Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.zookeeper;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertFalse;
022import static org.junit.jupiter.api.Assertions.assertThrows;
023import static org.junit.jupiter.api.Assertions.assertTrue;
024
025import java.io.IOException;
026import java.util.List;
027import org.apache.hadoop.conf.Configuration;
028import org.apache.hadoop.hbase.HBaseConfiguration;
029import org.apache.hadoop.hbase.security.Superusers;
030import org.apache.hadoop.hbase.testclassification.SmallTests;
031import org.apache.hadoop.hbase.testclassification.ZKTests;
032import org.apache.hadoop.security.UserGroupInformation;
033import org.apache.zookeeper.KeeperException;
034import org.apache.zookeeper.ZooDefs.Ids;
035import org.apache.zookeeper.ZooDefs.Perms;
036import org.apache.zookeeper.data.ACL;
037import org.apache.zookeeper.data.Id;
038import org.junit.jupiter.api.Tag;
039import org.junit.jupiter.api.Test;
040import org.mockito.Mockito;
041
042@Tag(ZKTests.TAG)
043@Tag(SmallTests.TAG)
044public class TestZKUtilNoServer {
045
046  @Test
047  public void testUnsecure() throws IOException {
048    Configuration conf = HBaseConfiguration.create();
049    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
050    String node = "/hbase/testUnsecure";
051    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
052    List<ACL> aclList = watcher.createACL(node, false);
053    assertEquals(1, aclList.size());
054    assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next()));
055  }
056
057  @Test
058  public void testSecuritySingleSuperuser() throws IOException {
059    Configuration conf = HBaseConfiguration.create();
060    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
061    String node = "/hbase/testSecuritySingleSuperuser";
062    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
063    List<ACL> aclList = watcher.createACL(node, true);
064    assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default
065    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
066    assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
067  }
068
069  @Test
070  public void testCreateACL() throws IOException {
071    Configuration conf = HBaseConfiguration.create();
072    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
073    String node = "/hbase/testCreateACL";
074    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
075    List<ACL> aclList = watcher.createACL(node, true);
076    assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default
077    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
078    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
079    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
080    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
081    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
082  }
083
084  @Test
085  public void testCreateACLWithSameUser() throws IOException {
086    Configuration conf = HBaseConfiguration.create();
087    conf.set(Superusers.SUPERUSER_CONF_KEY, "user4,@group1,user5,user6");
088    UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("user4"));
089    String node = "/hbase/testCreateACL";
090    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
091    List<ACL> aclList = watcher.createACL(node, true);
092    assertEquals(3, aclList.size()); // 3, since service user the same as one of superuser
093    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
094    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("auth", ""))));
095    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user5"))));
096    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user6"))));
097  }
098
099  @Test
100  public void testInterruptedDuringAction()
101    throws IOException, KeeperException, InterruptedException {
102    final RecoverableZooKeeper recoverableZk = Mockito.mock(RecoverableZooKeeper.class);
103    ZKWatcher zkw = new ZKWatcher(HBaseConfiguration.create(), "unittest", null) {
104      @Override
105      public RecoverableZooKeeper getRecoverableZooKeeper() {
106        return recoverableZk;
107      }
108    };
109    Mockito.doThrow(new InterruptedException()).when(recoverableZk)
110      .getChildren(zkw.getZNodePaths().baseZNode, null);
111    assertThrows(KeeperException.SystemErrorException.class,
112      () -> ZKUtil.listChildrenNoWatch(zkw, zkw.getZNodePaths().baseZNode));
113  }
114}