Example 1 with Import
use of org.apache.hadoop.hbase.mapreduce.Import in project hbase by apache.
the class TestSecureExport method testVisibilityLabels.
@Test
// See HBASE-23990
@org.junit.Ignore
public void testVisibilityLabels() throws IOException, Throwable {
final String exportTable = name.getMethodName() + "_export";
final String importTable = name.getMethodName() + "_import";
final TableDescriptor exportHtd = TableDescriptorBuilder.newBuilder(TableName.valueOf(exportTable)).setColumnFamily(ColumnFamilyDescriptorBuilder.of(FAMILYA)).build();
User owner = User.createUserForTesting(UTIL.getConfiguration(), USER_OWNER, new String[0]);
SecureTestUtil.createTable(UTIL, owner, exportHtd, new byte[][] { Bytes.toBytes("s") });
AccessTestAction putAction = () -> {
Put p1 = new Put(ROW1);
p1.addColumn(FAMILYA, QUAL, NOW, QUAL);
p1.setCellVisibility(new CellVisibility(SECRET));
Put p2 = new Put(ROW2);
p2.addColumn(FAMILYA, QUAL, NOW, QUAL);
p2.setCellVisibility(new CellVisibility(PRIVATE + " & " + CONFIDENTIAL));
Put p3 = new Put(ROW3);
p3.addColumn(FAMILYA, QUAL, NOW, QUAL);
p3.setCellVisibility(new CellVisibility("!" + CONFIDENTIAL + " & " + TOPSECRET));
try (Connection conn = ConnectionFactory.createConnection(UTIL.getConfiguration());
Table t = conn.getTable(TableName.valueOf(exportTable))) {
t.put(p1);
t.put(p2);
t.put(p3);
}
return null;
};
SecureTestUtil.verifyAllowed(putAction, getUserByLogin(USER_OWNER));
List<Pair<List<String>, Integer>> labelsAndRowCounts = new LinkedList<>();
labelsAndRowCounts.add(new Pair<>(Arrays.asList(SECRET), 1));
labelsAndRowCounts.add(new Pair<>(Arrays.asList(PRIVATE, CONFIDENTIAL), 1));
labelsAndRowCounts.add(new Pair<>(Arrays.asList(TOPSECRET), 1));
labelsAndRowCounts.add(new Pair<>(Arrays.asList(TOPSECRET, CONFIDENTIAL), 0));
labelsAndRowCounts.add(new Pair<>(Arrays.asList(TOPSECRET, CONFIDENTIAL, PRIVATE, SECRET), 2));
for (final Pair<List<String>, Integer> labelsAndRowCount : labelsAndRowCounts) {
final List<String> labels = labelsAndRowCount.getFirst();
final int rowCount = labelsAndRowCount.getSecond();
// create a open permission directory.
