use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ACLTest method testNullValueACL.
@Test
public void testNullValueACL() throws Exception {
File tmpDir = ClientBase.createTmpDir();
ClientBase.setupTestEnv();
ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
ZooKeeper zk = ClientBase.createZKClient(HOSTPORT);
try {
List<ACL> acls = new ArrayList<ACL>();
acls.add(null);
// case 1 : null value in ACL list with create
try {
zk.create("/foo", "foo".getBytes(), acls, CreateMode.PERSISTENT);
Assert.fail("Expected InvalidACLException for null value in ACL List");
} catch (InvalidACLException e) {
// Expected. Do nothing
}
// case 2 : null value in ACL list with other create API
try {
zk.create("/foo", "foo".getBytes(), acls, CreateMode.PERSISTENT, null);
Assert.fail("Expected InvalidACLException for null value in ACL List");
} catch (InvalidACLException e) {
// Expected. Do nothing
}
// case 3 : null value in ACL list with setACL
try {
zk.setACL("/foo", acls, -1);
Assert.fail("Expected InvalidACLException for null value in ACL List");
} catch (InvalidACLException e) {
// Expected. Do nothing
}
} finally {
zk.close();
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, ClientBase.CONNECTION_TIMEOUT));
}
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ACLTest method testAcls.
/**
* Verify that acl optimization of storing just
* a few acls and there references in the data
* node is actually working.
*/
@Test
public void testAcls() throws Exception {
File tmpDir = ClientBase.createTmpDir();
ClientBase.setupTestEnv();
ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
SyncRequestProcessor.setSnapCount(1000);
final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
ZooKeeper zk;
String path;
try {
LOG.info("starting up the zookeeper server .. waiting");
Assert.assertTrue("waiting for server being up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
LOG.info("starting creating acls");
for (int i = 0; i < 100; i++) {
path = "/" + i;
zk.create(path, path.getBytes(), Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
}
int size = zks.getZKDatabase().getAclSize();
Assert.assertTrue("size of the acl map ", (2 == zks.getZKDatabase().getAclSize()));
for (int j = 100; j < 200; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
List<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("size of the acl map ", (102 == zks.getZKDatabase().getAclSize()));
} finally {
// now shutdown the server and restart it
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, CONNECTION_TIMEOUT));
}
zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
f = ServerCnxnFactory.createFactory(PORT, -1);
f.startup(zks);
try {
Assert.assertTrue("waiting for server up", ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
zk = ClientBase.createZKClient(HOSTPORT);
Assert.assertTrue("acl map ", (102 == zks.getZKDatabase().getAclSize()));
for (int j = 200; j < 205; j++) {
path = "/" + j;
ACL acl = new ACL();
acl.setPerms(0);
Id id = new Id();
id.setId("1.1.1." + j);
id.setScheme("ip");
acl.setId(id);
ArrayList<ACL> list = new ArrayList<ACL>();
list.add(acl);
zk.create(path, path.getBytes(), list, CreateMode.PERSISTENT);
}
Assert.assertTrue("acl map ", (107 == zks.getZKDatabase().getAclSize()));
zk.close();
} finally {
f.shutdown();
zks.shutdown();
Assert.assertTrue("waiting for server down", ClientBase.waitForServerDown(HOSTPORT, ClientBase.CONNECTION_TIMEOUT));
}
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ReconfigExceptionTest method testReconfigEnabledWithAuthAndWrongACL.
@Test(timeout = 10000)
public void testReconfigEnabledWithAuthAndWrongACL() throws InterruptedException {
resetZKAdmin();
try {
zkAdmin.addAuthInfo("digest", "super:test".getBytes());
// There is ACL however the permission is wrong - need WRITE permission at leaste.
