Examples with GetAuthsResponse org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse used on opensource projects

Search in sources :

Example 1 with GetAuthsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse in project hbase by apache.

the class TestVisibilityLabels method testClearUserAuths.

@Test
public void testClearUserAuths() throws Throwable {
    PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            String[] auths = { SECRET, CONFIDENTIAL, PRIVATE };
            String user = "testUser";
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, auths, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            // Removing the auths for SECRET and CONFIDENTIAL for the user.
            // Passing a non existing auth also.
            auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL };
            VisibilityLabelsResponse response = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                response = VisibilityClient.clearAuths(conn, auths, user);
            } catch (Throwable e) {
                fail("Should not have failed");
            }
            List<RegionActionResult> resultList = response.getResultList();
            assertEquals(3, resultList.size());
            assertTrue(resultList.get(0).getException().getValue().isEmpty());
            assertEquals("org.apache.hadoop.hbase.DoNotRetryIOException", resultList.get(1).getException().getName());
            assertTrue(Bytes.toString(resultList.get(1).getException().getValue().toByteArray()).contains("org.apache.hadoop.hbase.security.visibility.InvalidLabelException: " + "Label 'public' is not set for the user testUser"));
            assertTrue(resultList.get(2).getException().getValue().isEmpty());
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table ht = connection.getTable(LABELS_TABLE_NAME)) {
                ResultScanner scanner = ht.getScanner(new Scan());
                Result result = null;
                List<Result> results = new ArrayList<>();
                while ((result = scanner.next()) != null) {
                    results.add(result);
                }
                List<String> curAuths = extractAuths(user, results);
                assertTrue(curAuths.contains(PRIVATE));
                assertEquals(1, curAuths.size());
            }
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                authsResponse = VisibilityClient.getAuths(conn, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            assertEquals(1, authsList.size());
            assertTrue(authsList.contains(PRIVATE));
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) IOException(java.io.IOException) RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult) Result(org.apache.hadoop.hbase.client.Result) RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) Scan(org.apache.hadoop.hbase.client.Scan) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Example 2 with GetAuthsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse in project hbase by apache.

the class TestWithDisabledAuthorization method testManageUserAuths.

@Test
public void testManageUserAuths() throws Throwable {
    // Even though authorization is disabled, we should be able to manage user auths
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    PrivilegedExceptionAction<List<String>> getAuths = new PrivilegedExceptionAction<List<String>>() {

        @Override
        public List<String> run() throws Exception {
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                authsResponse = VisibilityClient.getAuths(conn, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            return authsList;
        }
    };
    List<String> authsList = SUPERUSER.runAs(getAuths);
    assertEquals(2, authsList.size());
    assertTrue(authsList.contains(SECRET));
    assertTrue(authsList.contains(CONFIDENTIAL));
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.clearAuths(conn, new String[] { SECRET }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(1, authsList.size());
    assertTrue(authsList.contains(CONFIDENTIAL));
    SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL }, USER_RW.getShortName());
            } catch (Throwable t) {
                fail("Should not have failed");
            }
            return null;
        }
    });
    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(0, authsList.size());
}
Also used : ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) ArrayList(java.util.ArrayList) List(java.util.List) Test(org.junit.Test)

Example 3 with GetAuthsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse in project hbase by apache.

the class VisibilityController method getAuths.

@Override
public synchronized void getAuths(RpcController controller, GetAuthsRequest request, RpcCallback<GetAuthsResponse> done) {
    GetAuthsResponse.Builder response = GetAuthsResponse.newBuilder();
    if (!initialized) {
        controller.setFailed("VisibilityController not yet initialized");
    } else {
        byte[] user = request.getUser().toByteArray();
        List<String> labels = null;
        try {
            // AccessController CP methods.
            if (authorizationEnabled && accessControllerAvailable && !isSystemOrSuperUser()) {
                User requestingUser = VisibilityUtils.getActiveUser();
                throw new AccessDeniedException("User '" + (requestingUser != null ? requestingUser.getShortName() : "null") + "' is not authorized to perform this action.");
            }
            if (AuthUtil.isGroupPrincipal(Bytes.toString(user))) {
                String group = AuthUtil.getGroupName(Bytes.toString(user));
                labels = this.visibilityLabelService.getGroupAuths(new String[] { group }, false);
            } else {
                labels = this.visibilityLabelService.getUserAuths(user, false);
            }
            logResult(true, "getAuths", "Get authorizations for user allowed", user, null, null);
        } catch (AccessDeniedException e) {
            logResult(false, "getAuths", e.getMessage(), user, null, null);
            CoprocessorRpcUtils.setControllerException(controller, e);
        } catch (IOException e) {
            CoprocessorRpcUtils.setControllerException(controller, e);
        }
        response.setUser(request.getUser());
        if (labels != null) {
            for (String label : labels) {
                response.addAuth(ByteString.copyFrom(Bytes.toBytes(label)));
            }
        }
    }
    done.run(response.build());
}
Also used : AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException) User(org.apache.hadoop.hbase.security.User) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException) IOException(java.io.IOException)

Example 4 with GetAuthsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse in project hbase by apache.

the class VisibilityClient method getAuths.

