Google Git
Sign in
apache / hbase-site / 3709040b15f91a27ffc18fbeba87749d4b022119 / . / testapidocs / src-html / org / apache / hadoop / hbase / zookeeper / TestZooKeeperACL.html
blob: 84699789dbb386ab0fbc5d60291cafe9fa944b40 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>Source code</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="source: package: org.apache.hadoop.hbase.zookeeper, class: TestZooKeeperACL">
<meta name="generator" content="javadoc/SourceToHTMLConverter">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body class="source-page">
<main role="main">
<div class="source-container">
<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
<span class="source-line-no">009</span><span id="line-9"> *</span>
<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="source-line-no">011</span><span id="line-11"> *</span>
<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
<span class="source-line-no">017</span><span id="line-17"> */</span>
<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.zookeeper;</span>
<span class="source-line-no">019</span><span id="line-19"></span>
<span class="source-line-no">020</span><span id="line-20">import static org.junit.Assert.assertEquals;</span>
<span class="source-line-no">021</span><span id="line-21">import static org.junit.Assert.assertFalse;</span>
<span class="source-line-no">022</span><span id="line-22">import static org.junit.Assert.assertTrue;</span>
<span class="source-line-no">023</span><span id="line-23"></span>
<span class="source-line-no">024</span><span id="line-24">import java.io.File;</span>
<span class="source-line-no">025</span><span id="line-25">import java.io.FileOutputStream;</span>
<span class="source-line-no">026</span><span id="line-26">import java.io.IOException;</span>
<span class="source-line-no">027</span><span id="line-27">import java.io.OutputStreamWriter;</span>
<span class="source-line-no">028</span><span id="line-28">import java.nio.charset.StandardCharsets;</span>
<span class="source-line-no">029</span><span id="line-29">import java.util.ArrayList;</span>
<span class="source-line-no">030</span><span id="line-30">import java.util.List;</span>
<span class="source-line-no">031</span><span id="line-31">import javax.security.auth.login.AppConfigurationEntry;</span>
<span class="source-line-no">032</span><span id="line-32">import org.apache.hadoop.conf.Configuration;</span>
<span class="source-line-no">033</span><span id="line-33">import org.apache.hadoop.hbase.HBaseClassTestRule;</span>
<span class="source-line-no">034</span><span id="line-34">import org.apache.hadoop.hbase.HBaseConfiguration;</span>
<span class="source-line-no">035</span><span id="line-35">import org.apache.hadoop.hbase.HBaseTestingUtil;</span>
<span class="source-line-no">036</span><span id="line-36">import org.apache.hadoop.hbase.HConstants;</span>
<span class="source-line-no">037</span><span id="line-37">import org.apache.hadoop.hbase.ServerName;</span>
<span class="source-line-no">038</span><span id="line-38">import org.apache.hadoop.hbase.TestZooKeeper;</span>
<span class="source-line-no">039</span><span id="line-39">import org.apache.hadoop.hbase.testclassification.MediumTests;</span>
<span class="source-line-no">040</span><span id="line-40">import org.apache.hadoop.hbase.testclassification.ZKTests;</span>
<span class="source-line-no">041</span><span id="line-41">import org.apache.zookeeper.ZooDefs;</span>
<span class="source-line-no">042</span><span id="line-42">import org.apache.zookeeper.data.ACL;</span>
<span class="source-line-no">043</span><span id="line-43">import org.apache.zookeeper.data.Stat;</span>
<span class="source-line-no">044</span><span id="line-44">import org.junit.AfterClass;</span>
<span class="source-line-no">045</span><span id="line-45">import org.junit.Before;</span>
<span class="source-line-no">046</span><span id="line-46">import org.junit.BeforeClass;</span>
<span class="source-line-no">047</span><span id="line-47">import org.junit.ClassRule;</span>
<span class="source-line-no">048</span><span id="line-48">import org.junit.Test;</span>
<span class="source-line-no">049</span><span id="line-49">import org.junit.experimental.categories.Category;</span>
