public virtual void TestACLs()
{
DelegationTokenManager tm1;
string connectString = zkServer.GetConnectString();
Configuration conf = GetSecretConf(connectString);
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
string userPass = "******";
ACL digestACL = new ACL(ZooDefs.Perms.All, new ID("digest", DigestAuthenticationProvider
.GenerateDigest(userPass)));
ACLProvider digestAclProvider = new _ACLProvider_319(digestACL);
CuratorFramework curatorFramework = CuratorFrameworkFactory.Builder().ConnectString
(connectString).RetryPolicy(retryPolicy).AclProvider(digestAclProvider).Authorization
("digest", Runtime.GetBytesForString(userPass, "UTF-8")).Build();
curatorFramework.Start();
ZKDelegationTokenSecretManager.SetCurator(curatorFramework);
tm1 = new DelegationTokenManager(conf, new Text("bla"));
tm1.Init();
// check ACL
string workingPath = conf.Get(ZKDelegationTokenSecretManager.ZkDtsmZnodeWorkingPath
);
VerifyACL(curatorFramework, "/" + workingPath, digestACL);
tm1.Destroy();
ZKDelegationTokenSecretManager.SetCurator(null);
curatorFramework.Close();
}
/// <summary>Start the service.</summary>
/// <remarks>
/// Start the service.
/// This is where the curator instance is started.
/// </remarks>
/// <exception cref="System.Exception"/>
protected override void ServiceStart()
{
base.ServiceStart();
// create the curator; rely on the registry security code
// to set up the JVM context and curator
curator = CreateCurator();
}
public void stateChanged(CuratorFramework client, ConnectionState newState)
{
if (ConnectionState.CONNECTED == newState || ConnectionState.RECONNECTED == newState)
{
logAsErrorConnectionErrors.set(true);
}
}
/// <exception cref="System.Exception"/>
public void ChildEvent(CuratorFramework client, PathChildrenCacheEvent @event)
{
switch (@event.GetType())
{
case PathChildrenCacheEvent.Type.ChildAdded:
{
this._enclosing.ProcessTokenAddOrUpdate(@event.GetData());
break;
}
case PathChildrenCacheEvent.Type.ChildUpdated:
{
this._enclosing.ProcessTokenAddOrUpdate(@event.GetData());
break;
}
case PathChildrenCacheEvent.Type.ChildRemoved:
{
this._enclosing.ProcessTokenRemoved(@event.GetData());
break;
}
default:
{
break;
}
}
}
/// <summary>This method creates the Curator client and connects to ZooKeeper.</summary>
/// <param name="config">configuration properties</param>
/// <returns>A Curator client</returns>
/// <exception cref="System.Exception"/>
protected internal virtual CuratorFramework CreateCuratorClient(Properties config
)
{
string connectionString = config.GetProperty(ZookeeperConnectionString, "localhost:2181"
);
RetryPolicy retryPolicy = new ExponentialBackoffRetry(1000, 3);
ACLProvider aclProvider;
string authType = config.GetProperty(ZookeeperAuthType, "none");
if (authType.Equals("sasl"))
{
Log.Info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs");
string principal = SetJaasConfiguration(config);
Runtime.SetProperty(ZooKeeperSaslClient.LoginContextNameKey, JaasLoginEntryName);
Runtime.SetProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
);
aclProvider = new ZKSignerSecretProvider.SASLOwnerACLProvider(principal);
}
else
{
// "none"
Log.Info("Connecting to ZooKeeper without authentication");
aclProvider = new DefaultACLProvider();
}
// open to everyone
CuratorFramework cf = CuratorFrameworkFactory.Builder().ConnectString(connectionString
).RetryPolicy(retryPolicy).AclProvider(aclProvider).Build();
cf.Start();
return(cf);
}
public virtual void TestNamespace()
{
Timing timing = new Timing();
ChildReaper reaper = null;
CuratorFramework client = CuratorFrameworkFactory.Builder().ConnectString(server.
