Examples with BlockingRpcChannel org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel used on opensource projects

Search in sources :

Example 6 with BlockingRpcChannel

use of org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel in project hbase by apache.

the class TestAccessController method testHasPermission.

@Test
public void testHasPermission() throws Throwable {
    Connection conn = null;
    try {
        conn = ConnectionFactory.createConnection(conf);
        // Create user and set namespace ACL
        User user1 = User.createUserForTesting(conf, "testHasPermissionUser1", new String[0]);
        // Grant namespace permission
        grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conn, user1.getShortName(), NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ);
        // Create user and set table ACL
        User user2 = User.createUserForTesting(conf, "testHasPermissionUser2", new String[0]);
        // Grant namespace permission
        grantOnTableUsingAccessControlClient(TEST_UTIL, conn, user2.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, Permission.Action.READ, Permission.Action.WRITE);
        // Verify action privilege
        AccessTestAction hasPermissionActionCP = new AccessTestAction() {

            @Override
            public Object run() throws Exception {
                try (Connection conn = ConnectionFactory.createConnection(conf);
                    Table acl = conn.getTable(PermissionStorage.ACL_TABLE_NAME)) {
                    BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
                    AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service);
                    Permission.Action[] actions = { Permission.Action.READ, Permission.Action.WRITE };
                    AccessControlUtil.hasPermission(null, protocol, TEST_TABLE, TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, "dummy", actions);
                }
                return null;
            }
        };
        AccessTestAction hasPermissionAction = new AccessTestAction() {

            @Override
            public Object run() throws Exception {
                try (Connection conn = ConnectionFactory.createConnection(conf)) {
                    Permission.Action[] actions = { Permission.Action.READ, Permission.Action.WRITE };
                    conn.getAdmin().hasUserPermissions("dummy", Arrays.asList(Permission.newBuilder(TEST_TABLE).withFamily(TEST_FAMILY).withQualifier(HConstants.EMPTY_BYTE_ARRAY).withActions(actions).build()));
                }
                return null;
            }
        };
        verifyAllowed(hasPermissionActionCP, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER, USER_ADMIN_CF, user1);
        verifyDenied(hasPermissionActionCP, USER_CREATE, USER_RW, USER_RO, USER_NONE, user2);
        verifyAllowed(hasPermissionAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER, USER_ADMIN_CF, user1);
        verifyDenied(hasPermissionAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, user2);
        // Check for global user
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN.getShortName(), Permission.Action.READ, Permission.Action.WRITE, Permission.Action.CREATE, Permission.Action.ADMIN));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN.getShortName(), Permission.Action.READ, Permission.Action.WRITE, Permission.Action.CREATE, Permission.Action.ADMIN, Permission.Action.EXEC));
        // Check for namespace access user
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, user1.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, user1.getShortName(), Permission.Action.ADMIN, Permission.Action.READ, Permission.Action.EXEC));
        // Check for table owner
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_OWNER.getShortName(), Permission.Action.READ, Permission.Action.WRITE, Permission.Action.EXEC, Permission.Action.CREATE, Permission.Action.ADMIN));
        // Check for table user
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_CREATE.getShortName(), Permission.Action.READ, Permission.Action.WRITE));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_RO.getShortName(), Permission.Action.READ, Permission.Action.WRITE));
        // Check for family access user
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, USER_RO.getShortName(), Permission.Action.READ));
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, USER_RW.getShortName(), Permission.Action.READ, Permission.Action.WRITE));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE));
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(), Permission.Action.READ));
        // Check for qualifier access user
        assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, TEST_QUALIFIER, user2.getShortName(), Permission.Action.READ, Permission.Action.WRITE));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY, TEST_QUALIFIER, user2.getShortName(), Permission.Action.EXEC, Permission.Action.READ));
        assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, TEST_QUALIFIER, USER_RW.getShortName(), Permission.Action.WRITE, Permission.Action.READ));
        // exception scenarios
        try {
            // test case with table name as null
            assertTrue(AccessControlClient.hasPermission(conn, null, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, null, Permission.Action.READ));
            fail("this should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException ex) {
        // expected
        }
        try {
            // test case with username as null
            assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, null, Permission.Action.READ));
            fail("this should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException ex) {
        // expected
        }
        revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conn, user1.getShortName(), NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ);
        revokeFromTableUsingAccessControlClient(TEST_UTIL, conn, user2.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_QUALIFIER, Permission.Action.READ, Permission.Action.WRITE);
    } finally {
        if (conn != null) {
            conn.close();
        }
    }
}
Also used : PrivilegedAction(java.security.PrivilegedAction) Action(org.apache.hadoop.hbase.security.access.Permission.Action) User(org.apache.hadoop.hbase.security.User) Table(org.apache.hadoop.hbase.client.Table) AccessControlService(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.AccessControlService) Connection(org.apache.hadoop.hbase.client.Connection) BlockingRpcChannel(org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel) Test(org.junit.Test)

Example 7 with BlockingRpcChannel

use of org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel in project hbase by apache.

the class TestNamespaceCommands method testGrantRevoke.

