Java Examples
The following examples show how to use
Example #1
Source File: From big-c with Apache License 2.0 | 6 votes |
@Test public void testUserHomedirsPermissionsRestricted() throws Throwable { // test that the /users/$user permissions are restricted RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations(); // create Alice's dir, so it should have an ACL for Alice final String home = rmRegistryOperations.initUserRegistry(ALICE); List<ACL> acls = rmRegistryOperations.zkGetACLS(home); ACL aliceACL = null; for (ACL acl : acls) {; Id id = acl.getId(); if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL) && id.getId().startsWith(ALICE)) { aliceACL = acl; break; } } assertNotNull(aliceACL); assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS, aliceACL.getPerms()); }
Example #2
Source File: From tbschedule with Apache License 2.0 | 6 votes |
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper(, Integer.parseInt(, new Watcher() { @Override public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = + ":" + .getProperty(keys.password.toString()); this.isCheckParentPath = Boolean .parseBoolean(, "true")); zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
Example #3
Source File: From helios with Apache License 2.0 | 6 votes |
@Override public List<ACL> getAclForPath(final String path) { // id -> permissions final Map<Id, Integer> matching = Maps.newHashMap(); for (final Rule rule : rules) { if (rule.matches(path)) { final int existingPerms = matching.containsKey( ? matching.get( : 0; matching.put(, rule.perms | existingPerms); } } if (matching.isEmpty()) { return null; } final List<ACL> acls = Lists.newArrayList(); for (final Map.Entry<Id, Integer> e : matching.entrySet()) { acls.add(new ACL(e.getValue(), e.getKey())); } return acls; }
Example #4
Source File: From ambari-logsearch with Apache License 2.0 | 6 votes |
/** * Get ACLs from a property (get the value then parse and transform it as ACL objects) * @param properties key/value pairs that needs to be parsed as ACLs * @return list of ACLs */ public static List<ACL> getAcls(Map<String, String> properties) { String aclStr = properties.get(ZK_ACLS_PROPERTY); if (StringUtils.isBlank(aclStr)) { return ZooDefs.Ids.OPEN_ACL_UNSAFE; } List<ACL> acls = new ArrayList<>(); List<String> aclStrList = Splitter.on(",").omitEmptyStrings().trimResults().splitToList(aclStr); for (String unparcedAcl : aclStrList) { String[] parts = unparcedAcl.split(":"); if (parts.length == 3) { acls.add(new ACL(parsePermission(parts[2]), new Id(parts[0], parts[1]))); } } return acls; }
Example #5
Source File: From atlas with Apache License 2.0 | 6 votes |
@Test public void shouldCreateSetupInProgressNode() throws Exception { Set<SetupStep> steps = new LinkedHashSet<>(); SetupStep setupStep1 = mock(SetupStep.class); steps.add(setupStep1); when(configuration. getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT); when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("digest:user:pwd"); List<ACL> aclList = Arrays.asList(new ACL(ZooDefs.Perms.ALL, new Id("digest", "user:pwd"))); setupServerIdSelectionMocks(); CreateBuilder createBuilder = setupSetupInProgressPathMocks(aclList).getLeft(); InterProcessMutex lock = mock(InterProcessMutex.class); when(curatorFactory.lockInstance(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(lock); SetupSteps setupSteps = new SetupSteps(steps, curatorFactory, configuration); setupSteps.runSetup(); verify(createBuilder).withACL(aclList); verify(createBuilder).forPath(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT+SetupSteps.SETUP_IN_PROGRESS_NODE, "id2".getBytes(Charsets.UTF_8)); }
Example #6
Source File: From stategen with GNU Affero General Public License v3.0 | 6 votes |
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper( .toString()), Integer.parseInt( .getProperty(keys.zkSessionTimeout.toString())), new Watcher() { public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = + ":"+; this.isCheckParentPath = Boolean.parseBoolean(,"true")); zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
Example #7
Source File: From atlas with Apache License 2.0 | 6 votes |