GetConnectString()).SessionTimeoutMs(timing.Session()).ConnectionTimeoutMs(timing
.Connection()).RetryPolicy(new RetryOneTime(1)).Namespace("foo").Build();
try
{
client.Start();
for (int i = 0; i < 10; ++i)
{
client.Create().CreatingParentsIfNeeded().ForPath("/test/" + Extensions.ToString
(i));
}
reaper = new ChildReaper(client, "/test", Reaper.Mode.ReapUntilDelete, 1);
reaper.Start();
timing.ForWaiting().SleepABit();
Stat stat = client.CheckExists().ForPath("/test");
Assert.Equal(stat.GetNumChildren(), 0);
stat = client.UsingNamespace(null).CheckExists().ForPath("/foo/test");
NUnit.Framework.Assert.IsNotNull(stat);
Assert.Equal(stat.GetNumChildren(), 0);
}
finally
{
CloseableUtils.CloseQuietly(reaper);
CloseableUtils.CloseQuietly(client);
}
}
public virtual void TestSimple()
{
Timing timing = new Timing();
ChildReaper reaper = null;
CuratorFramework client = CuratorFrameworkFactory.NewClient(server.GetConnectString
(), timing.Session(), timing.Connection(), new RetryOneTime(1));
try
{
client.Start();
for (int i = 0; i < 10; ++i)
{
client.Create().CreatingParentsIfNeeded().ForPath("/test/" + Extensions.ToString
(i));
}
reaper = new ChildReaper(client, "/test", Reaper.Mode.ReapUntilDelete, 1);
reaper.Start();
timing.ForWaiting().SleepABit();
Stat stat = client.CheckExists().ForPath("/test");
Assert.Equal(stat.GetNumChildren(), 0);
}
finally
{
CloseableUtils.CloseQuietly(reaper);
CloseableUtils.CloseQuietly(client);
}
}
/// <exception cref="System.Exception"/>
private void VerifyACL(CuratorFramework curatorFramework, string path, ACL expectedACL
)
{
IList <ACL> acls = curatorFramework.GetACL().ForPath(path);
Assert.Equal(1, acls.Count);
Assert.Equal(expectedACL, acls[0]);
}
/// <exception cref="System.Exception"/>
public virtual void ProcessResult(CuratorFramework client, CuratorEvent @event)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Delete event {}", @event);
}
events.IncrementAndGet();
}
/// <summary>Create a path dumper -but do not dump the path until asked</summary>
/// <param name="curator">curator instance</param>
/// <param name="root">root</param>
/// <param name="verbose">verbose flag - includes more details (such as ACLs)</param>
public ZKPathDumper(CuratorFramework curator, string root, bool verbose)
{
Preconditions.CheckArgument(curator != null);
Preconditions.CheckArgument(root != null);
this.curator = curator;
this.root = root;
this.verbose = verbose;
}
/// <exception cref="System.Exception"/>
public override void Init(Properties config, ServletContext servletContext, long
tokenValidity)
{
object curatorClientObj = servletContext.GetAttribute(ZookeeperSignerSecretProviderCuratorClientAttribute
);
if (curatorClientObj != null && curatorClientObj is CuratorFramework)
{
client = (CuratorFramework)curatorClientObj;
}
else
{
client = CreateCuratorClient(config);
servletContext.SetAttribute(ZookeeperSignerSecretProviderCuratorClientAttribute,
client);
}
this.tokenValidity = tokenValidity;
shouldDisconnect = System.Boolean.Parse(config.GetProperty(DisconnectFromZookeeperOnShutdown
, "true"));
path = config.GetProperty(ZookeeperPath);
if (path == null)
{
throw new ArgumentException(ZookeeperPath + " must be specified");
}
try
{
nextRolloverDate = Runtime.CurrentTimeMillis() + tokenValidity;
// everyone tries to do this, only one will succeed and only when the
