Example 31 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method shouldThrowExceptionForInvalidAclString.
@Test(expectedExceptions = IllegalArgumentException.class)
public void shouldThrowExceptionForInvalidAclString() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl("randomAcl");
fail("Should have thrown exception for null ACL string");
}Example 32 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method shouldReturnDefaultAclIfNullOrEmpty.
@Test
public void shouldReturnDefaultAclIfNullOrEmpty() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl(null, ZooDefs.Ids.OPEN_ACL_UNSAFE.get(0));
assertEquals(acl, ZooDefs.Ids.OPEN_ACL_UNSAFE.get(0));
}Example 33 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method idsWithColonsAreValid.
@Test
public void idsWithColonsAreValid() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl("auth:user:password");
assertEquals(acl.getId().getScheme(), "auth");
assertEquals(acl.getId().getId(), "user:password");
}Example 34 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method shouldGetAcl.
@Test
public void shouldGetAcl() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl("sasl:myclient@EXAMPLE.COM");
assertEquals(acl.getId().getScheme(), "sasl");
assertEquals(acl.getId().getId(), "myclient@EXAMPLE.COM");
assertEquals(acl.getPerms(), ZooDefs.Perms.ALL);
}Example 35 with ACL
use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project knox by apache.
the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLCreateNodes.
@Test
public void testZooKeeperConfigMonitorSASLCreateNodes() throws Exception {
final String configMonitorName = "zkConfigClient";
final String alias = "zkPass";
// Setup the base GatewayConfig mock
GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
EasyMock.replay(gc);
AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
EasyMock.replay(aliasService);
RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
clientService.setAliasService(aliasService);
clientService.init(gc, Collections.emptyMap());
clientService.start();
RemoteConfigurationMonitorFactory.setClientService(clientService);
RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
// Check that the config nodes really don't yet exist (the monitor will create them if they're not present)
assertNull(client.checkExists().forPath(PATH_KNOX));
assertNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
assertNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
assertNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
try {
cm.start();
// Test auth violation
clientService.get(configMonitorName).createEntry("/auth_test/child_node/test1");
assertNull("Creation should have been prevented since write access is not granted to the test client.", client.checkExists().forPath("/auth_test/child_node/test1"));
assertTrue("Creation should have been prevented since write access is not granted to the test client.", client.getChildren().forPath("/auth_test/child_node").isEmpty());
// Validate the expected ACLs on the Knox config znodes (make sure the monitor created them correctly)
List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
// Test the Knox config nodes, for which authentication should be sufficient for access
final String pc_one_znode = getProviderPath("providers-config1.xml");
final File pc_one = new File(providersDir, "providers-config1.xml");
final String pc_two_znode = getProviderPath("providers-config2.xml");
final File pc_two = new File(providersDir, "providers-config2.xml");
client.create().withMode(CreateMode.PERSISTENT).forPath(pc_one_znode, TEST_PROVIDERS_CONFIG_1.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(pc_one.exists());
assertEquals(TEST_PROVIDERS_CONFIG_1, FileUtils.readFileToString(pc_one, StandardCharsets.UTF_8));
client.create().withMode(CreateMode.PERSISTENT).forPath(getProviderPath("providers-config2.xml"), TEST_PROVIDERS_CONFIG_2.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(pc_two.exists());
assertEquals(TEST_PROVIDERS_CONFIG_2, FileUtils.readFileToString(pc_two, StandardCharsets.UTF_8));
client.setData().forPath(pc_two_znode, TEST_PROVIDERS_CONFIG_1.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(pc_two.exists());
assertEquals(TEST_PROVIDERS_CONFIG_1, FileUtils.readFileToString(pc_two, StandardCharsets.UTF_8));
client.delete().forPath(pc_two_znode);
Thread.sleep(100);
assertFalse(pc_two.exists());
client.delete().forPath(pc_one_znode);
Thread.sleep(100);
assertFalse(pc_one.exists());
final String desc_one_znode = getDescriptorPath("test1.json");
final String desc_two_znode = getDescriptorPath("test2.json");
final String desc_three_znode = getDescriptorPath("test3.json");
final File desc_one = new File(descriptorsDir, "test1.json");
final File desc_two = new File(descriptorsDir, "test2.json");
final File desc_three = new File(descriptorsDir, "test3.json");
client.create().withMode(CreateMode.PERSISTENT).forPath(desc_one_znode, TEST_DESCRIPTOR_1.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(desc_one.exists());
assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_one, StandardCharsets.UTF_8));
client.create().withMode(CreateMode.PERSISTENT).forPath(desc_two_znode, TEST_DESCRIPTOR_1.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(desc_two.exists());
assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_two, StandardCharsets.UTF_8));
client.setData().forPath(desc_two_znode, TEST_DESCRIPTOR_2.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(desc_two.exists());
assertEquals(TEST_DESCRIPTOR_2, FileUtils.readFileToString(desc_two, StandardCharsets.UTF_8));
client.create().withMode(CreateMode.PERSISTENT).forPath(desc_three_znode, TEST_DESCRIPTOR_1.getBytes(StandardCharsets.UTF_8));
Thread.sleep(100);
assertTrue(desc_three.exists());
assertEquals(TEST_DESCRIPTOR_1, FileUtils.readFileToString(desc_three, StandardCharsets.UTF_8));
client.delete().forPath(desc_two_znode);
Thread.sleep(100);
assertFalse("Expected test2.json to have been deleted.", desc_two.exists());
client.delete().forPath(desc_three_znode);
Thread.sleep(100);
assertFalse(desc_three.exists());
client.delete().forPath(desc_one_znode);
Thread.sleep(100);
assertFalse(desc_one.exists());
} finally {
clientService.stop();
cm.stop();
}
}
Also used :
AliasService(org.apache.knox.gateway.services.security.AliasService)
ZooKeeperClientServiceProvider(org.apache.knox.gateway.service.config.remote.zk.ZooKeeperClientServiceProvider)
RemoteConfigurationRegistryClientService(org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)
ACL(org.apache.zookeeper.data.ACL)
File(java.io.File)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
Test(org.junit.Test)
Aggregations
ACL (org.apache.zookeeper.data.ACL)215
Id (org.apache.zookeeper.data.Id)85
ArrayList (java.util.ArrayList)61
Test (org.junit.Test)56
Stat (org.apache.zookeeper.data.Stat)45
KeeperException (org.apache.zookeeper.KeeperException)35
Test (org.testng.annotations.Test)32
CuratorFramework (org.apache.curator.framework.CuratorFramework)20
Test (org.junit.jupiter.api.Test)18
Configuration (org.apache.hadoop.conf.Configuration)17
ZooKeeper (org.apache.zookeeper.ZooKeeper)16
ACLProvider (org.apache.curator.framework.api.ACLProvider)15
List (java.util.List)11
IOException (java.io.IOException)10
CountDownLatch (java.util.concurrent.CountDownLatch)9
ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)8
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)7
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
HashMap (java.util.HashMap)6
CreateMode (org.apache.zookeeper.CreateMode)6
