I'm attempting to secure a zookeeper installation using zookeeper ACLs.
However, I'm finding that while Ids.OPEN_ACL_UNSAFE works great, my
attempts at using Ids.CREATOR_ALL_ACL are failing. Here's a code
snippet:


public class ZooWrapper
{

/*
1. Here I'm setting up my authentication. I've got an ACL list, and my
authentication strings.
*/
    private final List<ACL> acl = new ArrayList<ACL>( 1 );
    private static final String authentication_type = "digest";
    private static final String authentication =
"audiencescience:gravy";


    public ZooWrapper( final String connection_string,
                       final String path,
                       final int connectiontimeout ) throws
ZooWrapperException
    {
...
/*
2. Here I'm adding the acls
*/

        // This works (creates nodes, sets data on nodes)
        for ( ACL ids_acl : Ids.OPEN_ACL_UNSAFE )
        {
            acl.add( ids_acl);
        }

/*
NOTE:  This does not work (nodes are not created, cannot set data on
nodes b/c nodes do not exist)
*/

//        for ( ACL ids_acl : Ids.CREATOR_ALL_ACL )
//        {
//            acl.add( ids_acl );
//        }

/*
3. Finally, I create a new zookeeper instance and add my authorization
info to it.
*/
     zoo = new ZooKeeper( connection_string, connectiontimeout, this );
     zoo.addAuthInfo( authentication_type, authentication.getBytes() )

/*
4. Later, I try to write some data into zookeeper by first creating the
node, and then calling setdata...
*/
      zoo.create( path, new byte[0], acl, CreateMode.PERSISTENT );

      zoo.setData( path, bytes, -1 )

As I mentioned above, when I add Ids.OPEN_ACL_UNSAFE to acl, then both
the create and setData succeed. However, when I use Ids.CREATOR_ALL_ACL,
then the nodes are not created. Am I missing something obvious w/
respect to configuring ACLs?

I've used the following references:

http://hadoop.apache.org/zookeeper/docs/r3.1.1/zookeeperProgrammers.html

http://mail-archives.apache.org/mod_mbox/hadoop-zookeeper-commits/200807
.mbox/%3c20080731201025.c62092388...@eris.apache.org%3e

http://books.google.com/books?id=bKPEwR-Pt6EC&pg=PT404&lpg=PT404&dq=zook
eeper+ACL+digest+%22new+Id%22&source=bl&ots=kObz0y8eFk&sig=VFCAsNW0mBJyZ
swoweJDI31iNlo&hl=en&ei=Z82ySojRFsqRlAeqxsyIDw&sa=X&oi=book_result&ct=re
sult&resnum=6#v=onepage&q=zookeeper%20ACL%20digest%20%22new%20Id%22&f=fa
lse

-Todd

Reply via email to