use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ZooInspectorManagerImpl method getACLs.
/*
* (non-Javadoc)
*
* @see
* org.apache.zookeeper.inspector.manager.ZooInspectorReadOnlyManager#getACLs
* (java.lang.String)
*/
public List<Map<String, String>> getACLs(String nodePath) {
List<Map<String, String>> returnACLs = new ArrayList<Map<String, String>>();
if (connected) {
try {
if (nodePath.length() == 0) {
nodePath = "/";
}
Stat s = zooKeeper.exists(nodePath, false);
if (s != null) {
List<ACL> acls = zooKeeper.getACL(nodePath, s);
for (ACL acl : acls) {
Map<String, String> aclMap = new LinkedHashMap<String, String>();
aclMap.put(ACL_SCHEME, acl.getId().getScheme());
aclMap.put(ACL_ID, acl.getId().getId());
StringBuilder sb = new StringBuilder();
int perms = acl.getPerms();
boolean addedPerm = false;
if ((perms & Perms.READ) == Perms.READ) {
sb.append("Read");
addedPerm = true;
}
if (addedPerm) {
sb.append(", ");
}
if ((perms & Perms.WRITE) == Perms.WRITE) {
sb.append("Write");
addedPerm = true;
}
if (addedPerm) {
sb.append(", ");
}
if ((perms & Perms.CREATE) == Perms.CREATE) {
sb.append("Create");
addedPerm = true;
}
if (addedPerm) {
sb.append(", ");
}
if ((perms & Perms.DELETE) == Perms.DELETE) {
sb.append("Delete");
addedPerm = true;
}
if (addedPerm) {
sb.append(", ");
}
if ((perms & Perms.ADMIN) == Perms.ADMIN) {
sb.append("Admin");
addedPerm = true;
}
aclMap.put(ACL_PERMS, sb.toString());
returnACLs.add(aclMap);
}
}
} catch (InterruptedException e) {
LoggerFactory.getLogger().error("Error occurred retrieving ACLs of node: " + nodePath, e);
} catch (KeeperException e) {
LoggerFactory.getLogger().error("Error occurred retrieving ACLs of node: " + nodePath, e);
}
}
return returnACLs;
}
use of org.apache.zookeeper.data.ACL in project hbase by apache.
the class TestZooKeeperACL method testHBaseMasterServerZNodeACL.
/**
* When authentication is enabled on ZooKeeper, /hbase/master should be
* created with 2 ACLs: one specifies that the hbase user has full access
* to the node; the other, that it is world-readable.
*/
@Test(timeout = 30000)
public void testHBaseMasterServerZNodeACL() throws Exception {
if (!secureZKAvailable) {
return;
}
List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/hbase/master", new Stat());
assertEquals(acls.size(), 2);
boolean foundWorldReadableAcl = false;
boolean foundHBaseOwnerAcl = false;
for (int i = 0; i < 2; i++) {
if (acls.get(i).getId().getScheme().equals("world") == true) {
assertEquals(acls.get(0).getId().getId(), "anyone");
assertEquals(acls.get(0).getPerms(), ZooDefs.Perms.READ);
foundWorldReadableAcl = true;
} else {
if (acls.get(i).getId().getScheme().equals("sasl") == true) {
assertEquals(acls.get(1).getId().getId(), "hbase");
assertEquals(acls.get(1).getId().getScheme(), "sasl");
foundHBaseOwnerAcl = true;
} else {
// error: should not get here: test fails.
assertTrue(false);
}
}
}
assertTrue(foundWorldReadableAcl);
assertTrue(foundHBaseOwnerAcl);
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ReferenceCountedACLCache method serialize.
public synchronized void serialize(OutputArchive oa) throws IOException {
oa.writeInt(longKeyMap.size(), "map");
Set<Map.Entry<Long, List<ACL>>> set = longKeyMap.entrySet();
for (Map.Entry<Long, List<ACL>> val : set) {
oa.writeLong(val.getKey(), "long");
List<ACL> aclList = val.getValue();
oa.startVector(aclList, "acls");
for (ACL acl : aclList) {
acl.serialize(oa, "acl");
}
oa.endVector(aclList, "acls");
}
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class ReferenceCountedACLCache method deserialize.
public synchronized void deserialize(InputArchive ia) throws IOException {
clear();
int i = ia.readInt("map");
while (i > 0) {
Long val = ia.readLong("long");
if (aclIndex < val) {
aclIndex = val;
}
List<ACL> aclList = new ArrayList<ACL>();
Index j = ia.startVector("acls");
while (!j.done()) {
ACL acl = new ACL();
acl.deserialize(ia, "acl");
aclList.add(acl);
j.incr();
}
longKeyMap.put(val, aclList);
aclKeyMap.put(aclList, val);
referenceCounter.put(val, new AtomicLongWithEquals(0));
i--;
}
}
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class SaslAuthDesignatedClientTest method testReadAccessUser.
@Test
public void testReadAccessUser() throws Exception {
System.setProperty("zookeeper.letAnySaslUserDoX", "anyone");
ZooKeeper zk = createClient();
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(Perms.ADMIN | Perms.CREATE | Perms.WRITE | Perms.DELETE, new Id("sasl", "fakeuser"));
ACL acl1 = new ACL(Perms.READ, new Id("sasl", "anyone"));
aclList.add(acl);
aclList.add(acl1);
try {
zk.create("/abc", "testData".getBytes(), aclList, CreateMode.PERSISTENT);
} catch (KeeperException e) {
Assert.fail("Unable to create znode");
}
zk.close();
Thread.sleep(100);
// try to access it with different user (myuser)
zk = createClient();
try {
zk.setData("/abc", "testData1".getBytes(), -1);
Assert.fail("Should not be able to set data");
} catch (KeeperException.NoAuthException e) {
// success
}
try {
byte[] bytedata = zk.getData("/abc", null, null);
String data = new String(bytedata);
Assert.assertTrue("testData".equals(data));
} catch (KeeperException e) {
Assert.fail("failed to get data");
}
zk.close();
Thread.sleep(100);
// disable Client Sasl
System.setProperty(ZKClientConfig.ENABLE_CLIENT_SASL_KEY, "false");
try {
zk = createClient();
try {
zk.getData("/abc", null, null);
Assert.fail("Should not be able to read data when not authenticated");
} catch (KeeperException.NoAuthException e) {
// success
}
zk.close();
} finally {
// enable Client Sasl
System.setProperty(ZKClientConfig.ENABLE_CLIENT_SASL_KEY, "true");
}
}
Aggregations