ArrayList<ACL> acls = new ArrayList<ACL>(Collections.singletonList(new ACL(ZooDefs.Perms.READ, new Id("digest", "user:tl+z3z0vO6PfPfEENfLF96E6pM0="))));
zkAdmin.setACL(ZooDefs.CONFIG_NODE, acls, -1);
resetZKAdmin();
zkAdmin.addAuthInfo("digest", "user:test".getBytes());
reconfigPort();
Assert.fail("Reconfig should fail with an ACL that is read only!");
} catch (KeeperException e) {
Assert.assertTrue(e.code() == KeeperException.Code.NOAUTH);
}
}
use of org.apache.zookeeper.data.ACL in project hive by apache.
the class ZooKeeperTokenStore method parseACLs.
/**
* Parse comma separated list of ACL entries to secure generated nodes, e.g.
* <code>sasl:hive/host1@MY.DOMAIN:cdrwa,sasl:hive/host2@MY.DOMAIN:cdrwa</code>
* @param aclString
* @return ACL list
*/
public static List<ACL> parseACLs(String aclString) {
String[] aclComps = StringUtils.splitByWholeSeparator(aclString, ",");
List<ACL> acl = new ArrayList<ACL>(aclComps.length);
for (String a : aclComps) {
if (StringUtils.isBlank(a)) {
continue;
}
a = a.trim();
// from ZooKeeperMain private method
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
LOGGER.error(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ClientTest method testACLs.
@Test
public void testACLs() throws Exception {
ZooKeeper zk = null;
try {
zk = createClient();
try {
zk.create("/acltest", new byte[0], Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT);
Assert.fail("Should have received an invalid acl error");
} catch (InvalidACLException e) {
LOG.info("Test successful, invalid acl received : " + e.getMessage());
}
try {
ArrayList<ACL> testACL = new ArrayList<ACL>();
testACL.add(new ACL(Perms.ALL | Perms.ADMIN, Ids.AUTH_IDS));
testACL.add(new ACL(Perms.ALL | Perms.ADMIN, new Id("ip", "127.0.0.1/8")));
zk.create("/acltest", new byte[0], testACL, CreateMode.PERSISTENT);
Assert.fail("Should have received an invalid acl error");
} catch (InvalidACLException e) {
LOG.info("Test successful, invalid acl received : " + e.getMessage());
}
try {
ArrayList<ACL> testACL = new ArrayList<ACL>();
testACL.add(new ACL(Perms.ALL | Perms.ADMIN, new Id()));
zk.create("/nullidtest", new byte[0], testACL, CreateMode.PERSISTENT);
Assert.fail("Should have received an invalid acl error");
} catch (InvalidACLException e) {
LOG.info("Test successful, invalid acl received : " + e.getMessage());
}
zk.addAuthInfo("digest", "ben:passwd".getBytes());
ArrayList<ACL> testACL = new ArrayList<ACL>();
testACL.add(new ACL(Perms.ALL, new Id("auth", "")));
testACL.add(new ACL(Perms.WRITE, new Id("ip", "127.0.0.1")));
zk.create("/acltest", new byte[0], testACL, CreateMode.PERSISTENT);
zk.close();
zk = createClient();
zk.addAuthInfo("digest", "ben:passwd2".getBytes());
if (skipACL) {
try {
zk.getData("/acltest", false, null);
} catch (KeeperException e) {
Assert.fail("Badauth reads should succeed with skipACL.");
}
} else {
try {
zk.getData("/acltest", false, null);
Assert.fail("Should have received a permission error");
} catch (KeeperException e) {
Assert.assertEquals(Code.NOAUTH, e.code());
}
}
zk.addAuthInfo("digest", "ben:passwd".getBytes());
zk.getData("/acltest", false, null);
zk.setACL("/acltest", Ids.OPEN_ACL_UNSAFE, -1);
zk.close();
zk = createClient();
zk.getData("/acltest", false, null);
List<ACL> acls = zk.getACL("/acltest", new Stat());
Assert.assertEquals(1, acls.size());
Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, acls);
// The stat parameter should be optional.
acls = zk.getACL("/acltest", null);
Assert.assertEquals(1, acls.size());
Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, acls);
zk.close();
} finally {
if (zk != null) {
zk.close();
}
}
}
Aggregations