You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ss...@apache.org on 2015/05/25 09:33:26 UTC
hbase git commit: HBASE-13658 Improve the test run time for
TestAccessController class
Repository: hbase
Updated Branches:
refs/heads/0.98 a4ce4db45 -> b7fcb356e
HBASE-13658 Improve the test run time for TestAccessController class
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/b7fcb356
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/b7fcb356
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/b7fcb356
Branch: refs/heads/0.98
Commit: b7fcb356eb4d9b7e38dbd6950f65bc7ebfa77875
Parents: a4ce4db
Author: Ashish Singhi <as...@huawei.com>
Authored: Fri May 22 19:01:35 2015 +0530
Committer: Srikanth Srungarapu <ss...@cloudera.com>
Committed: Mon May 25 00:29:19 2015 -0700
----------------------------------------------------------------------
.../security/access/TestAccessController.java | 1393 +++++++++---------
1 file changed, 718 insertions(+), 675 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/b7fcb356/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index c77544e..d4fe59b 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -44,7 +44,6 @@ import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HRegionInfo;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.KeyValue;
-import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.MiniHBaseCluster;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.ServerName;
@@ -96,16 +95,13 @@ import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;
import org.apache.hadoop.hbase.regionserver.ScanType;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission.Action;
+import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.JVMClusterUtil;
-import org.apache.hadoop.hbase.util.TestTableName;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
-import org.junit.After;
import org.junit.AfterClass;
-import org.junit.Before;
import org.junit.BeforeClass;
-import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -129,7 +125,7 @@ public class TestAccessController extends SecureTestUtil {
Logger.getLogger(TableAuthManager.class).setLevel(Level.TRACE);
}
- @Rule public TestTableName TEST_TABLE = new TestTableName();
+ private static TableName TEST_TABLE = TableName.valueOf("testtable1");
private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
private static Configuration conf;
@@ -162,7 +158,7 @@ public class TestAccessController extends SecureTestUtil {
private static MasterCoprocessorEnvironment CP_ENV;
private static AccessController ACCESS_CONTROLLER;
private static RegionServerCoprocessorEnvironment RSCP_ENV;
- private RegionCoprocessorEnvironment RCP_ENV;
+ private static RegionCoprocessorEnvironment RCP_ENV;
@BeforeClass
public static void setupBeforeClass() throws Exception {
@@ -207,26 +203,26 @@ public class TestAccessController extends SecureTestUtil {
USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
+ setUpTableAndUserPermissions();
}
@AfterClass
public static void tearDownAfterClass() throws Exception {
+ cleanUp();
TEST_UTIL.shutdownMiniCluster();
}
- @Before
- public void setUp() throws Exception {
- // Create the test table (owner added to the _acl_ table)
+ private static void setUpTableAndUserPermissions() throws Exception {
HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
- HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName());
+ HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
hcd.setMaxVersions(100);
htd.addFamily(hcd);
htd.setOwner(USER_OWNER);
admin.createTable(htd, new byte[][] { Bytes.toBytes("s") });
- TEST_UTIL.waitUntilAllRegionsAssigned(TEST_TABLE.getTableName());
+ TEST_UTIL.waitUntilAllRegionsAssigned(TEST_TABLE);
- HRegion region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE.getTableName()).get(0);
+ HRegion region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0);
RegionCoprocessorHost rcpHost = region.getCoprocessorHost();
RCP_ENV = rcpHost.createEnvironment(AccessController.class, ACCESS_CONTROLLER,
Coprocessor.PRIORITY_HIGHEST, 1, conf);
@@ -240,26 +236,26 @@ public class TestAccessController extends SecureTestUtil {
Permission.Action.WRITE);
grantOnTable(TEST_UTIL, USER_RW.getShortName(),
- TEST_TABLE.getTableName(), TEST_FAMILY, null,
+ TEST_TABLE, TEST_FAMILY, null,
Permission.Action.READ,
Permission.Action.WRITE);
// USER_CREATE is USER_RW plus CREATE permissions
grantOnTable(TEST_UTIL, USER_CREATE.getShortName(),
- TEST_TABLE.getTableName(), null, null,
+ TEST_TABLE, null, null,
Permission.Action.CREATE,
Permission.Action.READ,
Permission.Action.WRITE);
grantOnTable(TEST_UTIL, USER_RO.getShortName(),
- TEST_TABLE.getTableName(), TEST_FAMILY, null,
+ TEST_TABLE, TEST_FAMILY, null,
Permission.Action.READ);
grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(),
- TEST_TABLE.getTableName(), TEST_FAMILY,
+ TEST_TABLE, TEST_FAMILY,
null, Permission.Action.ADMIN, Permission.Action.CREATE);
- assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
+ assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
try {
assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size());
} catch (Throwable e) {
@@ -267,16 +263,15 @@ public class TestAccessController extends SecureTestUtil {
}
}
- @After
- public void tearDown() throws Exception {
+ private static void cleanUp() throws Exception {
// Clean the _acl_ table
try {
- TEST_UTIL.deleteTable(TEST_TABLE.getTableName());
+ TEST_UTIL.deleteTable(TEST_TABLE);
} catch (TableNotFoundException ex) {
// Test deleted the table, no problem
- LOG.info("Test deleted table " + TEST_TABLE.getTableName());
+ LOG.info("Test deleted table " + TEST_TABLE);
}
- assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
+ assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size());
}
@Test
@@ -303,11 +298,11 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction modifyTable = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName());
+ HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
htd.addFamily(new HColumnDescriptor(TEST_FAMILY));
htd.addFamily(new HColumnDescriptor("fam_" + User.getCurrent().getShortName()));
ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV, null),
- TEST_TABLE.getTableName(), htd);
+ TEST_TABLE, htd);
return null;
}
};
@@ -322,7 +317,7 @@ public class TestAccessController extends SecureTestUtil {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER
- .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName());
+ .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE);
return null;
}
};
@@ -338,7 +333,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
ACCESS_CONTROLLER
.preTruncateTable(ObserverContext.createAndPrepare(CP_ENV, null),
- TEST_TABLE.getTableName());
+ TEST_TABLE);
return null;
}
};
@@ -353,7 +348,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction action = new AccessTestAction() {
@Override
public Object run() throws Exception {
- ACCESS_CONTROLLER.preAddColumn(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName(),
+ ACCESS_CONTROLLER.preAddColumn(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE,
hcd);
return null;
}