@Test public void shouldDeleteSetupInProgressNodeAfterCompletion() throws Exception { Set<SetupStep> steps = new LinkedHashSet<>(); SetupStep setupStep1 = mock(SetupStep.class); steps.add(setupStep1); when(configuration. getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT); when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("digest:user:pwd"); List<ACL> aclList = Arrays.asList(new ACL(ZooDefs.Perms.ALL, new Id("digest", "user:pwd"))); setupServerIdSelectionMocks(); DeleteBuilder deleteBuilder = setupSetupInProgressPathMocks(aclList).getRight(); InterProcessMutex lock = mock(InterProcessMutex.class); when(curatorFactory.lockInstance(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(lock); SetupSteps setupSteps = new SetupSteps(steps, curatorFactory, configuration); setupSteps.runSetup(); verify(deleteBuilder).forPath(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT+SetupSteps.SETUP_IN_PROGRESS_NODE); }
Example #8
Source File: From curator with Apache License 2.0 | 6 votes |
@Test public void testAcl() throws NoSuchAlgorithmException { List<ACL> aclList = Collections.singletonList(new ACL(ZooDefs.Perms.WRITE, new Id("digest", DigestAuthenticationProvider.generateDigest("test:test")))); ModelSpec<TestModel> aclModelSpec = ModelSpec.builder(modelSpec.path(), modelSpec.serializer()).withAclList(aclList).build(); ModeledFramework<TestModel> client = ModeledFramework.wrap(async, aclModelSpec); complete(client.set(new TestModel("John", "Galt", "Galt's Gulch", 21, BigInteger.valueOf(1010101)))); complete(client.update(new TestModel("John", "Galt", "Galt's Gulch", 54, BigInteger.valueOf(88))), (__, e) -> Assert.assertNotNull(e, "Should've gotten an auth failure")); try (CuratorFramework authCurator = CuratorFrameworkFactory.builder().connectString(server.getConnectString()).retryPolicy(new RetryOneTime(1)).authorization("digest", "test:test".getBytes()).build()) { authCurator.start(); ModeledFramework<TestModel> authClient = ModeledFramework.wrap(AsyncCuratorFramework.wrap(authCurator), aclModelSpec); complete(authClient.update(new TestModel("John", "Galt", "Galt's Gulch", 42, BigInteger.valueOf(66))), (__, e) -> Assert.assertNull(e, "Should've succeeded")); } }
Example #9
Source File: From knox with Apache License 2.0 | 6 votes |
private void validateKnoxConfigNodeACLs(List<ACL> expectedACLS, List<ACL> actualACLs) { assertEquals(expectedACLS.size(), actualACLs.size()); int matchedCount = 0; for (ACL expected : expectedACLS) { for (ACL actual : actualACLs) { Id expectedId = expected.getId(); Id actualId = actual.getId(); if (actualId.getScheme().equals(expectedId.getScheme()) && actualId.getId().equals(expectedId.getId())) { matchedCount++; assertEquals(expected.getPerms(), actual.getPerms()); break; } } } assertEquals("ACL mismatch despite being same quantity.", expectedACLS.size(), matchedCount); }
Example #10
Source File: From hadoop with Apache License 2.0 | 6 votes |
/** * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * ZooKeeper access, construct the {@link ACL}s for the store's root node. * In the constructed {@link ACL}, all the users allowed by zkAcl are given * rwa access, while the current RM has exclude create-delete access. * * To be called only when HA is enabled and the configuration doesn't set ACL * for the root node. */ @VisibleForTesting @Private @Unstable protected List<ACL> constructZkRootNodeACL( Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException { List<ACL> zkRootNodeAcl = new ArrayList<ACL>(); for (ACL acl : sourceACLs) { zkRootNodeAcl.add(new ACL( ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS), acl.getId())); } zkRootNodeUsername = HAUtil.getConfValueForRMInstance( YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, conf); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest( zkRootNodeUsername + ":" + zkRootNodePassword)); zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId)); return zkRootNodeAcl; }
Example #11
Source File: From knox with Apache License 2.0 | 6 votes |