<span class="source-line-no">050</span><span id="line-50">import org.slf4j.Logger;</span>
<span class="source-line-no">051</span><span id="line-51">import org.slf4j.LoggerFactory;</span>
<span class="source-line-no">052</span><span id="line-52"></span>
<span class="source-line-no">053</span><span id="line-53">@Category({ ZKTests.class, MediumTests.class })</span>
<span class="source-line-no">054</span><span id="line-54">public class TestZooKeeperACL {</span>
<span class="source-line-no">055</span><span id="line-55"></span>
<span class="source-line-no">056</span><span id="line-56"> @ClassRule</span>
<span class="source-line-no">057</span><span id="line-57"> public static final HBaseClassTestRule CLASS_RULE =</span>
<span class="source-line-no">058</span><span id="line-58"> HBaseClassTestRule.forClass(TestZooKeeperACL.class);</span>
<span class="source-line-no">059</span><span id="line-59"></span>
<span class="source-line-no">060</span><span id="line-60"> private final static Logger LOG = LoggerFactory.getLogger(TestZooKeeperACL.class);</span>
<span class="source-line-no">061</span><span id="line-61"> private final static HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();</span>
<span class="source-line-no">062</span><span id="line-62"></span>
<span class="source-line-no">063</span><span id="line-63"> private static ZKWatcher zkw;</span>
<span class="source-line-no">064</span><span id="line-64"> private static boolean secureZKAvailable;</span>
<span class="source-line-no">065</span><span id="line-65"></span>
<span class="source-line-no">066</span><span id="line-66"> @BeforeClass</span>
<span class="source-line-no">067</span><span id="line-67"> public static void setUpBeforeClass() throws Exception {</span>
<span class="source-line-no">068</span><span id="line-68"> File saslConfFile = File.createTempFile("tmp", "jaas.conf");</span>
<span class="source-line-no">069</span><span id="line-69"> try (OutputStreamWriter fwriter =</span>
<span class="source-line-no">070</span><span id="line-70"> new OutputStreamWriter(new FileOutputStream(saslConfFile), StandardCharsets.UTF_8)) {</span>
<span class="source-line-no">071</span><span id="line-71"> fwriter.write("Server {\n" + "org.apache.zookeeper.server.auth.DigestLoginModule required\n"</span>
<span class="source-line-no">072</span><span id="line-72"> + "user_hbase=\"secret\";\n" + "};\n" + "Client {\n"</span>
<span class="source-line-no">073</span><span id="line-73"> + "org.apache.zookeeper.server.auth.DigestLoginModule required\n" + "username=\"hbase\"\n"</span>
<span class="source-line-no">074</span><span id="line-74"> + "password=\"secret\";\n" + "};" + "\n");</span>
<span class="source-line-no">075</span><span id="line-75"> }</span>
<span class="source-line-no">076</span><span id="line-76"> System.setProperty("java.security.auth.login.config", saslConfFile.getAbsolutePath());</span>
<span class="source-line-no">077</span><span id="line-77"> System.setProperty("zookeeper.authProvider.1",</span>
<span class="source-line-no">078</span><span id="line-78"> "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");</span>
<span class="source-line-no">079</span><span id="line-79"></span>
<span class="source-line-no">080</span><span id="line-80"> TEST_UTIL.getConfiguration().setInt("hbase.zookeeper.property.maxClientCnxns", 1000);</span>
<span class="source-line-no">081</span><span id="line-81"></span>
<span class="source-line-no">082</span><span id="line-82"> // If Hadoop is missing HADOOP-7070 the cluster will fail to start due to</span>
<span class="source-line-no">083</span><span id="line-83"> // the JAAS configuration required by ZK being clobbered by Hadoop</span>
<span class="source-line-no">084</span><span id="line-84"> try {</span>
<span class="source-line-no">085</span><span id="line-85"> TEST_UTIL.startMiniCluster();</span>
<span class="source-line-no">086</span><span id="line-86"> } catch (IOException e) {</span>
<span class="source-line-no">087</span><span id="line-87"> LOG.warn("Hadoop is missing HADOOP-7070", e);</span>
<span class="source-line-no">088</span><span id="line-88"> secureZKAvailable = false;</span>
<span class="source-line-no">089</span><span id="line-89"> return;</span>
<span class="source-line-no">090</span><span id="line-90"> }</span>
<span class="source-line-no">091</span><span id="line-91"> zkw = new ZKWatcher(new Configuration(TEST_UTIL.getConfiguration()),</span>
<span class="source-line-no">092</span><span id="line-92"> TestZooKeeper.class.getName(), null);</span>
<span class="source-line-no">093</span><span id="line-93"> }</span>
<span class="source-line-no">094</span><span id="line-94"></span>
<span class="source-line-no">095</span><span id="line-95"> @AfterClass</span>
<span class="source-line-no">096</span><span id="line-96"> public static void tearDownAfterClass() throws Exception {</span>
<span class="source-line-no">097</span><span id="line-97"> if (!secureZKAvailable) {</span>
<span class="source-line-no">098</span><span id="line-98"> return;</span>
<span class="source-line-no">099</span><span id="line-99"> }</span>
<span class="source-line-no">100</span><span id="line-100"> TEST_UTIL.shutdownMiniCluster();</span>
<span class="source-line-no">101</span><span id="line-101"> }</span>
<span class="source-line-no">102</span><span id="line-102"></span>
<span class="source-line-no">103</span><span id="line-103"> @Before</span>
<span class="source-line-no">104</span><span id="line-104"> public void setUp() throws Exception {</span>
<span class="source-line-no">105</span><span id="line-105"> if (!secureZKAvailable) {</span>
<span class="source-line-no">106</span><span id="line-106"> return;</span>
<span class="source-line-no">107</span><span id="line-107"> }</span>
<span class="source-line-no">108</span><span id="line-108"> TEST_UTIL.ensureSomeRegionServersAvailable(2);</span>
<span class="source-line-no">109</span><span id="line-109"> }</span>
<span class="source-line-no">110</span><span id="line-110"></span>
<span class="source-line-no">111</span><span id="line-111"> /**</span>
<span class="source-line-no">112</span><span id="line-112"> * Create a node and check its ACL. When authentication is enabled on ZooKeeper, all nodes (except</span>
<span class="source-line-no">113</span><span id="line-113"> * /hbase/root-region-server, /hbase/master and /hbase/hbaseid) should be created so that only the</span>
<span class="source-line-no">114</span><span id="line-114"> * hbase server user (master or region server user) that created them can access them, and this</span>
<span class="source-line-no">115</span><span id="line-115"> * user should have all permissions on this node. For /hbase/root-region-server, /hbase/master,</span>
<span class="source-line-no">116</span><span id="line-116"> * and /hbase/hbaseid the permissions should be as above, but should also be world-readable. First</span>
<span class="source-line-no">117</span><span id="line-117"> * we check the general case of /hbase nodes in the following test, and then check the subset of</span>
<span class="source-line-no">118</span><span id="line-118"> * world-readable nodes in the three tests after that.</span>
<span class="source-line-no">119</span><span id="line-119"> */</span>
<span class="source-line-no">120</span><span id="line-120"> @Test</span>
<span class="source-line-no">121</span><span id="line-121"> public void testHBaseRootZNodeACL() throws Exception {</span>
<span class="source-line-no">122</span><span id="line-122"> if (!secureZKAvailable) {</span>
<span class="source-line-no">123</span><span id="line-123"> return;</span>
<span class="source-line-no">124</span><span id="line-124"> }</span>
<span class="source-line-no">125</span><span id="line-125"></span>
<span class="source-line-no">126</span><span id="line-126"> List&lt;ACL&gt; acls = zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/hbase", new Stat());</span>
<span class="source-line-no">127</span><span id="line-127"> assertEquals(1, acls.size());</span>
<span class="source-line-no">128</span><span id="line-128"> assertEquals("sasl", acls.get(0).getId().getScheme());</span>
<span class="source-line-no">129</span><span id="line-129"> assertEquals("hbase", acls.get(0).getId().getId());</span>
