http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java deleted file mode 100644 index 219d5bc..0000000 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthTestBase.java +++ /dev/null @@ -1,248 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.quorum.auth; - -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import org.apache.commons.io.FileUtils; -import org.apache.zookeeper.PortAssignment; -import org.apache.zookeeper.ZKTestCase; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase.MainThread; -import org.apache.zookeeper.test.ClientBase; -import org.junit.Assert; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * QuorumAuthTestBase provides a base class for testing quorum peer mutual - * authentication using SASL mechanisms. - */ -public class QuorumAuthTestBase extends ZKTestCase { - protected static final Logger LOG = LoggerFactory.getLogger(QuorumAuthTestBase.class); - protected List<MainThread> mt = new ArrayList<MainThread>(); - protected static File jaasConfigDir; - - public static void setupJaasConfig(String jaasEntries) { - try { - jaasConfigDir = ClientBase.createTmpDir(); - File saslConfFile = new File(jaasConfigDir, "jaas.conf"); - FileWriter fwriter = new FileWriter(saslConfFile); - fwriter.write(jaasEntries); - fwriter.close(); - System.setProperty("java.security.auth.login.config", - saslConfFile.getAbsolutePath()); - } catch (IOException ioe) { - LOG.error("Failed to create tmp directory to hold JAAS conf file", ioe); - // could not create tmp directory to hold JAAS conf file : test will - // fail now. - } - } - - public static void cleanupJaasConfig() { - if (jaasConfigDir != null) { - FileUtils.deleteQuietly(jaasConfigDir); - } - } - - protected String startQuorum(final int serverCount, - Map<String, String> authConfigs, int authServerCount, - boolean delayedServerStartup) throws IOException { - StringBuilder connectStr = new StringBuilder(); - final int[] clientPorts = startQuorum(serverCount, 0, connectStr, - authConfigs, authServerCount, delayedServerStartup); - for (int i = 0; i < serverCount; i++) { - Assert.assertTrue("waiting for server " + i + " being up", - ClientBase.waitForServerUp("127.0.0.1:" + clientPorts[i], - ClientBase.CONNECTION_TIMEOUT)); - } - return connectStr.toString(); - } - - /** - * Starts the given number of quorum servers and will wait for the quorum - * formation. - * - * @param serverCount - * total server count includes participants + observers - * @param observerCount - * number of observers - * @param authConfigs - * configuration parameters for authentication - * @param authServerCount - * number of auth enabled servers - * @return client port for the respective servers - * @throws IOException - */ - protected String startQuorum(final int serverCount, int observerCount, - Map<String, String> authConfigs, int authServerCount) - throws IOException { - StringBuilder connectStr = new StringBuilder(); - final int[] clientPorts = startQuorum(serverCount, observerCount, - connectStr, authConfigs, authServerCount, false); - for (int i = 0; i < serverCount; i++) { - Assert.assertTrue("waiting for server " + i + " being up", - ClientBase.waitForServerUp("127.0.0.1:" + clientPorts[i], - ClientBase.CONNECTION_TIMEOUT)); - } - return connectStr.toString(); - } - - /** - * Starts the given number of quorum servers and won't wait for the quorum - * formation. - * - * @param serverCount - * total server count includes participants + observers - * @param observerCount - * number of observers - * @param connectStr - * connection string where clients can used for connection - * establishment - * @param authConfigs - * configuration parameters for authentication - * @param authServerCount - * number of auth enabled servers - * @param delayedServerStartup - * true flag value to add delay between server's startup, false otherwise. - * @return client port for the respective servers - * @throws IOException - */ - protected int[] startQuorum(final int serverCount, int observerCount, - StringBuilder connectStr, Map<String, String> authConfigs, - int authServerCount, boolean delayedServerStartup) - throws IOException { - final int clientPorts[] = new int[serverCount]; - StringBuilder sb = new StringBuilder(); - - // If there are any Observers then the Observer server details will be - // placed first in the configuration section. - for (int i = 0; i < serverCount; i++) { - clientPorts[i] = PortAssignment.unique(); - String server = ""; - if (observerCount > 0 && i < observerCount) { - // add observer learner type - server = String.format("server.%d=localhost:%d:%d:observer", - i, PortAssignment.unique(), PortAssignment.unique()); - } else { - // add participant learner type - server = String.format("server.%d=localhost:%d:%d:participant", - i, PortAssignment.unique(), PortAssignment.unique()); - } - sb.append(server + "\n"); - connectStr.append("127.0.0.1:" + clientPorts[i]); - if (i < serverCount - 1) { - connectStr.append(","); - } - } - String quorumCfg = sb.toString(); - // servers with authentication interfaces configured - int i = 0; - for (; i < authServerCount; i++) { - if (observerCount > 0 && i < observerCount) { - String obsCfgSection = quorumCfg + "\npeerType=observer"; - quorumCfg = obsCfgSection; - } - startServer(authConfigs, clientPorts[i], quorumCfg, i, delayedServerStartup); - } - // servers without any authentication configured - for (int j = 0; j < serverCount - authServerCount; j++, i++) { - if (observerCount > 0 && i < observerCount) { - String obsCfgSection = quorumCfg + "\npeerType=observer"; - quorumCfg = obsCfgSection; - } - startServer(null, clientPorts[i], quorumCfg, i, delayedServerStartup); - } - return clientPorts; - } - - private void startServer(Map<String, String> authConfigs, - final int clientPort, String quorumCfg, int i, - boolean delayedServerStartup) throws IOException { - MainThread mthread; - if (authConfigs != null) { - mthread = new MainThread(i, clientPort, quorumCfg, authConfigs); - } else { - mthread = new MainThread(i, clientPort, quorumCfg); - } - mt.add(mthread); - mthread.start(); - - if (delayedServerStartup) { - addDelayBeforeStartingNextServer(mthread); - } - } - - private void addDelayBeforeStartingNextServer(MainThread mThread) { - // Refer https://issues.apache.org/jira/browse/ZOOKEEPER-2712 - LOG.info("Waiting to finish login context init(Krb login), " - + "as there are potential concurrency issues in ApacheDS " - + "if multiple servers starts together!"); - int retries = 60; // 15secs delay - while (retries > 0) { - if (mThread.getQuorumPeer() != null - && mThread.getQuorumPeer().hasAuthInitialized()) { - try { - Thread.sleep(1000); // adding 1sec grace period. - } catch (InterruptedException e) { - LOG.info("Ignore InterruptedException"); - } - break; - } - // moving to next retry cycle - retries--; - try { - Thread.sleep(250); - } catch (InterruptedException e) { - LOG.info("Ignore InterruptedException"); - } - } - } - - protected void startServer(MainThread restartPeer, - Map<String, String> authConfigs) throws IOException { - MainThread mthread = new MainThread(restartPeer.getMyid(), - restartPeer.getClientPort(), restartPeer.getQuorumCfgSection(), - authConfigs); - mt.add(mthread); - mthread.start(); - } - - void shutdownAll() { - for (int i = 0; i < mt.size(); i++) { - shutdown(i); - } - } - - MainThread shutdown(int index) { - MainThread mainThread = mt.get(index); - try { - mainThread.shutdown(); - } catch (InterruptedException e) { - } finally { - mt.remove(index); - } - mainThread.deleteBaseDir(); - return mainThread; - } -}
http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java deleted file mode 100644 index 4eeccf3..0000000 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumAuthUpgradeTest.java +++ /dev/null @@ -1,239 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.quorum.auth; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.TimeoutException; - -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.ZooDefs.Ids; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase.MainThread; -import org.apache.zookeeper.test.ClientBase; -import org.apache.zookeeper.test.ClientTest; -import org.apache.zookeeper.test.ClientBase.CountdownWatcher; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Test; - -/** - * Rolling upgrade should do in three steps: - * - * step-1) Stop the server and set the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=false and quorum.auth.serverRequireSasl=false - * Ensure that all the servers should complete this step. Now, move to next step. - * - * step-2) Stop the server one by one and change the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true and quorum.auth.serverRequireSasl=false - * Ensure that all the servers should complete this step. Now, move to next step. - * - * step-3) Stop the server one by one and change the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true and quorum.auth.serverRequireSasl=true - * Now, all the servers are fully upgraded and running in secured mode. - */ -public class QuorumAuthUpgradeTest extends QuorumAuthTestBase { - static { - String jaasEntries = new String("" + "QuorumServer {\n" - + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" - + " user_test=\"mypassword\";\n" + "};\n" - + "QuorumLearner {\n" - + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" - + " username=\"test\"\n" - + " password=\"mypassword\";\n" + "};\n"); - setupJaasConfig(jaasEntries); - } - - @After - public void tearDown() throws Exception { - shutdownAll(); - } - - @AfterClass - public static void cleanup() { - cleanupJaasConfig(); - } - - /** - * Test to verify that servers are able to start without any authentication. - * peer0 -> quorum.auth.enableSasl=false - * peer1 -> quorum.auth.enableSasl=false - */ - @Test(timeout = 30000) - public void testNullAuthLearnerServer() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - - String connectStr = startQuorum(2, authConfigs, 0, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - zk.close(); - } - - /** - * Test to verify that servers are able to form quorum. - * peer0 -> quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - * peer1 -> quorum.auth.enableSasl=false, quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - */ - @Test(timeout = 30000) - public void testAuthLearnerAgainstNullAuthServer() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - - String connectStr = startQuorum(2, authConfigs, 1, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - zk.close(); - } - - /** - * Test to verify that servers are able to form quorum. - * peer0 -> quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - * peer1 -> quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - */ - @Test(timeout = 30000) - public void testAuthLearnerAgainstNoAuthRequiredServer() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - - String connectStr = startQuorum(2, authConfigs, 2, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - zk.close(); - } - - /** - * Test to verify that servers are able to form quorum. - * peer0 -> quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true, quorum.auth.serverRequireSasl=true - * peer1 -> quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true, quorum.auth.serverRequireSasl=true - */ - @Test(timeout = 30000) - public void testAuthLearnerServer() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - - String connectStr = startQuorum(2, authConfigs, 2, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - zk.close(); - } - - /** - * Rolling upgrade should do in three steps: - * - * step-1) Stop the server and set the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=false and quorum.auth.serverRequireSasl=false - * Ensure that all the servers should complete this step. Now, move to next step. - * - * step-2) Stop the server one by one and change the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true and quorum.auth.serverRequireSasl=false - * Ensure that all the servers should complete this step. Now, move to next step. - * - * step-3) Stop the server one by one and change the flags and restart the server. - * quorum.auth.enableSasl=true, quorum.auth.learnerRequireSasl=true and quorum.auth.serverRequireSasl=true - * Now, all the servers are fully upgraded and running in secured mode. - */ - @Test(timeout = 90000) - public void testRollingUpgrade() throws Exception { - // Start peer0,1,2 servers with quorum.auth.enableSasl=false and - // quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - // Assume this is an existing cluster. - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - - String connectStr = startQuorum(3, authConfigs, 0, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - - //1. Upgrade peer0,1,2 with quorum.auth.enableSasl=true and - // quorum.auth.learnerRequireSasl=false, quorum.auth.serverRequireSasl=false - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "false"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "false"); - restartServer(authConfigs, 0, zk, watcher); - restartServer(authConfigs, 1, zk, watcher); - restartServer(authConfigs, 2, zk, watcher); - - //2. Upgrade