Example 21 with Id
use of org.apache.zookeeper.data.Id in project incubator-atlas by apache.
the class ActiveInstanceStateTest method testSharedPathIsCreatedWithRightACLIfNotExists.
@Test
public void testSharedPathIsCreatedWithRightACLIfNotExists() throws Exception {
when(configuration.getString(HAConfiguration.ATLAS_SERVER_ADDRESS_PREFIX + "id1")).thenReturn(HOST_PORT);
when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("sasl:myclient@EXAMPLE.COM");
when(configuration.getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)).thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT);
when(curatorFactory.clientInstance()).thenReturn(curatorFramework);
ExistsBuilder existsBuilder = mock(ExistsBuilder.class);
when(curatorFramework.checkExists()).thenReturn(existsBuilder);
when(existsBuilder.forPath(getPath())).thenReturn(null);
CreateBuilder createBuilder = mock(CreateBuilder.class);
when(curatorFramework.create()).thenReturn(createBuilder);
when(createBuilder.withMode(CreateMode.EPHEMERAL)).thenReturn(createBuilder);
ACL expectedAcl = new ACL(ZooDefs.Perms.ALL, new Id("sasl", "myclient@EXAMPLE.COM"));
when(createBuilder.withACL(Arrays.asList(new ACL[] { expectedAcl }))).thenReturn(createBuilder);
SetDataBuilder setDataBuilder = mock(SetDataBuilder.class);
when(curatorFramework.setData()).thenReturn(setDataBuilder);
ActiveInstanceState activeInstanceState = new ActiveInstanceState(configuration, curatorFactory);
activeInstanceState.update("id1");
verify(createBuilder).forPath(getPath());
}
Also used :
SetDataBuilder(org.apache.curator.framework.api.SetDataBuilder)
CreateBuilder(org.apache.curator.framework.api.CreateBuilder)
ExistsBuilder(org.apache.curator.framework.api.ExistsBuilder)
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 22 with Id
use of org.apache.zookeeper.data.Id in project lucene-solr by apache.
the class SolrZkClientTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
final String SCHEME = "digest";
final String AUTH = "user:pass";
String zkDir = createTempDir().toString();
log.info("ZooKeeper dataDir:" + zkDir);
zkServer = new ZkTestServer(zkDir);
zkServer.run();
try (SolrZkClient client = new SolrZkClient(zkServer.getZkHost(), AbstractZkTestCase.TIMEOUT)) {
// Set up chroot
client.makePath("/solr", false, true);
}
defaultClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT);
defaultClient.makePath(PATH, true);
aclClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT) {
@Override
protected ZkACLProvider createZkACLProvider() {
return new DefaultZkACLProvider() {
@Override
protected List<ACL> createGlobalACLsToAdd() {
try {
Id id = new Id(SCHEME, DigestAuthenticationProvider.generateDigest(AUTH));
return Collections.singletonList(new ACL(ZooDefs.Perms.ALL, id));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
};
}
};
credentialsClient = new SolrZkClient(zkServer.getZkAddress(), AbstractZkTestCase.TIMEOUT) {
@Override
protected ZkCredentialsProvider createZkCredentialsToAddAutomatically() {
return new DefaultZkCredentialsProvider() {
@Override
protected Collection<ZkCredentials> createCredentials() {
return Collections.singleton(new ZkCredentials(SCHEME, AUTH.getBytes(StandardCharsets.UTF_8)));
}
};
}
};
}
Also used :
ZkTestServer(org.apache.solr.cloud.ZkTestServer)
ACL(org.apache.zookeeper.data.ACL)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Collection(java.util.Collection)
List(java.util.List)
Id(org.apache.zookeeper.data.Id)
Example 23 with Id
use of org.apache.zookeeper.data.Id in project lucene-solr by apache.
the class SaslZkACLProvider method createSecurityACLsToAdd.
@Override
protected List<ACL> createSecurityACLsToAdd() {
List<ACL> ret = new ArrayList<ACL>();
ret.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", superUser)));
return ret;
}Example 24 with Id
use of org.apache.zookeeper.data.Id in project hbase by apache.
the class ZooKeeperWatcher method isBaseZnodeAclSetup.
