hadoop-zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Greenwood" <to...@audiencescience.com>
Subject RE: ACL question w/ Zookeeper 3.1.1
Date Fri, 18 Sep 2009 18:27:19 GMT
Patrick / Mahadev,

Thanks for the heads-up!

Apparently I *am* receiving email from zookeeper-user but it is being
filtered out as spam. This just started happening, but I'll rectify on
my end.

I'm working thru Mahadev's response and will respond shortly (and search
for other postings, as well). Appologies for the cross post. 

-Todd

> -----Original Message-----
> From: Patrick Hunt [mailto:phunt@apache.org]
> Sent: Friday, September 18, 2009 11:19 AM
> To: zookeeper-dev@hadoop.apache.org; zookeeper-user@hadoop.apache.org
> Cc: Todd Greenwood
> Subject: Re: ACL question w/ Zookeeper 3.1.1
> 
> Todd, there were other responses as well. Are you seeing other traffic
> from the lists? (perhaps a spam filtering issue?)
> 
> Patrick
> 
> Mahadev Konar wrote:
> > HI todd,
> >   We did respond on zookeeper-user. Here is my response in case you
> didn't
> > see it...
> >
> >
> > HI todd,
> >  From what I understand, you are sayin that a creator_all_acl does
not
> work
> > with auth?
> >
> >  I tried the following with CREATOR_ALL_ACL and it seemed to work
for
> me...
> >
> > import org.apache.zookeeper.CreateMode;
> > import org.apache.zookeeper.WatchedEvent;
> > import org.apache.zookeeper.Watcher;
> > import org.apache.zookeeper.ZooKeeper;
> > import org.apache.zookeeper.data.ACL;
> > import org.apache.zookeeper.ZooDefs.Ids;
> > import java.util.ArrayList;
> > import java.util.List;
> >
> > public class TestACl implements Watcher {
> >
> >     public static void main(String[] argv) throws Exception {
> >         List<ACL> acls = new ArrayList<ACL>(1);
> >         String authentication_type = "digest";
> >         String authentication = "mahadev:some";
> >
> >         for (ACL ids_acl : Ids.CREATOR_ALL_ACL) {
> >             acls.add(ids_acl);
> >         }
> >         TestACl tacl = new TestACl();
> >         ZooKeeper zoo = new ZooKeeper("localhost:2181", 3000, tacl);
> >         zoo.addAuthInfo(authentication_type,
authentication.getBytes());
> >         zoo.create("/some", new byte[0], acls,
CreateMode.PERSISTENT);
> >         zoo.setData("/some", new byte[0], -1);
> >     }
> >
> >     @Override
> >     public void process(WatchedEvent event) {
> >
> >
> >     }
> > }
> >
> >
> > And it worked on my set of zookeeper servers....
> >
> > And then
> > I tried
> >
> > Without auth
> >
> > Getdata("/some")
> >
> > Which correctly gave me the error:
> >
> >
> > Exception in thread "main"
> > org.apache.zookeeper.KeeperException$NoAuthException:
KeeperErrorCode =
> > NoAuth for /some
> >     at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:104)
> >     at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:42)
> >     at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:892)
> >     at org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:921)
> >     at
> >
org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:692)
> >     at
> org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:579)
> >     at
> >
org.apache.zookeeper.ZooKeeperMain.executeLine(ZooKeeperMain.java:351)
> >     at
org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:309)
> >     at
org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:268)
> >
> >
> > Is this what you are trying to do?
> >
> > Thanks
> > mahadev
> >
> >
> > On 9/18/09 10:33 AM, "Todd Greenwood" <toddg@audiencescience.com>
wrote:
> >
> >> Appologies for cross posting, but I haven't received a response on
> this.
> >> Quite simply, could someone point me to a working
example/tutorial/docs
> >> that describe how to use digest ACLs in zookeeper 3.1.1? The docs
that
> I
> >> have found (referenced below) have not clarified this for me.
> >>
> >> -Todd
> >>
> >>> -----Original Message-----
> >>> From: Todd Greenwood
> >>> Sent: Thursday, September 17, 2009 5:05 PM
> >>> To: 'zookeeper-user@hadoop.apache.org'
> >>> Subject: ACL question w/ Zookeeper 3.1.1
> >>>
> >>> I'm attempting to secure a zookeeper installation using zookeeper
> >> ACLs.
> >>> However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great,
my
> >>> attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
> >> snippet:
> >>>
> >>> public class ZooWrapper
> >>> {
> >>>
> >>> /*
> >>> 1. Here I'm setting up my authentication. I've got an ACL list,
and my
> >>> authentication strings.
> >>> */
> >>>     private final List<ACL> acl = new ArrayList<ACL>( 1 );
> >>>     private static final String authentication_type = "digest";
> >>>     private static final String authentication =
> >> "audiencescience:gravy";
> >>>
> >>>     public ZooWrapper( final String connection_string,
> >>>                        final String path,
> >>>                        final int connectiontimeout ) throws
> >>> ZooWrapperException
> >>>     {
> >>> ...
> >>> /*
> >>> 2. Here I'm adding the acls
> >>> */
> >>>
> >>>         // This works (creates nodes, sets data on nodes)
> >>>         for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
> >>>         {
> >>>             acl.add( ids_acl);
> >>>         }
> >>>
> >>> /*
> >>> NOTE:  This does not work (nodes are not created, cannot set data
on
> >> nodes
> >>> b/c nodes do not exist)
> >>> */
> >>>
> >>> //        for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
> >>> //        {
> >>> //            acl.add( ids_acl );
> >>> //        }
> >>>
> >>> /*
> >>> 3. Finally, I create a new zookeeper instance and add my
authorization
> >>> info to it.
> >>> */
> >>>      zoo = new ZooKeeper( connection_string, connectiontimeout,
this
> >> );
> >>>      zoo.addAuthInfo( authentication_type,
authentication.getBytes() )
> >>>
> >>> /*
> >>> 4. Later, I try to write some data into zookeeper by first
creating
> >> the
> >>> node, and then calling setdata...
> >>> */
> >>>       zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );
> >>>       zoo.setData( path, bytes, -1 )
> >>>
> >>> As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then
both
> >> the
> >>> create and setData succeed. However, when I use
Ids.CREATOR_ALL_ACL,
> >> then
> >>> the nodes are not created. Am I missing something obvious w/
respect
> >> to
> >>> configuring ACLs?
> >>>
> >>> I've used the following references:
> >>>
> >>>
> >>
>
http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html
> >>> http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-
> >>>
commits/200807.mbox/%3C20080731201025.C62092388873@eris.apache.org%3E
> >>>
> >>> http://books.google.com/books?id=bKPEwR-
> >>>
> >>
>
Pt6EC&pg=PT404&lpg=PT404&dq=zookeeper+ACL+digest+%22new+Id%22&source=bl&
> >> ot
> >>
>
s=kObz0y8eFk&sig=VFCAsNW0mBJyZswoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxs
> >> yI
> >>
>
Dw&sa=X&oi=book_result&ct=result&resnum=6#v=onepage&q=zookeeper%20ACL%20
> >> di
> >>> gest%20%22new%20Id%22&f=false
> >>>
> >>> -Todd
> >

Mime
View raw message