You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2014/05/26 20:40:45 UTC

[2/6] git commit: Amend HBASE-11251 Attempt grants during tests only when security is enabled

Amend HBASE-11251 Attempt grants during tests only when security is enabled


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/d29d73eb
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/d29d73eb
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/d29d73eb

Branch: refs/heads/0.98
Commit: d29d73ebae77a563ad1e3dc7965f31ca88b78488
Parents: 6c46a07
Author: Andrew Purtell <ap...@apache.org>
Authored: Mon May 26 10:40:16 2014 -0700
Committer: Andrew Purtell <ap...@apache.org>
Committed: Mon May 26 11:06:43 2014 -0700

----------------------------------------------------------------------
 .../hbase/IntegrationTestIngestWithACL.java     |  5 ++-
 .../apache/hadoop/hbase/util/LoadTestTool.java  | 39 +++++++++-----------
 .../hbase/util/MultiThreadedReaderWithACL.java  |  2 +-
 .../hbase/util/MultiThreadedUpdaterWithACL.java |  2 +-
 4 files changed, 23 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
index d635b98..94681cc 100644
--- a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
+++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithACL.java
@@ -25,6 +25,7 @@ import org.apache.commons.cli.CommandLine;
 import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.io.hfile.HFile;
+import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.AccessController;
 import org.apache.hadoop.hbase.util.LoadTestTool;
 import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
@@ -69,7 +70,7 @@ public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
     tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
     StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
     sb.append(COLON);
-    if (LoadTestTool.isSecure(getConf())) {
+    if (User.isHBaseSecurityEnabled(getConf())) {
       sb.append(authnFileName);
       sb.append(COLON);
     }
@@ -107,7 +108,7 @@ public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
     if (cmd.hasOption(OPT_USERS)) {
       userNames = cmd.getOptionValue(OPT_USERS);
     }
-    if (LoadTestTool.isSecure(getConf())) {
+    if (User.isHBaseSecurityEnabled(getConf())) {
       boolean authFileNotFound = false;
       if (cmd.hasOption(OPT_AUTHN)) {
         authnFileName = cmd.getOptionValue(OPT_AUTHN);

http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
index a156fa2..2406efe 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
@@ -481,9 +481,9 @@ public class LoadTestTool extends AbstractHBaseTool {
       dataGen = getLoadGeneratorInstance(clazzAndArgs[0]);
       String[] args;
       if (dataGen instanceof LoadTestDataGeneratorWithACL) {
-        LOG.info("ACL is on");
-        if (isSecure(conf)) {
-          LOG.info("Security is on.");
+        LOG.info("Using LoadTestDataGeneratorWithACL");
+        if (User.isHBaseSecurityEnabled(conf)) {
+          LOG.info("Security is enabled");
           authnFileName = clazzAndArgs[1];
           superUser = clazzAndArgs[2];
           userNames = clazzAndArgs[3];
@@ -514,12 +514,11 @@ public class LoadTestTool extends AbstractHBaseTool {
           minColsPerKey, maxColsPerKey, COLUMN_FAMILY);
     }
 
-    if (userOwner != null) {
-      LOG.info("Granting permission for the user " + userOwner.getShortName());
+    if (User.isHBaseSecurityEnabled(conf) && userOwner != null) {
+      LOG.info("Granting permissions for user " + userOwner.getShortName());
       AccessControlProtos.Permission.Action[] actions = {
         AccessControlProtos.Permission.Action.ADMIN, AccessControlProtos.Permission.Action.CREATE,
         AccessControlProtos.Permission.Action.READ, AccessControlProtos.Permission.Action.WRITE };
-
       try {
         AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null, actions);
       } catch (Throwable e) {
@@ -531,20 +530,22 @@ public class LoadTestTool extends AbstractHBaseTool {
       // This will be comma separated list of expressions.
       String users[] = userNames.split(",");
       User user = null;
-      for (String userStr : users) {
-        if (isSecure(conf)) {
+      if (User.isHBaseSecurityEnabled(conf)) {
+        for (String userStr : users) {
           user = User.create(loginAndReturnUGI(conf, userStr));
-        } else {
+          LOG.info("Granting READ permission for the user " + user.getShortName());
+          AccessControlProtos.Permission.Action[] actions = { AccessControlProtos.Permission.Action.READ };
+          try {
+            AccessControlClient.grant(conf, tableName, user.getShortName(), null, null, actions);
+          } catch (Throwable e) {
+            LOG.fatal("Error in granting READ permission for the user " + user.getShortName(), e);
+            return EXIT_FAILURE;
+          }
+	}
+      } else {
+        for (String userStr : users) {
           user = User.createUserForTesting(conf, userStr, new String[0]);
         }
-        LOG.info("Granting READ permission for the user " + user.getShortName());
-        AccessControlProtos.Permission.Action[] actions = { AccessControlProtos.Permission.Action.READ };
-        try {
-          AccessControlClient.grant(conf, tableName, user.getShortName(), null, null, actions);
-        } catch (Throwable e) {
-          LOG.fatal("Error in granting READ permission for the user " + user.getShortName(), e);
-          return EXIT_FAILURE;
-        }
       }
     }
 
@@ -808,8 +809,4 @@ public class LoadTestTool extends AbstractHBaseTool {
         UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);
     return ugi;
   }
-
-  public static boolean isSecure(Configuration conf) {
-    return ("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")));
-  }
 }

http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
index 9f57453..99b4f1d 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedReaderWithACL.java
@@ -121,7 +121,7 @@ public class MultiThreadedReaderWithACL extends MultiThreadedReader {
         User user;
         UserGroupInformation realUserUgi;
         if(!users.containsKey(userNames[mod])) {
-          if(LoadTestTool.isSecure(conf)) {
+          if(User.isHBaseSecurityEnabled(conf)) {
             realUserUgi = LoadTestTool.loginAndReturnUGI(conf, userNames[mod]);
           } else {
             realUserUgi = UserGroupInformation.createRemoteUser(userNames[mod]);

http://git-wip-us.apache.org/repos/asf/hbase/blob/d29d73eb/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
index 8ea6d04..b0c07ff 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/MultiThreadedUpdaterWithACL.java
@@ -136,7 +136,7 @@ public class MultiThreadedUpdaterWithACL extends MultiThreadedUpdater {
         UserGroupInformation realUserUgi;
         try {
           if (!users.containsKey(userNames[mod])) {
-            if (LoadTestTool.isSecure(conf)) {
+            if (User.isHBaseSecurityEnabled(conf)) {
               realUserUgi = LoadTestTool.loginAndReturnUGI(conf, userNames[mod]);
             } else {
               realUserUgi = UserGroupInformation.createRemoteUser(userNames[mod]);