/**
 * @param connection the Connection instance to use.
 * @param user
 * @return labels, the given user is globally authorized for.
 * @throws Throwable
 */
public static GetAuthsResponse getAuths(Connection connection, final String user) throws Throwable {
    try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
        Batch.Call<VisibilityLabelsService, GetAuthsResponse> callable = new Batch.Call<VisibilityLabelsService, GetAuthsResponse>() {

            ServerRpcController controller = new ServerRpcController();

            CoprocessorRpcUtils.BlockingRpcCallback<GetAuthsResponse> rpcCallback = new CoprocessorRpcUtils.BlockingRpcCallback<>();

            @Override
            public GetAuthsResponse call(VisibilityLabelsService service) throws IOException {
                GetAuthsRequest.Builder getAuthReqBuilder = GetAuthsRequest.newBuilder();
                getAuthReqBuilder.setUser(UnsafeByteOperations.unsafeWrap(Bytes.toBytes(user)));
                service.getAuths(controller, getAuthReqBuilder.build(), rpcCallback);
                GetAuthsResponse response = rpcCallback.get();
                if (controller.failedOnException()) {
                    throw controller.getFailedOn();
                }
                return response;
            }
        };
        Map<byte[], GetAuthsResponse> result = table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable);
        // There will be exactly one region for labels
        return result.values().iterator().next();
    // table and so one entry in result Map.
    }
}
Also used : VisibilityLabelsService(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsService) Table(org.apache.hadoop.hbase.client.Table) GetAuthsRequest(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsRequest) ServerRpcController(org.apache.hadoop.hbase.ipc.ServerRpcController) CoprocessorRpcUtils(org.apache.hadoop.hbase.ipc.CoprocessorRpcUtils) Batch(org.apache.hadoop.hbase.client.coprocessor.Batch) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)

Example 5 with GetAuthsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse in project hbase by apache.

the class TestVisibilityLabels method testSetAndGetUserAuths.

@Test
public void testSetAndGetUserAuths() throws Throwable {
    final String user = "user1";
    PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            String[] auths = { SECRET, CONFIDENTIAL };
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, auths, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
    try (Table ht = TEST_UTIL.getConnection().getTable(LABELS_TABLE_NAME)) {
        Scan scan = new Scan();
        scan.setAuthorizations(new Authorizations(VisibilityUtils.SYSTEM_LABEL));
        ResultScanner scanner = ht.getScanner(scan);
        Result result = null;
        List<Result> results = new ArrayList<>();
        while ((result = scanner.next()) != null) {
            results.add(result);
        }
        List<String> auths = extractAuths(user, results);
        assertTrue(auths.contains(SECRET));
        assertTrue(auths.contains(CONFIDENTIAL));
        assertEquals(2, auths.size());
    }
    action = new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                authsResponse = VisibilityClient.getAuths(conn, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            assertEquals(2, authsList.size());
            assertTrue(authsList.contains(SECRET));
            assertTrue(authsList.contains(CONFIDENTIAL));
            return null;
        }
    };
    SUPERUSER.runAs(action);
    // Try doing setAuths once again and there should not be any duplicates
    action = new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            String[] auths1 = { SECRET, CONFIDENTIAL };
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, auths1, user);
                try {
                    authsResponse = VisibilityClient.getAuths(conn, user);
                } catch (Throwable e) {
                    throw new IOException(e);
                }
            } catch (Throwable e) {
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            assertEquals(2, authsList.size());
            assertTrue(authsList.contains(SECRET));
            assertTrue(authsList.contains(CONFIDENTIAL));
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) IOException(java.io.IOException) Result(org.apache.hadoop.hbase.client.Result) RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) Scan(org.apache.hadoop.hbase.client.Scan) List(java.util.List) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Aggregations

GetAuthsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)8 ByteString (org.apache.hbase.thirdparty.com.google.protobuf.ByteString)7 IOException (java.io.IOException)6 ArrayList (java.util.ArrayList)6 Connection (org.apache.hadoop.hbase.client.Connection)6 Test (org.junit.Test)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)5 Table (org.apache.hadoop.hbase.client.Table)4 VisibilityLabelsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)4 List (java.util.List)3 Result (org.apache.hadoop.hbase.client.Result)3 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)3 Scan (org.apache.hadoop.hbase.client.Scan)3 RegionActionResult (org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult)2 Cell (org.apache.hadoop.hbase.Cell)1 CellScanner (org.apache.hadoop.hbase.CellScanner)1 DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)1 TableName (org.apache.hadoop.hbase.TableName)1 Put (org.apache.hadoop.hbase.client.Put)1 Batch (org.apache.hadoop.hbase.client.coprocessor.Batch)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial