[jira] Updated: (ZOOKEEPER-757) zkpython acl/auth usage needs documentation + unit test
[ https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kapil Thangavelu updated ZOOKEEPER-757: --- Description: The zookeeper digest authentication and acl scheme needs a bit more documentation. Currently its documented in the programmer guide. """ digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest. """ however its actually the digest of the entire credential that needs to be used. I've attached a python unit test that sets and verifies an acl on a node. was: I'm trying to use zookeeper via zkpython to set an acl on a node, and then test that acl, by attempting to access the node with identity configured in the acl. I've configured a super user, connect to zookeeper as the superuser, and then create a node an acl with the all permission and a digest scheme for a user. I then attempt to connect to zookeeper with as the user specified in the acl, however i find that i end up not being able to touch the node to perfom actoins like getChlidren without getting an unauthenticated exceptoin, perhaps even more oddly i can't access the node with the super user (passed in via system property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces the node raises an exception zookeeper.NoAuthException: not authenticated i've attached a failing unit test patch against trunk. [update] patrick was able to point out that the issue was that the digest needed to be of both user and password, while i had been trying a password digest. I've updated the ticket to reflect the need for documenting this capability, and have attached a working unit test against trunk against for this functionality. Component/s: documentation reference the current documentation which needs updating as it currently states its a sha1 password digest. > zkpython acl/auth usage needs documentation + unit test > --- > > Key: ZOOKEEPER-757 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757 > Project: Zookeeper > Issue Type: Bug > Components: contrib-bindings, documentation >Affects Versions: 3.3.0, 3.4.0 > Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20 >Reporter: Kapil Thangavelu > Attachments: working-test-acl-verify.diff > > > The zookeeper digest authentication and acl scheme needs a bit more > documentation. Currently its documented in the programmer guide. > """ > digest uses a username:password string to generate MD5 hash which is then > used as an ACL ID identity. Authentication is done by sending the > username:password in clear text. When used in the ACL the expression will be > the username:base64 encoded SHA1 password digest. > """ > however its actually the digest of the entire credential that needs to be > used. > I've attached a python unit test that sets and verifies an acl on a node. > > -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-757) zkpython acl/auth usage needs documentation + unit test
[ https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kapil Thangavelu updated ZOOKEEPER-757: --- Attachment: (was: patch-test-acl-verify.diff) > zkpython acl/auth usage needs documentation + unit test > --- > > Key: ZOOKEEPER-757 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757 > Project: Zookeeper > Issue Type: Bug > Components: contrib-bindings >Affects Versions: 3.3.0, 3.4.0 > Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20 >Reporter: Kapil Thangavelu > Attachments: working-test-acl-verify.diff > > > I'm trying to use zookeeper via zkpython to set an acl on a node, and then > test that acl, by attempting to access the node with identity configured in > the acl. I've configured a super user, connect to zookeeper as the superuser, > and then create a node an acl with the all permission and a digest scheme for > a user. I then attempt to connect to zookeeper with as the user specified in > the acl, however i find that i end up not being able to touch the node to > perfom actoins like getChlidren without getting an unauthenticated exceptoin, > perhaps even more oddly i can't access the node with the super user (passed > in via system property on the cli via > Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces > the node raises an exception > zookeeper.NoAuthException: not authenticated > i've attached a failing unit test patch against trunk. > [update] > patrick was able to point out that the issue was that the digest needed to be > of both user and password, while i had been trying a password digest. > I've updated the ticket to reflect the need for documenting this capability, > and have attached a working unit test against trunk against for this > functionality. > > -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-757) zkpython acl/auth usage needs documentation + unit test
