Example 71 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestCellACLWithMultipleVersions method testCellPermissionsForCheckAndDelete.
@Test
public void testCellPermissionsForCheckAndDelete() throws Exception {
final byte[] TEST_ROW1 = Bytes.toBytes("r1");
final byte[] TEST_Q3 = Bytes.toBytes("q3");
final byte[] ZERO = Bytes.toBytes(0L);
final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
Map<String, Permission> permsU1andU2andGUandOwner = prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
Map<String, Permission> permsU1_U2andGU = prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE);
Put p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 120, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 120, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q3, (long) 120, ZERO);
p.setACL(permsU1andU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q3, (long) 123, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
p.setACL(permsU1_U2andGU);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
p.setACL(user2.getShortName(), new Permission(Permission.Action.READ));
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q3, 127, ZERO);
p.setACL(AuthUtil.toGroupEntry(GROUP), new Permission(Permission.Action.READ));
t.put(p);
}
}
return null;
}
}, USER_OWNER);
// user1 should be allowed to do the checkAndDelete. user1 having read permission on the latest
// version cell and write permission on all versions
user1.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Delete d = new Delete(TEST_ROW1);
d.addColumns(TEST_FAMILY1, TEST_Q1, 120);
t.checkAndDelete(TEST_ROW1, TEST_FAMILY1, TEST_Q1, ZERO, d);
}
}
return null;
}
});
// user2 shouldn't be allowed to do the checkAndDelete. user2 having RW permission on the latest
// version cell but not on cell version TS=123
verifyUserDeniedForCheckAndDelete(user2, TEST_ROW1, ZERO);
// GROUP_USER shouldn't be allowed to do the checkAndDelete. GROUP_USER having RW permission on
// the latest
// version cell but not on cell version TS=123
verifyUserDeniedForCheckAndDelete(GROUP_USER, TEST_ROW1, ZERO);
// user2 should be allowed to do the checkAndDelete when delete tries to delete the old version
// TS=120. user2 having R permission on the latest version(no W permission) cell
// and W permission on cell version TS=120.
verifyUserAllowedforCheckAndDelete(user2, TEST_ROW1, TEST_Q2, ZERO);
// GROUP_USER should be allowed to do the checkAndDelete when delete tries to delete the old
// version
// TS=120. user2 having R permission on the latest version(no W permission) cell
// and W permission on cell version TS=120.
verifyUserAllowedforCheckAndDelete(GROUP_USER, TEST_ROW1, TEST_Q3, ZERO);
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
User(org.apache.hadoop.hbase.security.User)
Table(org.apache.hadoop.hbase.client.Table)
Connection(org.apache.hadoop.hbase.client.Connection)
TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Example 72 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestCellACLWithMultipleVersions method testCellPermissionsWithDeleteWithUserTs.
@Test
public void testCellPermissionsWithDeleteWithUserTs() throws Exception {
USER_OWNER.runAs(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
// This version (TS = 123) with rw ACL for USER_OTHER and USER_OTHER2
Put p = new Put(TEST_ROW);
p.addColumn(TEST_FAMILY1, TEST_Q1, 123L, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q2, 123L, ZERO);
p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OTHER2.getShortName() }, Permission.Action.READ, Permission.Action.WRITE));
t.put(p);
// This version (TS = 125) with rw ACL for USER_OTHER
p = new Put(TEST_ROW);
p.addColumn(TEST_FAMILY1, TEST_Q1, 125L, ONE);
p.addColumn(TEST_FAMILY1, TEST_Q2, 125L, ONE);
p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE));
t.put(p);
// This version (TS = 127) with rw ACL for USER_OTHER
p = new Put(TEST_ROW);
p.addColumn(TEST_FAMILY1, TEST_Q1, 127L, TWO);
p.addColumn(TEST_FAMILY1, TEST_Q2, 127L, TWO);
p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE));
t.put(p);
return null;
}
}
}
});
// USER_OTHER2 should be allowed to delete the column f1:q1 versions older than TS 124L
USER_OTHER2.runAs(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Delete d = new Delete(TEST_ROW, 124L);
d.addColumns(TEST_FAMILY1, TEST_Q1);
t.delete(d);
}
}
return null;
}
});
// USER_OTHER2 should be allowed to delete the column f1:q2 versions older than TS 124L
USER_OTHER2.runAs(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Delete d = new Delete(TEST_ROW);
d.addColumns(TEST_FAMILY1, TEST_Q2, 124L);
t.delete(d);
}
}
return null;
}
});
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
Table(org.apache.hadoop.hbase.client.Table)
Connection(org.apache.hadoop.hbase.client.Connection)
TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
Test(org.junit.Test)
Example 73 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestCellACLWithMultipleVersions method testDeleteWithFutureTimestamp.
