use of org.apache.zookeeper.data.ACL in project hadoop by apache.
the class TestSecureRMRegistryOperations method testUserHomedirsPermissionsRestricted.
@Test
public void testUserHomedirsPermissionsRestricted() throws Throwable {
// test that the /users/$user permissions are restricted
RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations();
// create Alice's dir, so it should have an ACL for Alice
final String home = rmRegistryOperations.initUserRegistry(ALICE);
List<ACL> acls = rmRegistryOperations.zkGetACLS(home);
ACL aliceACL = null;
for (ACL acl : acls) {
LOG.info(RegistrySecurity.aclToString(acl));
Id id = acl.getId();
if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL) && id.getId().startsWith(ALICE)) {
aliceACL = acl;
break;
}
}
assertNotNull(aliceACL);
assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS, aliceACL.getPerms());
}
use of org.apache.zookeeper.data.ACL in project hadoop by apache.
the class RegistryAdminService method serviceInit.
/**
* Init operation sets up the system ACLs.
* @param conf configuration of the service
* @throws Exception
*/
@Override
protected void serviceInit(Configuration conf) throws Exception {
super.serviceInit(conf);
RegistrySecurity registrySecurity = getRegistrySecurity();
if (registrySecurity.isSecureRegistry()) {
ACL sasl = registrySecurity.createSaslACLFromCurrentUser(ZooDefs.Perms.ALL);
registrySecurity.addSystemACL(sasl);
LOG.info("Registry System ACLs:", RegistrySecurity.aclsToString(registrySecurity.getSystemACLs()));
}
}
use of org.apache.zookeeper.data.ACL in project hadoop by apache.
the class ActiveStandbyElectorBasedElectorService method serviceInit.
@Override
protected void serviceInit(Configuration conf) throws Exception {
conf = conf instanceof YarnConfiguration ? conf : new YarnConfiguration(conf);
String zkQuorum = conf.get(YarnConfiguration.RM_ZK_ADDRESS);
if (zkQuorum == null) {
throw new YarnRuntimeException("Embedded automatic failover " + "is enabled, but " + YarnConfiguration.RM_ZK_ADDRESS + " is not set");
}
String rmId = HAUtil.getRMHAId(conf);
String clusterId = YarnConfiguration.getClusterId(conf);
localActiveNodeInfo = createActiveNodeInfo(clusterId, rmId);
String zkBasePath = conf.get(YarnConfiguration.AUTO_FAILOVER_ZK_BASE_PATH, YarnConfiguration.DEFAULT_AUTO_FAILOVER_ZK_BASE_PATH);
String electionZNode = zkBasePath + "/" + clusterId;
zkSessionTimeout = conf.getLong(YarnConfiguration.RM_ZK_TIMEOUT_MS, YarnConfiguration.DEFAULT_RM_ZK_TIMEOUT_MS);
List<ACL> zkAcls = RMZKUtils.getZKAcls(conf);
List<ZKUtil.ZKAuthInfo> zkAuths = RMZKUtils.getZKAuths(conf);
int maxRetryNum = conf.getInt(YarnConfiguration.RM_HA_FC_ELECTOR_ZK_RETRIES_KEY, conf.getInt(CommonConfigurationKeys.HA_FC_ELECTOR_ZK_OP_RETRIES_KEY, CommonConfigurationKeys.HA_FC_ELECTOR_ZK_OP_RETRIES_DEFAULT));
elector = new ActiveStandbyElector(zkQuorum, (int) zkSessionTimeout, electionZNode, zkAcls, zkAuths, this, maxRetryNum, false);
elector.ensureParentZNode();
if (!isParentZnodeSafe(clusterId)) {
notifyFatalError(electionZNode + " znode has invalid data! " + "Might need formatting!");
}
super.serviceInit(conf);
}
use of org.apache.zookeeper.data.ACL in project helios by spotify.
the class ZooKeeperAclTest method testMasterSetsRootNodeAcls.
/**
* Verify that the master sets the correct ACLs on the root node on start-up.
*/
@Test
public void testMasterSetsRootNodeAcls() throws Exception {
startDefaultMaster();
final CuratorFramework curator = zk().curatorWithSuperAuth();
final List<ACL> acls = curator.getACL().forPath("/");
assertEquals(Sets.newHashSet(aclProvider.getAclForPath("/")), Sets.newHashSet(acls));
}
use of org.apache.zookeeper.data.ACL in project helios by spotify.
the class ZooKeeperAclTest method testMasterCreatedNodesHaveAcls.
/**
* Simple test to make sure nodes created by master use the ACLs provided by the ACL provider.
*/
@Test
public void testMasterCreatedNodesHaveAcls() throws Exception {
startDefaultMaster();
Polling.await(WAIT_TIMEOUT_SECONDS, TimeUnit.SECONDS, new Callable<Boolean>() {
@Override
public Boolean call() throws Exception {
return defaultClient().listMasters().get().isEmpty() ? null : true;
}
});
final CuratorFramework curator = zk().curatorWithSuperAuth();
final String path = Paths.statusMasterUp(TEST_MASTER);
final List<ACL> acls = curator.getACL().forPath(path);
assertEquals(Sets.newHashSet(aclProvider.getAclForPath(path)), Sets.newHashSet(acls));
}
Aggregations