Example 21 with ACL
use of org.apache.zookeeper.data.ACL in project nifi by apache.
the class TestCuratorACLProviderFactory method testSaslAuthSchemeWithHostNoRealm.
@Test
public void testSaslAuthSchemeWithHostNoRealm() {
final NiFiProperties nifiProperties;
final CuratorACLProviderFactory factory;
otherProps.put("nifi.zookeeper.kerberos.removeHostFromPrincipal", "false");
otherProps.put("nifi.zookeeper.kerberos.removeRealmFromPrincipal", "true");
nifiProperties = NiFiProperties.createBasicNiFiProperties(propsFile, otherProps);
factory = new CuratorACLProviderFactory();
ZooKeeperClientConfig config = ZooKeeperClientConfig.createConfig(nifiProperties);
ACLProvider provider = factory.create(config);
assertFalse(provider instanceof DefaultACLProvider);
List<ACL> acls = provider.getDefaultAcl();
assertNotNull(acls);
assertEquals(acls.get(0).getId().toString().trim(), "'sasl,'nifi/host");
}
Also used :
NiFiProperties(org.apache.nifi.util.NiFiProperties)
ACLProvider(org.apache.curator.framework.api.ACLProvider)
DefaultACLProvider(org.apache.curator.framework.imps.DefaultACLProvider)
ZooKeeperClientConfig(org.apache.nifi.controller.cluster.ZooKeeperClientConfig)
DefaultACLProvider(org.apache.curator.framework.imps.DefaultACLProvider)
ACL(org.apache.zookeeper.data.ACL)
Test(org.junit.Test)
Example 22 with ACL
use of org.apache.zookeeper.data.ACL in project nifi by apache.
the class ZooKeeperMigrator method writeZooKeeper.
void writeZooKeeper(InputStream zkData, AuthMode authMode, byte[] authData, boolean ignoreSource, boolean useExistingACL) throws IOException, ExecutionException, InterruptedException {
// ensure that the chroot path exists
ZooKeeper zooKeeperRoot = getZooKeeper(Joiner.on(',').join(zooKeeperEndpointConfig.getServers()), authMode, authData);
ensureNodeExists(zooKeeperRoot, zooKeeperEndpointConfig.getPath(), CreateMode.PERSISTENT);
closeZooKeeper(zooKeeperRoot);
ZooKeeper zooKeeper = getZooKeeper(zooKeeperEndpointConfig.getConnectString(), authMode, authData);
JsonReader jsonReader = new JsonReader(new BufferedReader(new InputStreamReader(zkData)));
Gson gson = new GsonBuilder().create();
jsonReader.beginArray();
// determine source ZooKeeperEndpointConfig for this data
final ZooKeeperEndpointConfig sourceZooKeeperEndpointConfig = gson.fromJson(jsonReader, ZooKeeperEndpointConfig.class);
LOGGER.info("Source data was obtained from ZooKeeper: {}", sourceZooKeeperEndpointConfig);
Preconditions.checkArgument(!Strings.isNullOrEmpty(sourceZooKeeperEndpointConfig.getConnectString()) && !Strings.isNullOrEmpty(sourceZooKeeperEndpointConfig.getPath()) && sourceZooKeeperEndpointConfig.getServers() != null && sourceZooKeeperEndpointConfig.getServers().size() > 0, "Source ZooKeeper %s from %s is invalid", sourceZooKeeperEndpointConfig, zkData);
Preconditions.checkArgument(Collections.disjoint(zooKeeperEndpointConfig.getServers(), sourceZooKeeperEndpointConfig.getServers()) || !zooKeeperEndpointConfig.getPath().equals(sourceZooKeeperEndpointConfig.getPath()) || ignoreSource, "Source ZooKeeper config %s for the data provided can not contain the same server and path as the configured destination ZooKeeper config %s", sourceZooKeeperEndpointConfig, zooKeeperEndpointConfig);
// stream through each node read from the json input
final Stream<DataStatAclNode> stream = StreamSupport.stream(new Spliterators.AbstractSpliterator<DataStatAclNode>(0, 0) {
@Override
public boolean tryAdvance(Consumer<? super DataStatAclNode> action) {
try {
// stream each DataStatAclNode from configured json file
synchronized (jsonReader) {
if (jsonReader.hasNext()) {
action.accept(gson.fromJson(jsonReader, DataStatAclNode.class));
return true;
} else {
return false;
}
}
} catch (IOException e) {
throw new RuntimeException("unable to read nodes from json", e);
}
}
}, false);
final List<CompletableFuture<Stat>> writeFutures = stream.parallel().map(node -> {
/*
* create stage to determine the acls that should be applied to the node.
* this stage will be used to initialize the chain
*/
final CompletableFuture<List<ACL>> determineACLStage = CompletableFuture.supplyAsync(() -> determineACLs(node, authMode, useExistingACL));
/*
* create stage to apply acls to nodes and transform node to DataStatAclNode object
*/
final Function<List<ACL>, CompletableFuture<DataStatAclNode>> transformNodeStage = acls -> CompletableFuture.supplyAsync(() -> transformNode(node, acls));
/*
* create stage to ensure that nodes exist for the entire path of the zookeeper node, must be invoked after the transformNode stage to
* ensure that the node will exist after path migration
*/
final Function<DataStatAclNode, CompletionStage<String>> ensureNodeExistsStage = dataStatAclNode -> CompletableFuture.supplyAsync(() -> ensureNodeExists(zooKeeper, dataStatAclNode.getPath(), dataStatAclNode.getEphemeralOwner() == 0 ? CreateMode.PERSISTENT : CreateMode.EPHEMERAL));
/*
* create stage that waits for both the transformNode and ensureNodeExists stages complete, and also provides that the given transformed node is
* available to the next stage
*/
final BiFunction<String, DataStatAclNode, DataStatAclNode> combineEnsureNodeAndTransferNodeStage = (u, dataStatAclNode) -> dataStatAclNode;
/*
* create stage to transmit the node to the destination zookeeper endpoint, must be invoked after the node has been transformed and its path
* has been created (or already exists) in the destination zookeeper
*/
final Function<DataStatAclNode, CompletionStage<Stat>> transmitNodeStage = dataStatNode -> CompletableFuture.supplyAsync(() -> transmitNode(zooKeeper, dataStatNode));
/*
* submit the stages chained together in the proper order to perform the processing on the given node
*/
final CompletableFuture<DataStatAclNode> dataStatAclNodeCompletableFuture = determineACLStage.thenCompose(transformNodeStage);
return dataStatAclNodeCompletableFuture.thenCompose(ensureNodeExistsStage).thenCombine(dataStatAclNodeCompletableFuture, combineEnsureNodeAndTransferNodeStage).thenCompose(transmitNodeStage);
}).collect(Collectors.toList());
CompletableFuture<Void> allWritesFuture = CompletableFuture.allOf(writeFutures.toArray(new CompletableFuture[writeFutures.size()]));
final CompletableFuture<List<Stat>> finishedWrites = allWritesFuture.thenApply(v -> writeFutures.stream().map(CompletableFuture::join).collect(Collectors.toList()));
final List<Stat> writesDone = finishedWrites.get();
if (LOGGER.isInfoEnabled()) {
final int writeCount = writesDone.size();
LOGGER.info("{} {} transferred to {}", writeCount, writeCount == 1 ? "node" : "nodes", zooKeeperEndpointConfig);
}
jsonReader.close();
closeZooKeeper(zooKeeper);
}
Also used :
CreateMode(org.apache.zookeeper.CreateMode)
Spliterators(java.util.Spliterators)
BiFunction(java.util.function.BiFunction)
LoggerFactory(org.slf4j.LoggerFactory)
ACL(org.apache.zookeeper.data.ACL)
CompletableFuture(java.util.concurrent.CompletableFuture)
Stat(org.apache.zookeeper.data.Stat)
JsonParser(com.google.gson.JsonParser)
Function(java.util.function.Function)
GsonBuilder(com.google.gson.GsonBuilder)
JsonReader(com.google.gson.stream.JsonReader)
ArrayList(java.util.ArrayList)
Strings(com.google.common.base.Strings)
Gson(com.google.gson.Gson)
OutputStreamWriter(java.io.OutputStreamWriter)
StreamSupport(java.util.stream.StreamSupport)
Splitter(com.google.common.base.Splitter)
JsonWriter(com.google.gson.stream.JsonWriter)
ZooKeeper(org.apache.zookeeper.ZooKeeper)
OutputStream(java.io.OutputStream)
Logger(org.slf4j.Logger)
KeeperException(org.apache.zookeeper.KeeperException)
Watcher(org.apache.zookeeper.Watcher)
BufferedWriter(java.io.BufferedWriter)
IOException(java.io.IOException)
InputStreamReader(java.io.InputStreamReader)
Collectors(java.util.stream.Collectors)
ExecutionException(java.util.concurrent.ExecutionException)
TimeUnit(java.util.concurrent.TimeUnit)
Consumer(java.util.function.Consumer)
CountDownLatch(java.util.concurrent.CountDownLatch)
List(java.util.List)
CompletionStage(java.util.concurrent.CompletionStage)
Stream(java.util.stream.Stream)
ZooDefs(org.apache.zookeeper.ZooDefs)
Preconditions(com.google.common.base.Preconditions)
BufferedReader(java.io.BufferedReader)
Collections(java.util.Collections)
Joiner(com.google.common.base.Joiner)
InputStream(java.io.InputStream)
Gson(com.google.gson.Gson)
BiFunction(java.util.function.BiFunction)
Function(java.util.function.Function)
CompletableFuture(java.util.concurrent.CompletableFuture)
Stat(org.apache.zookeeper.data.Stat)
JsonReader(com.google.gson.stream.JsonReader)
ArrayList(java.util.ArrayList)
List(java.util.List)
InputStreamReader(java.io.InputStreamReader)
GsonBuilder(com.google.gson.GsonBuilder)
ACL(org.apache.zookeeper.data.ACL)
IOException(java.io.IOException)
Spliterators(java.util.Spliterators)
ZooKeeper(org.apache.zookeeper.ZooKeeper)
BiFunction(java.util.function.BiFunction)
BufferedReader(java.io.BufferedReader)
Example 23 with ACL
use of org.apache.zookeeper.data.ACL in project nifi by apache.