<span class="source-line-no">130</span><span id="line-130"> assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());</span>
<span class="source-line-no">131</span><span id="line-131"> }</span>
<span class="source-line-no">132</span><span id="line-132"></span>
<span class="source-line-no">133</span><span id="line-133"> /**</span>
<span class="source-line-no">134</span><span id="line-134"> * When authentication is enabled on ZooKeeper, /hbase/root-region-server should be created with 2</span>
<span class="source-line-no">135</span><span id="line-135"> * ACLs: one specifies that the hbase user has full access to the node; the other, that it is</span>
<span class="source-line-no">136</span><span id="line-136"> * world-readable.</span>
<span class="source-line-no">137</span><span id="line-137"> */</span>
<span class="source-line-no">138</span><span id="line-138"> @Test</span>
<span class="source-line-no">139</span><span id="line-139"> public void testHBaseRootRegionServerZNodeACL() throws Exception {</span>
<span class="source-line-no">140</span><span id="line-140"> if (!secureZKAvailable) {</span>
<span class="source-line-no">141</span><span id="line-141"> return;</span>
<span class="source-line-no">142</span><span id="line-142"> }</span>
<span class="source-line-no">143</span><span id="line-143"></span>
<span class="source-line-no">144</span><span id="line-144"> List&lt;ACL&gt; acls =</span>
<span class="source-line-no">145</span><span id="line-145"> zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/hbase/root-region-server", new Stat());</span>
<span class="source-line-no">146</span><span id="line-146"> assertEquals(2, acls.size());</span>
<span class="source-line-no">147</span><span id="line-147"></span>
<span class="source-line-no">148</span><span id="line-148"> boolean foundWorldReadableAcl = false;</span>
<span class="source-line-no">149</span><span id="line-149"> boolean foundHBaseOwnerAcl = false;</span>
<span class="source-line-no">150</span><span id="line-150"> for (int i = 0; i &lt; 2; i++) {</span>
<span class="source-line-no">151</span><span id="line-151"> if (acls.get(i).getId().getScheme().equals("world") == true) {</span>
<span class="source-line-no">152</span><span id="line-152"> assertEquals("anyone", acls.get(0).getId().getId());</span>
<span class="source-line-no">153</span><span id="line-153"> assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms());</span>
<span class="source-line-no">154</span><span id="line-154"> foundWorldReadableAcl = true;</span>
<span class="source-line-no">155</span><span id="line-155"> } else {</span>
<span class="source-line-no">156</span><span id="line-156"> if (acls.get(i).getId().getScheme().equals("sasl") == true) {</span>
<span class="source-line-no">157</span><span id="line-157"> assertEquals("hbase", acls.get(1).getId().getId());</span>
<span class="source-line-no">158</span><span id="line-158"> assertEquals("sasl", acls.get(1).getId().getScheme());</span>
<span class="source-line-no">159</span><span id="line-159"> foundHBaseOwnerAcl = true;</span>
<span class="source-line-no">160</span><span id="line-160"> } else { // error: should not get here: test fails.</span>
<span class="source-line-no">161</span><span id="line-161"> assertTrue(false);</span>
<span class="source-line-no">162</span><span id="line-162"> }</span>
<span class="source-line-no">163</span><span id="line-163"> }</span>
<span class="source-line-no">164</span><span id="line-164"> }</span>
<span class="source-line-no">165</span><span id="line-165"> assertTrue(foundWorldReadableAcl);</span>
<span class="source-line-no">166</span><span id="line-166"> assertTrue(foundHBaseOwnerAcl);</span>
<span class="source-line-no">167</span><span id="line-167"> }</span>
<span class="source-line-no">168</span><span id="line-168"></span>
<span class="source-line-no">169</span><span id="line-169"> /**</span>
<span class="source-line-no">170</span><span id="line-170"> * When authentication is enabled on ZooKeeper, /hbase/master should be created with 2 ACLs: one</span>
<span class="source-line-no">171</span><span id="line-171"> * specifies that the hbase user has full access to the node; the other, that it is</span>
