Search in sources :

Example 21 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabelsWithACL method testLabelsTableOpsWithDifferentUsers.

@Test
public void testLabelsTableOpsWithDifferentUsers() throws Throwable {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" });
            } catch (Throwable e) {
            }
            return null;
        }
    };
    VisibilityLabelsResponse response = NORMAL_USER1.runAs(action);
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
    action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
            } catch (Throwable e) {
            }
            return null;
        }
    };
    response = NORMAL_USER1.runAs(action);
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
    action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
            } catch (Throwable e) {
            }
            return null;
        }
    };
    response = SUPERUSER.runAs(action);
    assertTrue(response.getResult(0).getException().getValue().isEmpty());
    assertTrue(response.getResult(1).getException().getValue().isEmpty());
    action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
            } catch (Throwable e) {
            }
            return null;
        }
    };
    response = NORMAL_USER1.runAs(action);
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
    assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
    response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user1");
    assertTrue(response.getResult(0).getException().getValue().isEmpty());
    assertTrue(response.getResult(1).getException().getValue().isEmpty());
    VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user3");
    PrivilegedExceptionAction<GetAuthsResponse> action1 = new PrivilegedExceptionAction<GetAuthsResponse>() {

        public GetAuthsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.getAuths(conn, "user3");
            } catch (Throwable e) {
            }
            return null;
        }
    };
    GetAuthsResponse authsResponse = NORMAL_USER1.runAs(action1);
    assertNull(authsResponse);
    authsResponse = SUPERUSER.runAs(action1);
    List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
    for (ByteString authBS : authsResponse.getAuthList()) {
        authsList.add(Bytes.toString(authBS.toByteArray()));
    }
    assertEquals(2, authsList.size());
    assertTrue(authsList.contains(CONFIDENTIAL));
    assertTrue(authsList.contains(PRIVATE));
}
Also used : GetAuthsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) ByteString(com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(com.google.protobuf.ByteString) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) IOException(java.io.IOException) Test(org.junit.Test)

Example 22 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityWithCheckAuths method testVerifyAccessDeniedForInvalidUserAuths.

@Test
public void testVerifyAccessDeniedForInvalidUserAuths() throws Exception {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { TOPSECRET }, USER.getShortName());
            } catch (Throwable e) {
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    Admin hBaseAdmin = TEST_UTIL.getAdmin();
    HColumnDescriptor colDesc = new HColumnDescriptor(fam);
    colDesc.setMaxVersions(5);
    HTableDescriptor desc = new HTableDescriptor(tableName);
    desc.addFamily(colDesc);
    hBaseAdmin.createTable(desc);
    try {
        TEST_UTIL.getAdmin().flush(tableName);
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Put p = new Put(row1);
                    p.setCellVisibility(new CellVisibility(PUBLIC + "&" + TOPSECRET));
                    p.addColumn(fam, qual, 125l, value);
                    table.put(p);
                    Assert.fail("Testcase should fail with AccesDeniedException");
                } catch (Throwable t) {
                    assertTrue(t.getMessage().contains("AccessDeniedException"));
                }
                return null;
            }
        };
        USER.runAs(actiona);
    } catch (Exception e) {
        throw new IOException(e);
    }
}
Also used : Table(org.apache.hadoop.hbase.client.Table) HColumnDescriptor(org.apache.hadoop.hbase.HColumnDescriptor) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) Admin(org.apache.hadoop.hbase.client.Admin) Put(org.apache.hadoop.hbase.client.Put) IOException(java.io.IOException) HTableDescriptor(org.apache.hadoop.hbase.HTableDescriptor) TableName(org.apache.hadoop.hbase.TableName) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Example 23 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method testSpecificDeletesFollowedByDeleteFamily1.

