hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemAuthorization.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.hadoop.fs.azurebfs;

 import java.util.Arrays;
 import java.util.List;
 import java.util.UUID;

 import org.apache.hadoop.test.LambdaTestUtils;
 import org.junit.Test;

 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys;
 import org.apache.hadoop.fs.azurebfs.extensions.AbfsAuthorizationException;
 import org.apache.hadoop.fs.permission.AclEntry;
 import org.apache.hadoop.fs.permission.FsAction;
 import org.apache.hadoop.fs.permission.FsPermission;

 import static org.apache.hadoop.fs.azurebfs.extensions.MockAbfsAuthorizer.*;
 import static org.apache.hadoop.fs.azurebfs.utils.AclTestHelpers.aclEntry;
 import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
 import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
 import static org.apache.hadoop.test.LambdaTestUtils.intercept;
 import static org.junit.Assume.assumeTrue;

 /**
  * Test Perform Authorization Check operation
  */
 public class ITestAzureBlobFileSystemAuthorization extends AbstractAbfsIntegrationTest {

   private static final Path TEST_READ_ONLY_FILE_PATH_0 = new Path(TEST_READ_ONLY_FILE_0);
   private static final Path TEST_READ_ONLY_FOLDER_PATH = new Path(TEST_READ_ONLY_FOLDER);
   private static final Path TEST_WRITE_ONLY_FILE_PATH_0 = new Path(TEST_WRITE_ONLY_FILE_0);
   private static final Path TEST_WRITE_ONLY_FILE_PATH_1 = new Path(TEST_WRITE_ONLY_FILE_1);
   private static final Path TEST_READ_WRITE_FILE_PATH_0 = new Path(TEST_READ_WRITE_FILE_0);
   private static final Path TEST_READ_WRITE_FILE_PATH_1 = new Path(TEST_READ_WRITE_FILE_1);
   private static final Path TEST_WRITE_ONLY_FOLDER_PATH = new Path(TEST_WRITE_ONLY_FOLDER);
   private static final Path TEST_WRITE_THEN_READ_ONLY_PATH = new Path(TEST_WRITE_THEN_READ_ONLY);
   private static final String TEST_AUTHZ_CLASS = "org.apache.hadoop.fs.azurebfs.extensions.MockAbfsAuthorizer";
   private static final String TEST_USER = UUID.randomUUID().toString();
   private static final String TEST_GROUP = UUID.randomUUID().toString();
   private static final String BAR = UUID.randomUUID().toString();

   public ITestAzureBlobFileSystemAuthorization() throws Exception {
   }

   @Override
   public void setup() throws Exception {
     this.getConfiguration().set(ConfigurationKeys.ABFS_EXTERNAL_AUTHORIZATION_CLASS, TEST_AUTHZ_CLASS);
     super.setup();
   }

   @Test
   public void testOpenFileWithInvalidPath() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     intercept(IllegalArgumentException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.open(new Path("")).close();
           }
         });
   }

   @Test
   public void testOpenFileAuthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     fs.open(TEST_WRITE_THEN_READ_ONLY_PATH).close();
   }

   @Test
   public void testOpenFileUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.open(TEST_WRITE_ONLY_FILE_PATH_0).close();
           }
         });
   }

   @Test
   public void testCreateFileAuthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
   }

   @Test
   public void testCreateFileUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.create(TEST_READ_ONLY_FILE_PATH_0).close();
           }
         });
   }

   @Test
   public void testAppendFileAuthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.append(TEST_WRITE_ONLY_FILE_PATH_0).close();
   }

   @Test
   public void testAppendFileUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.append(TEST_WRITE_THEN_READ_ONLY_PATH).close();
           }
         });
   }

   @Test
   public void testRenameAuthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.rename(TEST_READ_WRITE_FILE_PATH_0, TEST_READ_WRITE_FILE_PATH_1);
   }

   @Test
   public void testRenameUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.rename(TEST_WRITE_ONLY_FILE_PATH_0, TEST_WRITE_ONLY_FILE_PATH_1);
           }
         });
   }

   @Test
   public void testDeleteFileAuthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.delete(TEST_WRITE_ONLY_FILE_PATH_0, false);
   }

   @Test
   public void testDeleteFileUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = this.getFileSystem();
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.delete(TEST_WRITE_THEN_READ_ONLY_PATH, false);
           }
         });
   }

   @Test
   public void testListStatusAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     fs.listStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
   }

   @Test
   public void testListStatusUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.listStatus(TEST_WRITE_ONLY_FILE_PATH_0);
           }
         });
   }

   @Test
   public void testMkDirsAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     fs.mkdirs(TEST_WRITE_ONLY_FOLDER_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
   }

   @Test
   public void testMkDirsUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.mkdirs(TEST_READ_ONLY_FOLDER_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
           }
         });
   }

   @Test
   public void testGetFileStatusAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     fs.getFileStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
   }

   @Test
   public void testGetFileStatusUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.getFileStatus(TEST_WRITE_ONLY_FILE_PATH_0);
           }
         });
   }