@@ -371,7 +366,7 @@ public class TestAccessController extends SecureTestUtil {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER.preModifyColumn(ObserverContext.createAndPrepare(CP_ENV, null),
- TEST_TABLE.getTableName(), hcd);
+ TEST_TABLE, hcd);
return null;
}
};
@@ -386,7 +381,7 @@ public class TestAccessController extends SecureTestUtil {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER.preDeleteColumn(ObserverContext.createAndPrepare(CP_ENV, null),
- TEST_TABLE.getTableName(), TEST_FAMILY);
+ TEST_TABLE, TEST_FAMILY);
return null;
}
};
@@ -401,7 +396,7 @@ public class TestAccessController extends SecureTestUtil {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null),
- TEST_TABLE.getTableName());
+ TEST_TABLE);
return null;
}
};
@@ -428,7 +423,7 @@ public class TestAccessController extends SecureTestUtil {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER
- .preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE.getTableName());
+ .preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE);
return null;
}
};
@@ -440,7 +435,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testMove() throws Exception {
Map<HRegionInfo, ServerName> regions;
- HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE.getTableName());
+ HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
try {
regions = table.getRegionLocations();
} finally {
@@ -464,7 +459,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testAssign() throws Exception {
Map<HRegionInfo, ServerName> regions;
- HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE.getTableName());
+ HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
try {
regions = table.getRegionLocations();
} finally {
@@ -488,7 +483,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testUnassign() throws Exception {
Map<HRegionInfo, ServerName> regions;
- HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE.getTableName());
+ HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
try {
regions = table.getRegionLocations();
} finally {
@@ -512,7 +507,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testRegionOffline() throws Exception {
Map<HRegionInfo, ServerName> regions;
- HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE.getTableName());
+ HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
try {
regions = table.getRegionLocations();
} finally {
@@ -626,21 +621,34 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testMergeRegions() throws Exception {
+ final TableName tname = TableName.valueOf("testMergeRegions");
+ createTestTable(tname);
+ try {
+ final List<HRegion> regions = TEST_UTIL.getHBaseCluster().findRegionsForTable(TEST_TABLE);
- final List<HRegion> regions = TEST_UTIL.getHBaseCluster().findRegionsForTable(TEST_TABLE.getTableName());
-
- AccessTestAction action = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- ACCESS_CONTROLLER.preMerge(
- ObserverContext.createAndPrepare(RSCP_ENV, null),
+ AccessTestAction action = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ ACCESS_CONTROLLER.preMerge(ObserverContext.createAndPrepare(RSCP_ENV, null),
regions.get(0), regions.get(1));
- return null;
- }
- };
+ return null;
+ }
+ };
- verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
- verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+ } finally {
+ TEST_UTIL.deleteTable(tname);
+ }
+ }
+
+ private void createTestTable(TableName tname) throws Exception {
+ HTableDescriptor htd = new HTableDescriptor(tname);
+ HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
+ hcd.setMaxVersions(100);
+ htd.addFamily(hcd);
+ htd.setOwner(USER_OWNER);
+ TEST_UTIL.createTable(htd, new byte[][] { Bytes.toBytes("s") });
}
@Test
@@ -691,7 +699,7 @@ public class TestAccessController extends SecureTestUtil {
Get g = new Get(TEST_ROW);
g.addFamily(TEST_FAMILY);
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.get(g);
} finally {
@@ -709,7 +717,7 @@ public class TestAccessController extends SecureTestUtil {
Scan s = new Scan();
s.addFamily(TEST_FAMILY);
- HTable table = new HTable(conf, TEST_TABLE.getTableName());
+ HTable table = new HTable(conf, TEST_TABLE);
try {
ResultScanner scanner = table.getScanner(s);
try {
@@ -738,7 +746,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Put p = new Put(TEST_ROW);
p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.put(p);
} finally {
@@ -755,7 +763,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(TEST_FAMILY);
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.delete(d);
} finally {
@@ -772,7 +780,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Increment inc = new Increment(TEST_ROW);
inc.addColumn(TEST_FAMILY, TEST_QUALIFIER, 1);
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.increment(inc);
} finally {
@@ -792,7 +800,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(TEST_FAMILY);
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.checkAndDelete(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
Bytes.toBytes("test_value"), d);
@@ -810,7 +818,7 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Put p = new Put(TEST_ROW);
p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.checkAndPut(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
Bytes.toBytes("test_value"), p);
@@ -825,37 +833,40 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testBulkLoad() throws Exception {
- FileSystem fs = TEST_UTIL.getTestFileSystem();
- final Path dir = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoad");
- fs.mkdirs(dir);
- //need to make it globally writable
- //so users creating HFiles have write permissions
- fs.setPermission(dir, FsPermission.valueOf("-rwxrwxrwx"));
-
- AccessTestAction bulkLoadAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- int numRows = 3;
+ try {
+ FileSystem fs = TEST_UTIL.getTestFileSystem();
+ final Path dir = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoad");
+ fs.mkdirs(dir);
+ // need to make it globally writable
+ // so users creating HFiles have write permissions
+ fs.setPermission(dir, FsPermission.valueOf("-rwxrwxrwx"));
+
+ AccessTestAction bulkLoadAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ int numRows = 3;
- //Making the assumption that the test table won't split between the range
- byte[][][] hfileRanges = {{{(byte)0}, {(byte)9}}};
+ // Making the assumption that the test table won't split between the range
+ byte[][][] hfileRanges = { { { (byte) 0 }, { (byte) 9 } } };
- Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));
- new BulkLoadHelper(bulkLoadBasePath)
- .bulkLoadHFile(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_QUALIFIER, hfileRanges, numRows);
+ Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));
+ new BulkLoadHelper(bulkLoadBasePath).bulkLoadHFile(TEST_TABLE, TEST_FAMILY,
+ TEST_QUALIFIER, hfileRanges, numRows);
- return null;
- }
- };
+ return null;
+ }
+ };
- // User performing bulk loads must have privilege to read table metadata
- // (ADMIN or CREATE)
- verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
- verifyDenied(bulkLoadAction, USER_RW, USER_NONE, USER_RO);
+ // User performing bulk loads must have privilege to read table metadata
+ // (ADMIN or CREATE)
+ verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
+ verifyDenied(bulkLoadAction, USER_RW, USER_NONE, USER_RO);
- // Reinit after the bulk upload
- TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
- TEST_UTIL.getHBaseAdmin().enableTable(TEST_TABLE.getTableName());
+ } finally {
+ // Reinit after the bulk upload
+ TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE);
+ TEST_UTIL.getHBaseAdmin().enableTable(TEST_TABLE);
+ }
}
public class BulkLoadHelper {
@@ -948,7 +959,7 @@ public class TestAccessController extends SecureTestUtil {
put.add(TEST_FAMILY, qualifier, Bytes.toBytes(1));
Append append = new Append(row);
append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2));
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
t.put(put);
t.append(append);
@@ -970,10 +981,10 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
- ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(),
+ ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE,
TEST_FAMILY, null, Action.READ);
} finally {
acl.close();
@@ -987,10 +998,10 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
- ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(),
+ ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE,
TEST_FAMILY, null, Action.READ);
} finally {
acl.close();
@@ -1004,10 +1015,10 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName());
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
- ProtobufUtil.getUserPermissions(protocol, TEST_TABLE.getTableName());
+ ProtobufUtil.getUserPermissions(protocol, TEST_TABLE);
} finally {
acl.close();
}
@@ -1033,16 +1044,20 @@ public class TestAccessController extends SecureTestUtil {
verifyAllowed(grantAction, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(grantAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+ try {
+ verifyAllowed(revokeAction, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(revokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
- verifyAllowed(revokeAction, SUPERUSER, USER_ADMIN, USER_OWNER);
- verifyDenied(revokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
-
- verifyAllowed(getTablePermissionsAction, SUPERUSER, USER_ADMIN, USER_OWNER);
- verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(getTablePermissionsAction, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);
- verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN);
- verifyDenied(getGlobalPermissionsAction, USER_CREATE,
- USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN);
+ verifyDenied(getGlobalPermissionsAction, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ } finally {
+ // Cleanup, Grant the revoked permission back to the user
+ grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+ Permission.Action.READ);
+ }
}
@Test
@@ -1064,256 +1079,255 @@ public class TestAccessController extends SecureTestUtil {
htd.addFamily(new HColumnDescriptor(family2));
admin.createTable(htd);
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
-
- // create temp users
- User tblUser = User
- .createUserForTesting(TEST_UTIL.getConfiguration(), "tbluser", new String[0]);
- User gblUser = User
- .createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
-
- // prepare actions:
- AccessTestAction putActionAll = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Put p = new Put(Bytes.toBytes("a"));
- p.add(family1, qualifier, Bytes.toBytes("v1"));
- p.add(family2, qualifier, Bytes.toBytes("v2"));
- HTable t = new HTable(conf, tableName);
- try {
- t.put(p);
- } finally {
- t.close();
+ try {
+ // create temp users
+ User tblUser =
+ User.createUserForTesting(TEST_UTIL.getConfiguration(), "tbluser", new String[0]);
+ User gblUser =
+ User.createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
+
+ // prepare actions:
+ AccessTestAction putActionAll = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Put p = new Put(Bytes.toBytes("a"));
+ p.add(family1, qualifier, Bytes.toBytes("v1"));
+ p.add(family2, qualifier, Bytes.toBytes("v2"));
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction putAction1 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Put p = new Put(Bytes.toBytes("a"));
- p.add(family1, qualifier, Bytes.toBytes("v1"));
- HTable t = new HTable(conf, tableName);
- try {
- t.put(p);
- } finally {
- t.close();
+ AccessTestAction putAction1 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Put p = new Put(Bytes.toBytes("a"));
+ p.add(family1, qualifier, Bytes.toBytes("v1"));
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction putAction2 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Put p = new Put(Bytes.toBytes("a"));
- p.add(family2, qualifier, Bytes.toBytes("v2"));
- HTable t = new HTable(conf, tableName);
- try {
- t.put(p);
- } finally {
- t.close();
+ AccessTestAction putAction2 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Put p = new Put(Bytes.toBytes("a"));
+ p.add(family2, qualifier, Bytes.toBytes("v2"));
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction getActionAll = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Get g = new Get(TEST_ROW);
- g.addFamily(family1);
- g.addFamily(family2);
- HTable t = new HTable(conf, tableName);
- try {
- t.get(g);
- } finally {
- t.close();
+ AccessTestAction getActionAll = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Get g = new Get(TEST_ROW);
+ g.addFamily(family1);
+ g.addFamily(family2);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction getAction1 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Get g = new Get(TEST_ROW);
- g.addFamily(family1);
- HTable t = new HTable(conf, tableName);
- try {
- t.get(g);
- } finally {
- t.close();
+ AccessTestAction getAction1 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Get g = new Get(TEST_ROW);
+ g.addFamily(family1);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction getAction2 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Get g = new Get(TEST_ROW);
- g.addFamily(family2);
- HTable t = new HTable(conf, tableName);
- try {
- t.get(g);
- } finally {
- t.close();
+ AccessTestAction getAction2 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Get g = new Get(TEST_ROW);
+ g.addFamily(family2);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction deleteActionAll = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Delete d = new Delete(TEST_ROW);
- d.deleteFamily(family1);
- d.deleteFamily(family2);
- HTable t = new HTable(conf, tableName);
- try {
- t.delete(d);
- } finally {
- t.close();
+ AccessTestAction deleteActionAll = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Delete d = new Delete(TEST_ROW);
+ d.deleteFamily(family1);
+ d.deleteFamily(family2);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction deleteAction1 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Delete d = new Delete(TEST_ROW);
- d.deleteFamily(family1);
- HTable t = new HTable(conf, tableName);
- try {
- t.delete(d);
- } finally {
- t.close();
+ AccessTestAction deleteAction1 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Delete d = new Delete(TEST_ROW);
+ d.deleteFamily(family1);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction deleteAction2 = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Delete d = new Delete(TEST_ROW);
