Java Code Examples for org.apache.hadoop.hbase.security.User#createUserForTesting()
The following examples show how to use
org.apache.hadoop.hbase.security.User#createUserForTesting() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestAccessController2.java From hbase with Apache License 2.0 | 6 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { conf = TEST_UTIL.getConfiguration(); // Up the handlers; this test needs more than usual. conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10); // Enable security enableSecurity(conf); // Verify enableSecurity sets up what we require verifyConfiguration(conf); TEST_UTIL.startMiniCluster(); // Wait for the ACL table to become available TEST_UTIL.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME); TESTGROUP_1_NAME = toGroupEntry(TESTGROUP_1); TESTGROUP1_USER1 = User.createUserForTesting(conf, "testgroup1_user1", new String[] { TESTGROUP_1 }); TESTGROUP2_USER1 = User.createUserForTesting(conf, "testgroup2_user2", new String[] { TESTGROUP_2 }); systemUserConnection = ConnectionFactory.createConnection(conf); }
Example 2
Source File: TestTokenAuthentication.java From hbase with Apache License 2.0 | 6 votes |
@Test public void testUseExistingToken() throws Exception { User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "testuser2", new String[]{"testgroup"}); Token<AuthenticationTokenIdentifier> token = secretManager.generateToken(user.getName()); assertNotNull(token); user.addToken(token); // make sure we got a token Token<AuthenticationTokenIdentifier> firstToken = new AuthenticationTokenSelector().selectToken(token.getService(), user.getTokens()); assertNotNull(firstToken); assertEquals(token, firstToken); Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); try { assertFalse(TokenUtil.addTokenIfMissing(conn, user)); // make sure we still have the same token Token<AuthenticationTokenIdentifier> secondToken = new AuthenticationTokenSelector().selectToken(token.getService(), user.getTokens()); assertEquals(firstToken, secondToken); } finally { conn.close(); } }
Example 3
Source File: TestVisibilityWithCheckAuths.java From hbase with Apache License 2.0 | 6 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); VisibilityTestUtil.enableVisiblityLabels(conf); conf.setBoolean(VisibilityConstants.CHECK_AUTHS_FOR_MUTATION, true); conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class, ScanLabelGenerator.class); conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); USER = User.createUserForTesting(conf, "user", new String[]{}); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); addLabels(); }
Example 4
Source File: TestVisibilityLabelsOpWithDifferentUsersNoACL.java From hbase with Apache License 2.0 | 6 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); VisibilityTestUtil.enableVisiblityLabels(conf); String currentUser = User.getCurrent().getName(); conf.set("hbase.superuser", "admin,"+currentUser); TEST_UTIL.startMiniCluster(2); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER1 = User.createUserForTesting(conf, "user2", new String[] {}); addLabels(); }
Example 5
Source File: TestThriftHBaseServiceHandlerWithLabels.java From hbase with Apache License 2.0 | 6 votes |
@BeforeClass public static void beforeClass() throws Exception { SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); conf = UTIL.getConfiguration(); conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class, ScanLabelGenerator.class); conf.set("hbase.superuser", SUPERUSER.getShortName()); VisibilityTestUtil.enableVisiblityLabels(conf); UTIL.startMiniCluster(1); // Wait for the labels table to become available UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); createLabels(); Admin admin = UTIL.getAdmin(); TableDescriptorBuilder.ModifyableTableDescriptor tableDescriptor = new TableDescriptorBuilder.ModifyableTableDescriptor(TableName.valueOf(tableAname)); for (ColumnFamilyDescriptorBuilder.ModifyableColumnFamilyDescriptor family : families) { tableDescriptor.setColumnFamily(family); } admin.createTable(tableDescriptor); admin.close(); setAuths(); }
