Search in sources :

Example 36 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestWithDisabledAuthorization method testManageUserAuths.

@Test(timeout = 180000)
public void testManageUserAuths() throws Throwable {
    // Even though authorization is disabled, we should be able to manage user auths
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    PrivilegedExceptionAction<List<String>> getAuths = new PrivilegedExceptionAction<List<String>>() {

        public List<String> run() throws Exception {
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                authsResponse = VisibilityClient.getAuths(conn, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            return authsList;
        }
    };
    List<String> authsList = SUPERUSER.runAs(getAuths);
    assertEquals(2, authsList.size());
    assertTrue(authsList.contains(SECRET));
    assertTrue(authsList.contains(CONFIDENTIAL));
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.clearAuths(conn, new String[] { SECRET }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(1, authsList.size());
    assertTrue(authsList.contains(CONFIDENTIAL));
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(0, authsList.size());
}
Also used : ByteString(com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) ByteString(com.google.protobuf.ByteString) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) GetAuthsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) ArrayList(java.util.ArrayList) List(java.util.List) Test(org.junit.Test)

Example 37 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestVisibilityLabelsWithACL method testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations.

@Test
public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable {
    String[] auths = { SECRET };
    String user = "user2";
    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
    TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ);
    PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            Scan s = new Scan();
            s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table t = connection.getTable(table.getName())) {
                ResultScanner scanner = t.getScanner(s);
                Result result = scanner.next();
                assertTrue(!result.isEmpty());
                assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow()));
                result = scanner.next();
                assertNull(result);
            }
            return null;
        }
    };
    NORMAL_USER2.runAs(scanAction);
}
Also used : TableName(org.apache.hadoop.hbase.TableName) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) Scan(org.apache.hadoop.hbase.client.Scan) ByteString(com.google.protobuf.ByteString) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Result(org.apache.hadoop.hbase.client.Result) Test(org.junit.Test)

Example 38 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestVisibilityLabelsWithACL method testGetForSuperUserWithFewerLabelAuths.

@Test
public void testGetForSuperUserWithFewerLabelAuths() throws Throwable {
    String[] auths = { SECRET };
    String user = "admin";
    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
    TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
    PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            Get g = new Get(row1);
            g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table t = connection.getTable(table.getName())) {
                Result result = t.get(g);
                assertTrue(!result.isEmpty());
            }
            return null;
        }
    };
    SUPERUSER.runAs(scanAction);
}
Also used : TableName(org.apache.hadoop.hbase.TableName) Table(org.apache.hadoop.hbase.client.Table) Get(org.apache.hadoop.hbase.client.Get) Connection(org.apache.hadoop.hbase.client.Connection) ByteString(com.google.protobuf.ByteString) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Result(org.apache.hadoop.hbase.client.Result) Test(org.junit.Test)

Example 39 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestVisibilityLabelsWithDefaultVisLabelService method testAddVisibilityLabelsOnRSRestart.

@Test(timeout = 60 * 1000)
public void testAddVisibilityLabelsOnRSRestart() throws Exception {
    List<RegionServerThread> regionServerThreads = TEST_UTIL.getHBaseCluster().getRegionServerThreads();
    for (RegionServerThread rsThread : regionServerThreads) {
        rsThread.getRegionServer().abort("Aborting ");
    }
    // Start one new RS
    RegionServerThread rs = TEST_UTIL.getHBaseCluster().startRegionServer();
    waitForLabelsRegionAvailability(rs.getRegionServer());
    final AtomicBoolean vcInitialized = new AtomicBoolean(true);
    do {
        PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

            public VisibilityLabelsResponse run() throws Exception {
                String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
                try (Connection conn = ConnectionFactory.createConnection(conf)) {
                    VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels);
                    List<RegionActionResult> results = resp.getResultList();
                    if (results.get(0).hasException()) {
                        NameBytesPair pair = results.get(0).getException();
                        Throwable t = ProtobufUtil.toException(pair);
                        LOG.debug("Got exception writing labels", t);
                        if (t instanceof VisibilityControllerNotReadyException) {
                            vcInitialized.set(false);
                            LOG.warn("VisibilityController was not yet initialized");
                            Threads.sleep(10);
                        } else {
                            vcInitialized.set(true);
                        }
                    } else
                        LOG.debug("new labels added: " + resp);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(action);
    } while (!vcInitialized.get());
    // Scan the visibility label
    Scan s = new Scan();
    s.setAuthorizations(new Authorizations(VisibilityUtils.SYSTEM_LABEL));
    int i = 0;
    try (Table ht = TEST_UTIL.getConnection().getTable(LABELS_TABLE_NAME);
        ResultScanner scanner = ht.getScanner(s)) {
        while (true) {
            Result next = scanner.next();
            if (next == null) {
                break;
            }
            i++;
        }
    }
    // One label is the "system" label.
    Assert.assertEquals("The count should be 13", 13, i);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(com.google.protobuf.ByteString) RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult) IOException(java.io.IOException) RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult) Result(org.apache.hadoop.hbase.client.Result) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) NameBytesPair(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair) Scan(org.apache.hadoop.hbase.client.Scan) RegionServerThread(org.apache.hadoop.hbase.util.JVMClusterUtil.RegionServerThread) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Example 40 with Connection

use of org.apache.hadoop.hbase.client.Connection in project hbase by apache.

the class TestVisibilityLabelsWithDefaultVisLabelService method testAddLabels.

@Test
public void testAddLabels() throws Throwable {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" };
            VisibilityLabelsResponse response = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                response = VisibilityClient.addLabels(conn, labels);
            } catch (Throwable e) {
                fail("Should not have thrown exception");
            }
            List<RegionActionResult> resultList = response.getResultList();
            assertEquals(5, resultList.size());
            assertTrue(resultList.get(0).getException().getValue().isEmpty());
            assertEquals("org.apache.hadoop.hbase.DoNotRetryIOException", resultList.get(1).getException().getName());
            assertTrue(Bytes.toString(resultList.get(1).getException().getValue().toByteArray()).contains("org.apache.hadoop.hbase.security.visibility.LabelAlreadyExistsException: " + "Label 'secret' already exists"));
            assertTrue(resultList.get(2).getException().getValue().isEmpty());
            assertTrue(resultList.get(3).getException().getValue().isEmpty());
            assertTrue(resultList.get(4).getException().getValue().isEmpty());
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(com.google.protobuf.ByteString) RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Aggregations

Connection (org.apache.hadoop.hbase.client.Connection)307 Table (org.apache.hadoop.hbase.client.Table)194 Test (org.junit.Test)174 IOException (java.io.IOException)117 TableName (org.apache.hadoop.hbase.TableName)103 Result (org.apache.hadoop.hbase.client.Result)102 Admin (org.apache.hadoop.hbase.client.Admin)90 Scan (org.apache.hadoop.hbase.client.Scan)81 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)77 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)71 Put (org.apache.hadoop.hbase.client.Put)68 HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)58 Delete (org.apache.hadoop.hbase.client.Delete)55 Configuration (org.apache.hadoop.conf.Configuration)54 HColumnDescriptor (org.apache.hadoop.hbase.HColumnDescriptor)52 Get (org.apache.hadoop.hbase.client.Get)48 InterruptedIOException (java.io.InterruptedIOException)45 Cell (org.apache.hadoop.hbase.Cell)41 CellScanner (org.apache.hadoop.hbase.CellScanner)34 ArrayList (java.util.ArrayList)26