// znode doesn't already exist. Everyone else will synchronize on the
// data from the znode
client.Create().CreatingParentsIfNeeded().ForPath(path, GenerateZKData(GenerateRandomSecret
(), GenerateRandomSecret(), null));
zkVersion = 0;
Log.Info("Creating secret znode");
}
catch (KeeperException.NodeExistsException)
{
Log.Info("The secret znode already exists, retrieving data");
}
// Synchronize on the data from the znode
// passing true tells it to parse out all the data for initing
PullFromZK(true);
long initialDelay = nextRolloverDate - Runtime.CurrentTimeMillis();
// If it's in the past, try to find the next interval that we should
// be using
if (initialDelay < 1l)
{
int i = 1;
while (initialDelay < 1l)
{
initialDelay = nextRolloverDate + tokenValidity * i - Runtime.CurrentTimeMillis();
i++;
}
}
base.StartScheduler(initialDelay, tokenValidity);
}
/// <param name="client">the client</param>
/// <param name="path">path to reap children from</param>
/// <param name="executor">executor to use for background tasks</param>
/// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted
/// </param>
/// <param name="mode">reaping mode</param>
/// <param name="leaderPath">if not null, uses a leader selection so that only 1 reaper is active in the cluster
/// </param>
public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, ScheduledExecutorService
executor, int reapingThresholdMs, string leaderPath)
{
this.client = client;
this.mode = mode;
this.executor = new CloseableScheduledExecutorService(executor);
this.reapingThresholdMs = reapingThresholdMs;
this.reaper = new Reaper(client, executor, reapingThresholdMs, leaderPath);
AddPath(path);
}
public void processResult(CuratorFramework client, ICuratorEvent @event)
{
_service.execute(RunnableUtils.FromFunc(() =>
{
try
{
_callback.processResult(_client, @event);
}
catch (Exception e)
{
ThreadUtils.checkInterrupted(e);
var keeperException = e as KeeperException;
if (keeperException != null)
{
_client.validateConnection(_client.codeToState(keeperException));
}
_client.logError("Background operation result handling threw exception", e);
}
}));
}
private ZooKeeperClient(CuratorFramework curator, ILog log, ConnectionStringRandomizer connectionStringRandomizer)
{
this.connectionStringRandomizer = connectionStringRandomizer;
Curator = curator;
Curator.getConnectionStateListenable()
.addListener(
new ConnectionListener(
state =>
{
RandomizeConnectionStringIfNeeded(state);
if (ConnectionStateChanged != null)
{
ConnectionStateChanged(state);
}
})
);
baseLog = log;
Log = log.ForContext("ZK");
InterceptLogger();
watcherWrappers = new ConcurrentDictionary <IWatcher, WatcherWrapper>(new ReferenceEqualityComparer <IWatcher>());
}
/**
* @param client the client
* @param threadFactory thread factory to use or null for a default
*/
public ConnectionStateManager(CuratorFramework client, int queueSize)
{
this.client = client;
service = ThreadUtils.newSingleThreadExecutor(GetType().FullName);
QUEUE_SIZE = queueSize <= 0 ? 25 : queueSize;
}
/// <exception cref="System.IO.IOException"/>
public override void StartThreads()
{
if (!isExternalClient)
{
try
{
zkClient.Start();
}
catch (Exception e)
{
throw new IOException("Could not start Curator Framework", e);
}
}
else
{
// If namespace parents are implicitly created, they won't have ACLs.
// So, let's explicitly create them.
