// Verifies that contender and detector operations fail when facing
// non-retryable errors returned by ZooKeeper.
TEST_F(ZooKeeperMasterContenderDetectorTest, NonRetryableFrrors)
{
// group1 creates a base directory in ZooKeeper and sets the
// credential for the user.
zookeeper::Group group1(
server->connectString(),
MASTER_CONTENDER_ZK_SESSION_TIMEOUT,
"/mesos",
zookeeper::Authentication("digest", "member:member"));
AWAIT_READY(group1.join("data"));
PID<Master> pid;
pid.node.ip = 10000000;
pid.node.port = 10000;
MasterInfo master = internal::protobuf::createMasterInfo(pid);
// group2's password is wrong and operations on it will fail.
Owned<zookeeper::Group> group2(new Group(
server->connectString(),
MASTER_CONTENDER_ZK_SESSION_TIMEOUT,
"/mesos",
zookeeper::Authentication("digest", "member:wrongpass")));
ZooKeeperMasterContender contender(group2);
contender.initialize(master);
// Fails due to authentication error.
AWAIT_FAILED(contender.contend());
// Subsequent call should also fail.
AWAIT_FAILED(contender.contend());
// Now test non-retryable failures in detection.
ZooKeeperTest::TestWatcher watcher;
ZooKeeper authenticatedZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
authenticatedZk.authenticate("digest", "creator:creator");
// Creator of the base path restricts the all accesses to be
// itself.
::ACL onlyCreatorCanAccess[] = {{ ZOO_PERM_ALL, ZOO_AUTH_IDS }};
authenticatedZk.create("/test",
"42",
(ACL_vector) {1, onlyCreatorCanAccess},
0,
NULL);
ASSERT_ZK_GET("42", &authenticatedZk, "/test");
// group3 cannot read the base path thus detector should fail.
Owned<Group> group3(new Group(
server->connectString(),
MASTER_DETECTOR_ZK_SESSION_TIMEOUT,
"/test",
None()));
ZooKeeperMasterDetector detector(group3);
AWAIT_FAILED(detector.detect());
// Subsequent call should also fail.
AWAIT_FAILED(detector.detect());
}
TEST_F(ZooKeeperTest, Auth)
{
ZooKeeperTest::TestWatcher watcher;
ZooKeeper authenticatedZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
authenticatedZk.authenticate("digest", "creator:creator");
authenticatedZk.create("/test",
"42",
zookeeper::EVERYONE_READ_CREATOR_ALL,
0,
NULL);
ASSERT_ZK_GET("42", &authenticatedZk, "/test");
ZooKeeper unauthenticatedZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
ASSERT_ZK_GET("42", &unauthenticatedZk, "/test");
ASSERT_EQ(ZNOAUTH, unauthenticatedZk.set("/test", "", -1));
ZooKeeper nonOwnerZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
nonOwnerZk.authenticate("digest", "non-owner:non-owner");
ASSERT_ZK_GET("42", &nonOwnerZk, "/test");
ASSERT_EQ(ZNOAUTH, nonOwnerZk.set("/test", "", -1));
}
TEST_F(GroupTest, GroupPathWithRestrictivePerms)
{
ZooKeeperTest::TestWatcher watcher;
ZooKeeper authenticatedZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
authenticatedZk.authenticate("digest", "creator:creator");
authenticatedZk.create(
"/read-only",
"42",
zookeeper::EVERYONE_READ_CREATOR_ALL,
0,
NULL);
ASSERT_ZK_GET("42", &authenticatedZk, "/read-only");
authenticatedZk.create(
"/read-only/writable",
"37",
ZOO_OPEN_ACL_UNSAFE,
0,
NULL);
ASSERT_ZK_GET("37", &authenticatedZk, "/read-only/writable");
zookeeper::Authentication auth("digest", "non-creator:non-creator");
Group failedGroup1(
server->connectString(),
NO_TIMEOUT,
"/read-only/",
auth);
AWAIT_FAILED(failedGroup1.join("fail"));
Group failedGroup2(
server->connectString(),
NO_TIMEOUT,
"/read-only/new",
auth);
AWAIT_FAILED(failedGroup2.join("fail"));
Group successGroup(
server->connectString(),
NO_TIMEOUT,
"/read-only/writable/",
auth);
AWAIT_READY(successGroup.join("succeed"));
}
TEST_F(ZooKeeperTest, Create)
{
ZooKeeperTest::TestWatcher watcher;
ZooKeeper authenticatedZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
authenticatedZk.authenticate("digest", "creator:creator");
EXPECT_EQ(ZOK, authenticatedZk.create("/foo/bar",
"",
zookeeper::EVERYONE_READ_CREATOR_ALL,
0,
NULL,
true));
authenticatedZk.create("/foo/bar/baz",
"43",
zookeeper::EVERYONE_CREATE_AND_READ_CREATOR_ALL,
0,
NULL);
ASSERT_ZK_GET("43", &authenticatedZk, "/foo/bar/baz");
ZooKeeper nonOwnerZk(server->connectString(), NO_TIMEOUT, &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
nonOwnerZk.authenticate("digest", "non-owner:non-owner");
EXPECT_EQ(ZNODEEXISTS, nonOwnerZk.create("/foo/bar/baz",
"",
zookeeper::EVERYONE_READ_CREATOR_ALL,
0,
NULL,
true));
EXPECT_EQ(ZOK, nonOwnerZk.create("/foo/bar/baz/bam",
"44",
zookeeper::EVERYONE_READ_CREATOR_ALL,
0,
NULL,
true));
ASSERT_ZK_GET("44", &nonOwnerZk, "/foo/bar/baz/bam");
std::string result;
EXPECT_EQ(ZOK, nonOwnerZk.create("/foo/bar/baz/",
"",
zookeeper::EVERYONE_READ_CREATOR_ALL,
ZOO_SEQUENCE | ZOO_EPHEMERAL,
&result,
true));
EXPECT_TRUE(strings::startsWith(result, "/foo/bar/baz/0"));
}
TEST_F(ZooKeeperTest, SessionTimeoutNegotiation)
{
server->setMinSessionTimeout(Seconds(8));
server->setMaxSessionTimeout(Seconds(20));
EXPECT_EQ(Seconds(8), server->getMinSessionTimeout());
EXPECT_EQ(Seconds(20), server->getMaxSessionTimeout());
ZooKeeperTest::TestWatcher watcher;
ZooKeeper zk1(server->connectString(), Seconds(7), &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
// The requested timeout is less than server's min value so the
// negotiated result is the sever's min value.
EXPECT_EQ(Seconds(8), zk1.getSessionTimeout());
ZooKeeper zk2(server->connectString(), Seconds(22), &watcher);
watcher.awaitSessionEvent(ZOO_CONNECTED_STATE);
// The requested timeout is greater than server's max value so the
// negotiated result is the sever's max value.
EXPECT_EQ(Seconds(20), zk2.getSessionTimeout());
}