<span class="source-line-no">172</span><span id="line-172"> * world-readable.</span>
<span class="source-line-no">173</span><span id="line-173"> */</span>
<span class="source-line-no">174</span><span id="line-174"> @Test</span>
<span class="source-line-no">175</span><span id="line-175"> public void testHBaseMasterServerZNodeACL() throws Exception {</span>
<span class="source-line-no">176</span><span id="line-176"> if (!secureZKAvailable) {</span>
<span class="source-line-no">177</span><span id="line-177"> return;</span>
<span class="source-line-no">178</span><span id="line-178"> }</span>
<span class="source-line-no">179</span><span id="line-179"></span>
<span class="source-line-no">180</span><span id="line-180"> List&lt;ACL&gt; acls =</span>
<span class="source-line-no">181</span><span id="line-181"> zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/hbase/master", new Stat());</span>
<span class="source-line-no">182</span><span id="line-182"> assertEquals(2, acls.size());</span>
<span class="source-line-no">183</span><span id="line-183"></span>
<span class="source-line-no">184</span><span id="line-184"> boolean foundWorldReadableAcl = false;</span>
<span class="source-line-no">185</span><span id="line-185"> boolean foundHBaseOwnerAcl = false;</span>
<span class="source-line-no">186</span><span id="line-186"> for (int i = 0; i &lt; 2; i++) {</span>
<span class="source-line-no">187</span><span id="line-187"> if (acls.get(i).getId().getScheme().equals("world") == true) {</span>
<span class="source-line-no">188</span><span id="line-188"> assertEquals("anyone", acls.get(0).getId().getId());</span>
<span class="source-line-no">189</span><span id="line-189"> assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms());</span>
<span class="source-line-no">190</span><span id="line-190"> foundWorldReadableAcl = true;</span>
<span class="source-line-no">191</span><span id="line-191"> } else {</span>
<span class="source-line-no">192</span><span id="line-192"> if (acls.get(i).getId().getScheme().equals("sasl") == true) {</span>
<span class="source-line-no">193</span><span id="line-193"> assertEquals("hbase", acls.get(1).getId().getId());</span>
<span class="source-line-no">194</span><span id="line-194"> assertEquals("sasl", acls.get(1).getId().getScheme());</span>
<span class="source-line-no">195</span><span id="line-195"> foundHBaseOwnerAcl = true;</span>
<span class="source-line-no">196</span><span id="line-196"> } else { // error: should not get here: test fails.</span>
<span class="source-line-no">197</span><span id="line-197"> assertTrue(false);</span>
<span class="source-line-no">198</span><span id="line-198"> }</span>
<span class="source-line-no">199</span><span id="line-199"> }</span>
<span class="source-line-no">200</span><span id="line-200"> }</span>
<span class="source-line-no">201</span><span id="line-201"> assertTrue(foundWorldReadableAcl);</span>
<span class="source-line-no">202</span><span id="line-202"> assertTrue(foundHBaseOwnerAcl);</span>
<span class="source-line-no">203</span><span id="line-203"> }</span>
<span class="source-line-no">204</span><span id="line-204"></span>
<span class="source-line-no">205</span><span id="line-205"> /**</span>
<span class="source-line-no">206</span><span id="line-206"> * When authentication is enabled on ZooKeeper, /hbase/hbaseid should be created with 2 ACLs: one</span>
<span class="source-line-no">207</span><span id="line-207"> * specifies that the hbase user has full access to the node; the other, that it is</span>
<span class="source-line-no">208</span><span id="line-208"> * world-readable.</span>
<span class="source-line-no">209</span><span id="line-209"> */</span>
<span class="source-line-no">210</span><span id="line-210"> @Test</span>
<span class="source-line-no">211</span><span id="line-211"> public void testHBaseIDZNodeACL() throws Exception {</span>
<span class="source-line-no">212</span><span id="line-212"> if (!secureZKAvailable) {</span>
<span class="source-line-no">213</span><span id="line-213"> return;</span>
<span class="source-line-no">214</span><span id="line-214"> }</span>
<span class="source-line-no">215</span><span id="line-215"></span>
<span class="source-line-no">216</span><span id="line-216"> List&lt;ACL&gt; acls =</span>
<span class="source-line-no">217</span><span id="line-217"> zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/hbase/hbaseid", new Stat());</span>
<span class="source-line-no">218</span><span id="line-218"> assertEquals(2, acls.size());</span>
<span class="source-line-no">219</span><span id="line-219"></span>
<span class="source-line-no">220</span><span id="line-220"> boolean foundWorldReadableAcl = false;</span>
<span class="source-line-no">221</span><span id="line-221"> boolean foundHBaseOwnerAcl = false;</span>
<span class="source-line-no">222</span><span id="line-222"> for (int i = 0; i &lt; 2; i++) {</span>
<span class="source-line-no">223</span><span id="line-223"> if (acls.get(i).getId().getScheme().equals("world") == true) {</span>
<span class="source-line-no">224</span><span id="line-224"> assertEquals("anyone", acls.get(0).getId().getId());</span>
<span class="source-line-no">225</span><span id="line-225"> assertEquals(ZooDefs.Perms.READ, acls.get(0).getPerms());</span>
<span class="source-line-no">226</span><span id="line-226"> foundWorldReadableAcl = true;</span>
<span class="source-line-no">227</span><span id="line-227"> } else {</span>
<span class="source-line-no">228</span><span id="line-228"> if (acls.get(i).getId().getScheme().equals("sasl") == true) {</span>
<span class="source-line-no">229</span><span id="line-229"> assertEquals("hbase", acls.get(1).getId().getId());</span>
<span class="source-line-no">230</span><span id="line-230"> assertEquals("sasl", acls.get(1).getId().getScheme());</span>
<span class="source-line-no">231</span><span id="line-231"> foundHBaseOwnerAcl = true;</span>
<span class="source-line-no">232</span><span id="line-232"> } else { // error: should not get here: test fails.</span>
<span class="source-line-no">233</span><span id="line-233"> assertTrue(false);</span>
<span class="source-line-no">234</span><span id="line-234"> }</span>
<span class="source-line-no">235</span><span id="line-235"> }</span>
<span class="source-line-no">236</span><span id="line-236"> }</span>
<span class="source-line-no">237</span><span id="line-237"> assertTrue(foundWorldReadableAcl);</span>
<span class="source-line-no">238</span><span id="line-238"> assertTrue(foundHBaseOwnerAcl);</span>
<span class="source-line-no">239</span><span id="line-239"> }</span>
<span class="source-line-no">240</span><span id="line-240"></span>
<span class="source-line-no">241</span><span id="line-241"> /**</span>
<span class="source-line-no">242</span><span id="line-242"> * Finally, we check the ACLs of a node outside of the /hbase hierarchy and verify that its ACL is</span>
<span class="source-line-no">243</span><span id="line-243"> * simply 'hbase:Perms.ALL'.</span>
<span class="source-line-no">244</span><span id="line-244"> */</span>
<span class="source-line-no">245</span><span id="line-245"> @Test</span>
<span class="source-line-no">246</span><span id="line-246"> public void testOutsideHBaseNodeACL() throws Exception {</span>
<span class="source-line-no">247</span><span id="line-247"> if (!secureZKAvailable) {</span>
<span class="source-line-no">248</span><span id="line-248"> return;</span>
<span class="source-line-no">249</span><span id="line-249"> }</span>
<span class="source-line-no">250</span><span id="line-250"></span>
<span class="source-line-no">251</span><span id="line-251"> ZKUtil.createWithParents(zkw, "/testACLNode");</span>
<span class="source-line-no">252</span><span id="line-252"> List&lt;ACL&gt; acls =</span>
<span class="source-line-no">253</span><span id="line-253"> zkw.getRecoverableZooKeeper().getZooKeeper().getACL("/testACLNode", new Stat());</span>
<span class="source-line-no">254</span><span id="line-254"> assertEquals(1, acls.size());</span>
<span class="source-line-no">255</span><span id="line-255"> assertEquals("sasl", acls.get(0).getId().getScheme());</span>
<span class="source-line-no">256</span><span id="line-256"> assertEquals("hbase", acls.get(0).getId().getId());</span>
