Examples with ACL org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL used on opensource projects

Example 36 with ACL

use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project knox by apache.

the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACLAllowUnauthenticatedReads.

/*
     * KNOX-1135
     */
@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACLAllowUnauthenticatedReads() throws Exception {
    final String configMonitorName = "zkConfigClient";
    final String alias = "zkPass";
    // Setup the base GatewayConfig mock
    GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
    EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
    final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
    EasyMock.expect(gc.allowUnauthenticatedRemoteRegistryReadAccess()).andReturn(true).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
    EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
    EasyMock.replay(gc);
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
    clientService.setAliasService(aliasService);
    clientService.init(gc, Collections.emptyMap());
    clientService.start();
    RemoteConfigurationMonitorFactory.setClientService(clientService);
    RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
    assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
    final ACL ANY_AUTHENTICATED_USER_ALL = new ACL(ZooDefs.Perms.ALL, new Id("auth", ""));
    List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL, new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.ANYONE_ID_UNSAFE));
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
    // Make sure both ACLs were applied
    List<ACL> preACLs = client.getACL().forPath(PATH_KNOX);
    assertEquals(2, preACLs.size());
    // Check that the config nodes really do exist (the monitor will NOT create them if they're present)
    assertNotNull(client.checkExists().forPath(PATH_KNOX));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
    try {
        cm.start();
        // Validate the expected ACLs on the Knox config znodes (make sure the monitor removed the world:anyone ACL)
        List<ACL> expectedACLs = new ArrayList<>();
        expectedACLs.add(SASL_TESTUSER_ALL);
        expectedACLs.add(WORLD_ANYONE_READ);
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
    } finally {
        clientService.stop();
        cm.stop();
    }
}

Example 37 with ACL

use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project knox by apache.

the class RemoteConfigurationMonitorTest method testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACL.

@Test
public void testZooKeeperConfigMonitorSASLNodesExistWithUnacceptableACL() throws Exception {
    final String configMonitorName = "zkConfigClient";
    final String alias = "zkPass";
    // Setup the base GatewayConfig mock
    GatewayConfig gc = EasyMock.createNiceMock(GatewayConfig.class);
    EasyMock.expect(gc.getGatewayProvidersConfigDir()).andReturn(providersDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
    EasyMock.expect(gc.getRemoteRegistryConfigurationNames()).andReturn(Collections.singletonList(configMonitorName)).anyTimes();
    final String registryConfig = GatewayConfig.REMOTE_CONFIG_REGISTRY_TYPE + "=" + ZooKeeperClientService.TYPE + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_ADDRESS + "=" + zkCluster.getConnectString() + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_PRINCIPAL + "=" + ZK_USERNAME + ";" + GatewayConfig.REMOTE_CONFIG_REGISTRY_AUTH_TYPE + "=Digest;" + GatewayConfig.REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS + "=" + alias;
    EasyMock.expect(gc.getRemoteRegistryConfiguration(configMonitorName)).andReturn(registryConfig).anyTimes();
    EasyMock.expect(gc.getRemoteConfigurationMonitorClientName()).andReturn(configMonitorName).anyTimes();
    EasyMock.replay(gc);
    AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(aliasService.getPasswordFromAliasForGateway(alias)).andReturn(ZK_PASSWORD.toCharArray()).anyTimes();
    EasyMock.replay(aliasService);
    RemoteConfigurationRegistryClientService clientService = (new ZooKeeperClientServiceProvider()).newInstance();
    clientService.setAliasService(aliasService);
    clientService.init(gc, Collections.emptyMap());
    clientService.start();
    RemoteConfigurationMonitorFactory.setClientService(clientService);
    RemoteConfigurationMonitor cm = RemoteConfigurationMonitorFactory.get(gc);
    assertNotNull("Failed to load RemoteConfigurationMonitor", cm);
    final ACL ANY_AUTHENTICATED_USER_ALL = new ACL(ZooDefs.Perms.ALL, new Id("auth", ""));
    List<ACL> acls = Arrays.asList(ANY_AUTHENTICATED_USER_ALL, new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.ANYONE_ID_UNSAFE));
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_CONFIG);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_PROVIDERS);
    client.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT).withACL(acls).forPath(PATH_KNOX_DESCRIPTORS);
    // Make sure both ACLs were applied
    List<ACL> preACLs = client.getACL().forPath(PATH_KNOX);
    assertEquals(2, preACLs.size());
    // Check that the config nodes really do exist (the monitor will NOT create them if they're present)
    assertNotNull(client.checkExists().forPath(PATH_KNOX));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_CONFIG));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_PROVIDERS));
    assertNotNull(client.checkExists().forPath(PATH_KNOX_DESCRIPTORS));
    try {
        cm.start();
        // Validate the expected ACLs on the Knox config znodes (make sure the monitor removed the world:anyone ACL)
        List<ACL> expectedACLs = Collections.singletonList(SASL_TESTUSER_ALL);
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_CONFIG));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_PROVIDERS));
        validateKnoxConfigNodeACLs(expectedACLs, client.getACL().forPath(PATH_KNOX_DESCRIPTORS));
    } finally {
        clientService.stop();
        cm.stop();
    }
}

