Zookeeper ACL(使用node-zookeeper-client)
再分布式系统中,ACL(Access Control)十分重要;Zookeeper也提供了十分好用的ACL接口,下面我记录一下在nodejs下如何实现zookeeper的访问控制。 Zookeeper的ACL通常表示为:Scheme:Id:Permission,即Scheme,Id,Permission三个部分。其中,Scheme表示使用何种方式来进行访问控制,Id代表用户,Perm
ZooKeeeper has the following built in schemes:
ZooKeeper有如下几种内置的Schemes
-
world has a single id, anyone, that represents anyone.
代表所有人都能够访问 -
auth doesn't use any id, represents any authenticated user.
不需要Id,通过auth的用户都能够访问 -
digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.
通过用户名密码方式的auth验证,Id的格式为username:base64 encoded SHA1 password digest -
host uses the client host name as an ACL ID identity. The ACL expression is a hostname suffix. For example, the ACL expression host:corp.com matches the ids host:host1.corp.com and host:host2.corp.com, but nothost:host1.store.com.
使用客户端的host name作为Acl的Id -
ip uses the client host IP as an ACL ID identity. The ACL expression is of the form addr/bits where the most significant bits of addr are matched against the most significant bits of the client host IP.
使用客户端的Ip作为Acl的
zookeeper目前支持下面一些权限:
- CREATE(c): 创建权限,可以在在当前node下创建child node
- DELETE(d): 删除权限,可以删除当前的node
- READ(r): 读权限,可以获取当前node的数据,可以list当前node所有的child nodes
- WRITE(w): 写权限,可以向当前node写数据
- ADMIN(a): 管理权限,可以设置当前node的permission
void create(path, [data], [acls], [mode], callback)
Create a node with given path, data, acls and mode.
Arguments
- path
String
- Path of the node. - data
Buffer
- The data buffer, optional, defaults to null. - acls
Array
- An array of ACL objects, optional, defaults toACL.OPEN_ACL_UNSAFE
- mode
CreateMode
- The creation mode, optional, defaults toCreateMode.PERSISTENT
- callback(error, path)
Function
- The callback function.
new zookeeper.Id('ip', '127.0.0.1');
完整代码如下:
var zookeeper = require('node-zookeeper-client');
var id = new zookeeper.Id('ip', '192.168.1.123');
var client = zookeeper.createClient('192.168.1.100:2181');
var acl = new zookeeper.ACL(zookeeper.Permission.ADMIN, id);
client.create('/test', new Buffer('test'), [acl], zookeeper.CreateMode.PERSISTENT, function (err, path) {
//handler callback
});
如何有客户端想访问/test节点,则需要通过上面的访问控制,具体代码如下:
var zookeeper = require('node-zookeeper-client');
var client = zookeeper.createClient('192.168.1.100:2181');
zookeeper.addAuthInfo('ip', new Buffer('192.168.1.123'));
client.getData('/test', null, function() {
//handler callback
});
更多推荐
所有评论(0)