Examples with ZKLocksService org.apache.oozie.service.ZKLocksService used on opensource projects

Search in sources :

Example 1 with ZKLocksService

use of org.apache.oozie.service.ZKLocksService in project oozie by apache.

the class TestZKUtilsWithSecurity method testNewUsingACLs.

public void testNewUsingACLs() throws Exception {
    // We want to verify the ACLs on new locks and the service discovery; ZKUtils does the service discovery and starting
    // ZKLocksService will use ZKUtils which will start advertising on the service discovery.  We can also acquire a lock so
    // it will create a lock znode.
    ZKLocksService zkls = new ZKLocksService();
    try {
        Services.get().getConf().set("oozie.zookeeper.secure", "true");
        // Verify that the znodes don't already exist
        assertNull(getClient().getZookeeperClient().getZooKeeper().exists("/oozie", null));
        assertNull(getClient().checkExists().forPath("/locks"));
        assertNull(getClient().checkExists().forPath("/services"));
        // Check that new znodes will use the ACLs
        zkls.init(Services.get());
        LockToken lock = zkls.getWriteLock("foo", 3);
        lock.release();
        List<ACL> acls = getClient().getZookeeperClient().getZooKeeper().getACL("/oozie", new Stat());
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks/foo");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers/" + ZK_ID);
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
    } finally {
        zkls.destroy();
        Services.get().getConf().set("oozie.zookeeper.secure", "false");
    }
}
Also used : Stat(org.apache.zookeeper.data.Stat) LockToken(org.apache.oozie.lock.LockToken) ZKLocksService(org.apache.oozie.service.ZKLocksService) ACL(org.apache.zookeeper.data.ACL)

Example 2 with ZKLocksService

use of org.apache.oozie.service.ZKLocksService in project oozie by apache.

the class TestZKUtilsWithSecurity method testCheckAndSetACLs.

public void testCheckAndSetACLs() throws Exception {
    // We want to verify the ACLs on locks and the service discovery; ZKUtils does the service discovery and starting
    // ZKLocksService will use ZKUtils which will start advertising on the service discovery.  We can also acquire a lock so
    // it will create a lock znode.
    ZKLocksService zkls = new ZKLocksService();
    try {
        zkls.init(Services.get());
        LockToken lock = zkls.getWriteLock("foo", 3);
        lock.release();
        List<ACL> acls = getClient().getZookeeperClient().getZooKeeper().getACL("/oozie", new Stat());
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks/foo");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers/" + ZK_ID);
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("world", acls.get(0).getId().getScheme());
        assertEquals("anyone", acls.get(0).getId().getId());
    } finally {
        // unregistering all users of ZKUtils (i.e. ZKLocksService) will cause it to disconnect so when we set
        // "oozie.zookeeper.secure" to true, it will again connect but using SASL/Kerberos
        zkls.destroy();
    }
    // Verify that the expected paths created above still exist with the "world" ACLs
    List<ACL> acls = getClient().getZookeeperClient().getZooKeeper().getACL("/oozie", new Stat());
    assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
    assertEquals("world", acls.get(0).getId().getScheme());
    assertEquals("anyone", acls.get(0).getId().getId());
    acls = getClient().getACL().forPath("/locks");
    assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
    assertEquals("world", acls.get(0).getId().getScheme());
    assertEquals("anyone", acls.get(0).getId().getId());
    acls = getClient().getACL().forPath("/locks/foo");
    assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
    assertEquals("world", acls.get(0).getId().getScheme());
    assertEquals("anyone", acls.get(0).getId().getId());
    acls = getClient().getACL().forPath("/services");
    assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
    assertEquals("world", acls.get(0).getId().getScheme());
    assertEquals("anyone", acls.get(0).getId().getId());
    acls = getClient().getACL().forPath("/services/servers");
    assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
    assertEquals("world", acls.get(0).getId().getScheme());
    assertEquals("anyone", acls.get(0).getId().getId());
    zkls = new ZKLocksService();
    try {
        Services.get().getConf().set("oozie.zookeeper.secure", "true");
        // Now that security is enabled, it will trigger the checkAndSetACLs() code to go through and set all of the previously
        // created znodes to have "sasl" ACLs
        zkls.init(Services.get());
        acls = getClient().getZookeeperClient().getZooKeeper().getACL("/oozie", new Stat());
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/locks/foo");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers");
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
        acls = getClient().getACL().forPath("/services/servers/" + ZK_ID);
        assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());
        assertEquals("sasl", acls.get(0).getId().getScheme());
        assertEquals(PRIMARY_PRINCIPAL, acls.get(0).getId().getId());
    } finally {
        zkls.destroy();
        Services.get().getConf().set("oozie.zookeeper.secure", "false");
    }
}
Also used : Stat(org.apache.zookeeper.data.Stat) LockToken(org.apache.oozie.lock.LockToken) ZKLocksService(org.apache.oozie.service.ZKLocksService) ACL(org.apache.zookeeper.data.ACL)

Aggregations

LockToken (org.apache.oozie.lock.LockToken)2 ZKLocksService (org.apache.oozie.service.ZKLocksService)2 ACL (org.apache.zookeeper.data.ACL)2 Stat (org.apache.zookeeper.data.Stat)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial