Example 1 with BlockingRpcChannel
use of com.google.protobuf.BlockingRpcChannel in project hbase by apache.
the class SecureTestUtil method checkGlobalPerms.
public static void checkGlobalPerms(HBaseTestingUtility testUtil, Permission.Action... actions) throws IOException {
Permission[] perms = new Permission[actions.length];
for (int i = 0; i < actions.length; i++) {
perms[i] = new Permission(actions[i]);
}
CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder();
for (Action a : actions) {
request.addPermission(AccessControlProtos.Permission.newBuilder().setType(AccessControlProtos.Permission.Type.Global).setGlobalPermission(AccessControlProtos.GlobalPermission.newBuilder().addAction(AccessControlUtil.toPermissionAction(a)).build()));
}
try (Connection conn = ConnectionFactory.createConnection(testUtil.getConfiguration());
Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(channel);
try {
protocol.checkPermissions(null, request.build());
} catch (ServiceException se) {
ProtobufUtil.toIOException(se);
}
}
}
Also used :
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Action(org.apache.hadoop.hbase.security.access.Permission.Action)
Table(org.apache.hadoop.hbase.client.Table)
AccessControlService(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService)
ServiceException(com.google.protobuf.ServiceException)
Connection(org.apache.hadoop.hbase.client.Connection)
BlockingRpcChannel(com.google.protobuf.BlockingRpcChannel)
CheckPermissionsRequest(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest)
Example 2 with BlockingRpcChannel
use of com.google.protobuf.BlockingRpcChannel in project hbase by apache.
the class TestAccessController method testGlobalPermissionList.
@Test(timeout = 180000)
public void testGlobalPermissionList() throws Exception {
List<UserPermission> perms;
Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service);
perms = AccessControlUtil.getUserPermissions(null, protocol);
} finally {
acl.close();
}
List<String> superUsers = Superusers.getSuperUsers();
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));
for (String user : superUsers) {
adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME, null, null, Action.values()));
}
assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + "per setup", perms.size() == 5 + superUsers.size() && hasFoundUserPermission(adminPerms, perms));
}
Also used :
Table(org.apache.hadoop.hbase.client.Table)
AccessControlService(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService)
ArrayList(java.util.ArrayList)
BlockingRpcChannel(com.google.protobuf.BlockingRpcChannel)
Test(org.junit.Test)
Aggregations
BlockingRpcChannel (com.google.protobuf.BlockingRpcChannel)2
Table (org.apache.hadoop.hbase.client.Table)2
AccessControlService (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService)2
ServiceException (com.google.protobuf.ServiceException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
ArrayList (java.util.ArrayList)1
Connection (org.apache.hadoop.hbase.client.Connection)1
CheckPermissionsRequest (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest)1
Action (org.apache.hadoop.hbase.security.access.Permission.Action)1
Test (org.junit.Test)1
