in storm-server/src/main/java/org/apache/storm/zookeeper/AclEnforcement.java [58:186]
public static void verifyAcls(Map<String, Object> conf, final boolean fixUp) throws Exception {
if (!Utils.isZkAuthenticationConfiguredStormServer(conf)) {
LOG.info("SECURITY IS DISABLED NO FURTHER CHECKS...");
//There is no security so we are done.
return;
}
ACL superUserAcl = Utils.getSuperUserAcl(conf);
List<ACL> superAcl = new ArrayList<>(1);
superAcl.add(superUserAcl);
List<ACL> drpcFullAcl = new ArrayList<>(2);
drpcFullAcl.add(superUserAcl);
String drpcAclString = (String) conf.get(Config.STORM_ZOOKEEPER_DRPC_ACL);
if (drpcAclString != null) {
Id drpcAclId = Utils.parseZkId(drpcAclString, Config.STORM_ZOOKEEPER_DRPC_ACL);
ACL drpcUserAcl = new ACL(ZooDefs.Perms.READ, drpcAclId);
drpcFullAcl.add(drpcUserAcl);
}
List<String> zkServers = (List<String>) conf.get(Config.STORM_ZOOKEEPER_SERVERS);
int port = ObjectReader.getInt(conf.get(Config.STORM_ZOOKEEPER_PORT));
String stormRoot = (String) conf.get(Config.STORM_ZOOKEEPER_ROOT);
try (CuratorFramework zk = ClientZookeeper.mkClient(conf, zkServers, port, "",
new DefaultWatcherCallBack(), conf, DaemonType.NIMBUS)) {
if (zk.checkExists().forPath(stormRoot) != null) {
//First off we want to verify that ROOT is good
verifyAclStrict(zk, superAcl, stormRoot, fixUp);
} else {
LOG.warn("{} does not exist no need to check any more...", stormRoot);
return;
}
}
// Now that the root is fine we can start to look at the other paths under it.
try (CuratorFramework zk = ClientZookeeper.mkClient(conf, zkServers, port, stormRoot,
new DefaultWatcherCallBack(), conf, DaemonType.NIMBUS)) {
//Next verify that the blob store is correct before we start it up.
if (zk.checkExists().forPath(ClusterUtils.BLOBSTORE_SUBTREE) != null) {
verifyAclStrictRecursive(zk, superAcl, ClusterUtils.BLOBSTORE_SUBTREE, fixUp);
}
if (zk.checkExists().forPath(ClusterUtils.BLOBSTORE_MAX_KEY_SEQUENCE_NUMBER_SUBTREE) != null) {
verifyAclStrict(zk, superAcl, ClusterUtils.BLOBSTORE_MAX_KEY_SEQUENCE_NUMBER_SUBTREE, fixUp);
}
//The blobstore is good, now lets get the list of all topo Ids
Set<String> topoIds = new HashSet<>();
if (zk.checkExists().forPath(ClusterUtils.STORMS_SUBTREE) != null) {
topoIds.addAll(zk.getChildren().forPath(ClusterUtils.STORMS_SUBTREE));
}
Map<String, Id> topoToZkCreds = new HashMap<>();
//Now lets get the creds for the topos so we can verify those as well.
BlobStore bs = ServerUtils.getNimbusBlobStore(conf, NimbusInfo.fromConf(conf), null);
try {
Subject nimbusSubject = new Subject();
nimbusSubject.getPrincipals().add(new NimbusPrincipal());
for (String topoId : topoIds) {
try {
String blobKey = topoId + "-stormconf.ser";
Map<String, Object> topoConf = Utils.fromCompressedJsonConf(bs.readBlob(blobKey, nimbusSubject));
String payload = (String) topoConf.get(Config.STORM_ZOOKEEPER_TOPOLOGY_AUTH_PAYLOAD);
try {
topoToZkCreds.put(topoId, new Id("digest", DigestAuthenticationProvider.generateDigest(payload)));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
} catch (KeyNotFoundException knf) {
LOG.debug("topo removed {}", topoId, knf);
}
}
} finally {
if (bs != null) {
bs.shutdown();
}
}
verifyParentWithReadOnlyTopoChildren(zk, superUserAcl, ClusterUtils.STORMS_SUBTREE, topoToZkCreds, fixUp);
verifyParentWithReadOnlyTopoChildren(zk, superUserAcl, ClusterUtils.ASSIGNMENTS_SUBTREE, topoToZkCreds, fixUp);
//There is a race on credentials where they can be leaked in some versions of storm.