Example 38 with ACL

use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project parseq by linkedin.

the class TestZKClient method testGetData.

@Test
public void testGetData() {
    final String path = "/testGetData";
    final byte[] data = "hello world2".getBytes();
    Task<String> create = _zkClient.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.EPHEMERAL);
    runAndWait("create", create);
    Task<ZKData> getData = _zkClient.getData(path);
    runAndWait("getData", getData);
    byte[] dataResult = getData.get().getBytes();
    Stat statResult = getData.get().getStat();
    List<ACL> acl = getData.get().getAclList();
    Assert.assertNotNull(dataResult);
    Assert.assertNotNull(statResult);
    Assert.assertEquals(dataResult, data);
    Assert.assertEquals(statResult.getVersion(), 0);
    Assert.assertEquals(statResult.getDataLength(), data.length);
    Assert.assertEquals(acl, ZooDefs.Ids.OPEN_ACL_UNSAFE);
}

Example 39 with ACL

use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project parseq by linkedin.

the class TestZKClient method testAcl.

@Test
public void testAcl() throws NoSuchAlgorithmException {
    final String path = "/testAcl";
    final byte[] data = "hello world".getBytes();
    final String scheme = "digest";
    final String authString = "test:test";
    final Id authId = new Id(scheme, DigestAuthenticationProvider.generateDigest(authString));
    final List<ACL> creatorDelete = new ArrayList<>(Collections.singletonList(new ACL(25, authId)));
    _zkClient.addAuthInfo(scheme, authString.getBytes());
    Task<String> create = _zkClient.create(path, data, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.EPHEMERAL);
    runAndWait("create", create);
    Task<ZKData> getData = _zkClient.getData(path);
    Task<Stat> setACL = getData.flatMap(results -> _zkClient.setACL(path, creatorDelete, results.getStat().getVersion()));
    runAndWait("setACL", setACL);
    // before #setACL
    Assert.assertEquals(getData.get().getAclList(), OPEN_ACL_UNSAFE);
    // after #setACL: setACL will not change the version number
    Assert.assertEquals(setACL.get().getVersion(), 0);
    getData = _zkClient.getData(path);
    runAndWait("getData", getData);
    Assert.assertEquals(getData.get().getAclList(), creatorDelete);
}

Example 40 with ACL

use of org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.data.ACL in project accumulo by apache.

the class ZooAuthenticationKeyDistributorTest method testAlreadyAdvertisedKey.

@Test
public void testAlreadyAdvertisedKey() throws Exception {
    ZooAuthenticationKeyDistributor distributor = new ZooAuthenticationKeyDistributor(zrw, baseNode);
    AuthenticationKey key = new AuthenticationKey(1, 0L, 10L, keyGen.generateKey());
    String path = baseNode + "/" + key.getKeyId();
    // Attempt to create the directory and fail
    expect(zrw.exists(baseNode)).andReturn(true);
    expect(zrw.getACL(eq(baseNode))).andReturn(Collections.singletonList(new ACL(ZooUtil.PRIVATE.get(0).getPerms(), new Id("digest", "accumulo:DEFAULT"))));
    expect(zrw.exists(path)).andReturn(true);
    replay(zrw);
    distributor.initialize();
    distributor.advertise(key);
    verify(zrw);
}