Example 6
Source File: HBaseTestingUtility.java From hbase with Apache License 2.0 | 6 votes |
/** * This method clones the passed <code>c</code> configuration setting a new * user into the clone. Use it getting new instances of FileSystem. Only * works for DistributedFileSystem w/o Kerberos. * @param c Initial configuration * @param differentiatingSuffix Suffix to differentiate this user from others. * @return A new configuration instance with a different user set into it. * @throws IOException */ public static User getDifferentUser(final Configuration c, final String differentiatingSuffix) throws IOException { FileSystem currentfs = FileSystem.get(c); if (!(currentfs instanceof DistributedFileSystem) || User.isHBaseSecurityEnabled(c)) { return User.getCurrent(); } // Else distributed filesystem. Make a new instance per daemon. Below // code is taken from the AppendTestUtil over in hdfs. String username = User.getCurrent().getName() + differentiatingSuffix; User user = User.createUserForTesting(c, username, new String[]{"supergroup"}); return user; }
Example 7
Source File: TestDefaultScanLabelGeneratorStack.java From hbase with Apache License 2.0 | 5 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); VisibilityTestUtil.enableVisiblityLabels(conf); // Not setting any SLG class. This means to use the default behavior. conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(1); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); TESTUSER = User.createUserForTesting(conf, "test", new String[] { }); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); // Set up for the test SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } return null; } }); }
Example 8
Source File: TestSnapshotScannerHDFSAclController.java From hbase with Apache License 2.0 | 5 votes |
@Test public void testGrantGlobal3() throws Exception { final String grantUserName = name.getMethodName(); User grantUser = User.createUserForTesting(conf, grantUserName, new String[] {}); String namespace = name.getMethodName(); TableName table1 = TableName.valueOf(namespace, name.getMethodName() + ".1"); TableName table2 = TableName.valueOf(namespace, name.getMethodName() + ".2"); String snapshot1 = namespace + "s1"; String snapshot2 = namespace + "s2"; // grant G(R) SecureTestUtil.grantGlobal(TEST_UTIL, grantUserName, READ); // grant table1(R) TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table1); snapshotAndWait(snapshot1, table1); TestHDFSAclHelper.grantOnTable(TEST_UTIL, grantUserName, table1, READ); // grant G(W) SecureTestUtil.grantGlobal(TEST_UTIL, grantUserName, WRITE); TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table2); snapshotAndWait(snapshot2, table2); // check scan snapshot TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot1, 6); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot2, -1); assertFalse(hasUserGlobalHdfsAcl(aclTable, grantUserName)); assertFalse(hasUserNamespaceHdfsAcl(aclTable, grantUserName, namespace)); assertTrue(hasUserTableHdfsAcl(aclTable, grantUserName, table1)); assertFalse(hasUserTableHdfsAcl(aclTable, grantUserName, table2)); checkUserAclEntry(FS, helper.getGlobalRootPaths(), grantUserName, false, false); checkUserAclEntry(FS, helper.getTableRootPaths(table2, false), grantUserName, false, false); checkUserAclEntry(FS, helper.getTableRootPaths(table1, false), grantUserName, true, true); deleteTable(table1); deleteTable(table2); }
Example 9
Source File: TestSnapshotScannerHDFSAclController.java From hbase with Apache License 2.0 | 5 votes |
