Example 31 with ByteString
use of org.apache.hbase.thirdparty.com.google.protobuf.ByteString in project hbase by apache.
the class TestPriorityRpc method testQosFunctionForMeta.
@Test
public void testQosFunctionForMeta() throws IOException {
RequestHeader.Builder headerBuilder = RequestHeader.newBuilder();
// create a rpc request that has references to hbase:meta region and also
// uses one of the known argument classes (known argument classes are
// listed in HRegionServer.QosFunctionImpl.knownArgumentClasses)
headerBuilder.setMethodName("foo");
GetRequest.Builder getRequestBuilder = GetRequest.newBuilder();
RegionSpecifier.Builder regionSpecifierBuilder = RegionSpecifier.newBuilder();
regionSpecifierBuilder.setType(RegionSpecifierType.REGION_NAME);
ByteString name = UnsafeByteOperations.unsafeWrap(RegionInfoBuilder.FIRST_META_REGIONINFO.getRegionName());
regionSpecifierBuilder.setValue(name);
RegionSpecifier regionSpecifier = regionSpecifierBuilder.build();
getRequestBuilder.setRegion(regionSpecifier);
Get.Builder getBuilder = Get.newBuilder();
getBuilder.setRow(UnsafeByteOperations.unsafeWrap(Bytes.toBytes("somerow")));
getRequestBuilder.setGet(getBuilder.build());
GetRequest getRequest = getRequestBuilder.build();
RequestHeader header = headerBuilder.build();
HRegion mockRegion = mock(HRegion.class);
RSRpcServices mockRpc = mock(RSRpcServices.class);
when(mockRpc.getConfiguration()).thenReturn(CONF);
RegionInfo mockRegionInfo = mock(RegionInfo.class);
when(mockRpc.getRegion(any())).thenReturn(mockRegion);
when(mockRegion.getRegionInfo()).thenReturn(mockRegionInfo);
when(mockRegionInfo.getTable()).thenReturn(RegionInfoBuilder.FIRST_META_REGIONINFO.getTable());
RSAnnotationReadingPriorityFunction qosFunc = new RSAnnotationReadingPriorityFunction(mockRpc);
assertEquals(HConstants.SYSTEMTABLE_QOS, qosFunc.getPriority(header, getRequest, createSomeUser()));
}
Also used :
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
RegionInfo(org.apache.hadoop.hbase.client.RegionInfo)
RegionSpecifier(org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.RegionSpecifier)
GetRequest(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.GetRequest)
Get(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.Get)
RequestHeader(org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.RequestHeader)
Test(org.junit.Test)
Example 32 with ByteString
use of org.apache.hbase.thirdparty.com.google.protobuf.ByteString in project hbase by apache.
the class TestVisibilityLabels method testSetAndGetUserAuths.
@Test
public void testSetAndGetUserAuths() throws Throwable {
final String user = "user1";
PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
String[] auths = { SECRET, CONFIDENTIAL };
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths, user);
} catch (Throwable e) {
throw new IOException(e);
}
return null;
}
};
SUPERUSER.runAs(action);
try (Table ht = TEST_UTIL.getConnection().getTable(LABELS_TABLE_NAME)) {
Scan scan = new Scan();
scan.setAuthorizations(new Authorizations(VisibilityUtils.SYSTEM_LABEL));
ResultScanner scanner = ht.getScanner(scan);
Result result = null;
List<Result> results = new ArrayList<>();
while ((result = scanner.next()) != null) {
results.add(result);
}
List<String> auths = extractAuths(user, results);
assertTrue(auths.contains(SECRET));
assertTrue(auths.contains(CONFIDENTIAL));
assertEquals(2, auths.size());
}
action = new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, user);
} catch (Throwable e) {
throw new IOException(e);
}
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(2, authsList.size());
assertTrue(authsList.contains(SECRET));
assertTrue(authsList.contains(CONFIDENTIAL));
return null;
}
};
SUPERUSER.runAs(action);
// Try doing setAuths once again and there should not be any duplicates
action = new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
String[] auths1 = { SECRET, CONFIDENTIAL };
GetAuthsResponse authsResponse = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths1, user);
try {
authsResponse = VisibilityClient.getAuths(conn, user);
} catch (Throwable e) {
throw new IOException(e);
}
} catch (Throwable e) {
}
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(2, authsList.size());
assertTrue(authsList.contains(SECRET));
assertTrue(authsList.contains(CONFIDENTIAL));
return null;
}
};
SUPERUSER.runAs(action);
}
Also used :
Table(org.apache.hadoop.hbase.client.Table)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
Connection(org.apache.hadoop.hbase.client.Connection)
ArrayList(java.util.ArrayList)
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
IOException(java.io.IOException)
IOException(java.io.IOException)
Result(org.apache.hadoop.hbase.client.Result)
RegionActionResult(org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.RegionActionResult)
GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)
Scan(org.apache.hadoop.hbase.client.Scan)
List(java.util.List)
ArrayList(java.util.ArrayList)
Test(org.junit.Test)
Example 33 with ByteString
use of org.apache.hbase.thirdparty.com.google.protobuf.ByteString in project hbase by apache.
