use of org.apache.zookeeper.data.ACL in project incubator-atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method shouldThrowExceptionForInvalidAclString.
@Test(expectedExceptions = IllegalArgumentException.class)
public void shouldThrowExceptionForInvalidAclString() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl("randomAcl");
fail("Should have thrown exception for null ACL string");
}
use of org.apache.zookeeper.data.ACL in project incubator-atlas by apache.
the class ActiveInstanceState method update.
/**
* Update state of the active server instance.
*
* This method writes this instance's Server Address to a shared node in Zookeeper.
* This information is used by other passive instances to locate the current active server.
* @throws Exception
* @param serverId ID of this server instance
*/
public void update(String serverId) throws AtlasBaseException {
try {
CuratorFramework client = curatorFactory.clientInstance();
HAConfiguration.ZookeeperProperties zookeeperProperties = HAConfiguration.getZookeeperProperties(configuration);
String atlasServerAddress = HAConfiguration.getBoundAddressForId(configuration, serverId);
List<ACL> acls = Arrays.asList(new ACL[] { AtlasZookeeperSecurityProperties.parseAcl(zookeeperProperties.getAcl(), ZooDefs.Ids.OPEN_ACL_UNSAFE.get(0)) });
Stat serverInfo = client.checkExists().forPath(getZnodePath(zookeeperProperties));
if (serverInfo == null) {
client.create().withMode(CreateMode.EPHEMERAL).withACL(acls).forPath(getZnodePath(zookeeperProperties));
}
client.setData().forPath(getZnodePath(zookeeperProperties), atlasServerAddress.getBytes(Charset.forName("UTF-8")));
} catch (Exception e) {
throw new AtlasBaseException(AtlasErrorCode.CURATOR_FRAMEWORK_UPDATE, e, "forPath: getZnodePath");
}
}
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class SaslZkACLProvider method createNonSecurityACLsToAdd.
@Override
protected List<ACL> createNonSecurityACLsToAdd() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", superUser)));
ret.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE));
return ret;
}
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class TestZkConfigManager method testUploadWithACL.
@Test
public void testUploadWithACL() throws IOException {
zkServer.ensurePathExists("/acl");
final String readOnlyUsername = "readonly";
final String readOnlyPassword = "readonly";
final String writeableUsername = "writeable";
final String writeablePassword = "writeable";
ZkACLProvider aclProvider = new DefaultZkACLProvider() {
@Override
protected List<ACL> createGlobalACLsToAdd() {
try {
List<ACL> result = new ArrayList<>();
result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(writeableUsername + ":" + writeablePassword))));
result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(readOnlyUsername + ":" + readOnlyPassword))));
return result;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
ZkCredentialsProvider readonly = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (readOnlyUsername + ":" + readOnlyPassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
ZkCredentialsProvider writeable = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (writeableUsername + ":" + writeablePassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
Path configPath = createTempDir("acl-config");
Files.createFile(configPath.resolve("file1"));
// Start with all-access client
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, writeable)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.uploadConfigDir(configPath, "acltest");
assertEquals(1, configManager.listConfigs().size());
}
// Readonly access client can get the list of configs, but can't upload
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, readonly)) {
ZkConfigManager configManager = new ZkConfigManager(client);
assertEquals(1, configManager.listConfigs().size());
configManager.uploadConfigDir(configPath, "acltest2");
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
// Client with no auth whatsoever can't even get the list of configs
try (SolrZkClient client = new SolrZkClient(zkServer.getZkAddress("/acl"), 10000)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.listConfigs();
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
}
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class OutOfBoxZkACLAndCredentialsProvidersTest method assertOpenACLUnsafeAllover.
protected void assertOpenACLUnsafeAllover(SolrZkClient zkClient, String path, List<String> verifiedList) throws Exception {
List<ACL> acls = zkClient.getSolrZooKeeper().getACL(path, new Stat());
if (log.isInfoEnabled()) {
log.info("Verifying " + path);
}
assertEquals("Path " + path + " does not have OPEN_ACL_UNSAFE", ZooDefs.Ids.OPEN_ACL_UNSAFE, acls);
verifiedList.add(path);
List<String> children = zkClient.getChildren(path, null, false);
for (String child : children) {
assertOpenACLUnsafeAllover(zkClient, path + ((path.endsWith("/")) ? "" : "/") + child, verifiedList);
}
}
Aggregations