peer0,1,2 with quorum.auth.enableSasl=true and - // quorum.auth.learnerRequireSasl=true, quorum.auth.serverRequireSasl=false - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "false"); - restartServer(authConfigs, 0, zk, watcher); - restartServer(authConfigs, 1, zk, watcher); - restartServer(authConfigs, 2, zk, watcher); - - //3. Upgrade peer0,1,2 with quorum.auth.enableSasl=true and - // quorum.auth.learnerRequireSasl=true, quorum.auth.serverRequireSasl=true - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - restartServer(authConfigs, 0, zk, watcher); - restartServer(authConfigs, 1, zk, watcher); - restartServer(authConfigs, 2, zk, watcher); - - //4. Restart peer2 with quorum.auth.learnerEnableSasl=false and - // quorum.auth.serverRequireSasl=false. It should fail to join the - // quorum as this needs auth. - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - MainThread m = shutdown(2); - startServer(m, authConfigs); - Assert.assertFalse("waiting for server 2 being up", ClientBase - .waitForServerUp("127.0.0.1:" + m.getClientPort(), 5000)); - } - - private void restartServer(Map<String, String> authConfigs, int index, - ZooKeeper zk, CountdownWatcher watcher) throws IOException, - KeeperException, InterruptedException, TimeoutException { - LOG.info("Restarting server myid=" + index); - MainThread m = shutdown(index); - startServer(m, authConfigs); - Assert.assertTrue("waiting for server" + index + "being up", - ClientBase.waitForServerUp("127.0.0.1:" + m.getClientPort(), - ClientBase.CONNECTION_TIMEOUT)); - watcher.waitForConnected(ClientTest.CONNECTION_TIMEOUT); - zk.create("/foo", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java deleted file mode 100644 index c2f4cc3..0000000 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumDigestAuthTest.java +++ /dev/null @@ -1,380 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.quorum.auth; - -import static org.junit.Assert.assertNotNull; - -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.PortAssignment; -import org.apache.zookeeper.ZooDefs.Ids; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.server.quorum.QuorumPeer; -import org.apache.zookeeper.server.quorum.QuorumPeerMain; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase; -import org.apache.zookeeper.server.quorum.QuorumPeer.ServerState; -import org.apache.zookeeper.server.quorum.QuorumPeerConfig.ConfigException; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase.MainThread; -import org.apache.zookeeper.test.ClientBase; -import org.apache.zookeeper.test.ClientBase.CountdownWatcher; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Test; - -public class QuorumDigestAuthTest extends QuorumAuthTestBase { - - private ZooKeeper zk; - static { - String jaasEntries = new String("" - + "QuorumServer {\n" - + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" - + " user_test=\"mypassword\";\n" + "};\n" - + "QuorumLearner {\n" - + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" - + " username=\"test\"\n" - + " password=\"mypassword\";\n" + "};\n" - + "QuorumLearnerInvalid {\n" - + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" - + " username=\"test\"\n" - + " password=\"invalid\";\n" + "};" + "\n"); - setupJaasConfig(jaasEntries); - } - - @After - public void tearDown() throws Exception { - for (MainThread mainThread : mt) { - mainThread.shutdown(); - mainThread.deleteBaseDir(); - } - if (zk != null) { - zk.close(); - } - } - - @AfterClass - public static void cleanup(){ - cleanupJaasConfig(); - } - - /** - * Test to verify that server is able to start with valid credentials - */ - @Test(timeout = 30000) - public void testValidCredentials() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - for (int i = 0; i < 10; i++) { - zk.create("/" + i, new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - } - } - - /** - * Test to verify that server is able to start with invalid credentials if - * the configuration is set to quorum.auth.serverRequireSasl=false. - * Quorum will talk each other even if the authentication is not succeeded - */ - @Test(timeout = 30000) - public void testSaslNotRequiredWithInvalidCredentials() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, "QuorumLearnerInvalid"); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "false"); - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - for (int i = 0; i < 10; i++) { - zk.create("/" + i, new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - } - } - - /** - * Test to verify that server shouldn't start with invalid credentials - * if the configuration is set to quorum.auth.serverRequireSasl=true, - * quorum.auth.learnerRequireSasl=true - */ - @Test(timeout = 30000) - public void testSaslRequiredInvalidCredentials() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, "QuorumLearnerInvalid"); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - int serverCount = 2; - final int[] clientPorts = startQuorum(serverCount, 0, - new StringBuilder(), authConfigs, serverCount, false); - for (int i = 0; i < serverCount; i++) { - boolean waitForServerUp = ClientBase.waitForServerUp( - "127.0.0.1:" + clientPorts[i], QuorumPeerTestBase.TIMEOUT); - Assert.assertFalse("Shouldn't start server with invalid credentials", - waitForServerUp); - } - } - - /** - * If quorumpeer learner is not auth enabled then self won't be able to join - * quorum. So this test is ensuring that the quorumpeer learner is also auth - * enabled while enabling quorum server require sasl. - */ - @Test(timeout = 10000) - public void testEnableQuorumServerRequireSaslWithoutQuorumLearnerRequireSasl() - throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, - "QuorumLearner"); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "false"); - MainThread mthread = new MainThread(1, PortAssignment.unique(), "", - authConfigs); - String args[] = new String[1]; - args[0] = mthread.getConfFile().toString(); - try { - new QuorumPeerMain() { - @Override - protected void initializeAndRun(String[] args) - throws ConfigException, IOException { - super.initializeAndRun(args); - } - }.initializeAndRun(args); - Assert.fail("Must throw exception as quorumpeer learner is not enabled!"); - } catch (ConfigException e) { - // expected - } - } - - - /** - * If quorumpeer learner is not auth enabled then self won't be able to join - * quorum. So this test is ensuring that the quorumpeer learner is also auth - * enabled while enabling quorum server require sasl. - */ - @Test(timeout = 10000) - public void