use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class PrepRequestProcessor method removeDuplicates.
private List<ACL> removeDuplicates(List<ACL> acl) {
ArrayList<ACL> retval = new ArrayList<ACL>();
Iterator<ACL> it = acl.iterator();
while (it.hasNext()) {
ACL a = it.next();
if (retval.contains(a) == false) {
retval.add(a);
}
}
return retval;
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ReferenceCountedACLCacheTest method createACL.
private List<ACL> createACL(String id) {
List<ACL> acl1 = new ArrayList<ACL>();
acl1.add(new ACL(ZooDefs.Perms.ADMIN, new Id("scheme", id)));
return acl1;
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ReferenceCountedACLCacheTest method testSerializeDeserialize.
@Test
public void testSerializeDeserialize() throws IOException {
ReferenceCountedACLCache cache = new ReferenceCountedACLCache();
List<ACL> acl1 = createACL("one");
List<ACL> acl2 = createACL("two");
List<ACL> acl3 = createACL("three");
List<ACL> acl4 = createACL("four");
List<ACL> acl5 = createACL("five");
Long aclId1 = convertACLsNTimes(cache, acl1, 1);
Long aclId2 = convertACLsNTimes(cache, acl2, 2);
Long aclId3 = convertACLsNTimes(cache, acl3, 3);
Long aclId4 = convertACLsNTimes(cache, acl4, 4);
Long aclId5 = convertACLsNTimes(cache, acl5, 5);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
BinaryOutputArchive archive = BinaryOutputArchive.getArchive(baos);
cache.serialize(archive);
BinaryInputArchive inArchive = BinaryInputArchive.getArchive(new ByteArrayInputStream(baos.toByteArray()));
ReferenceCountedACLCache deserializedCache = new ReferenceCountedACLCache();
deserializedCache.deserialize(inArchive);
callAddUsageNTimes(deserializedCache, aclId1, 1);
callAddUsageNTimes(deserializedCache, aclId2, 2);
callAddUsageNTimes(deserializedCache, aclId3, 3);
callAddUsageNTimes(deserializedCache, aclId4, 4);
callAddUsageNTimes(deserializedCache, aclId5, 5);
assertCachesEqual(cache, deserializedCache);
}
use of org.apache.zookeeper.data.ACL in project hive by apache.
the class TestZooKeeperTokenStore method testAclPositive.
public void testAclPositive() throws Exception {
String ZK_PATH = "/zktokenstore-testAcl";
Configuration conf = createConf(ZK_PATH);
conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL, "ip:127.0.0.1:cdrwa,world:anyone:cdrwa");
ts = new ZooKeeperTokenStore();
ts.setConf(conf);
ts.init(null, ServerMode.METASTORE);
List<ACL> acl = zkClient.getACL().forPath(ZK_PATH + ServerMode.METASTORE);
assertEquals(2, acl.size());
}
use of org.apache.zookeeper.data.ACL in project hive by apache.
the class LlapZookeeperRegistryImpl method checkAndSetAcls.
private void checkAndSetAcls() throws Exception {
if (!UserGroupInformation.isSecurityEnabled())
return;
// We are trying to check ACLs on the "workers" directory, which noone except us should be
// able to write to. Higher-level directories shouldn't matter - we don't read them.
String pathToCheck = workersPath;
List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
if (acls == null || acls.isEmpty()) {
// Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
LOG.warn("No ACLs on " + pathToCheck + "; setting up ACLs. " + DISABLE_MESSAGE);
setUpAcls(pathToCheck);
return;
}
// This could be brittle.
assert userNameFromPrincipal != null;
Id currentUser = new Id("sasl", userNameFromPrincipal);
for (ACL acl : acls) {
if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
// Read permission/no permissions, or the expected user.
continue;
}
LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck + "; setting up ACLs. " + DISABLE_MESSAGE);
setUpAcls(pathToCheck);
return;
}
}
Aggregations