CuratorFramework nullNsFw = zkClient.UsingNamespace(null);
EnsurePath ensureNs = nullNsFw.NewNamespaceAwareEnsurePath("/" + zkClient.GetNamespace
());
try
{
ensureNs.Ensure(nullNsFw.GetZookeeperClient());
}
catch (Exception e)
{
throw new IOException("Could not create namespace", e);
}
}
listenerThreadPool = Executors.NewSingleThreadExecutor();
try
{
delTokSeqCounter = new SharedCount(zkClient, ZkDtsmSeqnumRoot, 0);
if (delTokSeqCounter != null)
{
delTokSeqCounter.Start();
}
}
catch (Exception e)
{
throw new IOException("Could not start Sequence Counter", e);
}
try
{
keyIdSeqCounter = new SharedCount(zkClient, ZkDtsmKeyidRoot, 0);
if (keyIdSeqCounter != null)
{
keyIdSeqCounter.Start();
}
}
catch (Exception e)
{
throw new IOException("Could not start KeyId Counter", e);
}
try
{
CreatePersistentNode(ZkDtsmMasterKeyRoot);
CreatePersistentNode(ZkDtsmTokensRoot);
}
catch (Exception)
{
throw new RuntimeException("Could not create ZK paths");
}
try
{
keyCache = new PathChildrenCache(zkClient, ZkDtsmMasterKeyRoot, true);
if (keyCache != null)
{
keyCache.Start(PathChildrenCache.StartMode.BuildInitialCache);
keyCache.GetListenable().AddListener(new _PathChildrenCacheListener_340(this), listenerThreadPool
);
}
}
catch (Exception e)
{
throw new IOException("Could not start PathChildrenCache for keys", e);
}
try
{
tokenCache = new PathChildrenCache(zkClient, ZkDtsmTokensRoot, true);
if (tokenCache != null)
{
tokenCache.Start(PathChildrenCache.StartMode.BuildInitialCache);
tokenCache.GetListenable().AddListener(new _PathChildrenCacheListener_368(this),
listenerThreadPool);
}
}
catch (Exception e)
{
throw new IOException("Could not start PathChildrenCache for tokens", e);
}
base.StartThreads();
}
internal FailedDeleteManager(CuratorFramework client)
{
this.client = client;
}
/**
* @param client the client
* @param path path to ensure is containers
*/
public EnsureContainers(CuratorFramework client, string path)
{
this.client = client;
this.path = path;
}
public ZKDelegationTokenSecretManager(Configuration conf)
: base(conf.GetLong(DelegationTokenManager.UpdateInterval, DelegationTokenManager
.UpdateIntervalDefault) * 1000, conf.GetLong(DelegationTokenManager.MaxLifetime,
DelegationTokenManager.MaxLifetimeDefault) * 1000, conf.GetLong(DelegationTokenManager
.RenewInterval, DelegationTokenManager.RenewIntervalDefault * 1000), conf.GetLong
(DelegationTokenManager.RemovalScanInterval, DelegationTokenManager.RemovalScanIntervalDefault
) * 1000)
{
shutdownTimeout = conf.GetLong(ZkDtsmZkShutdownTimeout, ZkDtsmZkShutdownTimeoutDefault
);
if (CuratorTl.Get() != null)
{
zkClient = CuratorTl.Get().UsingNamespace(conf.Get(ZkDtsmZnodeWorkingPath, ZkDtsmZnodeWorkingPathDeafult
) + "/" + ZkDtsmNamespace);
isExternalClient = true;
}
else
{
string connString = conf.Get(ZkDtsmZkConnectionString);
Preconditions.CheckNotNull(connString, "Zookeeper connection string cannot be null"
);
string authType = conf.Get(ZkDtsmZkAuthType);
// AuthType has to be explicitly set to 'none' or 'sasl'
Preconditions.CheckNotNull(authType, "Zookeeper authType cannot be null !!");
Preconditions.CheckArgument(authType.Equals("sasl") || authType.Equals("none"), "Zookeeper authType must be one of [none, sasl]"
);
CuratorFrameworkFactory.Builder builder = null;
try
{
ACLProvider aclProvider = null;
if (authType.Equals("sasl"))
{
Log.Info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs");
string principal = SetJaasConfiguration(conf);
Runtime.SetProperty(ZooKeeperSaslClient.LoginContextNameKey, JaasLoginEntryName);
Runtime.SetProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