the class ZooKeeperMigrator method retrieveNode.
private DataStatAclNode retrieveNode(ZooKeeper zooKeeper, String path) {
Preconditions.checkNotNull(zooKeeper, "ZooKeeper client must not be null");
Preconditions.checkNotNull(path, "path must not be null");
final Stat stat = new Stat();
final byte[] data;
final List<ACL> acls;
final long ephemeralOwner;
try {
data = zooKeeper.getData(path, false, stat);
acls = zooKeeper.getACL(path, stat);
ephemeralOwner = stat.getEphemeralOwner();
} catch (InterruptedException | KeeperException e) {
if (e instanceof InterruptedException) {
Thread.currentThread().interrupt();
}
throw new RuntimeException(String.format("unable to get data, ACLs, and stats from %s for node at path %s", zooKeeper, path), e);
}
return new DataStatAclNode(path, data, stat, acls, ephemeralOwner);
}
Also used :
Stat(org.apache.zookeeper.data.Stat)
ACL(org.apache.zookeeper.data.ACL)
KeeperException(org.apache.zookeeper.KeeperException)
Example 24 with ACL
use of org.apache.zookeeper.data.ACL in project zookeeper by apache.
the class PrepRequestProcessor method checkACL.
/**
* Grant or deny authorization to an operation on a node as a function of:
* @param zks : the ZooKeeper server
* @param cnxn : the server connection
* @param acl : set of ACLs for the node
* @param perm : the permission that the client is requesting
* @param ids : the credentials supplied by the client
* @param path : the ZNode path
* @param setAcls : for set ACL operations, the list of ACLs being set. Otherwise null.
*/
static void checkACL(ZooKeeperServer zks, ServerCnxn cnxn, List<ACL> acl, int perm, List<Id> ids, String path, List<ACL> setAcls) throws KeeperException.NoAuthException {
if (skipACL) {
return;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Permission requested: {} ", perm);
LOG.debug("ACLs for node: {}", acl);
LOG.debug("Client credentials: {}", ids);
}
if (acl == null || acl.size() == 0) {
return;
}
for (Id authId : ids) {
if (authId.getScheme().equals("super")) {
return;
}
}
for (ACL a : acl) {
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
return;
}
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap != null) {
for (Id authId : ids) {
if (authId.getScheme().equals(id.getScheme()) && ap.matches(new ServerAuthenticationProvider.ServerObjs(zks, cnxn), new ServerAuthenticationProvider.MatchValues(path, authId.getId(), id.getId(), perm, setAcls))) {
return;
}
}
}
}
}
throw new KeeperException.NoAuthException();
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
ServerAuthenticationProvider(org.apache.zookeeper.server.auth.ServerAuthenticationProvider)
Example 25 with ACL
use of org.apache.zookeeper.data.ACL in project fabric8 by jboss-fuse.
the class CuratorACLManager method parseACLs.
/**
* Parses a {@link String} representation of the {@link ACL} list.
*/
private List<ACL> parseACLs(String aclString) {
List<ACL> acl;
String[] acls = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
LOGGER.warn(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}Aggregations
ACL (org.apache.zookeeper.data.ACL)214
Id (org.apache.zookeeper.data.Id)83
ArrayList (java.util.ArrayList)58
Test (org.junit.Test)58
Stat (org.apache.zookeeper.data.Stat)53
KeeperException (org.apache.zookeeper.KeeperException)35
Test (org.testng.annotations.Test)32
CuratorFramework (org.apache.curator.framework.CuratorFramework)19
Test (org.junit.jupiter.api.Test)18
Configuration (org.apache.hadoop.conf.Configuration)17
ZooKeeper (org.apache.zookeeper.ZooKeeper)16
ACLProvider (org.apache.curator.framework.api.ACLProvider)15
List (java.util.List)11
IOException (java.io.IOException)10
CountDownLatch (java.util.concurrent.CountDownLatch)9
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)7
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
ExponentialBackoffRetry (org.apache.curator.retry.ExponentialBackoffRetry)6
RetryOneTime (org.apache.curator.retry.RetryOneTime)6
CreateMode (org.apache.zookeeper.CreateMode)6
