Examples with Id org.apache.zookeeper.data.Id used on opensource projects

Example 26 with Id

use of org.apache.zookeeper.data.Id in project hbase by apache.

the class TestZKUtil method testSecuritySingleSuperuser.

@Test
public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException {
    Configuration conf = HBaseConfiguration.create();
    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
    String node = "/hbase/testSecuritySingleSuperuser";
    ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false);
    List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
    // 1+1, since ACL will be set for the creator by default
    Assert.assertEquals(aclList.size(), 2);
    Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
    Assert.assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
}

Example 27 with Id

use of org.apache.zookeeper.data.Id in project hbase by apache.

the class TestZKUtil method testCreateACL.

@Test
public void testCreateACL() throws ZooKeeperConnectionException, IOException {
    Configuration conf = HBaseConfiguration.create();
    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
    String node = "/hbase/testCreateACL";
    ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false);
    List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
    // 3+1, since ACL will be set for the creator by default
    Assert.assertEquals(aclList.size(), 4);
    Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
    Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
    Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
    Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
    Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
}

Example 28 with Id

use of org.apache.zookeeper.data.Id in project hbase by apache.

the class IntegrationTestZKAndFSPermissions method assertZnodePerms.

private void assertZnodePerms(RecoverableZooKeeper zk, String znode, boolean expectedWorldReadable) throws KeeperException, InterruptedException {
    Stat stat = new Stat();
    List<ACL> acls;
    try {
        acls = zk.getZooKeeper().getACL(znode, stat);
    } catch (NoNodeException ex) {
        LOG.debug("Caught exception for missing znode", ex);
        // the znode is deleted. Probably it was a temporary znode (like RIT).
        return;
    }
    String[] superUsers = superUser == null ? null : superUser.split(",");
    LOG.info("Checking ACLs for znode znode:" + znode + " acls:" + acls);
    for (ACL acl : acls) {
        int perms = acl.getPerms();
        Id id = acl.getId();
        // and one for the hbase user
        if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
            // everyone should be set only if we are expecting this znode to be world readable
            assertTrue(expectedWorldReadable);
            // assert that anyone can only read
            assertEquals(perms, Perms.READ);
        } else if (superUsers != null && ZooKeeperWatcher.isSuperUserId(superUsers, id)) {
            // assert that super user has all the permissions
            assertEquals(perms, Perms.ALL);
        } else if (new Id("sasl", masterPrincipal).equals(id)) {
            // hbase.master.kerberos.principal?
            assertEquals(perms, Perms.ALL);
        } else {
            fail("An ACL is found which is not expected for the znode:" + znode + " , ACL:" + acl);
        }
    }
}

Example 29 with Id

use of org.apache.zookeeper.data.Id in project storm by apache.

the class ClusterUtils method mkTopoOnlyAcls.

public static List<ACL> mkTopoOnlyAcls(Map topoConf) throws NoSuchAlgorithmException {
    List<ACL> aclList = null;
    String payload = (String) topoConf.get(Config.STORM_ZOOKEEPER_TOPOLOGY_AUTH_PAYLOAD);
    if (Utils.isZkAuthenticationConfiguredTopology(topoConf)) {
        aclList = new ArrayList<>();
        ACL acl1 = ZooDefs.Ids.CREATOR_ALL_ACL.get(0);
        aclList.add(acl1);
        ACL acl2 = new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(payload)));
        aclList.add(acl2);
    }
    return aclList;
}

Example 30 with Id

use of org.apache.zookeeper.data.Id in project storm by apache.

the class Utils method getWorkerACL.

public static List<ACL> getWorkerACL(Map conf) {
    //This is a work around to an issue with ZK where a sasl super user is not super unless there is an open SASL ACL so we are trying to give the correct perms
    if (!isZkAuthenticationConfiguredTopology(conf)) {
        return null;
    }
    String stormZKUser = (String) conf.get(Config.STORM_ZOOKEEPER_SUPERACL);
    if (stormZKUser == null) {
        throw new IllegalArgumentException("Authentication is enabled but " + Config.STORM_ZOOKEEPER_SUPERACL + " is not set");
    }
    String[] split = stormZKUser.split(":", 2);
    if (split.length != 2) {
        throw new IllegalArgumentException(Config.STORM_ZOOKEEPER_SUPERACL + " does not appear to be in the form scheme:acl, i.e. sasl:storm-user");
    }
    ArrayList<ACL> ret = new ArrayList<ACL>(ZooDefs.Ids.CREATOR_ALL_ACL);
    ret.add(new ACL(ZooDefs.Perms.ALL, new Id(split[0], split[1])));
    return ret;
}