Search in sources :

Example 71 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestCellACLWithMultipleVersions method testCellPermissionsForCheckAndDelete.

@Test
public void testCellPermissionsForCheckAndDelete() throws Exception {
    final byte[] TEST_ROW1 = Bytes.toBytes("r1");
    final byte[] TEST_Q3 = Bytes.toBytes("q3");
    final byte[] ZERO = Bytes.toBytes(0L);
    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
    verifyAllowed(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    Map<String, Permission> permsU1andU2andGUandOwner = prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    Map<String, Permission> permsU1_U2andGU = prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE);
                    Put p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 120, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 120, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q3, (long) 120, ZERO);
                    p.setACL(permsU1andU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q3, (long) 123, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
                    p.setACL(permsU1_U2andGU);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
                    p.setACL(user2.getShortName(), new Permission(Permission.Action.READ));
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q3, 127, ZERO);
                    p.setACL(AuthUtil.toGroupEntry(GROUP), new Permission(Permission.Action.READ));
                    t.put(p);
                }
            }
            return null;
        }
    }, USER_OWNER);
    // user1 should be allowed to do the checkAndDelete. user1 having read permission on the latest
    // version cell and write permission on all versions
    user1.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Delete d = new Delete(TEST_ROW1);
                    d.addColumns(TEST_FAMILY1, TEST_Q1, 120);
                    t.checkAndDelete(TEST_ROW1, TEST_FAMILY1, TEST_Q1, ZERO, d);
                }
            }
            return null;
        }
    });
    // user2 shouldn't be allowed to do the checkAndDelete. user2 having RW permission on the latest
    // version cell but not on cell version TS=123
    verifyUserDeniedForCheckAndDelete(user2, TEST_ROW1, ZERO);
    // GROUP_USER shouldn't be allowed to do the checkAndDelete. GROUP_USER having RW permission on
    // the latest
    // version cell but not on cell version TS=123
    verifyUserDeniedForCheckAndDelete(GROUP_USER, TEST_ROW1, ZERO);
    // user2 should be allowed to do the checkAndDelete when delete tries to delete the old version
    // TS=120. user2 having R permission on the latest version(no W permission) cell
    // and W permission on cell version TS=120.
    verifyUserAllowedforCheckAndDelete(user2, TEST_ROW1, TEST_Q2, ZERO);
    // GROUP_USER should be allowed to do the checkAndDelete when delete tries to delete the old
    // version
    // TS=120. user2 having R permission on the latest version(no W permission) cell
    // and W permission on cell version TS=120.
    verifyUserAllowedforCheckAndDelete(GROUP_USER, TEST_ROW1, TEST_Q3, ZERO);
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) User(org.apache.hadoop.hbase.security.User) Table(org.apache.hadoop.hbase.client.Table) Connection(org.apache.hadoop.hbase.client.Connection) TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException) IOException(java.io.IOException) Put(org.apache.hadoop.hbase.client.Put) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Example 72 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestCellACLWithMultipleVersions method testCellPermissionsWithDeleteWithUserTs.

@Test
public void testCellPermissionsWithDeleteWithUserTs() throws Exception {
    USER_OWNER.runAs(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    // This version (TS = 123) with rw ACL for USER_OTHER and USER_OTHER2
                    Put p = new Put(TEST_ROW);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, 123L, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, 123L, ZERO);
                    p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OTHER2.getShortName() }, Permission.Action.READ, Permission.Action.WRITE));
                    t.put(p);
                    // This version (TS = 125) with rw ACL for USER_OTHER
                    p = new Put(TEST_ROW);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, 125L, ONE);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, 125L, ONE);
                    p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE));
                    t.put(p);
                    // This version (TS = 127) with rw ACL for USER_OTHER
                    p = new Put(TEST_ROW);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, 127L, TWO);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, 127L, TWO);
                    p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE));
                    t.put(p);
                    return null;
                }
            }
        }
    });
    // USER_OTHER2 should be allowed to delete the column f1:q1 versions older than TS 124L
    USER_OTHER2.runAs(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Delete d = new Delete(TEST_ROW, 124L);
                    d.addColumns(TEST_FAMILY1, TEST_Q1);
                    t.delete(d);
                }
            }
            return null;
        }
    });
    // USER_OTHER2 should be allowed to delete the column f1:q2 versions older than TS 124L
    USER_OTHER2.runAs(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Delete d = new Delete(TEST_ROW);
                    d.addColumns(TEST_FAMILY1, TEST_Q2, 124L);
                    t.delete(d);
                }
            }
            return null;
        }
    });
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) Connection(org.apache.hadoop.hbase.client.Connection) TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException) IOException(java.io.IOException) Put(org.apache.hadoop.hbase.client.Put) Test(org.junit.Test)