[ https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kapil Thangavelu updated ZOOKEEPER-757: --- Attachment: working-test-acl-verify.diff working minimal test of acl verification. > zkpython acl/auth usage needs documentation + unit test > --- > > Key: ZOOKEEPER-757 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757 > Project: Zookeeper > Issue Type: Bug > Components: contrib-bindings >Affects Versions: 3.3.0, 3.4.0 > Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20 >Reporter: Kapil Thangavelu > Attachments: patch-test-acl-verify.diff, working-test-acl-verify.diff > > > I'm trying to use zookeeper via zkpython to set an acl on a node, and then > test that acl, by attempting to access the node with identity configured in > the acl. I've configured a super user, connect to zookeeper as the superuser, > and then create a node an acl with the all permission and a digest scheme for > a user. I then attempt to connect to zookeeper with as the user specified in > the acl, however i find that i end up not being able to touch the node to > perfom actoins like getChlidren without getting an unauthenticated exceptoin, > perhaps even more oddly i can't access the node with the super user (passed > in via system property on the cli via > Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces > the node raises an exception > zookeeper.NoAuthException: not authenticated > i've attached a failing unit test patch against trunk. > [update] > patrick was able to point out that the issue was that the digest needed to be > of both user and password, while i had been trying a password digest. > I've updated the ticket to reflect the need for documenting this capability, > and have attached a working unit test against trunk against for this > functionality. > > -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-757) zkpython acl/auth usage needs documentation + unit test
[ https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kapil Thangavelu updated ZOOKEEPER-757: --- Summary: zkpython acl/auth usage needs documentation + unit test (was: zkpython acl/auth usage broken) Description: I'm trying to use zookeeper via zkpython to set an acl on a node, and then test that acl, by attempting to access the node with identity configured in the acl. I've configured a super user, connect to zookeeper as the superuser, and then create a node an acl with the all permission and a digest scheme for a user. I then attempt to connect to zookeeper with as the user specified in the acl, however i find that i end up not being able to touch the node to perfom actoins like getChlidren without getting an unauthenticated exceptoin, perhaps even more oddly i can't access the node with the super user (passed in via system property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces the node raises an exception zookeeper.NoAuthException: not authenticated i've attached a failing unit test patch against trunk. [update] patrick was able to point out that the issue was that the digest needed to be of both user and password, while i had been trying a password digest. I've updated the ticket to reflect the need for documenting this capability, and have attached a working unit test against trunk against for this functionality. was: I'm trying to use zookeeper via zkpython to set an acl on a node, and then test that acl, by attempting to access the node with identity configured in the acl. I've configured a super user, connect to zookeeper as the superuser, and then create a node an acl with the all permission and a digest scheme for a user. I then attempt to connect to zookeeper with as the user specified in the acl, however i find that i end up not being able to touch the node to perfom actoins like getChlidren without getting an unauthenticated exceptoin, perhaps even more oddly i can't access the node with the super user (passed in via system property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces the node raises an exception zookeeper.NoAuthException: not authenticated i've attached a demonstration script that exhibits the problem, and a failing unit test patch against trunk. update to reflect that this issue is now primarily about documentation, and an additional unit test. > zkpython acl/auth usage needs documentation + unit test > --- > > Key: ZOOKEEPER-757 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757 > Project: Zookeeper > Issue Type: Bug > Components: contrib-bindings >Affects Versions: 3.3.0, 3.4.0 > Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20 >Reporter: Kapil Thangavelu > Attachments: patch-test-acl-verify.diff > > > I'm trying to use zookeeper via zkpython to set an acl on a node, and then > test that acl, by attempting to access the node with identity configured in > the acl. I've configured a super user, connect to zookeeper as the superuser, > and then create a node an acl with the all permission and a digest scheme for > a user. I then attempt to connect to zookeeper with as the user specified in > the acl, however i find that i end up not being able to touch the node to > perfom actoins like getChlidren without getting an unauthenticated exceptoin, > perhaps even more oddly i can't access the node with the super user (passed > in via system property on the cli via > Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces > the node raises an exception > zookeeper.NoAuthException: not authenticated > i've attached a failing unit test patch against trunk. > [update] > patrick was able to point out that the issue was that the digest needed to be > of both user and password, while i had been trying a password digest. > I've updated the ticket to reflect the need for documenting this capability, > and have attached a working unit test against trunk against for this > functionality. > > -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