@Test(timeout = 180000)
public void testSpecificDeletesFollowedByDeleteFamily1() throws Exception {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, SUPERUSER.getShortName());
            } catch (Throwable e) {
            }
            return null;
        }
    };
    VisibilityLabelsResponse response = SUPERUSER.runAs(action);
    final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
    try (Table table = doPuts(tableName)) {
        PrivilegedExceptionAction<Void> actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility("(" + CONFIDENTIAL + "&" + PRIVATE + ")|(" + TOPSECRET + "&" + SECRET + ")"));
                    d.addColumn(fam, qual);
                    table.delete(d);
                    d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(SECRET + "&" + TOPSECRET));
                    d.addFamilyVersion(fam, 125l);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        TEST_UTIL.getAdmin().flush(tableName);
        Scan s = new Scan();
        s.setMaxVersions(5);
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET));
        ResultScanner scanner = table.getScanner(s);
        Result[] next = scanner.next(5);
        assertTrue(next.length == 2);
        CellScanner cellScanner = next[0].cellScanner();
        cellScanner.advance();
        Cell current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        assertEquals(current.getTimestamp(), 126l);
        cellScanner.advance();
        current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        assertEquals(current.getTimestamp(), 124l);
        cellScanner.advance();
        current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        assertEquals(current.getTimestamp(), 123l);
        // Issue 2nd delete
        actiona = new PrivilegedExceptionAction<Void>() {

            @Override
            public Void run() throws Exception {
                try (Connection connection = ConnectionFactory.createConnection(conf);
                    Table table = connection.getTable(tableName)) {
                    Delete d = new Delete(row1);
                    d.setCellVisibility(new CellVisibility(CONFIDENTIAL));
                    d.addFamily(fam);
                    table.delete(d);
                } catch (Throwable t) {
                    throw new IOException(t);
                }
                return null;
            }
        };
        SUPERUSER.runAs(actiona);
        s = new Scan();
        s.setMaxVersions(5);
        s.setAuthorizations(new Authorizations(SECRET, PRIVATE, CONFIDENTIAL, TOPSECRET));
        scanner = table.getScanner(s);
        next = scanner.next(5);
        assertTrue(next.length == 2);
        cellScanner = next[0].cellScanner();
        cellScanner.advance();
        current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        assertEquals(current.getTimestamp(), 126l);
        cellScanner.advance();
        current = cellScanner.current();
        assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), row1, 0, row1.length));
        assertEquals(current.getTimestamp(), 124l);
    }
}
Also used : Delete(org.apache.hadoop.hbase.client.Delete) Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) CellScanner(org.apache.hadoop.hbase.CellScanner) InterruptedIOException(java.io.InterruptedIOException) IOException(java.io.IOException) RetriesExhaustedWithDetailsException(org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException) Result(org.apache.hadoop.hbase.client.Result) TableName(org.apache.hadoop.hbase.TableName) Scan(org.apache.hadoop.hbase.client.Scan) Cell(org.apache.hadoop.hbase.Cell) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Example 24 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabelsWithDeletes method setAuths.

private void setAuths() throws IOException, InterruptedException {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET, TOPSECRET }, SUPERUSER.getShortName());
            } catch (Throwable e) {
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)

Example 25 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestScannersWithLabels method createLabels.

private static void createLabels() throws IOException, InterruptedException {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        public VisibilityLabelsResponse run() throws Exception {
            String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.addLabels(conn, labels);
            } catch (Throwable t) {
                throw new IOException(t);
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)

Aggregations

VisibilityLabelsResponse (org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)26 IOException (java.io.IOException)21 Connection (org.apache.hadoop.hbase.client.Connection)21 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)20 ByteString (com.google.protobuf.ByteString)12 Test (org.junit.Test)10 Table (org.apache.hadoop.hbase.client.Table)9 ArrayList (java.util.ArrayList)7 RegionActionResult (org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)6 TableName (org.apache.hadoop.hbase.TableName)5 Result (org.apache.hadoop.hbase.client.Result)5 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)5 Scan (org.apache.hadoop.hbase.client.Scan)5 GetAuthsResponse (org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)4 InterruptedIOException (java.io.InterruptedIOException)3 Cell (org.apache.hadoop.hbase.Cell)3 CellScanner (org.apache.hadoop.hbase.CellScanner)3 DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)3 Put (org.apache.hadoop.hbase.client.Put)3 OperationStatus (org.apache.hadoop.hbase.regionserver.OperationStatus)3