Example 73 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestCellACLWithMultipleVersions method testDeleteWithFutureTimestamp.

@Test
public void testDeleteWithFutureTimestamp() throws Exception {
    // Store two values, one in the future
    verifyAllowed(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    // Store a read write ACL without a timestamp, server will use current time
                    Put p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2, ONE);
                    Map<String, Permission> readAndWritePerms = prepareCellPermissions(usersAndGroups, Action.READ, Action.WRITE);
                    p.setACL(readAndWritePerms);
                    t.put(p);
                    p = new Put(TEST_ROW).addColumn(TEST_FAMILY2, TEST_Q2, ONE);
                    p.setACL(readAndWritePerms);
                    t.put(p);
                    LOG.info("Stored at current time");
                    // Store read only ACL at a future time
                    p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, EnvironmentEdgeManager.currentTime() + 1000000, ZERO);
                    p.setACL(prepareCellPermissions(new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) }, Action.READ));
                    t.put(p);
                }
            }
            return null;
        }
    }, USER_OWNER);
    // Confirm stores are visible
    AccessTestAction getQ1 = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1);
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    return t.get(get).listCells();
                }
            }
        }
    };
    AccessTestAction getQ2 = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2);
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    return t.get(get).listCells();
                }
            }
        }
    };
    verifyAllowed(getQ1, USER_OWNER, USER_OTHER, GROUP_USER);
    verifyAllowed(getQ2, USER_OWNER, USER_OTHER, GROUP_USER);
    // Issue a DELETE for the family, should succeed because the future ACL is
    // not considered
    AccessTestAction deleteFamily1 = getDeleteFamilyAction(TEST_FAMILY1);
    AccessTestAction deleteFamily2 = getDeleteFamilyAction(TEST_FAMILY2);
    verifyAllowed(deleteFamily1, USER_OTHER);
    verifyAllowed(deleteFamily2, GROUP_USER);
    // The future put should still exist
    verifyAllowed(getQ1, USER_OWNER, USER_OTHER, GROUP_USER);
    // The other put should be covered by the tombstone
    verifyIfNull(getQ2, USER_OTHER, GROUP_USER);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) Get(org.apache.hadoop.hbase.client.Get) Connection(org.apache.hadoop.hbase.client.Connection) HashMap(java.util.HashMap) Map(java.util.Map) TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException) IOException(java.io.IOException) Put(org.apache.hadoop.hbase.client.Put) Test(org.junit.Test)

Example 74 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestCellACLWithMultipleVersions method testCellPermissionsWithDeleteExactVersion.

@Test
public void testCellPermissionsWithDeleteExactVersion() throws Exception {
    final byte[] TEST_ROW1 = Bytes.toBytes("r1");
    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    final byte[] ZERO = Bytes.toBytes(0L);
    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
    verifyAllowed(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    Map<String, Permission> permsU2andGUandOwner = prepareCellPermissions(new String[] { user2.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    Put p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
                    p.setACL(permsU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 123, ZERO);
                    p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 123, ZERO);
                    p.setACL(permsU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 125, ZERO);
                    p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 125, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
                    p.setACL(permsU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY2, TEST_Q1, (long) 129, ZERO);
                    p.addColumn(TEST_FAMILY2, TEST_Q2, (long) 129, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                }
            }
            return null;
        }
    }, USER_OWNER);
    // user1 should be allowed to delete TEST_ROW1 as he is having write permission on both
    // versions of the cells
    user1.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Delete d = new Delete(TEST_ROW1);
                    d.addColumn(TEST_FAMILY1, TEST_Q1, 123);
                    d.addColumn(TEST_FAMILY1, TEST_Q2);
                    d.addFamilyVersion(TEST_FAMILY2, 125);
                    t.delete(d);
                }
            }
            return null;
        }
    });
    verifyUserDeniedForDeleteExactVersion(user2, TEST_ROW1, TEST_Q1, TEST_Q2);
    verifyUserDeniedForDeleteExactVersion(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2);
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) User(org.apache.hadoop.hbase.security.User) Table(org.apache.hadoop.hbase.client.Table) Connection(org.apache.hadoop.hbase.client.Connection) TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException) IOException(java.io.IOException) Put(org.apache.hadoop.hbase.client.Put) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Example 75 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestCellACLWithMultipleVersions method testCellPermissionsForPutWithMultipleVersions.

