-
Notifications
You must be signed in to change notification settings - Fork 7.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ZOOKEEPER-3561: Generalize target authentication scheme for ZooKeeper authentication enforcement. #1500
ZOOKEEPER-3561: Generalize target authentication scheme for ZooKeeper authentication enforcement. #1500
Conversation
… authentication enforcement.
As enforcing the SASL authentication scheme feature is already released. Keeping the feature as it is. Provided generalization on top of it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
CI build fails due to check style failure. Let's fix these to get a green build.
zookeeper-server/src/main/java/org/apache/zookeeper/server/ZooKeeperServer.java
Outdated
Show resolved
Hide resolved
zookeeper-server/src/test/java/org/apache/zookeeper/EnforceAuthenticationTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great stuff, lgtm.
Just a few nitpicks.
zookeeper-server/src/test/java/org/apache/zookeeper/EnforceAuthenticationTest.java
Outdated
Show resolved
Hide resolved
zookeeper-server/src/test/java/org/apache/zookeeper/EnforceAuthenticationTest.java
Outdated
Show resolved
Hide resolved
One ci feedback is pending from long time. Reopening the PR to trigger the ci again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM !
very useful
zookeeper-server/src/test/java/org/apache/zookeeper/EnforceAuthenticationTest.java
Outdated
Show resolved
Hide resolved
@arshadmohammad in order to force Jenkins to restart the job click on the click on the link "Details",login with your Apache id/password and click on the button to restart the job |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally LGTM, but we have an existing use-case which requires multiple scheme
s. (I am willing to contribute such a change in a subsequent PR, however.)
…n schemes to enforce authentication
There is one C unit test failure reported by https://ci-hadoop.apache.org/blue/organizations/jenkins/zookeeper-precommit-github-pr/detail/PR-1500/4/pipeline `[2020-10-16T21:54:25.858Z] [exec] /home/jenkins/jenkins-home/workspace/eper-precommit-github-pr_PR-1500/zookeeper-client/zookeeper-client-c/tests/TestSASLAuth.cc:120: Assertion: assertion failed [Expression: ctx.waitForConnected(zk)] [2020-10-16T21:54:25.858Z] [exec] Failures !!! [2020-10-16T21:54:25.858Z] [exec] Run: 89 Failure total: 1 Failures: 1 Errors: 0 [2020-10-16T21:54:25.858Z] [exec] FAIL: zktest-mt [2020-10-16T21:54:25.858Z] [exec] ========================================== [2020-10-16T21:54:25.858Z] [exec] 1 of 2 tests failed [2020-10-16T21:54:25.858Z] [exec] Please report to user@zookeeper.apache.org [2020-10-16T21:54:25.858Z] [exec] ========================================== [2020-10-16T21:54:25.858Z] [exec] Makefile:1850: recipe for target 'check-TESTS' failed [2020-10-16T21:54:25.858Z] [exec] make[1]: Leaving directory '/home/jenkins/jenkins-home/workspace/eper-precommit-github-pr_PR-1500/zookeeper-client/zookeeper-client-c/target/c' [2020-10-16T21:54:25.858Z] [exec] Makefile:2106: recipe for target 'check-am' failed [2020-10-16T21:54:25.858Z] [exec] make[1]: *** [check-TESTS] Error 1 [2020-10-16T21:54:25.858Z] [exec] make: *** [check-am] Error 2` @arshadmohammad do you mind check if that's a flaky test? Once we clear this I will merge this PR. I am also triggering another build to see if we can get a green build. |
Hi @arshadmohammad,
Fantastic; thanks! (Though I did not mean to imply you had to do the job!) @hanm wrote:
Not due to flakiness: the test used to work because the old --- a/zookeeper-client/zookeeper-client-c/tests/zkServer.sh
+++ b/zookeeper-client/zookeeper-client-c/tests/zkServer.sh
@@ -128,9 +128,9 @@ PROPERTIES="$EXTRA_JVM_ARGS -Dzookeeper.extendedTypesEnabled=true -Dznode.contai
if [ "x$1" == "xstartRequireSASLAuth" ]
then
PROPERTIES="-Dzookeeper.sessionRequireClientSASLAuth=true $PROPERTIES"
+ PROPERTIES="$PROPERTIES -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
if [ "x$2" != "x" ]
then
- PROPERTIES="$PROPERTIES -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
PROPERTIES="$PROPERTIES -Djava.security.auth.login.config=$2"
fi
if [ "x$3" != "x" ] |
|
got a green build now, merging. |
… authentication enforcement. Added enforce.auth.enabled and enforce.auth.scheme to enforce any authentication scheme. Author: Mohammad Arshad <arshad@apache.org> Reviewers: Michael Han <hanm@apache.org>, Damien Diederen <dd@crosstwine.com>, Enrico Olivelli <eolivelli@gmail.com>, Andor Molnár <andor@apache.org> Closes apache#1500 from arshadmohammad/ZOOKEEPER-3561-master
… authentication enforcement. Added enforce.auth.enabled and enforce.auth.scheme to enforce any authentication scheme. Author: Mohammad Arshad <arshad@apache.org> Reviewers: Michael Han <hanm@apache.org>, Damien Diederen <dd@crosstwine.com>, Enrico Olivelli <eolivelli@gmail.com>, Andor Molnár <andor@apache.org> Closes apache#1500 from arshadmohammad/ZOOKEEPER-3561-master
… authentication enforcement. Added enforce.auth.enabled and enforce.auth.scheme to enforce any authentication scheme. Author: Mohammad Arshad <arshad@apache.org> Reviewers: Michael Han <hanm@apache.org>, Damien Diederen <dd@crosstwine.com>, Enrico Olivelli <eolivelli@gmail.com>, Andor Molnár <andor@apache.org> Closes apache#1500 from arshadmohammad/ZOOKEEPER-3561-master
… authentication enforcement. Added enforce.auth.enabled and enforce.auth.scheme to enforce any authentication scheme. Author: Mohammad Arshad <arshad@apache.org> Reviewers: Michael Han <hanm@apache.org>, Damien Diederen <dd@crosstwine.com>, Enrico Olivelli <eolivelli@gmail.com>, Andor Molnár <andor@apache.org> Closes apache#1500 from arshadmohammad/ZOOKEEPER-3561-master
Added enforce.auth.enabled and enforce.auth.scheme to enforce any authentication scheme.