<span class="source-line-no">257</span><span id="line-257"> assertEquals(ZooDefs.Perms.ALL, acls.get(0).getPerms());</span>
<span class="source-line-no">258</span><span id="line-258"> }</span>
<span class="source-line-no">259</span><span id="line-259"></span>
<span class="source-line-no">260</span><span id="line-260"> /**</span>
<span class="source-line-no">261</span><span id="line-261"> * Check if ZooKeeper JaasConfiguration is valid.</span>
<span class="source-line-no">262</span><span id="line-262"> */</span>
<span class="source-line-no">263</span><span id="line-263"> @Test</span>
<span class="source-line-no">264</span><span id="line-264"> public void testIsZooKeeperSecure() throws Exception {</span>
<span class="source-line-no">265</span><span id="line-265"> boolean testJaasConfig =</span>
<span class="source-line-no">266</span><span id="line-266"> ZKAuthentication.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));</span>
<span class="source-line-no">267</span><span id="line-267"> assertEquals(testJaasConfig, secureZKAvailable);</span>
<span class="source-line-no">268</span><span id="line-268"> // Define Jaas configuration without ZooKeeper Jaas config</span>
<span class="source-line-no">269</span><span id="line-269"> File saslConfFile = File.createTempFile("tmp", "fakeJaas.conf");</span>
<span class="source-line-no">270</span><span id="line-270"> try (OutputStreamWriter fwriter =</span>
<span class="source-line-no">271</span><span id="line-271"> new OutputStreamWriter(new FileOutputStream(saslConfFile), StandardCharsets.UTF_8)) {</span>
<span class="source-line-no">272</span><span id="line-272"> fwriter.write("");</span>
<span class="source-line-no">273</span><span id="line-273"> }</span>
<span class="source-line-no">274</span><span id="line-274"></span>
<span class="source-line-no">275</span><span id="line-275"> System.setProperty("java.security.auth.login.config", saslConfFile.getAbsolutePath());</span>
<span class="source-line-no">276</span><span id="line-276"></span>
<span class="source-line-no">277</span><span id="line-277"> testJaasConfig =</span>
<span class="source-line-no">278</span><span id="line-278"> ZKAuthentication.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));</span>
<span class="source-line-no">279</span><span id="line-279"> assertFalse(testJaasConfig);</span>
<span class="source-line-no">280</span><span id="line-280"> saslConfFile.delete();</span>
<span class="source-line-no">281</span><span id="line-281"> }</span>
<span class="source-line-no">282</span><span id="line-282"></span>
<span class="source-line-no">283</span><span id="line-283"> /**</span>
<span class="source-line-no">284</span><span id="line-284"> * Check if Programmatic way of setting zookeeper security settings is valid.</span>
<span class="source-line-no">285</span><span id="line-285"> */</span>
<span class="source-line-no">286</span><span id="line-286"> @Test</span>
<span class="source-line-no">287</span><span id="line-287"> public void testIsZooKeeperSecureWithProgrammaticConfig() throws Exception {</span>
<span class="source-line-no">288</span><span id="line-288"></span>
<span class="source-line-no">289</span><span id="line-289"> javax.security.auth.login.Configuration.setConfiguration(new DummySecurityConfiguration());</span>
<span class="source-line-no">290</span><span id="line-290"></span>
<span class="source-line-no">291</span><span id="line-291"> Configuration config = new Configuration(HBaseConfiguration.create());</span>
<span class="source-line-no">292</span><span id="line-292"> boolean testJaasConfig = ZKAuthentication.isSecureZooKeeper(config);</span>
<span class="source-line-no">293</span><span id="line-293"> assertFalse(testJaasConfig);</span>
<span class="source-line-no">294</span><span id="line-294"></span>
<span class="source-line-no">295</span><span id="line-295"> // Now set authentication scheme to Kerberos still it should return false</span>
<span class="source-line-no">296</span><span id="line-296"> // because no configuration set</span>
<span class="source-line-no">297</span><span id="line-297"> config.set("hbase.security.authentication", "kerberos");</span>
