com.spotify.helios.servicescommon

Class ZooKeeperAclProviders

java.lang.Object

com.spotify.helios.servicescommon.ZooKeeperAclProviders

public class ZooKeeperAclProviders
extends Object

Contains methods for creating ACLProvider used by Helios (agents and masters), that controls the ACLs set on nodes when they are created.

If no authentication is provided a client has no access (not even read access). There are two different roles: agents and masters. Masters are granted all permissions except ADMIN to all nodes. Agents are only granted the permissions it needs, to a subset of all the nodes. This limits the consequences of the agent credentials being compromised.

Currently all agents share the same permissions, using a single shared credential. I.e. an agent can modify data that "belongs" to another agent (to the same extent that it can modify data that belongs to it).

The provider uses ZooKeeper's "digest" ACL scheme.

Constructor Summary

Constructors

Constructor and Description
ZooKeeperAclProviders()

Method Summary

Modifier and Type	Method and Description
static String	digest(String user, String password)
static org.apache.curator.framework.api.ACLProvider	heliosAclProvider(String masterUser, String masterDigest, String agentUser, String agentDigest)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ZooKeeperAclProviders

public ZooKeeperAclProviders()

Method Detail

digest

public static String digest(String user,
                            String password)

heliosAclProvider

public static org.apache.curator.framework.api.ACLProvider heliosAclProvider(String masterUser,
                                                                             String masterDigest,
                                                                             String agentUser,
                                                                             String agentDigest)