You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2013/01/17 19:22:51 UTC
svn commit: r1434846 -
/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Author: apurtell
Date: Thu Jan 17 18:22:50 2013
New Revision: 1434846
URL: http://svn.apache.org/viewvc?rev=1434846&view=rev
Log:
HBASE-7585. TestAccessController tests should close HTables
Modified:
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1434846&r1=1434845&r2=1434846&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Thu Jan 17 18:22:50 2013
@@ -151,34 +151,38 @@ public class TestAccessController {
htd.setOwner(USER_OWNER);
admin.createTable(htd);
- // initilize access control
- HTable meta = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = meta.coprocessorService(TEST_TABLE);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
-
HRegion region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0);
RegionCoprocessorHost rcpHost = region.getCoprocessorHost();
RCP_ENV = rcpHost.createEnvironment(AccessController.class, ACCESS_CONTROLLER,
Coprocessor.PRIORITY_HIGHEST, 1, conf);
- protocol.grant(null, RequestConverter.buildGrantRequest(USER_ADMIN.getShortName(),
+ // initilize access control
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+
+ protocol.grant(null, RequestConverter.buildGrantRequest(USER_ADMIN.getShortName(),
null, null, null,
AccessControlProtos.Permission.Action.ADMIN,
AccessControlProtos.Permission.Action.CREATE,
AccessControlProtos.Permission.Action.READ,
AccessControlProtos.Permission.Action.WRITE));
- protocol.grant(null, RequestConverter.buildGrantRequest(USER_RW.getShortName(),
+ protocol.grant(null, RequestConverter.buildGrantRequest(USER_RW.getShortName(),
TEST_TABLE, TEST_FAMILY, null,
AccessControlProtos.Permission.Action.READ,
AccessControlProtos.Permission.Action.WRITE));
- protocol.grant(null, RequestConverter.buildGrantRequest(USER_RO.getShortName(), TEST_TABLE,
+ protocol.grant(null, RequestConverter.buildGrantRequest(USER_RO.getShortName(), TEST_TABLE,
TEST_FAMILY, null, AccessControlProtos.Permission.Action.READ));
- protocol.grant(null, RequestConverter.buildGrantRequest(USER_CREATE.getShortName(),
+ protocol.grant(null, RequestConverter.buildGrantRequest(USER_CREATE.getShortName(),
TEST_TABLE, null, null, AccessControlProtos.Permission.Action.CREATE));
+ } finally {
+ acl.close();
+ }
}
@AfterClass
@@ -393,8 +397,13 @@ public class TestAccessController {
@Test
public void testMove() throws Exception {
+ Map<HRegionInfo, ServerName> regions;
HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
- Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+ try {
+ regions = table.getRegionLocations();
+ } finally {
+ table.close();
+ }
final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
final ServerName server = TEST_UTIL.getHBaseCluster().getRegionServer(0).getServerName();
PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -411,8 +420,13 @@ public class TestAccessController {
@Test
public void testAssign() throws Exception {
+ Map<HRegionInfo, ServerName> regions;
HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
- Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+ try {
+ regions = table.getRegionLocations();
+ } finally {
+ table.close();
+ }
final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -429,8 +443,13 @@ public class TestAccessController {
@Test
public void testUnassign() throws Exception {
+ Map<HRegionInfo, ServerName> regions;
HTable table = new HTable(TEST_UTIL.getConfiguration(), TEST_TABLE);
- Map<HRegionInfo, ServerName> regions = table.getRegionLocations();
+ try {
+ regions = table.getRegionLocations();
+ } finally {
+ table.close();
+ }
final Map.Entry<HRegionInfo, ServerName> firstRegion = regions.entrySet().iterator().next();
PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
@@ -588,7 +607,11 @@ public class TestAccessController {
Get g = new Get(Bytes.toBytes("random_row"));
g.addFamily(TEST_FAMILY);
HTable t = new HTable(conf, TEST_TABLE);
- t.get(g);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -601,14 +624,18 @@ public class TestAccessController {
s.addFamily(TEST_FAMILY);
HTable table = new HTable(conf, TEST_TABLE);
- ResultScanner scanner = table.getScanner(s);
try {
- for (Result r = scanner.next(); r != null; r = scanner.next()) {
- // do nothing
+ ResultScanner scanner = table.getScanner(s);
+ try {
+ for (Result r = scanner.next(); r != null; r = scanner.next()) {