<span class="source-line-no">298</span><span id="line-298"> testJaasConfig = ZKAuthentication.isSecureZooKeeper(config);</span>
<span class="source-line-no">299</span><span id="line-299"> assertFalse(testJaasConfig);</span>
<span class="source-line-no">300</span><span id="line-300"></span>
<span class="source-line-no">301</span><span id="line-301"> // Now set programmatic options related to security</span>
<span class="source-line-no">302</span><span id="line-302"> config.set(HConstants.ZK_CLIENT_KEYTAB_FILE, "/dummy/file");</span>
<span class="source-line-no">303</span><span id="line-303"> config.set(HConstants.ZK_CLIENT_KERBEROS_PRINCIPAL, "dummy");</span>
<span class="source-line-no">304</span><span id="line-304"> config.set(HConstants.ZK_SERVER_KEYTAB_FILE, "/dummy/file");</span>
<span class="source-line-no">305</span><span id="line-305"> config.set(HConstants.ZK_SERVER_KERBEROS_PRINCIPAL, "dummy");</span>
<span class="source-line-no">306</span><span id="line-306"> testJaasConfig = ZKAuthentication.isSecureZooKeeper(config);</span>
<span class="source-line-no">307</span><span id="line-307"> assertTrue(testJaasConfig);</span>
<span class="source-line-no">308</span><span id="line-308"> }</span>
<span class="source-line-no">309</span><span id="line-309"></span>
<span class="source-line-no">310</span><span id="line-310"> private static class DummySecurityConfiguration extends javax.security.auth.login.Configuration {</span>
<span class="source-line-no">311</span><span id="line-311"> @Override</span>
<span class="source-line-no">312</span><span id="line-312"> public AppConfigurationEntry[] getAppConfigurationEntry(String name) {</span>
<span class="source-line-no">313</span><span id="line-313"> return null;</span>
<span class="source-line-no">314</span><span id="line-314"> }</span>
<span class="source-line-no">315</span><span id="line-315"> }</span>
<span class="source-line-no">316</span><span id="line-316"></span>
<span class="source-line-no">317</span><span id="line-317"> @Test</span>
<span class="source-line-no">318</span><span id="line-318"> public void testAdminDrainAllowedOnSecureZK() throws Exception {</span>
<span class="source-line-no">319</span><span id="line-319"> if (!secureZKAvailable) {</span>
<span class="source-line-no">320</span><span id="line-320"> return;</span>
<span class="source-line-no">321</span><span id="line-321"> }</span>
<span class="source-line-no">322</span><span id="line-322"> List&lt;ServerName&gt; decommissionedServers = new ArrayList&lt;&gt;(1);</span>
<span class="source-line-no">323</span><span id="line-323"> decommissionedServers.add(ServerName.parseServerName("ZZZ,123,123"));</span>
<span class="source-line-no">324</span><span id="line-324"></span>
<span class="source-line-no">325</span><span id="line-325"> // If unable to connect to secure ZK cluster then this operation would fail.</span>
<span class="source-line-no">326</span><span id="line-326"> TEST_UTIL.getAdmin().decommissionRegionServers(decommissionedServers, false);</span>
<span class="source-line-no">327</span><span id="line-327"></span>
<span class="source-line-no">328</span><span id="line-328"> decommissionedServers = TEST_UTIL.getAdmin().listDecommissionedRegionServers();</span>
<span class="source-line-no">329</span><span id="line-329"> assertEquals(1, decommissionedServers.size());</span>
<span class="source-line-no">330</span><span id="line-330"> assertEquals(ServerName.parseServerName("ZZZ,123,123"), decommissionedServers.get(0));</span>
<span class="source-line-no">331</span><span id="line-331"></span>
<span class="source-line-no">332</span><span id="line-332"> TEST_UTIL.getAdmin().recommissionRegionServer(decommissionedServers.get(0), null);</span>
<span class="source-line-no">333</span><span id="line-333"> decommissionedServers = TEST_UTIL.getAdmin().listDecommissionedRegionServers();</span>
<span class="source-line-no">334</span><span id="line-334"> assertEquals(0, decommissionedServers.size());</span>
<span class="source-line-no">335</span><span id="line-335"> }</span>
<span class="source-line-no">336</span><span id="line-336"></span>
<span class="source-line-no">337</span><span id="line-337">}</span>
</pre>
</div>
</main>
</body>
</html>