final Path openDir = new Path("testAccessCase");
final FileSystem fs = openDir.getFileSystem(UTIL.getConfiguration());
fs.mkdirs(openDir);
fs.setPermission(openDir, new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.ALL));
final Path output = fs.makeQualified(new Path(openDir, "output"));
AccessTestAction exportAction = () -> {
StringBuilder buf = new StringBuilder();
labels.forEach(v -> buf.append(v).append(","));
buf.deleteCharAt(buf.length() - 1);
try {
String[] args = new String[] { "-D " + ExportUtils.EXPORT_VISIBILITY_LABELS + "=" + buf.toString(), exportTable, output.toString() };
Export.run(new Configuration(UTIL.getConfiguration()), args);
return null;
} catch (ServiceException | IOException ex) {
throw ex;
} catch (Throwable ex) {
throw new Exception(ex);
}
};
SecureTestUtil.verifyAllowed(exportAction, getUserByLogin(USER_OWNER));
final TableDescriptor importHtd = TableDescriptorBuilder.newBuilder(TableName.valueOf(importTable)).setColumnFamily(ColumnFamilyDescriptorBuilder.of(FAMILYB)).build();
SecureTestUtil.createTable(UTIL, owner, importHtd, new byte[][] { Bytes.toBytes("s") });
AccessTestAction importAction = () -> {
String[] args = new String[] { "-D" + Import.CF_RENAME_PROP + "=" + FAMILYA_STRING + ":" + FAMILYB_STRING, importTable, output.toString() };
assertEquals(0, ToolRunner.run(new Configuration(UTIL.getConfiguration()), new Import(), args));
return null;
};
SecureTestUtil.verifyAllowed(importAction, getUserByLogin(USER_OWNER));
AccessTestAction scanAction = () -> {
Scan scan = new Scan();
scan.setAuthorizations(new Authorizations(labels));
try (Connection conn = ConnectionFactory.createConnection(UTIL.getConfiguration());
Table table = conn.getTable(importHtd.getTableName());
ResultScanner scanner = table.getScanner(scan)) {
int count = 0;
for (Result r : scanner) {
++count;
}
assertEquals(rowCount, count);
}
return null;
};
SecureTestUtil.verifyAllowed(scanAction, getUserByLogin(USER_OWNER));
AccessTestAction deleteAction = () -> {
UTIL.deleteTable(importHtd.getTableName());
return null;
};
SecureTestUtil.verifyAllowed(deleteAction, getUserByLogin(USER_OWNER));
clearOutput(output);
}
AccessTestAction deleteAction = () -> {
UTIL.deleteTable(exportHtd.getTableName());
return null;
};
SecureTestUtil.verifyAllowed(deleteAction, getUserByLogin(USER_OWNER));
}
Also used :
Arrays(java.util.Arrays)
UserProvider(org.apache.hadoop.hbase.security.UserProvider)
VisibilityConstants(org.apache.hadoop.hbase.security.visibility.VisibilityConstants)
Result(org.apache.hadoop.hbase.client.Result)
FileSystem(org.apache.hadoop.fs.FileSystem)
LoggerFactory(org.slf4j.LoggerFactory)
PermissionStorage(org.apache.hadoop.hbase.security.access.PermissionStorage)
FileStatus(org.apache.hadoop.fs.FileStatus)
FsPermission(org.apache.hadoop.fs.permission.FsPermission)
ServiceException(org.apache.hbase.thirdparty.com.google.protobuf.ServiceException)
AccessControlConstants(org.apache.hadoop.hbase.security.access.AccessControlConstants)
VisibilityLabelsProtos(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos)
Map(java.util.Map)
Configuration(org.apache.hadoop.conf.Configuration)
After(org.junit.After)
Path(org.apache.hadoop.fs.Path)
HadoopSecurityEnabledUserProviderForTesting(org.apache.hadoop.hbase.security.HadoopSecurityEnabledUserProviderForTesting)
ClassRule(org.junit.ClassRule)
Pair(org.apache.hadoop.hbase.util.Pair)
AfterClass(org.junit.AfterClass)
HBaseTestingUtil(org.apache.hadoop.hbase.HBaseTestingUtil)
HBaseClassTestRule(org.apache.hadoop.hbase.HBaseClassTestRule)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
HBaseKerberosUtils(org.apache.hadoop.hbase.security.HBaseKerberosUtils)
Category(org.junit.experimental.categories.Category)
List(java.util.List)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
VisibilityClient(org.apache.hadoop.hbase.security.visibility.VisibilityClient)