the class TestVisibilityLabelsOpWithDifferentUsersNoACL method testLabelsTableOpsWithDifferentUsers.
@Test
public void testLabelsTableOpsWithDifferentUsers() throws Throwable {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
}
};
VisibilityLabelsResponse response = SUPERUSER.runAs(action);
assertTrue(response.getResult(0).getException().getValue().isEmpty());
assertTrue(response.getResult(1).getException().getValue().isEmpty());
// Ideally this should not be allowed. this operation should fail or do nothing.
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
} catch (Throwable e) {
}
return null;
}
};
response = NORMAL_USER1.runAs(action);
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
PrivilegedExceptionAction<GetAuthsResponse> action1 = new PrivilegedExceptionAction<GetAuthsResponse>() {
@Override
public GetAuthsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.getAuths(conn, "user1");
} catch (Throwable e) {
}
return null;
}
};
GetAuthsResponse authsResponse = NORMAL_USER.runAs(action1);
assertTrue(authsResponse.getAuthList().isEmpty());
authsResponse = NORMAL_USER1.runAs(action1);
assertTrue(authsResponse.getAuthList().isEmpty());
authsResponse = SUPERUSER.runAs(action1);
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(2, authsList.size());
assertTrue(authsList.contains(CONFIDENTIAL));
assertTrue(authsList.contains(PRIVATE));
PrivilegedExceptionAction<VisibilityLabelsResponse> action2 = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
}
};
response = NORMAL_USER1.runAs(action2);
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
response = SUPERUSER.runAs(action2);
assertTrue(response.getResult(0).getException().getValue().isEmpty());
assertTrue(response.getResult(1).getException().getValue().isEmpty());
authsResponse = SUPERUSER.runAs(action1);
assertTrue(authsResponse.getAuthList().isEmpty());
}
Also used :
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
Connection(org.apache.hadoop.hbase.client.Connection)
ArrayList(java.util.ArrayList)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
IOException(java.io.IOException)
GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)
VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Test(org.junit.Test)
Example 34 with ByteString
use of org.apache.hbase.thirdparty.com.google.protobuf.ByteString in project hbase by apache.
the class TestVisibilityLabelsWithACL method testLabelsTableOpsWithDifferentUsers.
@Test
public void testLabelsTableOpsWithDifferentUsers() throws Throwable {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" });
} catch (Throwable e) {
}
return null;
}
};
VisibilityLabelsResponse response = NORMAL_USER1.runAs(action);
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
}
};
response = NORMAL_USER1.runAs(action);
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
}
};
response = SUPERUSER.runAs(action);
assertTrue(response.getResult(0).getException().getValue().isEmpty());
assertTrue(response.getResult(1).getException().getValue().isEmpty());
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
}
};
response = NORMAL_USER1.runAs(action);
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(0).getException().getName());
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1).getException().getName());
response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user1");
assertTrue(response.getResult(0).getException().getValue().isEmpty());
assertTrue(response.getResult(1).getException().getValue().isEmpty());
VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user3");
PrivilegedExceptionAction<GetAuthsResponse> action1 = new PrivilegedExceptionAction<GetAuthsResponse>() {
@Override
public GetAuthsResponse run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.getAuths(conn, "user3");
} catch (Throwable e) {
}
return null;
}
};
GetAuthsResponse authsResponse = NORMAL_USER1.runAs(action1);
assertNull(authsResponse);
authsResponse = SUPERUSER.runAs(action1);
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(2, authsList.size());
assertTrue(authsList.contains(CONFIDENTIAL));
assertTrue(authsList.contains(PRIVATE));
}
Also used :
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
Connection(org.apache.hadoop.hbase.client.Connection)
ArrayList(java.util.ArrayList)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
IOException(java.io.IOException)
GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)
VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Test(org.junit.Test)
Example 35 with ByteString
use of org.apache.hbase.thirdparty.com.google.protobuf.ByteString in project hbase by apache.
the class TestVisibilityLablesWithGroups method testGroupAuths.