verifyParentWithReadOnlyTopoChildrenDeleteDead(zk, superUserAcl, ClusterUtils.CREDENTIALS_SUBTREE, topoToZkCreds, fixUp);
//There is a race on logconfig where they can be leaked in some versions of storm.
verifyParentWithReadOnlyTopoChildrenDeleteDead(zk, superUserAcl, ClusterUtils.LOGCONFIG_SUBTREE, topoToZkCreds, fixUp);
//There is a race on backpressure too...
verifyParentWithReadWriteTopoChildrenDeleteDead(zk, superUserAcl, ClusterUtils.BACKPRESSURE_SUBTREE, topoToZkCreds, fixUp);
if (zk.checkExists().forPath(ClusterUtils.ERRORS_SUBTREE) != null) {
//errors is a bit special because in older versions of storm the worker created the parent directories lazily
// because of this it means we need to auto create at least the topo-id directory for all running topos.
for (String topoId : topoToZkCreds.keySet()) {
String path = ClusterUtils.errorStormRoot(topoId);
if (zk.checkExists().forPath(path) == null) {
LOG.warn("Creating missing errors location {}", path);
zk.create().withACL(getTopoReadWrite(path, topoId, topoToZkCreds, superUserAcl, fixUp)).forPath(path);
}
}
}
//Error should not be leaked according to the code, but they are not important enough to fail the build if
// for some odd reason they are leaked.
verifyParentWithReadWriteTopoChildrenDeleteDead(zk, superUserAcl, ClusterUtils.ERRORS_SUBTREE, topoToZkCreds, fixUp);
if (zk.checkExists().forPath(ClusterUtils.SECRET_KEYS_SUBTREE) != null) {
verifyAclStrict(zk, superAcl, ClusterUtils.SECRET_KEYS_SUBTREE, fixUp);
verifyAclStrictRecursive(zk, superAcl, ClusterUtils.secretKeysPath(WorkerTokenServiceType.NIMBUS), fixUp);
verifyAclStrictRecursive(zk, drpcFullAcl, ClusterUtils.secretKeysPath(WorkerTokenServiceType.DRPC), fixUp);
}
if (zk.checkExists().forPath(ClusterUtils.NIMBUSES_SUBTREE) != null) {
verifyAclStrictRecursive(zk, superAcl, ClusterUtils.NIMBUSES_SUBTREE, fixUp);
}
if (zk.checkExists().forPath("/leader-lock") != null) {
verifyAclStrictRecursive(zk, superAcl, "/leader-lock", fixUp);
}
if (zk.checkExists().forPath(ClusterUtils.PROFILERCONFIG_SUBTREE) != null) {
verifyAclStrictRecursive(zk, superAcl, ClusterUtils.PROFILERCONFIG_SUBTREE, fixUp);
}
if (zk.checkExists().forPath(ClusterUtils.SUPERVISORS_SUBTREE) != null) {
verifyAclStrictRecursive(zk, superAcl, ClusterUtils.SUPERVISORS_SUBTREE, fixUp);
}
// When moving to pacemaker workerbeats can be leaked too...
verifyParentWithReadWriteTopoChildrenDeleteDead(zk, superUserAcl, ClusterUtils.WORKERBEATS_SUBTREE, topoToZkCreds, fixUp);
}
}