From 1cf413f365c6bf005f5cf2ad6cc1072490f2b63c Mon Sep 17 00:00:00 2001 From: Adam Saponara Date: Mon, 18 Mar 2019 17:21:12 -0400 Subject: [PATCH 1/2] Add `-topo_zk_auth_file` flag Signed-off-by: Adam Saponara --- go/cmd/zk/zkcmd.go | 36 +++++++++++++++++++++----------- go/vt/topo/zk2topo/zk_conn.go | 39 ++++++++++++++++++++++++++++------- 2 files changed, 56 insertions(+), 19 deletions(-) diff --git a/go/cmd/zk/zkcmd.go b/go/cmd/zk/zkcmd.go index acf612d8750..6433cc27b50 100644 --- a/go/cmd/zk/zkcmd.go +++ b/go/cmd/zk/zkcmd.go @@ -51,6 +51,8 @@ there are some slight differences in flag handling. zk -h - provide help on overriding cell selection +zk addAuth digest user:pass + zk cat /zk/path zk cat -l /zk/path1 /zk/path2 (list filename before file data) @@ -111,18 +113,19 @@ var zconn *zk2topo.ZkConn func init() { cmdMap = map[string]cmdFunc{ - "cat": cmdCat, - "chmod": cmdChmod, - "cp": cmdCp, - "edit": cmdEdit, - "ls": cmdLs, - "rm": cmdRm, - "stat": cmdStat, - "touch": cmdTouch, - "unzip": cmdUnzip, - "wait": cmdWait, - "watch": cmdWatch, - "zip": cmdZip, + "addAuth": cmdAddAuth, + "cat": cmdCat, + "chmod": cmdChmod, + "cp": cmdCp, + "edit": cmdEdit, + "ls": cmdLs, + "rm": cmdRm, + "stat": cmdStat, + "touch": cmdTouch, + "unzip": cmdUnzip, + "wait": cmdWait, + "watch": cmdWatch, + "zip": cmdZip, } } @@ -500,6 +503,15 @@ func cmdRm(ctx context.Context, subFlags *flag.FlagSet, args []string) error { return nil } +func cmdAddAuth(ctx context.Context, subFlags *flag.FlagSet, args []string) error { + subFlags.Parse(args) + if subFlags.NArg() < 2 { + return fmt.Errorf("addAuth: expected args ") + } + scheme, auth := subFlags.Arg(0), subFlags.Arg(1) + return zconn.AddAuth(ctx, scheme, []byte(auth)) +} + func cmdCat(ctx context.Context, subFlags *flag.FlagSet, args []string) error { var ( longListing = subFlags.Bool("l", false, "long listing") diff --git a/go/vt/topo/zk2topo/zk_conn.go b/go/vt/topo/zk2topo/zk_conn.go index c7539192500..428d0026b4a 100644 --- a/go/vt/topo/zk2topo/zk_conn.go +++ b/go/vt/topo/zk2topo/zk_conn.go @@ -57,6 +57,7 @@ var ( certPath = flag.String("topo_zk_tls_cert", "", "the cert to use to connect to the zk topo server, requires topo_zk_tls_key, enables TLS") keyPath = flag.String("topo_zk_tls_key", "", "the key to use to connect to the zk topo server, enables TLS") caPath = flag.String("topo_zk_tls_ca", "", "the server ca to use to validate servers when connecting to the zk topo server") + authFile = flag.String("topo_zk_auth_file", "", "auth to use when connecting to the zk topo server, file contents should be :, e.g., digest:user:pass") ) // Time returns a time.Time from a ZK int64 milliseconds since Epoch time. @@ -108,7 +109,6 @@ func (c *ZkConn) Get(ctx context.Context, path string) (data []byte, stat *zk.St return } -// GetW is part of the Conn interface. func (c *ZkConn) GetW(ctx context.Context, path string) (data []byte, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { data, stat, watch, err = conn.GetW(path) @@ -117,7 +117,6 @@ func (c *ZkConn) GetW(ctx context.Context, path string) (data []byte, stat *zk.S return } -// Children is part of the Conn interface. func (c *ZkConn) Children(ctx context.Context, path string) (children []string, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { children, stat, err = conn.Children(path) @@ -126,7 +125,6 @@ func (c *ZkConn) Children(ctx context.Context, path string) (children []string, return } -// ChildrenW is part of the Conn interface. func (c *ZkConn) ChildrenW(ctx context.Context, path string) (children []string, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { children, stat, watch, err = conn.ChildrenW(path) @@ -135,7 +133,6 @@ func (c *ZkConn) ChildrenW(ctx context.Context, path string) (children []string, return } -// Exists is part of the Conn interface. func (c *ZkConn) Exists(ctx context.Context, path string) (exists bool, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { exists, stat, err = conn.Exists(path) @@ -144,7 +141,6 @@ func (c *ZkConn) Exists(ctx context.Context, path string) (exists bool, stat *zk return } -// ExistsW is part of the Conn interface. func (c *ZkConn) ExistsW(ctx context.Context, path string) (exists bool, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { exists, stat, watch, err = conn.ExistsW(path) @@ -178,7 +174,6 @@ func (c *ZkConn) Delete(ctx context.Context, path string, version int32) error { }) } -// GetACL is part of the Conn interface. func (c *ZkConn) GetACL(ctx context.Context, path string) (aclv []zk.ACL, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { aclv, stat, err = conn.GetACL(path) @@ -187,7 +182,6 @@ func (c *ZkConn) GetACL(ctx context.Context, path string) (aclv []zk.ACL, stat * return } -// SetACL is part of the Conn interface. func (c *ZkConn) SetACL(ctx context.Context, path string, aclv []zk.ACL, version int32) error { return c.withRetry(ctx, func(conn *zk.Conn) error { _, err := conn.SetACL(path, aclv, version) @@ -195,6 +189,13 @@ func (c *ZkConn) SetACL(ctx context.Context, path string, aclv []zk.ACL, version }) } +func (c *ZkConn) AddAuth(ctx context.Context, scheme string, auth []byte) error { + return c.withRetry(ctx, func(conn *zk.Conn) error { + err := conn.AddAuth(scheme, auth) + return err + }) +} + // Close is part of the Conn interface. func (c *ZkConn) Close() error { c.mu.Lock() @@ -271,10 +272,34 @@ func (c *ZkConn) getConn(ctx context.Context) (*zk.Conn, error) { } c.conn = conn go c.handleSessionEvents(conn, events) + c.maybeAddAuth(ctx) } return c.conn, nil } +// maybeAddAuth calls AddAuth if the `-topo_zk_auth_file` flag was specified +func (c *ZkConn) maybeAddAuth(ctx context.Context) { + if *authFile == "" { + return + } + authInfoBytes, err := ioutil.ReadFile(*authFile) + if err != nil { + log.Errorf("failed to read topo_zk_auth_file: %v", err) + return + } + authInfo := string(authInfoBytes) + authInfoParts := strings.SplitN(authInfo, ":", 2) + if len(authInfoParts) != 2 { + log.Errorf("failed to parse topo_zk_auth_file contents, expected format : but saw: %s", authInfo) + return + } + err = c.conn.AddAuth(authInfoParts[0], []byte(authInfoParts[1])) + if err != nil { + log.Errorf("failed to add auth from topo_zk_auth_file: %v", err) + return + } +} + // handleSessionEvents is processing events from the session channel. // When it detects that the connection is not working any more, it // clears out the connection record. From 1cc8d0a2a08811d721146a7403474a380ba5b366 Mon Sep 17 00:00:00 2001 From: Adam Saponara Date: Thu, 21 Mar 2019 10:43:24 -0400 Subject: [PATCH 2/2] Add doc comments back in Signed-off-by: Adam Saponara --- go/vt/topo/zk2topo/zk_conn.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/go/vt/topo/zk2topo/zk_conn.go b/go/vt/topo/zk2topo/zk_conn.go index 428d0026b4a..e69980768bd 100644 --- a/go/vt/topo/zk2topo/zk_conn.go +++ b/go/vt/topo/zk2topo/zk_conn.go @@ -109,6 +109,7 @@ func (c *ZkConn) Get(ctx context.Context, path string) (data []byte, stat *zk.St return } +// GetW is part of the Conn interface. func (c *ZkConn) GetW(ctx context.Context, path string) (data []byte, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { data, stat, watch, err = conn.GetW(path) @@ -117,6 +118,7 @@ func (c *ZkConn) GetW(ctx context.Context, path string) (data []byte, stat *zk.S return } +// Children is part of the Conn interface. func (c *ZkConn) Children(ctx context.Context, path string) (children []string, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { children, stat, err = conn.Children(path) @@ -125,6 +127,7 @@ func (c *ZkConn) Children(ctx context.Context, path string) (children []string, return } +// ChildrenW is part of the Conn interface. func (c *ZkConn) ChildrenW(ctx context.Context, path string) (children []string, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { children, stat, watch, err = conn.ChildrenW(path) @@ -133,6 +136,7 @@ func (c *ZkConn) ChildrenW(ctx context.Context, path string) (children []string, return } +// Exists is part of the Conn interface. func (c *ZkConn) Exists(ctx context.Context, path string) (exists bool, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { exists, stat, err = conn.Exists(path) @@ -141,6 +145,7 @@ func (c *ZkConn) Exists(ctx context.Context, path string) (exists bool, stat *zk return } +// ExistsW is part of the Conn interface. func (c *ZkConn) ExistsW(ctx context.Context, path string) (exists bool, stat *zk.Stat, watch <-chan zk.Event, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { exists, stat, watch, err = conn.ExistsW(path) @@ -174,6 +179,7 @@ func (c *ZkConn) Delete(ctx context.Context, path string, version int32) error { }) } +// GetACL is part of the Conn interface. func (c *ZkConn) GetACL(ctx context.Context, path string) (aclv []zk.ACL, stat *zk.Stat, err error) { err = c.withRetry(ctx, func(conn *zk.Conn) error { aclv, stat, err = conn.GetACL(path) @@ -182,6 +188,7 @@ func (c *ZkConn) GetACL(ctx context.Context, path string) (aclv []zk.ACL, stat * return } +// SetACL is part of the Conn interface. func (c *ZkConn) SetACL(ctx context.Context, path string, aclv []zk.ACL, version int32) error { return c.withRetry(ctx, func(conn *zk.Conn) error { _, err := conn.SetACL(path, aclv, version) @@ -189,6 +196,7 @@ func (c *ZkConn) SetACL(ctx context.Context, path string, aclv []zk.ACL, version }) } +// AddAuth is part of the Conn interface. func (c *ZkConn) AddAuth(ctx context.Context, scheme string, auth []byte) error { return c.withRetry(ctx, func(conn *zk.Conn) error { err := conn.AddAuth(scheme, auth)