- d.deleteFamily(family2);
- HTable t = new HTable(conf, tableName);
- try {
- t.delete(d);
- } finally {
- t.close();
+ AccessTestAction deleteAction2 = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Delete d = new Delete(TEST_ROW);
+ d.deleteFamily(family2);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
-
- // initial check:
- verifyDenied(tblUser, getActionAll, getAction1, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1, putAction2);
- verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
-
- verifyDenied(gblUser, getActionAll, getAction1, getAction2);
- verifyDenied(gblUser, putActionAll, putAction1, putAction2);
- verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
-
- // grant table read permission
- grantGlobal(TEST_UTIL, gblUser.getShortName(),
- Permission.Action.READ);
- grantOnTable(TEST_UTIL, tblUser.getShortName(),
- tableName, null, null,
- Permission.Action.READ);
-
- // check
- verifyAllowed(tblUser, getActionAll, getAction1, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1, putAction2);
- verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
-
- verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
- verifyDenied(gblUser, putActionAll, putAction1, putAction2);
- verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ };
- // grant table write permission while revoking read permissions
- grantGlobal(TEST_UTIL, gblUser.getShortName(),
- Permission.Action.WRITE);
- grantOnTable(TEST_UTIL, tblUser.getShortName(),
- tableName, null, null,
- Permission.Action.WRITE);
+ // initial check:
+ verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyDenied(tblUser, getActionAll, getAction1, getAction2);
- verifyAllowed(tblUser, putActionAll, putAction1, putAction2);
- verifyAllowed(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+ verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyDenied(gblUser, getActionAll, getAction1, getAction2);
- verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
- verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ // grant table read permission
+ grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);
+ grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null, Permission.Action.READ);
- // revoke table permissions
- revokeGlobal(TEST_UTIL, gblUser.getShortName());
- revokeFromTable(TEST_UTIL, tblUser.getShortName(),
- tableName, null, null);
+ // check
+ verifyAllowed(tblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyDenied(tblUser, getActionAll, getAction1, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1, putAction2);
- verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+ verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyDenied(gblUser, getActionAll, getAction1, getAction2);
- verifyDenied(gblUser, putActionAll, putAction1, putAction2);
- verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ // grant table write permission while revoking read permissions
+ grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);
+ grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null,
+ Permission.Action.WRITE);
- // grant column family read permission
- grantGlobal(TEST_UTIL, gblUser.getShortName(),
- Permission.Action.READ);
- grantOnTable(TEST_UTIL, tblUser.getShortName(),
- tableName, family1, null, Permission.Action.READ);
+ verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+ verifyAllowed(tblUser, putActionAll, putAction1, putAction2);
+ verifyAllowed(tblUser, deleteActionAll, deleteAction1, deleteAction2);
- // Access should be denied for family2
- verifyAllowed(tblUser, getActionAll, getAction1);
- verifyDenied(tblUser, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1, putAction2);
- verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+ verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+ verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
+ verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
- verifyDenied(gblUser, putActionAll, putAction1, putAction2);
- verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ // revoke table permissions
+ revokeGlobal(TEST_UTIL, gblUser.getShortName());
+ revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null);
- // grant column family write permission
- grantGlobal(TEST_UTIL, gblUser.getShortName(),
- Permission.Action.WRITE);
- grantOnTable(TEST_UTIL, tblUser.getShortName(),
- tableName, family2, null, Permission.Action.WRITE);
+ verifyDenied(tblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
- // READ from family1, WRITE to family2 are allowed
- verifyAllowed(tblUser, getActionAll, getAction1);
- verifyAllowed(tblUser, putAction2, deleteAction2);
- verifyDenied(tblUser, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1);
- verifyDenied(tblUser, deleteActionAll, deleteAction1);
+ verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
- verifyDenied(gblUser, getActionAll, getAction1, getAction2);
- verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
- verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ // grant column family read permission
+ grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);
+ grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family1, null,
+ Permission.Action.READ);
- // revoke column family permission
- revokeGlobal(TEST_UTIL, gblUser.getShortName());
- revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null);
+ // Access should be denied for family2
+ verifyAllowed(tblUser, getActionAll, getAction1);
+ verifyDenied(tblUser, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
- // Revoke on family2 should not have impact on family1 permissions
- verifyAllowed(tblUser, getActionAll, getAction1);
- verifyDenied(tblUser, getAction2);
- verifyDenied(tblUser, putActionAll, putAction1, putAction2);
- verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+ verifyAllowed(gblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
- // Should not have access as global permissions are completely revoked
- verifyDenied(gblUser, getActionAll, getAction1, getAction2);
- verifyDenied(gblUser, putActionAll, putAction1, putAction2);
- verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+ // grant column family write permission
+ grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);
+ grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null,
+ Permission.Action.WRITE);
- // delete table
- admin.disableTable(tableName);
- admin.deleteTable(tableName);
+ // READ from family1, WRITE to family2 are allowed
+ verifyAllowed(tblUser, getActionAll, getAction1);
+ verifyAllowed(tblUser, putAction2, deleteAction2);
+ verifyDenied(tblUser, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1);
+
+ verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+ verifyAllowed(gblUser, putActionAll, putAction1, putAction2);
+ verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+
+ // revoke column family permission
+ revokeGlobal(TEST_UTIL, gblUser.getShortName());
+ revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null);
+
+ // Revoke on family2 should not have impact on family1 permissions
+ verifyAllowed(tblUser, getActionAll, getAction1);
