use of org.apache.zookeeper.data.Id in project hbase by apache.
the class TestZKUtil method testSecuritySingleSuperuser.
@Test
public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException {
Configuration conf = HBaseConfiguration.create();
conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
String node = "/hbase/testSecuritySingleSuperuser";
ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false);
List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
// 1+1, since ACL will be set for the creator by default
Assert.assertEquals(aclList.size(), 2);
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
Assert.assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
}
use of org.apache.zookeeper.data.Id in project hbase by apache.
the class TestZKUtil method testCreateACL.
@Test
public void testCreateACL() throws ZooKeeperConnectionException, IOException {
Configuration conf = HBaseConfiguration.create();
conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
String node = "/hbase/testCreateACL";
ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false);
List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
// 3+1, since ACL will be set for the creator by default
Assert.assertEquals(aclList.size(), 4);
Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
}
use of org.apache.zookeeper.data.Id in project hbase by apache.
the class IntegrationTestZKAndFSPermissions method assertZnodePerms.
private void assertZnodePerms(RecoverableZooKeeper zk, String znode, boolean expectedWorldReadable) throws KeeperException, InterruptedException {
Stat stat = new Stat();
List<ACL> acls;
try {
acls = zk.getZooKeeper().getACL(znode, stat);
} catch (NoNodeException ex) {
LOG.debug("Caught exception for missing znode", ex);
// the znode is deleted. Probably it was a temporary znode (like RIT).
return;
}
String[] superUsers = superUser == null ? null : superUser.split(",");
LOG.info("Checking ACLs for znode znode:" + znode + " acls:" + acls);
for (ACL acl : acls) {
int perms = acl.getPerms();
Id id = acl.getId();
// and one for the hbase user
if (Ids.ANYONE_ID_UNSAFE.equals(id)) {
// everyone should be set only if we are expecting this znode to be world readable
assertTrue(expectedWorldReadable);
// assert that anyone can only read
assertEquals(perms, Perms.READ);
} else if (superUsers != null && ZooKeeperWatcher.isSuperUserId(superUsers, id)) {
// assert that super user has all the permissions
assertEquals(perms, Perms.ALL);
} else if (new Id("sasl", masterPrincipal).equals(id)) {
// hbase.master.kerberos.principal?
assertEquals(perms, Perms.ALL);
} else {
fail("An ACL is found which is not expected for the znode:" + znode + " , ACL:" + acl);
}
}
}
use of org.apache.zookeeper.data.Id in project storm by apache.
the class ClusterUtils method mkTopoOnlyAcls.
public static List<ACL> mkTopoOnlyAcls(Map topoConf) throws NoSuchAlgorithmException {
List<ACL> aclList = null;
String payload = (String) topoConf.get(Config.STORM_ZOOKEEPER_TOPOLOGY_AUTH_PAYLOAD);
if (Utils.isZkAuthenticationConfiguredTopology(topoConf)) {
aclList = new ArrayList<>();
ACL acl1 = ZooDefs.Ids.CREATOR_ALL_ACL.get(0);
aclList.add(acl1);
ACL acl2 = new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(payload)));
aclList.add(acl2);
}
return aclList;
}
use of org.apache.zookeeper.data.Id in project storm by apache.
the class Utils method getWorkerACL.
public static List<ACL> getWorkerACL(Map conf) {
//This is a work around to an issue with ZK where a sasl super user is not super unless there is an open SASL ACL so we are trying to give the correct perms
if (!isZkAuthenticationConfiguredTopology(conf)) {
return null;
}
String stormZKUser = (String) conf.get(Config.STORM_ZOOKEEPER_SUPERACL);
if (stormZKUser == null) {
throw new IllegalArgumentException("Authentication is enabled but " + Config.STORM_ZOOKEEPER_SUPERACL + " is not set");
}
String[] split = stormZKUser.split(":", 2);
if (split.length != 2) {
throw new IllegalArgumentException(Config.STORM_ZOOKEEPER_SUPERACL + " does not appear to be in the form scheme:acl, i.e. sasl:storm-user");
}
ArrayList<ACL> ret = new ArrayList<ACL>(ZooDefs.Ids.CREATOR_ALL_ACL);
ret.add(new ACL(ZooDefs.Perms.ALL, new Id(split[0], split[1])));
return ret;
}
Aggregations