);
aclProvider = new ZKDelegationTokenSecretManager.SASLOwnerACLProvider(principal);
}
else
{
// "none"
Log.Info("Connecting to ZooKeeper without authentication");
aclProvider = new DefaultACLProvider();
}
// open to everyone
int sessionT = conf.GetInt(ZkDtsmZkSessionTimeout, ZkDtsmZkSessionTimeoutDefault);
int numRetries = conf.GetInt(ZkDtsmZkNumRetries, ZkDtsmZkNumRetriesDefault);
builder = CuratorFrameworkFactory.Builder().AclProvider(aclProvider).Namespace(conf
.Get(ZkDtsmZnodeWorkingPath, ZkDtsmZnodeWorkingPathDeafult) + "/" + ZkDtsmNamespace
).SessionTimeoutMs(sessionT).ConnectionTimeoutMs(conf.GetInt(ZkDtsmZkConnectionTimeout
, ZkDtsmZkConnectionTimeoutDefault)).RetryPolicy(new RetryNTimes(numRetries, sessionT
/ numRetries));
}
catch (Exception)
{
throw new RuntimeException("Could not Load ZK acls or auth");
}
zkClient = builder.EnsembleProvider(new FixedEnsembleProvider(connString)).Build(
);
isExternalClient = false;
}
}
/// <param name="client">the client</param>
/// <param name="path">path to reap children from</param>
/// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted
/// </param>
/// <param name="mode">reaping mode</param>
public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, int reapingThresholdMs
)
: this(client, path, mode, NewExecutorService(), reapingThresholdMs, null)
{
}
/// <param name="client">the client</param>
/// <param name="path">path to reap children from</param>
/// <param name="executor">executor to use for background tasks</param>
/// <param name="reapingThresholdMs">threshold in milliseconds that determines that a path can be deleted
/// </param>
/// <param name="mode">reaping mode</param>
public ChildReaper(CuratorFramework client, string path, Reaper.Mode mode, ScheduledExecutorService
executor, int reapingThresholdMs)
: this(client, path, mode, executor, reapingThresholdMs, null)
{
}
public static void SetCurator(CuratorFramework curator)
{
CuratorTl.Set(curator);
}
/// <exception cref="System.Exception"/>
public virtual void ProcessResult(CuratorFramework client, CuratorEvent @event)
{
Log.Info("received {}", @event);
eventCounter.IncrementAndGet();
events.Put(@event);
}
public void stateChanged(CuratorFramework client, ConnectionState newState)
{
if (ConnectionState.CONNECTED == newState || ConnectionState.RECONNECTED == newState)
{
logAsErrorConnectionErrors.set(true);
}
}
public void stateChanged(CuratorFramework curator, org.apache.curator.framework.state.ConnectionState state)
{
callback((ConnectionState)state.ordinal());
}
/**
* @param client the client
* @param threadFactory thread factory to use or null for a default
*/
public ConnectionStateManager(CuratorFramework client, int queueSize)
{
this.client = client;
service = ThreadUtils.newSingleThreadExecutor(GetType().FullName);
QUEUE_SIZE = queueSize <= 0 ? 25 : queueSize;
}
internal FailedDeleteManager(CuratorFramework client)
{
this.client = client;
}
public void processResult(CuratorFramework client, ICuratorEvent @event)
{
_service.execute(RunnableUtils.FromFunc(() =>
{
try
{
_callback.processResult(_client, @event);
}
catch ( Exception e )
{
ThreadUtils.checkInterrupted(e);
var keeperException = e as KeeperException;
if ( keeperException != null )
{
_client.validateConnection(_client.codeToState(keeperException));
}
_client.logError("Background operation result handling threw exception", e);
}
}));
}
/**
* @param client the client
* @param path path to ensure is containers
*/
public EnsureContainers(CuratorFramework client, string path)
{
this.client = client;
this.path = path;
}