@Test
public void testGroupAuths() throws Exception {
final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
// create the table
TEST_UTIL.createTable(tableName, CF);
// put the data.
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf);
Table table = connection.getTable(tableName)) {
Put put = new Put(ROW_1);
put.addColumn(CF, Q1, HConstants.LATEST_TIMESTAMP, value1);
put.setCellVisibility(new CellVisibility(SECRET));
table.put(put);
put = new Put(ROW_1);
put.addColumn(CF, Q2, HConstants.LATEST_TIMESTAMP, value2);
put.setCellVisibility(new CellVisibility(CONFIDENTIAL));
table.put(put);
put = new Put(ROW_1);
put.addColumn(CF, Q3, HConstants.LATEST_TIMESTAMP, value3);
table.put(put);
}
return null;
}
});
// 'admin' user is part of 'supergroup', thus can see all the cells.
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf);
Table table = connection.getTable(tableName)) {
Scan s = new Scan();
ResultScanner scanner = table.getScanner(s);
Result[] next = scanner.next(1);
// Test that super user can see all the cells.
assertTrue(next.length == 1);
CellScanner cellScanner = next[0].cellScanner();
cellScanner.advance();
Cell current = cellScanner.current();
assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), current.getQualifierLength(), Q1, 0, Q1.length));
assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), current.getValueLength(), value1, 0, value1.length));
cellScanner.advance();
current = cellScanner.current();
assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), current.getQualifierLength(), Q2, 0, Q2.length));
assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), current.getValueLength(), value2, 0, value2.length));
cellScanner.advance();
current = cellScanner.current();
assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), current.getQualifierLength(), Q3, 0, Q3.length));
assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), current.getValueLength(), value3, 0, value3.length));
}
return null;
}
});
// Get testgroup's labels.
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(1, authsList.size());
assertTrue(authsList.contains(CONFIDENTIAL));
return null;
}
});
// Test that test user can see what 'testgroup' has been authorized to.
TESTUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf);
Table table = connection.getTable(tableName)) {
// Test scan with no auth attribute
Scan s = new Scan();
ResultScanner scanner = table.getScanner(s);
Result[] next = scanner.next(1);
assertTrue(next.length == 1);
CellScanner cellScanner = next[0].cellScanner();
cellScanner.advance();
Cell current = cellScanner.current();
// test user can see value2 (CONFIDENTIAL) and value3 (no label)
assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), current.getQualifierLength(), Q2, 0, Q2.length));
assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), current.getValueLength(), value2, 0, value2.length));
cellScanner.advance();
current = cellScanner.current();
// test user can see value2 (CONFIDENTIAL) and value3 (no label)
assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), current.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), current.getQualifierLength(), Q3, 0, Q3.length));
assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), current.getValueLength(), value3, 0, value3.length));
// Test scan with correct auth attribute for test user
Scan s1 = new Scan();
// test user is entitled to 'CONFIDENTIAL'.
// If we set both labels in the scan, 'SECRET' will be dropped by the SLGs.
s1.setAuthorizations(new Authorizations(new String[] { SECRET, CONFIDENTIAL }));
ResultScanner scanner1 = table.getScanner(s1);
Result[] next1 = scanner1.next(1);
assertTrue(next1.length == 1);
CellScanner cellScanner1 = next1[0].cellScanner();
cellScanner1.advance();
Cell current1 = cellScanner1.current();
// test user can see value2 (CONFIDENTIAL) and value3 (no label)
assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), current1.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), current1.getQualifierLength(), Q2, 0, Q2.length));
assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), current1.getValueLength(), value2, 0, value2.length));
cellScanner1.advance();
current1 = cellScanner1.current();
// test user can see value2 (CONFIDENTIAL) and value3 (no label)
assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), current1.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), current1.getQualifierLength(), Q3, 0, Q3.length));
assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), current1.getValueLength(), value3, 0, value3.length));
// Test scan with incorrect auth attribute for test user
Scan s2 = new Scan();
// test user is entitled to 'CONFIDENTIAL'.