+ verifyDenied(tblUser, getAction2);
+ verifyDenied(tblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);
+
+ // Should not have access as global permissions are completely revoked
+ verifyDenied(gblUser, getActionAll, getAction1, getAction2);
+ verifyDenied(gblUser, putActionAll, putAction1, putAction2);
+ verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
+
+ // delete table
+ admin.disableTable(tableName);
+ admin.deleteTable(tableName);
+ } finally {
+ try {
+ TEST_UTIL.deleteTable(tableName);
+ } catch (IOException ignore) {
+ LOG.debug("Failed to delete table in cleanup. May be already deleted.");
+ }
+ }
}
private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> perms) {
@@ -1339,100 +1353,104 @@ public class TestAccessController extends SecureTestUtil {
htd.addFamily(new HColumnDescriptor(family2));
admin.createTable(htd);
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
+ try {
+ // create temp users
+ User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
- // create temp users
- User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
-
- AccessTestAction getQualifierAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Get g = new Get(TEST_ROW);
- g.addColumn(family1, qualifier);
- HTable t = new HTable(conf, tableName);
- try {
- t.get(g);
- } finally {
- t.close();
+ AccessTestAction getQualifierAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Get g = new Get(TEST_ROW);
+ g.addColumn(family1, qualifier);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction putQualifierAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Put p = new Put(TEST_ROW);
- p.add(family1, qualifier, Bytes.toBytes("v1"));
- HTable t = new HTable(conf, tableName);
- try {
- t.put(p);
- } finally {
- t.close();
+ AccessTestAction putQualifierAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Put p = new Put(TEST_ROW);
+ p.add(family1, qualifier, Bytes.toBytes("v1"));
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction deleteQualifierAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- Delete d = new Delete(TEST_ROW);
- d.deleteColumn(family1, qualifier);
- // d.deleteFamily(family1);
- HTable t = new HTable(conf, tableName);
- try {
- t.delete(d);
- } finally {
- t.close();
+ AccessTestAction deleteQualifierAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ Delete d = new Delete(TEST_ROW);
+ d.deleteColumn(family1, qualifier);
+ // d.deleteFamily(family1);
+ HTable t = new HTable(conf, tableName);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, null);
+ revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, null);
- verifyDenied(user, getQualifierAction);
- verifyDenied(user, putQualifierAction);
- verifyDenied(user, deleteQualifierAction);
+ verifyDenied(user, getQualifierAction);
+ verifyDenied(user, putQualifierAction);
+ verifyDenied(user, deleteQualifierAction);
- grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.READ);
+ grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.READ);
- verifyAllowed(user, getQualifierAction);
- verifyDenied(user, putQualifierAction);
- verifyDenied(user, deleteQualifierAction);
+ verifyAllowed(user, getQualifierAction);
+ verifyDenied(user, putQualifierAction);
+ verifyDenied(user, deleteQualifierAction);
- // only grant write permission
- // TODO: comment this portion after HBASE-3583
- grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.WRITE);
+ // only grant write permission
+ // TODO: comment this portion after HBASE-3583
+ grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.WRITE);
- verifyDenied(user, getQualifierAction);
- verifyAllowed(user, putQualifierAction);
- verifyAllowed(user, deleteQualifierAction);
+ verifyDenied(user, getQualifierAction);
+ verifyAllowed(user, putQualifierAction);
+ verifyAllowed(user, deleteQualifierAction);
- // grant both read and write permission
- grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.READ, Permission.Action.WRITE);
+ // grant both read and write permission
+ grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.READ, Permission.Action.WRITE);
- verifyAllowed(user, getQualifierAction);
- verifyAllowed(user, putQualifierAction);
- verifyAllowed(user, deleteQualifierAction);
+ verifyAllowed(user, getQualifierAction);
+ verifyAllowed(user, putQualifierAction);
+ verifyAllowed(user, deleteQualifierAction);
- // revoke family level permission won't impact column level
- revokeFromTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier);
+ // revoke family level permission won't impact column level
+ revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier);
- verifyDenied(user, getQualifierAction);
- verifyDenied(user, putQualifierAction);
- verifyDenied(user, deleteQualifierAction);
+ verifyDenied(user, getQualifierAction);
+ verifyDenied(user, putQualifierAction);
+ verifyDenied(user, deleteQualifierAction);
- // delete table
- admin.disableTable(tableName);
- admin.deleteTable(tableName);
+ // delete table
+ admin.disableTable(tableName);
+ admin.deleteTable(tableName);
+ } finally {
+ // delete table
+ try {
+ TEST_UTIL.deleteTable(tableName);
+ } catch (IOException ignore) {
+ LOG.debug("Failed to delete table in cleanup. May be already deleted.");
+ }
+ }
}
@Test
@@ -1457,115 +1475,117 @@ public class TestAccessController extends SecureTestUtil {
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
List<UserPermission> perms;
-
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
- } finally {
- acl.close();
- }
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
- UserPermission ownerperm = new UserPermission(
- Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
- assertTrue("Owner should have all permissions on table",
+ UserPermission ownerperm =
+ new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
+ assertTrue("Owner should have all permissions on table",
hasFoundUserPermission(ownerperm, perms));
- User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
- byte[] userName = Bytes.toBytes(user.getShortName());
+ User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
+ byte[] userName = Bytes.toBytes(user.getShortName());
- UserPermission up = new UserPermission(userName,
- tableName, family1, qualifier, Permission.Action.READ);
- assertFalse("User should not be granted permission: " + up.toString(),
- hasFoundUserPermission(up, perms));
+ UserPermission up =
+ new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ);
+ assertFalse("User should not be granted permission: " + up.toString(),
+ hasFoundUserPermission(up, perms));
- // grant read permission
- grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier, Permission.Action.READ);
+ // grant read permission
+ grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
- } finally {
- acl.close();
- }
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
- UserPermission upToVerify = new UserPermission(
- userName, tableName, family1, qualifier, Permission.Action.READ);
- assertTrue("User should be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ UserPermission upToVerify =
+ new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ);
+ assertTrue("User should be granted permission: " + upToVerify.toString(),
+ hasFoundUserPermission(upToVerify, perms));
- upToVerify = new UserPermission(
- userName, tableName, family1, qualifier, Permission.Action.WRITE);
- assertFalse("User should not be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ upToVerify =
+ new UserPermission(userName, tableName, family1, qualifier, Permission.Action.WRITE);
+ assertFalse("User should not be granted permission: " + upToVerify.toString(),
+ hasFoundUserPermission(upToVerify, perms));
- // grant read+write
- grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.WRITE, Permission.Action.READ);
+ // grant read+write
+ grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.WRITE, Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
- } finally {
- acl.close();
- }
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
- upToVerify = new UserPermission(userName, tableName, family1,
- qualifier, Permission.Action.WRITE, Permission.Action.READ);
- assertTrue("User should be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ upToVerify =
+ new UserPermission(userName, tableName, family1, qualifier, Permission.Action.WRITE,
+ Permission.Action.READ);
+ assertTrue("User should be granted permission: " + upToVerify.toString(),
+ hasFoundUserPermission(upToVerify, perms));
- // revoke
- revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
- Permission.Action.WRITE, Permission.Action.READ);
+ // revoke
+ revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.WRITE, Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
- } finally {
- acl.close();
- }
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
- assertFalse("User should not be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ assertFalse("User should not be granted permission: " + upToVerify.toString(),
+ hasFoundUserPermission(upToVerify, perms));
- // disable table before modification
- admin.disableTable(tableName);
+ // disable table before modification
+ admin.disableTable(tableName);
- User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
- htd.setOwner(newOwner);
- admin.modifyTable(tableName, htd);
+ User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
+ htd.setOwner(newOwner);
+ admin.modifyTable(tableName, htd);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
- } finally {
- acl.close();
- }
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
- UserPermission newOwnerperm = new UserPermission(
- Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
- assertTrue("New owner should have all permissions on table",
+ UserPermission newOwnerperm =
+ new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
+ assertTrue("New owner should have all permissions on table",
hasFoundUserPermission(newOwnerperm, perms));
- // delete table
- admin.deleteTable(tableName);
+ } finally {
+ // delete table
+ TEST_UTIL.deleteTable(tableName);
+ }
}
@Test
@@ -1629,127 +1649,132 @@ public class TestAccessController extends SecureTestUtil {
User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
grantOnTable(TEST_UTIL, userTable.getShortName(),
- TEST_TABLE.getTableName(), null, null,
+ TEST_TABLE, null, null,
Permission.Action.READ);
grantOnTable(TEST_UTIL, userColumn.getShortName(),
- TEST_TABLE.getTableName(), TEST_FAMILY, null,
+ TEST_TABLE, TEST_FAMILY, null,
Permission.Action.READ);
grantOnTable(TEST_UTIL, userQualifier.getShortName(),
- TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
+ TEST_TABLE, TEST_FAMILY, TEST_Q1,
Permission.Action.READ);
+ try {
+ AccessTestAction tableRead = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);
+ return null;
+ }
+ };
- AccessTestAction tableRead = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), null, null,
- Permission.Action.READ);
- return null;
- }
- };
-
- AccessTestAction columnRead = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
- Permission.Action.READ);
- return null;
- }
- };
-
- AccessTestAction qualifierRead = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
- Permission.Action.READ);
- return null;
- }
- };
+ AccessTestAction columnRead = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
+ return null;
+ }
+ };
- AccessTestAction multiQualifierRead = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[] {
- new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
- Permission.Action.READ),
- new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q2,
- Permission.Action.READ), });
- return null;
- }
- };
+ AccessTestAction qualifierRead = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+ return null;
+ }
+ };
- AccessTestAction globalAndTableRead = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(),
- new Permission[] { new Permission(Permission.Action.READ),
- new TablePermission(TEST_TABLE.getTableName(), null, (byte[]) null,
- Permission.Action.READ), });
- return null;
- }
- };
+ AccessTestAction multiQualifierRead = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {
+ new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ),
+ new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q2, Permission.Action.READ), });
+ return null;
+ }
+ };
- AccessTestAction noCheck = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[0]);
- return null;
- }
- };
+ AccessTestAction globalAndTableRead = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {
+ new Permission(Permission.Action.READ),
+ new TablePermission(TEST_TABLE, null, (byte[]) null, Permission.Action.READ), });
+ return null;
+ }
+ };
- verifyAllowed(tableRead, SUPERUSER, userTable);
- verifyDenied(tableRead, userColumn, userQualifier);
+ AccessTestAction noCheck = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[0]);
+ return null;
+ }
+ };
- verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
- verifyDenied(columnRead, userQualifier);
+ verifyAllowed(tableRead, SUPERUSER, userTable);
+ verifyDenied(tableRead, userColumn, userQualifier);
- verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);
+ verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
+ verifyDenied(columnRead, userQualifier);
- verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
- verifyDenied(multiQualifierRead, userQualifier);
+ verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);
- verifyAllowed(globalAndTableRead, SUPERUSER);
- verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);
+ verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
+ verifyDenied(multiQualifierRead, userQualifier);
- verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);
+ verifyAllowed(globalAndTableRead, SUPERUSER);
+ verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);
- // --------------------------------------
- // test family level multiple permissions
- AccessTestAction familyReadWrite = new AccessTestAction() {
- @Override
- public Void run() throws Exception {
- checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
- Permission.Action.READ, Permission.Action.WRITE);
- return null;
- }
- };
+ verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);
- verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
- verifyDenied(familyReadWrite, USER_NONE, USER_RO);
