Example 36 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestWithDisabledAuthorization method testManageUserAuths.
@Test(timeout = 180000)
public void testManageUserAuths() throws Throwable {
// Even though authorization is disabled, we should be able to manage user auths
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName());
} catch (Throwable t) {
fail("Should not have failed");
}
return null;
}
});
PrivilegedExceptionAction<List<String>> getAuths = new PrivilegedExceptionAction<List<String>>() {
public List<String> run() throws Exception {
GetAuthsResponse authsResponse = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, USER_RW.getShortName());
} catch (Throwable t) {
fail("Should not have failed");
}
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
return authsList;
}
};
List<String> authsList = SUPERUSER.runAs(getAuths);
assertEquals(2, authsList.size());
assertTrue(authsList.contains(SECRET));
assertTrue(authsList.contains(CONFIDENTIAL));
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.clearAuths(conn, new String[] { SECRET }, USER_RW.getShortName());
} catch (Throwable t) {
fail("Should not have failed");
}
return null;
}
});
authsList = SUPERUSER.runAs(getAuths);
assertEquals(1, authsList.size());
assertTrue(authsList.contains(CONFIDENTIAL));
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL }, USER_RW.getShortName());
} catch (Throwable t) {
fail("Should not have failed");
}
return null;
}
});
authsList = SUPERUSER.runAs(getAuths);
assertEquals(0, authsList.size());
}
Also used :
ByteString(com.google.protobuf.ByteString)
Connection(org.apache.hadoop.hbase.client.Connection)
ArrayList(java.util.ArrayList)
ByteString(com.google.protobuf.ByteString)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
GetAuthsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)
ArrayList(java.util.ArrayList)
List(java.util.List)
Test(org.junit.Test)
Example 37 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestVisibilityLabelsWithACL method testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations.
@Test
public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable {
String[] auths = { SECRET };
String user = "user2";
VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ);
PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
Scan s = new Scan();
s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
try (Connection connection = ConnectionFactory.createConnection(conf);
Table t = connection.getTable(table.getName())) {
ResultScanner scanner = t.getScanner(s);
Result result = scanner.next();
assertTrue(!result.isEmpty());
assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow()));
result = scanner.next();
assertNull(result);
}
return null;
}
};
NORMAL_USER2.runAs(scanAction);
}
Also used :
TableName(org.apache.hadoop.hbase.TableName)
Table(org.apache.hadoop.hbase.client.Table)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
Connection(org.apache.hadoop.hbase.client.Connection)
Scan(org.apache.hadoop.hbase.client.Scan)
ByteString(com.google.protobuf.ByteString)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Result(org.apache.hadoop.hbase.client.Result)
Test(org.junit.Test)
Example 38 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestVisibilityLabelsWithACL method testGetForSuperUserWithFewerLabelAuths.
@Test
public void testGetForSuperUserWithFewerLabelAuths() throws Throwable {
String[] auths = { SECRET };
String user = "admin";
VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
Get g = new Get(row1);
g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
try (Connection connection = ConnectionFactory.createConnection(conf);
Table t = connection.getTable(table.getName())) {
Result result = t.get(g);
assertTrue(!result.isEmpty());
}
return null;
}
};
SUPERUSER.runAs(scanAction);
}
Also used :
TableName(org.apache.hadoop.hbase.TableName)
Table(org.apache.hadoop.hbase.client.Table)
Get(org.apache.hadoop.hbase.client.Get)
Connection(org.apache.hadoop.hbase.client.Connection)
ByteString(com.google.protobuf.ByteString)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Result(org.apache.hadoop.hbase.client.Result)
Test(org.junit.Test)
Example 39 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestVisibilityLabelsWithDefaultVisLabelService method testAddVisibilityLabelsOnRSRestart.