@Test public void testGrantGlobal2() throws Exception { final String grantUserName = name.getMethodName(); User grantUser = User.createUserForTesting(conf, grantUserName, new String[] {}); String namespace1 = name.getMethodName(); TableName table1 = TableName.valueOf(namespace1, name.getMethodName() + ".1"); String namespace2 = namespace1 + "2"; TableName table2 = TableName.valueOf(namespace2, name.getMethodName() + ".2"); String snapshot1 = namespace1 + "s1"; String snapshot2 = namespace2 + "s2"; // grant G(R), grant namespace1(R) SecureTestUtil.grantGlobal(TEST_UTIL, grantUserName, READ); // create table in namespace1 and snapshot TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table1); snapshotAndWait(snapshot1, table1); admin.grant(new UserPermission(grantUserName, Permission.newBuilder(namespace1).withActions(READ).build()), false); // grant G(W) SecureTestUtil.grantGlobal(TEST_UTIL, grantUserName, WRITE); // create table in namespace2 and snapshot TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table2); snapshotAndWait(snapshot2, table2); // check scan snapshot TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot1, 6); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot2, -1); assertFalse(hasUserGlobalHdfsAcl(aclTable, grantUserName)); assertTrue(hasUserNamespaceHdfsAcl(aclTable, grantUserName, namespace1)); assertFalse(hasUserNamespaceHdfsAcl(aclTable, grantUserName, namespace2)); checkUserAclEntry(FS, helper.getGlobalRootPaths(), grantUserName, false, false); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace1), grantUserName, true, true); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace2), grantUserName, false, false); deleteTable(table1); deleteTable(table2); }
Example 10
Source File: TestSnapshotScannerHDFSAclController.java From hbase with Apache License 2.0 | 5 votes |
@Test public void testRevokeNamespace1() throws Exception { String grantUserName = name.getMethodName(); User grantUser = User.createUserForTesting(conf, grantUserName, new String[] {}); String namespace = name.getMethodName(); TableName table1 = TableName.valueOf(namespace, name.getMethodName()); String snapshot1 = namespace + "s1"; TestHDFSAclHelper.createTableAndPut(TEST_UTIL, table1); snapshotAndWait(snapshot1, table1); // revoke N(R) SecureTestUtil.grantOnNamespace(TEST_UTIL, grantUserName, namespace, READ); admin.revoke(new UserPermission(grantUserName, Permission.newBuilder(namespace).build())); // check scan snapshot TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot1, -1); assertFalse(hasUserNamespaceHdfsAcl(aclTable, grantUserName, namespace)); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace), grantUserName, false, false); // grant N(R), grant G(R) -> revoke N(R) SecureTestUtil.grantOnNamespace(TEST_UTIL, grantUserName, namespace, READ); SecureTestUtil.grantGlobal(TEST_UTIL, grantUserName, READ); admin.revoke(new UserPermission(grantUserName, Permission.newBuilder(namespace).build())); // check scan snapshot TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot1, 6); assertFalse(hasUserNamespaceHdfsAcl(aclTable, grantUserName, namespace)); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace), grantUserName, true, true); deleteTable(table1); }
Example 11
Source File: TestSnapshotScannerHDFSAclController.java From hbase with Apache License 2.0 | 5 votes |
@Test public void testTruncateTable() throws Exception { String grantUserName = name.getMethodName(); User grantUser = User.createUserForTesting(conf, grantUserName, new String[] {}); String grantUserName2 = grantUserName + "2"; User grantUser2 = User.createUserForTesting(conf, grantUserName2, new String[] {}); String namespace = name.getMethodName(); TableName tableName = TableName.valueOf(namespace, name.getMethodName()); String snapshot = namespace + "s1"; String snapshot2 = namespace + "s2"; try (Table t = TestHDFSAclHelper.createTable(TEST_UTIL, tableName)) { TestHDFSAclHelper.put(t); // snapshot snapshotAndWait(snapshot, tableName); // grant user2 namespace permission SecureTestUtil.grantOnNamespace(TEST_UTIL, grantUserName2, namespace, READ); // grant user table permission TestHDFSAclHelper.grantOnTable(TEST_UTIL, grantUserName, tableName, READ); // truncate table