@Override public Void run() throws KeeperException, InterruptedException { List<ACL> acl = zkClient.getACL(path, stat); if (acl == null || !acl.containsAll(zkAcl) || !zkAcl.containsAll(acl)) { zkClient.setACL(path, zkAcl, stat.getAversion()); } return null; } }, Code.BADVERSION);
private DataStatAclNode retrieveNode(ZooKeeper zooKeeper, String path) { Preconditions.checkNotNull(zooKeeper, "ZooKeeper client must not be null"); Preconditions.checkNotNull(path, "path must not be null"); final Stat stat = new Stat(); final byte[] data; final List<ACL> acls; final long ephemeralOwner; try { data = zooKeeper.getData(path, false, stat); acls = zooKeeper.getACL(path, stat); ephemeralOwner = stat.getEphemeralOwner(); } catch (InterruptedException | KeeperException e) { if (e instanceof InterruptedException) { Thread.currentThread().interrupt(); } throw new RuntimeException(String.format("unable to get data, ACLs, and stats from %s for node at path %s", zooKeeper, path), e); } return new DataStatAclNode(path, data, stat, acls, ephemeralOwner); }
public void createNodePrintAcl(ZooKeeper zk, String path, String testName) { try { LOG.debug("KeyAuthenticationProvider Creating Test Node:" + path + ".\n"); zk.create(path, null, Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); List<ACL> acls = zk.getACL(path, null); LOG.debug("Node: " + path + " Test:" + testName + " ACLs:"); for (ACL acl : acls) { LOG.debug(" " + acl.toString()); } } catch (Exception e) { LOG.debug(" EXCEPTION THROWN", e); } }
@Override public boolean exec() throws CliException { String path = args[1]; Stat stat = new Stat(); List<ACL> acl; try { acl = zk.getACL(path, stat); } catch (IllegalArgumentException ex) { throw new MalformedPathException(ex.getMessage()); } catch (KeeperException|InterruptedException ex) { throw new CliWrapperException(ex); } for (ACL a : acl) { out.println(a.getId() + ": " + getPermString(a.getPerms())); } if (cl.hasOption("s")) { new StatPrinter(out).print(stat); } return false; }
public void verifyGetACLFailure_NoNode(){ rc = Code.NONODE; stat = null; acl = null; zk.getACL(path, stat, this, toString()); verify(); }
@Test public void testSetAclRecursive() throws Exception { final ZooKeeper zk = createClient(); final byte[] EMPTY = new byte[0]; zk.setData("/", EMPTY, -1); zk.create("/a", EMPTY, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); zk.create("/a/b", EMPTY, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); zk.create("/a/b/c", EMPTY, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); zk.create("/a/d", EMPTY, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); zk.create("/e", EMPTY, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); ZooKeeperMain zkMain = new ZooKeeperMain(zk); String setAclCommand = "setAcl -R /a world:anyone:r"; zkMain.cl.parseCommand(setAclCommand); Assert.assertFalse(zkMain.processZKCmd(zkMain.cl)); Assert.assertEquals(Ids.READ_ACL_UNSAFE, zk.getACL("/a", new Stat())); Assert.assertEquals(Ids.READ_ACL_UNSAFE, zk.getACL("/a/b", new Stat())); Assert.assertEquals(Ids.READ_ACL_UNSAFE, zk.getACL("/a/b/c", new Stat())); Assert.assertEquals(Ids.READ_ACL_UNSAFE, zk.getACL("/a/d", new Stat())); // /e is unset, its acl should remain the same. Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, zk.getACL("/e", new Stat())); } }
} else if (cmd.equals("getAcl") && args.length >= 2) { path = args[1]; acl = zk.getACL(path, stat); for (ACL a : acl) { System.out.println(a.getId() + ": "
public void verifyGetACL() { new StringCB(zk).verifyCreate(); zk.getACL(path, stat, this, toString()); verify(); }
zk = createClient(); zk.getData("/acltest", false, null); List<ACL> acls = zk.getACL("/acltest", new Stat()); Assert.assertEquals(1, acls.size()); Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, acls);
/** * Finally, we check the ACLs of a node outside of the /hbase hierarchy and * verify that its ACL is simply 'hbase:Perms.ALL'. */ @Test public void testOutsideHBaseNodeACL() throws Exception { if (!secureZKAvailable) { return; } ZKUtil.createWithParents(zkw, "/testACLNode"); List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper() .getACL("/testACLNode", new Stat()); assertEquals(1, acls.size()); assertEquals("sasl", acls.get(0).getId().getScheme()); assertEquals("hbase", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms()); }
/** * getAcl is an idempotent operation. Retry before throwing exception * @return list of ACLs */ public List<ACL> getAcl(String path, Stat stat) throws KeeperException, InterruptedException { try (TraceScope scope = TraceUtil.createTrace("RecoverableZookeeper.getAcl")) { RetryCounter retryCounter = retryCounterFactory.create(); while (true) { try { long startTime = EnvironmentEdgeManager.currentTime(); List<ACL> nodeACL = checkZk().getACL(path, stat); return nodeACL; } catch (KeeperException e) { switch (e.code()) { case CONNECTIONLOSS: retryOrThrow(retryCounter, e, "getAcl"); break; case OPERATIONTIMEOUT: retryOrThrow(retryCounter, e, "getAcl"); break; default: throw e; } } retryCounter.sleepUntilNextRetry(); } } }
zk = createClient(); zk.getData("/acltest", false, null); List<ACL> acls = zk.getACL("/acltest", new Stat()); Assert.assertEquals(1, acls.size()); Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, acls); acls = zk.getACL("/acltest", null); Assert.assertEquals(1, acls.size()); Assert.assertEquals(Ids.OPEN_ACL_UNSAFE, acls);
/** * Create a node and check its ACL. When authentication is enabled on * ZooKeeper, all nodes (except /hbase/root-region-server, /hbase/master * and /hbase/hbaseid) should be created so that only the hbase server user * (master or region server user) that created them can access them, and * this user should have all permissions on this node. For * /hbase/root-region-server, /hbase/master, and /hbase/hbaseid the * permissions should be as above, but should also be world-readable. First * we check the general case of /hbase nodes in the following test, and * then check the subset of world-readable nodes in the three tests after * that. */ @Test public void testHBaseRootZNodeACL() throws Exception { if (!secureZKAvailable) { return; } List<ACL> acls = zkw.getRecoverableZooKeeper().getZooKeeper() .getACL("/hbase", new Stat()); assertEquals(1, acls.size()); assertEquals("sasl", acls.get(0).getId().getScheme()); assertEquals("hbase", acls.get(0).getId().getId()); assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms()); }
try { s = new Stat(); oldACL = zk.getACL("/", s); break; } catch (KeeperException e) {
.getACL("/hbase/master", new Stat()); assertEquals(2, acls.size());
.getACL("/hbase/hbaseid", new Stat()); assertEquals(2, acls.size());
.getACL("/hbase/root-region-server", new Stat()); assertEquals(2, acls.size());
List<ACL> acls; try { acls = zk.getZooKeeper().getACL(znode, stat); } catch (NoNodeException ex) { LOG.debug("Caught exception for missing znode", ex);
List<ACL> acls = zk.getACL("/path", new Stat()); Assert.assertEquals(2,acls.size());
@Override public List<ACL> call() throws Exception { return client.getZooKeeper().getACL(path, responseStat); } }