Example 16 with Id
use of org.apache.zookeeper.data.Id in project helios by spotify.
the class RuleBasedZooKeeperAclProviderTest method testMultipleMatchingRules.
@Test
public void testMultipleMatchingRules() {
final Id id1 = new Id("some_scheme", "id1");
final Id id2 = new Id("some_scheme", "id2");
final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder().rule("/foo.*", DELETE, id1).rule("/foo/bar", CREATE, id1).rule(".*", READ, id2).rule("/foo/bar/baz", WRITE, id2).build();
assertThat(aclProvider.getAclForPath("/foo/bar"), containsInAnyOrder(new ACL(CREATE | DELETE, id1), new ACL(READ, id2)));
}Example 17 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthTest method testInvalidSaslIds.
@Test
public void testInvalidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> invalidIds = new ArrayList<String>();
invalidIds.add("user@KERB.REALM/server.com");
invalidIds.add("user@KERB.REALM1@KERB.REALM2");
int i = 0;
for (String invalidId : invalidIds) {
List<ACL> aclList = new ArrayList<ACL>();
try {
ACL acl = new ACL(0, new Id("sasl", invalidId));
aclList.add(acl);
zk.create("/invalid" + i, null, aclList, CreateMode.PERSISTENT);
Assert.fail("SASLAuthenticationProvider.isValid() failed to catch invalid Id.");
} catch (KeeperException.InvalidACLException e) {
// ok.
} finally {
i++;
}
}
}Example 18 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthTest method testValidSaslIds.
@Test
public void testValidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> validIds = new ArrayList<String>();
validIds.add("user");
validIds.add("service/host.name.com");
validIds.add("user@KERB.REALM");
validIds.add("service/host.name.com@KERB.REALM");
int i = 0;
for (String validId : validIds) {
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(0, new Id("sasl", validId));
aclList.add(acl);
zk.create("/valid" + i, null, aclList, CreateMode.PERSISTENT);
i++;
}
}Example 19 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class AclParser method parse.
/**
* parse string into list of ACL
* @param aclString
* @return
*/
public static List<ACL> parse(String aclString) {
List<ACL> acl;
String[] acls = aclString.split(",");
acl = new ArrayList<ACL>();
for (String a : acls) {
int firstColon = a.indexOf(':');
int lastColon = a.lastIndexOf(':');
if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
System.err.println(a + " does not have the form scheme:id:perm");
continue;
}
ACL newAcl = new ACL();
newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
acl.add(newAcl);
}
return acl;
}Example 20 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class PrepRequestProcessor method fixupACL.
/**
* This method checks out the acl making sure it isn't null or empty,
* it has valid schemes and ids, and expanding any relative ids that
* depend on the requestor's authentication information.
*
* @param authInfo list of ACL IDs associated with the client connection
* @param acls list of ACLs being assigned to the node (create or setACL operation)
* @return verified and expanded ACLs
* @throws KeeperException.InvalidACLException
*/
private List<ACL> fixupACL(String path, List<Id> authInfo, List<ACL> acls) throws KeeperException.InvalidACLException {
// check for well formed ACLs
// This resolves https://issues.apache.org/jira/browse/ZOOKEEPER-1877
List<ACL> uniqacls = removeDuplicates(acls);
List<ACL> rv = new LinkedList<ACL>();
if (uniqacls == null || uniqacls.size() == 0) {
throw new KeeperException.InvalidACLException(path);
}
for (ACL a : uniqacls) {
LOG.debug("Processing ACL: {}", a);
if (a == null) {
throw new KeeperException.InvalidACLException(path);
}
Id id = a.getId();
if (id == null || id.getScheme() == null) {
throw new KeeperException.InvalidACLException(path);
}
if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
rv.add(a);
} else if (id.getScheme().equals("auth")) {
// This is the "auth" id, so we have to expand it to the
// authenticated ids of the requestor
boolean authIdValid = false;
for (Id cid : authInfo) {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(cid.getScheme());
if (ap == null) {
LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
} else if (ap.isAuthenticated()) {
authIdValid = true;
rv.add(new ACL(a.getPerms(), cid));
}
}
if (!authIdValid) {
throw new KeeperException.InvalidACLException(path);
}
} else {
ServerAuthenticationProvider ap = ProviderRegistry.getServerProvider(id.getScheme());
if (ap == null || !ap.isValid(id.getId())) {
throw new KeeperException.InvalidACLException(path);
}
rv.add(a);
}
}
return rv;
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
ServerAuthenticationProvider(org.apache.zookeeper.server.auth.ServerAuthenticationProvider)
LinkedList(java.util.LinkedList)
KeeperException(org.apache.zookeeper.KeeperException)
Aggregations
Id (org.apache.zookeeper.data.Id)57
ACL (org.apache.zookeeper.data.ACL)43
ArrayList (java.util.ArrayList)22
Test (org.junit.Test)20
KeeperException (org.apache.zookeeper.KeeperException)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)6
ByteBuffer (java.nio.ByteBuffer)5
Stat (org.apache.zookeeper.data.Stat)5
CreateRequest (org.apache.zookeeper.proto.CreateRequest)5
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Configuration (org.apache.hadoop.conf.Configuration)3
GetDataRequest (org.apache.zookeeper.proto.GetDataRequest)3
File (java.io.File)2
IOException (java.io.IOException)2
LinkedHashSet (java.util.LinkedHashSet)2
SetupStep (org.apache.atlas.setup.SetupStep)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)2