+ // --------------------------------------
+ // test family level multiple permissions
+ AccessTestAction familyReadWrite = new AccessTestAction() {
+ @Override
+ public Void run() throws Exception {
+ checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ,
+ Permission.Action.WRITE);
+ return null;
+ }
+ };
- // --------------------------------------
- // check for wrong table region
- CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder()
- .addPermission(AccessControlProtos.Permission.newBuilder()
- .setType(AccessControlProtos.Permission.Type.Table)
- .setTablePermission(
- AccessControlProtos.TablePermission.newBuilder()
- .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName()))
- .addAction(AccessControlProtos.Permission.Action.CREATE))
- ).build();
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(channel);
+ verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
+ verifyDenied(familyReadWrite, USER_NONE, USER_RO);
+
+ // --------------------------------------
+ // check for wrong table region
+ CheckPermissionsRequest checkRequest =
+ CheckPermissionsRequest
+ .newBuilder()
+ .addPermission(
+ AccessControlProtos.Permission
+ .newBuilder()
+ .setType(AccessControlProtos.Permission.Type.Table)
+ .setTablePermission(
+ AccessControlProtos.TablePermission.newBuilder()
+ .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE))
+ .addAction(AccessControlProtos.Permission.Action.CREATE))).build();
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- // but ask for TablePermissions for TEST_TABLE
- protocol.checkPermissions(null, checkRequest);
- fail("this should have thrown CoprocessorException");
- } catch (ServiceException ex) {
- // expected
+ BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(channel);
+ try {
+ // but ask for TablePermissions for TEST_TABLE
+ protocol.checkPermissions(null, checkRequest);
+ fail("this should have thrown CoprocessorException");
+ } catch (ServiceException ex) {
+ // expected
+ }
+ } finally {
+ acl.close();
}
} finally {
- acl.close();
+ revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null,
+ Permission.Action.READ);
+ revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+ Permission.Action.READ);
+ revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1,
+ Permission.Action.READ);
}
}
@@ -1940,58 +1965,63 @@ public class TestAccessController extends SecureTestUtil {
// Grant TABLE ADMIN privs
grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(),
- TEST_TABLE.getTableName(), null, null,
+ TEST_TABLE, null, null,
Permission.Action.ADMIN);
-
- AccessTestAction listTablesAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- HBaseAdmin admin = new HBaseAdmin(TEST_UTIL.getConfiguration());
- try {
- admin.listTables();
- } finally {
- admin.close();
+ try {
+ AccessTestAction listTablesAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ HBaseAdmin admin = new HBaseAdmin(TEST_UTIL.getConfiguration());
+ try {
+ admin.listTables();
+ } finally {
+ admin.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- AccessTestAction getTableDescAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- HBaseAdmin admin = new HBaseAdmin(TEST_UTIL.getConfiguration());
- try {
- admin.getTableDescriptor(TEST_TABLE.getTableName());
- } finally {
- admin.close();
+ AccessTestAction getTableDescAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ HBaseAdmin admin = new HBaseAdmin(TEST_UTIL.getConfiguration());
+ try {
+ admin.getTableDescriptor(TEST_TABLE);
+ } finally {
+ admin.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN);
- verifyDenied(listTablesAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, TABLE_ADMIN);
+ verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN);
+ verifyDenied(listTablesAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, TABLE_ADMIN);
- verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, TABLE_ADMIN);
- verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, TABLE_ADMIN);
+ verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE);
+ } finally {
+ // Cleanup, revoke TABLE ADMIN privs
+ revokeFromTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,
+ Permission.Action.ADMIN);
+ }
}
@Test
public void testTableDeletion() throws Exception {
User TABLE_ADMIN = User.createUserForTesting(conf, "TestUser", new String[0]);
+ final TableName tname = TableName.valueOf("testTableDeletion");
+ createTestTable(tname);
// Grant TABLE ADMIN privs
- grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(),
- TEST_TABLE.getTableName(), null, null,
- Permission.Action.ADMIN);
+ grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), tname, null, null, Permission.Action.ADMIN);
AccessTestAction deleteTableAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
HBaseAdmin admin = new HBaseAdmin(TEST_UTIL.getConfiguration());
try {
- admin.disableTable(TEST_TABLE.getTableName());
- admin.deleteTable(TEST_TABLE.getTableName());
+ admin.disableTable(tname);
+ admin.deleteTable(tname);
} finally {
admin.close();
}
@@ -2008,7 +2038,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
return t.get(new Get(TEST_ROW));
} finally {
@@ -2021,7 +2051,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant namespace READ to USER_NONE, this should supersede any table permissions
grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(),
- TEST_TABLE.getTableName().getNamespaceAsString(),
+ TEST_TABLE.getNamespaceAsString(),
Permission.Action.READ);
// Now USER_NONE should be able to read also
@@ -2035,7 +2065,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
return t.get(new Get(TEST_ROW));
} finally {
@@ -2049,7 +2079,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant table READ permissions to testGrantRevoke.
try {
grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
- TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
+ TEST_TABLE, null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. " + e.getStackTrace());
}
@@ -2060,7 +2090,7 @@ public class TestAccessController extends SecureTestUtil {
// Revoke table READ permission to testGrantRevoke.
try {
revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
- TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
+ TEST_TABLE, null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke " + e.getStackTrace());
}
@@ -2077,7 +2107,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
return t.get(new Get(TEST_ROW));
} finally {
@@ -2089,26 +2119,29 @@ public class TestAccessController extends SecureTestUtil {
verifyDenied(getAction, testGlobalGrantRevoke);
// Grant table READ permissions to testGlobalGrantRevoke.
+ String userName = testGlobalGrantRevoke.getShortName();
try {
- grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
+ grantGlobalUsingAccessControlClient(TEST_UTIL, conf, userName,
Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
}
+ try {
+ // Now testGlobalGrantRevoke should be able to read also
+ verifyAllowed(getAction, testGlobalGrantRevoke);
- // Now testGlobalGrantRevoke should be able to read also
- verifyAllowed(getAction, testGlobalGrantRevoke);
+ // Revoke table READ permission to testGlobalGrantRevoke.
