001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.zookeeper;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertFalse;
022import static org.junit.Assert.assertTrue;
023
024import java.io.IOException;
025import java.util.List;
026import org.apache.hadoop.conf.Configuration;
027import org.apache.hadoop.hbase.HBaseClassTestRule;
028import org.apache.hadoop.hbase.HBaseConfiguration;
029import org.apache.hadoop.hbase.security.Superusers;
030import org.apache.hadoop.hbase.testclassification.SmallTests;
031import org.apache.hadoop.hbase.testclassification.ZKTests;
032import org.apache.hadoop.security.UserGroupInformation;
033import org.apache.zookeeper.KeeperException;
034import org.apache.zookeeper.ZooDefs.Ids;
035import org.apache.zookeeper.ZooDefs.Perms;
036import org.apache.zookeeper.data.ACL;
037import org.apache.zookeeper.data.Id;
038import org.junit.ClassRule;
039import org.junit.Test;
040import org.junit.experimental.categories.Category;
041import org.mockito.Mockito;
042
043@Category({ ZKTests.class, SmallTests.class })
044public class TestZKUtilNoServer {
045  @ClassRule
046  public static final HBaseClassTestRule CLASS_RULE =
047    HBaseClassTestRule.forClass(TestZKUtilNoServer.class);
048
049  @Test
050  public void testUnsecure() throws IOException {
051    Configuration conf = HBaseConfiguration.create();
052    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
053    String node = "/hbase/testUnsecure";
054    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
055    List<ACL> aclList = watcher.createACL(node, false);
056    assertEquals(1, aclList.size());
057    assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next()));
058  }
059
060  @Test
061  public void testSecuritySingleSuperuser() throws IOException {
062    Configuration conf = HBaseConfiguration.create();
063    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
064    String node = "/hbase/testSecuritySingleSuperuser";
065    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
066    List<ACL> aclList = watcher.createACL(node, true);
067    assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default
068    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
069    assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
070  }
071
072  @Test
073  public void testCreateACL() throws IOException {
074    Configuration conf = HBaseConfiguration.create();
075    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
076    String node = "/hbase/testCreateACL";
077    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
078    List<ACL> aclList = watcher.createACL(node, true);
079    assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default
080    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
081    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
082    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
083    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
084    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
085  }
086
087  @Test
088  public void testCreateACLWithSameUser() throws IOException {
089    Configuration conf = HBaseConfiguration.create();
090    conf.set(Superusers.SUPERUSER_CONF_KEY, "user4,@group1,user5,user6");
091    UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("user4"));
092    String node = "/hbase/testCreateACL";
093    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
094    List<ACL> aclList = watcher.createACL(node, true);
095    assertEquals(3, aclList.size()); // 3, since service user the same as one of superuser
096    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
097    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("auth", ""))));
098    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user5"))));
099    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user6"))));
100  }
101
102  @Test(expected = KeeperException.SystemErrorException.class)
103  public void testInterruptedDuringAction()
104    throws IOException, KeeperException, InterruptedException {
105    final RecoverableZooKeeper recoverableZk = Mockito.mock(RecoverableZooKeeper.class);
106    ZKWatcher zkw = new ZKWatcher(HBaseConfiguration.create(), "unittest", null) {
107      @Override
108      public RecoverableZooKeeper getRecoverableZooKeeper() {
109        return recoverableZk;
110      }
111    };
112    Mockito.doThrow(new InterruptedException()).when(recoverableZk)
113      .getChildren(zkw.getZNodePaths().baseZNode, null);
114    ZKUtil.listChildrenNoWatch(zkw, zkw.getZNodePaths().baseZNode);
115  }
116}