kazoo icon indicating copy to clipboard operation
kazoo copied to clipboard
verified publisher icon python-zk

client.start() in Zookeeper 3.9.3 might result in NoAuthException

Open yang-wei opened this issue 1 year ago • 0 comments

Expected Behavior

start without issue

Actual Behavior

start throws NoAuthException when the client does not have permission to access "/"

Snippet to Reproduce the Problem

Start a client with client.start() with Zookeeper 3.9.3 without granting the client access to "/".

Logs with logging in DEBUG mode

COPY/PASTE the result of the snippet here (omit any sensitive information)

Specifications

  • Zookeeper version: 3.9.3 (probably 3.10.0, 3.7.3, 3.8.4 as well)
  • Zookeeper configuration: No access is granted to client on path "/"

Background

With https://issues.apache.org/jira/browse/ZOOKEEPER-2590, exists() now will check read ACL permission. In https://github.com/python-zk/kazoo/blob/c5ab98819b3a797e12a0315e97e51851525da70f/kazoo/client.py#L657C4-L680C1

 def start(self, timeout=15):
        """Initiate connection to ZK.
....
        if self.chroot and not self.exists("/"):
            warnings.warn(
                "No chroot path exists, the chroot path "
                "should be created before normal use."
            )

the start function is checking the existence of "/". This could result in NoAuthException if client does not have access to "/". My current workaround is switching to start_async() which does not check the existence of "/"

yang-wei avatar Jan 12 '25 08:01 yang-wei