[
https://issues.apache.org/jira/browse/ZOOKEEPER-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kapil Thangavelu updated ZOOKEEPER-757:
---------------------------------------
Summary: zkpython acl/auth usage needs documentation + unit test (was:
zkpython acl/auth usage broken)
Description:
I'm trying to use zookeeper via zkpython to set an acl on a node, and then test
that acl, by attempting to access the node with identity configured in the acl.
I've configured a super user, connect to zookeeper as the superuser, and then
create a node an acl with the all permission and a digest scheme for a user. I
then attempt to connect to zookeeper with as the user specified in the acl,
however i find that i end up not being able to touch the node to perfom actoins
like getChlidren without getting an unauthenticated exceptoin, perhaps even
more oddly i can't access the node with the super user (passed in via system
property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest).
Any attempt to acces the node raises an exception
zookeeper.NoAuthException: not authenticated
i've attached a failing unit test patch against trunk.
[update]
patrick was able to point out that the issue was that the digest needed to be
of both user and password, while i had been trying a password digest.
I've updated the ticket to reflect the need for documenting this capability,
and have attached a working unit test against trunk against for this
functionality.
was:
I'm trying to use zookeeper via zkpython to set an acl on a node, and then test
that acl, by attempting to access the node with identity configured in the acl.
I've configured a super user, connect to zookeeper as the superuser, and then
create a node an acl with the all permission and a digest scheme for a user. I
then attempt to connect to zookeeper with as the user specified in the acl,
however i find that i end up not being able to touch the node to perfom actoins
like getChlidren without getting an unauthenticated exceptoin, perhaps even
more oddly i can't access the node with the super user (passed in via system
property on the cli via Dzookeeper.DigestAuthenticationProvider.superDigest).
Any attempt to acces the node raises an exception
zookeeper.NoAuthException: not authenticated
i've attached a demonstration script that exhibits the problem, and a failing
unit test patch against trunk.
update to reflect that this issue is now primarily about documentation, and an
additional unit test.
> zkpython acl/auth usage needs documentation + unit test
> -------------------------------------------------------
>
> Key: ZOOKEEPER-757
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-757
> Project: Zookeeper
> Issue Type: Bug
> Components: contrib-bindings
> Affects Versions: 3.3.0, 3.4.0
> Environment: ubuntu karmic / lucid ... sun jdk 1.6.0_20
> Reporter: Kapil Thangavelu
> Attachments: patch-test-acl-verify.diff
>
>
> I'm trying to use zookeeper via zkpython to set an acl on a node, and then
> test that acl, by attempting to access the node with identity configured in
> the acl. I've configured a super user, connect to zookeeper as the superuser,
> and then create a node an acl with the all permission and a digest scheme for
> a user. I then attempt to connect to zookeeper with as the user specified in
> the acl, however i find that i end up not being able to touch the node to
> perfom actoins like getChlidren without getting an unauthenticated exceptoin,
> perhaps even more oddly i can't access the node with the super user (passed
> in via system property on the cli via
> Dzookeeper.DigestAuthenticationProvider.superDigest). Any attempt to acces
> the node raises an exception
> zookeeper.NoAuthException: not authenticated
> i've attached a failing unit test patch against trunk.
> [update]
> patrick was able to point out that the issue was that the digest needed to be
> of both user and password, while i had been trying a password digest.
> I've updated the ticket to reflect the need for documenting this capability,
> and have attached a working unit test against trunk against for this
> functionality.
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
