/** * Test to verify that server shouldn't start with invalid credentials * if the configuration is set to quorum.auth.serverRequireSasl=true, * quorum.auth.learnerRequireSasl=true */ @Test(timeout = 30000) public void testSaslRequiredInvalidCredentials() throws Exception { Map<String, String> authConfigs = new HashMap<String, String>(); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_LOGIN_CONTEXT, "QuorumLearnerInvalid"); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); int serverCount = 2; final int[] clientPorts = startQuorum(serverCount, 0, new StringBuilder(), authConfigs, serverCount, false); for (int i = 0; i < serverCount; i++) { boolean waitForServerUp = ClientBase.waitForServerUp( "127.0.0.1:" + clientPorts[i], QuorumPeerTestBase.TIMEOUT); Assert.assertFalse("Shouldn't start server with invalid credentials", waitForServerUp); } }
/** * Starts a quorum of two servers and tests that we can query both AdminServers. */ @Test public void testQuorum() throws Exception { ClientBase.setupTestEnv(); final int CLIENT_PORT_QP1 = PortAssignment.unique(); final int CLIENT_PORT_QP2 = PortAssignment.unique(); final int ADMIN_SERVER_PORT1 = PortAssignment.unique(); final int ADMIN_SERVER_PORT2 = PortAssignment.unique(); String quorumCfgSection = String.format ("server.1=127.0.0.1:%d:%d;%d\nserver.2=127.0.0.1:%d:%d;%d", PortAssignment.unique(), PortAssignment.unique(), CLIENT_PORT_QP1, PortAssignment.unique(), PortAssignment.unique(), CLIENT_PORT_QP2 ); QuorumPeerTestBase.MainThread q1 = new QuorumPeerTestBase.MainThread( 1, CLIENT_PORT_QP1, ADMIN_SERVER_PORT1, quorumCfgSection, null); q1.start(); // Since JettyAdminServer reads a system property to determine its port, // make sure it initializes itself before setting the system property // again with the second port number Thread.sleep(500); QuorumPeerTestBase.MainThread q2 = new QuorumPeerTestBase.MainThread( 2, CLIENT_PORT_QP2, ADMIN_SERVER_PORT2, quorumCfgSection, null); q2.start(); Thread.sleep(500); Assert.assertTrue("waiting for server 1 being up", ClientBase.waitForServerUp("127.0.0.1:" + CLIENT_PORT_QP1, ClientBase.CONNECTION_TIMEOUT)); Assert.assertTrue("waiting for server 2 being up", ClientBase.waitForServerUp("127.0.0.1:" + CLIENT_PORT_QP2, ClientBase.CONNECTION_TIMEOUT)); queryAdminServer(ADMIN_SERVER_PORT1); queryAdminServer(ADMIN_SERVER_PORT2); q1.shutdown(); q2.shutdown(); Assert.assertTrue("waiting for server 1 down", ClientBase.waitForServerDown("127.0.0.1:" + CLIENT_PORT_QP1, ClientBase.CONNECTION_TIMEOUT)); Assert.assertTrue("waiting for server 2 down", ClientBase.waitForServerDown("127.0.0.1:" + CLIENT_PORT_QP2, ClientBase.CONNECTION_TIMEOUT)); }
/** * Test to verify that non-auth enabled Observer server should be rejected * by the auth enabled quorum servers. */ @Test(timeout = 30000) public void testNonAuthEnabledObserverJoiningAuthEnabledQuorum() throws Exception { Map<String, String> authConfigs = new HashMap<String, String>(); authConfigs.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, "true"); authConfigs.put(QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, "true"); authConfigs.put(QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, "true"); // Starting auth enabled 3-node cluster. int totalServerCount = 3; String connectStr = startQuorum(totalServerCount, authConfigs, totalServerCount, false); CountdownWatcher watcher = new CountdownWatcher(); zk = new ZooKeeper(connectStr.toString(), ClientBase.CONNECTION_TIMEOUT, watcher); watcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT); zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT_SEQUENTIAL); // Adding a non-auth enabled Observer to the 3-node auth cluster. String quorumCfgSection = mt.get(0).getQuorumCfgSection(); int observerMyid = totalServerCount + 1; StringBuilder newObsCfgSection = new StringBuilder(quorumCfgSection); newObsCfgSection.append("\n"); newObsCfgSection.append(String.format( "server.%d=localhost:%d:%d:observer", observerMyid, PortAssignment.unique(), PortAssignment.unique())); newObsCfgSection.append("\npeerType=observer"); newObsCfgSection.append("\n"); int clientPort = PortAssignment.unique(); newObsCfgSection.append("127.0.0.1:" + clientPort); MainThread mthread = new MainThread(observerMyid, clientPort, newObsCfgSection.toString()); mt.add(mthread); mthread.start(); boolean waitForServerUp = ClientBase.waitForServerUp( "127.0.0.1:" + clientPort, QuorumPeerTestBase.TIMEOUT); Assert.assertFalse( "Non-auth enabled Observer shouldn't be able join auth-enabled quorum", waitForServerUp); // quorum shouldn't be disturbed due to rejection. zk.create("/myTestRoot", new byte[0], Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT_SEQUENTIAL); }