@Override public void setACL(String path, List<EntryACL> entryACLs) { // Translate the abstract ACLs into ZooKeeper ACLs List<ACL> delegateACLs = new ArrayList<>(); for (EntryACL entryACL : entryACLs) { String scheme = entryACL.getType(); String id = entryACL.getId(); int permissions = 0; if (entryACL.canWrite()) { permissions = ZooDefs.Perms.ALL; } else if (entryACL.canRead()){ permissions = ZooDefs.Perms.READ; } delegateACLs.add(new ACL(permissions, new Id(scheme, id))); } try { // Set the ACLs for the path delegate.setACL().withACL(delegateACLs).forPath(path); } catch (Exception e) { log.errorSettingEntryACL(path, e); } }
Example #12
Source File: From hadoop with Apache License 2.0 | 6 votes |
@Test public void testUserHomedirsPermissionsRestricted() throws Throwable { // test that the /users/$user permissions are restricted RMRegistryOperationsService rmRegistryOperations = startRMRegistryOperations(); // create Alice's dir, so it should have an ACL for Alice final String home = rmRegistryOperations.initUserRegistry(ALICE); List<ACL> acls = rmRegistryOperations.zkGetACLS(home); ACL aliceACL = null; for (ACL acl : acls) {; Id id = acl.getId(); if (id.getScheme().equals(ZookeeperConfigOptions.SCHEME_SASL) && id.getId().startsWith(ALICE)) { aliceACL = acl; break; } } assertNotNull(aliceACL); assertEquals(RegistryAdminService.USER_HOMEDIR_ACL_PERMISSIONS, aliceACL.getPerms()); }
Example #13
Source File: From jstorm with Apache License 2.0 | 6 votes |
public static List<ACL> getWorkerACL(Map conf) { // This is a work around to an issue with ZK where a sasl super user is not super unless there is an open SASL ACL // so we are trying to give the correct perms if (!isZkAuthenticationConfiguredTopology(conf)) { return null; } String stormZKUser = (String) conf.get(Config.STORM_ZOOKEEPER_SUPERACL); if (stormZKUser == null) { throw new IllegalArgumentException("Authentication is enabled but " + Config.STORM_ZOOKEEPER_SUPERACL + " is not set"); } String[] split = stormZKUser.split(":", 2); if (split.length != 2) { throw new IllegalArgumentException(Config.STORM_ZOOKEEPER_SUPERACL + " does not appear to be in the form scheme:acl, i.e. sasl:storm-user"); } ArrayList<ACL> ret = new ArrayList<>(ZooDefs.Ids.CREATOR_ALL_ACL); ret.add(new ACL(ZooDefs.Perms.ALL, new Id(split[0], split[1]))); return ret; }
Example #14
Source File: From big-c with Apache License 2.0 | 6 votes |
/** * Parse a string down to an ID, adding a realm if needed * @param idPair id:data tuple * @param realm realm to add * @return the ID. * @throws IllegalArgumentException if the idPair is invalid */ public Id parse(String idPair, String realm) { int firstColon = idPair.indexOf(':'); int lastColon = idPair.lastIndexOf(':'); if (firstColon == -1 || lastColon == -1 || firstColon != lastColon) { throw new IllegalArgumentException( "ACL '" + idPair + "' not of expected form scheme:id"); } String scheme = idPair.substring(0, firstColon); String id = idPair.substring(firstColon + 1); if (id.endsWith("@")) { Preconditions.checkArgument( StringUtils.isNotEmpty(realm), "@ suffixed account but no realm %s", id); id = id + realm; } return new Id(scheme, id); }
Example #15
Source File: From incubator-atlas with Apache License 2.0 | 6 votes |
@Test public void shouldCreateSetupInProgressNode() throws Exception { Set<SetupStep> steps = new LinkedHashSet<>(); SetupStep setupStep1 = mock(SetupStep.class); steps.add(setupStep1); when(configuration. getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT); when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("digest:user:pwd"); List<ACL> aclList = Arrays.asList(new ACL(ZooDefs.Perms.ALL, new Id("digest", "user:pwd"))); setupServerIdSelectionMocks(); CreateBuilder createBuilder = setupSetupInProgressPathMocks(aclList).getLeft(); InterProcessMutex lock = mock(InterProcessMutex.class); when(curatorFactory.lockInstance(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(lock); SetupSteps setupSteps = new SetupSteps(steps, curatorFactory, configuration); setupSteps.runSetup(); verify(createBuilder).withACL(aclList); verify(createBuilder).forPath(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT+SetupSteps.SETUP_IN_PROGRESS_NODE, "id2".getBytes(Charsets.UTF_8)); }
Example #16
Source File: From incubator-atlas with Apache License 2.0 | 6 votes |
@Test public void shouldDeleteSetupInProgressNodeAfterCompletion() throws Exception { Set<SetupStep> steps = new LinkedHashSet<>(); SetupStep setupStep1 = mock(SetupStep.class); steps.add(setupStep1); when(configuration. getString(HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT); when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("digest:user:pwd"); List<ACL> aclList = Arrays.asList(new ACL(ZooDefs.Perms.ALL, new Id("digest", "user:pwd"))); setupServerIdSelectionMocks(); DeleteBuilder deleteBuilder = setupSetupInProgressPathMocks(aclList).getRight(); InterProcessMutex lock = mock(InterProcessMutex.class); when(curatorFactory.lockInstance(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(lock); SetupSteps setupSteps = new SetupSteps(steps, curatorFactory, configuration); setupSteps.runSetup(); verify(deleteBuilder).forPath(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT+SetupSteps.SETUP_IN_PROGRESS_NODE); }
Example #17
Source File: From big-c with Apache License 2.0 | 6 votes |
/** * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * ZooKeeper access, construct the {@link ACL}s for the store's root node. * In the constructed {@link ACL}, all the users allowed by zkAcl are given * rwa access, while the current RM has exclude create-delete access. * * To be called only when HA is enabled and the configuration doesn't set ACL * for the root node. */ @VisibleForTesting @Private @Unstable protected List<ACL> constructZkRootNodeACL( Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException { List<ACL> zkRootNodeAcl = new ArrayList<ACL>(); for (ACL acl : sourceACLs) { zkRootNodeAcl.add(new ACL( ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS), acl.getId())); } zkRootNodeUsername = HAUtil.getConfValueForRMInstance( YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, conf); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest( zkRootNodeUsername + ":" + zkRootNodePassword)); zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId)); return zkRootNodeAcl; }
Example #18
Source File: From uncode-schedule with Apache License 2.0 | 6 votes |
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper( .toString()), Integer.parseInt( .getProperty(keys.zkSessionTimeout.toString())), new Watcher() { public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = + ":" +; zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
Example #19
Source File: From javabase with Apache License 2.0 | 6 votes |
/** * * @return */ public List<ACL> getCreateNodeAcls() { List<ACL> listAcls = new ArrayList<ACL>(3); try { Id id = new Id(PropertiesDynLoading.authScheme, DigestAuthenticationProvider.generateDigest(PropertiesDynLoading.accessKey)); ACL acl = new ACL(Perms.CREATE, id); listAcls.add(acl); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); return Ids.OPEN_ACL_UNSAFE; } return listAcls; }
Example #20
Source File: From codes-scratch-zookeeper-netty with Apache License 2.0 | 6 votes |
public static CuratorFramework create() { RetryNTimes retryPolicy = new RetryNTimes(5, 5000); String authString = Constants.ZK_USER_NAME + ":" + Constants.ZK_PASSWORD; CuratorFramework client = CuratorFrameworkFactory.builder().connectString(Constants.ZK_CONNECT_STRING) .retryPolicy(retryPolicy) .connectionTimeoutMs(Constants.ZOO_KEEPER_TIMEOUT) .sessionTimeoutMs(Constants.ZOO_KEEPER_TIMEOUT * 3) .authorization("digest", authString.getBytes()).build(); try { acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE)); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); LOGGER.error("ZKUtil-->>create() error,", e); } return client; }
Example #21
Source File: From uncode-schedule with GNU General Public License v2.0 | 6 votes |
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper( .toString()), Integer.parseInt( .getProperty(keys.zkSessionTimeout.toString())), new Watcher() { public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = + ":"+; zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
Example #22
Source File: From hadoop with Apache License 2.0 | 6 votes |
