Zookeeper ACL(使用node-zookeeper-client)

现在的位置: 首页 > 综合 > 正文

RSS

Zookeeper ACL(使用node-zookeeper-client)

2017年03月03日 ⁄ 综合 ⁄ 共 2531字 ⁄ 字号小中大 ⁄ 评论关闭

再分布式系统中，ACL(Access Control)十分重要；Zookeeper也提供了十分好用的ACL接口，下面我记录一下在nodejs下如何实现zookeeper的访问控制。

Zookeeper的ACL通常表示为：Scheme:Id:Permission，即Scheme,Id,Permission三个部分。其中，Scheme表示使用何种方式来进行访问控制，Id代表用户，Permission表示有什么权限。

ZooKeeeper has the following built in schemes:

ZooKeeper有如下几种内置的Schemes

world has a single id, anyone, that represents anyone.

代表所有人都能够访问
auth doesn't use any id, represents any authenticated user.

不需要Id，通过auth的用户都能够访问
digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending
the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.

通过用户名密码方式的auth验证，Id的格式为username:base64 encoded SHA1 password digest
host uses the client host name as an ACL ID identity. The ACL expression is a hostname suffix. For example, the ACL expression host:corp.com matches
the ids host:host1.corp.com and host:host2.corp.com, but nothost:host1.store.com.

使用客户端的host name作为Acl的Id
ip uses the client host IP as an ACL ID identity. The ACL expression is of the form addr/bits where the most significant bits of addr are
matched against the most significant bits of the client host IP.

使用客户端的Ip作为Acl的

zookeeper目前支持下面一些权限：

CREATE(c): 创建权限，可以在在当前node下创建child node
DELETE(d): 删除权限，可以删除当前的node
READ(r): 读权限，可以获取当前node的数据，可以list当前node所有的child nodes
WRITE(w): 写权限，可以向当前node写数据
ADMIN(a): 管理权限，可以设置当前node的permission

我使用的ZooKeeper client是：node-zookeeper-client模块，项目地址：https://github.com/alexguan/node-zookeeper-client

首先，再创建Node的时候设置ACL,node-zookeeper-client创建node的接口为：

void create(path, [data], [acls], [mode], callback)

Create a node with given path, data, acls and mode.

Arguments

path String - Path of the node.
data Buffer - The data buffer, optional, defaults to null.
acls Array - An array of ACL objects,
optional, defaults to ACL.OPEN_ACL_UNSAFE
mode CreateMode - The creation mode, optional, defaults to CreateMode.PERSISTENT
callback(error, path) Function - The callback function.

可以通过new zookeeper.ACL（permission, id）来创建ACL实例，需要传入两个参数，zookeeper.Permission.ADMIN,

new zookeeper.Id('ip', '127.0.0.1');
完整代码如下：
var zookeeper = require('node-zookeeper-client');
var id = new zookeeper.Id('ip', '192.168.1.123');
var client = zookeeper.createClient('192.168.1.100:2181');
var acl = new zookeeper.ACL(zookeeper.Permission.ADMIN, id);
client.create('/test', new Buffer('test'), [acl], zookeeper.CreateMode.PERSISTENT, function (err, path) {
  //handler callback
});

如何有客户端想访问/test节点，则需要通过上面的访问控制，具体代码如下:
var zookeeper = require('node-zookeeper-client');

var client = zookeeper.createClient('192.168.1.100:2181');

zookeeper.addAuthInfo('ip', new Buffer('192.168.1.123'));
client.getData('/test', null, function() {
  //handler callback
});

【上篇】[CentOS]安装软件：/lib/ld-linux.so.2: bad ELF interpreter 解决
【下篇】全面理解面向对象的 JavaScript

作者: jintian68

该日志由 jintian68 于7年前发表在综合分类下，最后更新于 2017年03月03日.
转载请注明: Zookeeper ACL(使用node-zookeeper-client) | 学步园 +复制链接

抱歉!评论已关闭.

学步园