admin.disableTable(tableName); admin.truncateTable(tableName, true); TestHDFSAclHelper.put2(t); // snapshot snapshotAndWait(snapshot2, tableName); // check scan snapshot TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot, 6); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser2, snapshot, 6); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot2, 9); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser2, snapshot2, 9); assertTrue(hasUserNamespaceHdfsAcl(aclTable, grantUserName2, namespace)); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace), grantUserName2, true, true); assertTrue(hasUserTableHdfsAcl(aclTable, grantUserName, tableName)); checkUserAclEntry(FS, helper.getTableRootPaths(tableName, false), grantUserName, true, true); checkUserAclEntry(FS, helper.getNamespaceRootPaths(namespace), grantUserName, true, false); } deleteTable(tableName); }
Example 12
Source File: TestCellACLs.java From hbase with Apache License 2.0 | 5 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10); // Enable security enableSecurity(conf); // Verify enableSecurity sets up what we require verifyConfiguration(conf); // We expect 0.98 cell ACL semantics conf.setBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, false); TEST_UTIL.startMiniCluster(); MasterCoprocessorHost cpHost = TEST_UTIL.getMiniHBaseCluster().getMaster() .getMasterCoprocessorHost(); cpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf); AccessController ac = cpHost.findCoprocessor(AccessController.class); cpHost.createEnvironment(ac, Coprocessor.PRIORITY_HIGHEST, 1, conf); RegionServerCoprocessorHost rsHost = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0) .getRegionServerCoprocessorHost(); rsHost.createEnvironment(ac, Coprocessor.PRIORITY_HIGHEST, 1, conf); // Wait for the ACL table to become available TEST_UTIL.waitTableEnabled(PermissionStorage.ACL_TABLE_NAME); // create a set of test users USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]); USER_OTHER = User.createUserForTesting(conf, "other", new String[0]); GROUP_USER = User.createUserForTesting(conf, "group_user", new String[] { GROUP }); usersAndGroups = new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }; }
Example 13
Source File: VisibilityLabelsWithDeletesTestBase.java From hbase with Apache License 2.0 | 5 votes |
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); VisibilityTestUtil.enableVisiblityLabels(conf); conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class, ScanLabelGenerator.class); conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); addLabels(); }
Example 14
Source File: TestWALSplit.java From hbase with Apache License 2.0 | 5 votes |
public ZombieLastLogWriterRegionServer(AtomicLong counter, AtomicBoolean stop, final String region, final int writers) throws IOException, InterruptedException { super("ZombieLastLogWriterRegionServer"); setDaemon(true); this.stop = stop; this.editsCount = counter; this.region = region; this.user = User.createUserForTesting(conf, ZOMBIE, GROUP); numOfWriters = writers; }
Example 15
Source File: TestAccessController2.java From hbase with Apache License 2.0 | 5 votes |
@Test public void testCreateWithCorrectOwner() throws Exception { // Create a test user final User testUser = User.createUserForTesting(TEST_UTIL.getConfiguration(), "TestUser", new String[0]); // Grant the test user the ability to create tables SecureTestUtil.grantGlobal(TEST_UTIL, testUser.getShortName(), Action.CREATE); verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { TableDescriptorBuilder.ModifyableTableDescriptor tableDescriptor = new TableDescriptorBuilder.ModifyableTableDescriptor(testTable.getTableName()); tableDescriptor.setColumnFamily( new ColumnFamilyDescriptorBuilder.ModifyableColumnFamilyDescriptor(TEST_FAMILY)); try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration(), testUser)) { try (Admin admin = connection.getAdmin()) { createTable(TEST_UTIL, admin, tableDescriptor); } } return null; } }, testUser); TEST_UTIL.waitTableAvailable(testTable.getTableName()); // Verify that owner permissions have been granted to the test user on the // table just created List<UserPermission> perms = PermissionStorage .getTablePermissions(conf, testTable.getTableName()).get(testUser.getShortName()); assertNotNull(perms); assertFalse(perms.isEmpty()); // Should be RWXCA assertTrue(perms.get(0).getPermission().implies(Permission.Action.READ)); assertTrue(perms.get(0).getPermission().implies(Permission.Action.WRITE)); assertTrue(perms.get(0).getPermission().implies(Permission.Action.EXEC)); assertTrue(perms.get(0).getPermission().implies(Permission.Action.CREATE)); assertTrue(perms.get(0).getPermission().implies(Permission.Action.ADMIN)); }
Example 16
Source File: TestSnapshotScannerHDFSAclController2.java From hbase with Apache License 2.0 | 4 votes |
@Test public void testRestoreSnapshot() throws Exception { final String grantUserName = name.getMethodName(); User grantUser = User.createUserForTesting(conf, grantUserName, new String[] {}); String namespace = name.getMethodName(); TableName table = TableName.valueOf(namespace, name.getMethodName()); String snapshot = namespace + "s1"; String snapshot2 = namespace + "s2"; String snapshot3 = namespace + "s3"; LOG.info("Create {}", table); try (Table t = TestHDFSAclHelper.createTable(TEST_UTIL, table)) { TestHDFSAclHelper.put(t); // grant t1, snapshot LOG.info("Grant {}", table); TestHDFSAclHelper.grantOnTable(TEST_UTIL, grantUserName, table, READ); admin.snapshot(snapshot, table); // delete admin.disableTable(table); admin.deleteTable(table); LOG.info("Before scan of shapshot! {}", table); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot, -1); // restore snapshot and restore acl admin.restoreSnapshot(snapshot, true, true); TestHDFSAclHelper.put2(t); // snapshot admin.snapshot(snapshot2, table); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot, 6); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot2, 10); assertTrue(hasUserTableHdfsAcl(aclTable, grantUserName, table)); TestSnapshotScannerHDFSAclController. checkUserAclEntry(FS, helper.getTableRootPaths(table, false), grantUserName, true, true); // delete admin.disableTable(table); admin.deleteTable(table); // restore snapshot and skip restore acl admin.restoreSnapshot(snapshot); admin.snapshot(snapshot3, table); LOG.info("CHECK"); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot, -1); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot2, -1); TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, grantUser, snapshot3, -1); assertFalse(hasUserTableHdfsAcl(aclTable, grantUserName, table)); TestSnapshotScannerHDFSAclController. checkUserAclEntry(FS, helper.getPathHelper().getDataTableDir(table), grantUserName, false, false); TestSnapshotScannerHDFSAclController. checkUserAclEntry(FS, helper.getPathHelper().getArchiveTableDir(table), grantUserName, true, false); } }
Example 17
Source File: TestZKPermissionWatcher.java From hbase with Apache License 2.0 | 4 votes |
@Test public void testPermissionsWatcher() throws Exception { Configuration conf = UTIL.getConfiguration(); User george = User.createUserForTesting(conf, "george", new String[] { }); User hubert = User.createUserForTesting(conf, "hubert", new String[] { }); assertFalse(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertFalse(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); assertFalse(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertFalse(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); // update ACL: george RW List<UserPermission> acl = new ArrayList<>(1); acl.add(new UserPermission(george.getShortName(), Permission.newBuilder(TEST_TABLE) .withActions(Permission.Action.READ, Permission.Action.WRITE).build())); ListMultimap<String, UserPermission> multimap = ArrayListMultimap.create(); multimap.putAll(george.getShortName(), acl); byte[] serialized = PermissionStorage.writePermissionsAsBytes(multimap, conf); WATCHER_A.writeToZookeeper(TEST_TABLE.getName(), serialized); final long mtimeB = AUTH_B.getMTime(); // Wait for the update to propagate UTIL.waitFor(10000, 100, new Predicate<Exception>() { @Override public boolean evaluate() throws Exception { return AUTH_B.getMTime() > mtimeB; } }); Thread.sleep(1000); // check it assertTrue(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertTrue(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertTrue(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertTrue(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertFalse(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); assertFalse(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); // update ACL: hubert R List<UserPermission> acl2 = new ArrayList<>(1); acl2.add(new UserPermission(hubert.getShortName(), Permission.newBuilder(TEST_TABLE).withActions(TablePermission.Action.READ).build())); final long mtimeA = AUTH_A.getMTime(); multimap.putAll(hubert.getShortName(), acl2); byte[] serialized2 = PermissionStorage.writePermissionsAsBytes(multimap, conf); WATCHER_B.writeToZookeeper(TEST_TABLE.getName(), serialized2); // Wait for the update to propagate UTIL.waitFor(10000, 100, new Predicate<Exception>() { @Override public boolean evaluate() throws Exception { return AUTH_A.getMTime() > mtimeA; } }); Thread.sleep(1000); // check it assertTrue(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertTrue(AUTH_A.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertTrue(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.READ)); assertTrue(AUTH_B.authorizeUserTable(george, TEST_TABLE, Permission.Action.WRITE)); assertTrue(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_A.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); assertTrue(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.READ)); assertFalse(AUTH_B.authorizeUserTable(hubert, TEST_TABLE, Permission.Action.WRITE)); }
Example 18
Source File: TestVisibilityLabelReplicationWithExpAsString.java From hbase with Apache License 2.0 | 4 votes |
@Override @Before public void setup() throws Exception { expected[0] = 4; expected[1] = 6; expected[2] = 4; expected[3] = 0; expected[3] = 3; expectedVisString[0] = "(\"public\"&\"secret\"&\"topsecret\")|(\"confidential\"&\"topsecret\")"; expectedVisString[1] = "(\"private\"&\"public\")|(\"private\"&\"topsecret\")|" + "(\"confidential\"&\"public\")|(\"confidential\"&\"topsecret\")"; expectedVisString[2] = "(!\"topsecret\"&\"secret\")|(!\"topsecret\"&\"confidential\")"; expectedVisString[3] = "(\"secret\"&\"" + COPYRIGHT + "\\\"" + ACCENT + "\\\\" + SECRET + "\\\"" + "\u0027&\\\\" + "\")"; // setup configuration conf = HBaseConfiguration.create(); conf.setInt("hfile.format.version", 3); conf.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/1"); conf.setInt("replication.source.size.capacity", 10240); conf.setLong("replication.source.sleepforretries", 100); conf.setInt("hbase.regionserver.maxlogs", 10); conf.setLong("hbase.master.logcleaner.ttl", 10); conf.setInt("zookeeper.recovery.retry", 1); conf.setInt("zookeeper.recovery.retry.intervalmill", 10); conf.setLong(HConstants.THREAD_WAKE_FREQUENCY, 100); conf.setInt("replication.stats.thread.period.seconds", 5); conf.setBoolean("hbase.tests.use.shortcircuit.reads", false); setVisibilityLabelServiceImpl(conf, ExpAsStringVisibilityLabelServiceImpl.class); conf.setStrings(HConstants.REPLICATION_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getName()); VisibilityTestUtil.enableVisiblityLabels(conf); conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY, VisibilityReplication.class.getName()); conf.setStrings(CoprocessorHost.USER_REGION_COPROCESSOR_CONF_KEY, SimpleCP.class.getName()); // Have to reset conf1 in case zk cluster location different // than default conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class, ScanLabelGenerator.class); conf.set("hbase.superuser", "admin"); conf.set("hbase.superuser", User.getCurrent().getShortName()); SUPERUSER = User.createUserForTesting(conf, User.getCurrent().getShortName(), new String[] { "supergroup" }); User.createUserForTesting(conf, User.getCurrent().getShortName(), new String[] { "supergroup" }); USER1 = User.createUserForTesting(conf, "user1", new String[] {}); TEST_UTIL = new HBaseTestingUtility(conf); TEST_UTIL.startMiniZKCluster(); MiniZooKeeperCluster miniZK = TEST_UTIL.getZkCluster(); zkw1 = new ZKWatcher(conf, "cluster1", null, true); // Base conf2 on conf1 so it gets the right zk cluster. conf1 = HBaseConfiguration.create(conf); conf1.setInt("hfile.format.version", 3); conf1.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/2"); conf1.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); conf1.setBoolean("hbase.tests.use.shortcircuit.reads", false); conf1.setStrings(HConstants.REPLICATION_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getName()); conf1.setStrings(CoprocessorHost.USER_REGION_COPROCESSOR_CONF_KEY, TestCoprocessorForTagsAtSink.class.getName()); setVisibilityLabelServiceImpl(conf1, ExpAsStringVisibilityLabelServiceImpl.class); TEST_UTIL1 = new HBaseTestingUtility(conf1); TEST_UTIL1.setZkCluster(miniZK); zkw2 = new ZKWatcher(conf1, "cluster2", null, true); TEST_UTIL.startMiniCluster(1); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); TEST_UTIL1.startMiniCluster(1); admin = TEST_UTIL.getAdmin(); ReplicationPeerConfig rpc = new ReplicationPeerConfig(); rpc.setClusterKey(TEST_UTIL1.getClusterKey()); admin.addReplicationPeer("2", rpc); TableDescriptorBuilder.ModifyableTableDescriptor tableDescriptor = new TableDescriptorBuilder.ModifyableTableDescriptor(TABLE_NAME); ColumnFamilyDescriptorBuilder.ModifyableColumnFamilyDescriptor familyDescriptor = new ColumnFamilyDescriptorBuilder.ModifyableColumnFamilyDescriptor(fam); familyDescriptor.setScope(HConstants.REPLICATION_SCOPE_GLOBAL); tableDescriptor.setColumnFamily(familyDescriptor); try (Admin hBaseAdmin = TEST_UTIL.getAdmin()) { hBaseAdmin.createTable(tableDescriptor); } try (Admin hBaseAdmin1 = TEST_UTIL1.getAdmin()){ hBaseAdmin1.createTable(tableDescriptor); } addLabels(); setAuths(conf); setAuths(conf1); }
Example 19
Source File: TestHStore.java From hbase with Apache License 2.0 | 4 votes |
@Test public void testHandleErrorsInFlush() throws Exception { LOG.info("Setting up a faulty file system that cannot write"); final Configuration conf = HBaseConfiguration.create(TEST_UTIL.getConfiguration()); User user = User.createUserForTesting(conf, "testhandleerrorsinflush", new String[]{"foo"}); // Inject our faulty LocalFileSystem conf.setClass("fs.file.impl", FaultyFileSystem.class, FileSystem.class); user.runAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { // Make sure it worked (above is sensitive to caching details in hadoop core) FileSystem fs = FileSystem.get(conf); assertEquals(FaultyFileSystem.class, fs.getClass()); // Initialize region init(name.getMethodName(), conf); LOG.info("Adding some data"); store.add(new KeyValue(row, family, qf1, 1, (byte[])null), null); store.add(new KeyValue(row, family, qf2, 1, (byte[])null), null); store.add(new KeyValue(row, family, qf3, 1, (byte[])null), null); LOG.info("Before flush, we should have no files"); Collection<StoreFileInfo> files = store.getRegionFileSystem().getStoreFiles(store.getColumnFamilyName()); assertEquals(0, files != null ? files.size() : 0); //flush try { LOG.info("Flushing"); flush(1); fail("Didn't bubble up IOE!"); } catch (IOException ioe) { assertTrue(ioe.getMessage().contains("Fault injected")); } LOG.info("After failed flush, we should still have no files!"); files = store.getRegionFileSystem().getStoreFiles(store.getColumnFamilyName()); assertEquals(0, files != null ? files.size() : 0); store.getHRegion().getWAL().close(); return null; } }); FileSystem.closeAllForUGI(user.getUGI()); }
Example 20
Source File: TestNamespaceCommands.java From hbase with Apache License 2.0 | 4 votes |
