for set ACL operations, the list of ACLs being set. Otherwise null.
*/
public void checkACL(ServerCnxn cnxn, List<ACL> acl, int perm, List<Id> ids, String path, List<ACL> setAcls) throws KeeperException.NoAuthException {
if (skipACL) {
return;
}
LOG.debug("Permission requested: {} ", perm);
LOG.debug("ACLs for node: {}", acl);
LOG.debug("Client credentials: {}", ids);
if (acl == null || acl.size() == 0) {
return;
}
for (Id authId : ids) {
if (authId.getScheme().equals("super")) {
return;
}
}
for (ACL a : acl) {
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
return;
}
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap != null) {
for (Id authId : ids) {
if (authId.getScheme().equals(id.getScheme()) && ap.matches(new ServerAuthenticationProvider.ServerObjs(this, cnxn), new ServerAuthenticationProvider.MatchValues(path, authId.getId(), id.getId(), perm, setAcls))) {
return;
}
}
}
}
}
throw new KeeperException.NoAuthException();
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
ServerAuthenticationProvider(org.apache.zookeeper.server.auth.ServerAuthenticationProvider)
Example 85 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ZooKeeperServer method effectiveACLPath.
private String effectiveACLPath(Request request) throws KeeperException.BadArgumentsException, KeeperException.InvalidACLException {
boolean mustCheckACL = false;
String path = null;
List<ACL> acl = null;
switch(request.type) {
case OpCode.create:
case OpCode.create2:
{
CreateRequest req = new CreateRequest();
if (buffer2Record(request.request, req)) {
mustCheckACL = true;
acl = req.getAcl();
path = parentPath(req.getPath());
}
break;
}
case OpCode.delete:
{
DeleteRequest req = new DeleteRequest();
if (buffer2Record(request.request, req)) {
path = parentPath(req.getPath());
}
break;
}
case OpCode.setData:
{
SetDataRequest req = new SetDataRequest();
if (buffer2Record(request.request, req)) {
path = req.getPath();
}
break;
}
case OpCode.setACL:
{
SetACLRequest req = new SetACLRequest();
if (buffer2Record(request.request, req)) {
mustCheckACL = true;
acl = req.getAcl();
path = req.getPath();
}
break;
}
}
if (mustCheckACL) {
/* we ignore the extrapolated ACL returned by fixupACL because
* we only care about it being well-formed (and if it isn't, an
* exception will be raised).
*/
PrepRequestProcessor.fixupACL(path, request.authInfo, acl);
}
return path;
}
Also used :
CreateRequest(org.apache.zookeeper.proto.CreateRequest)
SetACLRequest(org.apache.zookeeper.proto.SetACLRequest)
ACL(org.apache.zookeeper.data.ACL)
SetDataRequest(org.apache.zookeeper.proto.SetDataRequest)
DeleteRequest(org.apache.zookeeper.proto.DeleteRequest)
Aggregations
ACL (org.apache.zookeeper.data.ACL)215
Id (org.apache.zookeeper.data.Id)85
ArrayList (java.util.ArrayList)61
Test (org.junit.Test)56
Stat (org.apache.zookeeper.data.Stat)45
KeeperException (org.apache.zookeeper.KeeperException)35
Test (org.testng.annotations.Test)32
CuratorFramework (org.apache.curator.framework.CuratorFramework)20
Test (org.junit.jupiter.api.Test)18
Configuration (org.apache.hadoop.conf.Configuration)17
ZooKeeper (org.apache.zookeeper.ZooKeeper)16
ACLProvider (org.apache.curator.framework.api.ACLProvider)15
List (java.util.List)11
IOException (java.io.IOException)10
CountDownLatch (java.util.concurrent.CountDownLatch)9
ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)8
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)7
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
HashMap (java.util.HashMap)6
CreateMode (org.apache.zookeeper.CreateMode)6