   @Test
   public void testSetOwnerAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.setOwner(TEST_WRITE_ONLY_FILE_PATH_0, TEST_USER, TEST_GROUP);
   }

   @Test
   public void testSetOwnerUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.setOwner(TEST_WRITE_THEN_READ_ONLY_PATH, TEST_USER, TEST_GROUP);
           }
         });
   }

   @Test
   public void testSetPermissionAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.setPermission(TEST_WRITE_ONLY_FILE_PATH_0, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
   }

   @Test
   public void testSetPermissionUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.setPermission(TEST_WRITE_THEN_READ_ONLY_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
           }
         });
   }

   @Test
   public void testModifyAclEntriesAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     fs.modifyAclEntries(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
   }

   @Test
   public void testModifyAclEntriesUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.modifyAclEntries(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
           }
         });
   }

   @Test
   public void testRemoveAclEntriesAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     fs.removeAclEntries(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
   }

   @Test
   public void testRemoveAclEntriesUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.removeAclEntries(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
           }
         });
   }

   @Test
   public void testRemoveDefaultAclAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.removeDefaultAcl(TEST_WRITE_ONLY_FILE_PATH_0);
   }

   @Test
   public void testRemoveDefaultAclUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.removeDefaultAcl(TEST_WRITE_THEN_READ_ONLY_PATH);
           }
         });
   }

   @Test
   public void testRemoveAclAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     fs.removeAcl(TEST_WRITE_ONLY_FILE_PATH_0);
   }

   @Test
   public void testRemoveAclUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.removeAcl(TEST_WRITE_THEN_READ_ONLY_PATH);
           }
         });
   }

   @Test
   public void testSetAclAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     fs.setAcl(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
   }

   @Test
   public void testSetAclUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.setAcl(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
           }
         });
   }

   @Test
   public void testGetAclStatusAuthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
     List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     fs.getAclStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
   }

   @Test
   public void testGetAclStatusUnauthorized() throws Exception {
     final AzureBlobFileSystem fs = getFileSystem();
     assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
     fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
     List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
     intercept(AbfsAuthorizationException.class,
         new LambdaTestUtils.VoidCallable() {
           @Override
           public void call() throws Exception {
             fs.getAclStatus(TEST_WRITE_ONLY_FILE_PATH_0);
           }
         });
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.hadoop.fs.azurebfs;

	import java.util.Arrays;
	import java.util.List;
	import java.util.UUID;

	import org.apache.hadoop.test.LambdaTestUtils;
	import org.junit.Test;

	import org.apache.hadoop.fs.Path;
	import org.apache.hadoop.fs.azurebfs.constants.ConfigurationKeys;
	import org.apache.hadoop.fs.azurebfs.extensions.AbfsAuthorizationException;
	import org.apache.hadoop.fs.permission.AclEntry;
	import org.apache.hadoop.fs.permission.FsAction;
	import org.apache.hadoop.fs.permission.FsPermission;

	import static org.apache.hadoop.fs.azurebfs.extensions.MockAbfsAuthorizer.*;
	import static org.apache.hadoop.fs.azurebfs.utils.AclTestHelpers.aclEntry;
	import static org.apache.hadoop.fs.permission.AclEntryScope.ACCESS;
	import static org.apache.hadoop.fs.permission.AclEntryType.GROUP;
	import static org.apache.hadoop.test.LambdaTestUtils.intercept;
	import static org.junit.Assume.assumeTrue;

	/**
	* Test Perform Authorization Check operation
	*/
	public class ITestAzureBlobFileSystemAuthorization extends AbstractAbfsIntegrationTest {

	private static final Path TEST_READ_ONLY_FILE_PATH_0 = new Path(TEST_READ_ONLY_FILE_0);
	private static final Path TEST_READ_ONLY_FOLDER_PATH = new Path(TEST_READ_ONLY_FOLDER);
	private static final Path TEST_WRITE_ONLY_FILE_PATH_0 = new Path(TEST_WRITE_ONLY_FILE_0);
	private static final Path TEST_WRITE_ONLY_FILE_PATH_1 = new Path(TEST_WRITE_ONLY_FILE_1);
	private static final Path TEST_READ_WRITE_FILE_PATH_0 = new Path(TEST_READ_WRITE_FILE_0);
	private static final Path TEST_READ_WRITE_FILE_PATH_1 = new Path(TEST_READ_WRITE_FILE_1);
	private static final Path TEST_WRITE_ONLY_FOLDER_PATH = new Path(TEST_WRITE_ONLY_FOLDER);
	private static final Path TEST_WRITE_THEN_READ_ONLY_PATH = new Path(TEST_WRITE_THEN_READ_ONLY);
	private static final String TEST_AUTHZ_CLASS = "org.apache.hadoop.fs.azurebfs.extensions.MockAbfsAuthorizer";
	private static final String TEST_USER = UUID.randomUUID().toString();
	private static final String TEST_GROUP = UUID.randomUUID().toString();
	private static final String BAR = UUID.randomUUID().toString();

	public ITestAzureBlobFileSystemAuthorization() throws Exception {
	}

	@Override
	public void setup() throws Exception {
	this.getConfiguration().set(ConfigurationKeys.ABFS_EXTERNAL_AUTHORIZATION_CLASS, TEST_AUTHZ_CLASS);
	super.setup();
	}

