mirror of https://github.com/apache/druid.git
acl for zookeeper is added
This commit is contained in:
Nikita Geer
fjy
parent
d7ad93debc
commit
1908d63162
|
|
@ -40,6 +40,7 @@ We recommend just setting the base ZK path and the ZK service host, but all ZK p
|
||||||
|--------|-----------|-------|
|
|--------|-----------|-------|
|
||||||
|`druid.zk.service.sessionTimeoutMs`|ZooKeeper session timeout, in milliseconds.|`30000`|
|
|`druid.zk.service.sessionTimeoutMs`|ZooKeeper session timeout, in milliseconds.|`30000`|
|
||||||
|`druid.zk.service.compress`|Boolean flag for whether or not created Znodes should be compressed.|`true`|
|
|`druid.zk.service.compress`|Boolean flag for whether or not created Znodes should be compressed.|`true`|
|
||||||
|
|`druid.zk.service.acl`|Boolean flag for whether or not to enable ACL security for ZooKeeper. If ACL is enabled, zNode creators will have all permissions.|`false`|
|
||||||
|
|
||||||
#### Path Configuration
|
#### Path Configuration
|
||||||
Druid interacts with ZK through a set of standard path configurations. We recommend just setting the base ZK path, but all ZK paths that Druid uses can be overwritten to absolute paths.
|
Druid interacts with ZK through a set of standard path configurations. We recommend just setting the base ZK path, but all ZK paths that Druid uses can be overwritten to absolute paths.
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
package io.druid.curator;
|
package io.druid.curator;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
|
import com.google.common.base.Preconditions;
|
||||||
|
|
||||||
import javax.validation.constraints.Min;
|
import javax.validation.constraints.Min;
|
||||||
|
|
||||||
|
|
@ -37,6 +38,9 @@ public class CuratorConfig
|
||||||
@JsonProperty("compress")
|
@JsonProperty("compress")
|
||||||
private boolean enableCompression = true;
|
private boolean enableCompression = true;
|
||||||
|
|
||||||
|
@JsonProperty("acl")
|
||||||
|
private boolean enableAcl = false;
|
||||||
|
|
||||||
public String getZkHosts()
|
public String getZkHosts()
|
||||||
{
|
{
|
||||||
return zkHosts;
|
return zkHosts;
|
||||||
|
|
@ -57,13 +61,25 @@ public class CuratorConfig
|
||||||
this.zkSessionTimeoutMs = zkSessionTimeoutMs;
|
this.zkSessionTimeoutMs = zkSessionTimeoutMs;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Boolean getEnableCompression()
|
public boolean getEnableCompression()
|
||||||
{
|
{
|
||||||
return enableCompression;
|
return enableCompression;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setEnableCompression(Boolean enableCompression)
|
public void setEnableCompression(Boolean enableCompression)
|
||||||
{
|
{
|
||||||
|
Preconditions.checkNotNull(enableCompression, "enableCompression");
|
||||||
this.enableCompression = enableCompression;
|
this.enableCompression = enableCompression;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean getEnableAcl()
|
||||||
|
{
|
||||||
|
return enableAcl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableAcl(Boolean enableAcl)
|
||||||
|
{
|
||||||
|
Preconditions.checkNotNull(enableAcl, "enableAcl");
|
||||||
|
this.enableAcl = enableAcl;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,14 +24,23 @@ import com.google.inject.Module;
|
||||||
import com.google.inject.Provides;
|
import com.google.inject.Provides;
|
||||||
import com.metamx.common.lifecycle.Lifecycle;
|
import com.metamx.common.lifecycle.Lifecycle;
|
||||||
import com.metamx.common.logger.Logger;
|
import com.metamx.common.logger.Logger;
|
||||||
|
|
||||||
import io.druid.guice.JsonConfigProvider;
|
import io.druid.guice.JsonConfigProvider;
|
||||||
import io.druid.guice.LazySingleton;
|
import io.druid.guice.LazySingleton;
|
||||||
|
|
||||||
|
import org.apache.curator.framework.api.ACLProvider;
|
||||||
import org.apache.curator.framework.CuratorFramework;
|
import org.apache.curator.framework.CuratorFramework;
|
||||||
import org.apache.curator.framework.CuratorFrameworkFactory;
|
import org.apache.curator.framework.CuratorFrameworkFactory;
|
||||||
|
import org.apache.curator.framework.imps.DefaultACLProvider;
|
||||||
import org.apache.curator.retry.BoundedExponentialBackoffRetry;
|
import org.apache.curator.retry.BoundedExponentialBackoffRetry;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import org.apache.zookeeper.ZooDefs;
|
||||||
|
import org.apache.zookeeper.data.ACL;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*/
|
*/
|
||||||
public class CuratorModule implements Module
|
public class CuratorModule implements Module
|
||||||
|
|
@ -43,19 +52,22 @@ public class CuratorModule implements Module
|
||||||
{
|
{
|
||||||
JsonConfigProvider.bind(
|
JsonConfigProvider.bind(
|
||||||
binder, "druid.zk.service",
|
binder, "druid.zk.service",
|
||||||
CuratorConfig.class);
|
CuratorConfig.class
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Provides @LazySingleton
|
@Provides
|
||||||
|
@LazySingleton
|
||||||
public CuratorFramework makeCurator(CuratorConfig config, Lifecycle lifecycle) throws IOException
|
public CuratorFramework makeCurator(CuratorConfig config, Lifecycle lifecycle) throws IOException
|
||||||
{
|
{
|
||||||
final CuratorFramework framework =
|
final CuratorFramework framework =
|
||||||
CuratorFrameworkFactory.builder()
|
CuratorFrameworkFactory.builder()
|
||||||
.connectString(config.getZkHosts())
|
.connectString(config.getZkHosts())
|
||||||
.sessionTimeoutMs(config.getZkSessionTimeoutMs())
|
.sessionTimeoutMs(config.getZkSessionTimeoutMs())
|
||||||
.retryPolicy(new BoundedExponentialBackoffRetry(1000, 45000, 30))
|
.retryPolicy(new BoundedExponentialBackoffRetry(1000, 45000, 30))
|
||||||
.compressionProvider(new PotentiallyGzippedCompressionProvider(config.getEnableCompression()))
|
.compressionProvider(new PotentiallyGzippedCompressionProvider(config.getEnableCompression()))
|
||||||
.build();
|
.aclProvider(config.getEnableAcl() ? new SecuredACLProvider() : new DefaultACLProvider())
|
||||||
|
.build();
|
||||||
|
|
||||||
lifecycle.addHandler(
|
lifecycle.addHandler(
|
||||||
new Lifecycle.Handler()
|
new Lifecycle.Handler()
|
||||||
|
|
@ -78,4 +90,19 @@ public class CuratorModule implements Module
|
||||||
|
|
||||||
return framework;
|
return framework;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class SecuredACLProvider implements ACLProvider
|
||||||
|
{
|
||||||
|
@Override
|
||||||
|
public List<ACL> getDefaultAcl()
|
||||||
|
{
|
||||||
|
return ZooDefs.Ids.CREATOR_ALL_ACL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<ACL> getAclForPath(String path)
|
||||||
|
{
|
||||||
|
return ZooDefs.Ids.CREATOR_ALL_ACL;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,12 +28,14 @@ import java.lang.reflect.InvocationTargetException;
|
||||||
public class CuratorConfigTest extends JsonConfigTesterBase<CuratorConfig>
|
public class CuratorConfigTest extends JsonConfigTesterBase<CuratorConfig>
|
||||||
{
|
{
|
||||||
@Test
|
@Test
|
||||||
public void testHostName() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException
|
public void testSerde() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException
|
||||||
{
|
{
|
||||||
propertyValues.put(getPropertyKey("host"),"fooHost");
|
propertyValues.put(getPropertyKey("host"), "fooHost");
|
||||||
|
propertyValues.put(getPropertyKey("acl"), "true");
|
||||||
testProperties.putAll(propertyValues);
|
testProperties.putAll(propertyValues);
|
||||||
configProvider.inject(testProperties, configurator);
|
configProvider.inject(testProperties, configurator);
|
||||||
CuratorConfig config = configProvider.get().get();
|
CuratorConfig config = configProvider.get().get();
|
||||||
Assert.assertEquals("fooHost", config.getZkHosts());
|
Assert.assertEquals("fooHost", config.getZkHosts());
|
||||||
|
Assert.assertEquals(true, config.getEnableAcl());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue