Examples with LockProcedure - org.apache.hadoop.hbase.master.locking.LockProcedure

Example 11 with LockProcedure

use of org.apache.hadoop.hbase.master.locking.LockProcedure in project hbase by apache.

the class TestAccessController method testRemoteLocks.

@Test
public void testRemoteLocks() throws Exception {
    String namespace = "preQueueNs";
    final TableName tableName = TableName.valueOf(namespace, name.getMethodName());
    RegionInfo[] regionInfos = new RegionInfo[] { RegionInfoBuilder.newBuilder(tableName).build() };
    // Setup Users
    // User will be granted ADMIN and CREATE on namespace. Should be denied before grant.
    User namespaceUser = User.createUserForTesting(conf, "qLNSUser", new String[0]);
    // User will be granted ADMIN and CREATE on table. Should be denied before grant.
    User tableACUser = User.createUserForTesting(conf, "qLTableACUser", new String[0]);
    // User will be granted READ, WRITE, EXECUTE on table. Should be denied.
    User tableRWXUser = User.createUserForTesting(conf, "qLTableRWXUser", new String[0]);
    grantOnTable(TEST_UTIL, tableRWXUser.getShortName(), tableName, null, null, Action.READ, Action.WRITE, Action.EXEC);
    // User with global READ, WRITE, EXECUTE should be denied lock access.
    User globalRWXUser = User.createUserForTesting(conf, "qLGlobalRWXUser", new String[0]);
    grantGlobal(TEST_UTIL, globalRWXUser.getShortName(), Action.READ, Action.WRITE, Action.EXEC);
    AccessTestAction namespaceLockAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV), namespace, null, null, null);
            return null;
        }
    };
    verifyAllowed(namespaceLockAction, SUPERUSER, USER_ADMIN);
    verifyDenied(namespaceLockAction, globalRWXUser, tableACUser, namespaceUser, tableRWXUser);
    grantOnNamespace(TEST_UTIL, namespaceUser.getShortName(), namespace, Action.ADMIN);
    // Why I need this pause? I don't need it elsewhere.
    Threads.sleep(1000);
    verifyAllowed(namespaceLockAction, namespaceUser);
    AccessTestAction tableLockAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV), null, tableName, null, null);
            return null;
        }
    };
    verifyAllowed(tableLockAction, SUPERUSER, USER_ADMIN, namespaceUser);
    verifyDenied(tableLockAction, globalRWXUser, tableACUser, tableRWXUser);
    grantOnTable(TEST_UTIL, tableACUser.getShortName(), tableName, null, null, Action.ADMIN, Action.CREATE);
    // See if this can fail (flakie) because grant hasn't propagated yet.
    for (int i = 0; i < 10; i++) {
        try {
            verifyAllowed(tableLockAction, tableACUser);
        } catch (AssertionError e) {
            LOG.warn("Retrying assertion error", e);
            Threads.sleep(1000);
            continue;
        }
    }
    AccessTestAction regionsLockAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV), null, null, regionInfos, null);
            return null;
        }
    };
    verifyAllowed(regionsLockAction, SUPERUSER, USER_ADMIN, namespaceUser, tableACUser);
    verifyDenied(regionsLockAction, globalRWXUser, tableRWXUser);
    // Test heartbeats
    // Create a lock procedure and try sending heartbeat to it. It doesn't matter how the lock
    // was created, we just need namespace from the lock's tablename.
    LockProcedure proc = new LockProcedure(conf, tableName, LockType.EXCLUSIVE, "test", null);
    AccessTestAction regionLockHeartbeatAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preLockHeartbeat(ObserverContextImpl.createAndPrepare(CP_ENV), proc.getTableName(), proc.getDescription());
            return null;
        }
    };
    verifyAllowed(regionLockHeartbeatAction, SUPERUSER, USER_ADMIN, namespaceUser, tableACUser);
    verifyDenied(regionLockHeartbeatAction, globalRWXUser, tableRWXUser);
}

Also used : TableName(org.apache.hadoop.hbase.TableName) LockProcedure(org.apache.hadoop.hbase.master.locking.LockProcedure) User(org.apache.hadoop.hbase.security.User) RegionInfo(org.apache.hadoop.hbase.client.RegionInfo) Test(org.junit.Test)

Aggregations

LockProcedure (org.apache.hadoop.hbase.master.locking.LockProcedure)11 Test (org.junit.Test)8 LockedResource (org.apache.hadoop.hbase.procedure2.LockedResource)7 TableName (org.apache.hadoop.hbase.TableName)3 Procedure (org.apache.hadoop.hbase.procedure2.Procedure)3 RegionInfo (org.apache.hadoop.hbase.client.RegionInfo)2 LockType (org.apache.hadoop.hbase.procedure2.LockType)2 IOException (java.io.IOException)1 UncheckedIOException (java.io.UncheckedIOException)1 Field (java.lang.reflect.Field)1 Method (java.lang.reflect.Method)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Function (java.util.function.Function)1 HBaseClassTestRule (org.apache.hadoop.hbase.HBaseClassTestRule)1 HBaseTestingUtil (org.apache.hadoop.hbase.HBaseTestingUtil)1 ProcedureInfo (org.apache.hadoop.hbase.ProcedureInfo)1 ServerName (org.apache.hadoop.hbase.ServerName)1