Zookeeper ACL (use node-zookeeper-client)

Zookeeper ACL (use node-zookeeper-client)
In a distributed system, ACL (Access Control) is very important. Zookeeper also provides a very useful ACL interface. Next I will record how to implement Access Control for zookeeper in nodejs. The ACL of Zookeeper is usually expressed as Scheme: Id: Permission, that is, Scheme, Id, and Permission. Scheme indicates the access control method, Id indicates the user, and Permission indicates the Permission.

ZooKeeeper has the following built in schemes:

ZooKeeper has the following built-in Schemes:

• World has a single id, anyone, that represents anyone.

  Indicates that all users can access

• Auth doesn't use any id, represents any authenticated user.

  No Id is required. Users with auth can access

• Digest uses a username: password string to generate MD5 hash which is then used as an acl id identity. authentication is done by sending the username: password in clear text. when used in the ACL the expression will be the username: base64 encoded SHA1 password digest.

  Authentication by username and password. The Id format is username: base64 encoded SHA1 password digest

• Host uses the client host name as an acl id identity. the ACL expression is a hostname suffix. for example, the ACL expression host: corp.com matches the ids host: host1.corp.com and host: host2.corp.com, but nothost: host1.store.com.

  Use the client host name as the Acl Id

• Ip uses the client host IP as an acl id identity. the ACL expression is of the form addr/bits where the most significant bits of addr are matched against the most significant bits of the client host IP.

  Use the Client Ip address as the Acl

  Zookeeper currently supports the following permissions:

  • CREATE (c): CREATE permission. You can CREATE a child node under the current node.
  • DELETE (d): DELETE permission. You can DELETE the current node.
  • READ (r): READ permission. You can obtain the data of the current node and list all child nodes of the current node.
  • WRITE (w): WRITE Permission, which can WRITE data to the current node
  • ADMIN (a): manage permissions. You can set the permission of the current node. The ZooKeeper client I use is the node-zookeeper-client module. The project address is worker:
    Void create (path, [data], [acls], [mode], callback)

    Create a node with given path, data, acls and mode.

    Arguments

    • PathString-Path of the node.
    • DataBuffer-The data buffer, optional, defaults to null.
    • AclsArray-An array of ACL objects, optional, defaultsACL.OPEN_ACL_UNSAFE
    • ModeCreateMode-The creation mode, optional, defaultsCreateMode.PERSISTENT
    • Callback (error, path)Function-The callback function. You can use new zookeeper. ACL (permission, id) to create an ACL instance. Two parameters are required: zookeeper. Permission. ADMIN,

      New zookeeper. Id ('IP', '2017. 0.0.1 ');
      The complete code is as follows:
      Var zookeeper = require ('node-zookeeper-client ');
      Var id = new zookeeper. Id ('IP', '192. 168.1.123 ');
      Var client = zookeeper. createClient ('192. 168.1.100: 100 ');
      Var acl = new zookeeper. ACL (zookeeper. Permission. ADMIN, id );
      Client. create ('/test', new Buffer ('test'), [acl], zookeeper. CreateMode. PERSISTENT, function (err, path ){
      // Handler callback
      });
      
      To access the/test node from a client, you must use the above access control. The specific code is as follows:
      Var zookeeper = require ('node-zookeeper-client ');
      

      var client = zookeeper.createClient('192.168.1.100:2181');

      zookeeper.addAuthInfo('ip', new Buffer('192.168.1.123'));
      client.getData('/test', null, function() {
        //handler callback
      });