You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2014/02/27 00:52:42 UTC
svn commit: r1572354 - in /hbase/trunk/hbase-server/src:
main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
Author: apurtell
Date: Wed Feb 26 23:52:42 2014
New Revision: 1572354
URL: http://svn.apache.org/r1572354
Log:
HBASE-10618 User should not be allowed to disable/drop visibility labels table (Anoop Sam John)
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java?rev=1572354&r1=1572353&r2=1572354&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java Wed Feb 26 23:52:42 2014
@@ -63,6 +63,7 @@ import org.apache.hadoop.hbase.client.Mu
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.Scan;
+import org.apache.hadoop.hbase.constraint.ConstraintException;
import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver;
import org.apache.hadoop.hbase.coprocessor.CoprocessorException;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@@ -272,6 +273,9 @@ public class VisibilityController extend
@Override
public void preModifyTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, HTableDescriptor htd) throws IOException {
+ if (LABELS_TABLE_NAME.equals(tableName)) {
+ throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
+ }
}
@Override
@@ -292,6 +296,9 @@ public class VisibilityController extend
@Override
public void preAddColumn(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName,
HColumnDescriptor column) throws IOException {
+ if (LABELS_TABLE_NAME.equals(tableName)) {
+ throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
+ }
}
@Override
@@ -312,6 +319,9 @@ public class VisibilityController extend
@Override
public void preModifyColumn(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, HColumnDescriptor descriptor) throws IOException {
+ if (LABELS_TABLE_NAME.equals(tableName)) {
+ throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
+ }
}
@Override
@@ -332,6 +342,9 @@ public class VisibilityController extend
@Override
public void preDeleteColumn(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, byte[] c) throws IOException {
+ if (LABELS_TABLE_NAME.equals(tableName)) {
+ throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
+ }
}
@Override
@@ -372,6 +385,9 @@ public class VisibilityController extend
@Override
public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)
throws IOException {
+ if (LABELS_TABLE_NAME.equals(tableName)) {
+ throw new ConstraintException("Cannot disable " + LABELS_TABLE_NAME);
+ }
}
@Override
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java?rev=1572354&r1=1572353&r2=1572354&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java Wed Feb 26 23:52:42 2014
@@ -35,11 +35,14 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.CellScanner;
import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.MediumTests;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.Get;
+import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Put;
@@ -49,6 +52,7 @@ import org.apache.hadoop.hbase.client.Sc
import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
+import org.apache.hadoop.hbase.regionserver.BloomType;
import org.apache.hadoop.hbase.regionserver.HRegion;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.security.User;
@@ -96,6 +100,7 @@ public class TestVisibilityLabels {
// setup configuration
conf = TEST_UTIL.getConfiguration();
conf.setBoolean(HConstants.DISTRIBUTED_LOG_REPLAY_KEY, false);
+ conf.setBoolean("hbase.online.schema.update.enable", true);
conf.setInt("hfile.format.version", 3);
conf.set("hbase.coprocessor.master.classes", VisibilityController.class.getName());
conf.set("hbase.coprocessor.region.classes", VisibilityController.class.getName());
@@ -718,6 +723,47 @@ public class TestVisibilityLabels {
}
}
+ @Test
+ public void testUserShouldNotDoDDLOpOnLabelsTable() throws Exception {
+ HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
+ try {
+ admin.disableTable(LABELS_TABLE_NAME);
+ fail("Lables table should not get disabled by user.");
+ } catch (Exception e) {
+ }
+ try {
+ admin.deleteTable(LABELS_TABLE_NAME);
+ fail("Lables table should not get disabled by user.");
+ } catch (Exception e) {
+ }
+ try {
+ HColumnDescriptor hcd = new HColumnDescriptor("testFamily");
+ admin.addColumn(LABELS_TABLE_NAME, hcd);
+ fail("Lables table should not get altered by user.");
+ } catch (Exception e) {
+ }
+ try {
+ admin.deleteColumn(LABELS_TABLE_NAME, VisibilityConstants.LABELS_TABLE_FAMILY);
+ fail("Lables table should not get altered by user.");
+ } catch (Exception e) {
+ }
+ try {
+ HColumnDescriptor hcd = new HColumnDescriptor(VisibilityConstants.LABELS_TABLE_FAMILY);
+ hcd.setBloomFilterType(BloomType.ROWCOL);
+ admin.modifyColumn(LABELS_TABLE_NAME, hcd);
+ fail("Lables table should not get altered by user.");
+ } catch (Exception e) {
+ }
+ try {
+ HTableDescriptor htd = new HTableDescriptor(LABELS_TABLE_NAME);
+ htd.addFamily(new HColumnDescriptor("f1"));
+ htd.addFamily(new HColumnDescriptor("f2"));
+ admin.modifyTable(LABELS_TABLE_NAME, htd);
+ fail("Lables table should not get altered by user.");
+ } catch (Exception e) {
+ }
+ }
+
private static HTable createTableAndWriteDataWithLabels(TableName tableName, String... labelExps)
throws Exception {
HTable table = null;