[
https://issues.apache.org/jira/browse/CURATOR-665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707255#comment-17707255
]
Ryan Ruel commented on CURATOR-665:
-----------------------------------
Below is a test case which you can drop into TestModeledFramework which
reproduces the issue.
The issue seems to be related to ACLs and the creation of sub-paths:
{code:java}
@Test
public void testExceptionHandling() throws Exception
{
final List<ACL> writeAcl = Collections.singletonList(new
ACL(ZooDefs.Perms.WRITE, new Id("digest",
DigestAuthenticationProvider.generateDigest("test:test"))));
// An ACLProvider is used to get the write ACL (for the test user) for any
path "/test/**".
final ACLProvider aclProvider = new ACLProvider() {
@Override
public List<ACL> getDefaultAcl() { return ZooDefs.Ids.READ_ACL_UNSAFE; }
@Override
public List<ACL> getAclForPath(String path)
{
// Any sub-path "/test/**" should only be writeable by the test
user.
return path.startsWith("/test") ? writeAcl : getDefaultAcl();
}
};
try (CuratorFramework authorizedFramework =
CuratorFrameworkFactory.builder()
.connectString(server.getConnectString())
.retryPolicy(new RetryOneTime(1))
.aclProvider(aclProvider)
.authorization("digest", "test:test".getBytes())
.build()) {
authorizedFramework.start();
// Create the parent path using the authorized framework, which will
initially set the ACL accordingly.
authorizedFramework.create().withMode(CreateMode.PERSISTENT).forPath("/test");
}
// Now attempt to set the sub-node using an unauthorized client.
try (CuratorFramework unauthorizedFramework =
CuratorFrameworkFactory.builder()
.connectString(server.getConnectString())
.retryPolicy(new RetryOneTime(1))
.aclProvider(aclProvider)
.build()) {
unauthorizedFramework.start();
// I overrode the TestModel provided path with a multi-component path
under the "/test" parent path
// (which was previously created with ACL protection).
ModelSpec<TestModel> aclModelSpec =
ModelSpec.builder(ZPath.parse("/test/foo/bar"), modelSpec.serializer())
.withCreateOptions(EnumSet.of(CreateOption.createParentsIfNeeded,
CreateOption.createParentsAsContainers))
.build();
ModeledFramework<TestModel> noAuthClient =
ModeledFramework.wrap(AsyncCuratorFramework.wrap(unauthorizedFramework),
aclModelSpec);
// We would expect this to throw a NoAuth KeeperException, but it
instead hangs.
noAuthClient.set(new TestModel("John", "Galt", "Galt's Gulch", 42,
BigInteger.valueOf(66))).toCompletableFuture().get();
}
} {code}
> ModeledFramework does not throw expected exception and instead hangs
> --------------------------------------------------------------------
>
> Key: CURATOR-665
> URL: https://issues.apache.org/jira/browse/CURATOR-665
> Project: Apache Curator
> Issue Type: Bug
> Components: Framework
> Affects Versions: 5.4.0
> Reporter: Ryan Ruel
> Priority: Major
>
> When writing data to ZooKeeper via Curator, I found that when I was receiving
> a KeeperException NoAuth back from ZooKeeper, my call would hang indefinitely.
> The NoAuth was expected as I was testing writing to a path where the ACL was
> set to prevent my client from writing (X509 authentication scheme).
> The call which hangs:
> {code:java}
> myFramework.set(myModel).toCompletableFuture().get();{code}
> The logs from the call:
> {code:java}
> 2023-03-29 14:20:29,511 [Curator-Framework-0] ERROR imps.CuratorFrameworkImpl
> - Background exception was not retry-able or retry gave up
> org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> NoAuth for /test/foo {code}
> I'd expect this exception to bubble up wrapped in a CompletionException.
> Instead, CuratorFrameworkImpl just logs the exception and then the call to
> get() hangs indefinitely.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