@SuppressWarnings("checkstyle:MethodLength")
@Test
public void testGrantRevoke() throws Exception {
    final String testUser = "testUser";
    // Set this else in test context, with limit on the number of threads for
    // netty eventloopgroup, we can run out of threads if one group used throughout.
    NettyRpcClientConfigHelper.createEventLoopPerClient(conf);
    // Test if client API actions are authorized
    AccessTestAction grantAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                connection.getAdmin().grant(new UserPermission(testUser, Permission.newBuilder(TEST_NAMESPACE).withActions(Action.WRITE).build()), false);
            }
            return null;
        }
    };
    AccessTestAction grantNamespaceAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                conn.getAdmin().grant(new UserPermission(USER_GROUP_NS_ADMIN.getShortName(), Permission.newBuilder(TEST_NAMESPACE).withActions(Action.READ).build()), false);
            }
            return null;
        }
    };
    AccessTestAction revokeAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                connection.getAdmin().revoke(new UserPermission(testUser, Permission.newBuilder(TEST_NAMESPACE).withActions(Action.WRITE).build()));
            }
            return null;
        }
    };
    AccessTestAction revokeNamespaceAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                connection.getAdmin().revoke(new UserPermission(USER_GROUP_NS_ADMIN.getShortName(), Permission.newBuilder(TEST_NAMESPACE).withActions(Action.READ).build()));
            }
            return null;
        }
    };
    AccessTestAction getPermissionsAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf)) {
                connection.getAdmin().getUserPermissions(GetUserPermissionsRequest.newBuilder(TEST_NAMESPACE).build());
            }
            return null;
        }
    };
    AccessTestAction preGrantAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preGrant(ObserverContextImpl.createAndPrepare(CP_ENV), new UserPermission(testUser, Permission.newBuilder(TEST_NAMESPACE).withActions(Action.WRITE).build()), false);
            return null;
        }
    };
    AccessTestAction preRevokeAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            ACCESS_CONTROLLER.preRevoke(ObserverContextImpl.createAndPrepare(CP_ENV), new UserPermission(testUser, Permission.newBuilder(TEST_NAMESPACE).withActions(Action.WRITE).build()));
            return null;
        }
    };
    AccessTestAction grantCPAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table acl = connection.getTable(PermissionStorage.ACL_TABLE_NAME)) {
                BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
                AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service);
                AccessControlUtil.grant(null, protocol, testUser, TEST_NAMESPACE, false, Action.WRITE);
            }
            return null;
        }
    };
    AccessTestAction revokeCPAction = new AccessTestAction() {

        @Override
        public Object run() throws Exception {
            try (Connection connection = ConnectionFactory.createConnection(conf);
                Table acl = connection.getTable(PermissionStorage.ACL_TABLE_NAME)) {
                BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
                AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service);
                AccessControlUtil.revoke(null, protocol, testUser, TEST_NAMESPACE, Action.WRITE);
            }
            return null;
        }
    };
    verifyAllowed(grantAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(grantAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(grantNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
    verifyDenied(grantNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(revokeAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(revokeAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(revokeNamespaceAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN, USER_GROUP_NS_ADMIN);
    verifyDenied(revokeNamespaceAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(getPermissionsAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);
    verifyDenied(getPermissionsAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(preGrantAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(preGrantAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(preRevokeAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(preRevokeAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(grantCPAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(grantCPAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
    verifyAllowed(revokeCPAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_GROUP_ADMIN, USER_NS_ADMIN);
    verifyDenied(revokeCPAction, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, USER_GLOBAL_EXEC, USER_NS_CREATE, USER_NS_WRITE, USER_NS_READ, USER_NS_EXEC, USER_TABLE_CREATE, USER_TABLE_WRITE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
}
Also used : Table(org.apache.hadoop.hbase.client.Table) AccessControlService(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.AccessControlService) Connection(org.apache.hadoop.hbase.client.Connection) BlockingRpcChannel(org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel) Test(org.junit.Test)

Aggregations

BlockingRpcChannel (org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel)7 Test (org.junit.Test)6 Table (org.apache.hadoop.hbase.client.Table)5 Connection (org.apache.hadoop.hbase.client.Connection)4 AccessControlService (org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.AccessControlService)4 User (org.apache.hadoop.hbase.security.User)3 IOException (java.io.IOException)2 ServerName (org.apache.hadoop.hbase.ServerName)2 ServiceException (org.apache.hbase.thirdparty.com.google.protobuf.ServiceException)2 PrivilegedAction (java.security.PrivilegedAction)1 FsPermission (org.apache.hadoop.fs.permission.FsPermission)1 DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)1 ServerNotRunningYetException (org.apache.hadoop.hbase.ipc.ServerNotRunningYetException)1 HRegion (org.apache.hadoop.hbase.regionserver.HRegion)1 HRegionServer (org.apache.hadoop.hbase.regionserver.HRegionServer)1 Action (org.apache.hadoop.hbase.security.access.Permission.Action)1 CheckPermissionsRequest (org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.CheckPermissionsRequest)1 LockService (org.apache.hadoop.hbase.shaded.protobuf.generated.LockServiceProtos.LockService)1 RegionServerStatusService (org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.RegionServerStatusService)1 JVMClusterUtil (org.apache.hadoop.hbase.util.JVMClusterUtil)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial