use of org.apache.hadoop.hbase.security.access.Permission in project hbase by apache.
the class TestAsyncAccessControlAdminApi method test.
@Test
public void test() throws Exception {
TableName tableName = TableName.valueOf("test-table");
String userName1 = "user1";
String userName2 = "user2";
User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
Permission permission = Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
UserPermission userPermission = new UserPermission(userName1, permission);
// grant user1 table permission
admin.grant(userPermission, false).get();
// get table permissions
List<UserPermission> userPermissions = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
assertEquals(1, userPermissions.size());
assertEquals(userPermission, userPermissions.get(0));
// get table permissions
userPermissions = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build()).get();
assertEquals(1, userPermissions.size());
assertEquals(userPermission, userPermissions.get(0));
userPermissions = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build()).get();
assertEquals(0, userPermissions.size());
// has user permission
List<Permission> permissions = Lists.newArrayList(permission);
boolean hasPermission = admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
assertTrue(hasPermission);
hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
assertFalse(hasPermission);
AccessTestAction hasPermissionAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
try (AsyncConnection conn = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
}
}
};
try {
user2.runAs(hasPermissionAction);
fail("Should not come here");
} catch (Exception e) {
LOG.error("Call has permission error", e);
}
// check permission
admin.hasUserPermissions(permissions);
AccessTestAction checkPermissionsAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
try (AsyncConnection conn = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
}
}
};
assertFalse((Boolean) user2.runAs(checkPermissionsAction));
}
use of org.apache.hadoop.hbase.security.access.Permission in project hbase by apache.
the class RestoreSnapshotHelper method restoreSnapshotAcl.
public static void restoreSnapshotAcl(SnapshotDescription snapshot, TableName newTableName, Configuration conf) throws IOException {
if (snapshot.hasUsersAndPermissions() && snapshot.getUsersAndPermissions() != null) {
LOG.info("Restore snapshot acl to table. snapshot: " + snapshot + ", table: " + newTableName);
ListMultimap<String, Permission> perms = ShadedAccessControlUtil.toUserTablePermissions(snapshot.getUsersAndPermissions());
try (Connection conn = ConnectionFactory.createConnection(conf)) {
for (Entry<String, Permission> e : perms.entries()) {
String user = e.getKey();
TablePermission tablePerm = (TablePermission) e.getValue();
AccessControlClient.grant(conn, newTableName, user, tablePerm.getFamily(), tablePerm.getQualifier(), tablePerm.getActions());
}
} catch (Throwable e) {
throw new IOException("Grant acl into newly creatd table failed. snapshot: " + snapshot + ", table: " + newTableName, e);
}
}
}
use of org.apache.hadoop.hbase.security.access.Permission in project hbase by apache.
the class MasterRpcServices method hasUserPermissions.
@Override
public HasUserPermissionsResponse hasUserPermissions(RpcController controller, HasUserPermissionsRequest request) throws ServiceException {
try {
server.checkInitialized();
if (server.cpHost != null && hasAccessControlServiceCoprocessor(server.cpHost)) {
User caller = RpcServer.getRequestUser().orElse(null);
String userName = request.hasUserName() ? request.getUserName().toStringUtf8() : caller.getShortName();
List<Permission> permissions = new ArrayList<>();
for (int i = 0; i < request.getPermissionCount(); i++) {
permissions.add(ShadedAccessControlUtil.toPermission(request.getPermission(i)));
}
server.getMasterCoprocessorHost().preHasUserPermissions(userName, permissions);
if (!caller.getShortName().equals(userName)) {
List<String> groups = AccessChecker.getUserGroups(userName);
caller = new InputUser(userName, groups.toArray(new String[groups.size()]));
}
List<Boolean> hasUserPermissions = new ArrayList<>();
if (getAccessChecker() != null) {
for (Permission permission : permissions) {
boolean hasUserPermission = getAccessChecker().hasUserPermission(caller, "hasUserPermissions", permission);
hasUserPermissions.add(hasUserPermission);
}
} else {
for (int i = 0; i < permissions.size(); i++) {
hasUserPermissions.add(true);
}
}
server.getMasterCoprocessorHost().postHasUserPermissions(userName, permissions);
HasUserPermissionsResponse.Builder builder = HasUserPermissionsResponse.newBuilder().addAllHasUserPermission(hasUserPermissions);
return builder.build();
} else {
throw new DoNotRetryIOException(new UnsupportedOperationException(AccessController.class.getName() + " is not loaded"));
}
} catch (IOException ioe) {
throw new ServiceException(ioe);
}
}
use of org.apache.hadoop.hbase.security.access.Permission in project hbase by apache.
the class TestScan method testScanCopyConstructor.
