You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2014/01/13 22:23:23 UTC
svn commit: r1557857 - in
/hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security:
access/TestAccessControlFilter.java
visibility/TestVisibilityLabelsWithACL.java
Author: apurtell
Date: Mon Jan 13 21:23:23 2014
New Revision: 1557857
URL: http://svn.apache.org/r1557857
Log:
HBASE-10331. Insure security tests use SecureTestUtil methods for grants
Modified:
hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
Modified: hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java?rev=1557857&r1=1557856&r2=1557857&view=diff
==============================================================================
--- hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java (original)
+++ hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java Mon Jan 13 21:23:23 2014
@@ -22,7 +22,6 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
@@ -37,8 +36,6 @@ import org.apache.hadoop.hbase.client.Pu
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
@@ -49,19 +46,15 @@ import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
-import com.google.protobuf.BlockingRpcChannel;
-
@Category(LargeTests.class)
public class TestAccessControlFilter {
@Rule public TestName name = new TestName();
private static HBaseTestingUtility TEST_UTIL;
- private static User ADMIN;
private static User READER;
private static User LIMITED;
private static User DENIED;
-
private static TableName TABLE;
private static byte[] FAMILY = Bytes.toBytes("f1");
private static byte[] PRIVATE_COL = Bytes.toBytes("private");
@@ -83,7 +76,6 @@ public class TestAccessControlFilter {
TEST_UTIL.startMiniCluster();
TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
- ADMIN = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
READER = User.createUserForTesting(conf, "reader", new String[0]);
LIMITED = User.createUserForTesting(conf, "limited", new String[0]);
DENIED = User.createUserForTesting(conf, "denied", new String[0]);
@@ -104,28 +96,12 @@ public class TestAccessControlFilter {
}
}
- private void doQualifierAccess(final HTable table) throws IOException, InterruptedException {
+ private void doQualifierAccess(final HTable table) throws Exception {
// set permissions
- ADMIN.runAs(new PrivilegedExceptionAction<Object>() {
- @Override
- public Object run() throws Exception {
- HTable aclmeta = new HTable(TEST_UTIL.getConfiguration(),
- AccessControlLists.ACL_TABLE_NAME);
- try {
- byte[] table = Bytes.toBytes(name.getMethodName());
- BlockingRpcChannel service = aclmeta.coprocessorService(table);
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- ProtobufUtil.grant(protocol, READER.getShortName(),
- TABLE, null, null, Permission.Action.READ);
- ProtobufUtil.grant(protocol, LIMITED.getShortName(),
- TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ);
- return null;
- } finally {
- aclmeta.close();
- }
- }
- });
+ SecureTestUtil.grantOnTable(TEST_UTIL, READER.getShortName(), TABLE, null, null,
+ Permission.Action.READ);
+ SecureTestUtil.grantOnTable(TEST_UTIL, LIMITED.getShortName(), TABLE, FAMILY, PUBLIC_COL,
+ Permission.Action.READ);
// put some test data
List<Put> puts = new ArrayList<Put>(100);
Modified: hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java?rev=1557857&r1=1557856&r2=1557857&view=diff
==============================================================================
--- hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java (original)
+++ hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java Mon Jan 13 21:23:23 2014
@@ -38,8 +38,6 @@ import org.apache.hadoop.hbase.client.Pu
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
import org.apache.hadoop.hbase.security.User;
@@ -55,7 +53,6 @@ import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
-import com.google.protobuf.BlockingRpcChannel;
import com.google.protobuf.ByteString;
@Category(MediumTests.class)
@@ -97,21 +94,13 @@ public class TestVisibilityLabelsWithACL
SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {});
NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {});
- // Grant NORMAL_USER EXEC privilege on the labels table. For the purposes of this
+ // Grant users EXEC privilege on the labels table. For the purposes of this
// test, we want to insure that access is denied even with the ability to access
// the endpoint.
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(LABELS_TABLE_NAME.getName());
- AccessControlService.BlockingInterface protocol =
- AccessControlService.newBlockingStub(service);
- ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null, null,
- Permission.Action.EXEC);
- ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null, null,
- Permission.Action.EXEC);
- } finally {
- acl.close();
- }
+ SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME,
+ null, null, Permission.Action.EXEC);
+ SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME,
+ null, null, Permission.Action.EXEC);
}
@AfterClass
@@ -127,16 +116,8 @@ public class TestVisibilityLabelsWithACL
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
+ "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol = AccessControlService
- .newBlockingStub(service);
- ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
- Permission.Action.READ);
- } finally {
- acl.close();
- }
+ SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+ null, null, Permission.Action.READ);
PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
Scan s = new Scan();
@@ -217,20 +198,11 @@ public class TestVisibilityLabelsWithACL
VisibilityClient.setAuths(conf, auths, "user1");
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET);
- HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
- BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
- AccessControlService.BlockingInterface protocol = AccessControlService
- .newBlockingStub(service);
- ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), tableName, null, null,
- Permission.Action.READ);
- ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
- Permission.Action.READ);
- } finally {
- acl.close();
- }
-
- PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() {
+ SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
+ null, null, Permission.Action.READ);
+ SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+ null, null, Permission.Action.READ);
+ PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
Get g = new Get(row1);
g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));