@Test(timeout = 60 * 1000)
public void testAddVisibilityLabelsOnRSRestart() throws Exception {
List<RegionServerThread> regionServerThreads = TEST_UTIL.getHBaseCluster().getRegionServerThreads();
for (RegionServerThread rsThread : regionServerThreads) {
rsThread.getRegionServer().abort("Aborting ");
}
// Start one new RS
RegionServerThread rs = TEST_UTIL.getHBaseCluster().startRegionServer();
waitForLabelsRegionAvailability(rs.getRegionServer());
final AtomicBoolean vcInitialized = new AtomicBoolean(true);
do {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels);
List<RegionActionResult> results = resp.getResultList();
if (results.get(0).hasException()) {
NameBytesPair pair = results.get(0).getException();
Throwable t = ProtobufUtil.toException(pair);
LOG.debug("Got exception writing labels", t);
if (t instanceof VisibilityControllerNotReadyException) {
vcInitialized.set(false);
LOG.warn("VisibilityController was not yet initialized");
Threads.sleep(10);
} else {
vcInitialized.set(true);
}
} else
LOG.debug("new labels added: " + resp);
} catch (Throwable t) {
throw new IOException(t);
}
return null;
}
};
SUPERUSER.runAs(action);
} while (!vcInitialized.get());
// Scan the visibility label
Scan s = new Scan();
s.setAuthorizations(new Authorizations(VisibilityUtils.SYSTEM_LABEL));
int i = 0;
try (Table ht = TEST_UTIL.getConnection().getTable(LABELS_TABLE_NAME);
ResultScanner scanner = ht.getScanner(s)) {
while (true) {
Result next = scanner.next();
if (next == null) {
break;
}
i++;
}
}
// One label is the "system" label.
Assert.assertEquals("The count should be 13", 13, i);
}
Also used :
Table(org.apache.hadoop.hbase.client.Table)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
Connection(org.apache.hadoop.hbase.client.Connection)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
ByteString(com.google.protobuf.ByteString)
RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)
IOException(java.io.IOException)
RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)
Result(org.apache.hadoop.hbase.client.Result)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
NameBytesPair(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair)
Scan(org.apache.hadoop.hbase.client.Scan)
RegionServerThread(org.apache.hadoop.hbase.util.JVMClusterUtil.RegionServerThread)
VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Test(org.junit.Test)
Example 40 with Connection
use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.
the class TestVisibilityLabelsWithDefaultVisLabelService method testAddLabels.
@Test
public void testAddLabels() throws Throwable {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" };
VisibilityLabelsResponse response = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.addLabels(conn, labels);
} catch (Throwable e) {
fail("Should not have thrown exception");
}
List<RegionActionResult> resultList = response.getResultList();
assertEquals(5, resultList.size());
assertTrue(resultList.get(0).getException().getValue().isEmpty());
assertEquals("org.apache.hadoop.hbase.DoNotRetryIOException", resultList.get(1).getException().getName());
assertTrue(Bytes.toString(resultList.get(1).getException().getValue().toByteArray()).contains("org.apache.hadoop.hbase.security.visibility.LabelAlreadyExistsException: " + "Label 'secret' already exists"));
assertTrue(resultList.get(2).getException().getValue().isEmpty());
assertTrue(resultList.get(3).getException().getValue().isEmpty());
assertTrue(resultList.get(4).getException().getValue().isEmpty());
return null;
}
};
SUPERUSER.runAs(action);
}
Also used :
Connection(org.apache.hadoop.hbase.client.Connection)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
ByteString(com.google.protobuf.ByteString)
RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)
VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Test(org.junit.Test)
Aggregations
Connection (org.apache.hadoop.hbase.client.Connection)307
Table (org.apache.hadoop.hbase.client.Table)194
Test (org.junit.Test)174
IOException (java.io.IOException)117
TableName (org.apache.hadoop.hbase.TableName)103
Result (org.apache.hadoop.hbase.client.Result)102
Admin (org.apache.hadoop.hbase.client.Admin)90
Scan (org.apache.hadoop.hbase.client.Scan)81
ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)77
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)71
Put (org.apache.hadoop.hbase.client.Put)68
HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)58
Delete (org.apache.hadoop.hbase.client.Delete)55
Configuration (org.apache.hadoop.conf.Configuration)54
HColumnDescriptor (org.apache.hadoop.hbase.HColumnDescriptor)52
Get (org.apache.hadoop.hbase.client.Get)48
InterruptedIOException (java.io.InterruptedIOException)45
Cell (org.apache.hadoop.hbase.Cell)41
CellScanner (org.apache.hadoop.hbase.CellScanner)34
ArrayList (java.util.ArrayList)26
