use of org.apache.zookeeper.data.Id in project helios by spotify.
the class RuleBasedZooKeeperAclProviderTest method testNoMatchingRules.
@Test
public void testNoMatchingRules() {
final Id id = new Id("some_scheme", "id");
final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder().rule("/foo/bar/baz", WRITE, id).build();
assertNull(aclProvider.getAclForPath("/foo/bar"));
}
use of org.apache.zookeeper.data.Id in project helios by spotify.
the class RuleBasedZooKeeperAclProviderTest method testSimple.
@Test
public void testSimple() {
final Id id1 = new Id("some_scheme", "id1");
final Id id2 = new Id("some_scheme", "id2");
final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder().rule("/foo/baz", DELETE, id1).rule("/foo/bar", CREATE, id1).rule("/foo/qux", READ | WRITE, id2).build();
assertThat(aclProvider.getAclForPath("/foo/baz"), contains(new ACL(DELETE, id1)));
assertThat(aclProvider.getAclForPath("/foo/bar"), contains(new ACL(CREATE, id1)));
assertThat(aclProvider.getAclForPath("/foo/qux"), contains(new ACL(READ | WRITE, id2)));
}
use of org.apache.zookeeper.data.Id in project incubator-atlas by apache.
the class SetupStepsTest method shouldDeleteSetupInProgressNodeAfterCompletion.
@Test
public void shouldDeleteSetupInProgressNodeAfterCompletion() throws Exception {
Set<SetupStep> steps = new LinkedHashSet<>();
SetupStep setupStep1 = mock(SetupStep.class);
steps.add(setupStep1);
when(configuration.getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)).thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT);
when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("digest:user:pwd");
List<ACL> aclList = Arrays.asList(new ACL(ZooDefs.Perms.ALL, new Id("digest", "user:pwd")));
setupServerIdSelectionMocks();
DeleteBuilder deleteBuilder = setupSetupInProgressPathMocks(aclList).getRight();
InterProcessMutex lock = mock(InterProcessMutex.class);
when(curatorFactory.lockInstance(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)).thenReturn(lock);
SetupSteps setupSteps = new SetupSteps(steps, curatorFactory, configuration);
setupSteps.runSetup();
verify(deleteBuilder).forPath(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT + SetupSteps.SETUP_IN_PROGRESS_NODE);
}
use of org.apache.zookeeper.data.Id in project lucene-solr by apache.
the class SaslZkACLProvider method createNonSecurityACLsToAdd.
@Override
protected List<ACL> createNonSecurityACLsToAdd() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", superUser)));
ret.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE));
return ret;
}
use of org.apache.zookeeper.data.Id in project lucene-solr by apache.
the class TestZkConfigManager method testUploadWithACL.
@Test
public void testUploadWithACL() throws IOException {
zkServer.ensurePathExists("/acl");
final String readOnlyUsername = "readonly";
final String readOnlyPassword = "readonly";
final String writeableUsername = "writeable";
final String writeablePassword = "writeable";
ZkACLProvider aclProvider = new DefaultZkACLProvider() {
@Override
protected List<ACL> createGlobalACLsToAdd() {
try {
List<ACL> result = new ArrayList<>();
result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(writeableUsername + ":" + writeablePassword))));
result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(readOnlyUsername + ":" + readOnlyPassword))));
return result;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
ZkCredentialsProvider readonly = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (readOnlyUsername + ":" + readOnlyPassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
ZkCredentialsProvider writeable = new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
List<ZkCredentials> credentials = new ArrayList<>();
credentials.add(new ZkCredentials("digest", (writeableUsername + ":" + writeablePassword).getBytes(StandardCharsets.UTF_8)));
return credentials;
}
};
Path configPath = createTempDir("acl-config");
Files.createFile(configPath.resolve("file1"));
// Start with all-access client
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, writeable)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.uploadConfigDir(configPath, "acltest");
assertEquals(1, configManager.listConfigs().size());
}
// Readonly access client can get the list of configs, but can't upload
try (SolrZkClient client = buildZkClient(zkServer.getZkAddress("/acl"), aclProvider, readonly)) {
ZkConfigManager configManager = new ZkConfigManager(client);
assertEquals(1, configManager.listConfigs().size());
configManager.uploadConfigDir(configPath, "acltest2");
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
// Client with no auth whatsoever can't even get the list of configs
try (SolrZkClient client = new SolrZkClient(zkServer.getZkAddress("/acl"), 10000)) {
ZkConfigManager configManager = new ZkConfigManager(client);
configManager.listConfigs();
fail("Should have thrown an ACL exception");
} catch (IOException e) {
assertEquals(KeeperException.NoAuthException.class, Throwables.getRootCause(e).getClass());
}
}
Aggregations