| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span>/**<a name="line.1"></a> |
| <span class="sourceLineNo">002</span> * Licensed to the Apache Software Foundation (ASF) under one<a name="line.2"></a> |
| <span class="sourceLineNo">003</span> * or more contributor license agreements. See the NOTICE file<a name="line.3"></a> |
| <span class="sourceLineNo">004</span> * distributed with this work for additional information<a name="line.4"></a> |
| <span class="sourceLineNo">005</span> * regarding copyright ownership. The ASF licenses this file<a name="line.5"></a> |
| <span class="sourceLineNo">006</span> * to you under the Apache License, Version 2.0 (the<a name="line.6"></a> |
| <span class="sourceLineNo">007</span> * "License"); you may not use this file except in compliance<a name="line.7"></a> |
| <span class="sourceLineNo">008</span> * with the License. You may obtain a copy of the License at<a name="line.8"></a> |
| <span class="sourceLineNo">009</span> *<a name="line.9"></a> |
| <span class="sourceLineNo">010</span> * http://www.apache.org/licenses/LICENSE-2.0<a name="line.10"></a> |
| <span class="sourceLineNo">011</span> *<a name="line.11"></a> |
| <span class="sourceLineNo">012</span> * Unless required by applicable law or agreed to in writing, software<a name="line.12"></a> |
| <span class="sourceLineNo">013</span> * distributed under the License is distributed on an "AS IS" BASIS,<a name="line.13"></a> |
| <span class="sourceLineNo">014</span> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<a name="line.14"></a> |
| <span class="sourceLineNo">015</span> * See the License for the specific language governing permissions and<a name="line.15"></a> |
| <span class="sourceLineNo">016</span> * limitations under the License.<a name="line.16"></a> |
| <span class="sourceLineNo">017</span> */<a name="line.17"></a> |
| <span class="sourceLineNo">018</span>package org.apache.hadoop.hbase.security.access;<a name="line.18"></a> |
| <span class="sourceLineNo">019</span><a name="line.19"></a> |
| <span class="sourceLineNo">020</span>import static org.apache.hadoop.hbase.AuthUtil.toGroupEntry;<a name="line.20"></a> |
| <span class="sourceLineNo">021</span>import static org.junit.Assert.assertArrayEquals;<a name="line.21"></a> |
| <span class="sourceLineNo">022</span>import static org.junit.Assert.assertEquals;<a name="line.22"></a> |
| <span class="sourceLineNo">023</span>import static org.junit.Assert.assertFalse;<a name="line.23"></a> |
| <span class="sourceLineNo">024</span>import static org.junit.Assert.assertNotNull;<a name="line.24"></a> |
| <span class="sourceLineNo">025</span>import static org.junit.Assert.assertTrue;<a name="line.25"></a> |
| <span class="sourceLineNo">026</span>import static org.junit.Assert.fail;<a name="line.26"></a> |
| <span class="sourceLineNo">027</span><a name="line.27"></a> |
| <span class="sourceLineNo">028</span>import java.io.IOException;<a name="line.28"></a> |
| <span class="sourceLineNo">029</span>import java.security.PrivilegedAction;<a name="line.29"></a> |
| <span class="sourceLineNo">030</span>import java.util.ArrayList;<a name="line.30"></a> |
| <span class="sourceLineNo">031</span>import java.util.Arrays;<a name="line.31"></a> |
| <span class="sourceLineNo">032</span>import java.util.Collection;<a name="line.32"></a> |
| <span class="sourceLineNo">033</span>import java.util.Collections;<a name="line.33"></a> |
| <span class="sourceLineNo">034</span>import java.util.List;<a name="line.34"></a> |
| <span class="sourceLineNo">035</span>import org.apache.hadoop.conf.Configuration;<a name="line.35"></a> |
| <span class="sourceLineNo">036</span>import org.apache.hadoop.fs.CommonConfigurationKeys;<a name="line.36"></a> |
| <span class="sourceLineNo">037</span>import org.apache.hadoop.fs.FileStatus;<a name="line.37"></a> |
| <span class="sourceLineNo">038</span>import org.apache.hadoop.fs.FileSystem;<a name="line.38"></a> |
| <span class="sourceLineNo">039</span>import org.apache.hadoop.fs.Path;<a name="line.39"></a> |
| <span class="sourceLineNo">040</span>import org.apache.hadoop.fs.permission.FsPermission;<a name="line.40"></a> |
| <span class="sourceLineNo">041</span>import org.apache.hadoop.hbase.Coprocessor;<a name="line.41"></a> |
| <span class="sourceLineNo">042</span>import org.apache.hadoop.hbase.CoprocessorEnvironment;<a name="line.42"></a> |
| <span class="sourceLineNo">043</span>import org.apache.hadoop.hbase.HBaseClassTestRule;<a name="line.43"></a> |
| <span class="sourceLineNo">044</span>import org.apache.hadoop.hbase.HBaseIOException;<a name="line.44"></a> |
| <span class="sourceLineNo">045</span>import org.apache.hadoop.hbase.HBaseTestingUtility;<a name="line.45"></a> |
| <span class="sourceLineNo">046</span>import org.apache.hadoop.hbase.HConstants;<a name="line.46"></a> |
| <span class="sourceLineNo">047</span>import org.apache.hadoop.hbase.HRegionLocation;<a name="line.47"></a> |
| <span class="sourceLineNo">048</span>import org.apache.hadoop.hbase.KeyValue;<a name="line.48"></a> |
| <span class="sourceLineNo">049</span>import org.apache.hadoop.hbase.MiniHBaseCluster;<a name="line.49"></a> |
| <span class="sourceLineNo">050</span>import org.apache.hadoop.hbase.NamespaceDescriptor;<a name="line.50"></a> |
| <span class="sourceLineNo">051</span>import org.apache.hadoop.hbase.ServerName;<a name="line.51"></a> |
| <span class="sourceLineNo">052</span>import org.apache.hadoop.hbase.TableName;<a name="line.52"></a> |
| <span class="sourceLineNo">053</span>import org.apache.hadoop.hbase.TableNotFoundException;<a name="line.53"></a> |
| <span class="sourceLineNo">054</span>import org.apache.hadoop.hbase.client.Admin;<a name="line.54"></a> |
| <span class="sourceLineNo">055</span>import org.apache.hadoop.hbase.client.Append;<a name="line.55"></a> |
| <span class="sourceLineNo">056</span>import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor;<a name="line.56"></a> |
| <span class="sourceLineNo">057</span>import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;<a name="line.57"></a> |
| <span class="sourceLineNo">058</span>import org.apache.hadoop.hbase.client.Connection;<a name="line.58"></a> |
| <span class="sourceLineNo">059</span>import org.apache.hadoop.hbase.client.ConnectionFactory;<a name="line.59"></a> |
| <span class="sourceLineNo">060</span>import org.apache.hadoop.hbase.client.Delete;<a name="line.60"></a> |
| <span class="sourceLineNo">061</span>import org.apache.hadoop.hbase.client.Get;<a name="line.61"></a> |
| <span class="sourceLineNo">062</span>import org.apache.hadoop.hbase.client.Increment;<a name="line.62"></a> |
| <span class="sourceLineNo">063</span>import org.apache.hadoop.hbase.client.MasterSwitchType;<a name="line.63"></a> |
| <span class="sourceLineNo">064</span>import org.apache.hadoop.hbase.client.Put;<a name="line.64"></a> |
| <span class="sourceLineNo">065</span>import org.apache.hadoop.hbase.client.RegionInfo;<a name="line.65"></a> |
| <span class="sourceLineNo">066</span>import org.apache.hadoop.hbase.client.RegionInfoBuilder;<a name="line.66"></a> |
| <span class="sourceLineNo">067</span>import org.apache.hadoop.hbase.client.RegionLocator;<a name="line.67"></a> |
| <span class="sourceLineNo">068</span>import org.apache.hadoop.hbase.client.Result;<a name="line.68"></a> |
| <span class="sourceLineNo">069</span>import org.apache.hadoop.hbase.client.ResultScanner;<a name="line.69"></a> |
| <span class="sourceLineNo">070</span>import org.apache.hadoop.hbase.client.Scan;<a name="line.70"></a> |
| <span class="sourceLineNo">071</span>import org.apache.hadoop.hbase.client.SnapshotDescription;<a name="line.71"></a> |
| <span class="sourceLineNo">072</span>import org.apache.hadoop.hbase.client.Table;<a name="line.72"></a> |
| <span class="sourceLineNo">073</span>import org.apache.hadoop.hbase.client.TableDescriptor;<a name="line.73"></a> |
| <span class="sourceLineNo">074</span>import org.apache.hadoop.hbase.client.TableDescriptorBuilder;<a name="line.74"></a> |
| <span class="sourceLineNo">075</span>import org.apache.hadoop.hbase.client.security.SecurityCapability;<a name="line.75"></a> |
| <span class="sourceLineNo">076</span>import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;<a name="line.76"></a> |
| <span class="sourceLineNo">077</span>import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;<a name="line.77"></a> |
| <span class="sourceLineNo">078</span>import org.apache.hadoop.hbase.coprocessor.ObserverContextImpl;<a name="line.78"></a> |
| <span class="sourceLineNo">079</span>import org.apache.hadoop.hbase.coprocessor.RegionCoprocessor;<a name="line.79"></a> |
| <span class="sourceLineNo">080</span>import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;<a name="line.80"></a> |
| <span class="sourceLineNo">081</span>import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;<a name="line.81"></a> |
| <span class="sourceLineNo">082</span>import org.apache.hadoop.hbase.exceptions.HBaseException;<a name="line.82"></a> |
| <span class="sourceLineNo">083</span>import org.apache.hadoop.hbase.io.hfile.CacheConfig;<a name="line.83"></a> |
| <span class="sourceLineNo">084</span>import org.apache.hadoop.hbase.io.hfile.HFile;<a name="line.84"></a> |
| <span class="sourceLineNo">085</span>import org.apache.hadoop.hbase.io.hfile.HFileContext;<a name="line.85"></a> |
| <span class="sourceLineNo">086</span>import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;<a name="line.86"></a> |
| <span class="sourceLineNo">087</span>import org.apache.hadoop.hbase.master.HMaster;<a name="line.87"></a> |
| <span class="sourceLineNo">088</span>import org.apache.hadoop.hbase.master.MasterCoprocessorHost;<a name="line.88"></a> |
| <span class="sourceLineNo">089</span>import org.apache.hadoop.hbase.master.locking.LockProcedure;<a name="line.89"></a> |
| <span class="sourceLineNo">090</span>import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;<a name="line.90"></a> |
| <span class="sourceLineNo">091</span>import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;<a name="line.91"></a> |
| <span class="sourceLineNo">092</span>import org.apache.hadoop.hbase.procedure2.LockType;<a name="line.92"></a> |
| <span class="sourceLineNo">093</span>import org.apache.hadoop.hbase.procedure2.Procedure;<a name="line.93"></a> |
| <span class="sourceLineNo">094</span>import org.apache.hadoop.hbase.procedure2.ProcedureExecutor;<a name="line.94"></a> |
| <span class="sourceLineNo">095</span>import org.apache.hadoop.hbase.procedure2.ProcedureStateSerializer;<a name="line.95"></a> |
| <span class="sourceLineNo">096</span>import org.apache.hadoop.hbase.procedure2.ProcedureYieldException;<a name="line.96"></a> |
| <span class="sourceLineNo">097</span>import org.apache.hadoop.hbase.regionserver.FlushLifeCycleTracker;<a name="line.97"></a> |
| <span class="sourceLineNo">098</span>import org.apache.hadoop.hbase.regionserver.HRegion;<a name="line.98"></a> |
| <span class="sourceLineNo">099</span>import org.apache.hadoop.hbase.regionserver.HRegionServer;<a name="line.99"></a> |
| <span class="sourceLineNo">100</span>import org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost;<a name="line.100"></a> |
| <span class="sourceLineNo">101</span>import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;<a name="line.101"></a> |
| <span class="sourceLineNo">102</span>import org.apache.hadoop.hbase.regionserver.ScanType;<a name="line.102"></a> |
| <span class="sourceLineNo">103</span>import org.apache.hadoop.hbase.replication.ReplicationPeerConfig;<a name="line.103"></a> |
| <span class="sourceLineNo">104</span>import org.apache.hadoop.hbase.replication.SyncReplicationState;<a name="line.104"></a> |
| <span class="sourceLineNo">105</span>import org.apache.hadoop.hbase.security.Superusers;<a name="line.105"></a> |
| <span class="sourceLineNo">106</span>import org.apache.hadoop.hbase.security.User;<a name="line.106"></a> |
| <span class="sourceLineNo">107</span>import org.apache.hadoop.hbase.security.access.Permission.Action;<a name="line.107"></a> |
| <span class="sourceLineNo">108</span>import org.apache.hadoop.hbase.testclassification.LargeTests;<a name="line.108"></a> |
| <span class="sourceLineNo">109</span>import org.apache.hadoop.hbase.testclassification.SecurityTests;<a name="line.109"></a> |
| <span class="sourceLineNo">110</span>import org.apache.hadoop.hbase.tool.BulkLoadHFiles;<a name="line.110"></a> |
| <span class="sourceLineNo">111</span>import org.apache.hadoop.hbase.util.Bytes;<a name="line.111"></a> |
| <span class="sourceLineNo">112</span>import org.apache.hadoop.hbase.util.JVMClusterUtil;<a name="line.112"></a> |
| <span class="sourceLineNo">113</span>import org.apache.hadoop.hbase.util.Threads;<a name="line.113"></a> |
| <span class="sourceLineNo">114</span>import org.apache.hadoop.security.GroupMappingServiceProvider;<a name="line.114"></a> |
| <span class="sourceLineNo">115</span>import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;<a name="line.115"></a> |
| <span class="sourceLineNo">116</span>import org.apache.hadoop.security.UserGroupInformation;<a name="line.116"></a> |
| <span class="sourceLineNo">117</span>import org.junit.AfterClass;<a name="line.117"></a> |
| <span class="sourceLineNo">118</span>import org.junit.BeforeClass;<a name="line.118"></a> |
| <span class="sourceLineNo">119</span>import org.junit.ClassRule;<a name="line.119"></a> |
| <span class="sourceLineNo">120</span>import org.junit.Rule;<a name="line.120"></a> |
| <span class="sourceLineNo">121</span>import org.junit.Test;<a name="line.121"></a> |
| <span class="sourceLineNo">122</span>import org.junit.experimental.categories.Category;<a name="line.122"></a> |
| <span class="sourceLineNo">123</span>import org.junit.rules.TestName;<a name="line.123"></a> |
| <span class="sourceLineNo">124</span>import org.slf4j.Logger;<a name="line.124"></a> |
| <span class="sourceLineNo">125</span>import org.slf4j.LoggerFactory;<a name="line.125"></a> |
| <span class="sourceLineNo">126</span><a name="line.126"></a> |
| <span class="sourceLineNo">127</span>import org.apache.hbase.thirdparty.com.google.protobuf.BlockingRpcChannel;<a name="line.127"></a> |
| <span class="sourceLineNo">128</span>import org.apache.hbase.thirdparty.com.google.protobuf.RpcCallback;<a name="line.128"></a> |
| <span class="sourceLineNo">129</span>import org.apache.hbase.thirdparty.com.google.protobuf.RpcController;<a name="line.129"></a> |
| <span class="sourceLineNo">130</span>import org.apache.hbase.thirdparty.com.google.protobuf.Service;<a name="line.130"></a> |
| <span class="sourceLineNo">131</span>import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;<a name="line.131"></a> |
| <span class="sourceLineNo">132</span><a name="line.132"></a> |
| <span class="sourceLineNo">133</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.CountRequest;<a name="line.133"></a> |
| <span class="sourceLineNo">134</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.CountResponse;<a name="line.134"></a> |
| <span class="sourceLineNo">135</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.HelloRequest;<a name="line.135"></a> |
| <span class="sourceLineNo">136</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.HelloResponse;<a name="line.136"></a> |
| <span class="sourceLineNo">137</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.IncrementCountRequest;<a name="line.137"></a> |
| <span class="sourceLineNo">138</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.IncrementCountResponse;<a name="line.138"></a> |
| <span class="sourceLineNo">139</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.NoopRequest;<a name="line.139"></a> |
| <span class="sourceLineNo">140</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.NoopResponse;<a name="line.140"></a> |
| <span class="sourceLineNo">141</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.PingRequest;<a name="line.141"></a> |
| <span class="sourceLineNo">142</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.PingResponse;<a name="line.142"></a> |
| <span class="sourceLineNo">143</span>import org.apache.hadoop.hbase.shaded.coprocessor.protobuf.generated.PingProtos.PingService;<a name="line.143"></a> |
| <span class="sourceLineNo">144</span>import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProcedureProtos;<a name="line.144"></a> |
| <span class="sourceLineNo">145</span>import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil;<a name="line.145"></a> |
| <span class="sourceLineNo">146</span>import org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos;<a name="line.146"></a> |
| <span class="sourceLineNo">147</span>import org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.AccessControlService;<a name="line.147"></a> |
| <span class="sourceLineNo">148</span>import org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.CheckPermissionsRequest;<a name="line.148"></a> |
| <span class="sourceLineNo">149</span>import org.apache.hadoop.hbase.shaded.protobuf.generated.ProcedureProtos.ProcedureState;<a name="line.149"></a> |
| <span class="sourceLineNo">150</span><a name="line.150"></a> |
| <span class="sourceLineNo">151</span>/**<a name="line.151"></a> |
| <span class="sourceLineNo">152</span> * Performs authorization checks for common operations, according to different<a name="line.152"></a> |
| <span class="sourceLineNo">153</span> * levels of authorized users.<a name="line.153"></a> |
| <span class="sourceLineNo">154</span> */<a name="line.154"></a> |
| <span class="sourceLineNo">155</span>@Category({SecurityTests.class, LargeTests.class})<a name="line.155"></a> |
| <span class="sourceLineNo">156</span>public class TestAccessController extends SecureTestUtil {<a name="line.156"></a> |
| <span class="sourceLineNo">157</span><a name="line.157"></a> |
| <span class="sourceLineNo">158</span> @ClassRule<a name="line.158"></a> |
| <span class="sourceLineNo">159</span> public static final HBaseClassTestRule CLASS_RULE =<a name="line.159"></a> |
| <span class="sourceLineNo">160</span> HBaseClassTestRule.forClass(TestAccessController.class);<a name="line.160"></a> |
| <span class="sourceLineNo">161</span><a name="line.161"></a> |
| <span class="sourceLineNo">162</span> private static final FsPermission FS_PERMISSION_ALL = FsPermission.valueOf("-rwxrwxrwx");<a name="line.162"></a> |
| <span class="sourceLineNo">163</span> private static final Logger LOG = LoggerFactory.getLogger(TestAccessController.class);<a name="line.163"></a> |
| <span class="sourceLineNo">164</span> private static TableName TEST_TABLE = TableName.valueOf("testtable1");<a name="line.164"></a> |
| <span class="sourceLineNo">165</span> private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();<a name="line.165"></a> |
| <span class="sourceLineNo">166</span> private static Configuration conf;<a name="line.166"></a> |
| <span class="sourceLineNo">167</span><a name="line.167"></a> |
| <span class="sourceLineNo">168</span> /** The systemUserConnection created here is tied to the system user. In case, you are planning<a name="line.168"></a> |
| <span class="sourceLineNo">169</span> * to create AccessTestAction, DON'T use this systemUserConnection as the 'doAs' user<a name="line.169"></a> |
| <span class="sourceLineNo">170</span> * gets eclipsed by the system user. */<a name="line.170"></a> |
| <span class="sourceLineNo">171</span> private static Connection systemUserConnection;<a name="line.171"></a> |
| <span class="sourceLineNo">172</span><a name="line.172"></a> |
| <span class="sourceLineNo">173</span><a name="line.173"></a> |
| <span class="sourceLineNo">174</span> // user with all permissions<a name="line.174"></a> |
| <span class="sourceLineNo">175</span> private static User SUPERUSER;<a name="line.175"></a> |
| <span class="sourceLineNo">176</span> // user granted with all global permission<a name="line.176"></a> |
| <span class="sourceLineNo">177</span> private static User USER_ADMIN;<a name="line.177"></a> |
| <span class="sourceLineNo">178</span> // user with rw permissions on column family.<a name="line.178"></a> |
| <span class="sourceLineNo">179</span> private static User USER_RW;<a name="line.179"></a> |
| <span class="sourceLineNo">180</span> // user with read-only permissions<a name="line.180"></a> |
| <span class="sourceLineNo">181</span> private static User USER_RO;<a name="line.181"></a> |
| <span class="sourceLineNo">182</span> // user is table owner. will have all permissions on table<a name="line.182"></a> |
| <span class="sourceLineNo">183</span> private static User USER_OWNER;<a name="line.183"></a> |
| <span class="sourceLineNo">184</span> // user with create table permissions alone<a name="line.184"></a> |
| <span class="sourceLineNo">185</span> private static User USER_CREATE;<a name="line.185"></a> |
| <span class="sourceLineNo">186</span> // user with no permissions<a name="line.186"></a> |
| <span class="sourceLineNo">187</span> private static User USER_NONE;<a name="line.187"></a> |
| <span class="sourceLineNo">188</span> // user with admin rights on the column family<a name="line.188"></a> |
| <span class="sourceLineNo">189</span> private static User USER_ADMIN_CF;<a name="line.189"></a> |
| <span class="sourceLineNo">190</span><a name="line.190"></a> |
| <span class="sourceLineNo">191</span> private static final String GROUP_ADMIN = "group_admin";<a name="line.191"></a> |
| <span class="sourceLineNo">192</span> private static final String GROUP_CREATE = "group_create";<a name="line.192"></a> |
| <span class="sourceLineNo">193</span> private static final String GROUP_READ = "group_read";<a name="line.193"></a> |
| <span class="sourceLineNo">194</span> private static final String GROUP_WRITE = "group_write";<a name="line.194"></a> |
| <span class="sourceLineNo">195</span><a name="line.195"></a> |
| <span class="sourceLineNo">196</span> private static User USER_GROUP_ADMIN;<a name="line.196"></a> |
| <span class="sourceLineNo">197</span> private static User USER_GROUP_CREATE;<a name="line.197"></a> |
| <span class="sourceLineNo">198</span> private static User USER_GROUP_READ;<a name="line.198"></a> |
| <span class="sourceLineNo">199</span> private static User USER_GROUP_WRITE;<a name="line.199"></a> |
| <span class="sourceLineNo">200</span><a name="line.200"></a> |
| <span class="sourceLineNo">201</span> // TODO: convert this test to cover the full matrix in<a name="line.201"></a> |
| <span class="sourceLineNo">202</span> // https://hbase.apache.org/book/appendix_acl_matrix.html<a name="line.202"></a> |
| <span class="sourceLineNo">203</span> // creating all Scope x Permission combinations<a name="line.203"></a> |
| <span class="sourceLineNo">204</span><a name="line.204"></a> |
| <span class="sourceLineNo">205</span> private static TableName TEST_TABLE2 = TableName.valueOf("testtable2");<a name="line.205"></a> |
| <span class="sourceLineNo">206</span> private static byte[] TEST_FAMILY = Bytes.toBytes("f1");<a name="line.206"></a> |
| <span class="sourceLineNo">207</span> private static byte[] TEST_QUALIFIER = Bytes.toBytes("q1");<a name="line.207"></a> |
| <span class="sourceLineNo">208</span> private static byte[] TEST_ROW = Bytes.toBytes("r1");<a name="line.208"></a> |
| <span class="sourceLineNo">209</span><a name="line.209"></a> |
| <span class="sourceLineNo">210</span> private static MasterCoprocessorEnvironment CP_ENV;<a name="line.210"></a> |
| <span class="sourceLineNo">211</span> private static AccessController ACCESS_CONTROLLER;<a name="line.211"></a> |
| <span class="sourceLineNo">212</span> private static RegionServerCoprocessorEnvironment RSCP_ENV;<a name="line.212"></a> |
| <span class="sourceLineNo">213</span> private static RegionCoprocessorEnvironment RCP_ENV;<a name="line.213"></a> |
| <span class="sourceLineNo">214</span><a name="line.214"></a> |
| <span class="sourceLineNo">215</span> @Rule<a name="line.215"></a> |
| <span class="sourceLineNo">216</span> public TestName name = new TestName();<a name="line.216"></a> |
| <span class="sourceLineNo">217</span><a name="line.217"></a> |
| <span class="sourceLineNo">218</span> @BeforeClass<a name="line.218"></a> |
| <span class="sourceLineNo">219</span> public static void setupBeforeClass() throws Exception {<a name="line.219"></a> |
| <span class="sourceLineNo">220</span> // setup configuration<a name="line.220"></a> |
| <span class="sourceLineNo">221</span> conf = TEST_UTIL.getConfiguration();<a name="line.221"></a> |
| <span class="sourceLineNo">222</span> // Up the handlers; this test needs more than usual.<a name="line.222"></a> |
| <span class="sourceLineNo">223</span> conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10);<a name="line.223"></a> |
| <span class="sourceLineNo">224</span><a name="line.224"></a> |
| <span class="sourceLineNo">225</span> conf.set(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,<a name="line.225"></a> |
| <span class="sourceLineNo">226</span> MyShellBasedUnixGroupsMapping.class.getName());<a name="line.226"></a> |
| <span class="sourceLineNo">227</span> UserGroupInformation.setConfiguration(conf);<a name="line.227"></a> |
| <span class="sourceLineNo">228</span><a name="line.228"></a> |
| <span class="sourceLineNo">229</span> // Enable security<a name="line.229"></a> |
| <span class="sourceLineNo">230</span> enableSecurity(conf);<a name="line.230"></a> |
| <span class="sourceLineNo">231</span> // In this particular test case, we can't use SecureBulkLoadEndpoint because its doAs will fail<a name="line.231"></a> |
| <span class="sourceLineNo">232</span> // to move a file for a random user<a name="line.232"></a> |
| <span class="sourceLineNo">233</span> conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());<a name="line.233"></a> |
| <span class="sourceLineNo">234</span> // Verify enableSecurity sets up what we require<a name="line.234"></a> |
| <span class="sourceLineNo">235</span> verifyConfiguration(conf);<a name="line.235"></a> |
| <span class="sourceLineNo">236</span><a name="line.236"></a> |
| <span class="sourceLineNo">237</span> // Enable EXEC permission checking<a name="line.237"></a> |
| <span class="sourceLineNo">238</span> conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);<a name="line.238"></a> |
| <span class="sourceLineNo">239</span><a name="line.239"></a> |
| <span class="sourceLineNo">240</span> TEST_UTIL.startMiniCluster();<a name="line.240"></a> |
| <span class="sourceLineNo">241</span> MasterCoprocessorHost masterCpHost =<a name="line.241"></a> |
| <span class="sourceLineNo">242</span> TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();<a name="line.242"></a> |
| <span class="sourceLineNo">243</span> masterCpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf);<a name="line.243"></a> |
| <span class="sourceLineNo">244</span> ACCESS_CONTROLLER = masterCpHost.findCoprocessor(AccessController.class);<a name="line.244"></a> |
| <span class="sourceLineNo">245</span> CP_ENV = masterCpHost.createEnvironment(<a name="line.245"></a> |
| <span class="sourceLineNo">246</span> ACCESS_CONTROLLER, Coprocessor.PRIORITY_HIGHEST, 1, conf);<a name="line.246"></a> |
| <span class="sourceLineNo">247</span> RegionServerCoprocessorHost rsCpHost = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0)<a name="line.247"></a> |
| <span class="sourceLineNo">248</span> .getRegionServerCoprocessorHost();<a name="line.248"></a> |
| <span class="sourceLineNo">249</span> RSCP_ENV = rsCpHost.createEnvironment(ACCESS_CONTROLLER, Coprocessor.PRIORITY_HIGHEST, 1, conf);<a name="line.249"></a> |
| <span class="sourceLineNo">250</span><a name="line.250"></a> |
| <span class="sourceLineNo">251</span> // Wait for the ACL table to become available<a name="line.251"></a> |
| <span class="sourceLineNo">252</span> TEST_UTIL.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);<a name="line.252"></a> |
| <span class="sourceLineNo">253</span><a name="line.253"></a> |
| <span class="sourceLineNo">254</span> // create a set of test users<a name="line.254"></a> |
| <span class="sourceLineNo">255</span> SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });<a name="line.255"></a> |
| <span class="sourceLineNo">256</span> USER_ADMIN = User.createUserForTesting(conf, "admin2", new String[0]);<a name="line.256"></a> |
| <span class="sourceLineNo">257</span> USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);<a name="line.257"></a> |
| <span class="sourceLineNo">258</span> USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);<a name="line.258"></a> |
| <span class="sourceLineNo">259</span> USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);<a name="line.259"></a> |
| <span class="sourceLineNo">260</span> USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);<a name="line.260"></a> |
| <span class="sourceLineNo">261</span> USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);<a name="line.261"></a> |
| <span class="sourceLineNo">262</span> USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);<a name="line.262"></a> |
| <span class="sourceLineNo">263</span><a name="line.263"></a> |
| <span class="sourceLineNo">264</span> USER_GROUP_ADMIN =<a name="line.264"></a> |
| <span class="sourceLineNo">265</span> User.createUserForTesting(conf, "user_group_admin", new String[] { GROUP_ADMIN });<a name="line.265"></a> |
| <span class="sourceLineNo">266</span> USER_GROUP_CREATE =<a name="line.266"></a> |
| <span class="sourceLineNo">267</span> User.createUserForTesting(conf, "user_group_create", new String[] { GROUP_CREATE });<a name="line.267"></a> |
| <span class="sourceLineNo">268</span> USER_GROUP_READ =<a name="line.268"></a> |
| <span class="sourceLineNo">269</span> User.createUserForTesting(conf, "user_group_read", new String[] { GROUP_READ });<a name="line.269"></a> |
| <span class="sourceLineNo">270</span> USER_GROUP_WRITE =<a name="line.270"></a> |
| <span class="sourceLineNo">271</span> User.createUserForTesting(conf, "user_group_write", new String[] { GROUP_WRITE });<a name="line.271"></a> |
| <span class="sourceLineNo">272</span><a name="line.272"></a> |
| <span class="sourceLineNo">273</span> systemUserConnection = TEST_UTIL.getConnection();<a name="line.273"></a> |
| <span class="sourceLineNo">274</span> setUpTableAndUserPermissions();<a name="line.274"></a> |
| <span class="sourceLineNo">275</span> }<a name="line.275"></a> |
| <span class="sourceLineNo">276</span><a name="line.276"></a> |
| <span class="sourceLineNo">277</span> @AfterClass<a name="line.277"></a> |
| <span class="sourceLineNo">278</span> public static void tearDownAfterClass() throws Exception {<a name="line.278"></a> |
| <span class="sourceLineNo">279</span> cleanUp();<a name="line.279"></a> |
| <span class="sourceLineNo">280</span> TEST_UTIL.shutdownMiniCluster();<a name="line.280"></a> |
| <span class="sourceLineNo">281</span> }<a name="line.281"></a> |
| <span class="sourceLineNo">282</span><a name="line.282"></a> |
| <span class="sourceLineNo">283</span> private static void setUpTableAndUserPermissions() throws Exception {<a name="line.283"></a> |
| <span class="sourceLineNo">284</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(TEST_TABLE)<a name="line.284"></a> |
| <span class="sourceLineNo">285</span> .setColumnFamily(<a name="line.285"></a> |
| <span class="sourceLineNo">286</span> ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY).setMaxVersions(100).build())<a name="line.286"></a> |
| <span class="sourceLineNo">287</span> .setOwner(USER_OWNER).build();<a name="line.287"></a> |
| <span class="sourceLineNo">288</span> createTable(TEST_UTIL, tableDescriptor, new byte[][] { Bytes.toBytes("s") });<a name="line.288"></a> |
| <span class="sourceLineNo">289</span><a name="line.289"></a> |
| <span class="sourceLineNo">290</span> HRegion region = TEST_UTIL.getHBaseCluster().getRegions(TEST_TABLE).get(0);<a name="line.290"></a> |
| <span class="sourceLineNo">291</span> RegionCoprocessorHost rcpHost = region.getCoprocessorHost();<a name="line.291"></a> |
| <span class="sourceLineNo">292</span> RCP_ENV = rcpHost.createEnvironment(ACCESS_CONTROLLER, Coprocessor.PRIORITY_HIGHEST, 1, conf);<a name="line.292"></a> |
| <span class="sourceLineNo">293</span><a name="line.293"></a> |
| <span class="sourceLineNo">294</span> // Set up initial grants<a name="line.294"></a> |
| <span class="sourceLineNo">295</span><a name="line.295"></a> |
| <span class="sourceLineNo">296</span> grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(),<a name="line.296"></a> |
| <span class="sourceLineNo">297</span> Permission.Action.ADMIN,<a name="line.297"></a> |
| <span class="sourceLineNo">298</span> Permission.Action.CREATE,<a name="line.298"></a> |
| <span class="sourceLineNo">299</span> Permission.Action.READ,<a name="line.299"></a> |
| <span class="sourceLineNo">300</span> Permission.Action.WRITE);<a name="line.300"></a> |
| <span class="sourceLineNo">301</span><a name="line.301"></a> |
| <span class="sourceLineNo">302</span> grantOnTable(TEST_UTIL, USER_RW.getShortName(),<a name="line.302"></a> |
| <span class="sourceLineNo">303</span> TEST_TABLE, TEST_FAMILY, null,<a name="line.303"></a> |
| <span class="sourceLineNo">304</span> Permission.Action.READ,<a name="line.304"></a> |
| <span class="sourceLineNo">305</span> Permission.Action.WRITE);<a name="line.305"></a> |
| <span class="sourceLineNo">306</span><a name="line.306"></a> |
| <span class="sourceLineNo">307</span> // USER_CREATE is USER_RW plus CREATE permissions<a name="line.307"></a> |
| <span class="sourceLineNo">308</span> grantOnTable(TEST_UTIL, USER_CREATE.getShortName(),<a name="line.308"></a> |
| <span class="sourceLineNo">309</span> TEST_TABLE, null, null,<a name="line.309"></a> |
| <span class="sourceLineNo">310</span> Permission.Action.CREATE,<a name="line.310"></a> |
| <span class="sourceLineNo">311</span> Permission.Action.READ,<a name="line.311"></a> |
| <span class="sourceLineNo">312</span> Permission.Action.WRITE);<a name="line.312"></a> |
| <span class="sourceLineNo">313</span><a name="line.313"></a> |
| <span class="sourceLineNo">314</span> grantOnTable(TEST_UTIL, USER_RO.getShortName(),<a name="line.314"></a> |
| <span class="sourceLineNo">315</span> TEST_TABLE, TEST_FAMILY, null,<a name="line.315"></a> |
