private static ArrayList<ACL> createACL(ZKWatcher zkw, String node) { return createACL(zkw, node, isSecureZooKeeper(zkw.getConfiguration())); }
/** * Async creates the specified node with the specified data. * * <p>Throws an exception if the node already exists. * * <p>The node created is persistent and open access. * * @param zkw zk reference * @param znode path of node to create * @param data data of node to create * @param cb the callback to use for the creation * @param ctx the context to use for the creation */ public static void asyncCreate(ZKWatcher zkw, String znode, byte [] data, final AsyncCallback.StringCallback cb, final Object ctx) { zkw.getRecoverableZooKeeper().getZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT, cb, ctx); }
/** * Set the znode perms recursively. This will do post-order recursion, so that baseZnode ACLs * will be set last in case the master fails in between. * @param znode the ZNode to set the permissions for */ private void setZnodeAclsRecursive(String znode) throws KeeperException, InterruptedException { List<String> children = recoverableZooKeeper.getChildren(znode, false); for (String child : children) { setZnodeAclsRecursive(ZNodePaths.joinZNode(znode, child)); } List<ACL> acls = ZKUtil.createACL(this, znode, true); LOG.info("Setting ACLs for znode:" + znode + " , acl:" + acls); recoverableZooKeeper.setAcl(znode, acls, -1); }
boolean ret = true; try { zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.EPHEMERAL); } catch (KeeperException.NodeExistsException nee) {
@Test public void testUnsecure() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testUnsecure"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, false); assertEquals(1, aclList.size()); assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next())); }
/** * Creates the specified znode with the specified data but does not watch it. * * Returns the znode of the newly created node * * If there is another problem, a KeeperException will be thrown. * * @param zkw zk reference * @param znode path of node * @param data data of node * @param createMode specifying whether the node to be created is ephemeral and/or sequential * @return true name of the newly created znode or null * @throws KeeperException if unexpected zookeeper exception */ public static String createNodeIfNotExistsNoWatch(ZKWatcher zkw, String znode, byte[] data, CreateMode createMode) throws KeeperException { String createdZNode = null; try { createdZNode = zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), createMode); } catch (KeeperException.NodeExistsException nee) { return znode; } catch (InterruptedException e) { zkw.interruptedException(e); return null; } return createdZNode; }
private static void resetAcls(final ZKWatcher zkw, final String znode, final boolean eraseAcls) throws Exception { List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode); if (children != null) { for (String child: children) { resetAcls(zkw, ZNodePaths.joinZNode(znode, child), eraseAcls); } } ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper(); if (eraseAcls) { LOG.info(" - erase ACLs for " + znode); zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1); } else { LOG.info(" - set ACLs for " + znode); zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1); } }
@Test public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testSecuritySingleSuperuser"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next())); }
/** * Convert from ZKUtilOp to ZKOp */ private static Op toZooKeeperOp(ZKWatcher zkw, ZKUtilOp op) throws UnsupportedOperationException { if(op == null) { return null; } if (op instanceof CreateAndFailSilent) { CreateAndFailSilent cafs = (CreateAndFailSilent)op; return Op.create(cafs.getPath(), cafs.getData(), createACL(zkw, cafs.getPath()), CreateMode.PERSISTENT); } else if (op instanceof DeleteNodeFailSilent) { DeleteNodeFailSilent dnfs = (DeleteNodeFailSilent)op; return Op.delete(dnfs.getPath(), -1); } else if (op instanceof SetData) { SetData sd = (SetData) op; return Op.setData(sd.getPath(), sd.getData(), sd.getVersion()); } else { throw new UnsupportedOperationException("Unexpected ZKUtilOp type: " + op.getClass().getName()); } }
/** * Creates the specified node and all parent nodes required for it to exist. The creation of * parent znodes is not atomic with the leafe znode creation but the data is written atomically * when the leaf node is created. * * No watches are set and no errors are thrown if the node already exists. * * The nodes created are persistent and open access. * * @param zkw zk reference * @param znode path of node * @throws KeeperException if unexpected zookeeper exception */ public static void createWithParents(ZKWatcher zkw, String znode, byte[] data) throws KeeperException { try { if(znode == null) { return; } zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); } catch(KeeperException.NodeExistsException nee) { return; } catch(KeeperException.NoNodeException nne) { createWithParents(zkw, getParent(znode)); createWithParents(zkw, znode, data); } catch(InterruptedException ie) { zkw.interruptedException(ie); } }
boolean ret = true; try { zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); } catch (KeeperException.NodeExistsException nee) {
throws KeeperException, KeeperException.NodeExistsException { try { zkw.getRecoverableZooKeeper().create(znode, data, createACL(zkw, znode), CreateMode.PERSISTENT); Stat stat = zkw.getRecoverableZooKeeper().exists(znode, zkw);
@Test public void testCreateACL() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3"); String node = "/hbase/testCreateACL"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1")))); assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3")))); }
@Test public void testCreateACLWithSameUser() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user4,@group1,user5,user6"); UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("user4")); String node = "/hbase/testCreateACL"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(3, aclList.size()); // 3, since service user the same as one of superuser assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("auth", "")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user5")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user6")))); }
private static ArrayList<ACL> createACL(ZKWatcher zkw, String node) { return createACL(zkw, node, isSecureZooKeeper(zkw.getConfiguration())); }
@Test public void testUnsecure() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testUnsecure"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, false); assertEquals(1, aclList.size()); assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next())); }
@Test public void testUnsecure() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testUnsecure"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, false); assertEquals(1, aclList.size()); assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next())); }
@Test public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testSecuritySingleSuperuser"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next())); }
@Test public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1"); String node = "/hbase/testSecuritySingleSuperuser"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next())); }
@Test public void testCreateACL() throws ZooKeeperConnectionException, IOException { Configuration conf = HBaseConfiguration.create(); conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3"); String node = "/hbase/testCreateACL"; ZKWatcher watcher = new ZKWatcher(conf, node, null, false); List<ACL> aclList = ZKUtil.createACL(watcher, node, true); assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1")))); assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2")))); assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3")))); }