+ try {
+ revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, userName, Permission.Action.READ);
+ } catch (Throwable e) {
+ LOG.error("error during call of AccessControlClient.revoke ", e);
+ }
- // Revoke table READ permission to testGlobalGrantRevoke.
- try {
- revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
- Permission.Action.READ);
- } catch (Throwable e) {
- LOG.error("error during call of AccessControlClient.revoke ", e);
+ // Now testGlobalGrantRevoke shouldn't be able read
+ verifyDenied(getAction, testGlobalGrantRevoke);
+ } finally {
+ revokeGlobal(TEST_UTIL, userName, Permission.Action.READ);
}
-
- // Now testGlobalGrantRevoke shouldn't be able read
- verifyDenied(getAction, testGlobalGrantRevoke);
}
@Test
@@ -2118,7 +2151,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
return t.get(new Get(TEST_ROW));
} finally {
@@ -2130,26 +2163,32 @@ public class TestAccessController extends SecureTestUtil {
verifyDenied(getAction, testNS);
// Grant namespace READ to testNS, this should supersede any table permissions
+ String userName = testNS.getShortName();
+ String namespace = TEST_TABLE.getNamespaceAsString();
try {
- grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
- TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
+ grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, userName,
+ namespace, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. " + e.getStackTrace());
}
- // Now testNS should be able to read also
- verifyAllowed(getAction, testNS);
-
- // Revoke namespace READ to testNS, this should supersede any table permissions
try {
- revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
- TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
- } catch (Throwable e) {
- LOG.error("error during call of AccessControlClient.revoke " + e.getStackTrace());
- }
+ // Now testNS should be able to read also
+ verifyAllowed(getAction, testNS);
- // Now testNS shouldn't be able read
- verifyDenied(getAction, testNS);
+ // Revoke namespace READ to testNS, this should supersede any table permissions
+ try {
+ revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, userName, namespace,
+ Permission.Action.READ);
+ } catch (Throwable e) {
+ LOG.error("error during call of AccessControlClient.revoke " + e.getStackTrace());
+ }
+
+ // Now testNS shouldn't be able read
+ verifyDenied(getAction, testNS);
+ } finally {
+ revokeFromNamespace(TEST_UTIL, userName, namespace, Permission.Action.READ);
+ }
}
@@ -2204,7 +2243,7 @@ public class TestAccessController extends SecureTestUtil {
for (JVMClusterUtil.RegionServerThread thread:
TEST_UTIL.getMiniHBaseCluster().getRegionServerThreads()) {
HRegionServer rs = thread.getRegionServer();
- for (HRegion region: rs.getOnlineRegions(TEST_TABLE.getTableName())) {
+ for (HRegion region: rs.getOnlineRegions(TEST_TABLE)) {
region.getCoprocessorHost().load(PingCoprocessor.class,
Coprocessor.PRIORITY_USER, conf);
}
@@ -2216,35 +2255,39 @@ public class TestAccessController extends SecureTestUtil {
User userB = User.createUserForTesting(conf, "UserB", new String[0]);
grantOnTable(TEST_UTIL, userA.getShortName(),
- TEST_TABLE.getTableName(), null, null,
+ TEST_TABLE, null, null,
Permission.Action.EXEC);
-
- // Create an action for invoking our test endpoint
- AccessTestAction execEndpointAction = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
- try {
- BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);
- PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build());
- } finally {
- t.close();
+ try {
+ // Create an action for invoking our test endpoint
+ AccessTestAction execEndpointAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ HTable t = new HTable(conf, TEST_TABLE);
+ try {
+ BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);
+ PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build());
+ } finally {
+ t.close();
+ }
+ return null;
}
- return null;
- }
- };
+ };
- // Verify that EXEC permission is checked correctly
- verifyDenied(execEndpointAction, userB);
- verifyAllowed(execEndpointAction, userA);
+ // Verify that EXEC permission is checked correctly
+ verifyDenied(execEndpointAction, userB);
+ verifyAllowed(execEndpointAction, userA);
- // Now grant EXEC to the entire namespace to user B
- grantOnNamespace(TEST_UTIL, userB.getShortName(),
- TEST_TABLE.getTableName().getNamespaceAsString(),
- Permission.Action.EXEC);
+ // Now grant EXEC to the entire namespace to user B
+ grantOnNamespace(TEST_UTIL, userB.getShortName(), TEST_TABLE.getNamespaceAsString(),
+ Permission.Action.EXEC);
- // User B should now be allowed also
- verifyAllowed(execEndpointAction, userA, userB);
+ // User B should now be allowed also
+ verifyAllowed(execEndpointAction, userA, userB);
+ } finally {
+ // Cleanup, revoke the userA privileges
+ revokeFromTable(TEST_UTIL, userA.getShortName(), TEST_TABLE, null, null,
+ Permission.Action.EXEC);
+ }
}
@Test
@@ -2252,7 +2295,7 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction putWithReservedTag = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ HTable t = new HTable(conf, TEST_TABLE);
try {
KeyValue kv = new KeyValue(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
HConstants.LATEST_TIMESTAMP, HConstants.EMPTY_BYTE_ARRAY,
@@ -2293,14 +2336,14 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testTruncatePerms() throws Exception {
try {
- List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf, TEST_TABLE
- .getTableName().getNameAsString());
+ List<UserPermission> existingPerms =
+ AccessControlClient.getUserPermissions(conf, TEST_TABLE.getNameAsString());
assertTrue(existingPerms != null);
assertTrue(existingPerms.size() > 1);
- TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
- TEST_UTIL.getHBaseAdmin().truncateTable(TEST_TABLE.getTableName(), true);
- List<UserPermission> perms = AccessControlClient.getUserPermissions(conf, TEST_TABLE
- .getTableName().getNameAsString());
+ TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE);
+ TEST_UTIL.getHBaseAdmin().truncateTable(TEST_TABLE, true);
+ List<UserPermission> perms =
+ AccessControlClient.getUserPermissions(conf, TEST_TABLE.getNameAsString());
assertTrue(perms != null);
assertEquals(existingPerms.size(), perms.size());
} catch (Throwable e) {