Search in sources :

Example 6 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class VisibilityLabelsWithDeletesTestBase method setAuths.

protected final void setAuths() throws IOException, InterruptedException {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET, TOPSECRET }, SUPERUSER.getShortName());
            } catch (Throwable e) {
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)

Example 7 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class VisibilityLabelsWithDeletesTestBase method addLabels.

public static void addLabels() throws Exception {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.addLabels(conn, labels);
            } catch (Throwable t) {
                throw new IOException(t);
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)

Example 8 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabels method testClearUserAuths.

@Test
public void testClearUserAuths() throws Throwable {
    PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            String[] auths = { SECRET, CONFIDENTIAL, PRIVATE };
            String user = "testUser";
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.setAuths(conn, auths, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            // Removing the auths for SECRET and CONFIDENTIAL for the user.
            // Passing a non existing auth also.
            auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL };
            VisibilityLabelsResponse response = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                response = VisibilityClient.clearAuths(conn, auths, user);
            } catch (Throwable e) {
                fail("Should not have failed");
            }
            List<RegionActionResult> resultList = response.getResultList();
            assertEquals(3, resultList.size());
            assertTrue(resultList.get(0).getException().getValue().isEmpty());
            assertEquals("org.apache.hadoop.hbase.DoNotRetryIOException", resultList.get(1).getException().getName());
            assertTrue(Bytes.toString(resultList.get(1).getException().getValue().toByteArray()).contains("org.apache.hadoop.hbase.security.visibility.InvalidLabelException: " + "Label 'public' is not set for the user testUser"));
            assertTrue(resultList.get(2).getException().getValue().isEmpty());
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table ht = connection.getTable(LABELS_TABLE_NAME)) {
                ResultScanner scanner = ht.getScanner(new Scan());
                Result result = null;
                List<Result> results = new ArrayList<>();
                while ((result = scanner.next()) != null) {
                    results.add(result);
                }
                List<String> curAuths = extractAuths(user, results);
                assertTrue(curAuths.contains(PRIVATE));
                assertEquals(1, curAuths.size());
            }
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                authsResponse = VisibilityClient.getAuths(conn, user);
            } catch (Throwable e) {
                throw new IOException(e);
            }
            List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
            for (ByteString authBS : authsResponse.getAuthList()) {
                authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            assertEquals(1, authsList.size());
            assertTrue(authsList.contains(PRIVATE));
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) ResultScanner(org.apache.hadoop.hbase.client.ResultScanner) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) Connection(org.apache.hadoop.hbase.client.Connection) ArrayList(java.util.ArrayList) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) IOException(java.io.IOException) RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult) Result(org.apache.hadoop.hbase.client.Result) RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult) GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse) Scan(org.apache.hadoop.hbase.client.Scan) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) Test(org.junit.Test)

Example 9 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabels method addLabels.

public static void addLabels() throws Exception {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT, UNICODE_VIS_TAG, UC1, UC2 };
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                VisibilityClient.addLabels(conn, labels);
            } catch (Throwable t) {
                throw new IOException(t);
            }
            return null;
        }
    };
    SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) IOException(java.io.IOException) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)

Example 10 with VisibilityLabelsResponse

use of org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse in project hbase by apache.

the class TestVisibilityLabelsReplication method setAuths.

public static void setAuths(final Configuration conf) throws Exception {
    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {

        @Override
        public VisibilityLabelsResponse run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                return VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1");
            } catch (Throwable e) {
                throw new Exception(e);
            }
        }
    };
    VisibilityLabelsResponse response = SUPERUSER.runAs(action);
}
Also used : Connection(org.apache.hadoop.hbase.client.Connection) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse) IOException(java.io.IOException)

Aggregations

VisibilityLabelsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)25 IOException (java.io.IOException)22 Connection (org.apache.hadoop.hbase.client.Connection)20 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)19 ByteString (org.apache.hbase.thirdparty.com.google.protobuf.ByteString)12 Test (org.junit.Test)10 Table (org.apache.hadoop.hbase.client.Table)9 ArrayList (java.util.ArrayList)7 RegionActionResult (org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult)6 TableName (org.apache.hadoop.hbase.TableName)5 Result (org.apache.hadoop.hbase.client.Result)5 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)5 Scan (org.apache.hadoop.hbase.client.Scan)5 GetAuthsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)4 Cell (org.apache.hadoop.hbase.Cell)3 CellScanner (org.apache.hadoop.hbase.CellScanner)3 DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)3 Put (org.apache.hadoop.hbase.client.Put)3 OperationStatus (org.apache.hadoop.hbase.regionserver.OperationStatus)3 AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)3