You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2018/02/20 19:12:44 UTC
[1/2] hbase git commit: Revert "HBASE-19970 (addendum for 1.x only)
Remove unused functions from TableAuthManager."
Repository: hbase
Updated Branches:
refs/heads/branch-1 7990546ef -> fd8189d31
Revert "HBASE-19970 (addendum for 1.x only) Remove unused functions from TableAuthManager."
This reverts commit 0f79c497c52fbe78a1f344675579b6eb26d23b70.
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/071281cf
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/071281cf
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/071281cf
Branch: refs/heads/branch-1
Commit: 071281cf52307cf3def599d7850ef99e3f7c464f
Parents: 7990546
Author: Michael Stack <st...@apache.org>
Authored: Tue Feb 20 11:12:33 2018 -0800
Committer: Michael Stack <st...@apache.org>
Committed: Tue Feb 20 11:12:33 2018 -0800
----------------------------------------------------------------------
.../hadoop/hbase/security/access/TestZKPermissionWatcher.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/071281cf/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
index 0961cab..a80f184 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
@@ -47,8 +47,8 @@ import org.junit.experimental.categories.Category;
* Test the reading and writing of access permissions to and from zookeeper.
*/
@Category(LargeTests.class)
-public class TestZKPermissionWatcher {
- private static final Log LOG = LogFactory.getLog(TestZKPermissionWatcher.class);
+public class TestZKPermissionsWatcher {
+ private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
private static TableAuthManager AUTH_A;
private static TableAuthManager AUTH_B;
@@ -90,7 +90,7 @@ public class TestZKPermissionWatcher {
}
private void setTableACL(
- User user, TableAuthManager srcAuthManager, final TableAuthManager destAuthManager,
+ User user, TableAuthManager srcAuthManager, TableAuthManager destAuthManager,
TablePermission.Action... actions) throws Exception{
// update ACL: george RW
ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
[2/2] hbase git commit: Revert "HBASE-19970 Remove unused functions
from TableAuthManager."
Posted by st...@apache.org.
Revert "HBASE-19970 Remove unused functions from TableAuthManager."
This reverts commit e6ce789b6fa44592c3a566703c78de0687154a84.
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/fd8189d3
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/fd8189d3
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/fd8189d3
Branch: refs/heads/branch-1
Commit: fd8189d31d900896a93db2d9c08303f3dedc1dd8
Parents: 071281c
Author: Michael Stack <st...@apache.org>
Authored: Tue Feb 20 11:12:36 2018 -0800
Committer: Michael Stack <st...@apache.org>
Committed: Tue Feb 20 11:12:36 2018 -0800
----------------------------------------------------------------------
.../security/access/AccessControlLists.java | 9 +-
.../hbase/security/access/AccessController.java | 4 +-
.../hbase/security/access/TableAuthManager.java | 75 ++++++++
.../security/access/TestTablePermissions.java | 2 +-
.../access/TestZKPermissionWatcher.java | 179 -------------------
.../access/TestZKPermissionsWatcher.java | 178 ++++++++++++++++++
6 files changed, 259 insertions(+), 188 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index f508110..57c0f7b 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -73,10 +73,6 @@ import org.apache.hadoop.io.Text;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import com.google.common.collect.Lists;
-import org.apache.hadoop.io.Writable;
-import org.apache.hadoop.io.WritableFactories;
-import org.apache.hadoop.io.WritableUtils;
-import org.apache.jasper.tagplugins.jstl.core.Remove;
/**
* Maintains lists of permission grants to users and groups to allow for
@@ -671,7 +667,8 @@ public class AccessControlLists {
*
* Writes a set of permission [user: table permission]
*/
- public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms) {
+ public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms,
+ Configuration conf) {
return ProtobufUtil.prependPBMagic(ProtobufUtil.toUserTablePermissions(perms).toByteArray());
}
@@ -758,7 +755,7 @@ public class AccessControlLists {
// Deserialize the table permissions from the KV
// TODO: This can be improved. Don't build UsersAndPermissions just to unpack it again,
// use the builder
- AccessControlProtos.UsersAndPermissions.Builder builder =
+ AccessControlProtos.UsersAndPermissions.Builder builder =
AccessControlProtos.UsersAndPermissions.newBuilder();
ProtobufUtil.mergeFrom(builder, tag.getBuffer(), tag.getTagOffset(), tag.getTagLength());
ListMultimap<String,Permission> kvPerms =
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index c889a3e..fd0a704 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -243,7 +243,7 @@ public class AccessController extends BaseMasterAndRegionObserver
tables.entrySet()) {
byte[] entry = t.getKey();
ListMultimap<String,TablePermission> perms = t.getValue();
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
+ byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf);
getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry, serialized);
}
initialized = true;
@@ -275,7 +275,7 @@ public class AccessController extends BaseMasterAndRegionObserver
try (Table t = regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME)) {
ListMultimap<String,TablePermission> perms =
AccessControlLists.getPermissions(conf, entry, t);
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
+ byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf);
zkw.writeToZookeeper(entry, serialized);
}
} catch (IOException ex) {
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
index 0aabcb3..a12757d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@@ -659,6 +659,81 @@ public class TableAuthManager implements Closeable {
tableCache.remove(table);
}
+ /**
+ * Overwrites the existing permission set for a given user for a table, and
+ * triggers an update for zookeeper synchronization.
+ * @param username
+ * @param table
+ * @param perms
+ */
+ public void setTableUserPermissions(String username, TableName table,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getTablePermissions(table);
+ tablePerms.replaceUser(username, perms);
+ writeTableToZooKeeper(table, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a group and triggers an update
+ * for zookeeper synchronization.
+ * @param group
+ * @param table
+ * @param perms
+ */
+ public void setTableGroupPermissions(String group, TableName table,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getTablePermissions(table);
+ tablePerms.replaceGroup(group, perms);
+ writeTableToZooKeeper(table, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a given user for a table, and
+ * triggers an update for zookeeper synchronization.
+ * @param username
+ * @param namespace
+ * @param perms
+ */
+ public void setNamespaceUserPermissions(String username, String namespace,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace);
+ tablePerms.replaceUser(username, perms);
+ writeNamespaceToZooKeeper(namespace, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a group and triggers an update
+ * for zookeeper synchronization.
+ * @param group
+ * @param namespace
+ * @param perms
+ */
+ public void setNamespaceGroupPermissions(String group, String namespace,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace);
+ tablePerms.replaceGroup(group, perms);
+ writeNamespaceToZooKeeper(namespace, tablePerms);
+ }
+
+ public void writeTableToZooKeeper(TableName table,
+ PermissionCache<TablePermission> tablePerms) {
+ byte[] serialized = new byte[0];
+ if (tablePerms != null) {
+ serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
+ }
+ zkperms.writeToZookeeper(table.getName(), serialized);
+ }
+
+ public void writeNamespaceToZooKeeper(String namespace,
+ PermissionCache<TablePermission> tablePerms) {
+ byte[] serialized = new byte[0];
+ if (tablePerms != null) {
+ serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
+ }
+ zkperms.writeToZookeeper(Bytes.toBytes(AccessControlLists.toNamespaceEntry(namespace)),
+ serialized);
+ }
+
public long getMTime() {
return mtime.get();
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
index 26ca9eb..f8fad9f 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
@@ -323,7 +323,7 @@ public class TestTablePermissions {
public void testSerialization() throws Exception {
Configuration conf = UTIL.getConfiguration();
ListMultimap<String,TablePermission> permissions = createPermissions();
- byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions);
+ byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf);
ListMultimap<String, TablePermission> copy =
AccessControlLists.readPermissions(permsData, conf);
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
deleted file mode 100644
index a80f184..0000000
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hbase.security.access;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import com.google.common.collect.ArrayListMultimap;
-import com.google.common.collect.ListMultimap;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.hbase.Abortable;
-import org.apache.hadoop.hbase.TableName;
-import org.apache.hadoop.hbase.HBaseTestingUtility;
-import org.apache.hadoop.hbase.testclassification.LargeTests;
-import org.apache.hadoop.hbase.Waiter.Predicate;
-import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-/**
- * Test the reading and writing of access permissions to and from zookeeper.
- */
-@Category(LargeTests.class)
-public class TestZKPermissionsWatcher {
- private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
- private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
- private static TableAuthManager AUTH_A;
- private static TableAuthManager AUTH_B;
- private final static Abortable ABORTABLE = new Abortable() {
- private final AtomicBoolean abort = new AtomicBoolean(false);
-
- @Override
- public void abort(String why, Throwable e) {
- LOG.info(why, e);
- abort.set(true);
- }
-
- @Override
- public boolean isAborted() {
- return abort.get();
- }
- };
-
- private static TableName TEST_TABLE =
- TableName.valueOf("perms_test");
-
- @BeforeClass
- public static void beforeClass() throws Exception {
- // setup configuration
- Configuration conf = UTIL.getConfiguration();
- SecureTestUtil.enableSecurity(conf);
-
- // start minicluster
- UTIL.startMiniCluster();
- AUTH_A = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf,
- "TestZKPermissionsWatcher_1", ABORTABLE), conf);
- AUTH_B = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf,
- "TestZKPermissionsWatcher_2", ABORTABLE), conf);
- }
-
- @AfterClass
- public static void afterClass() throws Exception {
- UTIL.shutdownMiniCluster();
- }
-
- private void setTableACL(
- User user, TableAuthManager srcAuthManager, TableAuthManager destAuthManager,
- TablePermission.Action... actions) throws Exception{
- // update ACL: george RW
- ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
- perms.replaceValues(user.getShortName(),
- Collections.singletonList(new TablePermission(TEST_TABLE, null, actions)));
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
- final long mtime = destAuthManager.getMTime();
- srcAuthManager.getZKPermissionWatcher().writeToZookeeper(TEST_TABLE.getName(), serialized);
- // Wait for the update to propagate
- UTIL.waitFor(10000, 100, new Predicate<Exception>() {
- @Override
- public boolean evaluate() throws Exception {
- return destAuthManager.getMTime() > mtime;
- }
- });
- Thread.sleep(1000);
- }
-
- @Test
- public void testPermissionsWatcher() throws Exception {
- Configuration conf = UTIL.getConfiguration();
- User george = User.createUserForTesting(conf, "george", new String[] { });
- User hubert = User.createUserForTesting(conf, "hubert", new String[] { });
-
- assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
-
- assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
-
- // update ACL: george, RW
- setTableACL(george, AUTH_A, AUTH_B,
- TablePermission.Action.READ, TablePermission.Action.WRITE);
-
- // check it
- assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
-
- // update ACL: hubert, Read
- setTableACL(hubert, AUTH_B, AUTH_A, TablePermission.Action.READ);
-
- // check it
- assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.READ));
- assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
- TablePermission.Action.WRITE));
- }
-}
http://git-wip-us.apache.org/repos/asf/hbase/blob/fd8189d3/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
new file mode 100644
index 0000000..c99cbaa
--- /dev/null
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.security.access;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.Abortable;
+import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.testclassification.LargeTests;
+import org.apache.hadoop.hbase.Waiter.Predicate;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+/**
+ * Test the reading and writing of access permissions to and from zookeeper.
+ */
+@Category(LargeTests.class)
+public class TestZKPermissionsWatcher {
+ private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
+ private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
+ private static TableAuthManager AUTH_A;
+ private static TableAuthManager AUTH_B;
+ private final static Abortable ABORTABLE = new Abortable() {
+ private final AtomicBoolean abort = new AtomicBoolean(false);
+
+ @Override
+ public void abort(String why, Throwable e) {
+ LOG.info(why, e);
+ abort.set(true);
+ }
+
+ @Override
+ public boolean isAborted() {
+ return abort.get();
+ }
+ };
+
+ private static TableName TEST_TABLE =
+ TableName.valueOf("perms_test");
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ // setup configuration
+ Configuration conf = UTIL.getConfiguration();
+ SecureTestUtil.enableSecurity(conf);
+
+ // start minicluster
+ UTIL.startMiniCluster();
+ AUTH_A = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf,
+ "TestZKPermissionsWatcher_1", ABORTABLE), conf);
+ AUTH_B = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf,
+ "TestZKPermissionsWatcher_2", ABORTABLE), conf);
+ }
+
+ @AfterClass
+ public static void afterClass() throws Exception {
+ UTIL.shutdownMiniCluster();
+ }
+
+ @Test
+ public void testPermissionsWatcher() throws Exception {
+ Configuration conf = UTIL.getConfiguration();
+ User george = User.createUserForTesting(conf, "george", new String[] { });
+ User hubert = User.createUserForTesting(conf, "hubert", new String[] { });
+
+ assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+
+ assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+
+ // update ACL: george RW
+ List<TablePermission> acl = new ArrayList<TablePermission>();
+ acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
+ TablePermission.Action.WRITE));
+ final long mtimeB = AUTH_B.getMTime();
+ AUTH_A.setTableUserPermissions(george.getShortName(), TEST_TABLE, acl);
+ // Wait for the update to propagate
+ UTIL.waitFor(10000, 100, new Predicate<Exception>() {
+ @Override
+ public boolean evaluate() throws Exception {
+ return AUTH_B.getMTime() > mtimeB;
+ }
+ });
+ Thread.sleep(1000);
+
+ // check it
+ assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+
+ // update ACL: hubert R
+ acl = new ArrayList<TablePermission>();
+ acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
+ final long mtimeA = AUTH_A.getMTime();
+ AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
+ // Wait for the update to propagate
+ UTIL.waitFor(10000, 100, new Predicate<Exception>() {
+ @Override
+ public boolean evaluate() throws Exception {
+ return AUTH_A.getMTime() > mtimeA;
+ }
+ });
+ Thread.sleep(1000);
+
+ // check it
+ assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.READ));
+ assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
+ TablePermission.Action.WRITE));
+ }
+}