Examples with ACL org.apache.zookeeper.data.ACL used on opensource projects

Example 86 with ACL

use of org.apache.zookeeper.data.ACL in project hadoop by apache.

the class TestSecureRMRegistryOperations method testUserHomedirsPermissionsRestricted.

@Test
public void testUserHomedirsPermissionsRestricted() throws Throwable {
    // test that the /users/$user permissions are restricted
    RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations();
    // create Alice's dir, so it should have an ACL for Alice
    final String home = rmRegistryOperations.initUserRegistry(ALICE);
    List<ACL> acls = rmRegistryOperations.zkGetACLS(home);
    ACL aliceACL = null;
    for (ACL acl : acls) {
        LOG.info(RegistrySecurity.aclToString(acl));
        Id id = acl.getId();
        if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL) && id.getId().startsWith(ALICE)) {
            aliceACL = acl;
            break;
        }
    }
    assertNotNull(aliceACL);
    assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS, aliceACL.getPerms());
}

Example 87 with ACL

use of org.apache.zookeeper.data.ACL in project hadoop by apache.

the class RegistryAdminService method serviceInit.

/**
   * Init operation sets up the system ACLs.
   * @param conf configuration of the service
   * @throws Exception
   */
@Override
protected void serviceInit(Configuration conf) throws Exception {
    super.serviceInit(conf);
    RegistrySecurity registrySecurity = getRegistrySecurity();
    if (registrySecurity.isSecureRegistry()) {
        ACL sasl = registrySecurity.createSaslACLFromCurrentUser(ZooDefs.Perms.ALL);
        registrySecurity.addSystemACL(sasl);
        LOG.info("Registry System ACLs:", RegistrySecurity.aclsToString(registrySecurity.getSystemACLs()));
    }
}

Example 88 with ACL

use of org.apache.zookeeper.data.ACL in project hadoop by apache.

the class ActiveStandbyElectorBasedElectorService method serviceInit.

@Override
protected void serviceInit(Configuration conf) throws Exception {
    conf = conf instanceof YarnConfiguration ? conf : new YarnConfiguration(conf);
    String zkQuorum = conf.get(YarnConfiguration.RM_ZK_ADDRESS);
    if (zkQuorum == null) {
        throw new YarnRuntimeException("Embedded automatic failover " + "is enabled, but " + YarnConfiguration.RM_ZK_ADDRESS + " is not set");
    }
    String rmId = HAUtil.getRMHAId(conf);
    String clusterId = YarnConfiguration.getClusterId(conf);
    localActiveNodeInfo = createActiveNodeInfo(clusterId, rmId);
    String zkBasePath = conf.get(YarnConfiguration.AUTO_FAILOVER_ZK_BASE_PATH, YarnConfiguration.DEFAULT_AUTO_FAILOVER_ZK_BASE_PATH);
    String electionZNode = zkBasePath + "/" + clusterId;
    zkSessionTimeout = conf.getLong(YarnConfiguration.RM_ZK_TIMEOUT_MS, YarnConfiguration.DEFAULT_RM_ZK_TIMEOUT_MS);
    List<ACL> zkAcls = RMZKUtils.getZKAcls(conf);
    List<ZKUtil.ZKAuthInfo> zkAuths = RMZKUtils.getZKAuths(conf);
    int maxRetryNum = conf.getInt(YarnConfiguration.RM_HA_FC_ELECTOR_ZK_RETRIES_KEY, conf.getInt(CommonConfigurationKeys.HA_FC_ELECTOR_ZK_OP_RETRIES_KEY, CommonConfigurationKeys.HA_FC_ELECTOR_ZK_OP_RETRIES_DEFAULT));
    elector = new ActiveStandbyElector(zkQuorum, (int) zkSessionTimeout, electionZNode, zkAcls, zkAuths, this, maxRetryNum, false);
    elector.ensureParentZNode();
    if (!isParentZnodeSafe(clusterId)) {
        notifyFatalError(electionZNode + " znode has invalid data! " + "Might need formatting!");
    }
    super.serviceInit(conf);
}

Example 89 with ACL

use of org.apache.zookeeper.data.ACL in project helios by spotify.

the class ZooKeeperAclTest method testMasterSetsRootNodeAcls.

/**
   * Verify that the master sets the correct ACLs on the root node on start-up.
   */
@Test
public void testMasterSetsRootNodeAcls() throws Exception {
    startDefaultMaster();
    final CuratorFramework curator = zk().curatorWithSuperAuth();
    final List<ACL> acls = curator.getACL().forPath("/");
    assertEquals(Sets.newHashSet(aclProvider.getAclForPath("/")), Sets.newHashSet(acls));
}

Example 90 with ACL

use of org.apache.zookeeper.data.ACL in project helios by spotify.

the class ZooKeeperAclTest method testMasterCreatedNodesHaveAcls.

/**
   * Simple test to make sure nodes created by master use the ACLs provided by the ACL provider.
   */
@Test
public void testMasterCreatedNodesHaveAcls() throws Exception {
    startDefaultMaster();
    Polling.await(WAIT_TIMEOUT_SECONDS, TimeUnit.SECONDS, new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            return defaultClient().listMasters().get().isEmpty() ? null : true;
        }
    });
    final CuratorFramework curator = zk().curatorWithSuperAuth();
    final String path = Paths.statusMasterUp(TEST_MASTER);
    final List<ACL> acls = curator.getACL().forPath(path);
    assertEquals(Sets.newHashSet(aclProvider.getAclForPath(path)), Sets.newHashSet(acls));
}