[GitHub] [skywalking] dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
URL: https://github.com/apache/skywalking/pull/3273#discussion_r314637981
##
File path:
oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProvider.java
##
@@ -61,7 +79,39 @@ public ClusterModuleZookeeperProvider() {
@Override public void prepare() throws ServiceNotProvidedException,
ModuleStartException {
RetryPolicy retryPolicy = new
ExponentialBackoffRetry(config.getBaseSleepTimeMs(), config.getMaxRetries());
-client = CuratorFrameworkFactory.newClient(config.getHostPort(),
retryPolicy);
+
+CuratorFrameworkFactory.Builder builder =
CuratorFrameworkFactory.builder()
+.retryPolicy(retryPolicy)
+.connectString(config.getHostPort());
+if (config.isEnableACL()) {
+final List acls = Lists.newArrayList();
+
+String authInfo = config.getAuth();
+if ("digest".equals(config.getSchema())) {
Review comment:
The Zookeeper Document said:
> digest uses a username:password string to generate MD5 hash which is then
used as an ACL ID identity. Authentication is done by sending the
username:password in clear text. When used in the ACL the expression will be
the username:base64 encoded SHA1 password digest.
Most projects only provided `digest` schema, such as Solr.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
URL: https://github.com/apache/skywalking/pull/3273#discussion_r314304191
##
File path:
oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProvider.java
##
@@ -61,7 +79,39 @@ public ClusterModuleZookeeperProvider() {
@Override public void prepare() throws ServiceNotProvidedException,
ModuleStartException {
RetryPolicy retryPolicy = new
ExponentialBackoffRetry(config.getBaseSleepTimeMs(), config.getMaxRetries());
-client = CuratorFrameworkFactory.newClient(config.getHostPort(),
retryPolicy);
+
+CuratorFrameworkFactory.Builder builder =
CuratorFrameworkFactory.builder()
+.retryPolicy(retryPolicy)
+.connectString(config.getHostPort());
+if (config.isEnableACL()) {
+final List acls = Lists.newArrayList();
+
+String authInfo = config.getAuth();
+if ("digest".equals(config.getSchema())) {
Review comment:
It's not good. I will try others.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
URL: https://github.com/apache/skywalking/pull/3273#discussion_r314281520
##
File path:
oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProvider.java
##
@@ -61,7 +79,39 @@ public ClusterModuleZookeeperProvider() {
@Override public void prepare() throws ServiceNotProvidedException,
ModuleStartException {
RetryPolicy retryPolicy = new
ExponentialBackoffRetry(config.getBaseSleepTimeMs(), config.getMaxRetries());
-client = CuratorFrameworkFactory.newClient(config.getHostPort(),
retryPolicy);
+
+CuratorFrameworkFactory.Builder builder =
CuratorFrameworkFactory.builder()
+.retryPolicy(retryPolicy)
+.connectString(config.getHostPort());
+if (config.isEnableACL()) {
+final List acls = Lists.newArrayList();
+
+String authInfo = config.getAuth();
+if ("digest".equals(config.getSchema())) {
+try {
+authInfo =
DigestAuthenticationProvider.generateDigest(authInfo);
+} catch (NoSuchAlgorithmException e) {
+logger.error(e.getMessage(), e);
Review comment:
Yes, i will update later.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
[GitHub] [skywalking] dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
dmsolr commented on a change in pull request #3273: Support Zookeeper ACL
URL: https://github.com/apache/skywalking/pull/3273#discussion_r314213045
##
File path:
oap-server/server-cluster-plugin/cluster-zookeeper-plugin/src/main/java/org/apache/skywalking/oap/server/cluster/plugin/zookeeper/ClusterModuleZookeeperProvider.java
##
@@ -61,7 +79,39 @@ public ClusterModuleZookeeperProvider() {
@Override public void prepare() throws ServiceNotProvidedException,
ModuleStartException {
RetryPolicy retryPolicy = new
ExponentialBackoffRetry(config.getBaseSleepTimeMs(), config.getMaxRetries());
-client = CuratorFrameworkFactory.newClient(config.getHostPort(),
retryPolicy);
+
+CuratorFrameworkFactory.Builder builder =
CuratorFrameworkFactory.builder()
+.retryPolicy(retryPolicy)
+.connectString(config.getHostPort());
+if (config.isEnableACL()) {
+final List acls = Lists.newArrayList();
+
+String authInfo = config.getAuth();
+if ("digest".equals(config.getSchema())) {
Review comment:
When used in the ACL the expression will be the username:base64 encoded SHA1
password digest. But when used in auth the expression must not encode.
The other schemas, such as `IP`, it doesn't have this problem.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