| <span class="sourceLineNo">316</span> Permission.Action.READ);<a name="line.316"></a> |
| <span class="sourceLineNo">317</span><a name="line.317"></a> |
| <span class="sourceLineNo">318</span> grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(),<a name="line.318"></a> |
| <span class="sourceLineNo">319</span> TEST_TABLE, TEST_FAMILY,<a name="line.319"></a> |
| <span class="sourceLineNo">320</span> null, Permission.Action.ADMIN, Permission.Action.CREATE);<a name="line.320"></a> |
| <span class="sourceLineNo">321</span><a name="line.321"></a> |
| <span class="sourceLineNo">322</span> grantGlobal(TEST_UTIL, toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN);<a name="line.322"></a> |
| <span class="sourceLineNo">323</span> grantGlobal(TEST_UTIL, toGroupEntry(GROUP_CREATE), Permission.Action.CREATE);<a name="line.323"></a> |
| <span class="sourceLineNo">324</span> grantGlobal(TEST_UTIL, toGroupEntry(GROUP_READ), Permission.Action.READ);<a name="line.324"></a> |
| <span class="sourceLineNo">325</span> grantGlobal(TEST_UTIL, toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);<a name="line.325"></a> |
| <span class="sourceLineNo">326</span><a name="line.326"></a> |
| <span class="sourceLineNo">327</span> assertEquals(5, PermissionStorage.getTablePermissions(conf, TEST_TABLE).size());<a name="line.327"></a> |
| <span class="sourceLineNo">328</span> int size = 0;<a name="line.328"></a> |
| <span class="sourceLineNo">329</span> try {<a name="line.329"></a> |
| <span class="sourceLineNo">330</span> size = AccessControlClient.getUserPermissions(systemUserConnection, TEST_TABLE.toString())<a name="line.330"></a> |
| <span class="sourceLineNo">331</span> .size();<a name="line.331"></a> |
| <span class="sourceLineNo">332</span> } catch (Throwable e) {<a name="line.332"></a> |
| <span class="sourceLineNo">333</span> LOG.error("error during call of AccessControlClient.getUserPermissions. ", e);<a name="line.333"></a> |
| <span class="sourceLineNo">334</span> fail("error during call of AccessControlClient.getUserPermissions.");<a name="line.334"></a> |
| <span class="sourceLineNo">335</span> }<a name="line.335"></a> |
| <span class="sourceLineNo">336</span> assertEquals(5, size);<a name="line.336"></a> |
| <span class="sourceLineNo">337</span> }<a name="line.337"></a> |
| <span class="sourceLineNo">338</span><a name="line.338"></a> |
| <span class="sourceLineNo">339</span> private static void cleanUp() throws Exception {<a name="line.339"></a> |
| <span class="sourceLineNo">340</span> // Clean the _acl_ table<a name="line.340"></a> |
| <span class="sourceLineNo">341</span> try {<a name="line.341"></a> |
| <span class="sourceLineNo">342</span> deleteTable(TEST_UTIL, TEST_TABLE);<a name="line.342"></a> |
| <span class="sourceLineNo">343</span> } catch (TableNotFoundException ex) {<a name="line.343"></a> |
| <span class="sourceLineNo">344</span> // Test deleted the table, no problem<a name="line.344"></a> |
| <span class="sourceLineNo">345</span> LOG.info("Test deleted table " + TEST_TABLE);<a name="line.345"></a> |
| <span class="sourceLineNo">346</span> }<a name="line.346"></a> |
| <span class="sourceLineNo">347</span> // Verify all table/namespace permissions are erased<a name="line.347"></a> |
| <span class="sourceLineNo">348</span> assertEquals(0, PermissionStorage.getTablePermissions(conf, TEST_TABLE).size());<a name="line.348"></a> |
| <span class="sourceLineNo">349</span> assertEquals(0,<a name="line.349"></a> |
| <span class="sourceLineNo">350</span> PermissionStorage.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size());<a name="line.350"></a> |
| <span class="sourceLineNo">351</span> }<a name="line.351"></a> |
| <span class="sourceLineNo">352</span><a name="line.352"></a> |
| <span class="sourceLineNo">353</span> @Test<a name="line.353"></a> |
| <span class="sourceLineNo">354</span> public void testUnauthorizedShutdown() throws Exception {<a name="line.354"></a> |
| <span class="sourceLineNo">355</span> AccessTestAction action = new AccessTestAction() {<a name="line.355"></a> |
| <span class="sourceLineNo">356</span> @Override public Object run() throws Exception {<a name="line.356"></a> |
| <span class="sourceLineNo">357</span> HMaster master = TEST_UTIL.getHBaseCluster().getMaster();<a name="line.357"></a> |
| <span class="sourceLineNo">358</span> master.shutdown();<a name="line.358"></a> |
| <span class="sourceLineNo">359</span> return null;<a name="line.359"></a> |
| <span class="sourceLineNo">360</span> }<a name="line.360"></a> |
| <span class="sourceLineNo">361</span> };<a name="line.361"></a> |
| <span class="sourceLineNo">362</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.362"></a> |
| <span class="sourceLineNo">363</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.363"></a> |
| <span class="sourceLineNo">364</span> }<a name="line.364"></a> |
| <span class="sourceLineNo">365</span><a name="line.365"></a> |
| <span class="sourceLineNo">366</span> @Test<a name="line.366"></a> |
| <span class="sourceLineNo">367</span> public void testUnauthorizedStopMaster() throws Exception {<a name="line.367"></a> |
| <span class="sourceLineNo">368</span> AccessTestAction action = new AccessTestAction() {<a name="line.368"></a> |
| <span class="sourceLineNo">369</span> @Override public Object run() throws Exception {<a name="line.369"></a> |
| <span class="sourceLineNo">370</span> HMaster master = TEST_UTIL.getHBaseCluster().getMaster();<a name="line.370"></a> |
| <span class="sourceLineNo">371</span> master.stopMaster();<a name="line.371"></a> |
| <span class="sourceLineNo">372</span> return null;<a name="line.372"></a> |
| <span class="sourceLineNo">373</span> }<a name="line.373"></a> |
| <span class="sourceLineNo">374</span> };<a name="line.374"></a> |
| <span class="sourceLineNo">375</span><a name="line.375"></a> |
| <span class="sourceLineNo">376</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.376"></a> |
| <span class="sourceLineNo">377</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.377"></a> |
| <span class="sourceLineNo">378</span> }<a name="line.378"></a> |
| <span class="sourceLineNo">379</span><a name="line.379"></a> |
| <span class="sourceLineNo">380</span> @Test<a name="line.380"></a> |
| <span class="sourceLineNo">381</span> public void testSecurityCapabilities() throws Exception {<a name="line.381"></a> |
| <span class="sourceLineNo">382</span> List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin()<a name="line.382"></a> |
| <span class="sourceLineNo">383</span> .getSecurityCapabilities();<a name="line.383"></a> |
| <span class="sourceLineNo">384</span> assertTrue("AUTHORIZATION capability is missing",<a name="line.384"></a> |
| <span class="sourceLineNo">385</span> capabilities.contains(SecurityCapability.AUTHORIZATION));<a name="line.385"></a> |
| <span class="sourceLineNo">386</span> assertTrue("CELL_AUTHORIZATION capability is missing",<a name="line.386"></a> |
| <span class="sourceLineNo">387</span> capabilities.contains(SecurityCapability.CELL_AUTHORIZATION));<a name="line.387"></a> |
| <span class="sourceLineNo">388</span> }<a name="line.388"></a> |
| <span class="sourceLineNo">389</span><a name="line.389"></a> |
| <span class="sourceLineNo">390</span> @Test<a name="line.390"></a> |
| <span class="sourceLineNo">391</span> public void testTableCreate() throws Exception {<a name="line.391"></a> |
| <span class="sourceLineNo">392</span> AccessTestAction createTable = new AccessTestAction() {<a name="line.392"></a> |
| <span class="sourceLineNo">393</span> @Override<a name="line.393"></a> |
| <span class="sourceLineNo">394</span> public Object run() throws Exception {<a name="line.394"></a> |
| <span class="sourceLineNo">395</span> TableDescriptor tableDescriptor =<a name="line.395"></a> |
| <span class="sourceLineNo">396</span> TableDescriptorBuilder.newBuilder(TableName.valueOf(name.getMethodName()))<a name="line.396"></a> |
| <span class="sourceLineNo">397</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(TEST_FAMILY)).build();<a name="line.397"></a> |
| <span class="sourceLineNo">398</span> ACCESS_CONTROLLER.preCreateTable(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.398"></a> |
| <span class="sourceLineNo">399</span> tableDescriptor, null);<a name="line.399"></a> |
| <span class="sourceLineNo">400</span> return null;<a name="line.400"></a> |
| <span class="sourceLineNo">401</span> }<a name="line.401"></a> |
| <span class="sourceLineNo">402</span> };<a name="line.402"></a> |
| <span class="sourceLineNo">403</span><a name="line.403"></a> |
| <span class="sourceLineNo">404</span> // verify that superuser can create tables<a name="line.404"></a> |
| <span class="sourceLineNo">405</span> verifyAllowed(createTable, SUPERUSER, USER_ADMIN, USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.405"></a> |
| <span class="sourceLineNo">406</span><a name="line.406"></a> |
| <span class="sourceLineNo">407</span> // all others should be denied<a name="line.407"></a> |
| <span class="sourceLineNo">408</span> verifyDenied(createTable, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.408"></a> |
| <span class="sourceLineNo">409</span> USER_GROUP_WRITE);<a name="line.409"></a> |
| <span class="sourceLineNo">410</span> }<a name="line.410"></a> |
| <span class="sourceLineNo">411</span><a name="line.411"></a> |
| <span class="sourceLineNo">412</span> @Test<a name="line.412"></a> |
| <span class="sourceLineNo">413</span> public void testTableModify() throws Exception {<a name="line.413"></a> |
| <span class="sourceLineNo">414</span> AccessTestAction modifyTable = new AccessTestAction() {<a name="line.414"></a> |
| <span class="sourceLineNo">415</span> @Override<a name="line.415"></a> |
| <span class="sourceLineNo">416</span> public Object run() throws Exception {<a name="line.416"></a> |
| <span class="sourceLineNo">417</span> TableDescriptorBuilder tableDescriptorBuilder =<a name="line.417"></a> |
| <span class="sourceLineNo">418</span> TableDescriptorBuilder.newBuilder(TEST_TABLE);<a name="line.418"></a> |
| <span class="sourceLineNo">419</span> ColumnFamilyDescriptor columnFamilyDescriptor =<a name="line.419"></a> |
| <span class="sourceLineNo">420</span> ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY).build();<a name="line.420"></a> |
| <span class="sourceLineNo">421</span> tableDescriptorBuilder.setColumnFamily(columnFamilyDescriptor);<a name="line.421"></a> |
| <span class="sourceLineNo">422</span> columnFamilyDescriptor = ColumnFamilyDescriptorBuilder<a name="line.422"></a> |
| <span class="sourceLineNo">423</span> .newBuilder(Bytes.toBytes("fam_" + User.getCurrent().getShortName())).build();<a name="line.423"></a> |
| <span class="sourceLineNo">424</span> tableDescriptorBuilder.setColumnFamily(columnFamilyDescriptor);<a name="line.424"></a> |
| <span class="sourceLineNo">425</span> ACCESS_CONTROLLER.preModifyTable(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.425"></a> |
| <span class="sourceLineNo">426</span> TEST_TABLE,<a name="line.426"></a> |
| <span class="sourceLineNo">427</span> null, // not needed by AccessController<a name="line.427"></a> |
| <span class="sourceLineNo">428</span> tableDescriptorBuilder.build());<a name="line.428"></a> |
| <span class="sourceLineNo">429</span> return null;<a name="line.429"></a> |
| <span class="sourceLineNo">430</span> }<a name="line.430"></a> |
| <span class="sourceLineNo">431</span> };<a name="line.431"></a> |
| <span class="sourceLineNo">432</span><a name="line.432"></a> |
| <span class="sourceLineNo">433</span> verifyAllowed(modifyTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_GROUP_CREATE,<a name="line.433"></a> |
| <span class="sourceLineNo">434</span> USER_GROUP_ADMIN);<a name="line.434"></a> |
| <span class="sourceLineNo">435</span> verifyDenied(modifyTable, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.435"></a> |
| <span class="sourceLineNo">436</span> }<a name="line.436"></a> |
| <span class="sourceLineNo">437</span><a name="line.437"></a> |
| <span class="sourceLineNo">438</span> @Test<a name="line.438"></a> |
| <span class="sourceLineNo">439</span> public void testTableDelete() throws Exception {<a name="line.439"></a> |
| <span class="sourceLineNo">440</span> AccessTestAction deleteTable = new AccessTestAction() {<a name="line.440"></a> |
| <span class="sourceLineNo">441</span> @Override<a name="line.441"></a> |
| <span class="sourceLineNo">442</span> public Object run() throws Exception {<a name="line.442"></a> |
| <span class="sourceLineNo">443</span> ACCESS_CONTROLLER<a name="line.443"></a> |
| <span class="sourceLineNo">444</span> .preDeleteTable(ObserverContextImpl.createAndPrepare(CP_ENV), TEST_TABLE);<a name="line.444"></a> |
| <span class="sourceLineNo">445</span> return null;<a name="line.445"></a> |
| <span class="sourceLineNo">446</span> }<a name="line.446"></a> |
| <span class="sourceLineNo">447</span> };<a name="line.447"></a> |
| <span class="sourceLineNo">448</span><a name="line.448"></a> |
| <span class="sourceLineNo">449</span> verifyAllowed(deleteTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_GROUP_CREATE,<a name="line.449"></a> |
| <span class="sourceLineNo">450</span> USER_GROUP_ADMIN);<a name="line.450"></a> |
| <span class="sourceLineNo">451</span> verifyDenied(deleteTable, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.451"></a> |
| <span class="sourceLineNo">452</span> }<a name="line.452"></a> |
| <span class="sourceLineNo">453</span><a name="line.453"></a> |
| <span class="sourceLineNo">454</span> @Test<a name="line.454"></a> |
| <span class="sourceLineNo">455</span> public void testTableTruncate() throws Exception {<a name="line.455"></a> |
| <span class="sourceLineNo">456</span> AccessTestAction truncateTable = new AccessTestAction() {<a name="line.456"></a> |
| <span class="sourceLineNo">457</span> @Override<a name="line.457"></a> |
| <span class="sourceLineNo">458</span> public Object run() throws Exception {<a name="line.458"></a> |
| <span class="sourceLineNo">459</span> ACCESS_CONTROLLER<a name="line.459"></a> |
| <span class="sourceLineNo">460</span> .preTruncateTable(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.460"></a> |
| <span class="sourceLineNo">461</span> TEST_TABLE);<a name="line.461"></a> |
| <span class="sourceLineNo">462</span> return null;<a name="line.462"></a> |
| <span class="sourceLineNo">463</span> }<a name="line.463"></a> |
| <span class="sourceLineNo">464</span> };<a name="line.464"></a> |
| <span class="sourceLineNo">465</span><a name="line.465"></a> |
| <span class="sourceLineNo">466</span> verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_GROUP_CREATE,<a name="line.466"></a> |
| <span class="sourceLineNo">467</span> USER_GROUP_ADMIN);<a name="line.467"></a> |
| <span class="sourceLineNo">468</span> verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.468"></a> |
| <span class="sourceLineNo">469</span> }<a name="line.469"></a> |
| <span class="sourceLineNo">470</span><a name="line.470"></a> |
| <span class="sourceLineNo">471</span> @Test<a name="line.471"></a> |
| <span class="sourceLineNo">472</span> public void testTableDisable() throws Exception {<a name="line.472"></a> |
| <span class="sourceLineNo">473</span> AccessTestAction disableTable = new AccessTestAction() {<a name="line.473"></a> |
| <span class="sourceLineNo">474</span> @Override<a name="line.474"></a> |
| <span class="sourceLineNo">475</span> public Object run() throws Exception {<a name="line.475"></a> |
| <span class="sourceLineNo">476</span> ACCESS_CONTROLLER.preDisableTable(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.476"></a> |
| <span class="sourceLineNo">477</span> TEST_TABLE);<a name="line.477"></a> |
| <span class="sourceLineNo">478</span> return null;<a name="line.478"></a> |
| <span class="sourceLineNo">479</span> }<a name="line.479"></a> |
| <span class="sourceLineNo">480</span> };<a name="line.480"></a> |
| <span class="sourceLineNo">481</span><a name="line.481"></a> |
| <span class="sourceLineNo">482</span> AccessTestAction disableAclTable = new AccessTestAction() {<a name="line.482"></a> |
| <span class="sourceLineNo">483</span> @Override<a name="line.483"></a> |
| <span class="sourceLineNo">484</span> public Object run() throws Exception {<a name="line.484"></a> |
| <span class="sourceLineNo">485</span> ACCESS_CONTROLLER.preDisableTable(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.485"></a> |
| <span class="sourceLineNo">486</span> PermissionStorage.ACL_TABLE_NAME);<a name="line.486"></a> |
| <span class="sourceLineNo">487</span> return null;<a name="line.487"></a> |
| <span class="sourceLineNo">488</span> }<a name="line.488"></a> |
| <span class="sourceLineNo">489</span> };<a name="line.489"></a> |
| <span class="sourceLineNo">490</span><a name="line.490"></a> |
| <span class="sourceLineNo">491</span> verifyAllowed(disableTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_GROUP_CREATE,<a name="line.491"></a> |
| <span class="sourceLineNo">492</span> USER_GROUP_ADMIN);<a name="line.492"></a> |
| <span class="sourceLineNo">493</span> verifyDenied(disableTable, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.493"></a> |
| <span class="sourceLineNo">494</span><a name="line.494"></a> |
| <span class="sourceLineNo">495</span> // No user should be allowed to disable _acl_ table<a name="line.495"></a> |
| <span class="sourceLineNo">496</span> verifyDenied(disableAclTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_RW, USER_RO,<a name="line.496"></a> |
| <span class="sourceLineNo">497</span> USER_GROUP_CREATE, USER_GROUP_ADMIN, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.497"></a> |
| <span class="sourceLineNo">498</span> }<a name="line.498"></a> |
| <span class="sourceLineNo">499</span><a name="line.499"></a> |
| <span class="sourceLineNo">500</span> @Test<a name="line.500"></a> |
| <span class="sourceLineNo">501</span> public void testTableEnable() throws Exception {<a name="line.501"></a> |
| <span class="sourceLineNo">502</span> AccessTestAction enableTable = new AccessTestAction() {<a name="line.502"></a> |
| <span class="sourceLineNo">503</span> @Override<a name="line.503"></a> |
| <span class="sourceLineNo">504</span> public Object run() throws Exception {<a name="line.504"></a> |
| <span class="sourceLineNo">505</span> ACCESS_CONTROLLER<a name="line.505"></a> |
| <span class="sourceLineNo">506</span> .preEnableTable(ObserverContextImpl.createAndPrepare(CP_ENV), TEST_TABLE);<a name="line.506"></a> |
| <span class="sourceLineNo">507</span> return null;<a name="line.507"></a> |
| <span class="sourceLineNo">508</span> }<a name="line.508"></a> |
| <span class="sourceLineNo">509</span> };<a name="line.509"></a> |
| <span class="sourceLineNo">510</span><a name="line.510"></a> |
| <span class="sourceLineNo">511</span> verifyAllowed(enableTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_GROUP_CREATE,<a name="line.511"></a> |
| <span class="sourceLineNo">512</span> USER_GROUP_ADMIN);<a name="line.512"></a> |
| <span class="sourceLineNo">513</span> verifyDenied(enableTable, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.513"></a> |
| <span class="sourceLineNo">514</span> }<a name="line.514"></a> |
| <span class="sourceLineNo">515</span><a name="line.515"></a> |
| <span class="sourceLineNo">516</span> public static class TestTableDDLProcedure extends Procedure<MasterProcedureEnv><a name="line.516"></a> |
| <span class="sourceLineNo">517</span> implements TableProcedureInterface {<a name="line.517"></a> |
| <span class="sourceLineNo">518</span> private TableName tableName;<a name="line.518"></a> |
| <span class="sourceLineNo">519</span><a name="line.519"></a> |
| <span class="sourceLineNo">520</span> public TestTableDDLProcedure() {<a name="line.520"></a> |
| <span class="sourceLineNo">521</span> }<a name="line.521"></a> |
| <span class="sourceLineNo">522</span><a name="line.522"></a> |
| <span class="sourceLineNo">523</span> public TestTableDDLProcedure(final MasterProcedureEnv env, final TableName tableName)<a name="line.523"></a> |
| <span class="sourceLineNo">524</span> throws IOException {<a name="line.524"></a> |
| <span class="sourceLineNo">525</span> this.tableName = tableName;<a name="line.525"></a> |
| <span class="sourceLineNo">526</span> this.setTimeout(180000); // Timeout in 3 minutes<a name="line.526"></a> |
| <span class="sourceLineNo">527</span> this.setOwner(env.getRequestUser());<a name="line.527"></a> |
| <span class="sourceLineNo">528</span> }<a name="line.528"></a> |
| <span class="sourceLineNo">529</span><a name="line.529"></a> |
| <span class="sourceLineNo">530</span> @Override<a name="line.530"></a> |
| <span class="sourceLineNo">531</span> public TableName getTableName() {<a name="line.531"></a> |
| <span class="sourceLineNo">532</span> return tableName;<a name="line.532"></a> |
| <span class="sourceLineNo">533</span> }<a name="line.533"></a> |
| <span class="sourceLineNo">534</span><a name="line.534"></a> |
| <span class="sourceLineNo">535</span> @Override<a name="line.535"></a> |
| <span class="sourceLineNo">536</span> public TableOperationType getTableOperationType() {<a name="line.536"></a> |
| <span class="sourceLineNo">537</span> return TableOperationType.EDIT;<a name="line.537"></a> |
| <span class="sourceLineNo">538</span> }<a name="line.538"></a> |
| <span class="sourceLineNo">539</span><a name="line.539"></a> |
| <span class="sourceLineNo">540</span> @Override<a name="line.540"></a> |
| <span class="sourceLineNo">541</span> protected boolean abort(MasterProcedureEnv env) {<a name="line.541"></a> |
| <span class="sourceLineNo">542</span> return true;<a name="line.542"></a> |
| <span class="sourceLineNo">543</span> }<a name="line.543"></a> |
| <span class="sourceLineNo">544</span><a name="line.544"></a> |
| <span class="sourceLineNo">545</span> @Override<a name="line.545"></a> |
| <span class="sourceLineNo">546</span> protected void serializeStateData(ProcedureStateSerializer serializer)<a name="line.546"></a> |
| <span class="sourceLineNo">547</span> throws IOException {<a name="line.547"></a> |
| <span class="sourceLineNo">548</span> TestProcedureProtos.TestTableDDLStateData.Builder testTableDDLMsg =<a name="line.548"></a> |
| <span class="sourceLineNo">549</span> TestProcedureProtos.TestTableDDLStateData.newBuilder()<a name="line.549"></a> |
| <span class="sourceLineNo">550</span> .setTableName(tableName.getNameAsString());<a name="line.550"></a> |
| <span class="sourceLineNo">551</span> serializer.serialize(testTableDDLMsg.build());<a name="line.551"></a> |
| <span class="sourceLineNo">552</span> }<a name="line.552"></a> |
| <span class="sourceLineNo">553</span><a name="line.553"></a> |
| <span class="sourceLineNo">554</span> @Override<a name="line.554"></a> |
| <span class="sourceLineNo">555</span> protected void deserializeStateData(ProcedureStateSerializer serializer)<a name="line.555"></a> |
| <span class="sourceLineNo">556</span> throws IOException {<a name="line.556"></a> |
| <span class="sourceLineNo">557</span> TestProcedureProtos.TestTableDDLStateData testTableDDLMsg =<a name="line.557"></a> |
| <span class="sourceLineNo">558</span> serializer.deserialize(TestProcedureProtos.TestTableDDLStateData.class);<a name="line.558"></a> |
| <span class="sourceLineNo">559</span> tableName = TableName.valueOf(testTableDDLMsg.getTableName());<a name="line.559"></a> |
| <span class="sourceLineNo">560</span> }<a name="line.560"></a> |
| <span class="sourceLineNo">561</span><a name="line.561"></a> |
| <span class="sourceLineNo">562</span> @Override<a name="line.562"></a> |
| <span class="sourceLineNo">563</span> protected Procedure[] execute(MasterProcedureEnv env) throws ProcedureYieldException,<a name="line.563"></a> |
| <span class="sourceLineNo">564</span> InterruptedException {<a name="line.564"></a> |
| <span class="sourceLineNo">565</span> // Not letting the procedure to complete until timed out<a name="line.565"></a> |
| <span class="sourceLineNo">566</span> setState(ProcedureState.WAITING_TIMEOUT);<a name="line.566"></a> |
| <span class="sourceLineNo">567</span> return null;<a name="line.567"></a> |
| <span class="sourceLineNo">568</span> }<a name="line.568"></a> |
| <span class="sourceLineNo">569</span><a name="line.569"></a> |
| <span class="sourceLineNo">570</span> @Override<a name="line.570"></a> |
| <span class="sourceLineNo">571</span> protected void rollback(MasterProcedureEnv env) throws IOException, InterruptedException {<a name="line.571"></a> |
| <span class="sourceLineNo">572</span> }<a name="line.572"></a> |
| <span class="sourceLineNo">573</span> }<a name="line.573"></a> |
| <span class="sourceLineNo">574</span><a name="line.574"></a> |
| <span class="sourceLineNo">575</span> @Test<a name="line.575"></a> |
| <span class="sourceLineNo">576</span> public void testAbortProcedure() throws Exception {<a name="line.576"></a> |
| <span class="sourceLineNo">577</span> long procId = 1;<a name="line.577"></a> |
| <span class="sourceLineNo">578</span> AccessTestAction abortProcedureAction = new AccessTestAction() {<a name="line.578"></a> |
| <span class="sourceLineNo">579</span> @Override<a name="line.579"></a> |
| <span class="sourceLineNo">580</span> public Object run() throws Exception {<a name="line.580"></a> |
| <span class="sourceLineNo">581</span> ACCESS_CONTROLLER.preAbortProcedure(ObserverContextImpl.createAndPrepare(CP_ENV), procId);<a name="line.581"></a> |
| <span class="sourceLineNo">582</span> return null;<a name="line.582"></a> |
| <span class="sourceLineNo">583</span> }<a name="line.583"></a> |
| <span class="sourceLineNo">584</span> };<a name="line.584"></a> |
| <span class="sourceLineNo">585</span><a name="line.585"></a> |
| <span class="sourceLineNo">586</span> verifyAllowed(abortProcedureAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.586"></a> |
| <span class="sourceLineNo">587</span> }<a name="line.587"></a> |
| <span class="sourceLineNo">588</span><a name="line.588"></a> |
| <span class="sourceLineNo">589</span> @Test<a name="line.589"></a> |
| <span class="sourceLineNo">590</span> public void testGetProcedures() throws Exception {<a name="line.590"></a> |
| <span class="sourceLineNo">591</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.591"></a> |
| <span class="sourceLineNo">592</span> final ProcedureExecutor<MasterProcedureEnv> procExec =<a name="line.592"></a> |
| <span class="sourceLineNo">593</span> TEST_UTIL.getHBaseCluster().getMaster().getMasterProcedureExecutor();<a name="line.593"></a> |
| <span class="sourceLineNo">594</span> Procedure proc = new TestTableDDLProcedure(procExec.getEnvironment(), tableName);<a name="line.594"></a> |
| <span class="sourceLineNo">595</span> proc.setOwner(USER_OWNER);<a name="line.595"></a> |
| <span class="sourceLineNo">596</span> procExec.submitProcedure(proc);<a name="line.596"></a> |
| <span class="sourceLineNo">597</span> final List<Procedure<MasterProcedureEnv>> procList = procExec.getProcedures();<a name="line.597"></a> |
| <span class="sourceLineNo">598</span><a name="line.598"></a> |
| <span class="sourceLineNo">599</span> AccessTestAction getProceduresAction = new AccessTestAction() {<a name="line.599"></a> |
| <span class="sourceLineNo">600</span> @Override<a name="line.600"></a> |
| <span class="sourceLineNo">601</span> public Object run() throws Exception {<a name="line.601"></a> |
| <span class="sourceLineNo">602</span> ACCESS_CONTROLLER<a name="line.602"></a> |
| <span class="sourceLineNo">603</span> .postGetProcedures(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.603"></a> |
| <span class="sourceLineNo">604</span> return null;<a name="line.604"></a> |
| <span class="sourceLineNo">605</span> }<a name="line.605"></a> |
| <span class="sourceLineNo">606</span> };<a name="line.606"></a> |
| <span class="sourceLineNo">607</span><a name="line.607"></a> |
| <span class="sourceLineNo">608</span> verifyAllowed(getProceduresAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.608"></a> |
| <span class="sourceLineNo">609</span> verifyAllowed(getProceduresAction, USER_OWNER);<a name="line.609"></a> |
| <span class="sourceLineNo">610</span> verifyIfNull(<a name="line.610"></a> |
| <span class="sourceLineNo">611</span> getProceduresAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.611"></a> |
| <span class="sourceLineNo">612</span> }<a name="line.612"></a> |
| <span class="sourceLineNo">613</span><a name="line.613"></a> |
| <span class="sourceLineNo">614</span> @Test<a name="line.614"></a> |
| <span class="sourceLineNo">615</span> public void testGetLocks() throws Exception {<a name="line.615"></a> |
| <span class="sourceLineNo">616</span> AccessTestAction action = new AccessTestAction() {<a name="line.616"></a> |
| <span class="sourceLineNo">617</span> @Override<a name="line.617"></a> |
| <span class="sourceLineNo">618</span> public Object run() throws Exception {<a name="line.618"></a> |
| <span class="sourceLineNo">619</span> ACCESS_CONTROLLER.preGetLocks(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.619"></a> |
| <span class="sourceLineNo">620</span> return null;<a name="line.620"></a> |
| <span class="sourceLineNo">621</span> }<a name="line.621"></a> |
| <span class="sourceLineNo">622</span> };<a name="line.622"></a> |
| <span class="sourceLineNo">623</span><a name="line.623"></a> |
| <span class="sourceLineNo">624</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.624"></a> |
| <span class="sourceLineNo">625</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE,<a name="line.625"></a> |
| <span class="sourceLineNo">626</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.626"></a> |
| <span class="sourceLineNo">627</span> }<a name="line.627"></a> |
| <span class="sourceLineNo">628</span><a name="line.628"></a> |
| <span class="sourceLineNo">629</span> @Test<a name="line.629"></a> |
| <span class="sourceLineNo">630</span> public void testMove() throws Exception {<a name="line.630"></a> |
| <span class="sourceLineNo">631</span> List<HRegionLocation> regions;<a name="line.631"></a> |
| <span class="sourceLineNo">632</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {<a name="line.632"></a> |
| <span class="sourceLineNo">633</span> regions = locator.getAllRegionLocations();<a name="line.633"></a> |
| <span class="sourceLineNo">634</span> }<a name="line.634"></a> |
| <span class="sourceLineNo">635</span> HRegionLocation location = regions.get(0);<a name="line.635"></a> |
| <span class="sourceLineNo">636</span> final RegionInfo hri = location.getRegion();<a name="line.636"></a> |
| <span class="sourceLineNo">637</span> final ServerName server = location.getServerName();<a name="line.637"></a> |
| <span class="sourceLineNo">638</span> AccessTestAction action = new AccessTestAction() {<a name="line.638"></a> |
| <span class="sourceLineNo">639</span> @Override<a name="line.639"></a> |
| <span class="sourceLineNo">640</span> public Object run() throws Exception {<a name="line.640"></a> |
| <span class="sourceLineNo">641</span> ACCESS_CONTROLLER.preMove(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.641"></a> |
| <span class="sourceLineNo">642</span> hri, server, server);<a name="line.642"></a> |
| <span class="sourceLineNo">643</span> return null;<a name="line.643"></a> |
| <span class="sourceLineNo">644</span> }<a name="line.644"></a> |
| <span class="sourceLineNo">645</span> };<a name="line.645"></a> |
| <span class="sourceLineNo">646</span><a name="line.646"></a> |
| <span class="sourceLineNo">647</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.647"></a> |
| <span class="sourceLineNo">648</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.648"></a> |
| <span class="sourceLineNo">649</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.649"></a> |
| <span class="sourceLineNo">650</span> }<a name="line.650"></a> |
| <span class="sourceLineNo">651</span><a name="line.651"></a> |
| <span class="sourceLineNo">652</span> @Test<a name="line.652"></a> |
| <span class="sourceLineNo">653</span> public void testAssign() throws Exception {<a name="line.653"></a> |
| <span class="sourceLineNo">654</span> List<HRegionLocation> regions;<a name="line.654"></a> |
| <span class="sourceLineNo">655</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {<a name="line.655"></a> |
| <span class="sourceLineNo">656</span> regions = locator.getAllRegionLocations();<a name="line.656"></a> |
| <span class="sourceLineNo">657</span> }<a name="line.657"></a> |
| <span class="sourceLineNo">658</span> HRegionLocation location = regions.get(0);<a name="line.658"></a> |
| <span class="sourceLineNo">659</span> final RegionInfo hri = location.getRegion();<a name="line.659"></a> |
| <span class="sourceLineNo">660</span> AccessTestAction action = new AccessTestAction() {<a name="line.660"></a> |
| <span class="sourceLineNo">661</span> @Override<a name="line.661"></a> |
| <span class="sourceLineNo">662</span> public Object run() throws Exception {<a name="line.662"></a> |
| <span class="sourceLineNo">663</span> ACCESS_CONTROLLER.preAssign(ObserverContextImpl.createAndPrepare(CP_ENV), hri);<a name="line.663"></a> |
| <span class="sourceLineNo">664</span> return null;<a name="line.664"></a> |
| <span class="sourceLineNo">665</span> }<a name="line.665"></a> |
| <span class="sourceLineNo">666</span> };<a name="line.666"></a> |
| <span class="sourceLineNo">667</span><a name="line.667"></a> |
| <span class="sourceLineNo">668</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.668"></a> |
| <span class="sourceLineNo">669</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.669"></a> |
| <span class="sourceLineNo">670</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.670"></a> |
| <span class="sourceLineNo">671</span> }<a name="line.671"></a> |
| <span class="sourceLineNo">672</span><a name="line.672"></a> |
| <span class="sourceLineNo">673</span> @Test<a name="line.673"></a> |
| <span class="sourceLineNo">674</span> public void testUnassign() throws Exception {<a name="line.674"></a> |
| <span class="sourceLineNo">675</span> List<HRegionLocation> regions;<a name="line.675"></a> |
| <span class="sourceLineNo">676</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {<a name="line.676"></a> |