+ // do nothing
+ }
+ } catch (IOException e) {
+ } finally {
+ scanner.close();
}
- } catch (IOException e) {
} finally {
- scanner.close();
+ table.close();
}
return null;
}
@@ -625,7 +652,11 @@ public class TestAccessController {
Put p = new Put(Bytes.toBytes("random_row"));
p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
HTable t = new HTable(conf, TEST_TABLE);
- t.put(p);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -637,7 +668,11 @@ public class TestAccessController {
Delete d = new Delete(Bytes.toBytes("random_row"));
d.deleteFamily(TEST_FAMILY);
HTable t = new HTable(conf, TEST_TABLE);
- t.delete(d);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -649,7 +684,11 @@ public class TestAccessController {
Increment inc = new Increment(Bytes.toBytes("random_row"));
inc.addColumn(TEST_FAMILY, Bytes.toBytes("Qualifier"), 1);
HTable t = new HTable(conf, TEST_TABLE);
- t.increment(inc);
+ try {
+ t.increment(inc);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -663,10 +702,13 @@ public class TestAccessController {
public Object run() throws Exception {
Delete d = new Delete(Bytes.toBytes("random_row"));
d.deleteFamily(TEST_FAMILY);
-
HTable t = new HTable(conf, TEST_TABLE);
- t.checkAndDelete(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
- Bytes.toBytes("test_value"), d);
+ try {
+ t.checkAndDelete(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
+ Bytes.toBytes("test_value"), d);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -675,11 +717,15 @@ public class TestAccessController {
// action for checkAndPut()
PrivilegedExceptionAction checkAndPut = new PrivilegedExceptionAction() {
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE);
Put p = new Put(Bytes.toBytes("random_row"));
p.add(TEST_FAMILY, Bytes.toBytes("Qualifier"), Bytes.toBytes(1));
- t.checkAndPut(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
- Bytes.toBytes("test_value"), p);
+ HTable t = new HTable(conf, TEST_TABLE);
+ try {
+ t.checkAndPut(Bytes.toBytes("random_row"), TEST_FAMILY, Bytes.toBytes("q"),
+ Bytes.toBytes("test_value"), p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -770,9 +816,13 @@ public class TestAccessController {
setPermission(loadPath, FsPermission.valueOf("-rwxrwxrwx"));
HTable table = new HTable(conf, tableName);
- TEST_UTIL.waitTableAvailable(tableName, 30000);
- LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf);
- loader.doBulkLoad(loadPath, table);
+ try {
+ TEST_UTIL.waitTableAvailable(tableName, 30000);
+ LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf);
+ loader.doBulkLoad(loadPath, table);
+ } finally {
+ table.close();
+ }
}
public void setPermission(Path dir, FsPermission perm) throws IOException {
@@ -795,13 +845,17 @@ public class TestAccessController {
public Object run() throws Exception {
byte[] row = Bytes.toBytes("random_row");
byte[] qualifier = Bytes.toBytes("q");
- HTable t = new HTable(conf, TEST_TABLE);
Put put = new Put(row);
put.add(TEST_FAMILY, qualifier, Bytes.toBytes(1));
- t.put(put);
Append append = new Append(row);
append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2));
- t.append(append);
+ HTable t = new HTable(conf, TEST_TABLE);
+ try {
+ t.put(put);
+ t.append(append);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -816,11 +870,15 @@ public class TestAccessController {
PrivilegedExceptionAction grantAction = new PrivilegedExceptionAction() {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE,
- TEST_FAMILY, null, Action.READ);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE,
+ TEST_FAMILY, null, Action.READ);
+ } finally {
+ acl.close();
+ }
return null;
}
};
@@ -828,11 +886,15 @@ public class TestAccessController {
PrivilegedExceptionAction revokeAction = new PrivilegedExceptionAction() {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE,
- TEST_FAMILY, null, Action.READ);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE,
+ TEST_FAMILY, null, Action.READ);
+ } finally {
+ acl.close();
+ }
return null;
}
};
@@ -840,10 +902,14 @@ public class TestAccessController {
PrivilegedExceptionAction getPermissionsAction = new PrivilegedExceptionAction() {
public Object run() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- ProtobufUtil.getUserPermissions(protocol, TEST_TABLE);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.getUserPermissions(protocol, TEST_TABLE);
+ } finally {