/**
* Checks whether the ACLs returned from the base znode (/hbase) is set for secure setup.
* @param acls acls from zookeeper
* @return whether ACLs are set for the base znode
* @throws IOException
*/
private boolean isBaseZnodeAclSetup(List<ACL> acls) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking znode ACLs");
}
String[] superUsers = conf.getStrings(Superusers.SUPERUSER_CONF_KEY);
// Check whether ACL set for all superusers
if (superUsers != null && !checkACLForSuperUsers(superUsers, acls)) {
return false;
}
// this assumes that current authenticated user is the same as zookeeper client user
// configured via JAAS
String hbaseUser = UserGroupInformation.getCurrentUser().getShortUserName();
if (acls.isEmpty()) {
if (LOG.isDebugEnabled()) {
LOG.debug("ACL is empty");
}
return false;
}
for (ACL acl : acls) {
int perms = acl.getPerms();
Id id = acl.getId();
// and one for the hbase user
if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
if (perms != Perms.READ) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x", id, perms, Perms.READ));
}
return false;
}
} else if (superUsers != null && isSuperUserId(superUsers, id)) {
if (perms != Perms.ALL) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x", id, perms, Perms.ALL));
}
return false;
}
} else if ("sasl".equals(id.getScheme())) {
String name = id.getId();
// If ZooKeeper recorded the Kerberos full name in the ACL, use only the shortname
Matcher match = NAME_PATTERN.matcher(name);
if (match.matches()) {
name = match.group(1);
}
if (name.equals(hbaseUser)) {
if (perms != Perms.ALL) {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("permissions for '%s' are not correct: have 0x%x, want 0x%x", id, perms, Perms.ALL));
}
return false;
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Unexpected shortname in SASL ACL: " + id);
}
return false;
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("unexpected ACL id '" + id + "'");
}
return false;
}
}
return true;
}Example 25 with Id
use of org.apache.zookeeper.data.Id in project hbase by apache.
the class ZKUtil method createACL.
public static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper) {
if (!node.startsWith(zkw.znodePaths.baseZNode)) {
return Ids.OPEN_ACL_UNSAFE;
}
if (isSecureZooKeeper) {
ArrayList<ACL> acls = new ArrayList<>();
// add permission to hbase supper user
String[] superUsers = zkw.getConfiguration().getStrings(Superusers.SUPERUSER_CONF_KEY);
if (superUsers != null) {
List<String> groups = new ArrayList<>();
for (String user : superUsers) {
if (AuthUtil.isGroupPrincipal(user)) {
// TODO: Set node ACL for groups when ZK supports this feature
groups.add(user);
} else {
acls.add(new ACL(Perms.ALL, new Id("sasl", user)));
}
}
if (!groups.isEmpty()) {
LOG.warn("Znode ACL setting for group " + groups + " is skipped, ZooKeeper doesn't support this feature presently.");
}
}
// so they must be readable by non-authenticated clients
if (zkw.isClientReadable(node)) {
acls.addAll(Ids.CREATOR_ALL_ACL);
acls.addAll(Ids.READ_ACL_UNSAFE);
} else {
acls.addAll(Ids.CREATOR_ALL_ACL);
}
return acls;
} else {
return Ids.OPEN_ACL_UNSAFE;
}
}Aggregations
Id (org.apache.zookeeper.data.Id)50
ACL (org.apache.zookeeper.data.ACL)39
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)18
KeeperException (org.apache.zookeeper.KeeperException)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
Stat (org.apache.zookeeper.data.Stat)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)4
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
ByteBuffer (java.nio.ByteBuffer)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Configuration (org.apache.hadoop.conf.Configuration)3
CreateRequest (org.apache.zookeeper.proto.CreateRequest)3
IOException (java.io.IOException)2
LinkedHashSet (java.util.LinkedHashSet)2
SetupStep (org.apache.atlas.setup.SetupStep)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)2
ACLProvider (org.apache.curator.framework.api.ACLProvider)2
CreateBuilder (org.apache.curator.framework.api.CreateBuilder)2