| <span class="sourceLineNo">677</span> regions = locator.getAllRegionLocations();<a name="line.677"></a> |
| <span class="sourceLineNo">678</span> }<a name="line.678"></a> |
| <span class="sourceLineNo">679</span> HRegionLocation location = regions.get(0);<a name="line.679"></a> |
| <span class="sourceLineNo">680</span> final RegionInfo hri = location.getRegion();<a name="line.680"></a> |
| <span class="sourceLineNo">681</span> AccessTestAction action = new AccessTestAction() {<a name="line.681"></a> |
| <span class="sourceLineNo">682</span> @Override<a name="line.682"></a> |
| <span class="sourceLineNo">683</span> public Object run() throws Exception {<a name="line.683"></a> |
| <span class="sourceLineNo">684</span> ACCESS_CONTROLLER.preUnassign(ObserverContextImpl.createAndPrepare(CP_ENV), hri);<a name="line.684"></a> |
| <span class="sourceLineNo">685</span> return null;<a name="line.685"></a> |
| <span class="sourceLineNo">686</span> }<a name="line.686"></a> |
| <span class="sourceLineNo">687</span> };<a name="line.687"></a> |
| <span class="sourceLineNo">688</span><a name="line.688"></a> |
| <span class="sourceLineNo">689</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.689"></a> |
| <span class="sourceLineNo">690</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.690"></a> |
| <span class="sourceLineNo">691</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.691"></a> |
| <span class="sourceLineNo">692</span> }<a name="line.692"></a> |
| <span class="sourceLineNo">693</span><a name="line.693"></a> |
| <span class="sourceLineNo">694</span> @Test<a name="line.694"></a> |
| <span class="sourceLineNo">695</span> public void testRegionOffline() throws Exception {<a name="line.695"></a> |
| <span class="sourceLineNo">696</span> List<HRegionLocation> regions;<a name="line.696"></a> |
| <span class="sourceLineNo">697</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE)) {<a name="line.697"></a> |
| <span class="sourceLineNo">698</span> regions = locator.getAllRegionLocations();<a name="line.698"></a> |
| <span class="sourceLineNo">699</span> }<a name="line.699"></a> |
| <span class="sourceLineNo">700</span> HRegionLocation location = regions.get(0);<a name="line.700"></a> |
| <span class="sourceLineNo">701</span> final RegionInfo hri = location.getRegion();<a name="line.701"></a> |
| <span class="sourceLineNo">702</span> AccessTestAction action = new AccessTestAction() {<a name="line.702"></a> |
| <span class="sourceLineNo">703</span> @Override<a name="line.703"></a> |
| <span class="sourceLineNo">704</span> public Object run() throws Exception {<a name="line.704"></a> |
| <span class="sourceLineNo">705</span> ACCESS_CONTROLLER.preRegionOffline(ObserverContextImpl.createAndPrepare(CP_ENV), hri);<a name="line.705"></a> |
| <span class="sourceLineNo">706</span> return null;<a name="line.706"></a> |
| <span class="sourceLineNo">707</span> }<a name="line.707"></a> |
| <span class="sourceLineNo">708</span> };<a name="line.708"></a> |
| <span class="sourceLineNo">709</span><a name="line.709"></a> |
| <span class="sourceLineNo">710</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.710"></a> |
| <span class="sourceLineNo">711</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.711"></a> |
| <span class="sourceLineNo">712</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.712"></a> |
| <span class="sourceLineNo">713</span> }<a name="line.713"></a> |
| <span class="sourceLineNo">714</span><a name="line.714"></a> |
| <span class="sourceLineNo">715</span> @Test<a name="line.715"></a> |
| <span class="sourceLineNo">716</span> public void testSetSplitOrMergeEnabled() throws Exception {<a name="line.716"></a> |
| <span class="sourceLineNo">717</span> AccessTestAction action = new AccessTestAction() {<a name="line.717"></a> |
| <span class="sourceLineNo">718</span> @Override<a name="line.718"></a> |
| <span class="sourceLineNo">719</span> public Object run() throws Exception {<a name="line.719"></a> |
| <span class="sourceLineNo">720</span> ACCESS_CONTROLLER.preSetSplitOrMergeEnabled(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.720"></a> |
| <span class="sourceLineNo">721</span> true, MasterSwitchType.MERGE);<a name="line.721"></a> |
| <span class="sourceLineNo">722</span> return null;<a name="line.722"></a> |
| <span class="sourceLineNo">723</span> }<a name="line.723"></a> |
| <span class="sourceLineNo">724</span> };<a name="line.724"></a> |
| <span class="sourceLineNo">725</span><a name="line.725"></a> |
| <span class="sourceLineNo">726</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.726"></a> |
| <span class="sourceLineNo">727</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.727"></a> |
| <span class="sourceLineNo">728</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.728"></a> |
| <span class="sourceLineNo">729</span> }<a name="line.729"></a> |
| <span class="sourceLineNo">730</span><a name="line.730"></a> |
| <span class="sourceLineNo">731</span> @Test<a name="line.731"></a> |
| <span class="sourceLineNo">732</span> public void testBalance() throws Exception {<a name="line.732"></a> |
| <span class="sourceLineNo">733</span> AccessTestAction action = new AccessTestAction() {<a name="line.733"></a> |
| <span class="sourceLineNo">734</span> @Override<a name="line.734"></a> |
| <span class="sourceLineNo">735</span> public Object run() throws Exception {<a name="line.735"></a> |
| <span class="sourceLineNo">736</span> ACCESS_CONTROLLER.preBalance(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.736"></a> |
| <span class="sourceLineNo">737</span> return null;<a name="line.737"></a> |
| <span class="sourceLineNo">738</span> }<a name="line.738"></a> |
| <span class="sourceLineNo">739</span> };<a name="line.739"></a> |
| <span class="sourceLineNo">740</span><a name="line.740"></a> |
| <span class="sourceLineNo">741</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.741"></a> |
| <span class="sourceLineNo">742</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.742"></a> |
| <span class="sourceLineNo">743</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.743"></a> |
| <span class="sourceLineNo">744</span> }<a name="line.744"></a> |
| <span class="sourceLineNo">745</span><a name="line.745"></a> |
| <span class="sourceLineNo">746</span> @Test<a name="line.746"></a> |
| <span class="sourceLineNo">747</span> public void testBalanceSwitch() throws Exception {<a name="line.747"></a> |
| <span class="sourceLineNo">748</span> AccessTestAction action = new AccessTestAction() {<a name="line.748"></a> |
| <span class="sourceLineNo">749</span> @Override<a name="line.749"></a> |
| <span class="sourceLineNo">750</span> public Object run() throws Exception {<a name="line.750"></a> |
| <span class="sourceLineNo">751</span> ACCESS_CONTROLLER.preBalanceSwitch(ObserverContextImpl.createAndPrepare(CP_ENV), true);<a name="line.751"></a> |
| <span class="sourceLineNo">752</span> return null;<a name="line.752"></a> |
| <span class="sourceLineNo">753</span> }<a name="line.753"></a> |
| <span class="sourceLineNo">754</span> };<a name="line.754"></a> |
| <span class="sourceLineNo">755</span><a name="line.755"></a> |
| <span class="sourceLineNo">756</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.756"></a> |
| <span class="sourceLineNo">757</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.757"></a> |
| <span class="sourceLineNo">758</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.758"></a> |
| <span class="sourceLineNo">759</span> }<a name="line.759"></a> |
| <span class="sourceLineNo">760</span><a name="line.760"></a> |
| <span class="sourceLineNo">761</span> @Test<a name="line.761"></a> |
| <span class="sourceLineNo">762</span> public void testShutdown() throws Exception {<a name="line.762"></a> |
| <span class="sourceLineNo">763</span> AccessTestAction action = new AccessTestAction() {<a name="line.763"></a> |
| <span class="sourceLineNo">764</span> @Override<a name="line.764"></a> |
| <span class="sourceLineNo">765</span> public Object run() throws Exception {<a name="line.765"></a> |
| <span class="sourceLineNo">766</span> ACCESS_CONTROLLER.preShutdown(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.766"></a> |
| <span class="sourceLineNo">767</span> return null;<a name="line.767"></a> |
| <span class="sourceLineNo">768</span> }<a name="line.768"></a> |
| <span class="sourceLineNo">769</span> };<a name="line.769"></a> |
| <span class="sourceLineNo">770</span><a name="line.770"></a> |
| <span class="sourceLineNo">771</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.771"></a> |
| <span class="sourceLineNo">772</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.772"></a> |
| <span class="sourceLineNo">773</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.773"></a> |
| <span class="sourceLineNo">774</span> }<a name="line.774"></a> |
| <span class="sourceLineNo">775</span><a name="line.775"></a> |
| <span class="sourceLineNo">776</span> @Test<a name="line.776"></a> |
| <span class="sourceLineNo">777</span> public void testStopMaster() throws Exception {<a name="line.777"></a> |
| <span class="sourceLineNo">778</span> AccessTestAction action = new AccessTestAction() {<a name="line.778"></a> |
| <span class="sourceLineNo">779</span> @Override<a name="line.779"></a> |
| <span class="sourceLineNo">780</span> public Object run() throws Exception {<a name="line.780"></a> |
| <span class="sourceLineNo">781</span> ACCESS_CONTROLLER.preStopMaster(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.781"></a> |
| <span class="sourceLineNo">782</span> return null;<a name="line.782"></a> |
| <span class="sourceLineNo">783</span> }<a name="line.783"></a> |
| <span class="sourceLineNo">784</span> };<a name="line.784"></a> |
| <span class="sourceLineNo">785</span><a name="line.785"></a> |
| <span class="sourceLineNo">786</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.786"></a> |
| <span class="sourceLineNo">787</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.787"></a> |
| <span class="sourceLineNo">788</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.788"></a> |
| <span class="sourceLineNo">789</span> }<a name="line.789"></a> |
| <span class="sourceLineNo">790</span><a name="line.790"></a> |
| <span class="sourceLineNo">791</span> private void verifyWrite(AccessTestAction action) throws Exception {<a name="line.791"></a> |
| <span class="sourceLineNo">792</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_RW,<a name="line.792"></a> |
| <span class="sourceLineNo">793</span> USER_GROUP_WRITE);<a name="line.793"></a> |
| <span class="sourceLineNo">794</span> verifyDenied(action, USER_NONE, USER_RO, USER_GROUP_ADMIN, USER_GROUP_READ, USER_GROUP_CREATE);<a name="line.794"></a> |
| <span class="sourceLineNo">795</span> }<a name="line.795"></a> |
| <span class="sourceLineNo">796</span><a name="line.796"></a> |
| <span class="sourceLineNo">797</span> @Test<a name="line.797"></a> |
| <span class="sourceLineNo">798</span> public void testSplitWithSplitRow() throws Exception {<a name="line.798"></a> |
| <span class="sourceLineNo">799</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.799"></a> |
| <span class="sourceLineNo">800</span> createTestTable(tableName);<a name="line.800"></a> |
| <span class="sourceLineNo">801</span> AccessTestAction action = new AccessTestAction() {<a name="line.801"></a> |
| <span class="sourceLineNo">802</span> @Override<a name="line.802"></a> |
| <span class="sourceLineNo">803</span> public Object run() throws Exception {<a name="line.803"></a> |
| <span class="sourceLineNo">804</span> ACCESS_CONTROLLER.preSplitRegion(<a name="line.804"></a> |
| <span class="sourceLineNo">805</span> ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.805"></a> |
| <span class="sourceLineNo">806</span> tableName,<a name="line.806"></a> |
| <span class="sourceLineNo">807</span> TEST_ROW);<a name="line.807"></a> |
| <span class="sourceLineNo">808</span> return null;<a name="line.808"></a> |
| <span class="sourceLineNo">809</span> }<a name="line.809"></a> |
| <span class="sourceLineNo">810</span> };<a name="line.810"></a> |
| <span class="sourceLineNo">811</span><a name="line.811"></a> |
| <span class="sourceLineNo">812</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.812"></a> |
| <span class="sourceLineNo">813</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.813"></a> |
| <span class="sourceLineNo">814</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.814"></a> |
| <span class="sourceLineNo">815</span> }<a name="line.815"></a> |
| <span class="sourceLineNo">816</span><a name="line.816"></a> |
| <span class="sourceLineNo">817</span> @Test<a name="line.817"></a> |
| <span class="sourceLineNo">818</span> public void testFlush() throws Exception {<a name="line.818"></a> |
| <span class="sourceLineNo">819</span> AccessTestAction action = new AccessTestAction() {<a name="line.819"></a> |
| <span class="sourceLineNo">820</span> @Override<a name="line.820"></a> |
| <span class="sourceLineNo">821</span> public Object run() throws Exception {<a name="line.821"></a> |
| <span class="sourceLineNo">822</span> ACCESS_CONTROLLER.preFlush(ObserverContextImpl.createAndPrepare(RCP_ENV),<a name="line.822"></a> |
| <span class="sourceLineNo">823</span> FlushLifeCycleTracker.DUMMY);<a name="line.823"></a> |
| <span class="sourceLineNo">824</span> return null;<a name="line.824"></a> |
| <span class="sourceLineNo">825</span> }<a name="line.825"></a> |
| <span class="sourceLineNo">826</span> };<a name="line.826"></a> |
| <span class="sourceLineNo">827</span><a name="line.827"></a> |
| <span class="sourceLineNo">828</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_GROUP_CREATE,<a name="line.828"></a> |
| <span class="sourceLineNo">829</span> USER_GROUP_ADMIN);<a name="line.829"></a> |
| <span class="sourceLineNo">830</span> verifyDenied(action, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.830"></a> |
| <span class="sourceLineNo">831</span> }<a name="line.831"></a> |
| <span class="sourceLineNo">832</span><a name="line.832"></a> |
| <span class="sourceLineNo">833</span> @Test<a name="line.833"></a> |
| <span class="sourceLineNo">834</span> public void testCompact() throws Exception {<a name="line.834"></a> |
| <span class="sourceLineNo">835</span> AccessTestAction action = new AccessTestAction() {<a name="line.835"></a> |
| <span class="sourceLineNo">836</span> @Override<a name="line.836"></a> |
| <span class="sourceLineNo">837</span> public Object run() throws Exception {<a name="line.837"></a> |
| <span class="sourceLineNo">838</span> ACCESS_CONTROLLER.preCompact(ObserverContextImpl.createAndPrepare(RCP_ENV), null, null,<a name="line.838"></a> |
| <span class="sourceLineNo">839</span> ScanType.COMPACT_RETAIN_DELETES, null, null);<a name="line.839"></a> |
| <span class="sourceLineNo">840</span> return null;<a name="line.840"></a> |
| <span class="sourceLineNo">841</span> }<a name="line.841"></a> |
| <span class="sourceLineNo">842</span> };<a name="line.842"></a> |
| <span class="sourceLineNo">843</span><a name="line.843"></a> |
| <span class="sourceLineNo">844</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_GROUP_CREATE,<a name="line.844"></a> |
| <span class="sourceLineNo">845</span> USER_GROUP_ADMIN);<a name="line.845"></a> |
| <span class="sourceLineNo">846</span> verifyDenied(action, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.846"></a> |
| <span class="sourceLineNo">847</span> }<a name="line.847"></a> |
| <span class="sourceLineNo">848</span><a name="line.848"></a> |
| <span class="sourceLineNo">849</span> private void verifyRead(AccessTestAction action) throws Exception {<a name="line.849"></a> |
| <span class="sourceLineNo">850</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_RW, USER_RO,<a name="line.850"></a> |
| <span class="sourceLineNo">851</span> USER_GROUP_READ);<a name="line.851"></a> |
| <span class="sourceLineNo">852</span> verifyDenied(action, USER_NONE, USER_GROUP_CREATE, USER_GROUP_ADMIN, USER_GROUP_WRITE);<a name="line.852"></a> |
| <span class="sourceLineNo">853</span> }<a name="line.853"></a> |
| <span class="sourceLineNo">854</span><a name="line.854"></a> |
| <span class="sourceLineNo">855</span> private void verifyReadWrite(AccessTestAction action) throws Exception {<a name="line.855"></a> |
| <span class="sourceLineNo">856</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_RW);<a name="line.856"></a> |
| <span class="sourceLineNo">857</span> verifyDenied(action, USER_NONE, USER_RO, USER_GROUP_ADMIN, USER_GROUP_CREATE, USER_GROUP_READ,<a name="line.857"></a> |
| <span class="sourceLineNo">858</span> USER_GROUP_WRITE);<a name="line.858"></a> |
| <span class="sourceLineNo">859</span> }<a name="line.859"></a> |
| <span class="sourceLineNo">860</span><a name="line.860"></a> |
| <span class="sourceLineNo">861</span> @Test<a name="line.861"></a> |
| <span class="sourceLineNo">862</span> public void testRead() throws Exception {<a name="line.862"></a> |
| <span class="sourceLineNo">863</span> // get action<a name="line.863"></a> |
| <span class="sourceLineNo">864</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.864"></a> |
| <span class="sourceLineNo">865</span> @Override<a name="line.865"></a> |
| <span class="sourceLineNo">866</span> public Object run() throws Exception {<a name="line.866"></a> |
| <span class="sourceLineNo">867</span> Get g = new Get(TEST_ROW);<a name="line.867"></a> |
| <span class="sourceLineNo">868</span> g.addFamily(TEST_FAMILY);<a name="line.868"></a> |
| <span class="sourceLineNo">869</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.869"></a> |
| <span class="sourceLineNo">870</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.870"></a> |
| <span class="sourceLineNo">871</span> t.get(g);<a name="line.871"></a> |
| <span class="sourceLineNo">872</span> }<a name="line.872"></a> |
| <span class="sourceLineNo">873</span> return null;<a name="line.873"></a> |
| <span class="sourceLineNo">874</span> }<a name="line.874"></a> |
| <span class="sourceLineNo">875</span> };<a name="line.875"></a> |
| <span class="sourceLineNo">876</span> verifyRead(getAction);<a name="line.876"></a> |
| <span class="sourceLineNo">877</span><a name="line.877"></a> |
| <span class="sourceLineNo">878</span> // action for scanning<a name="line.878"></a> |
| <span class="sourceLineNo">879</span> AccessTestAction scanAction = new AccessTestAction() {<a name="line.879"></a> |
| <span class="sourceLineNo">880</span> @Override<a name="line.880"></a> |
| <span class="sourceLineNo">881</span> public Object run() throws Exception {<a name="line.881"></a> |
| <span class="sourceLineNo">882</span> Scan s = new Scan();<a name="line.882"></a> |
| <span class="sourceLineNo">883</span> s.addFamily(TEST_FAMILY);<a name="line.883"></a> |
| <span class="sourceLineNo">884</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.884"></a> |
| <span class="sourceLineNo">885</span> Table table = conn.getTable(TEST_TABLE)) {<a name="line.885"></a> |
| <span class="sourceLineNo">886</span> ResultScanner scanner = table.getScanner(s);<a name="line.886"></a> |
| <span class="sourceLineNo">887</span> try {<a name="line.887"></a> |
| <span class="sourceLineNo">888</span> for (Result r = scanner.next(); r != null; r = scanner.next()) {<a name="line.888"></a> |
| <span class="sourceLineNo">889</span> // do nothing<a name="line.889"></a> |
| <span class="sourceLineNo">890</span> }<a name="line.890"></a> |
| <span class="sourceLineNo">891</span> } finally {<a name="line.891"></a> |
| <span class="sourceLineNo">892</span> scanner.close();<a name="line.892"></a> |
| <span class="sourceLineNo">893</span> }<a name="line.893"></a> |
| <span class="sourceLineNo">894</span> }<a name="line.894"></a> |
| <span class="sourceLineNo">895</span> return null;<a name="line.895"></a> |
| <span class="sourceLineNo">896</span> }<a name="line.896"></a> |
| <span class="sourceLineNo">897</span> };<a name="line.897"></a> |
| <span class="sourceLineNo">898</span> verifyRead(scanAction);<a name="line.898"></a> |
| <span class="sourceLineNo">899</span> }<a name="line.899"></a> |
| <span class="sourceLineNo">900</span><a name="line.900"></a> |
| <span class="sourceLineNo">901</span> @Test<a name="line.901"></a> |
| <span class="sourceLineNo">902</span> // test put, delete, increment<a name="line.902"></a> |
| <span class="sourceLineNo">903</span> public void testWrite() throws Exception {<a name="line.903"></a> |
| <span class="sourceLineNo">904</span> // put action<a name="line.904"></a> |
| <span class="sourceLineNo">905</span> AccessTestAction putAction = new AccessTestAction() {<a name="line.905"></a> |
| <span class="sourceLineNo">906</span> @Override<a name="line.906"></a> |
| <span class="sourceLineNo">907</span> public Object run() throws Exception {<a name="line.907"></a> |
| <span class="sourceLineNo">908</span> Put p = new Put(TEST_ROW);<a name="line.908"></a> |
| <span class="sourceLineNo">909</span> p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));<a name="line.909"></a> |
| <span class="sourceLineNo">910</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.910"></a> |
| <span class="sourceLineNo">911</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.911"></a> |
| <span class="sourceLineNo">912</span> t.put(p);<a name="line.912"></a> |
| <span class="sourceLineNo">913</span> }<a name="line.913"></a> |
| <span class="sourceLineNo">914</span> return null;<a name="line.914"></a> |
| <span class="sourceLineNo">915</span> }<a name="line.915"></a> |
| <span class="sourceLineNo">916</span> };<a name="line.916"></a> |
| <span class="sourceLineNo">917</span> verifyWrite(putAction);<a name="line.917"></a> |
| <span class="sourceLineNo">918</span><a name="line.918"></a> |
| <span class="sourceLineNo">919</span> // delete action<a name="line.919"></a> |
| <span class="sourceLineNo">920</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.920"></a> |
| <span class="sourceLineNo">921</span> @Override<a name="line.921"></a> |
| <span class="sourceLineNo">922</span> public Object run() throws Exception {<a name="line.922"></a> |
| <span class="sourceLineNo">923</span> Delete d = new Delete(TEST_ROW);<a name="line.923"></a> |
| <span class="sourceLineNo">924</span> d.addFamily(TEST_FAMILY);<a name="line.924"></a> |
| <span class="sourceLineNo">925</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.925"></a> |
| <span class="sourceLineNo">926</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.926"></a> |
| <span class="sourceLineNo">927</span> t.delete(d);<a name="line.927"></a> |
| <span class="sourceLineNo">928</span> }<a name="line.928"></a> |
| <span class="sourceLineNo">929</span> return null;<a name="line.929"></a> |
| <span class="sourceLineNo">930</span> }<a name="line.930"></a> |
| <span class="sourceLineNo">931</span> };<a name="line.931"></a> |
| <span class="sourceLineNo">932</span> verifyWrite(deleteAction);<a name="line.932"></a> |
| <span class="sourceLineNo">933</span><a name="line.933"></a> |
| <span class="sourceLineNo">934</span> // increment action<a name="line.934"></a> |
| <span class="sourceLineNo">935</span> AccessTestAction incrementAction = new AccessTestAction() {<a name="line.935"></a> |
| <span class="sourceLineNo">936</span> @Override<a name="line.936"></a> |
| <span class="sourceLineNo">937</span> public Object run() throws Exception {<a name="line.937"></a> |
| <span class="sourceLineNo">938</span> Increment inc = new Increment(TEST_ROW);<a name="line.938"></a> |
| <span class="sourceLineNo">939</span> inc.addColumn(TEST_FAMILY, TEST_QUALIFIER, 1);<a name="line.939"></a> |
| <span class="sourceLineNo">940</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.940"></a> |
| <span class="sourceLineNo">941</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.941"></a> |
| <span class="sourceLineNo">942</span> t.increment(inc);<a name="line.942"></a> |
| <span class="sourceLineNo">943</span> }<a name="line.943"></a> |
| <span class="sourceLineNo">944</span> return null;<a name="line.944"></a> |
| <span class="sourceLineNo">945</span> }<a name="line.945"></a> |
| <span class="sourceLineNo">946</span> };<a name="line.946"></a> |
| <span class="sourceLineNo">947</span> verifyWrite(incrementAction);<a name="line.947"></a> |
| <span class="sourceLineNo">948</span> }<a name="line.948"></a> |
| <span class="sourceLineNo">949</span><a name="line.949"></a> |
| <span class="sourceLineNo">950</span> @Test<a name="line.950"></a> |
| <span class="sourceLineNo">951</span> public void testReadWrite() throws Exception {<a name="line.951"></a> |
| <span class="sourceLineNo">952</span> // action for checkAndDelete<a name="line.952"></a> |
| <span class="sourceLineNo">953</span> AccessTestAction checkAndDeleteAction = new AccessTestAction() {<a name="line.953"></a> |
| <span class="sourceLineNo">954</span> @Override<a name="line.954"></a> |
| <span class="sourceLineNo">955</span> public Object run() throws Exception {<a name="line.955"></a> |
| <span class="sourceLineNo">956</span> Delete d = new Delete(TEST_ROW);<a name="line.956"></a> |
| <span class="sourceLineNo">957</span> d.addFamily(TEST_FAMILY);<a name="line.957"></a> |
| <span class="sourceLineNo">958</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.958"></a> |
| <span class="sourceLineNo">959</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.959"></a> |
| <span class="sourceLineNo">960</span> t.checkAndMutate(TEST_ROW, TEST_FAMILY).qualifier(TEST_QUALIFIER)<a name="line.960"></a> |
| <span class="sourceLineNo">961</span> .ifEquals(Bytes.toBytes("test_value")).thenDelete(d);<a name="line.961"></a> |
| <span class="sourceLineNo">962</span> }<a name="line.962"></a> |
| <span class="sourceLineNo">963</span> return null;<a name="line.963"></a> |
| <span class="sourceLineNo">964</span> }<a name="line.964"></a> |
| <span class="sourceLineNo">965</span> };<a name="line.965"></a> |
| <span class="sourceLineNo">966</span> verifyReadWrite(checkAndDeleteAction);<a name="line.966"></a> |
| <span class="sourceLineNo">967</span><a name="line.967"></a> |
| <span class="sourceLineNo">968</span> // action for checkAndPut()<a name="line.968"></a> |
| <span class="sourceLineNo">969</span> AccessTestAction checkAndPut = new AccessTestAction() {<a name="line.969"></a> |
| <span class="sourceLineNo">970</span> @Override<a name="line.970"></a> |
| <span class="sourceLineNo">971</span> public Object run() throws Exception {<a name="line.971"></a> |
| <span class="sourceLineNo">972</span> Put p = new Put(TEST_ROW);<a name="line.972"></a> |
| <span class="sourceLineNo">973</span> p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));<a name="line.973"></a> |
| <span class="sourceLineNo">974</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.974"></a> |
| <span class="sourceLineNo">975</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.975"></a> |
| <span class="sourceLineNo">976</span> t.checkAndMutate(TEST_ROW, TEST_FAMILY).qualifier(TEST_QUALIFIER)<a name="line.976"></a> |
| <span class="sourceLineNo">977</span> .ifEquals(Bytes.toBytes("test_value")).thenPut(p);<a name="line.977"></a> |
| <span class="sourceLineNo">978</span> }<a name="line.978"></a> |
| <span class="sourceLineNo">979</span> return null;<a name="line.979"></a> |
| <span class="sourceLineNo">980</span> }<a name="line.980"></a> |
| <span class="sourceLineNo">981</span> };<a name="line.981"></a> |
| <span class="sourceLineNo">982</span> verifyReadWrite(checkAndPut);<a name="line.982"></a> |
| <span class="sourceLineNo">983</span> }<a name="line.983"></a> |
| <span class="sourceLineNo">984</span><a name="line.984"></a> |
| <span class="sourceLineNo">985</span> @Test<a name="line.985"></a> |
| <span class="sourceLineNo">986</span> public void testBulkLoad() throws Exception {<a name="line.986"></a> |
| <span class="sourceLineNo">987</span> try {<a name="line.987"></a> |
| <span class="sourceLineNo">988</span> FileSystem fs = TEST_UTIL.getTestFileSystem();<a name="line.988"></a> |
| <span class="sourceLineNo">989</span> final Path dir = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoad");<a name="line.989"></a> |
| <span class="sourceLineNo">990</span> fs.mkdirs(dir);<a name="line.990"></a> |
| <span class="sourceLineNo">991</span> // need to make it globally writable<a name="line.991"></a> |
| <span class="sourceLineNo">992</span> // so users creating HFiles have write permissions<a name="line.992"></a> |
| <span class="sourceLineNo">993</span> fs.setPermission(dir, FS_PERMISSION_ALL);<a name="line.993"></a> |
| <span class="sourceLineNo">994</span><a name="line.994"></a> |
| <span class="sourceLineNo">995</span> AccessTestAction bulkLoadAction = new AccessTestAction() {<a name="line.995"></a> |
| <span class="sourceLineNo">996</span> @Override<a name="line.996"></a> |
| <span class="sourceLineNo">997</span> public Object run() throws Exception {<a name="line.997"></a> |
| <span class="sourceLineNo">998</span> int numRows = 3;<a name="line.998"></a> |
| <span class="sourceLineNo">999</span><a name="line.999"></a> |
| <span class="sourceLineNo">1000</span> // Making the assumption that the test table won't split between the range<a name="line.1000"></a> |
| <span class="sourceLineNo">1001</span> byte[][][] hfileRanges = { { { (byte) 0 }, { (byte) 9 } } };<a name="line.1001"></a> |
| <span class="sourceLineNo">1002</span><a name="line.1002"></a> |
| <span class="sourceLineNo">1003</span> Path bulkLoadBasePath = new Path(dir, new Path(User.getCurrent().getName()));<a name="line.1003"></a> |
| <span class="sourceLineNo">1004</span> new BulkLoadHelper(bulkLoadBasePath).initHFileData(TEST_FAMILY, TEST_QUALIFIER,<a name="line.1004"></a> |
| <span class="sourceLineNo">1005</span> hfileRanges, numRows, FS_PERMISSION_ALL).bulkLoadHFile(TEST_TABLE);<a name="line.1005"></a> |
| <span class="sourceLineNo">1006</span> return null;<a name="line.1006"></a> |
| <span class="sourceLineNo">1007</span> }<a name="line.1007"></a> |
| <span class="sourceLineNo">1008</span> };<a name="line.1008"></a> |
| <span class="sourceLineNo">1009</span><a name="line.1009"></a> |
| <span class="sourceLineNo">1010</span> // User performing bulk loads must have privilege to read table metadata<a name="line.1010"></a> |
| <span class="sourceLineNo">1011</span> // (ADMIN or CREATE)<a name="line.1011"></a> |
| <span class="sourceLineNo">1012</span> verifyAllowed(bulkLoadAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE,<a name="line.1012"></a> |
| <span class="sourceLineNo">1013</span> USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.1013"></a> |
| <span class="sourceLineNo">1014</span> verifyDenied(bulkLoadAction, USER_RW, USER_NONE, USER_RO, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1014"></a> |
| <span class="sourceLineNo">1015</span> } finally {<a name="line.1015"></a> |
| <span class="sourceLineNo">1016</span> // Reinit after the bulk upload<a name="line.1016"></a> |
| <span class="sourceLineNo">1017</span> TEST_UTIL.getAdmin().disableTable(TEST_TABLE);<a name="line.1017"></a> |
| <span class="sourceLineNo">1018</span> TEST_UTIL.getAdmin().enableTable(TEST_TABLE);<a name="line.1018"></a> |
| <span class="sourceLineNo">1019</span> }<a name="line.1019"></a> |
| <span class="sourceLineNo">1020</span> }<a name="line.1020"></a> |
| <span class="sourceLineNo">1021</span><a name="line.1021"></a> |
| <span class="sourceLineNo">1022</span> private class BulkLoadAccessTestAction implements AccessTestAction {<a name="line.1022"></a> |
| <span class="sourceLineNo">1023</span> private FsPermission filePermission;<a name="line.1023"></a> |
| <span class="sourceLineNo">1024</span> private Path testDataDir;<a name="line.1024"></a> |
| <span class="sourceLineNo">1025</span><a name="line.1025"></a> |
| <span class="sourceLineNo">1026</span> public BulkLoadAccessTestAction(FsPermission perm, Path testDataDir) {<a name="line.1026"></a> |
| <span class="sourceLineNo">1027</span> this.filePermission = perm;<a name="line.1027"></a> |
| <span class="sourceLineNo">1028</span> this.testDataDir = testDataDir;<a name="line.1028"></a> |
| <span class="sourceLineNo">1029</span> }<a name="line.1029"></a> |
| <span class="sourceLineNo">1030</span><a name="line.1030"></a> |
| <span class="sourceLineNo">1031</span> @Override<a name="line.1031"></a> |
| <span class="sourceLineNo">1032</span> public Object run() throws Exception {<a name="line.1032"></a> |
| <span class="sourceLineNo">1033</span> FileSystem fs = TEST_UTIL.getTestFileSystem();<a name="line.1033"></a> |
| <span class="sourceLineNo">1034</span> fs.mkdirs(testDataDir);<a name="line.1034"></a> |
| <span class="sourceLineNo">1035</span> fs.setPermission(testDataDir, FS_PERMISSION_ALL);<a name="line.1035"></a> |
| <span class="sourceLineNo">1036</span> // Making the assumption that the test table won't split between the range<a name="line.1036"></a> |
| <span class="sourceLineNo">1037</span> byte[][][] hfileRanges = { { { (byte) 0 }, { (byte) 9 } } };<a name="line.1037"></a> |
| <span class="sourceLineNo">1038</span> Path bulkLoadBasePath = new Path(testDataDir, new Path(User.getCurrent().getName()));<a name="line.1038"></a> |
| <span class="sourceLineNo">1039</span> new BulkLoadHelper(bulkLoadBasePath)<a name="line.1039"></a> |
| <span class="sourceLineNo">1040</span> .initHFileData(TEST_FAMILY, TEST_QUALIFIER, hfileRanges, 3, filePermission)<a name="line.1040"></a> |
| <span class="sourceLineNo">1041</span> .bulkLoadHFile(TEST_TABLE);<a name="line.1041"></a> |
| <span class="sourceLineNo">1042</span> return null;<a name="line.1042"></a> |
| <span class="sourceLineNo">1043</span> }<a name="line.1043"></a> |
| <span class="sourceLineNo">1044</span> }<a name="line.1044"></a> |
| <span class="sourceLineNo">1045</span><a name="line.1045"></a> |
| <span class="sourceLineNo">1046</span> @Test<a name="line.1046"></a> |
| <span class="sourceLineNo">1047</span> public void testBulkLoadWithoutWritePermission() throws Exception {<a name="line.1047"></a> |
| <span class="sourceLineNo">1048</span> // Use the USER_CREATE to initialize the source directory.<a name="line.1048"></a> |
