public void testACLs() { ZooKeeper zk = null; try { zk = createClient(); try { zk.create("/acltest", new byte[0], ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); Assert.fail("Should have received an invalid acl error"); } catch (KeeperException.InvalidACLException e) { LOG.info("Test successful, invalid acl received : " + e.Message); } try { List <ACL> testACL = new List <ACL>(); testACL.Add(new ACL((int)(ZooDefs.Perms.ALL | ZooDefs.Perms.ADMIN), ZooDefs.Ids.AUTH_IDS)); testACL.Add(new ACL((int)(ZooDefs.Perms.ALL | ZooDefs.Perms.ADMIN), new Id("ip", "127.0.0.1/8"))); zk.create("/acltest", new byte[0], testACL, CreateMode.PERSISTENT); Assert.fail("Should have received an invalid acl error"); } catch (KeeperException.InvalidACLException e) { LOG.info("Test successful, invalid acl received : " + e.Message); } zk.addAuthInfo("digest", "ben:passwd".getBytes()); zk.create("/acltest", new byte[0], ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); zk.close(); zk = createClient(); zk.addAuthInfo("digest", "ben:passwd2".getBytes()); try { zk.getData("/acltest", false, new Stat()); Assert.fail("Should have received a permission error"); } catch (KeeperException e) { Assert.assertEquals(KeeperException.Code.NOAUTH, e.getCode()); } zk.addAuthInfo("digest", "ben:passwd".getBytes()); zk.getData("/acltest", false, new Stat()); zk.setACL("/acltest", ZooDefs.Ids.OPEN_ACL_UNSAFE, -1); zk.close(); zk = createClient(); zk.getData("/acltest", false, new Stat()); IList <ACL> acls = zk.getACL("/acltest", new Stat()); Assert.assertEquals(1, acls.Count); Assert.assertEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, acls); zk.close(); } finally { if (zk != null) { zk.close(); } } }
public void testRootAcl() { ZooKeeper zk = createClient(); try { // set auth using digest zk.addAuthInfo("digest", "pat:test".getBytes()); zk.setACL("/", ZooDefs.Ids.CREATOR_ALL_ACL, -1); zk.getData("/", false, null); zk.close(); // verify no access zk = createClient(); try { zk.getData("/", false, null); Assert.fail("validate auth"); } catch (KeeperException.NoAuthException) { // expected } try { zk.create("/apps", null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); Assert.fail("validate auth"); } catch (KeeperException.InvalidACLException) { // expected } zk.addAuthInfo("digest", "world:anyone".getBytes()); try { zk.create("/apps", null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); Assert.fail("validate auth"); } catch (KeeperException.NoAuthException) { // expected } zk.close(); // verify access using original auth zk = createClient(); zk.addAuthInfo("digest", "pat:test".getBytes()); zk.getData("/", false, null); zk.create("/apps", null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); zk.delete("/apps", -1); // reset acl (back to open) and verify accessible again zk.setACL("/", ZooDefs.Ids.OPEN_ACL_UNSAFE, -1); zk.close(); zk = createClient(); zk.getData("/", false, null); zk.create("/apps", null, ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); try { zk.create("/apps", null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); Assert.fail("validate auth"); } catch (KeeperException.InvalidACLException) { // expected } zk.delete("/apps", -1); zk.addAuthInfo("digest", "world:anyone".getBytes()); zk.create("/apps", null, ZooDefs.Ids.CREATOR_ALL_ACL, CreateMode.PERSISTENT); zk.close(); zk = createClient(); zk.delete("/apps", -1); } finally { zk.close(); } }