+ acl.close();
+ }
return null;
}
};
@@ -882,12 +948,6 @@ public class TestAccessController {
User gblUser = User
.createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);
- // perms only stored against the first region
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(tableName);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
-
// prepare actions:
PrivilegedExceptionAction putActionAll = new PrivilegedExceptionAction() {
public Object run() throws Exception {
@@ -895,7 +955,11 @@ public class TestAccessController {
p.add(family1, qualifier, Bytes.toBytes("v1"));
p.add(family2, qualifier, Bytes.toBytes("v2"));
HTable t = new HTable(conf, tableName);
- t.put(p);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -904,7 +968,11 @@ public class TestAccessController {
Put p = new Put(Bytes.toBytes("a"));
p.add(family1, qualifier, Bytes.toBytes("v1"));
HTable t = new HTable(conf, tableName);
- t.put(p);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -913,7 +981,11 @@ public class TestAccessController {
Put p = new Put(Bytes.toBytes("a"));
p.add(family2, qualifier, Bytes.toBytes("v2"));
HTable t = new HTable(conf, tableName);
- t.put(p);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -923,7 +995,11 @@ public class TestAccessController {
g.addFamily(family1);
g.addFamily(family2);
HTable t = new HTable(conf, tableName);
- t.get(g);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -932,7 +1008,11 @@ public class TestAccessController {
Get g = new Get(Bytes.toBytes("random_row"));
g.addFamily(family1);
HTable t = new HTable(conf, tableName);
- t.get(g);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -941,7 +1021,11 @@ public class TestAccessController {
Get g = new Get(Bytes.toBytes("random_row"));
g.addFamily(family2);
HTable t = new HTable(conf, tableName);
- t.get(g);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -951,7 +1035,11 @@ public class TestAccessController {
d.deleteFamily(family1);
d.deleteFamily(family2);
HTable t = new HTable(conf, tableName);
- t.delete(d);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -960,7 +1048,11 @@ public class TestAccessController {
Delete d = new Delete(Bytes.toBytes("random_row"));
d.deleteFamily(family1);
HTable t = new HTable(conf, tableName);
- t.delete(d);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -969,7 +1061,11 @@ public class TestAccessController {
Delete d = new Delete(Bytes.toBytes("random_row"));
d.deleteFamily(family2);
HTable t = new HTable(conf, tableName);
- t.delete(d);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -984,10 +1080,18 @@ public class TestAccessController {
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// grant table read permission
- ProtobufUtil.grant(protocol, tblUser.getShortName(),
- tableName, null, null, Permission.Action.READ);
- ProtobufUtil.grant(protocol, gblUser.getShortName(),
- null, null, null, Permission.Action.READ);
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, tblUser.getShortName(),
+ tableName, null, null, Permission.Action.READ);
+ ProtobufUtil.grant(protocol, gblUser.getShortName(),
+ null, null, null, Permission.Action.READ);
+ } finally {
+ acl.close();
+ }
Thread.sleep(100);
// check
@@ -1000,10 +1104,19 @@ public class TestAccessController {
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// grant table write permission
- ProtobufUtil.grant(protocol, tblUser.getShortName(),
- tableName, null, null, Permission.Action.WRITE);
- ProtobufUtil.grant(protocol, gblUser.getShortName(),
- null, null, null, Permission.Action.WRITE);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, tblUser.getShortName(),
+ tableName, null, null, Permission.Action.WRITE);
+ ProtobufUtil.grant(protocol, gblUser.getShortName(),
+ null, null, null, Permission.Action.WRITE);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyDenied(tblUser, getActionAll, getAction1, getAction2);
@@ -1015,10 +1128,19 @@ public class TestAccessController {
verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// revoke table permission
- ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null,
- Permission.Action.READ, Permission.Action.WRITE);
- ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, null, null);
- ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null,
+ Permission.Action.READ, Permission.Action.WRITE);
+ ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, null, null);
+ ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyDenied(tblUser, getActionAll, getAction1, getAction2);
@@ -1030,10 +1152,18 @@ public class TestAccessController {
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// grant column family read permission
- ProtobufUtil.grant(protocol, tblUser.getShortName(),
- tableName, family1, null, Permission.Action.READ);
- ProtobufUtil.grant(protocol, gblUser.getShortName(),
- null, null, null, Permission.Action.READ);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, tblUser.getShortName(),
+ tableName, family1, null, Permission.Action.READ);
+ ProtobufUtil.grant(protocol, gblUser.getShortName(),
+ null, null, null, Permission.Action.READ);
+ } finally {
+ acl.close();
+ }
Thread.sleep(100);
@@ -1048,10 +1178,19 @@ public class TestAccessController {
verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// grant column family write permission
- ProtobufUtil.grant(protocol, tblUser.getShortName(),
- tableName, family2, null, Permission.Action.WRITE);
- ProtobufUtil.grant(protocol, gblUser.getShortName(),
- null, null, null, Permission.Action.WRITE);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, tblUser.getShortName(),
+ tableName, family2, null, Permission.Action.WRITE);
+ ProtobufUtil.grant(protocol, gblUser.getShortName(),
+ null, null, null, Permission.Action.WRITE);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
// READ from family1, WRITE to family2 are allowed
@@ -1066,8 +1205,16 @@ public class TestAccessController {
verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);
// revoke column family permission
- ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, family2, null);
- ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, family2, null);
+ ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null);
+ } finally {
+ acl.close();
+ }
Thread.sleep(100);
@@ -1100,7 +1247,6 @@ public class TestAccessController {
// create table
HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
-
if (admin.tableExists(tableName)) {
admin.disableTable(tableName);
admin.deleteTable(tableName);
@@ -1113,17 +1259,16 @@ public class TestAccessController {
// create temp users
User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(tableName);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
-
PrivilegedExceptionAction getQualifierAction = new PrivilegedExceptionAction() {
public Object run() throws Exception {
Get g = new Get(Bytes.toBytes("random_row"));
g.addColumn(family1, qualifier);
HTable t = new HTable(conf, tableName);
- t.get(g);
+ try {
+ t.get(g);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -1132,7 +1277,11 @@ public class TestAccessController {
Put p = new Put(Bytes.toBytes("random_row"));
p.add(family1, qualifier, Bytes.toBytes("v1"));
HTable t = new HTable(conf, tableName);
- t.put(p);
+ try {
+ t.put(p);
+ } finally {
+ t.close();
+ }
return null;
}
};
@@ -1142,18 +1291,42 @@ public class TestAccessController {
d.deleteColumn(family1, qualifier);
// d.deleteFamily(family1);
HTable t = new HTable(conf, tableName);
- t.delete(d);
+ try {
+ t.delete(d);
+ } finally {
+ t.close();
+ }
return null;
}
};
- ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, null);
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, null);
+ } finally {
+ acl.close();
+ }
+
+ Thread.sleep(100);
+
verifyDenied(user, getQualifierAction);
verifyDenied(user, putQualifierAction);
verifyDenied(user, deleteQualifierAction);
- ProtobufUtil.grant(protocol, user.getShortName(),
- tableName, family1, qualifier, Permission.Action.READ);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, user.getShortName(),
+ tableName, family1, qualifier, Permission.Action.READ);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyAllowed(user, getQualifierAction);
@@ -1162,8 +1335,17 @@ public class TestAccessController {
// only grant write permission
// TODO: comment this portion after HBASE-3583
- ProtobufUtil.grant(protocol, user.getShortName(),
- tableName, family1, qualifier, Permission.Action.WRITE);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, user.getShortName(),
+ tableName, family1, qualifier, Permission.Action.WRITE);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyDenied(user, getQualifierAction);
@@ -1171,9 +1353,18 @@ public class TestAccessController {
verifyAllowed(user, deleteQualifierAction);
// grant both read and write permission.
- ProtobufUtil.grant(protocol, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.READ, Permission.Action.WRITE);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, user.getShortName(),
+ tableName, family1, qualifier,
+ Permission.Action.READ, Permission.Action.WRITE);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyAllowed(user, getQualifierAction);
@@ -1181,8 +1372,17 @@ public class TestAccessController {
verifyAllowed(user, deleteQualifierAction);
// revoke family level permission won't impact column level.
- ProtobufUtil.revoke(protocol, user.getShortName(),
- tableName, family1, qualifier);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.revoke(protocol, user.getShortName(),
+ tableName, family1, qualifier);
+ } finally {
+ acl.close();
+ }
+
Thread.sleep(100);
verifyDenied(user, getQualifierAction);
@@ -1213,12 +1413,17 @@ public class TestAccessController {
htd.setOwner(USER_OWNER);
admin.createTable(htd);
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(tableName);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
+ List<UserPermission> perms;
- List<UserPermission> perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
UserPermission ownerperm = new UserPermission(
Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
@@ -1234,9 +1439,17 @@ public class TestAccessController {
hasFoundUserPermission(up, perms));
// grant read permission
- ProtobufUtil.grant(protocol, user.getShortName(),
- tableName, family1, qualifier, Permission.Action.READ);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, user.getShortName(),
+ tableName, family1, qualifier, Permission.Action.READ);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
UserPermission upToVerify = new UserPermission(
userName, tableName, family1, qualifier, Permission.Action.READ);
@@ -1249,19 +1462,36 @@ public class TestAccessController {
hasFoundUserPermission(upToVerify, perms));
// grant read+write
- ProtobufUtil.grant(protocol, user.getShortName(),
- tableName, family1, qualifier,
- Permission.Action.WRITE, Permission.Action.READ);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.grant(protocol, user.getShortName(),
+ tableName, family1, qualifier,
+ Permission.Action.WRITE, Permission.Action.READ);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
upToVerify = new UserPermission(userName, tableName, family1,
qualifier, Permission.Action.WRITE, Permission.Action.READ);
assertTrue("User should be granted permission: " + upToVerify.toString(),
hasFoundUserPermission(upToVerify, perms));
- ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, qualifier,
- Permission.Action.WRITE, Permission.Action.READ);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ ProtobufUtil.revoke(protocol, user.getShortName(), tableName, family1, qualifier,
+ Permission.Action.WRITE, Permission.Action.READ);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
+
assertFalse("User should not be granted permission: " + upToVerify.toString(),
hasFoundUserPermission(upToVerify, perms));
@@ -1271,7 +1501,17 @@ public class TestAccessController {
User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});
htd.setOwner(newOwner);
admin.modifyTable(tableName, htd);
- perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(tableName);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, tableName);
+ } finally {
+ acl.close();
+ }
+
UserPermission newOwnerperm = new UserPermission(
Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
assertTrue("New owner should have all permissions on table",
@@ -1283,11 +1523,16 @@ public class TestAccessController {
@Test
public void testGlobalPermissionList() throws Exception {
+ List<UserPermission> perms;
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- List<UserPermission> perms = ProtobufUtil.getUserPermissions(protocol, null);
+ try {
+ BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ perms = ProtobufUtil.getUserPermissions(protocol, null);
+ } finally {
+ acl.close();
+ }
UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"));
assertTrue("Only user admin has permission on table _acl_ per setup",
@@ -1302,25 +1547,27 @@ public class TestAccessController {
}
public void checkGlobalPerms(Permission.Action... actions) throws IOException {
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(channel);
-
Permission[] perms = new Permission[actions.length];
for (int i = 0; i < actions.length; i++) {
perms[i] = new Permission(actions[i]);
}
-
CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder();
for (Action a : actions) {
request.addPermission(AccessControlProtos.Permission.newBuilder()
.addAction(ProtobufUtil.toPermissionAction(a)).build());
}
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- protocol.checkPermissions(null, request.build());
- } catch (ServiceException se) {
- ProtobufUtil.toIOException(se);
+ BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(channel);
+ try {
+ protocol.checkPermissions(null, request.build());
+ } catch (ServiceException se) {
+ ProtobufUtil.toIOException(se);
+ }
+ } finally {
+ acl.close();
}
}
@@ -1335,27 +1582,26 @@ public class TestAccessController {
}
public void checkTablePerms(byte[] table, Permission... perms) throws IOException {
- HTable acl = new HTable(conf, table);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0]));
CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder();
for (Permission p : perms) {
request.addPermission(ProtobufUtil.toPermission(p));
}
+ HTable acl = new HTable(conf, table);
try {
- protocol.checkPermissions(null, request.build());
- } catch (ServiceException se) {
- ProtobufUtil.toIOException(se);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0]));
+ try {
+ protocol.checkPermissions(null, request.build());
+ } catch (ServiceException se) {
+ ProtobufUtil.toIOException(se);
+ }
+ } finally {
+ acl.close();
}
}
@Test
public void testCheckPermissions() throws Exception {
- final HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(channel);
-
// --------------------------------------
// test global permissions
PrivilegedExceptionAction<Void> globalAdmin = new PrivilegedExceptionAction<Void>() {
@@ -1389,12 +1635,20 @@ public class TestAccessController {
User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);
User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);
- ProtobufUtil.grant(protocol, userTable.getShortName(),
- TEST_TABLE, null, null, Permission.Action.READ);
- ProtobufUtil.grant(protocol, userColumn.getShortName(),
- TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
- ProtobufUtil.grant(protocol, userQualifier.getShortName(),
- TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ try {
+ BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(channel);
+ ProtobufUtil.grant(protocol, userTable.getShortName(),
+ TEST_TABLE, null, null, Permission.Action.READ);
+ ProtobufUtil.grant(protocol, userColumn.getShortName(),
+ TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);
+ ProtobufUtil.grant(protocol, userQualifier.getShortName(),
+ TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);
+ } finally {
+ acl.close();
+ }
PrivilegedExceptionAction<Void> tableRead = new PrivilegedExceptionAction<Void>() {
@Override
@@ -1479,19 +1733,26 @@ public class TestAccessController {
// --------------------------------------
// check for wrong table region
+ CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder()
+ .addPermission(AccessControlProtos.Permission.newBuilder()
+ .setTable(ByteString.copyFrom(TEST_TABLE))
+ .addAction(AccessControlProtos.Permission.Action.CREATE)
+ ).build();
+ acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
try {
- CheckPermissionsRequest checkRequest =
- CheckPermissionsRequest.newBuilder().addPermission(
- AccessControlProtos.Permission.newBuilder()
- .setTable(ByteString.copyFrom(TEST_TABLE)).addAction(AccessControlProtos.Permission.Action.CREATE)
- ).build();
- // but ask for TablePermissions for TEST_TABLE
- protocol.checkPermissions(null, checkRequest);
- fail("this should have thrown CoprocessorException");
- } catch (ServiceException ex) {
- // expected
+ BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(channel);
+ try {
+ // but ask for TablePermissions for TEST_TABLE
+ protocol.checkPermissions(null, checkRequest);
+ fail("this should have thrown CoprocessorException");
+ } catch (ServiceException ex) {
+ // expected
+ }
+ } finally {
+ acl.close();
}
-
}
@Test