@BeforeClass public static void beforeClass() throws Exception { conf = UTIL.getConfiguration(); enableSecurity(conf); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); // Users with global permissions USER_GLOBAL_ADMIN = User.createUserForTesting(conf, "global_admin", new String[0]); USER_GLOBAL_CREATE = User.createUserForTesting(conf, "global_create", new String[0]); USER_GLOBAL_WRITE = User.createUserForTesting(conf, "global_write", new String[0]); USER_GLOBAL_READ = User.createUserForTesting(conf, "global_read", new String[0]); USER_GLOBAL_EXEC = User.createUserForTesting(conf, "global_exec", new String[0]); USER_NS_ADMIN = User.createUserForTesting(conf, "namespace_admin", new String[0]); USER_NS_CREATE = User.createUserForTesting(conf, "namespace_create", new String[0]); USER_NS_WRITE = User.createUserForTesting(conf, "namespace_write", new String[0]); USER_NS_READ = User.createUserForTesting(conf, "namespace_read", new String[0]); USER_NS_EXEC = User.createUserForTesting(conf, "namespace_exec", new String[0]); USER_TABLE_CREATE = User.createUserForTesting(conf, "table_create", new String[0]); USER_TABLE_WRITE = User.createUserForTesting(conf, "table_write", new String[0]); USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[] { GROUP_ADMIN }); USER_GROUP_NS_ADMIN = User.createUserForTesting(conf, "user_group_ns_admin", new String[] { GROUP_NS_ADMIN }); USER_GROUP_CREATE = User.createUserForTesting(conf, "user_group_create", new String[] { GROUP_CREATE }); USER_GROUP_READ = User.createUserForTesting(conf, "user_group_read", new String[] { GROUP_READ }); USER_GROUP_WRITE = User.createUserForTesting(conf, "user_group_write", new String[] { GROUP_WRITE }); // TODO: other table perms UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 2); UTIL.startMiniCluster(); // Wait for the ACL table to become available UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME.getName(), 30 * 1000); // Find the Access Controller CP. Could be on master or if master is not serving regions, is // on an arbitrary server. for (JVMClusterUtil.RegionServerThread rst: UTIL.getMiniHBaseCluster().getLiveRegionServerThreads()) { ACCESS_CONTROLLER = rst.getRegionServer().getRegionServerCoprocessorHost(). findCoprocessor(AccessController.class); if (ACCESS_CONTROLLER != null) { break; } } if (ACCESS_CONTROLLER == null) { throw new NullPointerException(); } UTIL.getAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE).build()); UTIL.getAdmin().createNamespace(NamespaceDescriptor.create(TEST_NAMESPACE2).build()); // grants on global grantGlobal(UTIL, USER_GLOBAL_ADMIN.getShortName(), Permission.Action.ADMIN); grantGlobal(UTIL, USER_GLOBAL_CREATE.getShortName(), Permission.Action.CREATE); grantGlobal(UTIL, USER_GLOBAL_WRITE.getShortName(), Permission.Action.WRITE); grantGlobal(UTIL, USER_GLOBAL_READ.getShortName(), Permission.Action.READ); grantGlobal(UTIL, USER_GLOBAL_EXEC.getShortName(), Permission.Action.EXEC); // grants on namespace grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE, Permission.Action.ADMIN); grantOnNamespace(UTIL, USER_NS_CREATE.getShortName(), TEST_NAMESPACE, Permission.Action.CREATE); grantOnNamespace(UTIL, USER_NS_WRITE.getShortName(), TEST_NAMESPACE, Permission.Action.WRITE); grantOnNamespace(UTIL, USER_NS_READ.getShortName(), TEST_NAMESPACE, Permission.Action.READ); grantOnNamespace(UTIL, USER_NS_EXEC.getShortName(), TEST_NAMESPACE, Permission.Action.EXEC); grantOnNamespace(UTIL, toGroupEntry(GROUP_NS_ADMIN), TEST_NAMESPACE, Permission.Action.ADMIN); grantOnNamespace(UTIL, USER_NS_ADMIN.getShortName(), TEST_NAMESPACE2, Permission.Action.ADMIN); grantGlobal(UTIL, toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN); grantGlobal(UTIL, toGroupEntry(GROUP_CREATE), Permission.Action.CREATE); grantGlobal(UTIL, toGroupEntry(GROUP_READ), Permission.Action.READ); grantGlobal(UTIL, toGroupEntry(GROUP_WRITE), Permission.Action.WRITE); }