Examples with NamespacePermission - org.apache.hadoop.hbase.security.access.NamespacePermission

Example 1 with NamespacePermission

use of org.apache.hadoop.hbase.security.access.NamespacePermission in project ranger by apache.

the class HBaseRangerAuthorizationTest method testGetUserPermission.

@Test
public void testGetUserPermission() throws Throwable {
    final Configuration conf = HBaseConfiguration.create();
    conf.set("hbase.zookeeper.quorum", "localhost");
    conf.set("hbase.zookeeper.property.clientPort", "" + port);
    conf.set("zookeeper.znode.parent", "/hbase-unsecure");
    String user = "IT";
    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" });
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                AccessControlClient.getUserPermissions(conn, "temp");
                Assert.fail();
            } catch (Throwable e) {
            // expected
            }
            return null;
        }
    });
    user = "QA";
    ugi = UserGroupInformation.createUserForTesting(user, new String[] { "QA" });
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            List<UserPermission> userPermissions;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                userPermissions = AccessControlClient.getUserPermissions(conn, "@test_namespace");
            } catch (Throwable e) {
                throw new Exception(e);
            }
            boolean found = false;
            for (UserPermission namespacePermission : userPermissions) {
                if (namespacePermission.getPermission() instanceof NamespacePermission) {
                    found = StringUtils.equals(namespacePermission.getUser(), "@QA");
                    if (found) {
                        break;
                    }
                }
            }
            Assert.assertTrue("QA is not found", found);
            return null;
        }
    });
    List<UserPermission> userPermissions;
    try (Connection conn = ConnectionFactory.createConnection(conf)) {
        userPermissions = AccessControlClient.getUserPermissions(conn, "temp5");
    } catch (Throwable e) {
        throw new Exception(e);
    }
    UserPermission userPermission = new UserPermission("@IT", Permission.newBuilder(TableName.valueOf("temp5")).withActions(Permission.Action.READ, Permission.Action.WRITE, Permission.Action.EXEC).build());
    Assert.assertTrue("@IT permission should be there", userPermissions.contains(userPermission));
}

Also used : Configuration(org.apache.hadoop.conf.Configuration) HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration) Connection(org.apache.hadoop.hbase.client.Connection) List(java.util.List) IOException(java.io.IOException) NamespacePermission(org.apache.hadoop.hbase.security.access.NamespacePermission) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) UserPermission(org.apache.hadoop.hbase.security.access.UserPermission) Test(org.junit.Test)

Aggregations

IOException (java.io.IOException)1 List (java.util.List)1 Configuration (org.apache.hadoop.conf.Configuration)1 HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)1 Connection (org.apache.hadoop.hbase.client.Connection)1 NamespacePermission (org.apache.hadoop.hbase.security.access.NamespacePermission)1 UserPermission (org.apache.hadoop.hbase.security.access.UserPermission)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 Test (org.junit.Test)1