Example 76 with ACL
use of org.apache.zookeeper.data.ACL in project hbase by apache.
the class TestZKUtil method testCreateACL.
@Test
public void testCreateACL() throws ZooKeeperConnectionException, IOException {
Configuration conf = HBaseConfiguration.create();
conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
String node = "/hbase/testCreateACL";
ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false);
List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
// 3+1, since ACL will be set for the creator by default
Assert.assertEquals(aclList.size(), 4);
Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
}
Also used :
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
Test(org.junit.Test)
Example 77 with ACL
use of org.apache.zookeeper.data.ACL in project hbase by apache.
the class IntegrationTestZKAndFSPermissions method assertZnodePerms.
private void assertZnodePerms(RecoverableZooKeeper zk, String znode, boolean expectedWorldReadable) throws KeeperException, InterruptedException {
Stat stat = new Stat();
List<ACL> acls;
try {
acls = zk.getZooKeeper().getACL(znode, stat);
} catch (NoNodeException ex) {
LOG.debug("Caught exception for missing znode", ex);
// the znode is deleted. Probably it was a temporary znode (like RIT).
return;
}
String[] superUsers = superUser == null ? null : superUser.split(",");
LOG.info("Checking ACLs for znode znode:" + znode + " acls:" + acls);
for (ACL acl : acls) {
int perms = acl.getPerms();
Id id = acl.getId();
// and one for the hbase user
if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
// everyone should be set only if we are expecting this znode to be world readable
assertTrue(expectedWorldReadable);
// assert that anyone can only read
assertEquals(perms, Perms.READ);
} else if (superUsers != null && ZooKeeperWatcher.isSuperUserId(superUsers, id)) {
// assert that super user has all the permissions
assertEquals(perms, Perms.ALL);
} else if (new Id("sasl", masterPrincipal).equals(id)) {
// hbase.master.kerberos.principal?
assertEquals(perms, Perms.ALL);
} else {
fail("An ACL is found which is not expected for the znode:" + znode + " , ACL:" + acl);
}
}
}
Also used :
Stat(org.apache.zookeeper.data.Stat)
NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
Example 78 with ACL
use of org.apache.zookeeper.data.ACL in project hadoop by apache.
the class TestZKRMStateStore method testZKRootPathAcls.
/**
* Test if RM can successfully start in HA disabled mode if it was previously
* running in HA enabled mode. And then start it in HA mode after running it
* with HA disabled. NoAuth Exception should not be sent by zookeeper and RM
* should start successfully.
*/
@Test
public void testZKRootPathAcls() throws Exception {
StateChangeRequestInfo req = new StateChangeRequestInfo(HAServiceProtocol.RequestSource.REQUEST_BY_USER);
String rootPath = YarnConfiguration.DEFAULT_ZK_RM_STATE_STORE_PARENT_PATH + "/" + ZKRMStateStore.ROOT_ZNODE_NAME;
// Start RM with HA enabled
Configuration conf = createHARMConf("rm1,rm2", "rm1", 1234, false, curatorTestingServer);
ResourceManager rm = new MockRM(conf);
rm.start();
rm.getRMContext().getRMAdminService().transitionToActive(req);
List<ACL> acls = ((ZKRMStateStore) rm.getRMContext().getStateStore()).getACL(rootPath);
assertEquals(acls.size(), 2);
// CREATE and DELETE permissions for root node based on RM ID
verifyZKACL("digest", "localhost", Perms.CREATE | Perms.DELETE, acls);
verifyZKACL("world", "anyone", Perms.ALL ^ (Perms.CREATE | Perms.DELETE), acls);
rm.close();
// Now start RM with HA disabled. NoAuth Exception should not be thrown.
conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, false);
rm = new MockRM(conf);
rm.start();
rm.getRMContext().getRMAdminService().transitionToActive(req);
acls = ((ZKRMStateStore) rm.getRMContext().getStateStore()).getACL(rootPath);
assertEquals(acls.size(), 1);
verifyZKACL("world", "anyone", Perms.ALL, acls);
rm.close();
// Start RM with HA enabled.
conf.setBoolean(YarnConfiguration.RM_HA_ENABLED, true);
rm = new MockRM(conf);
rm.start();
rm.getRMContext().getRMAdminService().transitionToActive(req);
acls = ((ZKRMStateStore) rm.getRMContext().getStateStore()).getACL(rootPath);
assertEquals(acls.size(), 2);
verifyZKACL("digest", "localhost", Perms.CREATE | Perms.DELETE, acls);
verifyZKACL("world", "anyone", Perms.ALL ^ (Perms.CREATE | Perms.DELETE), acls);
rm.close();
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
StateChangeRequestInfo(org.apache.hadoop.ha.HAServiceProtocol.StateChangeRequestInfo)
MockRM(org.apache.hadoop.yarn.server.resourcemanager.MockRM)
ACL(org.apache.zookeeper.data.ACL)
ResourceManager(org.apache.hadoop.yarn.server.resourcemanager.ResourceManager)
Test(org.junit.Test)
Example 79 with ACL
use of org.apache.zookeeper.data.ACL in project storm by apache.
the class ClusterUtils method mkTopoOnlyAcls.
public static List<ACL> mkTopoOnlyAcls(Map topoConf) throws NoSuchAlgorithmException {
List<ACL> aclList = null;
String payload = (String) topoConf.get(Config.STORM_ZOOKEEPER_TOPOLOGY_AUTH_PAYLOAD);
if (Utils.isZkAuthenticationConfiguredTopology(topoConf)) {
aclList = new ArrayList<>();
ACL acl1 = ZooDefs.Ids.CREATOR_ALL_ACL.get(0);
aclList.add(acl1);
ACL acl2 = new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(payload)));
aclList.add(acl2);
}
return aclList;
}Example 80 with ACL
use of org.apache.zookeeper.data.ACL in project storm by apache.
the class AdminCommands method adminZkAcls.
// we might think of moving this method in Utils class
private static List<ACL> adminZkAcls() {
final List<ACL> acls = new ArrayList<>();
acls.add(ZooDefs.Ids.CREATOR_ALL_ACL.get(0));
acls.add(new ACL((ZooDefs.Perms.READ ^ ZooDefs.Perms.CREATE), ZooDefs.Ids.ANYONE_ID_UNSAFE));
return acls;
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
Aggregations
ACL (org.apache.zookeeper.data.ACL)108
Id (org.apache.zookeeper.data.Id)43
Test (org.junit.Test)43
ArrayList (java.util.ArrayList)33
Stat (org.apache.zookeeper.data.Stat)19
KeeperException (org.apache.zookeeper.KeeperException)17
Configuration (org.apache.hadoop.conf.Configuration)10
ZooKeeper (org.apache.zookeeper.ZooKeeper)10
Test (org.testng.annotations.Test)9
CuratorFramework (org.apache.curator.framework.CuratorFramework)8
IOException (java.io.IOException)6
File (java.io.File)5
ACLProvider (org.apache.curator.framework.api.ACLProvider)5
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)5
HashMap (java.util.HashMap)4
List (java.util.List)4
Map (java.util.Map)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)3
