use of org.apache.zookeeper.data.ACL in project bookkeeper by apache.
the class ZKLogStreamMetadataStore method renameLogMetadata.
private CompletableFuture<Void> renameLogMetadata(URI uri, LogMetadataForWriter oldMetadata, String newStreamName) {
final LinkedList<Op> createOps = Lists.newLinkedList();
final LinkedList<Op> deleteOps = Lists.newLinkedList();
List<ACL> acls = zooKeeperClient.getDefaultACL();
// get the root path
String oldRootPath = oldMetadata.getLogRootPath();
String newRootPath = LogMetadata.getLogRootPath(uri, newStreamName, conf.getUnpartitionedStreamName());
// 0. the log path
deleteOps.addFirst(Op.delete(LogMetadata.getLogStreamPath(uri, oldMetadata.getLogName()), -1));
// 1. the root path
createOps.addLast(Op.create(newRootPath, EMPTY_BYTES, acls, CreateMode.PERSISTENT));
deleteOps.addFirst(Op.delete(oldRootPath, -1));
// 2. max id
Versioned<byte[]> maxTxIdData = oldMetadata.getMaxTxIdData();
deleteOldPathAndCreateNewPath(oldRootPath, MAX_TXID_PATH, maxTxIdData, newRootPath, DLUtils.serializeTransactionId(0L), acls, createOps, deleteOps);
// 3. version
createOps.addLast(Op.create(newRootPath + VERSION_PATH, intToBytes(LAYOUT_VERSION), acls, CreateMode.PERSISTENT));
deleteOps.addFirst(Op.delete(oldRootPath + VERSION_PATH, -1));
// 4. lock path (NOTE: if the stream is locked by a writer, then the delete will fail as you can not
// delete the lock path if children is not empty.
createOps.addLast(Op.create(newRootPath + LOCK_PATH, EMPTY_BYTES, acls, CreateMode.PERSISTENT));
deleteOps.addFirst(Op.delete(oldRootPath + LOCK_PATH, -1));
// 5. read lock path (NOTE: same reason as the write lock)
createOps.addLast(Op.create(newRootPath + READ_LOCK_PATH, EMPTY_BYTES, acls, CreateMode.PERSISTENT));
deleteOps.addFirst(Op.delete(oldRootPath + READ_LOCK_PATH, -1));
// 6. allocation path
Versioned<byte[]> allocationData = oldMetadata.getAllocationData();
deleteOldPathAndCreateNewPath(oldRootPath, ALLOCATION_PATH, allocationData, newRootPath, EMPTY_BYTES, acls, createOps, deleteOps);
// 7. log segments
Versioned<byte[]> maxLSSNData = oldMetadata.getMaxLSSNData();
deleteOldPathAndCreateNewPath(oldRootPath, LOGSEGMENTS_PATH, maxLSSNData, newRootPath, DLUtils.serializeLogSegmentSequenceNumber(UNASSIGNED_LOGSEGMENT_SEQNO), acls, createOps, deleteOps);
// 8. copy the log segments
CompletableFuture<List<LogSegmentMetadata>> segmentsFuture;
if (pathExists(maxLSSNData)) {
segmentsFuture = getLogSegments(zooKeeperClient, oldRootPath + LOGSEGMENTS_PATH);
} else {
segmentsFuture = FutureUtils.value(Collections.emptyList());
}
return segmentsFuture.thenApply(segments -> {
for (LogSegmentMetadata segment : segments) {
deleteOldSegmentAndCreateNewSegment(segment, newRootPath + LOGSEGMENTS_PATH, acls, createOps, deleteOps);
}
return null;
}).thenCompose(ignored -> getMissingPaths(zooKeeperClient, uri, newStreamName)).thenCompose(paths -> {
for (String path : paths) {
createOps.addFirst(Op.create(path, EMPTY_BYTES, acls, CreateMode.PERSISTENT));
}
return executeRenameTxn(oldRootPath, newRootPath, createOps, deleteOps);
});
}
use of org.apache.zookeeper.data.ACL in project bookkeeper by apache.
the class EnableZkSecurityBasicTest method checkACls.
private void checkACls(ZooKeeper zk, String path) throws KeeperException, InterruptedException {
List<String> children = zk.getChildren(path, null);
for (String child : children) {
if (child.equals(READONLY)) {
continue;
}
String fullPath = path.equals("/") ? path + child : path + "/" + child;
List<ACL> acls = zk.getACL(fullPath, new Stat());
checkACls(zk, fullPath);
if (// skip zookeeper internal nodes
!fullPath.startsWith("/zookeeper") && // node created by test setup
!fullPath.equals("/ledgers") && // node created by test setup
!fullPath.equals("/ledgers/" + BookKeeperConstants.AVAILABLE_NODE)) {
assertEquals(1, acls.size());
assertEquals(31, acls.get(0).getPerms());
assertEquals(31, acls.get(0).getPerms());
assertEquals("unexpected ACLS on " + fullPath + ": " + acls.get(0), "foo", acls.get(0).getId().getId());
assertEquals("unexpected ACLS on " + fullPath + ": " + acls.get(0), "sasl", acls.get(0).getId().getScheme());
}
}
}
use of org.apache.zookeeper.data.ACL in project oozie by apache.
the class ZKUtils method checkAndSetACLs.
private void checkAndSetACLs() throws Exception {
if (Services.get().getConf().getBoolean(ZK_SECURE, false)) {
// If znodes were previously created without security enabled, and now it is, we need to go through all existing znodes
// and set the ACLs for them
// We can't get the namespace znode through curator; have to go through zk client
String namespace = "/" + client.getNamespace();
if (client.getZookeeperClient().getZooKeeper().exists(namespace, null) != null) {
List<ACL> acls = client.getZookeeperClient().getZooKeeper().getACL(namespace, new Stat());
if (!acls.get(0).getId().getScheme().equals("sasl")) {
log.info("'sasl' ACLs not set; setting...");
List<String> children = client.getZookeeperClient().getZooKeeper().getChildren(namespace, null);
for (String child : children) {
checkAndSetACLs("/" + child);
}
client.getZookeeperClient().getZooKeeper().setACL(namespace, saslACL, -1);
}
}
}
}
use of org.apache.zookeeper.data.ACL in project cdap by caskdata.
the class SharedResourceCacheTest method testCache.