	@Test
	public void testOpenFileWithInvalidPath() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	intercept(IllegalArgumentException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.open(new Path("")).close();
	}
	});
	}

	@Test
	public void testOpenFileAuthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	fs.open(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	}

	@Test
	public void testOpenFileUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.open(TEST_WRITE_ONLY_FILE_PATH_0).close();
	}
	});
	}

	@Test
	public void testCreateFileAuthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	}

	@Test
	public void testCreateFileUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.create(TEST_READ_ONLY_FILE_PATH_0).close();
	}
	});
	}

	@Test
	public void testAppendFileAuthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.append(TEST_WRITE_ONLY_FILE_PATH_0).close();
	}

	@Test
	public void testAppendFileUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.append(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	}
	});
	}

	@Test
	public void testRenameAuthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.rename(TEST_READ_WRITE_FILE_PATH_0, TEST_READ_WRITE_FILE_PATH_1);
	}

	@Test
	public void testRenameUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.rename(TEST_WRITE_ONLY_FILE_PATH_0, TEST_WRITE_ONLY_FILE_PATH_1);
	}
	});
	}

	@Test
	public void testDeleteFileAuthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.delete(TEST_WRITE_ONLY_FILE_PATH_0, false);
	}

	@Test
	public void testDeleteFileUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = this.getFileSystem();
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.delete(TEST_WRITE_THEN_READ_ONLY_PATH, false);
	}
	});
	}

	@Test
	public void testListStatusAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	fs.listStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
	}

	@Test
	public void testListStatusUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.listStatus(TEST_WRITE_ONLY_FILE_PATH_0);
	}
	});
	}

	@Test
	public void testMkDirsAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	fs.mkdirs(TEST_WRITE_ONLY_FOLDER_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
	}

	@Test
	public void testMkDirsUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.mkdirs(TEST_READ_ONLY_FOLDER_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
	}
	});
	}

	@Test
	public void testGetFileStatusAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	fs.getFileStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
	}

	@Test
	public void testGetFileStatusUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.getFileStatus(TEST_WRITE_ONLY_FILE_PATH_0);
	}
	});
	}

	@Test
	public void testSetOwnerAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.setOwner(TEST_WRITE_ONLY_FILE_PATH_0, TEST_USER, TEST_GROUP);
	}

	@Test
	public void testSetOwnerUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.setOwner(TEST_WRITE_THEN_READ_ONLY_PATH, TEST_USER, TEST_GROUP);
	}
	});
	}

	@Test
	public void testSetPermissionAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.setPermission(TEST_WRITE_ONLY_FILE_PATH_0, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
	}

	@Test
	public void testSetPermissionUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.setPermission(TEST_WRITE_THEN_READ_ONLY_PATH, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE));
	}
	});
	}

	@Test
	public void testModifyAclEntriesAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	fs.modifyAclEntries(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
	}

	@Test
	public void testModifyAclEntriesUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.modifyAclEntries(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
	}
	});
	}

	@Test
	public void testRemoveAclEntriesAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	fs.removeAclEntries(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
	}

	@Test
	public void testRemoveAclEntriesUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.removeAclEntries(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
	}
	});
	}

	@Test
	public void testRemoveDefaultAclAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.removeDefaultAcl(TEST_WRITE_ONLY_FILE_PATH_0);
	}

	@Test
	public void testRemoveDefaultAclUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.removeDefaultAcl(TEST_WRITE_THEN_READ_ONLY_PATH);
	}
	});
	}

	@Test
	public void testRemoveAclAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	fs.removeAcl(TEST_WRITE_ONLY_FILE_PATH_0);
	}

	@Test
	public void testRemoveAclUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.removeAcl(TEST_WRITE_THEN_READ_ONLY_PATH);
	}
	});
	}

	@Test
	public void testSetAclAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	fs.setAcl(TEST_WRITE_ONLY_FILE_PATH_0, aclSpec);
	}

	@Test
	public void testSetAclUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	final List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.setAcl(TEST_WRITE_THEN_READ_ONLY_PATH, aclSpec);
	}
	});
	}

	@Test
	public void testGetAclStatusAuthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_THEN_READ_ONLY_PATH).close();
	List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	fs.getAclStatus(TEST_WRITE_THEN_READ_ONLY_PATH);
	}

	@Test
	public void testGetAclStatusUnauthorized() throws Exception {
	final AzureBlobFileSystem fs = getFileSystem();
	assumeTrue("This test case only runs when namespace is enabled", fs.getIsNamespaceEnabled());
	fs.create(TEST_WRITE_ONLY_FILE_PATH_0).close();
	List<AclEntry> aclSpec = Arrays.asList(aclEntry(ACCESS, GROUP, BAR, FsAction.ALL));
	intercept(AbfsAuthorizationException.class,
	new LambdaTestUtils.VoidCallable() {
	@Override
	public void call() throws Exception {
	fs.getAclStatus(TEST_WRITE_ONLY_FILE_PATH_0);
	}
	});
	}
	}