发布于panxie

zookeeper数据密码保护验证

package main

import (
	"fmt"
	"time"

	"github.com/samuel/go-zookeeper/zk"
)

func getzkConnection() *zk.Conn {
	conn, _, err := zk.Connect([]string{"127.0.0.1:2283"}, 5*time.Second)
	if err != nil {
		panic(err)
	}
	return conn
}

func testZookeeperAuth() {
	path, user, pwd := "/auth_test", "panxie", "123456"
	conn := getzkConnection()
	acl := zk.DigestACL(zk.PermAll, user, pwd)
	// 创建节点,带auth
	p, err := conn.Create(path, []byte("hello,world"), 0, zk.WorldACL(zk.PermAll))
	if path != p || err != nil {
		panic(err.Error() + p)
	}
	p, err = conn.Create(path+"/hello", []byte("hello,world"), 0, acl)
	if path+"/hello" != p || err != nil {
		panic(err.Error() + p)
	}
	conn.SetACL(path, acl, -1)
	// 读取节点,不带auth
	_, _, err = conn.Get(path)
	if err == nil {
		panic("read content without auth but no error occured.")
	}
	// 读取节点,带auth
	err = conn.AddAuth("digest", []byte(fmt.Sprintf("%s:%s", user, pwd)))
	if err != nil {
		panic(err)
	}
	cont, _, err := conn.Get(path)
	if err != nil {
		panic(err)
	}
	fmt.Printf("content read:%s\n", string(cont))

	conn.Close()
	conn = getzkConnection()
	// 删除节点,不带auth
	err = conn.Delete(path+"/hello", -1)
	if err == nil {
		panic("delete node without auth but no error occured.")
	}
	// 删除节点,带auth
	err = conn.AddAuth("digest", []byte(fmt.Sprintf("%s:%s", user, pwd)))
	if err != nil {
		panic(err)
	}
	err = conn.Delete(path+"/hello", -1)
	if err != nil {
		panic(err)
	}
	// 读取节点的ACL
	conn.SetACL(path, zk.WorldACL(zk.PermAll), -1)
	acls, _, err := conn.GetACL(path)
	if err != nil {
		panic(err)
	}
	fmt.Printf("acl get=%v\n", acls)
	// 设置已有节点的ACL
	_, err = conn.SetACL(path, acl, -1)
	if err != nil {
		panic(err)
	}
	// 获取已有节点的ACL
	acls, _, err = conn.GetACL(path)
	if err != nil {
		panic(err)
	}
	fmt.Printf("acl get=%v\n", acls)
}

func main() {
	testZookeeperAuth()
}

输出如下:

[root@VM_15_146_centos ~/shuidi/src/srv_module/sdi/tools/lex]# go run main.go 
2020/11/03 14:53:42 Connected to 127.0.0.1:2283
2020/11/03 14:53:42 authenticated: id=218273669347934225, timeout=4000000
2020/11/03 14:53:42 re-submitting `0` credentials after reconnect
content read:hello,world
2020/11/03 14:53:42 recv loop terminated: err=EOF
2020/11/03 14:53:42 send loop terminated: err=<nil>
2020/11/03 14:53:42 Connected to 127.0.0.1:2283
2020/11/03 14:53:42 authenticated: id=218273669347934226, timeout=4000000
2020/11/03 14:53:42 re-submitting `0` credentials after reconnect
acl get=[{31 world anyone}]
acl get=[{31 digest panxie:ls2Y30BnQBe3KJYoYp1ylpd7oTo=}]

符合预期,基于digest的身份认证生效。