@Test
public void testDeleteWithFutureTimestamp() throws Exception {
// Store two values, one in the future
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
// Store a read write ACL without a timestamp, server will use current time
Put p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2, ONE);
Map<String, Permission> readAndWritePerms = prepareCellPermissions(usersAndGroups, Action.READ, Action.WRITE);
p.setACL(readAndWritePerms);
t.put(p);
p = new Put(TEST_ROW).addColumn(TEST_FAMILY2, TEST_Q2, ONE);
p.setACL(readAndWritePerms);
t.put(p);
LOG.info("Stored at current time");
// Store read only ACL at a future time
p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, EnvironmentEdgeManager.currentTime() + 1000000, ZERO);
p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ));
t.put(p);
}
}
return null;
}
}, USER_OWNER);
// Confirm stores are visible
AccessTestAction getQ1 = new AccessTestAction() {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1);
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
}
}
}
};
AccessTestAction getQ2 = new AccessTestAction() {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2);
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
}
}
}
};
verifyAllowed(getQ1, USER_OWNER, USER_OTHER, GROUP_USER);
verifyAllowed(getQ2, USER_OWNER, USER_OTHER, GROUP_USER);
// Issue a DELETE for the family, should succeed because the future ACL is
// not considered
AccessTestAction deleteFamily1 = getDeleteFamilyAction(TEST_FAMILY1);
AccessTestAction deleteFamily2 = getDeleteFamilyAction(TEST_FAMILY2);
verifyAllowed(deleteFamily1, USER_OTHER);
verifyAllowed(deleteFamily2, GROUP_USER);
// The future put should still exist
verifyAllowed(getQ1, USER_OWNER, USER_OTHER, GROUP_USER);
// The other put should be covered by the tombstone
verifyIfNull(getQ2, USER_OTHER, GROUP_USER);
}
Also used :
Table(org.apache.hadoop.hbase.client.Table)
Get(org.apache.hadoop.hbase.client.Get)
Connection(org.apache.hadoop.hbase.client.Connection)
HashMap(java.util.HashMap)
Map(java.util.Map)
TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
Test(org.junit.Test)
Example 74 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestCellACLWithMultipleVersions method testCellPermissionsWithDeleteExactVersion.
@Test
public void testCellPermissionsWithDeleteExactVersion() throws Exception {
final byte[] TEST_ROW1 = Bytes.toBytes("r1");
final byte[] TEST_Q1 = Bytes.toBytes("q1");
final byte[] TEST_Q2 = Bytes.toBytes("q2");
final byte[] ZERO = Bytes.toBytes(0L);
final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
Map<String, Permission> permsU2andGUandOwner = prepareCellPermissions(new String[] { user2.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
Put p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
p.setACL(permsU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 123, ZERO);
p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 123, ZERO);
p.setACL(permsU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 125, ZERO);
p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 125, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
p.setACL(permsU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 129, ZERO);
p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 129, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
}
}
return null;
}
}, USER_OWNER);
// user1 should be allowed to delete TEST_ROW1 as he is having write permission on both
// versions of the cells
user1.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Delete d = new Delete(TEST_ROW1);
d.addColumn(TEST_FAMILY1, TEST_Q1, 123);
d.addColumn(TEST_FAMILY1, TEST_Q2);
d.addFamilyVersion(TEST_FAMILY2, 125);
t.delete(d);
}
}
return null;
}
});
verifyUserDeniedForDeleteExactVersion(user2, TEST_ROW1, TEST_Q1, TEST_Q2);
verifyUserDeniedForDeleteExactVersion(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2);
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
User(org.apache.hadoop.hbase.security.User)
Table(org.apache.hadoop.hbase.client.Table)
Connection(org.apache.hadoop.hbase.client.Connection)
TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Example 75 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestCellACLWithMultipleVersions method testCellPermissionsForPutWithMultipleVersions.
@Test
public void testCellPermissionsForPutWithMultipleVersions() throws Exception {
final byte[] TEST_ROW1 = Bytes.toBytes("r1");
final byte[] TEST_Q1 = Bytes.toBytes("q1");
final byte[] TEST_Q2 = Bytes.toBytes("q2");
final byte[] ZERO = Bytes.toBytes(0L);
final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
Map<String, Permission> permsU2andGUandOwner = prepareCellPermissions(new String[] { user1.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
permsU2andGUandOwner.put(user2.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
permsU2andGUandOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
Put p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
p.setACL(permsU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
p.setACL(permsU2andGUandOwner);
t.put(p);
p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
p.setACL(permsU1andOwner);
t.put(p);
}
}
return null;
}
}, USER_OWNER);
// new Put with TEST_Q1 column having TS=125. This covers old cell with TS 123 and user1 is
// having RW permission. While TEST_Q2 is with latest TS and so it covers old cell with TS 127.
// User1 is having RW permission on that too.
user1.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p = new Put(TEST_ROW1);
p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 125, ZERO);
p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);
p.setACL(user2.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
t.put(p);
}
}
return null;
}
});
verifyUserDeniedForPutMultipleVersions(user2, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);
verifyUserDeniedForPutMultipleVersions(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);
}
Also used :
User(org.apache.hadoop.hbase.security.User)
Table(org.apache.hadoop.hbase.client.Table)
Connection(org.apache.hadoop.hbase.client.Connection)
TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Aggregations
Connection (org.apache.hadoop.hbase.client.Connection)307
Table (org.apache.hadoop.hbase.client.Table)194
Test (org.junit.Test)174
IOException (java.io.IOException)117
TableName (org.apache.hadoop.hbase.TableName)103
Result (org.apache.hadoop.hbase.client.Result)102
Admin (org.apache.hadoop.hbase.client.Admin)90
Scan (org.apache.hadoop.hbase.client.Scan)81
ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)77
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)71
Put (org.apache.hadoop.hbase.client.Put)68
HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)58
Delete (org.apache.hadoop.hbase.client.Delete)55
Configuration (org.apache.hadoop.conf.Configuration)54
HColumnDescriptor (org.apache.hadoop.hbase.HColumnDescriptor)52
Get (org.apache.hadoop.hbase.client.Get)48
InterruptedIOException (java.io.InterruptedIOException)45
Cell (org.apache.hadoop.hbase.Cell)41
CellScanner (org.apache.hadoop.hbase.CellScanner)34
ArrayList (java.util.ArrayList)26