@Test
public void testCellPermissionsForPutWithMultipleVersions() throws Exception {
    final byte[] TEST_ROW1 = Bytes.toBytes("r1");
    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    final byte[] ZERO = Bytes.toBytes(0L);
    final User user1 = User.createUserForTesting(conf, "user1", new String[0]);
    final User user2 = User.createUserForTesting(conf, "user2", new String[0]);
    verifyAllowed(new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Map<String, Permission> permsU1andOwner = prepareCellPermissions(new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    Map<String, Permission> permsU2andGUandOwner = prepareCellPermissions(new String[] { user1.getShortName(), AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ, Action.WRITE);
                    permsU2andGUandOwner.put(user2.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
                    permsU2andGUandOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
                    Put p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 123, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 123, ZERO);
                    p.setACL(permsU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 127, ZERO);
                    p.setACL(permsU2andGUandOwner);
                    t.put(p);
                    p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, (long) 127, ZERO);
                    p.setACL(permsU1andOwner);
                    t.put(p);
                }
            }
            return null;
        }
    }, USER_OWNER);
    // new Put with TEST_Q1 column having TS=125. This covers old cell with TS 123 and user1 is
    // having RW permission. While TEST_Q2 is with latest TS and so it covers old cell with TS 127.
    // User1 is having RW permission on that too.
    user1.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                try (Table t = connection.getTable(TEST_TABLE.getTableName())) {
                    Put p = new Put(TEST_ROW1);
                    p.addColumn(TEST_FAMILY1, TEST_Q1, (long) 125, ZERO);
                    p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);
                    p.setACL(user2.getShortName(), new Permission(Permission.Action.READ, Permission.Action.WRITE));
                    t.put(p);
                }
            }
            return null;
        }
    });
    verifyUserDeniedForPutMultipleVersions(user2, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);
    verifyUserDeniedForPutMultipleVersions(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);
}
Also used : User(org.apache.hadoop.hbase.security.User) Table(org.apache.hadoop.hbase.client.Table) Connection(org.apache.hadoop.hbase.client.Connection) TableNotFoundException(org.apache.hadoop.hbase.TableNotFoundException) IOException(java.io.IOException) Put(org.apache.hadoop.hbase.client.Put) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Aggregations

Connection (org.apache.hadoop.hbase.client.Connection)307 Table (org.apache.hadoop.hbase.client.Table)194 Test (org.junit.Test)174 IOException (java.io.IOException)117 TableName (org.apache.hadoop.hbase.TableName)103 Result (org.apache.hadoop.hbase.client.Result)102 Admin (org.apache.hadoop.hbase.client.Admin)90 Scan (org.apache.hadoop.hbase.client.Scan)81 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)77 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)71 Put (org.apache.hadoop.hbase.client.Put)68 HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)58 Delete (org.apache.hadoop.hbase.client.Delete)55 Configuration (org.apache.hadoop.conf.Configuration)54 HColumnDescriptor (org.apache.hadoop.hbase.HColumnDescriptor)52 Get (org.apache.hadoop.hbase.client.Get)48 InterruptedIOException (java.io.InterruptedIOException)45 Cell (org.apache.hadoop.hbase.Cell)41 CellScanner (org.apache.hadoop.hbase.CellScanner)34 ArrayList (java.util.ArrayList)26