Examples with CheckPermissionsRequest org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest used on opensource projects

Search in sources :

Example 1 with CheckPermissionsRequest

use of org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest in project hbase by apache.

the class TestAccessController method testCheckPermissions.

@Test(timeout = 180000)
public void testCheckPermissions() throws Exception {
    // --------------------------------------
    // test global permissions
    AccessTestAction globalAdmin = new AccessTestAction() {

        @Override
        public Void run() throws Exception {
            checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN);
            return null;
        }
    };
    // verify that only superuser can admin
    verifyGlobal(globalAdmin);
    // --------------------------------------
    // test multiple permissions
    AccessTestAction globalReadWrite = new AccessTestAction() {

        @Override
        public Void run() throws Exception {
            checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE);
            return null;
        }
    };
    verifyGlobal(globalReadWrite);
    // --------------------------------------
    // table/column/qualifier level permissions
    final byte[] TEST_Q1 = Bytes.toBytes("q1");
    final byte[] TEST_Q2 = Bytes.toBytes("q2");
    User userTable = User.createUserForTesting(conf, "user_check_perms_table", new String[0]);
    User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);
    User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
    grantOnTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null, Permission.Action.READ);
    grantOnTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
    grantOnTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
    try {
        AccessTestAction tableRead = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);
                return null;
            }
        };
        AccessTestAction columnRead = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
                return null;
            }
        };
        AccessTestAction qualifierRead = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
                return null;
            }
        };
        AccessTestAction multiQualifierRead = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] { new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ), new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q2, Permission.Action.READ) });
                return null;
            }
        };
        AccessTestAction globalAndTableRead = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] { new Permission(Permission.Action.READ), new TablePermission(TEST_TABLE, null, (byte[]) null, Permission.Action.READ) });
                return null;
            }
        };
        AccessTestAction noCheck = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[0]);
                return null;
            }
        };
        verifyAllowed(tableRead, SUPERUSER, userTable);
        verifyDenied(tableRead, userColumn, userQualifier);
        verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
        verifyDenied(columnRead, userQualifier);
        verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);
        verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
        verifyDenied(multiQualifierRead, userQualifier);
        verifyAllowed(globalAndTableRead, SUPERUSER);
        verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);
        verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);
        // --------------------------------------
        // test family level multiple permissions
        AccessTestAction familyReadWrite = new AccessTestAction() {

            @Override
            public Void run() throws Exception {
                checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ, Permission.Action.WRITE);
                return null;
            }
        };
        verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
        verifyDenied(familyReadWrite, USER_NONE, USER_RO);
        // --------------------------------------
        // check for wrong table region
        CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder().addPermission(AccessControlProtos.Permission.newBuilder().setType(AccessControlProtos.Permission.Type.Table).setTablePermission(AccessControlProtos.TablePermission.newBuilder().setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE)).addAction(AccessControlProtos.Permission.Action.CREATE))).build();
        Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
        try {
            BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
            AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(channel);
            try {
                // but ask for TablePermissions for TEST_TABLE
                protocol.checkPermissions(null, checkRequest);
                fail("this should have thrown CoprocessorException");
            } catch (ServiceException ex) {
            // expected
            }
        } finally {
            acl.close();
        }
    } finally {
        revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null, Permission.Action.READ);
        revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
        revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
    }
}
Also used : User(org.apache.hadoop.hbase.security.User) Table(org.apache.hadoop.hbase.client.Table) AccessControlService(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService) ServiceException(com.google.protobuf.ServiceException) FsPermission(org.apache.hadoop.fs.permission.FsPermission) BlockingRpcChannel(com.google.protobuf.BlockingRpcChannel) CheckPermissionsRequest(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest) Test(org.junit.Test)

Aggregations

BlockingRpcChannel (com.google.protobuf.BlockingRpcChannel)1 ServiceException (com.google.protobuf.ServiceException)1 FsPermission (org.apache.hadoop.fs.permission.FsPermission)1 Table (org.apache.hadoop.hbase.client.Table)1 AccessControlService (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService)1 CheckPermissionsRequest (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest)1 User (org.apache.hadoop.hbase.security.User)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial