You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2014/05/26 20:40:45 UTC
[2/6] git commit: Amend HBASE-11251 Attempt grants during tests only
when security is enabled
Amend HBASE-11251 Attempt grants during tests only when security is enabled
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/d29d73eb
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/d29d73eb
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/d29d73eb
Branch: refs/heads/0.98
Commit: d29d73ebae77a563ad1e3dc7965f31ca88b78488
Parents: 6c46a07
Author: Andrew Purtell <ap...@apache.org>
Authored: Mon May 26 10:40:16 2014 -0700
Committer: Andrew Purtell <ap...@apache.org>
Committed: Mon May 26 11:06:43 2014 -0700
----------------------------------------------------------------------
.../hbase/IntegrationTestIngestWithACL.java | 5 ++-
.../apache/hadoop/hbase/util/LoadTestTool.java | 39 +++++++++-----------
.../hbase/util/MultiThreadedReaderWithACL.java | 2 +-
.../hbase/util/MultiThreadedUpdaterWithACL.java | 2 +-
4 files changed, 23 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
index d635b98..94681cc 100644
--- a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
+++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
@@ -25,6 +25,7 @@ import org.apache.commons.cli.CommandLine;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.io.hfile.HFile;
+import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessController;
import org.apache.hadoop.hbase.util.LoadTestTool;
import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
@@ -69,7 +70,7 @@ public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
sb.append(COLON);
- if (LoadTestTool.isSecure(getConf())) {
+ if (User.isHBaseSecurityEnabled(getConf())) {
sb.append(authnFileName);
sb.append(COLON);
}
@@ -107,7 +108,7 @@ public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
if (cmd.hasOption(OPT_USERS)) {
userNames = cmd.getOptionValue(OPT_USERS);
}
- if (LoadTestTool.isSecure(getConf())) {
+ if (User.isHBaseSecurityEnabled(getConf())) {
boolean authFileNotFound = false;
if (cmd.hasOption(OPT_AUTHN)) {
authnFileName = cmd.getOptionValue(OPT_AUTHN);
http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
index a156fa2..2406efe 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
@@ -481,9 +481,9 @@ public class LoadTestTool extends AbstractHBaseTool {
dataGen = getLoadGeneratorInstance(clazzAndArgs[0]);
String[] args;
if (dataGen instanceof LoadTestDataGeneratorWithACL) {
- LOG.info("ACL is on");
- if (isSecure(conf)) {
- LOG.info("Security is on.");
+ LOG.info("Using LoadTestDataGeneratorWithACL");
+ if (User.isHBaseSecurityEnabled(conf)) {
+ LOG.info("Security is enabled");
authnFileName = clazzAndArgs[1];
superUser = clazzAndArgs[2];
userNames = clazzAndArgs[3];
@@ -514,12 +514,11 @@ public class LoadTestTool extends AbstractHBaseTool {
minColsPerKey, maxColsPerKey, COLUMN_FAMILY);
}
- if (userOwner != null) {
- LOG.info("Granting permission for the user " + userOwner.getShortName());
+ if (User.isHBaseSecurityEnabled(conf) && userOwner != null) {
+ LOG.info("Granting permissions for user " + userOwner.getShortName());
AccessControlProtos.Permission.Action[] actions = {
AccessControlProtos.Permission.Action.ADMIN, AccessControlProtos.Permission.Action.CREATE,
AccessControlProtos.Permission.Action.READ, AccessControlProtos.Permission.Action.WRITE };
-
try {
AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null, actions);
} catch (Throwable e) {
@@ -531,20 +530,22 @@ public class LoadTestTool extends AbstractHBaseTool {
// This will be comma separated list of expressions.
String users[] = userNames.split(",");
User user = null;
- for (String userStr : users) {
- if (isSecure(conf)) {
+ if (User.isHBaseSecurityEnabled(conf)) {
+ for (String userStr : users) {
user = User.create(loginAndReturnUGI(conf, userStr));
- } else {
+ LOG.info("Granting READ permission for the user " + user.getShortName());
+ AccessControlProtos.Permission.Action[] actions = { AccessControlProtos.Permission.Action.READ };
+ try {
+ AccessControlClient.grant(conf, tableName, user.getShortName(), null, null, actions);
+ } catch (Throwable e) {
+ LOG.fatal("Error in granting READ permission for the user " + user.getShortName(), e);
+ return EXIT_FAILURE;
+ }
+ }
+ } else {
+ for (String userStr : users) {
user = User.createUserForTesting(conf, userStr, new String[0]);
}
- LOG.info("Granting READ permission for the user " + user.getShortName());
- AccessControlProtos.Permission.Action[] actions = { AccessControlProtos.Permission.Action.READ };
- try {
- AccessControlClient.grant(conf, tableName, user.getShortName(), null, null, actions);
- } catch (Throwable e) {
- LOG.fatal("Error in granting READ permission for the user " + user.getShortName(), e);
- return EXIT_FAILURE;
- }
}
}
@@ -808,8 +809,4 @@ public class LoadTestTool extends AbstractHBaseTool {
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);
return ugi;
}
-
- public static boolean isSecure(Configuration conf) {
- return ("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")));
- }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
index 9f57453..99b4f1d 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
@@ -121,7 +121,7 @@ public class MultiThreadedReaderWithACL extends MultiThreadedReader {
User user;
UserGroupInformation realUserUgi;
if(!users.containsKey(userNames[mod])) {
- if(LoadTestTool.isSecure(conf)) {
+ if(User.isHBaseSecurityEnabled(conf)) {
realUserUgi = LoadTestTool.loginAndReturnUGI(conf, userNames[mod]);
} else {
realUserUgi = UserGroupInformation.createRemoteUser(userNames[mod]);
http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
index 8ea6d04..b0c07ff 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
@@ -136,7 +136,7 @@ public class MultiThreadedUpdaterWithACL extends MultiThreadedUpdater {
UserGroupInformation realUserUgi;
try {
if (!users.containsKey(userNames[mod])) {
- if (LoadTestTool.isSecure(conf)) {
+ if (User.isHBaseSecurityEnabled(conf)) {
realUserUgi = LoadTestTool.loginAndReturnUGI(conf, userNames[mod]);
} else {
realUserUgi = UserGroupInformation.createRemoteUser(userNames[mod]);