Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.zookeeper;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertFalse;
022import static org.junit.Assert.assertTrue;
023
024import java.io.IOException;
025import java.util.List;
026import org.apache.hadoop.conf.Configuration;
027import org.apache.hadoop.hbase.HBaseClassTestRule;
028import org.apache.hadoop.hbase.HBaseConfiguration;
029import org.apache.hadoop.hbase.ZooKeeperConnectionException;
030import org.apache.hadoop.hbase.security.Superusers;
031import org.apache.hadoop.hbase.testclassification.SmallTests;
032import org.apache.hadoop.hbase.testclassification.ZKTests;
033import org.apache.hadoop.security.UserGroupInformation;
034import org.apache.zookeeper.KeeperException;
035import org.apache.zookeeper.ZooDefs.Ids;
036import org.apache.zookeeper.ZooDefs.Perms;
037import org.apache.zookeeper.data.ACL;
038import org.apache.zookeeper.data.Id;
039import org.junit.ClassRule;
040import org.junit.Test;
041import org.junit.experimental.categories.Category;
042import org.mockito.Mockito;
043
044@Category({ ZKTests.class, SmallTests.class })
045public class TestZKUtilNoServer {
046
047  @ClassRule
048  public static final HBaseClassTestRule CLASS_RULE =
049      HBaseClassTestRule.forClass(TestZKUtilNoServer.class);
050
051  @Test
052  public void testUnsecure() throws ZooKeeperConnectionException, IOException {
053    Configuration conf = HBaseConfiguration.create();
054    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
055    String node = "/hbase/testUnsecure";
056    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
057    List<ACL> aclList = ZKUtil.createACL(watcher, node, false);
058    assertEquals(1, aclList.size());
059    assertTrue(aclList.contains(Ids.OPEN_ACL_UNSAFE.iterator().next()));
060  }
061
062  @Test
063  public void testSecuritySingleSuperuser() throws ZooKeeperConnectionException, IOException {
064    Configuration conf = HBaseConfiguration.create();
065    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1");
066    String node = "/hbase/testSecuritySingleSuperuser";
067    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
068    List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
069    assertEquals(2, aclList.size()); // 1+1, since ACL will be set for the creator by default
070    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
071    assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next()));
072  }
073
074  @Test
075  public void testCreateACL() throws ZooKeeperConnectionException, IOException {
076    Configuration conf = HBaseConfiguration.create();
077    conf.set(Superusers.SUPERUSER_CONF_KEY, "user1,@group1,user2,@group2,user3");
078    String node = "/hbase/testCreateACL";
079    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
080    List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
081    assertEquals(4, aclList.size()); // 3+1, since ACL will be set for the creator by default
082    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
083    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2"))));
084    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1"))));
085    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user2"))));
086    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user3"))));
087  }
088
089  @Test
090  public void testCreateACLWithSameUser() throws ZooKeeperConnectionException, IOException {
091    Configuration conf = HBaseConfiguration.create();
092    conf.set(Superusers.SUPERUSER_CONF_KEY, "user4,@group1,user5,user6");
093    UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("user4"));
094    String node = "/hbase/testCreateACL";
095    ZKWatcher watcher = new ZKWatcher(conf, node, null, false);
096    List<ACL> aclList = ZKUtil.createACL(watcher, node, true);
097    assertEquals(3, aclList.size()); // 3, since service user the same as one of superuser
098    assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1"))));
099    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("auth", ""))));
100    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user5"))));
101    assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user6"))));
102  }
103
104  @Test(expected = KeeperException.SystemErrorException.class)
105  public void testInterruptedDuringAction()
106      throws ZooKeeperConnectionException, IOException, KeeperException, InterruptedException {
107    final RecoverableZooKeeper recoverableZk = Mockito.mock(RecoverableZooKeeper.class);
108    ZKWatcher zkw = new ZKWatcher(HBaseConfiguration.create(), "unittest", null) {
109      @Override
110      public RecoverableZooKeeper getRecoverableZooKeeper() {
111        return recoverableZk;
112      }
113    };
114    Mockito.doThrow(new InterruptedException()).when(recoverableZk)
115        .getChildren(zkw.getZNodePaths().baseZNode, null);
116    ZKUtil.listChildrenNoWatch(zkw, zkw.getZNodePaths().baseZNode);
117  }
118}