EnvironmentEdgeManager(org.apache.hadoop.hbase.util.EnvironmentEdgeManager)
ExportUtils(org.apache.hadoop.hbase.mapreduce.ExportUtils)
TableDescriptor(org.apache.hadoop.hbase.client.TableDescriptor)
Permission(org.apache.hadoop.hbase.security.access.Permission)
AccessTestAction(org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction)
BeforeClass(org.junit.BeforeClass)
FsAction(org.apache.hadoop.fs.permission.FsAction)
User(org.apache.hadoop.hbase.security.User)
TableDescriptorBuilder(org.apache.hadoop.hbase.client.TableDescriptorBuilder)
ColumnFamilyDescriptorBuilder(org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
TestName(org.junit.rules.TestName)
LinkedList(java.util.LinkedList)
Bytes(org.apache.hadoop.hbase.util.Bytes)
Before(org.junit.Before)
TableName(org.apache.hadoop.hbase.TableName)
Logger(org.slf4j.Logger)
MediumTests(org.apache.hadoop.hbase.testclassification.MediumTests)
Put(org.apache.hadoop.hbase.client.Put)
Import(org.apache.hadoop.hbase.mapreduce.Import)
MiniKdc(org.apache.hadoop.minikdc.MiniKdc)
ToolRunner(org.apache.hadoop.util.ToolRunner)
IOException(java.io.IOException)
Test(org.junit.Test)
File(java.io.File)
ConnectionFactory(org.apache.hadoop.hbase.client.ConnectionFactory)
Scan(org.apache.hadoop.hbase.client.Scan)
Authorizations(org.apache.hadoop.hbase.security.visibility.Authorizations)
Rule(org.junit.Rule)
SecureTestUtil(org.apache.hadoop.hbase.security.access.SecureTestUtil)
VisibilityTestUtil(org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil)
CellVisibility(org.apache.hadoop.hbase.security.visibility.CellVisibility)
Connection(org.apache.hadoop.hbase.client.Connection)
Table(org.apache.hadoop.hbase.client.Table)
Assert.assertEquals(org.junit.Assert.assertEquals)
User(org.apache.hadoop.hbase.security.User)
Import(org.apache.hadoop.hbase.mapreduce.Import)
Configuration(org.apache.hadoop.conf.Configuration)
AccessTestAction(org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction)
CellVisibility(org.apache.hadoop.hbase.security.visibility.CellVisibility)
Result(org.apache.hadoop.hbase.client.Result)
FileSystem(org.apache.hadoop.fs.FileSystem)
List(java.util.List)
LinkedList(java.util.LinkedList)
FsPermission(org.apache.hadoop.fs.permission.FsPermission)
Pair(org.apache.hadoop.hbase.util.Pair)
Path(org.apache.hadoop.fs.Path)
Authorizations(org.apache.hadoop.hbase.security.visibility.Authorizations)
Table(org.apache.hadoop.hbase.client.Table)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
Connection(org.apache.hadoop.hbase.client.Connection)
TableDescriptor(org.apache.hadoop.hbase.client.TableDescriptor)
Put(org.apache.hadoop.hbase.client.Put)
LinkedList(java.util.LinkedList)
ServiceException(org.apache.hbase.thirdparty.com.google.protobuf.ServiceException)
IOException(java.io.IOException)
Scan(org.apache.hadoop.hbase.client.Scan)
Test(org.junit.Test)
Aggregations
File (java.io.File)1
IOException (java.io.IOException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
Arrays (java.util.Arrays)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
Map (java.util.Map)1
Configuration (org.apache.hadoop.conf.Configuration)1
FileStatus (org.apache.hadoop.fs.FileStatus)1
FileSystem (org.apache.hadoop.fs.FileSystem)1
Path (org.apache.hadoop.fs.Path)1
FsAction (org.apache.hadoop.fs.permission.FsAction)1
FsPermission (org.apache.hadoop.fs.permission.FsPermission)1
HBaseClassTestRule (org.apache.hadoop.hbase.HBaseClassTestRule)1
HBaseTestingUtil (org.apache.hadoop.hbase.HBaseTestingUtil)1
TableName (org.apache.hadoop.hbase.TableName)1
ColumnFamilyDescriptorBuilder (org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder)1
Connection (org.apache.hadoop.hbase.client.Connection)1
ConnectionFactory (org.apache.hadoop.hbase.client.ConnectionFactory)1
Put (org.apache.hadoop.hbase.client.Put)1