@Test
public void testCache() throws Exception {
String parentZNode = ZK_NAMESPACE + "/testCache";
List<ACL> acls = Lists.newArrayList(ZooDefs.Ids.OPEN_ACL_UNSAFE);
// create 2 cache instances
ZKClientService zkClient1 = injector1.getInstance(ZKClientService.class);
zkClient1.startAndWait();
SharedResourceCache<String> cache1 = new SharedResourceCache<>(zkClient1, new StringCodec(), parentZNode, acls);
cache1.init();
// add items to one and wait for them to show up in the second
String key1 = "key1";
String value1 = "value1";
cache1.put(key1, value1);
ZKClientService zkClient2 = injector2.getInstance(ZKClientService.class);
zkClient2.startAndWait();
SharedResourceCache<String> cache2 = new SharedResourceCache<>(zkClient2, new StringCodec(), parentZNode, acls);
cache2.init();
waitForEntry(cache2, key1, value1, 10000);
assertEquals(cache1.get(key1), cache2.get(key1));
final String key2 = "key2";
String value2 = "value2";
cache1.put(key2, value2);
waitForEntry(cache2, key2, value2, 10000);
assertEquals(cache1.get(key2), cache2.get(key2));
final String key3 = "key3";
String value3 = "value3";
cache2.put(key3, value3);
waitForEntry(cache1, key3, value3, 10000);
assertEquals(cache2.get(key3), cache1.get(key3));
// replace an existing key
final String value2new = "value2.2";
final SettableFuture<String> value2future = SettableFuture.create();
ResourceListener<String> value2listener = new BaseResourceListener<String>() {
@Override
public void onResourceUpdate(String name, String instance) {
LOG.info("Resource updated: {}={}", name, instance);
if (key2.equals(name) && value2new.equals(instance)) {
value2future.set(instance);
}
}
};
cache2.addListener(value2listener);
cache1.put(key2, value2new);
assertEquals(value2new, value2future.get(10, TimeUnit.SECONDS));
assertEquals(value2new, cache2.get(key2));
cache2.removeListener(value2listener);
// remove items from the second and wait for them to disappear from the first
// Use a latch to make sure both cache see the changes
final CountDownLatch key3RemoveLatch = new CountDownLatch(2);
cache1.addListener(new BaseResourceListener<String>() {
@Override
public void onResourceDelete(String name) {
LOG.info("Resource deleted on cache 1 {}", name);
if (name.equals(key3)) {
key3RemoveLatch.countDown();
}
}
});
final SettableFuture<String> key3RemoveFuture = SettableFuture.create();
ResourceListener<String> key3Listener = new BaseResourceListener<String>() {
@Override
public void onResourceDelete(String name) {
LOG.info("Resource deleted on cache 2 {}", name);
if (name.equals(key3)) {
key3RemoveFuture.set(name);
key3RemoveLatch.countDown();
}
}
};
cache2.addListener(key3Listener);
cache1.remove(key3);
String removedKey = key3RemoveFuture.get();
assertEquals(key3, removedKey);
assertNull(cache2.get(key3));
key3RemoveLatch.await(5, TimeUnit.SECONDS);
// verify that cache contents are equal
assertEquals(cache1, cache2);
}
use of org.apache.zookeeper.data.ACL in project xian by happyyangyuan.
the class TestFramework method testCreateACLWithReset.
@Test
public void testCreateACLWithReset() throws Exception {
Timing timing = new Timing();
CuratorFrameworkFactory.Builder builder = CuratorFrameworkFactory.builder();
CuratorFramework client = builder.connectString(server.getConnectString()).sessionTimeoutMs(timing.session()).connectionTimeoutMs(timing.connection()).authorization("digest", "me:pass".getBytes()).retryPolicy(new RetryOneTime(1)).build();
client.start();
try {
final CountDownLatch lostLatch = new CountDownLatch(1);
ConnectionStateListener listener = new ConnectionStateListener() {
@Override
public void stateChanged(CuratorFramework client, ConnectionState newState) {
if (newState == ConnectionState.LOST) {
lostLatch.countDown();
}
}
};
client.getConnectionStateListenable().addListener(listener);
ACL acl = new ACL(ZooDefs.Perms.WRITE, ZooDefs.Ids.AUTH_IDS);
List<ACL> aclList = Lists.newArrayList(acl);
client.create().withACL(aclList).forPath("/test", "test".getBytes());
server.stop();
Assert.assertTrue(timing.awaitLatch(lostLatch));
try {
client.checkExists().forPath("/");
Assert.fail("Connection should be down");
} catch (KeeperException.ConnectionLossException e) {
// expected
}
server.restart();
try {
client.setData().forPath("/test", "test".getBytes());
} catch (KeeperException.NoAuthException e) {
Assert.fail("Auth failed");
}
} finally {
CloseableUtils.closeQuietly(client);
}
}
Aggregations