@Test
public void testScanCopyConstructor() throws Exception {
Scan scan = new Scan();
scan.addColumn(Bytes.toBytes("cf"), Bytes.toBytes("q")).setACL("test_user", new Permission(Permission.Action.READ)).setAllowPartialResults(true).setAsyncPrefetch(false).setAttribute("test_key", Bytes.toBytes("test_value")).setAuthorizations(new Authorizations("test_label")).setBatch(10).setCacheBlocks(false).setCaching(10).setConsistency(Consistency.TIMELINE).setFilter(new FilterList()).setId("scan_copy_constructor").setIsolationLevel(IsolationLevel.READ_COMMITTED).setLimit(100).setLoadColumnFamiliesOnDemand(false).setMaxResultSize(100).setMaxResultsPerColumnFamily(1000).readVersions(9999).setMvccReadPoint(5).setNeedCursorResult(true).setPriority(1).setRaw(true).setReplicaId(3).setReversed(true).setRowOffsetPerColumnFamily(5).setRowPrefixFilter(Bytes.toBytes("row_")).setScanMetricsEnabled(true).setReadType(ReadType.STREAM).withStartRow(Bytes.toBytes("row_1")).withStopRow(Bytes.toBytes("row_2")).setTimeRange(0, 13);
// create a copy of existing scan object
Scan scanCopy = new Scan(scan);
// validate fields of copied scan object match with the original scan object
assertEquals(scan.getACL(), scanCopy.getACL());
assertEquals(scan.getAllowPartialResults(), scanCopy.getAllowPartialResults());
assertEquals(scan.getAttribute("test_key"), scanCopy.getAttribute("test_key"));
assertEquals(scan.getAttributeSize(), scanCopy.getAttributeSize());
assertEquals(scan.getAttributesMap(), scanCopy.getAttributesMap());
assertEquals(scan.getAuthorizations().getLabels(), scanCopy.getAuthorizations().getLabels());
assertEquals(scan.getBatch(), scanCopy.getBatch());
assertEquals(scan.getCacheBlocks(), scanCopy.getCacheBlocks());
assertEquals(scan.getCaching(), scanCopy.getCaching());
assertEquals(scan.getConsistency(), scanCopy.getConsistency());
assertEquals(scan.getFamilies().length, scanCopy.getFamilies().length);
assertEquals(scan.getFamilies()[0], scanCopy.getFamilies()[0]);
assertEquals(scan.getFamilyMap(), scanCopy.getFamilyMap());
assertEquals(scan.getFilter(), scanCopy.getFilter());
assertEquals(scan.getId(), scanCopy.getId());
assertEquals(scan.getIsolationLevel(), scanCopy.getIsolationLevel());
assertEquals(scan.getLimit(), scanCopy.getLimit());
assertEquals(scan.getLoadColumnFamiliesOnDemandValue(), scanCopy.getLoadColumnFamiliesOnDemandValue());
assertEquals(scan.getMaxResultSize(), scanCopy.getMaxResultSize());
assertEquals(scan.getMaxResultsPerColumnFamily(), scanCopy.getMaxResultsPerColumnFamily());
assertEquals(scan.getMaxVersions(), scanCopy.getMaxVersions());
assertEquals(scan.getMvccReadPoint(), scanCopy.getMvccReadPoint());
assertEquals(scan.getPriority(), scanCopy.getPriority());
assertEquals(scan.getReadType(), scanCopy.getReadType());
assertEquals(scan.getReplicaId(), scanCopy.getReplicaId());
assertEquals(scan.getRowOffsetPerColumnFamily(), scanCopy.getRowOffsetPerColumnFamily());
assertEquals(scan.getStartRow(), scanCopy.getStartRow());
assertEquals(scan.getStopRow(), scanCopy.getStopRow());
assertEquals(scan.getTimeRange(), scanCopy.getTimeRange());
assertTrue("Make sure copy constructor adds all the fields in the copied object", EqualsBuilder.reflectionEquals(scan, scanCopy));
}
Aggregations