/** * Parse a string down to an ID, adding a realm if needed * @param idPair id:data tuple * @param realm realm to add * @return the ID. * @throws IllegalArgumentException if the idPair is invalid */ public Id parse(String idPair, String realm) { int firstColon = idPair.indexOf(':'); int lastColon = idPair.lastIndexOf(':'); if (firstColon == -1 || lastColon == -1 || firstColon != lastColon) { throw new IllegalArgumentException( "ACL '" + idPair + "' not of expected form scheme:id"); } String scheme = idPair.substring(0, firstColon); String id = idPair.substring(firstColon + 1); if (id.endsWith("@")) { Preconditions.checkArgument( StringUtils.isNotEmpty(realm), "@ suffixed account but no realm %s", id); id = id + realm; } return new Id(scheme, id); }
Example #23
Source File: From lucene-solr with Apache License 2.0 | 5 votes |
/** * Note: only used for tests */ protected List<ACL> createACLsToAdd(boolean includeReadOnly, String digestAllUsername, String digestAllPassword, String digestReadonlyUsername, String digestReadonlyPassword) { try { List<ACL> result = new ArrayList<ACL>(); // Not to have to provide too much credentials and ACL information to the process it is assumed that you want "ALL"-acls // added to the user you are using to connect to ZK (if you are using VMParamsSingleSetCredentialsDigestZkCredentialsProvider) if (!StringUtils.isEmpty(digestAllUsername) && !StringUtils.isEmpty(digestAllPassword)) { result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(digestAllUsername + ":" + digestAllPassword)))); } if (includeReadOnly) { // Besides that support for adding additional "READONLY"-acls for another user if (!StringUtils.isEmpty(digestReadonlyUsername) && !StringUtils.isEmpty(digestReadonlyPassword)) { result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(digestReadonlyUsername + ":" + digestReadonlyPassword)))); } } if (result.isEmpty()) { result = ZooDefs.Ids.OPEN_ACL_UNSAFE; } return result; } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
Example #24
Source File: From big-c with Apache License 2.0 | 5 votes |
/** * Parse comma separated list of ACL entries to secure generated nodes, e.g. * <code>sasl:hdfs/host1@MY.DOMAIN:cdrwa,sasl:hdfs/host2@MY.DOMAIN:cdrwa</code> * * @return ACL list * @throws {@link BadAclFormatException} if an ACL is invalid */ public static List<ACL> parseACLs(String aclString) throws BadAclFormatException { List<ACL> acl = Lists.newArrayList(); if (aclString == null) { return acl; } List<String> aclComps = Lists.newArrayList( Splitter.on(',').omitEmptyStrings().trimResults() .split(aclString)); for (String a : aclComps) { // from ZooKeeperMain private method int firstColon = a.indexOf(':'); int lastColon = a.lastIndexOf(':'); if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) { throw new BadAclFormatException( "ACL '" + a + "' not of expected form scheme:id:perm"); } ACL newAcl = new ACL(); newAcl.setId(new Id(a.substring(0, firstColon), a.substring( firstColon + 1, lastColon))); newAcl.setPerms(getPermFromString(a.substring(lastColon + 1))); acl.add(newAcl); } return acl; }
Example #25
Source File: From lucene-solr with Apache License 2.0 | 5 votes |
@Override protected List<ACL> createNonSecurityACLsToAdd() { List<ACL> ret = new ArrayList<ACL>(); ret.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", superUser))); ret.add(new ACL(ZooDefs.Perms.READ, ZooDefs.Ids.ANYONE_ID_UNSAFE)); return ret; }
Example #26
Source File: From chronus with Apache License 2.0 | 5 votes |
private void connect() throws Exception { RetryPolicy retryPolicy = new RetryUntilElapsed(Integer.MAX_VALUE, 10); String userName = properties.getProperty(keys.userName.toString()); String zkConnectString = properties.getProperty(keys.zkConnectString.toString()); int zkSessionTimeout = Integer.parseInt(properties.getProperty(keys.zkSessionTimeout.toString())); int zkConnectionTimeout = Integer.parseInt(properties.getProperty(keys.zkConnectionTimeout.toString())); boolean isCheckParentPath = Boolean.parseBoolean(properties.getProperty(keys.isCheckParentPath.toString(), "true")); String authString = userName + ":" + properties.getProperty(keys.password.toString()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE));"----------------------------开始创建ZK连接----------------------------");"zkConnectString:{}", zkConnectString);"zkSessionTimeout:{}", zkSessionTimeout);"zkConnectionTimeout:{}", zkConnectionTimeout);"isCheckParentPath:{}", isCheckParentPath);"userName:{}", userName); curator = CuratorFrameworkFactory.builder().connectString(zkConnectString) .sessionTimeoutMs(zkSessionTimeout) .connectionTimeoutMs(zkConnectionTimeout) .retryPolicy(retryPolicy).authorization("digest", authString.getBytes()) .aclProvider(new ACLProvider() { @Override public List<ACL> getDefaultAcl() { return ZooDefs.Ids.CREATOR_ALL_ACL; } @Override public List<ACL> getAclForPath(String path) { return ZooDefs.Ids.CREATOR_ALL_ACL; } }).build(); curator.start();"----------------------------创建ZK连接成功----------------------------"); this.isCheckParentPath = isCheckParentPath; }
Example #27
Source File: From nifi with Apache License 2.0 | 5 votes |
private SaslACLProvider(ZooKeeperClientConfig config) { if(!StringUtils.isEmpty(config.getAuthPrincipal())) { final String realm = config.getAuthPrincipal().substring(config.getAuthPrincipal().indexOf('@') + 1, config.getAuthPrincipal().length()); final String[] user = config.getAuthPrincipal().substring(0, config.getAuthPrincipal().indexOf('@')).split("/"); final String host = user.length == 2 ? user[1] : null; final String instance = user[0]; final StringBuilder principal = new StringBuilder(instance); if (!config.getRemoveHostFromPrincipal().equalsIgnoreCase("true")) { principal.append("/"); principal.append(host); } if (!config.getRemoveRealmFromPrincipal().equalsIgnoreCase("true")) { principal.append("@"); principal.append(realm); } this.acls = Lists.newArrayList(new ACL(ZooDefs.Perms.ALL, new Id(SASL_AUTH_SCHEME, principal.toString()))); this.acls.addAll(ZooDefs.Ids.READ_ACL_UNSAFE); }else{ throw new IllegalArgumentException("No Kerberos Principal configured for use with SASL Authentication Scheme"); } }
Example #28
Source File: From helios with Apache License 2.0 | 5 votes |
@Test public void testNoMatchingRules() { final Id id = new Id("some_scheme", "id"); final RuleBasedZooKeeperAclProvider aclProvider = RuleBasedZooKeeperAclProvider.builder() .rule("/foo/bar/baz", WRITE, id) .build(); assertNull(aclProvider.getAclForPath("/foo/bar")); }
Example #29
Source File: From incubator-atlas with Apache License 2.0 | 5 votes |
@Test public void testSharedPathIsCreatedWithRightACLIfNotExists() throws Exception { when(configuration.getString(HAConfiguration.ATLAS_SERVER_ADDRESS_PREFIX +"id1")).thenReturn(HOST_PORT); when(configuration.getString(HAConfiguration.HA_ZOOKEEPER_ACL)).thenReturn("sasl:myclient@EXAMPLE.COM"); when(configuration.getString( HAConfiguration.ATLAS_SERVER_HA_ZK_ROOT_KEY, HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT)). thenReturn(HAConfiguration.ATLAS_SERVER_ZK_ROOT_DEFAULT); when(curatorFactory.clientInstance()).thenReturn(curatorFramework); ExistsBuilder existsBuilder = mock(ExistsBuilder.class); when(curatorFramework.checkExists()).thenReturn(existsBuilder); when(existsBuilder.forPath(getPath())).thenReturn(null); CreateBuilder createBuilder = mock(CreateBuilder.class); when(curatorFramework.create()).thenReturn(createBuilder); when(createBuilder.withMode(CreateMode.EPHEMERAL)).thenReturn(createBuilder); ACL expectedAcl = new ACL(ZooDefs.Perms.ALL, new Id("sasl", "myclient@EXAMPLE.COM")); when(createBuilder. withACL(Arrays.asList(new ACL[]{expectedAcl}))).thenReturn(createBuilder); SetDataBuilder setDataBuilder = mock(SetDataBuilder.class); when(curatorFramework.setData()).thenReturn(setDataBuilder); ActiveInstanceState activeInstanceState = new ActiveInstanceState(configuration, curatorFactory); activeInstanceState.update("id1"); verify(createBuilder).forPath(getPath()); }
Example #30
Source File: From knox with Apache License 2.0 | 5 votes |
SASLOwnerACLProvider(boolean isKerberos) { if(isKerberos) { saslACL.add(new ACL(ZooDefs.Perms.ALL, new Id("sasl", "knox"))); } else { this.saslACL.addAll(ZooDefs.Ids.CREATOR_ALL_ACL); // All permissions for any authenticated user } }