feat(registry): contrib/registry/zookeeper add digest acl support (#1964)

* feat(registry): contrib/registry/zookeeper add digest acl support

* feat(registry): use WithDigestACL to put user and password together

contrib/registry/zookeeper/register.go

@@ -25,6 +25,8 @@ type options struct {
 	ctx      context.Context
 	rootPath string
 	timeout  time.Duration
+	user     string
+	password string
 }
 
 // WithContext with registry context.
@@ -42,6 +44,14 @@ func WithTimeout(timeout time.Duration) Option {
 	return func(o *options) { o.timeout = timeout }
 }
 
+// WithDigestACL with registry password.
+func WithDigestACL(user string, password string) Option {
+	return func(o *options) {
+		o.user = user
+		o.password = password
+	}
+}
+
 // Registry is consul registry
 type Registry struct {
 	opts     *options
@@ -63,6 +73,12 @@ func New(zkServers []string, opts ...Option) (*Registry, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(options.user) > 0 && len(options.password) > 0 {
+		err = conn.AddAuth("digest", []byte(options.user+":"+options.password))
+		if err != nil {
+			return nil, err
+		}
+	}
 	return &Registry{
 		opts:     options,
 		conn:     conn,
@@ -182,7 +198,12 @@ func (r *Registry) ensureName(path string, data []byte, flags int32) error {
 		return err
 	}
 	if !exists {
-		_, err := r.conn.Create(path, data, flags, zk.WorldACL(zk.PermAll))
+		var err error
+		if len(r.opts.user) > 0 && len(r.opts.password) > 0 {
+			_, err = r.conn.Create(path, data, flags, zk.DigestACL(zk.PermAll, r.opts.user, r.opts.password))
+		} else {
+			_, err = r.conn.Create(path, data, flags, zk.WorldACL(zk.PermAll))
+		}
 		if err != nil {
 			return err
 		}

contrib/registry/zookeeper/register_test.go

@@ -16,7 +16,7 @@ func TestRegistry(t *testing.T) {
 		Endpoints: []string{"http://127.0.0.1:1111"},
 	}
 
-	r, _ := New([]string{"127.0.0.1:2181"})
+	r, _ := New([]string{"127.0.0.1:2181"}, WithDigestACL("username", "password"))
 
 	w, err := r.Watch(ctx, s.Name)
 	if err != nil {