Example 96 with ACL
use of org.apache.zookeeper.data.ACL in project incubator-atlas by apache.
the class AtlasZookeeperSecurityPropertiesTest method shouldThrowExceptionForInvalidAclString.
@Test(expectedExceptions = IllegalArgumentException.class)
public void shouldThrowExceptionForInvalidAclString() {
ACL acl = AtlasZookeeperSecurityProperties.parseAcl("randomAcl");
fail("Should have thrown exception for null ACL string");
}Example 97 with ACL
use of org.apache.zookeeper.data.ACL in project incubator-atlas by apache.
the class ActiveInstanceState method update.
/**
* Update state of the active server instance.
*
* This method writes this instance's Server Address to a shared node in Zookeeper.
* This information is used by other passive instances to locate the current active server.
* @throws Exception
* @param serverId ID of this server instance
*/
public void update(String serverId) throws AtlasBaseException {
try {
CuratorFramework client = curatorFactory.clientInstance();
HAConfiguration.ZookeeperProperties zookeeperProperties = HAConfiguration.getZookeeperProperties(configuration);
String atlasServerAddress = HAConfiguration.getBoundAddressForId(configuration, serverId);
List<ACL> acls = Arrays.asList(new ACL[] { AtlasZookeeperSecurityProperties.parseAcl(zookeeperProperties.getAcl(), ZooDefs.Ids.OPEN_ACL_UNSAFE.get(0)) });
Stat serverInfo = client.checkExists().forPath(getZnodePath(zookeeperProperties));
if (serverInfo == null) {
client.create().withMode(CreateMode.EPHEMERAL).withACL(acls).forPath(getZnodePath(zookeeperProperties));
}
client.setData().forPath(getZnodePath(zookeeperProperties), atlasServerAddress.getBytes(Charset.forName("UTF-8")));
} catch (Exception e) {
throw new AtlasBaseException(AtlasErrorCode.CURATOR_FRAMEWORK_UPDATE, e, "forPath: getZnodePath");
}
}
Also used :
CuratorFramework(org.apache.curator.framework.CuratorFramework)
Stat(org.apache.zookeeper.data.Stat)
AtlasBaseException(org.apache.atlas.exception.AtlasBaseException)
HAConfiguration(org.apache.atlas.ha.HAConfiguration)
ACL(org.apache.zookeeper.data.ACL)
AtlasException(org.apache.atlas.AtlasException)
AtlasBaseException(org.apache.atlas.exception.AtlasBaseException)
Example 98 with ACL
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class SaslZkACLProvider method createNonSecurityACLsToAdd.
@Override
protected List<ACL> createNonSecurityACLsToAdd() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", superUser)));
ret.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE));
return ret;
}Example 99 with ACL
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class TestZkConfigManager method testUploadWithACL.
@Test
public void testUploadWithACL() throws IOException {
zkServer.ensurePathExists("/acl");
final String readOnlyUsername = "readonly";
final String readOnlyPassword = "readonly";
final String writeableUsername = "writeable";
final String writeablePassword = "writeable";
ZkACLProvider aclProvider = new DefaultZkACLProvider() {
@Override
protected List<ACL> createGlobalACLsToAdd() {
try {
List<ACL> result = new ArrayList<>();
result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(writeableUsername + ":" + writeablePassword))));
result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(readOnlyUsername + ":" + readOnlyPassword))));
return result;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
ZkCredentialsProvider readonly = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (readOnlyUsername + ":" + readOnlyPassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
ZkCredentialsProvider writeable = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (writeableUsername + ":" + writeablePassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
Path configPath = createTempDir("acl-config");
Files.createFile(configPath.resolve("file1"));
// Start with all-access client
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, writeable)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.uploadConfigDir(configPath, "acltest");
assertEquals(1, configManager.listConfigs().size());
}
// Readonly access client can get the list of configs, but can't upload
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, readonly)) {
ZkConfigManager configManager = new ZkConfigManager(client);
assertEquals(1, configManager.listConfigs().size());
configManager.uploadConfigDir(configPath, "acltest2");
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
// Client with no auth whatsoever can't even get the list of configs
try (SolrZkClient client = new SolrZkClient(zkServer.getZkAddress("/acl"), 10000)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.listConfigs();
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
}
Also used :
Path(java.nio.file.Path)
ArrayList(java.util.ArrayList)
ACL(org.apache.zookeeper.data.ACL)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
Id(org.apache.zookeeper.data.Id)
Test(org.junit.Test)
Example 100 with ACL
use of org.apache.zookeeper.data.ACL in project lucene-solr by apache.
the class OutOfBoxZkACLAndCredentialsProvidersTest method assertOpenACLUnsafeAllover.
protected void assertOpenACLUnsafeAllover(SolrZkClient zkClient, String path, List<String> verifiedList) throws Exception {
List<ACL> acls = zkClient.getSolrZooKeeper().getACL(path, new Stat());
if (log.isInfoEnabled()) {
log.info("Verifying " + path);
}
assertEquals("Path " + path + " does not have OPEN_ACL_UNSAFE", ZooDefs.Ids.OPEN_ACL_UNSAFE, acls);
verifiedList.add(path);
List<String> children = zkClient.getChildren(path, null, false);
for (String child : children) {
assertOpenACLUnsafeAllover(zkClient, path + ((path.endsWith("/")) ? "" : "/") + child, verifiedList);
}
}Aggregations
ACL (org.apache.zookeeper.data.ACL)100
Id (org.apache.zookeeper.data.Id)39
Test (org.junit.Test)39
ArrayList (java.util.ArrayList)29
Stat (org.apache.zookeeper.data.Stat)18
KeeperException (org.apache.zookeeper.KeeperException)17
Test (org.testng.annotations.Test)9
CuratorFramework (org.apache.curator.framework.CuratorFramework)8
Configuration (org.apache.hadoop.conf.Configuration)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
IOException (java.io.IOException)6
ACLProvider (org.apache.curator.framework.api.ACLProvider)5
File (java.io.File)4
HashMap (java.util.HashMap)4
List (java.util.List)4
Map (java.util.Map)4
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)3