testEnableQuorumAuthenticationConfigurations() - throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, - "QuorumLearner"); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "false"); - - // case-1) 'quorum.auth.enableSasl' is off. Tries to enable server sasl. - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "false"); - MainThread mthread = new MainThread(1, PortAssignment.unique(), "", - authConfigs); - String args[] = new String[1]; - args[0] = mthread.getConfFile().toString(); - try { - new QuorumPeerMain() { - @Override - protected void initializeAndRun(String[] args) - throws ConfigException, IOException { - super.initializeAndRun(args); - } - }.initializeAndRun(args); - Assert.fail("Must throw exception as quorum sasl is not enabled!"); - } catch (ConfigException e) { - // expected - } - - // case-1) 'quorum.auth.enableSasl' is off. Tries to enable learner sasl. - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "false"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - try { - new QuorumPeerMain() { - @Override - protected void initializeAndRun(String[] args) - throws ConfigException, IOException { - super.initializeAndRun(args); - } - }.initializeAndRun(args); - Assert.fail("Must throw exception as quorum sasl is not enabled!"); - } catch (ConfigException e) { - // expected - } - } - - /** - * Test to verify that Observer server is able to join quorum. - */ - @Test(timeout = 30000) - public void testObserverWithValidCredentials() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - - // Starting auth enabled 5-node cluster. 3-Participants and 2-Observers. - int totalServerCount = 5; - int observerCount = 2; - String connectStr = startQuorum(totalServerCount, observerCount, - authConfigs, totalServerCount); - CountdownWatcher watcher = new CountdownWatcher(); - zk = new ZooKeeper(connectStr.toString(), ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - } - - /** - * Test to verify that non-auth enabled Observer server should be rejected - * by the auth enabled quorum servers. - */ - @Test(timeout = 30000) - public void testNonAuthEnabledObserverJoiningAuthEnabledQuorum() - throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - - // Starting auth enabled 3-node cluster. - int totalServerCount = 3; - String connectStr = startQuorum(totalServerCount, authConfigs, - totalServerCount, false); - - CountdownWatcher watcher = new CountdownWatcher(); - zk = new ZooKeeper(connectStr.toString(), ClientBase.CONNECTION_TIMEOUT, - watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - - // Adding a non-auth enabled Observer to the 3-node auth cluster. - String quorumCfgSection = mt.get(0).getQuorumCfgSection(); - int observerMyid = totalServerCount + 1; - StringBuilder newObsCfgSection = new StringBuilder(quorumCfgSection); - newObsCfgSection.append("\n"); - newObsCfgSection.append(String.format( - "server.%d=localhost:%d:%d:observer", observerMyid, - PortAssignment.unique(), PortAssignment.unique())); - newObsCfgSection.append("\npeerType=observer"); - newObsCfgSection.append("\n"); - int clientPort = PortAssignment.unique(); - newObsCfgSection.append("127.0.0.1:" + clientPort); - MainThread mthread = new MainThread(observerMyid, clientPort, - newObsCfgSection.toString()); - mt.add(mthread); - mthread.start(); - - boolean waitForServerUp = ClientBase.waitForServerUp( - "127.0.0.1:" + clientPort, QuorumPeerTestBase.TIMEOUT); - Assert.assertFalse( - "Non-auth enabled Observer shouldn't be able join auth-enabled quorum", - waitForServerUp); - - // quorum shouldn't be disturbed due to rejection. - zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - } - - /** - * Test to verify that server is able to reform quorum if the Leader goes - * down. - */ - @Test(timeout = 30000) - public void testRelectionWithValidCredentials() throws Exception { - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - watcher.reset(); - - // Shutdown Leader to trigger re-election - QuorumPeer leaderQP = getLeaderQuorumPeer(mt); - LOG.info("Shutdown Leader sid:{} to trigger quorum leader-election", - leaderQP.getId()); - shutdownQP(leaderQP); - - // Wait for quorum formation - QuorumPeer newLeaderQP = waitForLeader(); - assertNotNull("New leader must have been elected by now", newLeaderQP); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT_SEQUENTIAL); - } - - private QuorumPeer waitForLeader() throws InterruptedException { - int retryCnt = 0; - QuorumPeer newLeaderQP = null; - while (retryCnt < 30) { - newLeaderQP = getLeaderQuorumPeer(mt); - if (newLeaderQP != null) { - LOG.info("Number of retries:{} to findout new Leader", - retryCnt); - break; - } - retryCnt--; - Thread.sleep(500); - } - return newLeaderQP; - } - - private void shutdownQP(QuorumPeer qp) throws InterruptedException { - assertNotNull("QuorumPeer doesn't exist!", qp); - qp.shutdown(); - - int retryCnt = 30; - while (retryCnt > 0) { - if (qp.getPeerState() == ServerState.LOOKING) { - LOG.info("Number of retries:{} to change the server state to {}", - retryCnt, ServerState.LOOKING); - break; - } - Thread.sleep(500); - retryCnt--; - } - Assert.assertEquals( - "After shutdown, QuorumPeer should change its state to LOOKING", - ServerState.LOOKING, qp.getPeerState()); - } - - private QuorumPeer getLeaderQuorumPeer(List<MainThread> mtList) { - for (MainThread mt : mtList) { - QuorumPeer quorumPeer = mt.getQuorumPeer(); - if (null != quorumPeer - && ServerState.LEADING == quorumPeer.getPeerState()) { - return quorumPeer; - } - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java deleted file mode 100644 index 7263925..0000000 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosAuthTest.java +++ /dev/null @@ -1,123 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.quorum.auth; - -import java.io.File; -import java.util.HashMap; -import java.util.Map; - -import org.apache.commons.io.FileUtils; -import org.apache.commons.io.FilenameUtils; -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.ZooDefs.Ids; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase.MainThread; -import org.apache.zookeeper.server.quorum.auth.KerberosTestUtils; -import org.apache.zookeeper.server.quorum.auth.QuorumAuth; -import static org.apache.zookeeper.server.quorum.auth.QuorumAuthTestBase.cleanupJaasConfig; -import static org.apache.zookeeper.server.quorum.auth.QuorumAuthTestBase.setupJaasConfig; -import org.apache.zookeeper.test.ClientBase; -import org.apache.zookeeper.test.ClientBase.CountdownWatcher; -import org.junit.After; -import org.junit.AfterClass; -import static org.junit.Assume.assumeFalse; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -public class QuorumKerberosAuthTest extends KerberosSecurityTestcase { - private static File keytabFile; - static { - String keytabFilePath = FilenameUtils.normalize(KerberosTestUtils.getKeytabFile(), true); - String jaasEntries = new String("" - + "QuorumServer {\n" - + " com.sun.security.auth.module.Krb5LoginModule required\n" - + " useKeyTab=true\n" - + " keyTab=\"" + keytabFilePath + "\"\n" - + " storeKey=true\n" - + " useTicketCache=false\n" - + " debug=false\n" - + " principal=\"" + KerberosTestUtils.getServerPrincipal() + "\";\n" + "};\n" - + "QuorumLearner {\n" - + " com.sun.security.auth.module.Krb5LoginModule required\n" - + " useKeyTab=true\n" - + " keyTab=\"" + keytabFilePath + "\"\n" - + " storeKey=true\n" - + " useTicketCache=false\n" - + " debug=false\n" - + " principal=\"" + KerberosTestUtils.getLearnerPrincipal() + "\";\n" + "};\n"); - setupJaasConfig(jaasEntries); - } - - @BeforeClass - public static void notOnJdk6() throws Exception { - String specsVersion = System.getProperty("java.specification.version", "1.6"); - System.out.println("java.specification.version="+specsVersion); - assumeFalse("Skipping test as Java Major version is "+specsVersion, "1.6".equals(specsVersion)); - } - - @Before - public void setUp() throws Exception { - // create keytab - keytabFile = new File(KerberosTestUtils.getKeytabFile()); - String learnerPrincipal = KerberosTestUtils.getLearnerPrincipal(); - String serverPrincipal = KerberosTestUtils.getServerPrincipal(); - learnerPrincipal = learnerPrincipal.substring(0, learnerPrincipal.lastIndexOf("@")); - serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@")); - getKdc().createPrincipal(keytabFile, learnerPrincipal, serverPrincipal); - } - - @After - public void tearDown() throws Exception { - for (MainThread mainThread : mt) { - mainThread.shutdown(); - mainThread.deleteBaseDir(); - } - } - - @AfterClass - public static void cleanup() { - if(keytabFile != null){ - FileUtils.deleteQuietly(keytabFile); - } - cleanupJaasConfig(); - } - - /** - * Test to verify that server is able to start with valid credentials - */ - @Test(timeout = 120000) - public void testValidCredentials() throws Exception { - String serverPrincipal = KerberosTestUtils.getServerPrincipal(); - serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@")); - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - for (int i = 0; i < 10; i++) { - zk.create("/" + i, new byte[0], Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); - } - zk.close(); - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java b/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java deleted file mode 100644 index aab893e..0000000 --- a/src/java/test/org/apache/zookeeper/server/quorum/auth/QuorumKerberosHostBasedAuthTest.java +++ /dev/null @@ -1,196 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.quorum.auth; - -import java.io.File; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.TimeoutException; - -import org.apache.commons.io.FileUtils; -import org.apache.commons.io.FilenameUtils; -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.PortAssignment; -import org.apache.zookeeper.ZooDefs.Ids; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.server.quorum.QuorumPeerTestBase.MainThread; -import org.apache.zookeeper.test.ClientBase; -import org.apache.zookeeper.test.ClientBase.CountdownWatcher; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; - -import junit.framework.Assert; -import org.apache.zookeeper.server.quorum.auth.KerberosTestUtils; -import org.apache.zookeeper.server.quorum.auth.QuorumAuth; -import static org.apache.zookeeper.server.quorum.auth.QuorumAuthTestBase.cleanupJaasConfig; -import static org.apache.zookeeper.server.quorum.auth.QuorumAuthTestBase.setupJaasConfig; -import static org.junit.Assume.assumeFalse; - -public class QuorumKerberosHostBasedAuthTest extends KerberosSecurityTestcase { - private static File keytabFile; - private static String hostServerPrincipal = KerberosTestUtils.getHostServerPrincipal(); - private static String hostLearnerPrincipal = KerberosTestUtils.getHostLearnerPrincipal(); - private static String hostNamedLearnerPrincipal = KerberosTestUtils.getHostNamedLearnerPrincipal("myHost"); - static { - setupJaasConfigEntries(hostServerPrincipal, hostLearnerPrincipal, hostNamedLearnerPrincipal); - } - - private static void setupJaasConfigEntries(String hostServerPrincipal, - String hostLearnerPrincipal, String hostNamedLearnerPrincipal) { - String keytabFilePath = FilenameUtils.normalize(KerberosTestUtils.getKeytabFile(), true); - String jaasEntries = new String("" - + "QuorumServer {\n" - + " com.sun.security.auth.module.Krb5LoginModule required\n" - + " useKeyTab=true\n" - + " keyTab=\"" + keytabFilePath + "\"\n" - + " storeKey=true\n" - + " useTicketCache=false\n" - + " debug=false\n" - + " principal=\"" + KerberosTestUtils.replaceHostPattern(hostServerPrincipal) + "\";\n" + "};\n" - + "QuorumLearner {\n" - + " com.sun.security.auth.module.Krb5LoginModule required\n" - + " useKeyTab=true\n" - + " keyTab=\"" + keytabFilePath + "\"\n" - + " storeKey=true\n" - + " useTicketCache=false\n" - + " debug=false\n" - + " principal=\"" + KerberosTestUtils.replaceHostPattern(hostLearnerPrincipal) + "\";\n" + "};\n" - + "QuorumLearnerMyHost {\n" - + " com.sun.security.auth.module.Krb5LoginModule required\n" - + " useKeyTab=true\n" - + " keyTab=\"" + keytabFilePath + "\"\n" - + " storeKey=true\n" - + " useTicketCache=false\n" - + " debug=false\n" - + " principal=\"" + hostNamedLearnerPrincipal + "\";\n" + "};\n"); - setupJaasConfig(jaasEntries); - } - - @BeforeClass - public static void notOnJdk6() throws Exception { - String specsVersion = System.getProperty("java.specification.version", "1.6"); - System.out.println("java.specification.version="+specsVersion); - assumeFalse("Skipping test as Java Major version is "+specsVersion, "1.6".equals(specsVersion)); - } - - @BeforeClass - public static void setUp() throws Exception { - // create keytab - keytabFile = new File(KerberosTestUtils.getKeytabFile()); - - // Creates principals in the KDC and adds them to a keytab file. - String learnerPrincipal = hostLearnerPrincipal.substring(0, hostLearnerPrincipal.lastIndexOf("@")); - learnerPrincipal = KerberosTestUtils.replaceHostPattern(learnerPrincipal); - String serverPrincipal = hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@")); - serverPrincipal = KerberosTestUtils.replaceHostPattern(serverPrincipal); - - // learner with ipaddress in principal - String learnerPrincipal2 = hostNamedLearnerPrincipal.substring(0, hostNamedLearnerPrincipal.lastIndexOf("@")); - getKdc().createPrincipal(keytabFile, learnerPrincipal, learnerPrincipal2, serverPrincipal); - } - - @After - public void tearDown() throws Exception { - for (MainThread mainThread : mt) { - mainThread.shutdown(); - mainThread.deleteBaseDir(); - } - } - - @AfterClass - public static void cleanup() { - if(keytabFile != null){ - FileUtils.deleteQuietly(keytabFile); - } - cleanupJaasConfig(); - } - - /** - * Test to verify that server is able to start with valid credentials - */ - @Test(timeout = 120000) - public void testValidCredentials() throws Exception { - String serverPrincipal = hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@")); - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - for (int i = 0; i < 10; i++) { - zk.create("/" + i, new byte[0], Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); - } - zk.close(); - } - - /** - * Test to verify that the bad server connection to the quorum should be rejected. - */ - @Test(timeout = 120000) - public void testConnectBadServer() throws Exception { - String serverPrincipal = hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@")); - Map<String, String> authConfigs = new HashMap<String, String>(); - authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); - authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); - authConfigs.put(QuorumAuth.QUORUM_KERBEROS_SERVICE_PRINCIPAL, serverPrincipal); - String connectStr = startQuorum(3, authConfigs, 3, false); - CountdownWatcher watcher = new CountdownWatcher(); - ZooKeeper zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); - for (int i = 0; i < 10; i++) { - zk.create("/" + i, new byte[0], Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); - } - zk.close(); - - String quorumCfgSection = mt.get(0).getQuorumCfgSection(); - StringBuilder sb = new StringBuilder(); - sb.append(quorumCfgSection); - - int myid = mt.size() + 1; - final int clientPort = PortAssignment.unique(); - String server = String.format("server.%d=localhost:%d:%d:participant", - myid, PortAssignment.unique(), PortAssignment.unique()); - sb.append(server + "\n"); - quorumCfgSection = sb.toString(); - authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, - "QuorumLearnerMyHost"); - MainThread badServer = new MainThread(myid, clientPort, quorumCfgSection, - authConfigs); - badServer.start(); - watcher = new CountdownWatcher(); - connectStr = "127.0.0.1:" + clientPort; - zk = new ZooKeeper(connectStr, ClientBase.CONNECTION_TIMEOUT, watcher); - try{ - watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT/3); - Assert.fail("Must throw exception as the myHost is not an authorized one!"); - } catch (TimeoutException e){ - // expected - } finally { - zk.close(); - badServer.shutdown(); - badServer.deleteBaseDir(); - } - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/util/PortForwarder.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/util/PortForwarder.java b/src/java/test/org/apache/zookeeper/server/util/PortForwarder.java deleted file mode 100644 index acbad80..0000000 --- a/src/java/test/org/apache/zookeeper/server/util/PortForwarder.java +++ /dev/null @@ -1,256 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * - */ -package org.apache.zookeeper.server.util; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.ConnectException; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.SocketException; -import java.net.SocketTimeoutException; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.TimeUnit; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * A utility that does bi-directional forwarding between two ports. - * Useful, for example, to simulate network failures. - * Example: - * - * Server 1 config file: - * - * server.1=127.0.0.1:7301:7401;8201 - * server.2=127.0.0.1:7302:7402;8202 - * server.3=127.0.0.1:7303:7403;8203 - * - * Server 2 and 3 config files: - * - * server.1=127.0.0.1:8301:8401;8201 - * server.2=127.0.0.1:8302:8402;8202 - * server.3=127.0.0.1:8303:8403;8203 - * - * Initially forward traffic between 730x and 830x and between 740x and 830x - * This way server 1 can communicate with servers 2 and 3 - * .... - * - * List<PortForwarder> pfs = startForwarding(); - * .... - * // simulate a network interruption for server 1 - * stopForwarding(pfs); - * .... - * // restore connection - * pfs = startForwarding(); - * - * - * private List<PortForwarder> startForwarding() throws IOException { - * List<PortForwarder> res = new ArrayList<PortForwarder>(); - * res.add(new PortForwarder(8301, 7301)); - * res.add(new PortForwarder(8401, 7401)); - * res.add(new PortForwarder(7302, 8302)); - * res.add(new PortForwarder(7402, 8402)); - * res.add(new PortForwarder(7303, 8303)); - * res.add(new PortForwarder(7403, 8403)); - * return res; - * } - * - * private void stopForwarding(List<PortForwarder> pfs) throws Exception { - * for (PortForwarder pf : pfs) { - * pf.shutdown(); - * } - * } - * - * - */ -public class PortForwarder extends Thread { - private static final Logger LOG = LoggerFactory - .getLogger(PortForwarder.class); - - private static class PortForwardWorker implements Runnable { - - private final InputStream in; - private final OutputStream out; - private final Socket toClose; - private final Socket toClose2; - - PortForwardWorker(Socket toClose, Socket toClose2, InputStream in, - OutputStream out) throws IOException { - this.toClose = toClose; - this.toClose2 = toClose2; - this.in = in; - this.out = out; - // LOG.info("starting forward for "+toClose); - } - - public void run() { - Thread.currentThread().setName(toClose.toString() + "-->" - + toClose2.toString()); - byte[] buf = new byte[1024]; - try { - while (true) { - try { - int read = this.in.read(buf); - if (read > 0) { - try { - this.out.write(buf, 0, read); - } catch (IOException e) { - LOG.warn("exception during write", e); - try { - toClose.close(); - } catch (IOException ex) { - // ignore - } - try { - toClose2.close(); - } catch (IOException ex) { - // ignore - } - break; - } - } - } catch (SocketTimeoutException e) { - LOG.error("socket timeout", e); - } - Thread.sleep(1); - } - } catch (InterruptedException e) { - LOG.warn("Interrupted", e); - try { - toClose.close(); - } catch (IOException ex) { - // ignore - } - try { - toClose2.close(); - } catch (IOException ex) { - // ignore silently - } - } catch (SocketException e) { - if (!"Socket closed".equals(e.getMessage())) { - LOG.error("Unexpected exception", e); - } - } catch (IOException e) { - LOG.error("Unexpected exception", e); - } - LOG.info("Shutting