use of org.apache.zookeeper.data.ACL in project helios by spotify.
the class RuleBasedZooKeeperAclProvider method getAclForPath.
@Override
public List<ACL> getAclForPath(final String path) {
// id -> permissions
final Map<Id, Integer> matching = Maps.newHashMap();
for (final Rule rule : rules) {
if (rule.matches(path)) {
final int existingPerms = matching.containsKey(rule.id) ? matching.get(rule.id) : 0;
matching.put(rule.id, rule.perms | existingPerms);
}
}
if (matching.isEmpty()) {
return null;
}
final List<ACL> acls = Lists.newArrayList();
for (final Map.Entry<Id, Integer> e : matching.entrySet()) {
acls.add(new ACL(e.getValue(), e.getKey()));
}
return acls;
}
use of org.apache.zookeeper.data.ACL in project helios by spotify.
the class RuleBasedZooKeeperAclProviderTest method testSimple.
@Test
public void testSimple() {
final Id id1 = new Id("some_scheme", "id1");
final Id id2 = new Id("some_scheme", "id2");
final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder().rule("/foo/baz", DELETE, id1).rule("/foo/bar", CREATE, id1).rule("/foo/qux", READ | WRITE, id2).build();
assertThat(aclProvider.getAclForPath("/foo/baz"), contains(new ACL(DELETE, id1)));
assertThat(aclProvider.getAclForPath("/foo/bar"), contains(new ACL(CREATE, id1)));
assertThat(aclProvider.getAclForPath("/foo/qux"), contains(new ACL(READ | WRITE, id2)));
}
use of org.apache.zookeeper.data.ACL in project hadoop by apache.
the class TestZKDelegationTokenSecretManager method testACLs.
@Test
public void testACLs() throws Exception {
DelegationTokenManager tm1;
String connectString = zkServer.getConnectString();
Configuration conf = getSecretConf(connectString);
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
String userPass = "myuser:mypass";
final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(userPass)));
ACLProvider digestAclProvider = new ACLProvider() {
@Override
public List<ACL> getAclForPath(String path) {
return getDefaultAcl();
}
@Override
public List<ACL> getDefaultAcl() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(digestACL);
return ret;
}
};
CuratorFramework curatorFramework = CuratorFrameworkFactory.builder().connectString(connectString).retryPolicy(retryPolicy).aclProvider(digestAclProvider).authorization("digest", userPass.getBytes("UTF-8")).build();
curatorFramework.start();
ZKDelegationTokenSecretManager.setCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
tm1.init();
// check ACL
String workingPath = conf.get(ZKDelegationTokenSecretManager.ZK_DTSM_ZNODE_WORKING_PATH);
verifyACL(curatorFramework, "/" + workingPath, digestACL);
tm1.destroy();
ZKDelegationTokenSecretManager.setCurator(null);
curatorFramework.close();
}
use of org.apache.zookeeper.data.ACL in project pulsar by yahoo.
the class MockedZooKeeperClientFactoryImpl method create.
@Override
public CompletableFuture<ZooKeeper> create(String serverList, SessionType sessionType, int zkSessionTimeoutMillis) {
MockZooKeeper mockZooKeeper = MockZooKeeper.newInstance();
// not used for mock mode
List<ACL> dummyAclList = new ArrayList<ACL>(0);
try {
ZkUtils.createFullPathOptimistic(mockZooKeeper, "/ledgers/available/192.168.1.1:" + 5000, "".getBytes(ZookeeperClientFactoryImpl.ENCODING_SCHEME), dummyAclList, CreateMode.PERSISTENT);
mockZooKeeper.create("/ledgers/LAYOUT", "1\nflat:1".getBytes(ZookeeperClientFactoryImpl.ENCODING_SCHEME), dummyAclList, CreateMode.PERSISTENT);
return CompletableFuture.completedFuture(mockZooKeeper);
} catch (KeeperException | InterruptedException e) {
CompletableFuture<ZooKeeper> future = new CompletableFuture<>();
future.completeExceptionally(e);
return future;
}
}
use of org.apache.zookeeper.data.ACL in project incubator-atlas by apache.
the class CuratorFactory method getAclProvider.
private ACLProvider getAclProvider(HAConfiguration.ZookeeperProperties zookeeperProperties) {
ACLProvider aclProvider = null;
if (zookeeperProperties.hasAcl()) {
final ACL acl = AtlasZookeeperSecurityProperties.parseAcl(zookeeperProperties.getAcl());
LOG.info("Setting ACL for id {} with scheme {} and perms {}.", getIdForLogging(acl.getId().getScheme(), acl.getId().getId()), acl.getId().getScheme(), acl.getPerms());
LOG.info("Current logged in user: {}", getCurrentUser());
final List<ACL> acls = Arrays.asList(acl);
aclProvider = new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() {
return acls;
}
@Override
public List<ACL> getAclForPath(String path) {
return acls;
}
};
}
return aclProvider;
}
Aggregations