// If we set 'SECRET', it will be dropped by the SLGs.
s2.setAuthorizations(new Authorizations(new String[] { SECRET }));
ResultScanner scanner2 = table.getScanner(s2);
Result next2 = scanner2.next();
CellScanner cellScanner2 = next2.cellScanner();
cellScanner2.advance();
Cell current2 = cellScanner2.current();
// This scan will only see value3 (no label)
assertTrue(Bytes.equals(current2.getRowArray(), current2.getRowOffset(), current2.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current2.getQualifierArray(), current2.getQualifierOffset(), current2.getQualifierLength(), Q3, 0, Q3.length));
assertTrue(Bytes.equals(current2.getValueArray(), current2.getValueOffset(), current2.getValueLength(), value3, 0, value3.length));
assertFalse(cellScanner2.advance());
}
return null;
}
});
// Clear 'testgroup' of CONFIDENTIAL label.
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
VisibilityLabelsResponse response = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}
return null;
}
});
// Get testgroup's labels. No label is returned.
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}
List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size());
for (ByteString authBS : authsResponse.getAuthList()) {
authsList.add(Bytes.toString(authBS.toByteArray()));
}
assertEquals(0, authsList.size());
return null;
}
});
// Test that test user cannot see the cells with the labels anymore.
TESTUSER.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (Connection connection = ConnectionFactory.createConnection(conf);
Table table = connection.getTable(tableName)) {
Scan s1 = new Scan();
// test user is not entitled to 'CONFIDENTIAL' anymore since we dropped
// testgroup's label. test user has no auth labels now.
// scan's labels will be dropped on the server side.
s1.setAuthorizations(new Authorizations(new String[] { SECRET, CONFIDENTIAL }));
ResultScanner scanner1 = table.getScanner(s1);
Result[] next1 = scanner1.next(1);
assertTrue(next1.length == 1);
CellScanner cellScanner1 = next1[0].cellScanner();
cellScanner1.advance();
Cell current1 = cellScanner1.current();
// test user can only see value3 (no label)
assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), current1.getRowLength(), ROW_1, 0, ROW_1.length));
assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), current1.getQualifierLength(), Q3, 0, Q3.length));
assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), current1.getValueLength(), value3, 0, value3.length));
assertFalse(cellScanner1.advance());
}
return null;
}
});
}
Also used :
Table(org.apache.hadoop.hbase.client.Table)
ResultScanner(org.apache.hadoop.hbase.client.ResultScanner)
ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString)
Connection(org.apache.hadoop.hbase.client.Connection)
CellScanner(org.apache.hadoop.hbase.CellScanner)
IOException(java.io.IOException)
Put(org.apache.hadoop.hbase.client.Put)
Result(org.apache.hadoop.hbase.client.Result)
TableName(org.apache.hadoop.hbase.TableName)
GetAuthsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)
Scan(org.apache.hadoop.hbase.client.Scan)
ArrayList(java.util.ArrayList)
List(java.util.List)
Cell(org.apache.hadoop.hbase.Cell)
VisibilityLabelsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Test(org.junit.Test)
Aggregations
ByteString (org.apache.hbase.thirdparty.com.google.protobuf.ByteString)36
IOException (java.io.IOException)22
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)11
AggregateResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.AggregateProtos.AggregateResponse)9
Connection (org.apache.hadoop.hbase.client.Connection)8
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)7
List (java.util.List)7
DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)7
Scan (org.apache.hadoop.hbase.client.Scan)7
Cell (org.apache.hadoop.hbase.Cell)6
CoprocessorRpcUtils (org.apache.hadoop.hbase.ipc.CoprocessorRpcUtils)6
AggregateRequest (org.apache.hadoop.hbase.shaded.protobuf.generated.AggregateProtos.AggregateRequest)6
AggregateService (org.apache.hadoop.hbase.shaded.protobuf.generated.AggregateProtos.AggregateService)6
GetAuthsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse)6
VisibilityLabelsResponse (org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)6
RpcCallback (org.apache.hbase.thirdparty.com.google.protobuf.RpcCallback)6
RpcController (org.apache.hbase.thirdparty.com.google.protobuf.RpcController)6
ByteBuffer (java.nio.ByteBuffer)4
CellScanner (org.apache.hadoop.hbase.CellScanner)4