down forward for " + toClose); - } - - } - - private volatile boolean stopped = false; - private ExecutorService workers = Executors.newCachedThreadPool(); - private ServerSocket serverSocket; - private final int to; - - public PortForwarder(int from, int to) throws IOException { - this.to = to; - serverSocket = new ServerSocket(from); - serverSocket.setSoTimeout(30000); - this.start(); - } - - @Override - public void run() { - try { - while (!stopped) { - Socket sock = null; - try { - LOG.info("accepting socket local:" - + serverSocket.getLocalPort() + " to:" + to); - sock = serverSocket.accept(); - LOG.info("accepted: local:" + sock.getLocalPort() - + " from:" + sock.getPort() - + " to:" + to); - Socket target = null; - int retry = 10; - while(sock.isConnected()) { - try { - target = new Socket("localhost", to); - break; - } catch (IOException e) { - if (retry == 0) { - throw e; - } - LOG.warn("connection failed, retrying(" + retry - + "): local:" + sock.getLocalPort() - + " from:" + sock.getPort() - + " to:" + to, e); - } - Thread.sleep(TimeUnit.SECONDS.toMillis(1)); - retry--; - } - LOG.info("connected: local:" + sock.getLocalPort() - + " from:" + sock.getPort() - + " to:" + to); - sock.setSoTimeout(30000); - target.setSoTimeout(30000); - this.workers.execute(new PortForwardWorker(sock, target, - sock.getInputStream(), target.getOutputStream())); - this.workers.execute(new PortForwardWorker(target, sock, - target.getInputStream(), sock.getOutputStream())); - } catch (SocketTimeoutException e) { - LOG.warn("socket timed out local:" - + (sock != null ? sock.getLocalPort(): "") - + " from:" + (sock != null ? sock.getPort(): "") - + " to:" + to, e); - } catch (ConnectException e) { - LOG.warn("connection exception local:" - + (sock != null ? sock.getLocalPort(): "") - + " from:" + (sock != null ? sock.getPort(): "") - + " to:" + to, e); - sock.close(); - } catch (IOException e) { - if (!"Socket closed".equals(e.getMessage())) { - LOG.warn("unexpected exception local:" - + (sock != null ? sock.getLocalPort(): "") - + " from:" + (sock != null ? sock.getPort(): "") - + " to:" + to, e); - throw e; - } - } - } - } catch (IOException e) { - LOG.error("Unexpected exception to:" + to, e); - } catch (InterruptedException e) { - LOG.error("Interrupted to:" + to, e); - } - } - - public void shutdown() throws Exception { - this.stopped = true; - this.serverSocket.close(); - this.workers.shutdownNow(); - try { - if (!this.workers.awaitTermination(5, TimeUnit.SECONDS)) { - throw new Exception( - "Failed to stop forwarding within 5 seconds"); - } - } catch (InterruptedException e) { - throw new Exception("Failed to stop forwarding"); - } - this.join(); - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/server/util/SerializeUtilsTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/server/util/SerializeUtilsTest.java b/src/java/test/org/apache/zookeeper/server/util/SerializeUtilsTest.java deleted file mode 100644 index 61893f7..0000000 --- a/src/java/test/org/apache/zookeeper/server/util/SerializeUtilsTest.java +++ /dev/null @@ -1,128 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.server.util; - -import org.apache.jute.BinaryOutputArchive; -import org.apache.jute.OutputArchive; -import org.apache.jute.Record; -import org.apache.zookeeper.server.Request; -import org.apache.zookeeper.txn.TxnHeader; -import org.junit.Test; -import org.mockito.InOrder; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.stubbing.Answer; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.eq; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.inOrder; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; - -public class SerializeUtilsTest { - - @Test - public void testSerializeRequestRequestIsNull() { - byte[] data = SerializeUtils.serializeRequest(null); - assertNull(data); - } - - @Test - public void testSerializeRequestRequestHeaderIsNull() { - Request request = new Request(0, 0, 0, null, null, 0); - byte[] data = SerializeUtils.serializeRequest(request); - assertNull(data); - } - - @Test - public void testSerializeRequestWithoutTxn() throws IOException { - // Arrange - TxnHeader header = mock(TxnHeader.class); - doAnswer(new Answer() { - @Override - public Object answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - OutputArchive oa = (OutputArchive) args[0]; - oa.writeString("header", "test"); - return null; - } - }).when(header).serialize(any(OutputArchive.class), anyString()); - Request request = new Request(1, 2, 3, header, null, 4); - - // Act - byte[] data = SerializeUtils.serializeRequest(request); - - // Assert - assertNotNull(data); - verify(header).serialize(any(OutputArchive.class), eq("hdr")); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - BinaryOutputArchive boa = BinaryOutputArchive.getArchive(baos); - boa.writeString("header", "test"); - baos.close(); - assertArrayEquals(baos.toByteArray(), data); - } - - @Test - public void testSerializeRequestWithTxn() throws IOException { - // Arrange - TxnHeader header = mock(TxnHeader.class); - doAnswer(new Answer() { - @Override - public Object answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - OutputArchive oa = (OutputArchive) args[0]; - oa.writeString("header", "test"); - return null; - } - }).when(header).serialize(any(OutputArchive.class), anyString()); - Record txn = mock(Record.class); - doAnswer(new Answer() { - @Override - public Object answer(InvocationOnMock invocation) throws Throwable { - Object[] args = invocation.getArguments(); - OutputArchive oa = (OutputArchive) args[0]; - oa.writeString("record", "test"); - return null; - } - }).when(txn).serialize(any(OutputArchive.class), anyString()); - Request request = new Request(1, 2, 3, header, txn, 4); - - // Act - byte[] data = SerializeUtils.serializeRequest(request); - - // Assert - assertNotNull(data); - InOrder inOrder = inOrder(header, txn); - inOrder.verify(header).serialize(any(OutputArchive.class), eq("hdr")); - inOrder.verify(txn).serialize(any(OutputArchive.class), eq("txn")); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - BinaryOutputArchive boa = BinaryOutputArchive.getArchive(baos); - boa.writeString("header", "test"); - boa.writeString("record", "test"); - baos.close(); - assertArrayEquals(baos.toByteArray(), data); - } -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/test/ACLCountTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/test/ACLCountTest.java b/src/java/test/org/apache/zookeeper/test/ACLCountTest.java deleted file mode 100644 index 88b8869..0000000 --- a/src/java/test/org/apache/zookeeper/test/ACLCountTest.java +++ /dev/null @@ -1,136 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.test; - -import static org.apache.zookeeper.test.ClientBase.CONNECTION_TIMEOUT; - -import java.io.File; -import java.util.ArrayList; -import java.util.concurrent.CountDownLatch; -import java.util.List; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.PortAssignment; -import org.apache.zookeeper.WatchedEvent; -import org.apache.zookeeper.Watcher; -import org.apache.zookeeper.ZKTestCase; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.Watcher.Event.KeeperState; -import org.apache.zookeeper.ZooDefs; -import org.apache.zookeeper.ZooDefs.Ids; -import org.apache.zookeeper.data.ACL; -import org.apache.zookeeper.data.Stat; -import org.apache.zookeeper.server.ServerCnxnFactory; -import org.apache.zookeeper.server.SyncRequestProcessor; -import org.apache.zookeeper.server.ZooKeeperServer; -import org.junit.Assert; -import org.junit.Test; - -public class ACLCountTest extends ZKTestCase implements Watcher { - private static final Logger LOG = LoggerFactory.getLogger(ACLTest.class); - private static final String HOSTPORT = - "127.0.0.1:" + PortAssignment.unique(); - private volatile CountDownLatch startSignal; - - /** - * - * Create a node and add 4 ACL values to it, but there are only 2 unique ACL values, - * and each is repeated once: - * - * ACL(ZooDefs.Perms.READ,ZooDefs.Ids.ANYONE_ID_UNSAFE); - * ACL(ZooDefs.Perms.ALL,ZooDefs.Ids.AUTH_IDS); - * ACL(ZooDefs.Perms.READ,ZooDefs.Ids.ANYONE_ID_UNSAFE); - * ACL(ZooDefs.Perms.ALL,ZooDefs.Ids.AUTH_IDS); - * - * Even though we've added 4 ACL values, there should only be 2 ACLs for that node, - * since there are only 2 *unique* ACL values. - */ - @Test - public void testAclCount() throws Exception { - File tmpDir = ClientBase.createTmpDir(); - ClientBase.setupTestEnv(); - ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000); - SyncRequestProcessor.setSnapCount(1000); - final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]); - ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1); - f.startup(zks); - ZooKeeper zk; - - final ArrayList<ACL> CREATOR_ALL_AND_WORLD_READABLE = - new ArrayList<ACL>() { { - add(new ACL(ZooDefs.Perms.READ,ZooDefs.Ids.ANYONE_ID_UNSAFE)); - add(new ACL(ZooDefs.Perms.ALL,ZooDefs.Ids.AUTH_IDS)); - add(new ACL(ZooDefs.Perms.READ,ZooDefs.Ids.ANYONE_ID_UNSAFE)); - add(new ACL(ZooDefs.Perms.ALL,ZooDefs.Ids.AUTH_IDS)); - }}; - - try { - LOG.info("starting up the zookeeper server .. waiting"); - Assert.assertTrue("waiting for server being up", - ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT)); - zk = new ZooKeeper(HOSTPORT, CONNECTION_TIMEOUT, this); - - zk.addAuthInfo("digest", "pat:test".getBytes()); - zk.setACL("/", Ids.CREATOR_ALL_ACL, -1); - - String path = "/path"; - - try { - Assert.assertEquals(4,CREATOR_ALL_AND_WORLD_READABLE.size()); - } - catch (Exception e) { - LOG.error("Something is fundamentally wrong with ArrayList's add() method. add()ing four times to an empty ArrayList should result in an ArrayList with 4 members."); - throw e; - } - - zk.create(path,path.getBytes(),CREATOR_ALL_AND_WORLD_READABLE,CreateMode.PERSISTENT); - List<ACL> acls = zk.getACL("/path", new Stat()); - Assert.assertEquals(2,acls.size()); - } - catch (Exception e) { - // test failed somehow. - Assert.assertTrue(false); - } - - f.shutdown(); - zks.shutdown(); - } - - - /* - * (non-Javadoc) - * - * @see org.apache.zookeeper.Watcher#process(org.apache.zookeeper.WatcherEvent) - */ - public void process(WatchedEvent event) { - LOG.info("Event:" + event.getState() + " " + event.getType() + " " - + event.getPath()); - if (event.getState() == KeeperState.SyncConnected) { - if (startSignal != null && startSignal.getCount() > 0) { - LOG.info("startsignal.countDown()"); - startSignal.countDown(); - } else { - LOG.warn("startsignal " + startSignal); - } - } - } - -} http://git-wip-us.apache.org/repos/asf/zookeeper/blob/c0aa3b3f/src/java/test/org/apache/zookeeper/test/ACLRootTest.java ---------------------------------------------------------------------- diff --git a/src/java/test/org/apache/zookeeper/test/ACLRootTest.java b/src/java/test/org/apache/zookeeper/test/ACLRootTest.java deleted file mode 100644 index 7307cbf..0000000 --- a/src/java/test/org/apache/zookeeper/test/ACLRootTest.java +++ /dev/null @@ -1,98 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.zookeeper.test; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.apache.zookeeper.CreateMode; -import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.ZooDefs.Ids; -import org.junit.Assert; -import org.junit.Test; - -public class ACLRootTest extends ClientBase { - private static final Logger LOG = LoggerFactory.getLogger(ACLRootTest.class); - - @Test - public void testRootAcl() throws Exception { - ZooKeeper zk = createClient(); - try { - // set auth using digest - zk.addAuthInfo("digest", "pat:test".getBytes()); - zk.setACL("/", Ids.CREATOR_ALL_ACL, -1); - zk.getData("/", false, null); - zk.close(); - // verify no access - zk = createClient(); - try { - zk.getData("/", false, null); - Assert.fail("validate auth"); - } catch (KeeperException.NoAuthException e) { - // expected - } - try { - zk.create("/apps", null, Ids.CREATOR_ALL_ACL, - CreateMode.PERSISTENT); - Assert.fail("validate auth"); - } catch (KeeperException.InvalidACLException e) { - // expected - } - zk.addAuthInfo("digest", "world:anyone".getBytes()); - try { - zk.create("/apps", null, Ids.CREATOR_ALL_ACL, - CreateMode.PERSISTENT); - Assert.fail("validate auth"); - } catch (KeeperException.NoAuthException e) { - // expected - } - zk.close(); - // verify access using original auth - zk = createClient(); - zk.addAuthInfo("digest", "pat:test".getBytes()); - zk.getData("/", false, null); - zk.create("/apps", null, Ids.CREATOR_ALL_ACL, - CreateMode.PERSISTENT); - zk.delete("/apps", -1); - // reset acl (back to open) and verify accessible again - zk.setACL("/", Ids.OPEN_ACL_UNSAFE, -1); - zk.close(); - zk = createClient(); - zk.getData("/", false, null); - zk.create("/apps", null, Ids.OPEN_ACL_UNSAFE, - CreateMode.PERSISTENT); - try { - zk.create("/apps", null, Ids.CREATOR_ALL_ACL, - CreateMode.PERSISTENT); - Assert.fail("validate auth"); - } catch (KeeperException.InvalidACLException e) { - // expected - } - zk.delete("/apps", -1); - zk.addAuthInfo("digest", "world:anyone".getBytes()); - zk.create("/apps", null, Ids.CREATOR_ALL_ACL, - CreateMode.PERSISTENT); - zk.close(); - zk = createClient(); - zk.delete("/apps", -1); - } finally { - zk.close(); - } - } -}