| <span class="sourceLineNo">1049</span> Path testDataDir0 = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoadWithoutWritePermission0");<a name="line.1049"></a> |
| <span class="sourceLineNo">1050</span> Path testDataDir1 = TEST_UTIL.getDataTestDirOnTestFS("testBulkLoadWithoutWritePermission1");<a name="line.1050"></a> |
| <span class="sourceLineNo">1051</span> AccessTestAction bulkLoadAction1 =<a name="line.1051"></a> |
| <span class="sourceLineNo">1052</span> new BulkLoadAccessTestAction(FsPermission.valueOf("-r-xr-xr-x"), testDataDir0);<a name="line.1052"></a> |
| <span class="sourceLineNo">1053</span> AccessTestAction bulkLoadAction2 =<a name="line.1053"></a> |
| <span class="sourceLineNo">1054</span> new BulkLoadAccessTestAction(FS_PERMISSION_ALL, testDataDir1);<a name="line.1054"></a> |
| <span class="sourceLineNo">1055</span> // Test the incorrect case.<a name="line.1055"></a> |
| <span class="sourceLineNo">1056</span> BulkLoadHelper.setPermission(TEST_UTIL.getTestFileSystem(),<a name="line.1056"></a> |
| <span class="sourceLineNo">1057</span> TEST_UTIL.getTestFileSystem().getWorkingDirectory(), FS_PERMISSION_ALL);<a name="line.1057"></a> |
| <span class="sourceLineNo">1058</span> try {<a name="line.1058"></a> |
| <span class="sourceLineNo">1059</span> USER_CREATE.runAs(bulkLoadAction1);<a name="line.1059"></a> |
| <span class="sourceLineNo">1060</span> fail("Should fail because the hbase user has no write permission on hfiles.");<a name="line.1060"></a> |
| <span class="sourceLineNo">1061</span> } catch (IOException e) {<a name="line.1061"></a> |
| <span class="sourceLineNo">1062</span> }<a name="line.1062"></a> |
| <span class="sourceLineNo">1063</span> // Ensure the correct case.<a name="line.1063"></a> |
| <span class="sourceLineNo">1064</span> USER_CREATE.runAs(bulkLoadAction2);<a name="line.1064"></a> |
| <span class="sourceLineNo">1065</span> }<a name="line.1065"></a> |
| <span class="sourceLineNo">1066</span><a name="line.1066"></a> |
| <span class="sourceLineNo">1067</span> public static class BulkLoadHelper {<a name="line.1067"></a> |
| <span class="sourceLineNo">1068</span> private final FileSystem fs;<a name="line.1068"></a> |
| <span class="sourceLineNo">1069</span> private final Path loadPath;<a name="line.1069"></a> |
| <span class="sourceLineNo">1070</span> private final Configuration conf;<a name="line.1070"></a> |
| <span class="sourceLineNo">1071</span><a name="line.1071"></a> |
| <span class="sourceLineNo">1072</span> public BulkLoadHelper(Path loadPath) throws IOException {<a name="line.1072"></a> |
| <span class="sourceLineNo">1073</span> fs = TEST_UTIL.getTestFileSystem();<a name="line.1073"></a> |
| <span class="sourceLineNo">1074</span> conf = TEST_UTIL.getConfiguration();<a name="line.1074"></a> |
| <span class="sourceLineNo">1075</span> loadPath = loadPath.makeQualified(fs);<a name="line.1075"></a> |
| <span class="sourceLineNo">1076</span> this.loadPath = loadPath;<a name="line.1076"></a> |
| <span class="sourceLineNo">1077</span> }<a name="line.1077"></a> |
| <span class="sourceLineNo">1078</span><a name="line.1078"></a> |
| <span class="sourceLineNo">1079</span> private void createHFile(Path path,<a name="line.1079"></a> |
| <span class="sourceLineNo">1080</span> byte[] family, byte[] qualifier,<a name="line.1080"></a> |
| <span class="sourceLineNo">1081</span> byte[] startKey, byte[] endKey, int numRows) throws IOException {<a name="line.1081"></a> |
| <span class="sourceLineNo">1082</span> HFile.Writer writer = null;<a name="line.1082"></a> |
| <span class="sourceLineNo">1083</span> long now = System.currentTimeMillis();<a name="line.1083"></a> |
| <span class="sourceLineNo">1084</span> try {<a name="line.1084"></a> |
| <span class="sourceLineNo">1085</span> HFileContext context = new HFileContextBuilder().build();<a name="line.1085"></a> |
| <span class="sourceLineNo">1086</span> writer = HFile.getWriterFactory(conf, new CacheConfig(conf)).withPath(fs, path)<a name="line.1086"></a> |
| <span class="sourceLineNo">1087</span> .withFileContext(context).create();<a name="line.1087"></a> |
| <span class="sourceLineNo">1088</span> // subtract 2 since numRows doesn't include boundary keys<a name="line.1088"></a> |
| <span class="sourceLineNo">1089</span> for (byte[] key : Bytes.iterateOnSplits(startKey, endKey, true, numRows - 2)) {<a name="line.1089"></a> |
| <span class="sourceLineNo">1090</span> KeyValue kv = new KeyValue(key, family, qualifier, now, key);<a name="line.1090"></a> |
| <span class="sourceLineNo">1091</span> writer.append(kv);<a name="line.1091"></a> |
| <span class="sourceLineNo">1092</span> }<a name="line.1092"></a> |
| <span class="sourceLineNo">1093</span> } finally {<a name="line.1093"></a> |
| <span class="sourceLineNo">1094</span> if (writer != null) {<a name="line.1094"></a> |
| <span class="sourceLineNo">1095</span> writer.close();<a name="line.1095"></a> |
| <span class="sourceLineNo">1096</span> }<a name="line.1096"></a> |
| <span class="sourceLineNo">1097</span> }<a name="line.1097"></a> |
| <span class="sourceLineNo">1098</span> }<a name="line.1098"></a> |
| <span class="sourceLineNo">1099</span><a name="line.1099"></a> |
| <span class="sourceLineNo">1100</span> private BulkLoadHelper initHFileData(byte[] family, byte[] qualifier, byte[][][] hfileRanges,<a name="line.1100"></a> |
| <span class="sourceLineNo">1101</span> int numRowsPerRange, FsPermission filePermission) throws Exception {<a name="line.1101"></a> |
| <span class="sourceLineNo">1102</span> Path familyDir = new Path(loadPath, Bytes.toString(family));<a name="line.1102"></a> |
| <span class="sourceLineNo">1103</span> fs.mkdirs(familyDir);<a name="line.1103"></a> |
| <span class="sourceLineNo">1104</span> int hfileIdx = 0;<a name="line.1104"></a> |
| <span class="sourceLineNo">1105</span> List<Path> hfiles = new ArrayList<>();<a name="line.1105"></a> |
| <span class="sourceLineNo">1106</span> for (byte[][] range : hfileRanges) {<a name="line.1106"></a> |
| <span class="sourceLineNo">1107</span> byte[] from = range[0];<a name="line.1107"></a> |
| <span class="sourceLineNo">1108</span> byte[] to = range[1];<a name="line.1108"></a> |
| <span class="sourceLineNo">1109</span> Path hfile = new Path(familyDir, "hfile_" + (hfileIdx++));<a name="line.1109"></a> |
| <span class="sourceLineNo">1110</span> hfiles.add(hfile);<a name="line.1110"></a> |
| <span class="sourceLineNo">1111</span> createHFile(hfile, family, qualifier, from, to, numRowsPerRange);<a name="line.1111"></a> |
| <span class="sourceLineNo">1112</span> }<a name="line.1112"></a> |
| <span class="sourceLineNo">1113</span> // set global read so RegionServer can move it<a name="line.1113"></a> |
| <span class="sourceLineNo">1114</span> setPermission(fs, loadPath, FS_PERMISSION_ALL);<a name="line.1114"></a> |
| <span class="sourceLineNo">1115</span> // Ensure the file permission as requested.<a name="line.1115"></a> |
| <span class="sourceLineNo">1116</span> for (Path hfile : hfiles) {<a name="line.1116"></a> |
| <span class="sourceLineNo">1117</span> setPermission(fs, hfile, filePermission);<a name="line.1117"></a> |
| <span class="sourceLineNo">1118</span> }<a name="line.1118"></a> |
| <span class="sourceLineNo">1119</span> return this;<a name="line.1119"></a> |
| <span class="sourceLineNo">1120</span> }<a name="line.1120"></a> |
| <span class="sourceLineNo">1121</span><a name="line.1121"></a> |
| <span class="sourceLineNo">1122</span> private void bulkLoadHFile(TableName tableName) throws Exception {<a name="line.1122"></a> |
| <span class="sourceLineNo">1123</span> TEST_UTIL.waitUntilAllRegionsAssigned(tableName);<a name="line.1123"></a> |
| <span class="sourceLineNo">1124</span> BulkLoadHFiles.create(conf).bulkLoad(tableName, loadPath);<a name="line.1124"></a> |
| <span class="sourceLineNo">1125</span> }<a name="line.1125"></a> |
| <span class="sourceLineNo">1126</span><a name="line.1126"></a> |
| <span class="sourceLineNo">1127</span> private static void setPermission(FileSystem fs, Path dir, FsPermission perm)<a name="line.1127"></a> |
| <span class="sourceLineNo">1128</span> throws IOException {<a name="line.1128"></a> |
| <span class="sourceLineNo">1129</span> if (!fs.getFileStatus(dir).isDirectory()) {<a name="line.1129"></a> |
| <span class="sourceLineNo">1130</span> fs.setPermission(dir, perm);<a name="line.1130"></a> |
| <span class="sourceLineNo">1131</span> } else {<a name="line.1131"></a> |
| <span class="sourceLineNo">1132</span> for (FileStatus el : fs.listStatus(dir)) {<a name="line.1132"></a> |
| <span class="sourceLineNo">1133</span> fs.setPermission(el.getPath(), perm);<a name="line.1133"></a> |
| <span class="sourceLineNo">1134</span> setPermission(fs, el.getPath(), perm);<a name="line.1134"></a> |
| <span class="sourceLineNo">1135</span> }<a name="line.1135"></a> |
| <span class="sourceLineNo">1136</span> }<a name="line.1136"></a> |
| <span class="sourceLineNo">1137</span> }<a name="line.1137"></a> |
| <span class="sourceLineNo">1138</span> }<a name="line.1138"></a> |
| <span class="sourceLineNo">1139</span><a name="line.1139"></a> |
| <span class="sourceLineNo">1140</span> @Test<a name="line.1140"></a> |
| <span class="sourceLineNo">1141</span> public void testAppend() throws Exception {<a name="line.1141"></a> |
| <span class="sourceLineNo">1142</span><a name="line.1142"></a> |
| <span class="sourceLineNo">1143</span> AccessTestAction appendAction = new AccessTestAction() {<a name="line.1143"></a> |
| <span class="sourceLineNo">1144</span> @Override<a name="line.1144"></a> |
| <span class="sourceLineNo">1145</span> public Object run() throws Exception {<a name="line.1145"></a> |
| <span class="sourceLineNo">1146</span> byte[] row = TEST_ROW;<a name="line.1146"></a> |
| <span class="sourceLineNo">1147</span> byte[] qualifier = TEST_QUALIFIER;<a name="line.1147"></a> |
| <span class="sourceLineNo">1148</span> Put put = new Put(row);<a name="line.1148"></a> |
| <span class="sourceLineNo">1149</span> put.addColumn(TEST_FAMILY, qualifier, Bytes.toBytes(1));<a name="line.1149"></a> |
| <span class="sourceLineNo">1150</span> Append append = new Append(row);<a name="line.1150"></a> |
| <span class="sourceLineNo">1151</span> append.addColumn(TEST_FAMILY, qualifier, Bytes.toBytes(2));<a name="line.1151"></a> |
| <span class="sourceLineNo">1152</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1152"></a> |
| <span class="sourceLineNo">1153</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.1153"></a> |
| <span class="sourceLineNo">1154</span> t.put(put);<a name="line.1154"></a> |
| <span class="sourceLineNo">1155</span> t.append(append);<a name="line.1155"></a> |
| <span class="sourceLineNo">1156</span> }<a name="line.1156"></a> |
| <span class="sourceLineNo">1157</span> return null;<a name="line.1157"></a> |
| <span class="sourceLineNo">1158</span> }<a name="line.1158"></a> |
| <span class="sourceLineNo">1159</span> };<a name="line.1159"></a> |
| <span class="sourceLineNo">1160</span><a name="line.1160"></a> |
| <span class="sourceLineNo">1161</span> verifyAllowed(appendAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_RW,<a name="line.1161"></a> |
| <span class="sourceLineNo">1162</span> USER_GROUP_WRITE);<a name="line.1162"></a> |
| <span class="sourceLineNo">1163</span> verifyDenied(appendAction, USER_RO, USER_NONE, USER_GROUP_CREATE, USER_GROUP_READ,<a name="line.1163"></a> |
| <span class="sourceLineNo">1164</span> USER_GROUP_ADMIN);<a name="line.1164"></a> |
| <span class="sourceLineNo">1165</span> }<a name="line.1165"></a> |
| <span class="sourceLineNo">1166</span><a name="line.1166"></a> |
| <span class="sourceLineNo">1167</span> @Test<a name="line.1167"></a> |
| <span class="sourceLineNo">1168</span> public void testGrantRevoke() throws Exception {<a name="line.1168"></a> |
| <span class="sourceLineNo">1169</span> AccessTestAction grantAction = new AccessTestAction() {<a name="line.1169"></a> |
| <span class="sourceLineNo">1170</span> @Override<a name="line.1170"></a> |
| <span class="sourceLineNo">1171</span> public Object run() throws Exception {<a name="line.1171"></a> |
| <span class="sourceLineNo">1172</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.1172"></a> |
| <span class="sourceLineNo">1173</span> conn.getAdmin().grant(new UserPermission(USER_RO.getShortName(), Permission<a name="line.1173"></a> |
| <span class="sourceLineNo">1174</span> .newBuilder(TEST_TABLE).withFamily(TEST_FAMILY).withActions(Action.READ).build()),<a name="line.1174"></a> |
| <span class="sourceLineNo">1175</span> false);<a name="line.1175"></a> |
| <span class="sourceLineNo">1176</span> }<a name="line.1176"></a> |
| <span class="sourceLineNo">1177</span> return null;<a name="line.1177"></a> |
| <span class="sourceLineNo">1178</span> }<a name="line.1178"></a> |
| <span class="sourceLineNo">1179</span> };<a name="line.1179"></a> |
| <span class="sourceLineNo">1180</span><a name="line.1180"></a> |
| <span class="sourceLineNo">1181</span> AccessTestAction revokeAction = new AccessTestAction() {<a name="line.1181"></a> |
| <span class="sourceLineNo">1182</span> @Override<a name="line.1182"></a> |
| <span class="sourceLineNo">1183</span> public Object run() throws Exception {<a name="line.1183"></a> |
| <span class="sourceLineNo">1184</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.1184"></a> |
| <span class="sourceLineNo">1185</span> conn.getAdmin().revoke(new UserPermission(USER_RO.getShortName(), Permission<a name="line.1185"></a> |
| <span class="sourceLineNo">1186</span> .newBuilder(TEST_TABLE).withFamily(TEST_FAMILY).withActions(Action.READ).build()));<a name="line.1186"></a> |
| <span class="sourceLineNo">1187</span> }<a name="line.1187"></a> |
| <span class="sourceLineNo">1188</span> return null;<a name="line.1188"></a> |
| <span class="sourceLineNo">1189</span> }<a name="line.1189"></a> |
| <span class="sourceLineNo">1190</span> };<a name="line.1190"></a> |
| <span class="sourceLineNo">1191</span><a name="line.1191"></a> |
| <span class="sourceLineNo">1192</span> AccessTestAction getTablePermissionsAction = new AccessTestAction() {<a name="line.1192"></a> |
| <span class="sourceLineNo">1193</span> @Override<a name="line.1193"></a> |
| <span class="sourceLineNo">1194</span> public Object run() throws Exception {<a name="line.1194"></a> |
| <span class="sourceLineNo">1195</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.1195"></a> |
| <span class="sourceLineNo">1196</span> conn.getAdmin()<a name="line.1196"></a> |
| <span class="sourceLineNo">1197</span> .getUserPermissions(GetUserPermissionsRequest.newBuilder(TEST_TABLE).build());<a name="line.1197"></a> |
| <span class="sourceLineNo">1198</span> }<a name="line.1198"></a> |
| <span class="sourceLineNo">1199</span> return null;<a name="line.1199"></a> |
| <span class="sourceLineNo">1200</span> }<a name="line.1200"></a> |
| <span class="sourceLineNo">1201</span> };<a name="line.1201"></a> |
| <span class="sourceLineNo">1202</span><a name="line.1202"></a> |
| <span class="sourceLineNo">1203</span> AccessTestAction getGlobalPermissionsAction = new AccessTestAction() {<a name="line.1203"></a> |
| <span class="sourceLineNo">1204</span> @Override<a name="line.1204"></a> |
| <span class="sourceLineNo">1205</span> public Object run() throws Exception {<a name="line.1205"></a> |
| <span class="sourceLineNo">1206</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.1206"></a> |
| <span class="sourceLineNo">1207</span> conn.getAdmin().getUserPermissions(GetUserPermissionsRequest.newBuilder().build());<a name="line.1207"></a> |
| <span class="sourceLineNo">1208</span> }<a name="line.1208"></a> |
| <span class="sourceLineNo">1209</span> return null;<a name="line.1209"></a> |
| <span class="sourceLineNo">1210</span> }<a name="line.1210"></a> |
| <span class="sourceLineNo">1211</span> };<a name="line.1211"></a> |
| <span class="sourceLineNo">1212</span><a name="line.1212"></a> |
| <span class="sourceLineNo">1213</span> AccessTestAction preGrantAction = new AccessTestAction() {<a name="line.1213"></a> |
| <span class="sourceLineNo">1214</span> @Override<a name="line.1214"></a> |
| <span class="sourceLineNo">1215</span> public Object run() throws Exception {<a name="line.1215"></a> |
| <span class="sourceLineNo">1216</span> ACCESS_CONTROLLER.preGrant(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.1216"></a> |
| <span class="sourceLineNo">1217</span> new UserPermission(USER_RO.getShortName(), Permission.newBuilder(TEST_TABLE)<a name="line.1217"></a> |
| <span class="sourceLineNo">1218</span> .withFamily(TEST_FAMILY).withActions(Action.READ).build()),<a name="line.1218"></a> |
| <span class="sourceLineNo">1219</span> false);<a name="line.1219"></a> |
| <span class="sourceLineNo">1220</span> return null;<a name="line.1220"></a> |
| <span class="sourceLineNo">1221</span> }<a name="line.1221"></a> |
| <span class="sourceLineNo">1222</span> };<a name="line.1222"></a> |
| <span class="sourceLineNo">1223</span><a name="line.1223"></a> |
| <span class="sourceLineNo">1224</span> AccessTestAction preRevokeAction = new AccessTestAction() {<a name="line.1224"></a> |
| <span class="sourceLineNo">1225</span> @Override<a name="line.1225"></a> |
| <span class="sourceLineNo">1226</span> public Object run() throws Exception {<a name="line.1226"></a> |
| <span class="sourceLineNo">1227</span> ACCESS_CONTROLLER.preRevoke(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.1227"></a> |
| <span class="sourceLineNo">1228</span> new UserPermission(USER_RO.getShortName(), Permission.newBuilder(TEST_TABLE)<a name="line.1228"></a> |
| <span class="sourceLineNo">1229</span> .withFamily(TEST_FAMILY).withActions(Action.READ).build()));<a name="line.1229"></a> |
| <span class="sourceLineNo">1230</span> return null;<a name="line.1230"></a> |
| <span class="sourceLineNo">1231</span> }<a name="line.1231"></a> |
| <span class="sourceLineNo">1232</span> };<a name="line.1232"></a> |
| <span class="sourceLineNo">1233</span><a name="line.1233"></a> |
| <span class="sourceLineNo">1234</span> AccessTestAction grantCPAction = new AccessTestAction() {<a name="line.1234"></a> |
| <span class="sourceLineNo">1235</span> @Override<a name="line.1235"></a> |
| <span class="sourceLineNo">1236</span> public Object run() throws Exception {<a name="line.1236"></a> |
| <span class="sourceLineNo">1237</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1237"></a> |
| <span class="sourceLineNo">1238</span> Table acl = conn.getTable(PermissionStorage.ACL_TABLE_NAME)) {<a name="line.1238"></a> |
| <span class="sourceLineNo">1239</span> BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());<a name="line.1239"></a> |
| <span class="sourceLineNo">1240</span> AccessControlService.BlockingInterface protocol =<a name="line.1240"></a> |
| <span class="sourceLineNo">1241</span> AccessControlService.newBlockingStub(service);<a name="line.1241"></a> |
| <span class="sourceLineNo">1242</span> AccessControlUtil.grant(null, protocol, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY,<a name="line.1242"></a> |
| <span class="sourceLineNo">1243</span> null, false, Action.READ);<a name="line.1243"></a> |
| <span class="sourceLineNo">1244</span> }<a name="line.1244"></a> |
| <span class="sourceLineNo">1245</span> return null;<a name="line.1245"></a> |
| <span class="sourceLineNo">1246</span> }<a name="line.1246"></a> |
| <span class="sourceLineNo">1247</span> };<a name="line.1247"></a> |
| <span class="sourceLineNo">1248</span><a name="line.1248"></a> |
| <span class="sourceLineNo">1249</span> AccessTestAction revokeCPAction = new AccessTestAction() {<a name="line.1249"></a> |
| <span class="sourceLineNo">1250</span> @Override<a name="line.1250"></a> |
| <span class="sourceLineNo">1251</span> public Object run() throws Exception {<a name="line.1251"></a> |
| <span class="sourceLineNo">1252</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1252"></a> |
| <span class="sourceLineNo">1253</span> Table acl = conn.getTable(PermissionStorage.ACL_TABLE_NAME)) {<a name="line.1253"></a> |
| <span class="sourceLineNo">1254</span> BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());<a name="line.1254"></a> |
| <span class="sourceLineNo">1255</span> AccessControlService.BlockingInterface protocol =<a name="line.1255"></a> |
| <span class="sourceLineNo">1256</span> AccessControlService.newBlockingStub(service);<a name="line.1256"></a> |
| <span class="sourceLineNo">1257</span> AccessControlUtil.revoke(null, protocol, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY,<a name="line.1257"></a> |
| <span class="sourceLineNo">1258</span> null, Action.READ);<a name="line.1258"></a> |
| <span class="sourceLineNo">1259</span> }<a name="line.1259"></a> |
| <span class="sourceLineNo">1260</span> return null;<a name="line.1260"></a> |
| <span class="sourceLineNo">1261</span> }<a name="line.1261"></a> |
| <span class="sourceLineNo">1262</span> };<a name="line.1262"></a> |
| <span class="sourceLineNo">1263</span><a name="line.1263"></a> |
| <span class="sourceLineNo">1264</span> verifyAllowed(grantAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1264"></a> |
| <span class="sourceLineNo">1265</span> verifyDenied(grantAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1265"></a> |
| <span class="sourceLineNo">1266</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1266"></a> |
| <span class="sourceLineNo">1267</span> try {<a name="line.1267"></a> |
| <span class="sourceLineNo">1268</span> verifyAllowed(revokeAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1268"></a> |
| <span class="sourceLineNo">1269</span> verifyDenied(revokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1269"></a> |
| <span class="sourceLineNo">1270</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1270"></a> |
| <span class="sourceLineNo">1271</span><a name="line.1271"></a> |
| <span class="sourceLineNo">1272</span> verifyAllowed(getTablePermissionsAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1272"></a> |
| <span class="sourceLineNo">1273</span> verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE,<a name="line.1273"></a> |
| <span class="sourceLineNo">1274</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1274"></a> |
| <span class="sourceLineNo">1275</span><a name="line.1275"></a> |
| <span class="sourceLineNo">1276</span> verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1276"></a> |
| <span class="sourceLineNo">1277</span> verifyDenied(getGlobalPermissionsAction, USER_CREATE, USER_OWNER, USER_RW, USER_RO,<a name="line.1277"></a> |
| <span class="sourceLineNo">1278</span> USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1278"></a> |
| <span class="sourceLineNo">1279</span><a name="line.1279"></a> |
| <span class="sourceLineNo">1280</span> verifyAllowed(preGrantAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1280"></a> |
| <span class="sourceLineNo">1281</span> verifyDenied(preGrantAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1281"></a> |
| <span class="sourceLineNo">1282</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1282"></a> |
| <span class="sourceLineNo">1283</span><a name="line.1283"></a> |
| <span class="sourceLineNo">1284</span> verifyAllowed(preRevokeAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1284"></a> |
| <span class="sourceLineNo">1285</span> verifyDenied(preRevokeAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1285"></a> |
| <span class="sourceLineNo">1286</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1286"></a> |
| <span class="sourceLineNo">1287</span><a name="line.1287"></a> |
| <span class="sourceLineNo">1288</span> verifyAllowed(grantCPAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1288"></a> |
| <span class="sourceLineNo">1289</span> verifyDenied(grantCPAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1289"></a> |
| <span class="sourceLineNo">1290</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1290"></a> |
| <span class="sourceLineNo">1291</span><a name="line.1291"></a> |
| <span class="sourceLineNo">1292</span> verifyAllowed(revokeCPAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.1292"></a> |
| <span class="sourceLineNo">1293</span> verifyDenied(revokeCPAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1293"></a> |
| <span class="sourceLineNo">1294</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1294"></a> |
| <span class="sourceLineNo">1295</span> } finally {<a name="line.1295"></a> |
| <span class="sourceLineNo">1296</span> // Cleanup, Grant the revoked permission back to the user<a name="line.1296"></a> |
| <span class="sourceLineNo">1297</span> grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,<a name="line.1297"></a> |
| <span class="sourceLineNo">1298</span> Permission.Action.READ);<a name="line.1298"></a> |
| <span class="sourceLineNo">1299</span> }<a name="line.1299"></a> |
| <span class="sourceLineNo">1300</span> }<a name="line.1300"></a> |
| <span class="sourceLineNo">1301</span><a name="line.1301"></a> |
| <span class="sourceLineNo">1302</span> @Test<a name="line.1302"></a> |
| <span class="sourceLineNo">1303</span> public void testPostGrantRevoke() throws Exception {<a name="line.1303"></a> |
| <span class="sourceLineNo">1304</span> final TableName tableName =<a name="line.1304"></a> |
| <span class="sourceLineNo">1305</span> TableName.valueOf("TempTable");<a name="line.1305"></a> |
| <span class="sourceLineNo">1306</span> final byte[] family1 = Bytes.toBytes("f1");<a name="line.1306"></a> |
| <span class="sourceLineNo">1307</span> final byte[] family2 = Bytes.toBytes("f2");<a name="line.1307"></a> |
| <span class="sourceLineNo">1308</span> final byte[] qualifier = Bytes.toBytes("q");<a name="line.1308"></a> |
| <span class="sourceLineNo">1309</span><a name="line.1309"></a> |
| <span class="sourceLineNo">1310</span> // create table<a name="line.1310"></a> |
| <span class="sourceLineNo">1311</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.1311"></a> |
| <span class="sourceLineNo">1312</span> if (admin.tableExists(tableName)) {<a name="line.1312"></a> |
| <span class="sourceLineNo">1313</span> deleteTable(TEST_UTIL, tableName);<a name="line.1313"></a> |
| <span class="sourceLineNo">1314</span> }<a name="line.1314"></a> |
| <span class="sourceLineNo">1315</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName)<a name="line.1315"></a> |
| <span class="sourceLineNo">1316</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family1))<a name="line.1316"></a> |
| <span class="sourceLineNo">1317</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family2)).build();<a name="line.1317"></a> |
| <span class="sourceLineNo">1318</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.1318"></a> |
| <span class="sourceLineNo">1319</span> try {<a name="line.1319"></a> |
| <span class="sourceLineNo">1320</span> // create temp users<a name="line.1320"></a> |
| <span class="sourceLineNo">1321</span> User tblUser =<a name="line.1321"></a> |
| <span class="sourceLineNo">1322</span> User.createUserForTesting(TEST_UTIL.getConfiguration(), "tbluser", new String[0]);<a name="line.1322"></a> |
| <span class="sourceLineNo">1323</span> User gblUser =<a name="line.1323"></a> |
| <span class="sourceLineNo">1324</span> User.createUserForTesting(TEST_UTIL.getConfiguration(), "gbluser", new String[0]);<a name="line.1324"></a> |
| <span class="sourceLineNo">1325</span><a name="line.1325"></a> |
| <span class="sourceLineNo">1326</span> // prepare actions:<a name="line.1326"></a> |
| <span class="sourceLineNo">1327</span> AccessTestAction putActionAll = new AccessTestAction() {<a name="line.1327"></a> |
| <span class="sourceLineNo">1328</span> @Override<a name="line.1328"></a> |
| <span class="sourceLineNo">1329</span> public Object run() throws Exception {<a name="line.1329"></a> |
| <span class="sourceLineNo">1330</span> Put p = new Put(Bytes.toBytes("a"));<a name="line.1330"></a> |
| <span class="sourceLineNo">1331</span> p.addColumn(family1, qualifier, Bytes.toBytes("v1"));<a name="line.1331"></a> |
| <span class="sourceLineNo">1332</span> p.addColumn(family2, qualifier, Bytes.toBytes("v2"));<a name="line.1332"></a> |
| <span class="sourceLineNo">1333</span><a name="line.1333"></a> |
| <span class="sourceLineNo">1334</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1334"></a> |
| <span class="sourceLineNo">1335</span> Table t = conn.getTable(tableName)) {<a name="line.1335"></a> |
| <span class="sourceLineNo">1336</span> t.put(p);<a name="line.1336"></a> |
| <span class="sourceLineNo">1337</span> }<a name="line.1337"></a> |
| <span class="sourceLineNo">1338</span> return null;<a name="line.1338"></a> |
| <span class="sourceLineNo">1339</span> }<a name="line.1339"></a> |
| <span class="sourceLineNo">1340</span> };<a name="line.1340"></a> |
| <span class="sourceLineNo">1341</span><a name="line.1341"></a> |
| <span class="sourceLineNo">1342</span> AccessTestAction putAction1 = new AccessTestAction() {<a name="line.1342"></a> |
| <span class="sourceLineNo">1343</span> @Override<a name="line.1343"></a> |
| <span class="sourceLineNo">1344</span> public Object run() throws Exception {<a name="line.1344"></a> |
| <span class="sourceLineNo">1345</span> Put p = new Put(Bytes.toBytes("a"));<a name="line.1345"></a> |
| <span class="sourceLineNo">1346</span> p.addColumn(family1, qualifier, Bytes.toBytes("v1"));<a name="line.1346"></a> |
| <span class="sourceLineNo">1347</span><a name="line.1347"></a> |
| <span class="sourceLineNo">1348</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1348"></a> |
| <span class="sourceLineNo">1349</span> Table t = conn.getTable(tableName)) {<a name="line.1349"></a> |
| <span class="sourceLineNo">1350</span> t.put(p);<a name="line.1350"></a> |
| <span class="sourceLineNo">1351</span> }<a name="line.1351"></a> |
| <span class="sourceLineNo">1352</span> return null;<a name="line.1352"></a> |
| <span class="sourceLineNo">1353</span> }<a name="line.1353"></a> |
| <span class="sourceLineNo">1354</span> };<a name="line.1354"></a> |
| <span class="sourceLineNo">1355</span><a name="line.1355"></a> |
| <span class="sourceLineNo">1356</span> AccessTestAction putAction2 = new AccessTestAction() {<a name="line.1356"></a> |
| <span class="sourceLineNo">1357</span> @Override<a name="line.1357"></a> |
| <span class="sourceLineNo">1358</span> public Object run() throws Exception {<a name="line.1358"></a> |
| <span class="sourceLineNo">1359</span> Put p = new Put(Bytes.toBytes("a"));<a name="line.1359"></a> |
| <span class="sourceLineNo">1360</span> p.addColumn(family2, qualifier, Bytes.toBytes("v2"));<a name="line.1360"></a> |
| <span class="sourceLineNo">1361</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1361"></a> |
| <span class="sourceLineNo">1362</span> Table t = conn.getTable(tableName)) {<a name="line.1362"></a> |
| <span class="sourceLineNo">1363</span> t.put(p);<a name="line.1363"></a> |
| <span class="sourceLineNo">1364</span> }<a name="line.1364"></a> |
| <span class="sourceLineNo">1365</span> return null;<a name="line.1365"></a> |
| <span class="sourceLineNo">1366</span> }<a name="line.1366"></a> |
| <span class="sourceLineNo">1367</span> };<a name="line.1367"></a> |
| <span class="sourceLineNo">1368</span><a name="line.1368"></a> |
| <span class="sourceLineNo">1369</span> AccessTestAction getActionAll = new AccessTestAction() {<a name="line.1369"></a> |
| <span class="sourceLineNo">1370</span> @Override<a name="line.1370"></a> |
| <span class="sourceLineNo">1371</span> public Object run() throws Exception {<a name="line.1371"></a> |
| <span class="sourceLineNo">1372</span> Get g = new Get(TEST_ROW);<a name="line.1372"></a> |
| <span class="sourceLineNo">1373</span> g.addFamily(family1);<a name="line.1373"></a> |
| <span class="sourceLineNo">1374</span> g.addFamily(family2);<a name="line.1374"></a> |
| <span class="sourceLineNo">1375</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1375"></a> |
| <span class="sourceLineNo">1376</span> Table t = conn.getTable(tableName)) {<a name="line.1376"></a> |
| <span class="sourceLineNo">1377</span> t.get(g);<a name="line.1377"></a> |
| <span class="sourceLineNo">1378</span> }<a name="line.1378"></a> |
| <span class="sourceLineNo">1379</span> return null;<a name="line.1379"></a> |
| <span class="sourceLineNo">1380</span> }<a name="line.1380"></a> |
| <span class="sourceLineNo">1381</span> };<a name="line.1381"></a> |
| <span class="sourceLineNo">1382</span><a name="line.1382"></a> |
| <span class="sourceLineNo">1383</span> AccessTestAction getAction1 = new AccessTestAction() {<a name="line.1383"></a> |
| <span class="sourceLineNo">1384</span> @Override<a name="line.1384"></a> |
| <span class="sourceLineNo">1385</span> public Object run() throws Exception {<a name="line.1385"></a> |
| <span class="sourceLineNo">1386</span> Get g = new Get(TEST_ROW);<a name="line.1386"></a> |
| <span class="sourceLineNo">1387</span> g.addFamily(family1);<a name="line.1387"></a> |
| <span class="sourceLineNo">1388</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1388"></a> |
| <span class="sourceLineNo">1389</span> Table t = conn.getTable(tableName)) {<a name="line.1389"></a> |
| <span class="sourceLineNo">1390</span> t.get(g);<a name="line.1390"></a> |
| <span class="sourceLineNo">1391</span> }<a name="line.1391"></a> |
| <span class="sourceLineNo">1392</span> return null;<a name="line.1392"></a> |
| <span class="sourceLineNo">1393</span> }<a name="line.1393"></a> |
| <span class="sourceLineNo">1394</span> };<a name="line.1394"></a> |
| <span class="sourceLineNo">1395</span><a name="line.1395"></a> |
| <span class="sourceLineNo">1396</span> AccessTestAction getAction2 = new AccessTestAction() {<a name="line.1396"></a> |
| <span class="sourceLineNo">1397</span> @Override<a name="line.1397"></a> |
| <span class="sourceLineNo">1398</span> public Object run() throws Exception {<a name="line.1398"></a> |
| <span class="sourceLineNo">1399</span> Get g = new Get(TEST_ROW);<a name="line.1399"></a> |
| <span class="sourceLineNo">1400</span> g.addFamily(family2);<a name="line.1400"></a> |
| <span class="sourceLineNo">1401</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1401"></a> |
| <span class="sourceLineNo">1402</span> Table t = conn.getTable(tableName)) {<a name="line.1402"></a> |
| <span class="sourceLineNo">1403</span> t.get(g);<a name="line.1403"></a> |
| <span class="sourceLineNo">1404</span> }<a name="line.1404"></a> |
| <span class="sourceLineNo">1405</span> return null;<a name="line.1405"></a> |
| <span class="sourceLineNo">1406</span> }<a name="line.1406"></a> |
| <span class="sourceLineNo">1407</span> };<a name="line.1407"></a> |
| <span class="sourceLineNo">1408</span><a name="line.1408"></a> |
| <span class="sourceLineNo">1409</span> AccessTestAction deleteActionAll = new AccessTestAction() {<a name="line.1409"></a> |
| <span class="sourceLineNo">1410</span> @Override<a name="line.1410"></a> |
| <span class="sourceLineNo">1411</span> public Object run() throws Exception {<a name="line.1411"></a> |
| <span class="sourceLineNo">1412</span> Delete d = new Delete(TEST_ROW);<a name="line.1412"></a> |
| <span class="sourceLineNo">1413</span> d.addFamily(family1);<a name="line.1413"></a> |
| <span class="sourceLineNo">1414</span> d.addFamily(family2);<a name="line.1414"></a> |
| <span class="sourceLineNo">1415</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1415"></a> |
| <span class="sourceLineNo">1416</span> Table t = conn.getTable(tableName)) {<a name="line.1416"></a> |
| <span class="sourceLineNo">1417</span> t.delete(d);<a name="line.1417"></a> |
| <span class="sourceLineNo">1418</span> }<a name="line.1418"></a> |
| <span class="sourceLineNo">1419</span> return null;<a name="line.1419"></a> |
| <span class="sourceLineNo">1420</span> }<a name="line.1420"></a> |
| <span class="sourceLineNo">1421</span> };<a name="line.1421"></a> |
| <span class="sourceLineNo">1422</span><a name="line.1422"></a> |
| <span class="sourceLineNo">1423</span> AccessTestAction deleteAction1 = new AccessTestAction() {<a name="line.1423"></a> |
| <span class="sourceLineNo">1424</span> @Override<a name="line.1424"></a> |
| <span class="sourceLineNo">1425</span> public Object run() throws Exception {<a name="line.1425"></a> |
| <span class="sourceLineNo">1426</span> Delete d = new Delete(TEST_ROW);<a name="line.1426"></a> |
| <span class="sourceLineNo">1427</span> d.addFamily(family1);<a name="line.1427"></a> |
| <span class="sourceLineNo">1428</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1428"></a> |
| <span class="sourceLineNo">1429</span> Table t = conn.getTable(tableName)) {<a name="line.1429"></a> |
| <span class="sourceLineNo">1430</span> t.delete(d);<a name="line.1430"></a> |
| <span class="sourceLineNo">1431</span> }<a name="line.1431"></a> |
| <span class="sourceLineNo">1432</span> return null;<a name="line.1432"></a> |
| <span class="sourceLineNo">1433</span> }<a name="line.1433"></a> |
| <span class="sourceLineNo">1434</span> };<a name="line.1434"></a> |
| <span class="sourceLineNo">1435</span><a name="line.1435"></a> |
| <span class="sourceLineNo">1436</span> AccessTestAction deleteAction2 = new AccessTestAction() {<a name="line.1436"></a> |
| <span class="sourceLineNo">1437</span> @Override<a name="line.1437"></a> |
| <span class="sourceLineNo">1438</span> public Object run() throws Exception {<a name="line.1438"></a> |
| <span class="sourceLineNo">1439</span> Delete d = new Delete(TEST_ROW);<a name="line.1439"></a> |
| <span class="sourceLineNo">1440</span> d.addFamily(family2);<a name="line.1440"></a> |
| <span class="sourceLineNo">1441</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1441"></a> |
| <span class="sourceLineNo">1442</span> Table t = conn.getTable(tableName)) {<a name="line.1442"></a> |
| <span class="sourceLineNo">1443</span> t.delete(d);<a name="line.1443"></a> |
| <span class="sourceLineNo">1444</span> }<a name="line.1444"></a> |
| <span class="sourceLineNo">1445</span> return null;<a name="line.1445"></a> |
| <span class="sourceLineNo">1446</span> }<a name="line.1446"></a> |
| <span class="sourceLineNo">1447</span> };<a name="line.1447"></a> |
| <span class="sourceLineNo">1448</span><a name="line.1448"></a> |
| <span class="sourceLineNo">1449</span> // initial check:<a name="line.1449"></a> |
| <span class="sourceLineNo">1450</span> verifyDenied(tblUser, getActionAll, getAction1, getAction2);<a name="line.1450"></a> |
| <span class="sourceLineNo">1451</span> verifyDenied(tblUser, putActionAll, putAction1, putAction2);<a name="line.1451"></a> |
| <span class="sourceLineNo">1452</span> verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1452"></a> |
| <span class="sourceLineNo">1453</span><a name="line.1453"></a> |
| <span class="sourceLineNo">1454</span> verifyDenied(gblUser, getActionAll, getAction1, getAction2);<a name="line.1454"></a> |
| <span class="sourceLineNo">1455</span> verifyDenied(gblUser, putActionAll, putAction1, putAction2);<a name="line.1455"></a> |
| <span class="sourceLineNo">1456</span> verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1456"></a> |
| <span class="sourceLineNo">1457</span><a name="line.1457"></a> |
| <span class="sourceLineNo">1458</span> // grant table read permission<a name="line.1458"></a> |
| <span class="sourceLineNo">1459</span> grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);<a name="line.1459"></a> |
| <span class="sourceLineNo">1460</span> grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null, Permission.Action.READ);<a name="line.1460"></a> |
| <span class="sourceLineNo">1461</span><a name="line.1461"></a> |
| <span class="sourceLineNo">1462</span> // check<a name="line.1462"></a> |
| <span class="sourceLineNo">1463</span> verifyAllowed(tblUser, getActionAll, getAction1, getAction2);<a name="line.1463"></a> |
| <span class="sourceLineNo">1464</span> verifyDenied(tblUser, putActionAll, putAction1, putAction2);<a name="line.1464"></a> |
| <span class="sourceLineNo">1465</span> verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1465"></a> |
| <span class="sourceLineNo">1466</span><a name="line.1466"></a> |
| <span class="sourceLineNo">1467</span> verifyAllowed(gblUser, getActionAll, getAction1, getAction2);<a name="line.1467"></a> |
| <span class="sourceLineNo">1468</span> verifyDenied(gblUser, putActionAll, putAction1, putAction2);<a name="line.1468"></a> |
| <span class="sourceLineNo">1469</span> verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1469"></a> |
| <span class="sourceLineNo">1470</span><a name="line.1470"></a> |
| <span class="sourceLineNo">1471</span> // grant table write permission while revoking read permissions<a name="line.1471"></a> |
| <span class="sourceLineNo">1472</span> grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);<a name="line.1472"></a> |
| <span class="sourceLineNo">1473</span> grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null,<a name="line.1473"></a> |
| <span class="sourceLineNo">1474</span> Permission.Action.WRITE);<a name="line.1474"></a> |
| <span class="sourceLineNo">1475</span><a name="line.1475"></a> |
| <span class="sourceLineNo">1476</span> verifyDenied(tblUser, getActionAll, getAction1, getAction2);<a name="line.1476"></a> |
| <span class="sourceLineNo">1477</span> verifyAllowed(tblUser, putActionAll, putAction1, putAction2);<a name="line.1477"></a> |
| <span class="sourceLineNo">1478</span> verifyAllowed(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1478"></a> |
| <span class="sourceLineNo">1479</span><a name="line.1479"></a> |
| <span class="sourceLineNo">1480</span> verifyDenied(gblUser, getActionAll, getAction1, getAction2);<a name="line.1480"></a> |
| <span class="sourceLineNo">1481</span> verifyAllowed(gblUser, putActionAll, putAction1, putAction2);<a name="line.1481"></a> |
| <span class="sourceLineNo">1482</span> verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1482"></a> |
| <span class="sourceLineNo">1483</span><a name="line.1483"></a> |
| <span class="sourceLineNo">1484</span> // revoke table permissions<a name="line.1484"></a> |
| <span class="sourceLineNo">1485</span> revokeGlobal(TEST_UTIL, gblUser.getShortName());<a name="line.1485"></a> |
| <span class="sourceLineNo">1486</span> revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, null, null);<a name="line.1486"></a> |
| <span class="sourceLineNo">1487</span><a name="line.1487"></a> |
| <span class="sourceLineNo">1488</span> verifyDenied(tblUser, getActionAll, getAction1, getAction2);<a name="line.1488"></a> |
| <span class="sourceLineNo">1489</span> verifyDenied(tblUser, putActionAll, putAction1, putAction2);<a name="line.1489"></a> |
| <span class="sourceLineNo">1490</span> verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1490"></a> |
| <span class="sourceLineNo">1491</span><a name="line.1491"></a> |
| <span class="sourceLineNo">1492</span> verifyDenied(gblUser, getActionAll, getAction1, getAction2);<a name="line.1492"></a> |
| <span class="sourceLineNo">1493</span> verifyDenied(gblUser, putActionAll, putAction1, putAction2);<a name="line.1493"></a> |
| <span class="sourceLineNo">1494</span> verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1494"></a> |
| <span class="sourceLineNo">1495</span><a name="line.1495"></a> |
| <span class="sourceLineNo">1496</span> // grant column family read permission<a name="line.1496"></a> |
| <span class="sourceLineNo">1497</span> grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.READ);<a name="line.1497"></a> |
| <span class="sourceLineNo">1498</span> grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family1, null,<a name="line.1498"></a> |
| <span class="sourceLineNo">1499</span> Permission.Action.READ);<a name="line.1499"></a> |
| <span class="sourceLineNo">1500</span><a name="line.1500"></a> |
| <span class="sourceLineNo">1501</span> // Access should be denied for family2<a name="line.1501"></a> |
| <span class="sourceLineNo">1502</span> verifyAllowed(tblUser, getActionAll, getAction1);<a name="line.1502"></a> |
| <span class="sourceLineNo">1503</span> verifyDenied(tblUser, getAction2);<a name="line.1503"></a> |
| <span class="sourceLineNo">1504</span> verifyDenied(tblUser, putActionAll, putAction1, putAction2);<a name="line.1504"></a> |
| <span class="sourceLineNo">1505</span> verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1505"></a> |
| <span class="sourceLineNo">1506</span><a name="line.1506"></a> |
| <span class="sourceLineNo">1507</span> verifyAllowed(gblUser, getActionAll, getAction1, getAction2);<a name="line.1507"></a> |
| <span class="sourceLineNo">1508</span> verifyDenied(gblUser, putActionAll, putAction1, putAction2);<a name="line.1508"></a> |
| <span class="sourceLineNo">1509</span> verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1509"></a> |
| <span class="sourceLineNo">1510</span><a name="line.1510"></a> |
| <span class="sourceLineNo">1511</span> // grant column family write permission<a name="line.1511"></a> |
| <span class="sourceLineNo">1512</span> grantGlobal(TEST_UTIL, gblUser.getShortName(), Permission.Action.WRITE);<a name="line.1512"></a> |
| <span class="sourceLineNo">1513</span> grantOnTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null,<a name="line.1513"></a> |
| <span class="sourceLineNo">1514</span> Permission.Action.WRITE);<a name="line.1514"></a> |
| <span class="sourceLineNo">1515</span><a name="line.1515"></a> |
| <span class="sourceLineNo">1516</span> // READ from family1, WRITE to family2 are allowed<a name="line.1516"></a> |
| <span class="sourceLineNo">1517</span> verifyAllowed(tblUser, getActionAll, getAction1);<a name="line.1517"></a> |
| <span class="sourceLineNo">1518</span> verifyAllowed(tblUser, putAction2, deleteAction2);<a name="line.1518"></a> |
| <span class="sourceLineNo">1519</span> verifyDenied(tblUser, getAction2);<a name="line.1519"></a> |
| <span class="sourceLineNo">1520</span> verifyDenied(tblUser, putActionAll, putAction1);<a name="line.1520"></a> |
| <span class="sourceLineNo">1521</span> verifyDenied(tblUser, deleteActionAll, deleteAction1);<a name="line.1521"></a> |
| <span class="sourceLineNo">1522</span><a name="line.1522"></a> |
| <span class="sourceLineNo">1523</span> verifyDenied(gblUser, getActionAll, getAction1, getAction2);<a name="line.1523"></a> |
| <span class="sourceLineNo">1524</span> verifyAllowed(gblUser, putActionAll, putAction1, putAction2);<a name="line.1524"></a> |
| <span class="sourceLineNo">1525</span> verifyAllowed(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1525"></a> |
| <span class="sourceLineNo">1526</span><a name="line.1526"></a> |
| <span class="sourceLineNo">1527</span> // revoke column family permission<a name="line.1527"></a> |
| <span class="sourceLineNo">1528</span> revokeGlobal(TEST_UTIL, gblUser.getShortName());<a name="line.1528"></a> |
| <span class="sourceLineNo">1529</span> revokeFromTable(TEST_UTIL, tblUser.getShortName(), tableName, family2, null);<a name="line.1529"></a> |
| <span class="sourceLineNo">1530</span><a name="line.1530"></a> |
| <span class="sourceLineNo">1531</span> // Revoke on family2 should not have impact on family1 permissions<a name="line.1531"></a> |
| <span class="sourceLineNo">1532</span> verifyAllowed(tblUser, getActionAll, getAction1);<a name="line.1532"></a> |
| <span class="sourceLineNo">1533</span> verifyDenied(tblUser, getAction2);<a name="line.1533"></a> |
| <span class="sourceLineNo">1534</span> verifyDenied(tblUser, putActionAll, putAction1, putAction2);<a name="line.1534"></a> |
| <span class="sourceLineNo">1535</span> verifyDenied(tblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1535"></a> |
| <span class="sourceLineNo">1536</span><a name="line.1536"></a> |
| <span class="sourceLineNo">1537</span> // Should not have access as global permissions are completely revoked<a name="line.1537"></a> |
| <span class="sourceLineNo">1538</span> verifyDenied(gblUser, getActionAll, getAction1, getAction2);<a name="line.1538"></a> |
| <span class="sourceLineNo">1539</span> verifyDenied(gblUser, putActionAll, putAction1, putAction2);<a name="line.1539"></a> |
| <span class="sourceLineNo">1540</span> verifyDenied(gblUser, deleteActionAll, deleteAction1, deleteAction2);<a name="line.1540"></a> |
| <span class="sourceLineNo">1541</span> } finally {<a name="line.1541"></a> |
| <span class="sourceLineNo">1542</span> // delete table<a name="line.1542"></a> |
| <span class="sourceLineNo">1543</span> deleteTable(TEST_UTIL, tableName);<a name="line.1543"></a> |
| <span class="sourceLineNo">1544</span> }<a name="line.1544"></a> |
| <span class="sourceLineNo">1545</span> }<a name="line.1545"></a> |
| <span class="sourceLineNo">1546</span><a name="line.1546"></a> |
| <span class="sourceLineNo">1547</span> private boolean hasFoundUserPermission(List<UserPermission> userPermissions,<a name="line.1547"></a> |
| <span class="sourceLineNo">1548</span> List<UserPermission> perms) {<a name="line.1548"></a> |
| <span class="sourceLineNo">1549</span> return perms.containsAll(userPermissions);<a name="line.1549"></a> |
| <span class="sourceLineNo">1550</span> }<a name="line.1550"></a> |
| <span class="sourceLineNo">1551</span><a name="line.1551"></a> |
| <span class="sourceLineNo">1552</span> private boolean hasFoundUserPermission(UserPermission userPermission, List<UserPermission> perms) {<a name="line.1552"></a> |
| <span class="sourceLineNo">1553</span> return perms.contains(userPermission);<a name="line.1553"></a> |
| <span class="sourceLineNo">1554</span> }<a name="line.1554"></a> |
| <span class="sourceLineNo">1555</span><a name="line.1555"></a> |
| <span class="sourceLineNo">1556</span> @Test<a name="line.1556"></a> |
| <span class="sourceLineNo">1557</span> public void testPostGrantRevokeAtQualifierLevel() throws Exception {<a name="line.1557"></a> |
| <span class="sourceLineNo">1558</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.1558"></a> |
| <span class="sourceLineNo">1559</span> final byte[] family1 = Bytes.toBytes("f1");<a name="line.1559"></a> |
| <span class="sourceLineNo">1560</span> final byte[] family2 = Bytes.toBytes("f2");<a name="line.1560"></a> |
| <span class="sourceLineNo">1561</span> final byte[] qualifier = Bytes.toBytes("q");<a name="line.1561"></a> |
| <span class="sourceLineNo">1562</span><a name="line.1562"></a> |
| <span class="sourceLineNo">1563</span> // create table<a name="line.1563"></a> |
| <span class="sourceLineNo">1564</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.1564"></a> |
| <span class="sourceLineNo">1565</span> if (admin.tableExists(tableName)) {<a name="line.1565"></a> |
| <span class="sourceLineNo">1566</span> deleteTable(TEST_UTIL, tableName);<a name="line.1566"></a> |
| <span class="sourceLineNo">1567</span> }<a name="line.1567"></a> |
| <span class="sourceLineNo">1568</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName)<a name="line.1568"></a> |
| <span class="sourceLineNo">1569</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family1))<a name="line.1569"></a> |
| <span class="sourceLineNo">1570</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family2)).build();<a name="line.1570"></a> |
| <span class="sourceLineNo">1571</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.1571"></a> |
| <span class="sourceLineNo">1572</span><a name="line.1572"></a> |
| <span class="sourceLineNo">1573</span> try {<a name="line.1573"></a> |
| <span class="sourceLineNo">1574</span> // create temp users<a name="line.1574"></a> |
| <span class="sourceLineNo">1575</span> User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);<a name="line.1575"></a> |
| <span class="sourceLineNo">1576</span><a name="line.1576"></a> |
| <span class="sourceLineNo">1577</span> AccessTestAction getQualifierAction = new AccessTestAction() {<a name="line.1577"></a> |
| <span class="sourceLineNo">1578</span> @Override<a name="line.1578"></a> |
| <span class="sourceLineNo">1579</span> public Object run() throws Exception {<a name="line.1579"></a> |
| <span class="sourceLineNo">1580</span> Get g = new Get(TEST_ROW);<a name="line.1580"></a> |
| <span class="sourceLineNo">1581</span> g.addColumn(family1, qualifier);<a name="line.1581"></a> |
| <span class="sourceLineNo">1582</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1582"></a> |
| <span class="sourceLineNo">1583</span> Table t = conn.getTable(tableName)) {<a name="line.1583"></a> |
| <span class="sourceLineNo">1584</span> t.get(g);<a name="line.1584"></a> |
| <span class="sourceLineNo">1585</span> }<a name="line.1585"></a> |
| <span class="sourceLineNo">1586</span> return null;<a name="line.1586"></a> |
| <span class="sourceLineNo">1587</span> }<a name="line.1587"></a> |
| <span class="sourceLineNo">1588</span> };<a name="line.1588"></a> |
| <span class="sourceLineNo">1589</span><a name="line.1589"></a> |
| <span class="sourceLineNo">1590</span> AccessTestAction putQualifierAction = new AccessTestAction() {<a name="line.1590"></a> |
| <span class="sourceLineNo">1591</span> @Override<a name="line.1591"></a> |
| <span class="sourceLineNo">1592</span> public Object run() throws Exception {<a name="line.1592"></a> |
| <span class="sourceLineNo">1593</span> Put p = new Put(TEST_ROW);<a name="line.1593"></a> |
| <span class="sourceLineNo">1594</span> p.addColumn(family1, qualifier, Bytes.toBytes("v1"));<a name="line.1594"></a> |
| <span class="sourceLineNo">1595</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1595"></a> |
| <span class="sourceLineNo">1596</span> Table t = conn.getTable(tableName)) {<a name="line.1596"></a> |
| <span class="sourceLineNo">1597</span> t.put(p);<a name="line.1597"></a> |
| <span class="sourceLineNo">1598</span> }<a name="line.1598"></a> |
| <span class="sourceLineNo">1599</span> return null;<a name="line.1599"></a> |
| <span class="sourceLineNo">1600</span> }<a name="line.1600"></a> |
| <span class="sourceLineNo">1601</span> };<a name="line.1601"></a> |
| <span class="sourceLineNo">1602</span><a name="line.1602"></a> |
| <span class="sourceLineNo">1603</span> AccessTestAction deleteQualifierAction = new AccessTestAction() {<a name="line.1603"></a> |
| <span class="sourceLineNo">1604</span> @Override<a name="line.1604"></a> |
| <span class="sourceLineNo">1605</span> public Object run() throws Exception {<a name="line.1605"></a> |
| <span class="sourceLineNo">1606</span> Delete d = new Delete(TEST_ROW);<a name="line.1606"></a> |
| <span class="sourceLineNo">1607</span> d.addColumn(family1, qualifier);<a name="line.1607"></a> |
| <span class="sourceLineNo">1608</span> // d.deleteFamily(family1);<a name="line.1608"></a> |
| <span class="sourceLineNo">1609</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.1609"></a> |
| <span class="sourceLineNo">1610</span> Table t = conn.getTable(tableName)) {<a name="line.1610"></a> |
| <span class="sourceLineNo">1611</span> t.delete(d);<a name="line.1611"></a> |
| <span class="sourceLineNo">1612</span> }<a name="line.1612"></a> |
| <span class="sourceLineNo">1613</span> return null;<a name="line.1613"></a> |
| <span class="sourceLineNo">1614</span> }<a name="line.1614"></a> |
| <span class="sourceLineNo">1615</span> };<a name="line.1615"></a> |
| <span class="sourceLineNo">1616</span><a name="line.1616"></a> |
| <span class="sourceLineNo">1617</span> revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, null);<a name="line.1617"></a> |
| <span class="sourceLineNo">1618</span><a name="line.1618"></a> |
| <span class="sourceLineNo">1619</span> verifyDenied(user, getQualifierAction);<a name="line.1619"></a> |
| <span class="sourceLineNo">1620</span> verifyDenied(user, putQualifierAction);<a name="line.1620"></a> |
| <span class="sourceLineNo">1621</span> verifyDenied(user, deleteQualifierAction);<a name="line.1621"></a> |
| <span class="sourceLineNo">1622</span><a name="line.1622"></a> |
| <span class="sourceLineNo">1623</span> grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1623"></a> |
| <span class="sourceLineNo">1624</span> Permission.Action.READ);<a name="line.1624"></a> |
| <span class="sourceLineNo">1625</span><a name="line.1625"></a> |
| <span class="sourceLineNo">1626</span> verifyAllowed(user, getQualifierAction);<a name="line.1626"></a> |
| <span class="sourceLineNo">1627</span> verifyDenied(user, putQualifierAction);<a name="line.1627"></a> |
| <span class="sourceLineNo">1628</span> verifyDenied(user, deleteQualifierAction);<a name="line.1628"></a> |
| <span class="sourceLineNo">1629</span><a name="line.1629"></a> |
| <span class="sourceLineNo">1630</span> // only grant write permission<a name="line.1630"></a> |
| <span class="sourceLineNo">1631</span> // TODO: comment this portion after HBASE-3583<a name="line.1631"></a> |
| <span class="sourceLineNo">1632</span> grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1632"></a> |
| <span class="sourceLineNo">1633</span> Permission.Action.WRITE);<a name="line.1633"></a> |
| <span class="sourceLineNo">1634</span><a name="line.1634"></a> |
| <span class="sourceLineNo">1635</span> verifyDenied(user, getQualifierAction);<a name="line.1635"></a> |
| <span class="sourceLineNo">1636</span> verifyAllowed(user, putQualifierAction);<a name="line.1636"></a> |
| <span class="sourceLineNo">1637</span> verifyAllowed(user, deleteQualifierAction);<a name="line.1637"></a> |
| <span class="sourceLineNo">1638</span><a name="line.1638"></a> |
| <span class="sourceLineNo">1639</span> // grant both read and write permission<a name="line.1639"></a> |
| <span class="sourceLineNo">1640</span> grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1640"></a> |
| <span class="sourceLineNo">1641</span> Permission.Action.READ, Permission.Action.WRITE);<a name="line.1641"></a> |
| <span class="sourceLineNo">1642</span><a name="line.1642"></a> |
| <span class="sourceLineNo">1643</span> verifyAllowed(user, getQualifierAction);<a name="line.1643"></a> |
| <span class="sourceLineNo">1644</span> verifyAllowed(user, putQualifierAction);<a name="line.1644"></a> |
| <span class="sourceLineNo">1645</span> verifyAllowed(user, deleteQualifierAction);<a name="line.1645"></a> |
| <span class="sourceLineNo">1646</span><a name="line.1646"></a> |
| <span class="sourceLineNo">1647</span> // revoke family level permission won't impact column level<a name="line.1647"></a> |
| <span class="sourceLineNo">1648</span> revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier);<a name="line.1648"></a> |
| <span class="sourceLineNo">1649</span><a name="line.1649"></a> |
| <span class="sourceLineNo">1650</span> verifyDenied(user, getQualifierAction);<a name="line.1650"></a> |
| <span class="sourceLineNo">1651</span> verifyDenied(user, putQualifierAction);<a name="line.1651"></a> |
| <span class="sourceLineNo">1652</span> verifyDenied(user, deleteQualifierAction);<a name="line.1652"></a> |
| <span class="sourceLineNo">1653</span> } finally {<a name="line.1653"></a> |
| <span class="sourceLineNo">1654</span> // delete table<a name="line.1654"></a> |
| <span class="sourceLineNo">1655</span> deleteTable(TEST_UTIL, tableName);<a name="line.1655"></a> |
| <span class="sourceLineNo">1656</span> }<a name="line.1656"></a> |
| <span class="sourceLineNo">1657</span> }<a name="line.1657"></a> |
| <span class="sourceLineNo">1658</span><a name="line.1658"></a> |
| <span class="sourceLineNo">1659</span> @Test<a name="line.1659"></a> |
| <span class="sourceLineNo">1660</span> public void testPermissionList() throws Exception {<a name="line.1660"></a> |
| <span class="sourceLineNo">1661</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.1661"></a> |
| <span class="sourceLineNo">1662</span> final byte[] family1 = Bytes.toBytes("f1");<a name="line.1662"></a> |
| <span class="sourceLineNo">1663</span> final byte[] family2 = Bytes.toBytes("f2");<a name="line.1663"></a> |
| <span class="sourceLineNo">1664</span> final byte[] qualifier = Bytes.toBytes("q");<a name="line.1664"></a> |
| <span class="sourceLineNo">1665</span><a name="line.1665"></a> |
| <span class="sourceLineNo">1666</span> // create table<a name="line.1666"></a> |
| <span class="sourceLineNo">1667</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.1667"></a> |
| <span class="sourceLineNo">1668</span> if (admin.tableExists(tableName)) {<a name="line.1668"></a> |
| <span class="sourceLineNo">1669</span> deleteTable(TEST_UTIL, tableName);<a name="line.1669"></a> |
| <span class="sourceLineNo">1670</span> }<a name="line.1670"></a> |
| <span class="sourceLineNo">1671</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName)<a name="line.1671"></a> |
| <span class="sourceLineNo">1672</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family1))<a name="line.1672"></a> |
| <span class="sourceLineNo">1673</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family2)).setOwner(USER_OWNER).build();<a name="line.1673"></a> |
| <span class="sourceLineNo">1674</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.1674"></a> |
| <span class="sourceLineNo">1675</span> try {<a name="line.1675"></a> |
| <span class="sourceLineNo">1676</span> List<UserPermission> perms =<a name="line.1676"></a> |
| <span class="sourceLineNo">1677</span> admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build());<a name="line.1677"></a> |
| <span class="sourceLineNo">1678</span> UserPermission ownerperm = new UserPermission(USER_OWNER.getName(),<a name="line.1678"></a> |
| <span class="sourceLineNo">1679</span> Permission.newBuilder(tableName).withActions(Action.values()).build());<a name="line.1679"></a> |
| <span class="sourceLineNo">1680</span> assertTrue("Owner should have all permissions on table",<a name="line.1680"></a> |
| <span class="sourceLineNo">1681</span> hasFoundUserPermission(ownerperm, perms));<a name="line.1681"></a> |
| <span class="sourceLineNo">1682</span><a name="line.1682"></a> |
| <span class="sourceLineNo">1683</span> User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);<a name="line.1683"></a> |
| <span class="sourceLineNo">1684</span> String userName = user.getShortName();<a name="line.1684"></a> |
| <span class="sourceLineNo">1685</span><a name="line.1685"></a> |
| <span class="sourceLineNo">1686</span> UserPermission up =<a name="line.1686"></a> |
| <span class="sourceLineNo">1687</span> new UserPermission(userName, Permission.newBuilder(tableName).withFamily(family1)<a name="line.1687"></a> |
| <span class="sourceLineNo">1688</span> .withQualifier(qualifier).withActions(Permission.Action.READ).build());<a name="line.1688"></a> |
| <span class="sourceLineNo">1689</span> assertFalse("User should not be granted permission: " + up.toString(),<a name="line.1689"></a> |
| <span class="sourceLineNo">1690</span> hasFoundUserPermission(up, perms));<a name="line.1690"></a> |
| <span class="sourceLineNo">1691</span><a name="line.1691"></a> |
| <span class="sourceLineNo">1692</span> // grant read permission<a name="line.1692"></a> |
| <span class="sourceLineNo">1693</span> grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1693"></a> |
| <span class="sourceLineNo">1694</span> Permission.Action.READ);<a name="line.1694"></a> |
| <span class="sourceLineNo">1695</span><a name="line.1695"></a> |
| <span class="sourceLineNo">1696</span> perms = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build());<a name="line.1696"></a> |
| <span class="sourceLineNo">1697</span> UserPermission upToVerify =<a name="line.1697"></a> |
| <span class="sourceLineNo">1698</span> new UserPermission(userName, Permission.newBuilder(tableName).withFamily(family1)<a name="line.1698"></a> |
| <span class="sourceLineNo">1699</span> .withQualifier(qualifier).withActions(Permission.Action.READ).build());<a name="line.1699"></a> |
| <span class="sourceLineNo">1700</span> assertTrue("User should be granted permission: " + upToVerify.toString(),<a name="line.1700"></a> |
| <span class="sourceLineNo">1701</span> hasFoundUserPermission(upToVerify, perms));<a name="line.1701"></a> |
| <span class="sourceLineNo">1702</span><a name="line.1702"></a> |
| <span class="sourceLineNo">1703</span> upToVerify = new UserPermission(userName, Permission.newBuilder(tableName).withFamily(family1)<a name="line.1703"></a> |
| <span class="sourceLineNo">1704</span> .withQualifier(qualifier).withActions(Permission.Action.WRITE).build());<a name="line.1704"></a> |
| <span class="sourceLineNo">1705</span> assertFalse("User should not be granted permission: " + upToVerify.toString(),<a name="line.1705"></a> |
| <span class="sourceLineNo">1706</span> hasFoundUserPermission(upToVerify, perms));<a name="line.1706"></a> |
| <span class="sourceLineNo">1707</span><a name="line.1707"></a> |
| <span class="sourceLineNo">1708</span> // grant read+write<a name="line.1708"></a> |
| <span class="sourceLineNo">1709</span> grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1709"></a> |
| <span class="sourceLineNo">1710</span> Permission.Action.WRITE, Permission.Action.READ);<a name="line.1710"></a> |
| <span class="sourceLineNo">1711</span><a name="line.1711"></a> |
| <span class="sourceLineNo">1712</span> perms = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build());<a name="line.1712"></a> |
| <span class="sourceLineNo">1713</span> upToVerify = new UserPermission(userName,<a name="line.1713"></a> |
| <span class="sourceLineNo">1714</span> Permission.newBuilder(tableName).withFamily(family1).withQualifier(qualifier)<a name="line.1714"></a> |
| <span class="sourceLineNo">1715</span> .withActions(Permission.Action.WRITE, Permission.Action.READ).build());<a name="line.1715"></a> |
| <span class="sourceLineNo">1716</span> assertTrue("User should be granted permission: " + upToVerify.toString(),<a name="line.1716"></a> |
| <span class="sourceLineNo">1717</span> hasFoundUserPermission(upToVerify, perms));<a name="line.1717"></a> |
| <span class="sourceLineNo">1718</span><a name="line.1718"></a> |
| <span class="sourceLineNo">1719</span> // revoke<a name="line.1719"></a> |
| <span class="sourceLineNo">1720</span> revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier,<a name="line.1720"></a> |
| <span class="sourceLineNo">1721</span> Permission.Action.WRITE, Permission.Action.READ);<a name="line.1721"></a> |
| <span class="sourceLineNo">1722</span><a name="line.1722"></a> |
| <span class="sourceLineNo">1723</span> perms = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build());<a name="line.1723"></a> |
| <span class="sourceLineNo">1724</span> assertFalse("User should not be granted permission: " + upToVerify.toString(),<a name="line.1724"></a> |
| <span class="sourceLineNo">1725</span> hasFoundUserPermission(upToVerify, perms));<a name="line.1725"></a> |
| <span class="sourceLineNo">1726</span><a name="line.1726"></a> |
| <span class="sourceLineNo">1727</span> // disable table before modification<a name="line.1727"></a> |
| <span class="sourceLineNo">1728</span> admin.disableTable(tableName);<a name="line.1728"></a> |
| <span class="sourceLineNo">1729</span><a name="line.1729"></a> |
| <span class="sourceLineNo">1730</span> User newOwner = User.createUserForTesting(conf, "new_owner", new String[] {});<a name="line.1730"></a> |
| <span class="sourceLineNo">1731</span> tableDescriptor =<a name="line.1731"></a> |
| <span class="sourceLineNo">1732</span> TableDescriptorBuilder.newBuilder(tableDescriptor).setOwner(newOwner).build();<a name="line.1732"></a> |
| <span class="sourceLineNo">1733</span> admin.modifyTable(tableDescriptor);<a name="line.1733"></a> |
| <span class="sourceLineNo">1734</span><a name="line.1734"></a> |
| <span class="sourceLineNo">1735</span> perms = admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build());<a name="line.1735"></a> |
| <span class="sourceLineNo">1736</span> UserPermission newOwnerperm = new UserPermission(newOwner.getName(),<a name="line.1736"></a> |
| <span class="sourceLineNo">1737</span> Permission.newBuilder(tableName).withActions(Action.values()).build());<a name="line.1737"></a> |
| <span class="sourceLineNo">1738</span> assertTrue("New owner should have all permissions on table",<a name="line.1738"></a> |
| <span class="sourceLineNo">1739</span> hasFoundUserPermission(newOwnerperm, perms));<a name="line.1739"></a> |
| <span class="sourceLineNo">1740</span> } finally {<a name="line.1740"></a> |
| <span class="sourceLineNo">1741</span> // delete table<a name="line.1741"></a> |
| <span class="sourceLineNo">1742</span> deleteTable(TEST_UTIL, tableName);<a name="line.1742"></a> |
| <span class="sourceLineNo">1743</span> }<a name="line.1743"></a> |
| <span class="sourceLineNo">1744</span> }<a name="line.1744"></a> |
| <span class="sourceLineNo">1745</span><a name="line.1745"></a> |
| <span class="sourceLineNo">1746</span> @Test<a name="line.1746"></a> |
| <span class="sourceLineNo">1747</span> public void testGlobalPermissionList() throws Exception {<a name="line.1747"></a> |
| <span class="sourceLineNo">1748</span> List<UserPermission> perms = systemUserConnection.getAdmin()<a name="line.1748"></a> |
| <span class="sourceLineNo">1749</span> .getUserPermissions(GetUserPermissionsRequest.newBuilder().build());<a name="line.1749"></a> |
| <span class="sourceLineNo">1750</span><a name="line.1750"></a> |
| <span class="sourceLineNo">1751</span> Collection<String> superUsers = Superusers.getSuperUsers();<a name="line.1751"></a> |
| <span class="sourceLineNo">1752</span> List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);<a name="line.1752"></a> |
| <span class="sourceLineNo">1753</span> adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Permission.newBuilder()<a name="line.1753"></a> |
| <span class="sourceLineNo">1754</span> .withActions(Action.ADMIN, Action.CREATE, Action.READ, Action.WRITE).build()));<a name="line.1754"></a> |
| <span class="sourceLineNo">1755</span> for (String user : superUsers) {<a name="line.1755"></a> |
| <span class="sourceLineNo">1756</span> // Global permission<a name="line.1756"></a> |
| <span class="sourceLineNo">1757</span> adminPerms.add(<a name="line.1757"></a> |
| <span class="sourceLineNo">1758</span> new UserPermission(user, Permission.newBuilder().withActions(Action.values()).build()));<a name="line.1758"></a> |
| <span class="sourceLineNo">1759</span> }<a name="line.1759"></a> |
| <span class="sourceLineNo">1760</span> assertTrue("Only super users, global users and user admin has permission on table hbase:acl " +<a name="line.1760"></a> |
| <span class="sourceLineNo">1761</span> "per setup", perms.size() == 5 + superUsers.size() &&<a name="line.1761"></a> |
| <span class="sourceLineNo">1762</span> hasFoundUserPermission(adminPerms, perms));<a name="line.1762"></a> |
| <span class="sourceLineNo">1763</span> }<a name="line.1763"></a> |
| <span class="sourceLineNo">1764</span><a name="line.1764"></a> |
| <span class="sourceLineNo">1765</span> /** global operations */<a name="line.1765"></a> |
| <span class="sourceLineNo">1766</span> private void verifyGlobal(AccessTestAction action) throws Exception {<a name="line.1766"></a> |
| <span class="sourceLineNo">1767</span> verifyAllowed(action, SUPERUSER);<a name="line.1767"></a> |
| <span class="sourceLineNo">1768</span><a name="line.1768"></a> |
| <span class="sourceLineNo">1769</span> verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO);<a name="line.1769"></a> |
| <span class="sourceLineNo">1770</span> }<a name="line.1770"></a> |
| <span class="sourceLineNo">1771</span><a name="line.1771"></a> |
| <span class="sourceLineNo">1772</span> @Test<a name="line.1772"></a> |
| <span class="sourceLineNo">1773</span> public void testCheckPermissions() throws Exception {<a name="line.1773"></a> |
| <span class="sourceLineNo">1774</span> // --------------------------------------<a name="line.1774"></a> |
| <span class="sourceLineNo">1775</span> // test global permissions<a name="line.1775"></a> |
| <span class="sourceLineNo">1776</span> AccessTestAction globalAdmin = new AccessTestAction() {<a name="line.1776"></a> |
| <span class="sourceLineNo">1777</span> @Override<a name="line.1777"></a> |
| <span class="sourceLineNo">1778</span> public Void run() throws Exception {<a name="line.1778"></a> |
| <span class="sourceLineNo">1779</span> checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN);<a name="line.1779"></a> |
| <span class="sourceLineNo">1780</span> return null;<a name="line.1780"></a> |
| <span class="sourceLineNo">1781</span> }<a name="line.1781"></a> |
| <span class="sourceLineNo">1782</span> };<a name="line.1782"></a> |
| <span class="sourceLineNo">1783</span> // verify that only superuser can admin<a name="line.1783"></a> |
| <span class="sourceLineNo">1784</span> verifyGlobal(globalAdmin);<a name="line.1784"></a> |
| <span class="sourceLineNo">1785</span><a name="line.1785"></a> |
| <span class="sourceLineNo">1786</span> // --------------------------------------<a name="line.1786"></a> |
| <span class="sourceLineNo">1787</span> // test multiple permissions<a name="line.1787"></a> |
| <span class="sourceLineNo">1788</span> AccessTestAction globalReadWrite = new AccessTestAction() {<a name="line.1788"></a> |
| <span class="sourceLineNo">1789</span> @Override<a name="line.1789"></a> |
| <span class="sourceLineNo">1790</span> public Void run() throws Exception {<a name="line.1790"></a> |
| <span class="sourceLineNo">1791</span> checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE);<a name="line.1791"></a> |
| <span class="sourceLineNo">1792</span> return null;<a name="line.1792"></a> |
| <span class="sourceLineNo">1793</span> }<a name="line.1793"></a> |
| <span class="sourceLineNo">1794</span> };<a name="line.1794"></a> |
| <span class="sourceLineNo">1795</span><a name="line.1795"></a> |
| <span class="sourceLineNo">1796</span> verifyGlobal(globalReadWrite);<a name="line.1796"></a> |
| <span class="sourceLineNo">1797</span><a name="line.1797"></a> |
| <span class="sourceLineNo">1798</span> // --------------------------------------<a name="line.1798"></a> |
| <span class="sourceLineNo">1799</span> // table/column/qualifier level permissions<a name="line.1799"></a> |
| <span class="sourceLineNo">1800</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.1800"></a> |
| <span class="sourceLineNo">1801</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.1801"></a> |
| <span class="sourceLineNo">1802</span><a name="line.1802"></a> |
| <span class="sourceLineNo">1803</span> User userTable = User.createUserForTesting(conf, "user_check_perms_table", new String[0]);<a name="line.1803"></a> |
| <span class="sourceLineNo">1804</span> User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);<a name="line.1804"></a> |
| <span class="sourceLineNo">1805</span> User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);<a name="line.1805"></a> |
| <span class="sourceLineNo">1806</span><a name="line.1806"></a> |
| <span class="sourceLineNo">1807</span> grantOnTable(TEST_UTIL, userTable.getShortName(),<a name="line.1807"></a> |
| <span class="sourceLineNo">1808</span> TEST_TABLE, null, null,<a name="line.1808"></a> |
| <span class="sourceLineNo">1809</span> Permission.Action.READ);<a name="line.1809"></a> |
| <span class="sourceLineNo">1810</span> grantOnTable(TEST_UTIL, userColumn.getShortName(),<a name="line.1810"></a> |
| <span class="sourceLineNo">1811</span> TEST_TABLE, TEST_FAMILY, null,<a name="line.1811"></a> |
| <span class="sourceLineNo">1812</span> Permission.Action.READ);<a name="line.1812"></a> |
| <span class="sourceLineNo">1813</span> grantOnTable(TEST_UTIL, userQualifier.getShortName(),<a name="line.1813"></a> |
| <span class="sourceLineNo">1814</span> TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1814"></a> |
| <span class="sourceLineNo">1815</span> Permission.Action.READ);<a name="line.1815"></a> |
| <span class="sourceLineNo">1816</span><a name="line.1816"></a> |
| <span class="sourceLineNo">1817</span> try {<a name="line.1817"></a> |
| <span class="sourceLineNo">1818</span> AccessTestAction tableRead = new AccessTestAction() {<a name="line.1818"></a> |
| <span class="sourceLineNo">1819</span> @Override<a name="line.1819"></a> |
| <span class="sourceLineNo">1820</span> public Void run() throws Exception {<a name="line.1820"></a> |
| <span class="sourceLineNo">1821</span> checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);<a name="line.1821"></a> |
| <span class="sourceLineNo">1822</span> return null;<a name="line.1822"></a> |
| <span class="sourceLineNo">1823</span> }<a name="line.1823"></a> |
| <span class="sourceLineNo">1824</span> };<a name="line.1824"></a> |
| <span class="sourceLineNo">1825</span><a name="line.1825"></a> |
| <span class="sourceLineNo">1826</span> AccessTestAction columnRead = new AccessTestAction() {<a name="line.1826"></a> |
| <span class="sourceLineNo">1827</span> @Override<a name="line.1827"></a> |
| <span class="sourceLineNo">1828</span> public Void run() throws Exception {<a name="line.1828"></a> |
| <span class="sourceLineNo">1829</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);<a name="line.1829"></a> |
| <span class="sourceLineNo">1830</span> return null;<a name="line.1830"></a> |
| <span class="sourceLineNo">1831</span> }<a name="line.1831"></a> |
| <span class="sourceLineNo">1832</span> };<a name="line.1832"></a> |
| <span class="sourceLineNo">1833</span><a name="line.1833"></a> |
| <span class="sourceLineNo">1834</span> AccessTestAction qualifierRead = new AccessTestAction() {<a name="line.1834"></a> |
| <span class="sourceLineNo">1835</span> @Override<a name="line.1835"></a> |
| <span class="sourceLineNo">1836</span> public Void run() throws Exception {<a name="line.1836"></a> |
| <span class="sourceLineNo">1837</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);<a name="line.1837"></a> |
| <span class="sourceLineNo">1838</span> return null;<a name="line.1838"></a> |
| <span class="sourceLineNo">1839</span> }<a name="line.1839"></a> |
| <span class="sourceLineNo">1840</span> };<a name="line.1840"></a> |
| <span class="sourceLineNo">1841</span><a name="line.1841"></a> |
| <span class="sourceLineNo">1842</span> AccessTestAction multiQualifierRead = new AccessTestAction() {<a name="line.1842"></a> |
| <span class="sourceLineNo">1843</span> @Override<a name="line.1843"></a> |
| <span class="sourceLineNo">1844</span> public Void run() throws Exception {<a name="line.1844"></a> |
| <span class="sourceLineNo">1845</span> checkTablePerms(TEST_UTIL,<a name="line.1845"></a> |
| <span class="sourceLineNo">1846</span> new Permission[] {<a name="line.1846"></a> |
| <span class="sourceLineNo">1847</span> Permission.newBuilder(TEST_TABLE).withFamily(TEST_FAMILY).withQualifier(TEST_Q1)<a name="line.1847"></a> |
| <span class="sourceLineNo">1848</span> .withActions(Permission.Action.READ).build(),<a name="line.1848"></a> |
| <span class="sourceLineNo">1849</span> Permission.newBuilder(TEST_TABLE).withFamily(TEST_FAMILY).withQualifier(TEST_Q2)<a name="line.1849"></a> |
| <span class="sourceLineNo">1850</span> .withActions(Permission.Action.READ).build(), });<a name="line.1850"></a> |
| <span class="sourceLineNo">1851</span> return null;<a name="line.1851"></a> |
| <span class="sourceLineNo">1852</span> }<a name="line.1852"></a> |
| <span class="sourceLineNo">1853</span> };<a name="line.1853"></a> |
| <span class="sourceLineNo">1854</span><a name="line.1854"></a> |
| <span class="sourceLineNo">1855</span> AccessTestAction globalAndTableRead = new AccessTestAction() {<a name="line.1855"></a> |
| <span class="sourceLineNo">1856</span> @Override<a name="line.1856"></a> |
| <span class="sourceLineNo">1857</span> public Void run() throws Exception {<a name="line.1857"></a> |
| <span class="sourceLineNo">1858</span> checkTablePerms(TEST_UTIL, new Permission[] { new Permission(Permission.Action.READ),<a name="line.1858"></a> |
| <span class="sourceLineNo">1859</span> Permission.newBuilder(TEST_TABLE).withActions(Permission.Action.READ).build() });<a name="line.1859"></a> |
| <span class="sourceLineNo">1860</span> return null;<a name="line.1860"></a> |
| <span class="sourceLineNo">1861</span> }<a name="line.1861"></a> |
| <span class="sourceLineNo">1862</span> };<a name="line.1862"></a> |
| <span class="sourceLineNo">1863</span><a name="line.1863"></a> |
| <span class="sourceLineNo">1864</span> AccessTestAction noCheck = new AccessTestAction() {<a name="line.1864"></a> |
| <span class="sourceLineNo">1865</span> @Override<a name="line.1865"></a> |
| <span class="sourceLineNo">1866</span> public Void run() throws Exception {<a name="line.1866"></a> |
| <span class="sourceLineNo">1867</span> checkTablePerms(TEST_UTIL, new Permission[0]);<a name="line.1867"></a> |
| <span class="sourceLineNo">1868</span> return null;<a name="line.1868"></a> |
| <span class="sourceLineNo">1869</span> }<a name="line.1869"></a> |
| <span class="sourceLineNo">1870</span> };<a name="line.1870"></a> |
| <span class="sourceLineNo">1871</span><a name="line.1871"></a> |
| <span class="sourceLineNo">1872</span> verifyAllowed(tableRead, SUPERUSER, userTable);<a name="line.1872"></a> |
| <span class="sourceLineNo">1873</span> verifyDenied(tableRead, userColumn, userQualifier);<a name="line.1873"></a> |
| <span class="sourceLineNo">1874</span><a name="line.1874"></a> |
| <span class="sourceLineNo">1875</span> verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);<a name="line.1875"></a> |
| <span class="sourceLineNo">1876</span> verifyDenied(columnRead, userQualifier);<a name="line.1876"></a> |
| <span class="sourceLineNo">1877</span><a name="line.1877"></a> |
| <span class="sourceLineNo">1878</span> verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1878"></a> |
| <span class="sourceLineNo">1879</span><a name="line.1879"></a> |
| <span class="sourceLineNo">1880</span> verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);<a name="line.1880"></a> |
| <span class="sourceLineNo">1881</span> verifyDenied(multiQualifierRead, userQualifier);<a name="line.1881"></a> |
| <span class="sourceLineNo">1882</span><a name="line.1882"></a> |
| <span class="sourceLineNo">1883</span> verifyAllowed(globalAndTableRead, SUPERUSER);<a name="line.1883"></a> |
| <span class="sourceLineNo">1884</span> verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);<a name="line.1884"></a> |
| <span class="sourceLineNo">1885</span><a name="line.1885"></a> |
| <span class="sourceLineNo">1886</span> verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1886"></a> |
| <span class="sourceLineNo">1887</span><a name="line.1887"></a> |
| <span class="sourceLineNo">1888</span> // --------------------------------------<a name="line.1888"></a> |
| <span class="sourceLineNo">1889</span> // test family level multiple permissions<a name="line.1889"></a> |
| <span class="sourceLineNo">1890</span> AccessTestAction familyReadWrite = new AccessTestAction() {<a name="line.1890"></a> |
| <span class="sourceLineNo">1891</span> @Override<a name="line.1891"></a> |
| <span class="sourceLineNo">1892</span> public Void run() throws Exception {<a name="line.1892"></a> |
| <span class="sourceLineNo">1893</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ,<a name="line.1893"></a> |
| <span class="sourceLineNo">1894</span> Permission.Action.WRITE);<a name="line.1894"></a> |
| <span class="sourceLineNo">1895</span> return null;<a name="line.1895"></a> |
| <span class="sourceLineNo">1896</span> }<a name="line.1896"></a> |
| <span class="sourceLineNo">1897</span> };<a name="line.1897"></a> |
| <span class="sourceLineNo">1898</span><a name="line.1898"></a> |
| <span class="sourceLineNo">1899</span> verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);<a name="line.1899"></a> |
| <span class="sourceLineNo">1900</span> verifyDenied(familyReadWrite, USER_NONE, USER_RO);<a name="line.1900"></a> |
| <span class="sourceLineNo">1901</span><a name="line.1901"></a> |
| <span class="sourceLineNo">1902</span> // --------------------------------------<a name="line.1902"></a> |
| <span class="sourceLineNo">1903</span> // check for wrong table region<a name="line.1903"></a> |
| <span class="sourceLineNo">1904</span> CheckPermissionsRequest checkRequest =<a name="line.1904"></a> |
| <span class="sourceLineNo">1905</span> CheckPermissionsRequest<a name="line.1905"></a> |
| <span class="sourceLineNo">1906</span> .newBuilder()<a name="line.1906"></a> |
| <span class="sourceLineNo">1907</span> .addPermission(<a name="line.1907"></a> |
| <span class="sourceLineNo">1908</span> AccessControlProtos.Permission<a name="line.1908"></a> |
| <span class="sourceLineNo">1909</span> .newBuilder()<a name="line.1909"></a> |
| <span class="sourceLineNo">1910</span> .setType(AccessControlProtos.Permission.Type.Table)<a name="line.1910"></a> |
| <span class="sourceLineNo">1911</span> .setTablePermission(<a name="line.1911"></a> |
| <span class="sourceLineNo">1912</span> AccessControlProtos.TablePermission.newBuilder()<a name="line.1912"></a> |
| <span class="sourceLineNo">1913</span> .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE))<a name="line.1913"></a> |
| <span class="sourceLineNo">1914</span> .addAction(AccessControlProtos.Permission.Action.CREATE))).build();<a name="line.1914"></a> |
| <span class="sourceLineNo">1915</span> Table acl = systemUserConnection.getTable(PermissionStorage.ACL_TABLE_NAME);<a name="line.1915"></a> |
| <span class="sourceLineNo">1916</span> try {<a name="line.1916"></a> |
| <span class="sourceLineNo">1917</span> BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);<a name="line.1917"></a> |
| <span class="sourceLineNo">1918</span> AccessControlService.BlockingInterface protocol =<a name="line.1918"></a> |
| <span class="sourceLineNo">1919</span> AccessControlService.newBlockingStub(channel);<a name="line.1919"></a> |
| <span class="sourceLineNo">1920</span> try {<a name="line.1920"></a> |
| <span class="sourceLineNo">1921</span> // but ask for TablePermissions for TEST_TABLE<a name="line.1921"></a> |
| <span class="sourceLineNo">1922</span> protocol.checkPermissions(null, checkRequest);<a name="line.1922"></a> |
| <span class="sourceLineNo">1923</span> fail("this should have thrown CoprocessorException");<a name="line.1923"></a> |
| <span class="sourceLineNo">1924</span> } catch (ServiceException ex) {<a name="line.1924"></a> |
| <span class="sourceLineNo">1925</span> // expected<a name="line.1925"></a> |
| <span class="sourceLineNo">1926</span> }<a name="line.1926"></a> |
| <span class="sourceLineNo">1927</span> } finally {<a name="line.1927"></a> |
| <span class="sourceLineNo">1928</span> acl.close();<a name="line.1928"></a> |
| <span class="sourceLineNo">1929</span> }<a name="line.1929"></a> |
| <span class="sourceLineNo">1930</span><a name="line.1930"></a> |
| <span class="sourceLineNo">1931</span> } finally {<a name="line.1931"></a> |
| <span class="sourceLineNo">1932</span> revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null,<a name="line.1932"></a> |
| <span class="sourceLineNo">1933</span> Permission.Action.READ);<a name="line.1933"></a> |
| <span class="sourceLineNo">1934</span> revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null,<a name="line.1934"></a> |
| <span class="sourceLineNo">1935</span> Permission.Action.READ);<a name="line.1935"></a> |
| <span class="sourceLineNo">1936</span> revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1936"></a> |
| <span class="sourceLineNo">1937</span> Permission.Action.READ);<a name="line.1937"></a> |
| <span class="sourceLineNo">1938</span> }<a name="line.1938"></a> |
| <span class="sourceLineNo">1939</span> }<a name="line.1939"></a> |
| <span class="sourceLineNo">1940</span><a name="line.1940"></a> |
| <span class="sourceLineNo">1941</span> @Test<a name="line.1941"></a> |
| <span class="sourceLineNo">1942</span> public void testStopRegionServer() throws Exception {<a name="line.1942"></a> |
| <span class="sourceLineNo">1943</span> AccessTestAction action = new AccessTestAction() {<a name="line.1943"></a> |
| <span class="sourceLineNo">1944</span> @Override<a name="line.1944"></a> |
| <span class="sourceLineNo">1945</span> public Object run() throws Exception {<a name="line.1945"></a> |
| <span class="sourceLineNo">1946</span> ACCESS_CONTROLLER.preStopRegionServer(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1946"></a> |
| <span class="sourceLineNo">1947</span> return null;<a name="line.1947"></a> |
| <span class="sourceLineNo">1948</span> }<a name="line.1948"></a> |
| <span class="sourceLineNo">1949</span> };<a name="line.1949"></a> |
| <span class="sourceLineNo">1950</span><a name="line.1950"></a> |
| <span class="sourceLineNo">1951</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1951"></a> |
| <span class="sourceLineNo">1952</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1952"></a> |
| <span class="sourceLineNo">1953</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1953"></a> |
| <span class="sourceLineNo">1954</span> }<a name="line.1954"></a> |
| <span class="sourceLineNo">1955</span><a name="line.1955"></a> |
| <span class="sourceLineNo">1956</span> @Test<a name="line.1956"></a> |
| <span class="sourceLineNo">1957</span> public void testRollWALWriterRequest() throws Exception {<a name="line.1957"></a> |
| <span class="sourceLineNo">1958</span> AccessTestAction action = new AccessTestAction() {<a name="line.1958"></a> |
| <span class="sourceLineNo">1959</span> @Override<a name="line.1959"></a> |
| <span class="sourceLineNo">1960</span> public Object run() throws Exception {<a name="line.1960"></a> |
| <span class="sourceLineNo">1961</span> ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1961"></a> |
| <span class="sourceLineNo">1962</span> return null;<a name="line.1962"></a> |
| <span class="sourceLineNo">1963</span> }<a name="line.1963"></a> |
| <span class="sourceLineNo">1964</span> };<a name="line.1964"></a> |
| <span class="sourceLineNo">1965</span><a name="line.1965"></a> |
| <span class="sourceLineNo">1966</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1966"></a> |
| <span class="sourceLineNo">1967</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1967"></a> |
| <span class="sourceLineNo">1968</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1968"></a> |
| <span class="sourceLineNo">1969</span> }<a name="line.1969"></a> |
| <span class="sourceLineNo">1970</span><a name="line.1970"></a> |
| <span class="sourceLineNo">1971</span> @Test<a name="line.1971"></a> |
| <span class="sourceLineNo">1972</span> public void testOpenRegion() throws Exception {<a name="line.1972"></a> |
| <span class="sourceLineNo">1973</span> AccessTestAction action = new AccessTestAction() {<a name="line.1973"></a> |
| <span class="sourceLineNo">1974</span> @Override<a name="line.1974"></a> |
| <span class="sourceLineNo">1975</span> public Object run() throws Exception {<a name="line.1975"></a> |
| <span class="sourceLineNo">1976</span> ACCESS_CONTROLLER.preOpen(ObserverContextImpl.createAndPrepare(RCP_ENV));<a name="line.1976"></a> |
| <span class="sourceLineNo">1977</span> return null;<a name="line.1977"></a> |
| <span class="sourceLineNo">1978</span> }<a name="line.1978"></a> |
| <span class="sourceLineNo">1979</span> };<a name="line.1979"></a> |
| <span class="sourceLineNo">1980</span><a name="line.1980"></a> |
| <span class="sourceLineNo">1981</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1981"></a> |
| <span class="sourceLineNo">1982</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1982"></a> |
| <span class="sourceLineNo">1983</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1983"></a> |
| <span class="sourceLineNo">1984</span> }<a name="line.1984"></a> |
| <span class="sourceLineNo">1985</span><a name="line.1985"></a> |
| <span class="sourceLineNo">1986</span> @Test<a name="line.1986"></a> |
| <span class="sourceLineNo">1987</span> public void testCloseRegion() throws Exception {<a name="line.1987"></a> |
| <span class="sourceLineNo">1988</span> AccessTestAction action = new AccessTestAction() {<a name="line.1988"></a> |
| <span class="sourceLineNo">1989</span> @Override<a name="line.1989"></a> |
| <span class="sourceLineNo">1990</span> public Object run() throws Exception {<a name="line.1990"></a> |
| <span class="sourceLineNo">1991</span> ACCESS_CONTROLLER.preClose(ObserverContextImpl.createAndPrepare(RCP_ENV), false);<a name="line.1991"></a> |
| <span class="sourceLineNo">1992</span> return null;<a name="line.1992"></a> |
| <span class="sourceLineNo">1993</span> }<a name="line.1993"></a> |
| <span class="sourceLineNo">1994</span> };<a name="line.1994"></a> |
| <span class="sourceLineNo">1995</span><a name="line.1995"></a> |
| <span class="sourceLineNo">1996</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1996"></a> |
| <span class="sourceLineNo">1997</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1997"></a> |
| <span class="sourceLineNo">1998</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1998"></a> |
| <span class="sourceLineNo">1999</span> }<a name="line.1999"></a> |
| <span class="sourceLineNo">2000</span><a name="line.2000"></a> |
| <span class="sourceLineNo">2001</span> @Test<a name="line.2001"></a> |
| <span class="sourceLineNo">2002</span> public void testSnapshot() throws Exception {<a name="line.2002"></a> |
| <span class="sourceLineNo">2003</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.2003"></a> |
| <span class="sourceLineNo">2004</span> final TableDescriptor htd = admin.getDescriptor(TEST_TABLE);<a name="line.2004"></a> |
| <span class="sourceLineNo">2005</span> final SnapshotDescription snapshot = new SnapshotDescription(<a name="line.2005"></a> |
| <span class="sourceLineNo">2006</span> TEST_TABLE.getNameAsString() + "-snapshot", TEST_TABLE);<a name="line.2006"></a> |
| <span class="sourceLineNo">2007</span> AccessTestAction snapshotAction = new AccessTestAction() {<a name="line.2007"></a> |
| <span class="sourceLineNo">2008</span> @Override<a name="line.2008"></a> |
| <span class="sourceLineNo">2009</span> public Object run() throws Exception {<a name="line.2009"></a> |
| <span class="sourceLineNo">2010</span> ACCESS_CONTROLLER.preSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2010"></a> |
| <span class="sourceLineNo">2011</span> snapshot, htd);<a name="line.2011"></a> |
| <span class="sourceLineNo">2012</span> return null;<a name="line.2012"></a> |
| <span class="sourceLineNo">2013</span> }<a name="line.2013"></a> |
| <span class="sourceLineNo">2014</span> };<a name="line.2014"></a> |
| <span class="sourceLineNo">2015</span><a name="line.2015"></a> |
| <span class="sourceLineNo">2016</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.2016"></a> |
| <span class="sourceLineNo">2017</span> @Override<a name="line.2017"></a> |
| <span class="sourceLineNo">2018</span> public Object run() throws Exception {<a name="line.2018"></a> |
| <span class="sourceLineNo">2019</span> ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2019"></a> |
| <span class="sourceLineNo">2020</span> snapshot);<a name="line.2020"></a> |
| <span class="sourceLineNo">2021</span> return null;<a name="line.2021"></a> |
| <span class="sourceLineNo">2022</span> }<a name="line.2022"></a> |
| <span class="sourceLineNo">2023</span> };<a name="line.2023"></a> |
| <span class="sourceLineNo">2024</span><a name="line.2024"></a> |
| <span class="sourceLineNo">2025</span> AccessTestAction restoreAction = new AccessTestAction() {<a name="line.2025"></a> |
| <span class="sourceLineNo">2026</span> @Override<a name="line.2026"></a> |
| <span class="sourceLineNo">2027</span> public Object run() throws Exception {<a name="line.2027"></a> |
| <span class="sourceLineNo">2028</span> ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2028"></a> |
| <span class="sourceLineNo">2029</span> snapshot, htd);<a name="line.2029"></a> |
| <span class="sourceLineNo">2030</span> return null;<a name="line.2030"></a> |
| <span class="sourceLineNo">2031</span> }<a name="line.2031"></a> |
| <span class="sourceLineNo">2032</span> };<a name="line.2032"></a> |
| <span class="sourceLineNo">2033</span><a name="line.2033"></a> |
| <span class="sourceLineNo">2034</span> AccessTestAction cloneAction = new AccessTestAction() {<a name="line.2034"></a> |
| <span class="sourceLineNo">2035</span> @Override<a name="line.2035"></a> |
| <span class="sourceLineNo">2036</span> public Object run() throws Exception {<a name="line.2036"></a> |
| <span class="sourceLineNo">2037</span> ACCESS_CONTROLLER.preCloneSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2037"></a> |
| <span class="sourceLineNo">2038</span> snapshot, null);<a name="line.2038"></a> |
| <span class="sourceLineNo">2039</span> return null;<a name="line.2039"></a> |
| <span class="sourceLineNo">2040</span> }<a name="line.2040"></a> |
| <span class="sourceLineNo">2041</span> };<a name="line.2041"></a> |
| <span class="sourceLineNo">2042</span><a name="line.2042"></a> |
| <span class="sourceLineNo">2043</span> verifyAllowed(snapshotAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2043"></a> |
| <span class="sourceLineNo">2044</span> verifyDenied(snapshotAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2044"></a> |
| <span class="sourceLineNo">2045</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2045"></a> |
| <span class="sourceLineNo">2046</span><a name="line.2046"></a> |
| <span class="sourceLineNo">2047</span> verifyAllowed(cloneAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2047"></a> |
| <span class="sourceLineNo">2048</span> verifyDenied(deleteAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2048"></a> |
| <span class="sourceLineNo">2049</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2049"></a> |
| <span class="sourceLineNo">2050</span><a name="line.2050"></a> |
| <span class="sourceLineNo">2051</span> verifyAllowed(restoreAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2051"></a> |
| <span class="sourceLineNo">2052</span> verifyDenied(restoreAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2052"></a> |
| <span class="sourceLineNo">2053</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2053"></a> |
| <span class="sourceLineNo">2054</span><a name="line.2054"></a> |
| <span class="sourceLineNo">2055</span> verifyAllowed(deleteAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2055"></a> |
| <span class="sourceLineNo">2056</span> verifyDenied(cloneAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2056"></a> |
| <span class="sourceLineNo">2057</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2057"></a> |
| <span class="sourceLineNo">2058</span> }<a name="line.2058"></a> |
| <span class="sourceLineNo">2059</span><a name="line.2059"></a> |
| <span class="sourceLineNo">2060</span> @Test<a name="line.2060"></a> |
| <span class="sourceLineNo">2061</span> public void testSnapshotWithOwner() throws Exception {<a name="line.2061"></a> |
| <span class="sourceLineNo">2062</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.2062"></a> |
| <span class="sourceLineNo">2063</span> final TableDescriptor htd = admin.getDescriptor(TEST_TABLE);<a name="line.2063"></a> |
| <span class="sourceLineNo">2064</span> final SnapshotDescription snapshot = new SnapshotDescription(<a name="line.2064"></a> |
| <span class="sourceLineNo">2065</span> TEST_TABLE.getNameAsString() + "-snapshot", TEST_TABLE, null, USER_OWNER.getName());<a name="line.2065"></a> |
| <span class="sourceLineNo">2066</span><a name="line.2066"></a> |
| <span class="sourceLineNo">2067</span> AccessTestAction snapshotAction = new AccessTestAction() {<a name="line.2067"></a> |
| <span class="sourceLineNo">2068</span> @Override<a name="line.2068"></a> |
| <span class="sourceLineNo">2069</span> public Object run() throws Exception {<a name="line.2069"></a> |
| <span class="sourceLineNo">2070</span> ACCESS_CONTROLLER.preSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2070"></a> |
| <span class="sourceLineNo">2071</span> snapshot, htd);<a name="line.2071"></a> |
| <span class="sourceLineNo">2072</span> return null;<a name="line.2072"></a> |
| <span class="sourceLineNo">2073</span> }<a name="line.2073"></a> |
| <span class="sourceLineNo">2074</span> };<a name="line.2074"></a> |
| <span class="sourceLineNo">2075</span> verifyAllowed(snapshotAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2075"></a> |
| <span class="sourceLineNo">2076</span> verifyDenied(snapshotAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2076"></a> |
| <span class="sourceLineNo">2077</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2077"></a> |
| <span class="sourceLineNo">2078</span><a name="line.2078"></a> |
| <span class="sourceLineNo">2079</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.2079"></a> |
| <span class="sourceLineNo">2080</span> @Override<a name="line.2080"></a> |
| <span class="sourceLineNo">2081</span> public Object run() throws Exception {<a name="line.2081"></a> |
| <span class="sourceLineNo">2082</span> ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2082"></a> |
| <span class="sourceLineNo">2083</span> snapshot);<a name="line.2083"></a> |
| <span class="sourceLineNo">2084</span> return null;<a name="line.2084"></a> |
| <span class="sourceLineNo">2085</span> }<a name="line.2085"></a> |
| <span class="sourceLineNo">2086</span> };<a name="line.2086"></a> |
| <span class="sourceLineNo">2087</span> verifyAllowed(deleteAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2087"></a> |
| <span class="sourceLineNo">2088</span> verifyDenied(deleteAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2088"></a> |
| <span class="sourceLineNo">2089</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2089"></a> |
| <span class="sourceLineNo">2090</span><a name="line.2090"></a> |
| <span class="sourceLineNo">2091</span> AccessTestAction restoreAction = new AccessTestAction() {<a name="line.2091"></a> |
| <span class="sourceLineNo">2092</span> @Override<a name="line.2092"></a> |
| <span class="sourceLineNo">2093</span> public Object run() throws Exception {<a name="line.2093"></a> |
| <span class="sourceLineNo">2094</span> ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2094"></a> |
| <span class="sourceLineNo">2095</span> snapshot, htd);<a name="line.2095"></a> |
| <span class="sourceLineNo">2096</span> return null;<a name="line.2096"></a> |
| <span class="sourceLineNo">2097</span> }<a name="line.2097"></a> |
| <span class="sourceLineNo">2098</span> };<a name="line.2098"></a> |
| <span class="sourceLineNo">2099</span> verifyAllowed(restoreAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2099"></a> |
| <span class="sourceLineNo">2100</span> verifyDenied(restoreAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2100"></a> |
| <span class="sourceLineNo">2101</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2101"></a> |
| <span class="sourceLineNo">2102</span><a name="line.2102"></a> |
| <span class="sourceLineNo">2103</span> AccessTestAction cloneAction = new AccessTestAction() {<a name="line.2103"></a> |
| <span class="sourceLineNo">2104</span> @Override<a name="line.2104"></a> |
| <span class="sourceLineNo">2105</span> public Object run() throws Exception {<a name="line.2105"></a> |
| <span class="sourceLineNo">2106</span> ACCESS_CONTROLLER.preCloneSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2106"></a> |
| <span class="sourceLineNo">2107</span> snapshot, htd);<a name="line.2107"></a> |
| <span class="sourceLineNo">2108</span> return null;<a name="line.2108"></a> |
| <span class="sourceLineNo">2109</span> }<a name="line.2109"></a> |
| <span class="sourceLineNo">2110</span> };<a name="line.2110"></a> |
| <span class="sourceLineNo">2111</span> verifyAllowed(cloneAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER);<a name="line.2111"></a> |
| <span class="sourceLineNo">2112</span> verifyDenied(cloneAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2112"></a> |
| <span class="sourceLineNo">2113</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2113"></a> |
| <span class="sourceLineNo">2114</span> }<a name="line.2114"></a> |
| <span class="sourceLineNo">2115</span><a name="line.2115"></a> |
| <span class="sourceLineNo">2116</span> @Test<a name="line.2116"></a> |
| <span class="sourceLineNo">2117</span> public void testGlobalAuthorizationForNewRegisteredRS() throws Exception {<a name="line.2117"></a> |
| <span class="sourceLineNo">2118</span> LOG.debug("Test for global authorization for a new registered RegionServer.");<a name="line.2118"></a> |
| <span class="sourceLineNo">2119</span> MiniHBaseCluster hbaseCluster = TEST_UTIL.getHBaseCluster();<a name="line.2119"></a> |
| <span class="sourceLineNo">2120</span><a name="line.2120"></a> |
| <span class="sourceLineNo">2121</span> final Admin admin = TEST_UTIL.getAdmin();<a name="line.2121"></a> |
| <span class="sourceLineNo">2122</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(TEST_TABLE2)<a name="line.2122"></a> |
| <span class="sourceLineNo">2123</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(TEST_FAMILY)).build();<a name="line.2123"></a> |
| <span class="sourceLineNo">2124</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.2124"></a> |
| <span class="sourceLineNo">2125</span><a name="line.2125"></a> |
| <span class="sourceLineNo">2126</span> // Starting a new RegionServer.<a name="line.2126"></a> |
| <span class="sourceLineNo">2127</span> JVMClusterUtil.RegionServerThread newRsThread = hbaseCluster<a name="line.2127"></a> |
| <span class="sourceLineNo">2128</span> .startRegionServer();<a name="line.2128"></a> |
| <span class="sourceLineNo">2129</span> final HRegionServer newRs = newRsThread.getRegionServer();<a name="line.2129"></a> |
| <span class="sourceLineNo">2130</span><a name="line.2130"></a> |
| <span class="sourceLineNo">2131</span> // Move region to the new RegionServer.<a name="line.2131"></a> |
| <span class="sourceLineNo">2132</span> List<HRegionLocation> regions;<a name="line.2132"></a> |
| <span class="sourceLineNo">2133</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE2)) {<a name="line.2133"></a> |
| <span class="sourceLineNo">2134</span> regions = locator.getAllRegionLocations();<a name="line.2134"></a> |
| <span class="sourceLineNo">2135</span> }<a name="line.2135"></a> |
| <span class="sourceLineNo">2136</span> HRegionLocation location = regions.get(0);<a name="line.2136"></a> |
| <span class="sourceLineNo">2137</span> final RegionInfo hri = location.getRegion();<a name="line.2137"></a> |
| <span class="sourceLineNo">2138</span> final ServerName server = location.getServerName();<a name="line.2138"></a> |
| <span class="sourceLineNo">2139</span> try (Table table = systemUserConnection.getTable(TEST_TABLE2)) {<a name="line.2139"></a> |
| <span class="sourceLineNo">2140</span> AccessTestAction moveAction = new AccessTestAction() {<a name="line.2140"></a> |
| <span class="sourceLineNo">2141</span> @Override<a name="line.2141"></a> |
| <span class="sourceLineNo">2142</span> public Object run() throws Exception {<a name="line.2142"></a> |
| <span class="sourceLineNo">2143</span> admin.move(hri.getEncodedNameAsBytes(), newRs.getServerName());<a name="line.2143"></a> |
| <span class="sourceLineNo">2144</span> return null;<a name="line.2144"></a> |
| <span class="sourceLineNo">2145</span> }<a name="line.2145"></a> |
| <span class="sourceLineNo">2146</span> };<a name="line.2146"></a> |
| <span class="sourceLineNo">2147</span> SUPERUSER.runAs(moveAction);<a name="line.2147"></a> |
| <span class="sourceLineNo">2148</span><a name="line.2148"></a> |
| <span class="sourceLineNo">2149</span> final int RETRIES_LIMIT = 10;<a name="line.2149"></a> |
| <span class="sourceLineNo">2150</span> int retries = 0;<a name="line.2150"></a> |
| <span class="sourceLineNo">2151</span> while (newRs.getRegions(TEST_TABLE2).size() < 1 && retries < RETRIES_LIMIT) {<a name="line.2151"></a> |
| <span class="sourceLineNo">2152</span> LOG.debug("Waiting for region to be opened. Already retried " + retries<a name="line.2152"></a> |
| <span class="sourceLineNo">2153</span> + " times.");<a name="line.2153"></a> |
| <span class="sourceLineNo">2154</span> try {<a name="line.2154"></a> |
| <span class="sourceLineNo">2155</span> Thread.sleep(1000);<a name="line.2155"></a> |
| <span class="sourceLineNo">2156</span> } catch (InterruptedException e) {<a name="line.2156"></a> |
| <span class="sourceLineNo">2157</span> }<a name="line.2157"></a> |
| <span class="sourceLineNo">2158</span> retries++;<a name="line.2158"></a> |
| <span class="sourceLineNo">2159</span> if (retries == RETRIES_LIMIT - 1) {<a name="line.2159"></a> |
| <span class="sourceLineNo">2160</span> fail("Retry exhaust for waiting region to be opened.");<a name="line.2160"></a> |
| <span class="sourceLineNo">2161</span> }<a name="line.2161"></a> |
| <span class="sourceLineNo">2162</span> }<a name="line.2162"></a> |
| <span class="sourceLineNo">2163</span> // Verify write permission for user "admin2" who has the global<a name="line.2163"></a> |
| <span class="sourceLineNo">2164</span> // permissions.<a name="line.2164"></a> |
| <span class="sourceLineNo">2165</span> AccessTestAction putAction = new AccessTestAction() {<a name="line.2165"></a> |
| <span class="sourceLineNo">2166</span> @Override<a name="line.2166"></a> |
| <span class="sourceLineNo">2167</span> public Object run() throws Exception {<a name="line.2167"></a> |
| <span class="sourceLineNo">2168</span> Put put = new Put(Bytes.toBytes("test"));<a name="line.2168"></a> |
| <span class="sourceLineNo">2169</span> put.addColumn(TEST_FAMILY, Bytes.toBytes("qual"), Bytes.toBytes("value"));<a name="line.2169"></a> |
| <span class="sourceLineNo">2170</span> table.put(put);<a name="line.2170"></a> |
| <span class="sourceLineNo">2171</span> return null;<a name="line.2171"></a> |
| <span class="sourceLineNo">2172</span> }<a name="line.2172"></a> |
| <span class="sourceLineNo">2173</span> };<a name="line.2173"></a> |
| <span class="sourceLineNo">2174</span> USER_ADMIN.runAs(putAction);<a name="line.2174"></a> |
| <span class="sourceLineNo">2175</span> }<a name="line.2175"></a> |
| <span class="sourceLineNo">2176</span> }<a name="line.2176"></a> |
| <span class="sourceLineNo">2177</span><a name="line.2177"></a> |
| <span class="sourceLineNo">2178</span> @Test<a name="line.2178"></a> |
| <span class="sourceLineNo">2179</span> public void testTableDescriptorsEnumeration() throws Exception {<a name="line.2179"></a> |
| <span class="sourceLineNo">2180</span> User TABLE_ADMIN = User.createUserForTesting(conf, "UserA", new String[0]);<a name="line.2180"></a> |
| <span class="sourceLineNo">2181</span><a name="line.2181"></a> |
| <span class="sourceLineNo">2182</span> // Grant TABLE ADMIN privs<a name="line.2182"></a> |
| <span class="sourceLineNo">2183</span> grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,<a name="line.2183"></a> |
| <span class="sourceLineNo">2184</span> Permission.Action.ADMIN);<a name="line.2184"></a> |
| <span class="sourceLineNo">2185</span> try {<a name="line.2185"></a> |
| <span class="sourceLineNo">2186</span> AccessTestAction listTablesAction = new AccessTestAction() {<a name="line.2186"></a> |
| <span class="sourceLineNo">2187</span> @Override<a name="line.2187"></a> |
| <span class="sourceLineNo">2188</span> public Object run() throws Exception {<a name="line.2188"></a> |
| <span class="sourceLineNo">2189</span> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2189"></a> |
| <span class="sourceLineNo">2190</span> Admin admin = conn.getAdmin()) {<a name="line.2190"></a> |
| <span class="sourceLineNo">2191</span> return admin.listTableDescriptors();<a name="line.2191"></a> |
| <span class="sourceLineNo">2192</span> }<a name="line.2192"></a> |
| <span class="sourceLineNo">2193</span> }<a name="line.2193"></a> |
| <span class="sourceLineNo">2194</span> };<a name="line.2194"></a> |
| <span class="sourceLineNo">2195</span><a name="line.2195"></a> |
| <span class="sourceLineNo">2196</span> AccessTestAction getTableDescAction = new AccessTestAction() {<a name="line.2196"></a> |
| <span class="sourceLineNo">2197</span> @Override<a name="line.2197"></a> |
| <span class="sourceLineNo">2198</span> public Object run() throws Exception {<a name="line.2198"></a> |
| <span class="sourceLineNo">2199</span> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2199"></a> |
| <span class="sourceLineNo">2200</span> Admin admin = conn.getAdmin()) {<a name="line.2200"></a> |
| <span class="sourceLineNo">2201</span> return admin.getDescriptor(TEST_TABLE);<a name="line.2201"></a> |
| <span class="sourceLineNo">2202</span> }<a name="line.2202"></a> |
| <span class="sourceLineNo">2203</span> }<a name="line.2203"></a> |
| <span class="sourceLineNo">2204</span> };<a name="line.2204"></a> |
| <span class="sourceLineNo">2205</span><a name="line.2205"></a> |
| <span class="sourceLineNo">2206</span> verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, TABLE_ADMIN,<a name="line.2206"></a> |
| <span class="sourceLineNo">2207</span> USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.2207"></a> |
| <span class="sourceLineNo">2208</span> verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2208"></a> |
| <span class="sourceLineNo">2209</span> USER_GROUP_WRITE);<a name="line.2209"></a> |
| <span class="sourceLineNo">2210</span><a name="line.2210"></a> |
| <span class="sourceLineNo">2211</span> verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER,<a name="line.2211"></a> |
| <span class="sourceLineNo">2212</span> TABLE_ADMIN, USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.2212"></a> |
| <span class="sourceLineNo">2213</span> verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2213"></a> |
| <span class="sourceLineNo">2214</span> USER_GROUP_WRITE);<a name="line.2214"></a> |
| <span class="sourceLineNo">2215</span> } finally {<a name="line.2215"></a> |
| <span class="sourceLineNo">2216</span> // Cleanup, revoke TABLE ADMIN privs<a name="line.2216"></a> |
| <span class="sourceLineNo">2217</span> revokeFromTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,<a name="line.2217"></a> |
| <span class="sourceLineNo">2218</span> Permission.Action.ADMIN);<a name="line.2218"></a> |
| <span class="sourceLineNo">2219</span> }<a name="line.2219"></a> |
| <span class="sourceLineNo">2220</span> }<a name="line.2220"></a> |
| <span class="sourceLineNo">2221</span><a name="line.2221"></a> |
| <span class="sourceLineNo">2222</span> @Test<a name="line.2222"></a> |
| <span class="sourceLineNo">2223</span> public void testTableNameEnumeration() throws Exception {<a name="line.2223"></a> |
| <span class="sourceLineNo">2224</span> AccessTestAction listTablesAction = new AccessTestAction() {<a name="line.2224"></a> |
| <span class="sourceLineNo">2225</span> @Override<a name="line.2225"></a> |
| <span class="sourceLineNo">2226</span> public Object run() throws Exception {<a name="line.2226"></a> |
| <span class="sourceLineNo">2227</span> Connection unmanagedConnection =<a name="line.2227"></a> |
| <span class="sourceLineNo">2228</span> ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2228"></a> |
| <span class="sourceLineNo">2229</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.2229"></a> |
| <span class="sourceLineNo">2230</span> try {<a name="line.2230"></a> |
| <span class="sourceLineNo">2231</span> return Arrays.asList(admin.listTableNames());<a name="line.2231"></a> |
| <span class="sourceLineNo">2232</span> } finally {<a name="line.2232"></a> |
| <span class="sourceLineNo">2233</span> admin.close();<a name="line.2233"></a> |
| <span class="sourceLineNo">2234</span> unmanagedConnection.close();<a name="line.2234"></a> |
| <span class="sourceLineNo">2235</span> }<a name="line.2235"></a> |
| <span class="sourceLineNo">2236</span> }<a name="line.2236"></a> |
| <span class="sourceLineNo">2237</span> };<a name="line.2237"></a> |
| <span class="sourceLineNo">2238</span><a name="line.2238"></a> |
| <span class="sourceLineNo">2239</span> verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_RW,<a name="line.2239"></a> |
| <span class="sourceLineNo">2240</span> USER_RO, USER_GROUP_CREATE, USER_GROUP_ADMIN, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.2240"></a> |
| <span class="sourceLineNo">2241</span> verifyIfEmptyList(listTablesAction, USER_NONE);<a name="line.2241"></a> |
| <span class="sourceLineNo">2242</span> }<a name="line.2242"></a> |
| <span class="sourceLineNo">2243</span><a name="line.2243"></a> |
| <span class="sourceLineNo">2244</span> @Test<a name="line.2244"></a> |
| <span class="sourceLineNo">2245</span> public void testTableDeletion() throws Exception {<a name="line.2245"></a> |
| <span class="sourceLineNo">2246</span> User TABLE_ADMIN = User.createUserForTesting(conf, "TestUser", new String[0]);<a name="line.2246"></a> |
| <span class="sourceLineNo">2247</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.2247"></a> |
| <span class="sourceLineNo">2248</span> createTestTable(tableName);<a name="line.2248"></a> |
| <span class="sourceLineNo">2249</span><a name="line.2249"></a> |
| <span class="sourceLineNo">2250</span> // Grant TABLE ADMIN privs<a name="line.2250"></a> |
| <span class="sourceLineNo">2251</span> grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), tableName, null, null, Permission.Action.ADMIN);<a name="line.2251"></a> |
| <span class="sourceLineNo">2252</span><a name="line.2252"></a> |
| <span class="sourceLineNo">2253</span> AccessTestAction deleteTableAction = new AccessTestAction() {<a name="line.2253"></a> |
| <span class="sourceLineNo">2254</span> @Override<a name="line.2254"></a> |
| <span class="sourceLineNo">2255</span> public Object run() throws Exception {<a name="line.2255"></a> |
| <span class="sourceLineNo">2256</span> Connection unmanagedConnection =<a name="line.2256"></a> |
| <span class="sourceLineNo">2257</span> ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2257"></a> |
| <span class="sourceLineNo">2258</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.2258"></a> |
| <span class="sourceLineNo">2259</span> try {<a name="line.2259"></a> |
| <span class="sourceLineNo">2260</span> deleteTable(TEST_UTIL, admin, tableName);<a name="line.2260"></a> |
| <span class="sourceLineNo">2261</span> } finally {<a name="line.2261"></a> |
| <span class="sourceLineNo">2262</span> admin.close();<a name="line.2262"></a> |
| <span class="sourceLineNo">2263</span> unmanagedConnection.close();<a name="line.2263"></a> |
| <span class="sourceLineNo">2264</span> }<a name="line.2264"></a> |
| <span class="sourceLineNo">2265</span> return null;<a name="line.2265"></a> |
| <span class="sourceLineNo">2266</span> }<a name="line.2266"></a> |
| <span class="sourceLineNo">2267</span> };<a name="line.2267"></a> |
| <span class="sourceLineNo">2268</span><a name="line.2268"></a> |
| <span class="sourceLineNo">2269</span> verifyDenied(deleteTableAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2269"></a> |
| <span class="sourceLineNo">2270</span> USER_GROUP_WRITE);<a name="line.2270"></a> |
| <span class="sourceLineNo">2271</span> verifyAllowed(deleteTableAction, TABLE_ADMIN);<a name="line.2271"></a> |
| <span class="sourceLineNo">2272</span> }<a name="line.2272"></a> |
| <span class="sourceLineNo">2273</span><a name="line.2273"></a> |
| <span class="sourceLineNo">2274</span> private void createTestTable(TableName tname) throws Exception {<a name="line.2274"></a> |
| <span class="sourceLineNo">2275</span> createTestTable(tname, TEST_FAMILY);<a name="line.2275"></a> |
| <span class="sourceLineNo">2276</span> }<a name="line.2276"></a> |
| <span class="sourceLineNo">2277</span><a name="line.2277"></a> |
| <span class="sourceLineNo">2278</span> private void createTestTable(TableName tname, byte[] cf) throws Exception {<a name="line.2278"></a> |
| <span class="sourceLineNo">2279</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tname)<a name="line.2279"></a> |
| <span class="sourceLineNo">2280</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.newBuilder(cf).setMaxVersions(100).build())<a name="line.2280"></a> |
| <span class="sourceLineNo">2281</span> .setOwner(USER_OWNER).build();<a name="line.2281"></a> |
| <span class="sourceLineNo">2282</span> createTable(TEST_UTIL, tableDescriptor, new byte[][] { Bytes.toBytes("s") });<a name="line.2282"></a> |
| <span class="sourceLineNo">2283</span> }<a name="line.2283"></a> |
| <span class="sourceLineNo">2284</span><a name="line.2284"></a> |
| <span class="sourceLineNo">2285</span> @Test<a name="line.2285"></a> |
| <span class="sourceLineNo">2286</span> public void testNamespaceUserGrant() throws Exception {<a name="line.2286"></a> |
| <span class="sourceLineNo">2287</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2287"></a> |
| <span class="sourceLineNo">2288</span> @Override<a name="line.2288"></a> |
| <span class="sourceLineNo">2289</span> public Object run() throws Exception {<a name="line.2289"></a> |
| <span class="sourceLineNo">2290</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2290"></a> |
| <span class="sourceLineNo">2291</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2291"></a> |
| <span class="sourceLineNo">2292</span> return t.get(new Get(TEST_ROW));<a name="line.2292"></a> |
| <span class="sourceLineNo">2293</span> }<a name="line.2293"></a> |
| <span class="sourceLineNo">2294</span> }<a name="line.2294"></a> |
| <span class="sourceLineNo">2295</span> };<a name="line.2295"></a> |
| <span class="sourceLineNo">2296</span><a name="line.2296"></a> |
| <span class="sourceLineNo">2297</span> String namespace = TEST_TABLE.getNamespaceAsString();<a name="line.2297"></a> |
| <span class="sourceLineNo">2298</span><a name="line.2298"></a> |
| <span class="sourceLineNo">2299</span> // Grant namespace READ to USER_NONE, this should supersede any table permissions<a name="line.2299"></a> |
| <span class="sourceLineNo">2300</span> grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);<a name="line.2300"></a> |
| <span class="sourceLineNo">2301</span> // Now USER_NONE should be able to read<a name="line.2301"></a> |
| <span class="sourceLineNo">2302</span> verifyAllowed(getAction, USER_NONE);<a name="line.2302"></a> |
| <span class="sourceLineNo">2303</span><a name="line.2303"></a> |
| <span class="sourceLineNo">2304</span> // Revoke namespace READ to USER_NONE<a name="line.2304"></a> |
| <span class="sourceLineNo">2305</span> revokeFromNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);<a name="line.2305"></a> |
| <span class="sourceLineNo">2306</span> verifyDenied(getAction, USER_NONE);<a name="line.2306"></a> |
| <span class="sourceLineNo">2307</span> }<a name="line.2307"></a> |
| <span class="sourceLineNo">2308</span><a name="line.2308"></a> |
| <span class="sourceLineNo">2309</span> @Test<a name="line.2309"></a> |
| <span class="sourceLineNo">2310</span> public void testAccessControlClientGrantRevoke() throws Exception {<a name="line.2310"></a> |
| <span class="sourceLineNo">2311</span> // Create user for testing, who has no READ privileges by default.<a name="line.2311"></a> |
| <span class="sourceLineNo">2312</span> User testGrantRevoke = User.createUserForTesting(conf, "testGrantRevoke", new String[0]);<a name="line.2312"></a> |
| <span class="sourceLineNo">2313</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2313"></a> |
| <span class="sourceLineNo">2314</span> @Override<a name="line.2314"></a> |
| <span class="sourceLineNo">2315</span> public Object run() throws Exception {<a name="line.2315"></a> |
| <span class="sourceLineNo">2316</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2316"></a> |
| <span class="sourceLineNo">2317</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2317"></a> |
| <span class="sourceLineNo">2318</span> return t.get(new Get(TEST_ROW));<a name="line.2318"></a> |
| <span class="sourceLineNo">2319</span> }<a name="line.2319"></a> |
| <span class="sourceLineNo">2320</span> }<a name="line.2320"></a> |
| <span class="sourceLineNo">2321</span> };<a name="line.2321"></a> |
| <span class="sourceLineNo">2322</span><a name="line.2322"></a> |
| <span class="sourceLineNo">2323</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2323"></a> |
| <span class="sourceLineNo">2324</span><a name="line.2324"></a> |
| <span class="sourceLineNo">2325</span> // Grant table READ permissions to testGrantRevoke.<a name="line.2325"></a> |
| <span class="sourceLineNo">2326</span> try {<a name="line.2326"></a> |
| <span class="sourceLineNo">2327</span> grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection,<a name="line.2327"></a> |
| <span class="sourceLineNo">2328</span> testGrantRevoke.getShortName(), TEST_TABLE, null, null, Permission.Action.READ);<a name="line.2328"></a> |
| <span class="sourceLineNo">2329</span> } catch (Throwable e) {<a name="line.2329"></a> |
| <span class="sourceLineNo">2330</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2330"></a> |
| <span class="sourceLineNo">2331</span> }<a name="line.2331"></a> |
| <span class="sourceLineNo">2332</span><a name="line.2332"></a> |
| <span class="sourceLineNo">2333</span> // Now testGrantRevoke should be able to read also<a name="line.2333"></a> |
| <span class="sourceLineNo">2334</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2334"></a> |
| <span class="sourceLineNo">2335</span><a name="line.2335"></a> |
| <span class="sourceLineNo">2336</span> // Revoke table READ permission to testGrantRevoke.<a name="line.2336"></a> |
| <span class="sourceLineNo">2337</span> try {<a name="line.2337"></a> |
| <span class="sourceLineNo">2338</span> revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection,<a name="line.2338"></a> |
| <span class="sourceLineNo">2339</span> testGrantRevoke.getShortName(), TEST_TABLE, null, null, Permission.Action.READ);<a name="line.2339"></a> |
| <span class="sourceLineNo">2340</span> } catch (Throwable e) {<a name="line.2340"></a> |
| <span class="sourceLineNo">2341</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2341"></a> |
| <span class="sourceLineNo">2342</span> }<a name="line.2342"></a> |
| <span class="sourceLineNo">2343</span><a name="line.2343"></a> |
| <span class="sourceLineNo">2344</span> // Now testGrantRevoke shouldn't be able read<a name="line.2344"></a> |
| <span class="sourceLineNo">2345</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2345"></a> |
| <span class="sourceLineNo">2346</span> }<a name="line.2346"></a> |
| <span class="sourceLineNo">2347</span><a name="line.2347"></a> |
| <span class="sourceLineNo">2348</span> @Test<a name="line.2348"></a> |
| <span class="sourceLineNo">2349</span> public void testAccessControlClientGlobalGrantRevoke() throws Exception {<a name="line.2349"></a> |
| <span class="sourceLineNo">2350</span> // Create user for testing, who has no READ privileges by default.<a name="line.2350"></a> |
| <span class="sourceLineNo">2351</span> User testGlobalGrantRevoke = User.createUserForTesting(conf,<a name="line.2351"></a> |
| <span class="sourceLineNo">2352</span> "testGlobalGrantRevoke", new String[0]);<a name="line.2352"></a> |
| <span class="sourceLineNo">2353</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2353"></a> |
| <span class="sourceLineNo">2354</span> @Override<a name="line.2354"></a> |
| <span class="sourceLineNo">2355</span> public Object run() throws Exception {<a name="line.2355"></a> |
| <span class="sourceLineNo">2356</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2356"></a> |
| <span class="sourceLineNo">2357</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2357"></a> |
| <span class="sourceLineNo">2358</span> return t.get(new Get(TEST_ROW));<a name="line.2358"></a> |
| <span class="sourceLineNo">2359</span> }<a name="line.2359"></a> |
| <span class="sourceLineNo">2360</span> }<a name="line.2360"></a> |
| <span class="sourceLineNo">2361</span> };<a name="line.2361"></a> |
| <span class="sourceLineNo">2362</span><a name="line.2362"></a> |
| <span class="sourceLineNo">2363</span> verifyDenied(getAction, testGlobalGrantRevoke);<a name="line.2363"></a> |
| <span class="sourceLineNo">2364</span><a name="line.2364"></a> |
| <span class="sourceLineNo">2365</span> // Grant table READ permissions to testGlobalGrantRevoke.<a name="line.2365"></a> |
| <span class="sourceLineNo">2366</span> String userName = testGlobalGrantRevoke.getShortName();<a name="line.2366"></a> |
| <span class="sourceLineNo">2367</span> try {<a name="line.2367"></a> |
| <span class="sourceLineNo">2368</span> grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2368"></a> |
| <span class="sourceLineNo">2369</span> Permission.Action.READ);<a name="line.2369"></a> |
| <span class="sourceLineNo">2370</span> } catch (Throwable e) {<a name="line.2370"></a> |
| <span class="sourceLineNo">2371</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2371"></a> |
| <span class="sourceLineNo">2372</span> }<a name="line.2372"></a> |
| <span class="sourceLineNo">2373</span> try {<a name="line.2373"></a> |
| <span class="sourceLineNo">2374</span> // Now testGlobalGrantRevoke should be able to read also<a name="line.2374"></a> |
| <span class="sourceLineNo">2375</span> verifyAllowed(getAction, testGlobalGrantRevoke);<a name="line.2375"></a> |
| <span class="sourceLineNo">2376</span> } catch (Exception e) {<a name="line.2376"></a> |
| <span class="sourceLineNo">2377</span> revokeGlobal(TEST_UTIL, userName, Permission.Action.READ);<a name="line.2377"></a> |
| <span class="sourceLineNo">2378</span> throw e;<a name="line.2378"></a> |
| <span class="sourceLineNo">2379</span> }<a name="line.2379"></a> |
| <span class="sourceLineNo">2380</span><a name="line.2380"></a> |
| <span class="sourceLineNo">2381</span> // Revoke table READ permission to testGlobalGrantRevoke.<a name="line.2381"></a> |
| <span class="sourceLineNo">2382</span> try {<a name="line.2382"></a> |
| <span class="sourceLineNo">2383</span> revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2383"></a> |
| <span class="sourceLineNo">2384</span> Permission.Action.READ);<a name="line.2384"></a> |
| <span class="sourceLineNo">2385</span> } catch (Throwable e) {<a name="line.2385"></a> |
| <span class="sourceLineNo">2386</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2386"></a> |
| <span class="sourceLineNo">2387</span> }<a name="line.2387"></a> |
| <span class="sourceLineNo">2388</span><a name="line.2388"></a> |
| <span class="sourceLineNo">2389</span> // Now testGlobalGrantRevoke shouldn't be able read<a name="line.2389"></a> |
| <span class="sourceLineNo">2390</span> verifyDenied(getAction, testGlobalGrantRevoke);<a name="line.2390"></a> |
| <span class="sourceLineNo">2391</span><a name="line.2391"></a> |
| <span class="sourceLineNo">2392</span> }<a name="line.2392"></a> |
| <span class="sourceLineNo">2393</span><a name="line.2393"></a> |
| <span class="sourceLineNo">2394</span> @Test<a name="line.2394"></a> |
| <span class="sourceLineNo">2395</span> public void testAccessControlClientMultiGrantRevoke() throws Exception {<a name="line.2395"></a> |
| <span class="sourceLineNo">2396</span> User testGrantRevoke =<a name="line.2396"></a> |
| <span class="sourceLineNo">2397</span> User.createUserForTesting(conf, "testGrantRevoke", new String[0]);<a name="line.2397"></a> |
| <span class="sourceLineNo">2398</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2398"></a> |
| <span class="sourceLineNo">2399</span> @Override<a name="line.2399"></a> |
| <span class="sourceLineNo">2400</span> public Object run() throws Exception {<a name="line.2400"></a> |
| <span class="sourceLineNo">2401</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2401"></a> |
| <span class="sourceLineNo">2402</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2402"></a> |
| <span class="sourceLineNo">2403</span> return t.get(new Get(TEST_ROW));<a name="line.2403"></a> |
| <span class="sourceLineNo">2404</span> }<a name="line.2404"></a> |
| <span class="sourceLineNo">2405</span> }<a name="line.2405"></a> |
| <span class="sourceLineNo">2406</span> };<a name="line.2406"></a> |
| <span class="sourceLineNo">2407</span><a name="line.2407"></a> |
| <span class="sourceLineNo">2408</span> AccessTestAction putAction = new AccessTestAction() {<a name="line.2408"></a> |
| <span class="sourceLineNo">2409</span> @Override<a name="line.2409"></a> |
| <span class="sourceLineNo">2410</span> public Object run() throws Exception {<a name="line.2410"></a> |
| <span class="sourceLineNo">2411</span> Put p = new Put(TEST_ROW);<a name="line.2411"></a> |
| <span class="sourceLineNo">2412</span> p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));<a name="line.2412"></a> |
| <span class="sourceLineNo">2413</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2413"></a> |
| <span class="sourceLineNo">2414</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2414"></a> |
| <span class="sourceLineNo">2415</span> t.put(p);<a name="line.2415"></a> |
| <span class="sourceLineNo">2416</span> return null;<a name="line.2416"></a> |
| <span class="sourceLineNo">2417</span> }<a name="line.2417"></a> |
| <span class="sourceLineNo">2418</span> }<a name="line.2418"></a> |
| <span class="sourceLineNo">2419</span> };<a name="line.2419"></a> |
| <span class="sourceLineNo">2420</span><a name="line.2420"></a> |
| <span class="sourceLineNo">2421</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2421"></a> |
| <span class="sourceLineNo">2422</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2422"></a> |
| <span class="sourceLineNo">2423</span><a name="line.2423"></a> |
| <span class="sourceLineNo">2424</span> // Grant global READ permissions to testGrantRevoke.<a name="line.2424"></a> |
| <span class="sourceLineNo">2425</span> String userName = testGrantRevoke.getShortName();<a name="line.2425"></a> |
| <span class="sourceLineNo">2426</span> try {<a name="line.2426"></a> |
| <span class="sourceLineNo">2427</span> grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2427"></a> |
| <span class="sourceLineNo">2428</span> Permission.Action.READ);<a name="line.2428"></a> |
| <span class="sourceLineNo">2429</span> } catch (Throwable e) {<a name="line.2429"></a> |
| <span class="sourceLineNo">2430</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2430"></a> |
| <span class="sourceLineNo">2431</span> }<a name="line.2431"></a> |
| <span class="sourceLineNo">2432</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2432"></a> |
| <span class="sourceLineNo">2433</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2433"></a> |
| <span class="sourceLineNo">2434</span><a name="line.2434"></a> |
| <span class="sourceLineNo">2435</span> // Grant global WRITE permissions to testGrantRevoke.<a name="line.2435"></a> |
| <span class="sourceLineNo">2436</span> try {<a name="line.2436"></a> |
| <span class="sourceLineNo">2437</span> grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2437"></a> |
| <span class="sourceLineNo">2438</span> Permission.Action.WRITE);<a name="line.2438"></a> |
| <span class="sourceLineNo">2439</span> } catch (Throwable e) {<a name="line.2439"></a> |
| <span class="sourceLineNo">2440</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2440"></a> |
| <span class="sourceLineNo">2441</span> }<a name="line.2441"></a> |
| <span class="sourceLineNo">2442</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2442"></a> |
| <span class="sourceLineNo">2443</span> verifyAllowed(putAction, testGrantRevoke);<a name="line.2443"></a> |
| <span class="sourceLineNo">2444</span><a name="line.2444"></a> |
| <span class="sourceLineNo">2445</span> // Revoke global READ permission to testGrantRevoke.<a name="line.2445"></a> |
| <span class="sourceLineNo">2446</span> try {<a name="line.2446"></a> |
| <span class="sourceLineNo">2447</span> revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2447"></a> |
| <span class="sourceLineNo">2448</span> Permission.Action.READ, Permission.Action.WRITE);<a name="line.2448"></a> |
| <span class="sourceLineNo">2449</span> } catch (Throwable e) {<a name="line.2449"></a> |
| <span class="sourceLineNo">2450</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2450"></a> |
| <span class="sourceLineNo">2451</span> }<a name="line.2451"></a> |
| <span class="sourceLineNo">2452</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2452"></a> |
| <span class="sourceLineNo">2453</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2453"></a> |
| <span class="sourceLineNo">2454</span><a name="line.2454"></a> |
| <span class="sourceLineNo">2455</span> // Grant table READ & WRITE permissions to testGrantRevoke<a name="line.2455"></a> |
| <span class="sourceLineNo">2456</span> try {<a name="line.2456"></a> |
| <span class="sourceLineNo">2457</span> grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName, TEST_TABLE,<a name="line.2457"></a> |
| <span class="sourceLineNo">2458</span> null, null, Permission.Action.READ);<a name="line.2458"></a> |
| <span class="sourceLineNo">2459</span> } catch (Throwable e) {<a name="line.2459"></a> |
| <span class="sourceLineNo">2460</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2460"></a> |
| <span class="sourceLineNo">2461</span> }<a name="line.2461"></a> |
| <span class="sourceLineNo">2462</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2462"></a> |
| <span class="sourceLineNo">2463</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2463"></a> |
| <span class="sourceLineNo">2464</span><a name="line.2464"></a> |
| <span class="sourceLineNo">2465</span> // Grant table WRITE permissions to testGrantRevoke<a name="line.2465"></a> |
| <span class="sourceLineNo">2466</span> try {<a name="line.2466"></a> |
| <span class="sourceLineNo">2467</span> grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName, TEST_TABLE,<a name="line.2467"></a> |
| <span class="sourceLineNo">2468</span> null, null, Action.WRITE);<a name="line.2468"></a> |
| <span class="sourceLineNo">2469</span> } catch (Throwable e) {<a name="line.2469"></a> |
| <span class="sourceLineNo">2470</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2470"></a> |
| <span class="sourceLineNo">2471</span> }<a name="line.2471"></a> |
| <span class="sourceLineNo">2472</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2472"></a> |
| <span class="sourceLineNo">2473</span> verifyAllowed(putAction, testGrantRevoke);<a name="line.2473"></a> |
| <span class="sourceLineNo">2474</span><a name="line.2474"></a> |
| <span class="sourceLineNo">2475</span> // Revoke table READ & WRITE permission to testGrantRevoke.<a name="line.2475"></a> |
| <span class="sourceLineNo">2476</span> try {<a name="line.2476"></a> |
| <span class="sourceLineNo">2477</span> revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName, TEST_TABLE, null, null,<a name="line.2477"></a> |
| <span class="sourceLineNo">2478</span> Permission.Action.READ, Permission.Action.WRITE);<a name="line.2478"></a> |
| <span class="sourceLineNo">2479</span> } catch (Throwable e) {<a name="line.2479"></a> |
| <span class="sourceLineNo">2480</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2480"></a> |
| <span class="sourceLineNo">2481</span> }<a name="line.2481"></a> |
| <span class="sourceLineNo">2482</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2482"></a> |
| <span class="sourceLineNo">2483</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2483"></a> |
| <span class="sourceLineNo">2484</span><a name="line.2484"></a> |
| <span class="sourceLineNo">2485</span> // Grant Namespace READ permissions to testGrantRevoke<a name="line.2485"></a> |
| <span class="sourceLineNo">2486</span> String namespace = TEST_TABLE.getNamespaceAsString();<a name="line.2486"></a> |
| <span class="sourceLineNo">2487</span> try {<a name="line.2487"></a> |
| <span class="sourceLineNo">2488</span> grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2488"></a> |
| <span class="sourceLineNo">2489</span> namespace, Permission.Action.READ);<a name="line.2489"></a> |
| <span class="sourceLineNo">2490</span> } catch (Throwable e) {<a name="line.2490"></a> |
| <span class="sourceLineNo">2491</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2491"></a> |
| <span class="sourceLineNo">2492</span> }<a name="line.2492"></a> |
| <span class="sourceLineNo">2493</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2493"></a> |
| <span class="sourceLineNo">2494</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2494"></a> |
| <span class="sourceLineNo">2495</span><a name="line.2495"></a> |
| <span class="sourceLineNo">2496</span> // Grant Namespace WRITE permissions to testGrantRevoke<a name="line.2496"></a> |
| <span class="sourceLineNo">2497</span> try {<a name="line.2497"></a> |
| <span class="sourceLineNo">2498</span> grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2498"></a> |
| <span class="sourceLineNo">2499</span> namespace, Permission.Action.WRITE);<a name="line.2499"></a> |
| <span class="sourceLineNo">2500</span> } catch (Throwable e) {<a name="line.2500"></a> |
| <span class="sourceLineNo">2501</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2501"></a> |
| <span class="sourceLineNo">2502</span> }<a name="line.2502"></a> |
| <span class="sourceLineNo">2503</span> verifyAllowed(getAction, testGrantRevoke);<a name="line.2503"></a> |
| <span class="sourceLineNo">2504</span> verifyAllowed(putAction, testGrantRevoke);<a name="line.2504"></a> |
| <span class="sourceLineNo">2505</span><a name="line.2505"></a> |
| <span class="sourceLineNo">2506</span> // Revoke table READ & WRITE permission to testGrantRevoke.<a name="line.2506"></a> |
| <span class="sourceLineNo">2507</span> try {<a name="line.2507"></a> |
| <span class="sourceLineNo">2508</span> revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2508"></a> |
| <span class="sourceLineNo">2509</span> TEST_TABLE.getNamespaceAsString(), Permission.Action.READ, Permission.Action.WRITE);<a name="line.2509"></a> |
| <span class="sourceLineNo">2510</span> } catch (Throwable e) {<a name="line.2510"></a> |
| <span class="sourceLineNo">2511</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2511"></a> |
| <span class="sourceLineNo">2512</span> }<a name="line.2512"></a> |
| <span class="sourceLineNo">2513</span> verifyDenied(getAction, testGrantRevoke);<a name="line.2513"></a> |
| <span class="sourceLineNo">2514</span> verifyDenied(putAction, testGrantRevoke);<a name="line.2514"></a> |
| <span class="sourceLineNo">2515</span> }<a name="line.2515"></a> |
| <span class="sourceLineNo">2516</span><a name="line.2516"></a> |
| <span class="sourceLineNo">2517</span> @Test<a name="line.2517"></a> |
| <span class="sourceLineNo">2518</span> public void testAccessControlClientGrantRevokeOnNamespace() throws Exception {<a name="line.2518"></a> |
| <span class="sourceLineNo">2519</span> // Create user for testing, who has no READ privileges by default.<a name="line.2519"></a> |
| <span class="sourceLineNo">2520</span> User testNS = User.createUserForTesting(conf, "testNS", new String[0]);<a name="line.2520"></a> |
| <span class="sourceLineNo">2521</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2521"></a> |
| <span class="sourceLineNo">2522</span> @Override<a name="line.2522"></a> |
| <span class="sourceLineNo">2523</span> public Object run() throws Exception {<a name="line.2523"></a> |
| <span class="sourceLineNo">2524</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2524"></a> |
| <span class="sourceLineNo">2525</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2525"></a> |
| <span class="sourceLineNo">2526</span> return t.get(new Get(TEST_ROW));<a name="line.2526"></a> |
| <span class="sourceLineNo">2527</span> }<a name="line.2527"></a> |
| <span class="sourceLineNo">2528</span> }<a name="line.2528"></a> |
| <span class="sourceLineNo">2529</span> };<a name="line.2529"></a> |
| <span class="sourceLineNo">2530</span><a name="line.2530"></a> |
| <span class="sourceLineNo">2531</span> verifyDenied(getAction, testNS);<a name="line.2531"></a> |
| <span class="sourceLineNo">2532</span><a name="line.2532"></a> |
| <span class="sourceLineNo">2533</span> String userName = testNS.getShortName();<a name="line.2533"></a> |
| <span class="sourceLineNo">2534</span> String namespace = TEST_TABLE.getNamespaceAsString();<a name="line.2534"></a> |
| <span class="sourceLineNo">2535</span> // Grant namespace READ to testNS, this should supersede any table permissions<a name="line.2535"></a> |
| <span class="sourceLineNo">2536</span> try {<a name="line.2536"></a> |
| <span class="sourceLineNo">2537</span> grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName, namespace,<a name="line.2537"></a> |
| <span class="sourceLineNo">2538</span> Permission.Action.READ);<a name="line.2538"></a> |
| <span class="sourceLineNo">2539</span> } catch (Throwable e) {<a name="line.2539"></a> |
| <span class="sourceLineNo">2540</span> LOG.error("error during call of AccessControlClient.grant. ", e);<a name="line.2540"></a> |
| <span class="sourceLineNo">2541</span> }<a name="line.2541"></a> |
| <span class="sourceLineNo">2542</span> try {<a name="line.2542"></a> |
| <span class="sourceLineNo">2543</span> // Now testNS should be able to read also<a name="line.2543"></a> |
| <span class="sourceLineNo">2544</span> verifyAllowed(getAction, testNS);<a name="line.2544"></a> |
| <span class="sourceLineNo">2545</span> } catch (Exception e) {<a name="line.2545"></a> |
| <span class="sourceLineNo">2546</span> revokeFromNamespace(TEST_UTIL, userName, namespace, Permission.Action.READ);<a name="line.2546"></a> |
| <span class="sourceLineNo">2547</span> throw e;<a name="line.2547"></a> |
| <span class="sourceLineNo">2548</span> }<a name="line.2548"></a> |
| <span class="sourceLineNo">2549</span><a name="line.2549"></a> |
| <span class="sourceLineNo">2550</span> // Revoke namespace READ to testNS, this should supersede any table permissions<a name="line.2550"></a> |
| <span class="sourceLineNo">2551</span> try {<a name="line.2551"></a> |
| <span class="sourceLineNo">2552</span> revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, userName,<a name="line.2552"></a> |
| <span class="sourceLineNo">2553</span> namespace, Permission.Action.READ);<a name="line.2553"></a> |
| <span class="sourceLineNo">2554</span> } catch (Throwable e) {<a name="line.2554"></a> |
| <span class="sourceLineNo">2555</span> LOG.error("error during call of AccessControlClient.revoke ", e);<a name="line.2555"></a> |
| <span class="sourceLineNo">2556</span> }<a name="line.2556"></a> |
| <span class="sourceLineNo">2557</span><a name="line.2557"></a> |
| <span class="sourceLineNo">2558</span> // Now testNS shouldn't be able read<a name="line.2558"></a> |
| <span class="sourceLineNo">2559</span> verifyDenied(getAction, testNS);<a name="line.2559"></a> |
| <span class="sourceLineNo">2560</span> }<a name="line.2560"></a> |
| <span class="sourceLineNo">2561</span><a name="line.2561"></a> |
| <span class="sourceLineNo">2562</span><a name="line.2562"></a> |
| <span class="sourceLineNo">2563</span> public static class PingCoprocessor extends PingService implements RegionCoprocessor {<a name="line.2563"></a> |
| <span class="sourceLineNo">2564</span><a name="line.2564"></a> |
| <span class="sourceLineNo">2565</span> @Override<a name="line.2565"></a> |
| <span class="sourceLineNo">2566</span> public void start(CoprocessorEnvironment env) throws IOException { }<a name="line.2566"></a> |
| <span class="sourceLineNo">2567</span><a name="line.2567"></a> |
| <span class="sourceLineNo">2568</span> @Override<a name="line.2568"></a> |
| <span class="sourceLineNo">2569</span> public void stop(CoprocessorEnvironment env) throws IOException { }<a name="line.2569"></a> |
| <span class="sourceLineNo">2570</span><a name="line.2570"></a> |
| <span class="sourceLineNo">2571</span> @Override<a name="line.2571"></a> |
| <span class="sourceLineNo">2572</span> public Iterable<Service> getServices() {<a name="line.2572"></a> |
| <span class="sourceLineNo">2573</span> return Collections.singleton(this);<a name="line.2573"></a> |
| <span class="sourceLineNo">2574</span> }<a name="line.2574"></a> |
| <span class="sourceLineNo">2575</span><a name="line.2575"></a> |
| <span class="sourceLineNo">2576</span> @Override<a name="line.2576"></a> |
| <span class="sourceLineNo">2577</span> public void ping(RpcController controller, PingRequest request,<a name="line.2577"></a> |
| <span class="sourceLineNo">2578</span> RpcCallback<PingResponse> callback) {<a name="line.2578"></a> |
| <span class="sourceLineNo">2579</span> callback.run(PingResponse.newBuilder().setPong("Pong!").build());<a name="line.2579"></a> |
| <span class="sourceLineNo">2580</span> }<a name="line.2580"></a> |
| <span class="sourceLineNo">2581</span><a name="line.2581"></a> |
| <span class="sourceLineNo">2582</span> @Override<a name="line.2582"></a> |
| <span class="sourceLineNo">2583</span> public void count(RpcController controller, CountRequest request,<a name="line.2583"></a> |
| <span class="sourceLineNo">2584</span> RpcCallback<CountResponse> callback) {<a name="line.2584"></a> |
| <span class="sourceLineNo">2585</span> callback.run(CountResponse.newBuilder().build());<a name="line.2585"></a> |
| <span class="sourceLineNo">2586</span> }<a name="line.2586"></a> |
| <span class="sourceLineNo">2587</span><a name="line.2587"></a> |
| <span class="sourceLineNo">2588</span> @Override<a name="line.2588"></a> |
| <span class="sourceLineNo">2589</span> public void increment(RpcController controller, IncrementCountRequest requet,<a name="line.2589"></a> |
| <span class="sourceLineNo">2590</span> RpcCallback<IncrementCountResponse> callback) {<a name="line.2590"></a> |
| <span class="sourceLineNo">2591</span> callback.run(IncrementCountResponse.newBuilder().build());<a name="line.2591"></a> |
| <span class="sourceLineNo">2592</span> }<a name="line.2592"></a> |
| <span class="sourceLineNo">2593</span><a name="line.2593"></a> |
| <span class="sourceLineNo">2594</span> @Override<a name="line.2594"></a> |
| <span class="sourceLineNo">2595</span> public void hello(RpcController controller, HelloRequest request,<a name="line.2595"></a> |
| <span class="sourceLineNo">2596</span> RpcCallback<HelloResponse> callback) {<a name="line.2596"></a> |
| <span class="sourceLineNo">2597</span> callback.run(HelloResponse.newBuilder().setResponse("Hello!").build());<a name="line.2597"></a> |
| <span class="sourceLineNo">2598</span> }<a name="line.2598"></a> |
| <span class="sourceLineNo">2599</span><a name="line.2599"></a> |
| <span class="sourceLineNo">2600</span> @Override<a name="line.2600"></a> |
| <span class="sourceLineNo">2601</span> public void noop(RpcController controller, NoopRequest request,<a name="line.2601"></a> |
| <span class="sourceLineNo">2602</span> RpcCallback<NoopResponse> callback) {<a name="line.2602"></a> |
| <span class="sourceLineNo">2603</span> callback.run(NoopResponse.newBuilder().build());<a name="line.2603"></a> |
| <span class="sourceLineNo">2604</span> }<a name="line.2604"></a> |
| <span class="sourceLineNo">2605</span> }<a name="line.2605"></a> |
| <span class="sourceLineNo">2606</span><a name="line.2606"></a> |
| <span class="sourceLineNo">2607</span> @Test<a name="line.2607"></a> |
| <span class="sourceLineNo">2608</span> public void testCoprocessorExec() throws Exception {<a name="line.2608"></a> |
| <span class="sourceLineNo">2609</span> // Set up our ping endpoint service on all regions of our test table<a name="line.2609"></a> |
| <span class="sourceLineNo">2610</span> for (JVMClusterUtil.RegionServerThread thread:<a name="line.2610"></a> |
| <span class="sourceLineNo">2611</span> TEST_UTIL.getMiniHBaseCluster().getRegionServerThreads()) {<a name="line.2611"></a> |
| <span class="sourceLineNo">2612</span> HRegionServer rs = thread.getRegionServer();<a name="line.2612"></a> |
| <span class="sourceLineNo">2613</span> for (HRegion region: rs.getRegions(TEST_TABLE)) {<a name="line.2613"></a> |
| <span class="sourceLineNo">2614</span> region.getCoprocessorHost().load(PingCoprocessor.class,<a name="line.2614"></a> |
| <span class="sourceLineNo">2615</span> Coprocessor.PRIORITY_USER, conf);<a name="line.2615"></a> |
| <span class="sourceLineNo">2616</span> }<a name="line.2616"></a> |
| <span class="sourceLineNo">2617</span> }<a name="line.2617"></a> |
| <span class="sourceLineNo">2618</span><a name="line.2618"></a> |
| <span class="sourceLineNo">2619</span> // Create users for testing, and grant EXEC privileges on our test table<a name="line.2619"></a> |
| <span class="sourceLineNo">2620</span> // only to user A<a name="line.2620"></a> |
| <span class="sourceLineNo">2621</span> User userA = User.createUserForTesting(conf, "UserA", new String[0]);<a name="line.2621"></a> |
| <span class="sourceLineNo">2622</span> User userB = User.createUserForTesting(conf, "UserB", new String[0]);<a name="line.2622"></a> |
| <span class="sourceLineNo">2623</span><a name="line.2623"></a> |
| <span class="sourceLineNo">2624</span> grantOnTable(TEST_UTIL, userA.getShortName(),<a name="line.2624"></a> |
| <span class="sourceLineNo">2625</span> TEST_TABLE, null, null,<a name="line.2625"></a> |
| <span class="sourceLineNo">2626</span> Permission.Action.EXEC);<a name="line.2626"></a> |
| <span class="sourceLineNo">2627</span> try {<a name="line.2627"></a> |
| <span class="sourceLineNo">2628</span> // Create an action for invoking our test endpoint<a name="line.2628"></a> |
| <span class="sourceLineNo">2629</span> AccessTestAction execEndpointAction = new AccessTestAction() {<a name="line.2629"></a> |
| <span class="sourceLineNo">2630</span> @Override<a name="line.2630"></a> |
| <span class="sourceLineNo">2631</span> public Object run() throws Exception {<a name="line.2631"></a> |
| <span class="sourceLineNo">2632</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2632"></a> |
| <span class="sourceLineNo">2633</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2633"></a> |
| <span class="sourceLineNo">2634</span> BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);<a name="line.2634"></a> |
| <span class="sourceLineNo">2635</span> PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build());<a name="line.2635"></a> |
| <span class="sourceLineNo">2636</span> }<a name="line.2636"></a> |
| <span class="sourceLineNo">2637</span> return null;<a name="line.2637"></a> |
| <span class="sourceLineNo">2638</span> }<a name="line.2638"></a> |
| <span class="sourceLineNo">2639</span> };<a name="line.2639"></a> |
| <span class="sourceLineNo">2640</span><a name="line.2640"></a> |
| <span class="sourceLineNo">2641</span> String namespace = TEST_TABLE.getNamespaceAsString();<a name="line.2641"></a> |
| <span class="sourceLineNo">2642</span> // Now grant EXEC to the entire namespace to user B<a name="line.2642"></a> |
| <span class="sourceLineNo">2643</span> grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);<a name="line.2643"></a> |
| <span class="sourceLineNo">2644</span> // User B should now be allowed also<a name="line.2644"></a> |
| <span class="sourceLineNo">2645</span> verifyAllowed(execEndpointAction, userA, userB);<a name="line.2645"></a> |
| <span class="sourceLineNo">2646</span><a name="line.2646"></a> |
| <span class="sourceLineNo">2647</span> revokeFromNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC);<a name="line.2647"></a> |
| <span class="sourceLineNo">2648</span> // Verify that EXEC permission is checked correctly<a name="line.2648"></a> |
| <span class="sourceLineNo">2649</span> verifyDenied(execEndpointAction, userB);<a name="line.2649"></a> |
| <span class="sourceLineNo">2650</span> verifyAllowed(execEndpointAction, userA);<a name="line.2650"></a> |
| <span class="sourceLineNo">2651</span> } finally {<a name="line.2651"></a> |
| <span class="sourceLineNo">2652</span> // Cleanup, revoke the userA privileges<a name="line.2652"></a> |
| <span class="sourceLineNo">2653</span> revokeFromTable(TEST_UTIL, userA.getShortName(), TEST_TABLE, null, null,<a name="line.2653"></a> |
| <span class="sourceLineNo">2654</span> Permission.Action.EXEC);<a name="line.2654"></a> |
| <span class="sourceLineNo">2655</span> }<a name="line.2655"></a> |
| <span class="sourceLineNo">2656</span> }<a name="line.2656"></a> |
| <span class="sourceLineNo">2657</span><a name="line.2657"></a> |
| <span class="sourceLineNo">2658</span> @Test<a name="line.2658"></a> |
| <span class="sourceLineNo">2659</span> public void testSetQuota() throws Exception {<a name="line.2659"></a> |
| <span class="sourceLineNo">2660</span> AccessTestAction setUserQuotaAction = new AccessTestAction() {<a name="line.2660"></a> |
| <span class="sourceLineNo">2661</span> @Override<a name="line.2661"></a> |
| <span class="sourceLineNo">2662</span> public Object run() throws Exception {<a name="line.2662"></a> |
| <span class="sourceLineNo">2663</span> ACCESS_CONTROLLER.preSetUserQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2663"></a> |
| <span class="sourceLineNo">2664</span> null, null);<a name="line.2664"></a> |
| <span class="sourceLineNo">2665</span> return null;<a name="line.2665"></a> |
| <span class="sourceLineNo">2666</span> }<a name="line.2666"></a> |
| <span class="sourceLineNo">2667</span> };<a name="line.2667"></a> |
| <span class="sourceLineNo">2668</span><a name="line.2668"></a> |
| <span class="sourceLineNo">2669</span> AccessTestAction setUserTableQuotaAction = new AccessTestAction() {<a name="line.2669"></a> |
| <span class="sourceLineNo">2670</span> @Override<a name="line.2670"></a> |
| <span class="sourceLineNo">2671</span> public Object run() throws Exception {<a name="line.2671"></a> |
| <span class="sourceLineNo">2672</span> ACCESS_CONTROLLER.preSetUserQuota(ObserverContextImpl.createAndPrepare(CP_ENV), null,<a name="line.2672"></a> |
| <span class="sourceLineNo">2673</span> TEST_TABLE, null);<a name="line.2673"></a> |
| <span class="sourceLineNo">2674</span> return null;<a name="line.2674"></a> |
| <span class="sourceLineNo">2675</span> }<a name="line.2675"></a> |
| <span class="sourceLineNo">2676</span> };<a name="line.2676"></a> |
| <span class="sourceLineNo">2677</span><a name="line.2677"></a> |
| <span class="sourceLineNo">2678</span> AccessTestAction setUserNamespaceQuotaAction = new AccessTestAction() {<a name="line.2678"></a> |
| <span class="sourceLineNo">2679</span> @Override<a name="line.2679"></a> |
| <span class="sourceLineNo">2680</span> public Object run() throws Exception {<a name="line.2680"></a> |
| <span class="sourceLineNo">2681</span> ACCESS_CONTROLLER.preSetUserQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2681"></a> |
| <span class="sourceLineNo">2682</span> null, (String)null, null);<a name="line.2682"></a> |
| <span class="sourceLineNo">2683</span> return null;<a name="line.2683"></a> |
| <span class="sourceLineNo">2684</span> }<a name="line.2684"></a> |
| <span class="sourceLineNo">2685</span> };<a name="line.2685"></a> |
| <span class="sourceLineNo">2686</span><a name="line.2686"></a> |
| <span class="sourceLineNo">2687</span> AccessTestAction setTableQuotaAction = new AccessTestAction() {<a name="line.2687"></a> |
| <span class="sourceLineNo">2688</span> @Override<a name="line.2688"></a> |
| <span class="sourceLineNo">2689</span> public Object run() throws Exception {<a name="line.2689"></a> |
| <span class="sourceLineNo">2690</span> ACCESS_CONTROLLER.preSetTableQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2690"></a> |
| <span class="sourceLineNo">2691</span> TEST_TABLE, null);<a name="line.2691"></a> |
| <span class="sourceLineNo">2692</span> return null;<a name="line.2692"></a> |
| <span class="sourceLineNo">2693</span> }<a name="line.2693"></a> |
| <span class="sourceLineNo">2694</span> };<a name="line.2694"></a> |
| <span class="sourceLineNo">2695</span><a name="line.2695"></a> |
| <span class="sourceLineNo">2696</span> AccessTestAction setNamespaceQuotaAction = new AccessTestAction() {<a name="line.2696"></a> |
| <span class="sourceLineNo">2697</span> @Override<a name="line.2697"></a> |
| <span class="sourceLineNo">2698</span> public Object run() throws Exception {<a name="line.2698"></a> |
| <span class="sourceLineNo">2699</span> ACCESS_CONTROLLER.preSetNamespaceQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2699"></a> |
| <span class="sourceLineNo">2700</span> null, null);<a name="line.2700"></a> |
| <span class="sourceLineNo">2701</span> return null;<a name="line.2701"></a> |
| <span class="sourceLineNo">2702</span> }<a name="line.2702"></a> |
| <span class="sourceLineNo">2703</span> };<a name="line.2703"></a> |
| <span class="sourceLineNo">2704</span><a name="line.2704"></a> |
| <span class="sourceLineNo">2705</span> AccessTestAction setRegionServerQuotaAction = new AccessTestAction() {<a name="line.2705"></a> |
| <span class="sourceLineNo">2706</span> @Override<a name="line.2706"></a> |
| <span class="sourceLineNo">2707</span> public Object run() throws Exception {<a name="line.2707"></a> |
| <span class="sourceLineNo">2708</span> ACCESS_CONTROLLER.preSetRegionServerQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2708"></a> |
| <span class="sourceLineNo">2709</span> null, null);<a name="line.2709"></a> |
| <span class="sourceLineNo">2710</span> return null;<a name="line.2710"></a> |
| <span class="sourceLineNo">2711</span> }<a name="line.2711"></a> |
| <span class="sourceLineNo">2712</span> };<a name="line.2712"></a> |
| <span class="sourceLineNo">2713</span><a name="line.2713"></a> |
| <span class="sourceLineNo">2714</span> verifyAllowed(setUserQuotaAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2714"></a> |
| <span class="sourceLineNo">2715</span> verifyDenied(setUserQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2715"></a> |
| <span class="sourceLineNo">2716</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2716"></a> |
| <span class="sourceLineNo">2717</span><a name="line.2717"></a> |
| <span class="sourceLineNo">2718</span> verifyAllowed(setUserTableQuotaAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2718"></a> |
| <span class="sourceLineNo">2719</span> verifyDenied(setUserTableQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE,<a name="line.2719"></a> |
| <span class="sourceLineNo">2720</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2720"></a> |
| <span class="sourceLineNo">2721</span><a name="line.2721"></a> |
| <span class="sourceLineNo">2722</span> verifyAllowed(setUserNamespaceQuotaAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2722"></a> |
| <span class="sourceLineNo">2723</span> verifyDenied(setUserNamespaceQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2723"></a> |
| <span class="sourceLineNo">2724</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2724"></a> |
| <span class="sourceLineNo">2725</span><a name="line.2725"></a> |
| <span class="sourceLineNo">2726</span> verifyAllowed(setTableQuotaAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2726"></a> |
| <span class="sourceLineNo">2727</span> verifyDenied(setTableQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE);<a name="line.2727"></a> |
| <span class="sourceLineNo">2728</span><a name="line.2728"></a> |
| <span class="sourceLineNo">2729</span> verifyAllowed(setNamespaceQuotaAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2729"></a> |
| <span class="sourceLineNo">2730</span> verifyDenied(setNamespaceQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2730"></a> |
| <span class="sourceLineNo">2731</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2731"></a> |
| <span class="sourceLineNo">2732</span><a name="line.2732"></a> |
| <span class="sourceLineNo">2733</span> verifyAllowed(setRegionServerQuotaAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2733"></a> |
| <span class="sourceLineNo">2734</span> verifyDenied(setRegionServerQuotaAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2734"></a> |
| <span class="sourceLineNo">2735</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2735"></a> |
| <span class="sourceLineNo">2736</span> }<a name="line.2736"></a> |
| <span class="sourceLineNo">2737</span><a name="line.2737"></a> |
| <span class="sourceLineNo">2738</span> @Test<a name="line.2738"></a> |
| <span class="sourceLineNo">2739</span> public void testGetNamespacePermission() throws Exception {<a name="line.2739"></a> |
| <span class="sourceLineNo">2740</span> String namespace = "testGetNamespacePermission";<a name="line.2740"></a> |
| <span class="sourceLineNo">2741</span> NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();<a name="line.2741"></a> |
| <span class="sourceLineNo">2742</span> createNamespace(TEST_UTIL, desc);<a name="line.2742"></a> |
| <span class="sourceLineNo">2743</span> grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);<a name="line.2743"></a> |
| <span class="sourceLineNo">2744</span><a name="line.2744"></a> |
| <span class="sourceLineNo">2745</span> // Test 1: A specific namespace<a name="line.2745"></a> |
| <span class="sourceLineNo">2746</span> getNamespacePermissionsAndVerify(namespace, 1, namespace);<a name="line.2746"></a> |
| <span class="sourceLineNo">2747</span><a name="line.2747"></a> |
| <span class="sourceLineNo">2748</span> // Test 2: '@.*'<a name="line.2748"></a> |
| <span class="sourceLineNo">2749</span> getNamespacePermissionsAndVerify(".*", 1, namespace);<a name="line.2749"></a> |
| <span class="sourceLineNo">2750</span><a name="line.2750"></a> |
| <span class="sourceLineNo">2751</span> // Test 3: A more complex regex<a name="line.2751"></a> |
| <span class="sourceLineNo">2752</span> getNamespacePermissionsAndVerify("^test[a-zA-Z]*", 1, namespace);<a name="line.2752"></a> |
| <span class="sourceLineNo">2753</span><a name="line.2753"></a> |
| <span class="sourceLineNo">2754</span> deleteNamespace(TEST_UTIL, namespace);<a name="line.2754"></a> |
| <span class="sourceLineNo">2755</span> }<a name="line.2755"></a> |
| <span class="sourceLineNo">2756</span><a name="line.2756"></a> |
| <span class="sourceLineNo">2757</span> /**<a name="line.2757"></a> |
| <span class="sourceLineNo">2758</span> * List all user permissions match the given regular expression for namespace<a name="line.2758"></a> |
| <span class="sourceLineNo">2759</span> * and verify each of them.<a name="line.2759"></a> |
| <span class="sourceLineNo">2760</span> * @param namespaceRegexWithoutPrefix the regualar expression for namespace, without NAMESPACE_PREFIX<a name="line.2760"></a> |
| <span class="sourceLineNo">2761</span> * @param expectedAmount the expected amount of user permissions returned<a name="line.2761"></a> |
| <span class="sourceLineNo">2762</span> * @param expectedNamespace the expected namespace of each user permission returned<a name="line.2762"></a> |
| <span class="sourceLineNo">2763</span> * @throws HBaseException in the case of any HBase exception when accessing hbase:acl table<a name="line.2763"></a> |
| <span class="sourceLineNo">2764</span> */<a name="line.2764"></a> |
| <span class="sourceLineNo">2765</span> private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix,<a name="line.2765"></a> |
| <span class="sourceLineNo">2766</span> int expectedAmount, String expectedNamespace) throws HBaseException {<a name="line.2766"></a> |
| <span class="sourceLineNo">2767</span> try {<a name="line.2767"></a> |
| <span class="sourceLineNo">2768</span> List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(<a name="line.2768"></a> |
| <span class="sourceLineNo">2769</span> systemUserConnection, PermissionStorage.toNamespaceEntry(namespaceRegexWithoutPrefix));<a name="line.2769"></a> |
| <span class="sourceLineNo">2770</span> assertTrue(namespacePermissions != null);<a name="line.2770"></a> |
| <span class="sourceLineNo">2771</span> assertEquals(expectedAmount, namespacePermissions.size());<a name="line.2771"></a> |
| <span class="sourceLineNo">2772</span> for (UserPermission namespacePermission : namespacePermissions) {<a name="line.2772"></a> |
| <span class="sourceLineNo">2773</span> // Verify it is not a global user permission<a name="line.2773"></a> |
| <span class="sourceLineNo">2774</span> assertFalse(namespacePermission.getAccessScope() == Permission.Scope.GLOBAL);<a name="line.2774"></a> |
| <span class="sourceLineNo">2775</span> // Verify namespace is set<a name="line.2775"></a> |
| <span class="sourceLineNo">2776</span> NamespacePermission nsPerm = (NamespacePermission) namespacePermission.getPermission();<a name="line.2776"></a> |
| <span class="sourceLineNo">2777</span> assertEquals(expectedNamespace, nsPerm.getNamespace());<a name="line.2777"></a> |
| <span class="sourceLineNo">2778</span> }<a name="line.2778"></a> |
| <span class="sourceLineNo">2779</span> } catch (Throwable thw) {<a name="line.2779"></a> |
| <span class="sourceLineNo">2780</span> throw new HBaseException(thw);<a name="line.2780"></a> |
| <span class="sourceLineNo">2781</span> }<a name="line.2781"></a> |
| <span class="sourceLineNo">2782</span> }<a name="line.2782"></a> |
| <span class="sourceLineNo">2783</span><a name="line.2783"></a> |
| <span class="sourceLineNo">2784</span> @Test<a name="line.2784"></a> |
| <span class="sourceLineNo">2785</span> public void testTruncatePerms() throws Exception {<a name="line.2785"></a> |
| <span class="sourceLineNo">2786</span> try {<a name="line.2786"></a> |
| <span class="sourceLineNo">2787</span> List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(<a name="line.2787"></a> |
| <span class="sourceLineNo">2788</span> systemUserConnection, TEST_TABLE.getNameAsString());<a name="line.2788"></a> |
| <span class="sourceLineNo">2789</span> assertTrue(existingPerms != null);<a name="line.2789"></a> |
| <span class="sourceLineNo">2790</span> assertTrue(existingPerms.size() > 1);<a name="line.2790"></a> |
| <span class="sourceLineNo">2791</span> TEST_UTIL.getAdmin().disableTable(TEST_TABLE);<a name="line.2791"></a> |
| <span class="sourceLineNo">2792</span> TEST_UTIL.truncateTable(TEST_TABLE);<a name="line.2792"></a> |
| <span class="sourceLineNo">2793</span> TEST_UTIL.waitTableAvailable(TEST_TABLE);<a name="line.2793"></a> |
| <span class="sourceLineNo">2794</span> List<UserPermission> perms = AccessControlClient.getUserPermissions(<a name="line.2794"></a> |
| <span class="sourceLineNo">2795</span> systemUserConnection, TEST_TABLE.getNameAsString());<a name="line.2795"></a> |
| <span class="sourceLineNo">2796</span> assertTrue(perms != null);<a name="line.2796"></a> |
| <span class="sourceLineNo">2797</span> assertEquals(existingPerms.size(), perms.size());<a name="line.2797"></a> |
| <span class="sourceLineNo">2798</span> } catch (Throwable e) {<a name="line.2798"></a> |
| <span class="sourceLineNo">2799</span> throw new HBaseIOException(e);<a name="line.2799"></a> |
| <span class="sourceLineNo">2800</span> }<a name="line.2800"></a> |
| <span class="sourceLineNo">2801</span> }<a name="line.2801"></a> |
| <span class="sourceLineNo">2802</span><a name="line.2802"></a> |
| <span class="sourceLineNo">2803</span> private PrivilegedAction<List<UserPermission>> getPrivilegedAction(final String regex) {<a name="line.2803"></a> |
| <span class="sourceLineNo">2804</span> return new PrivilegedAction<List<UserPermission>>() {<a name="line.2804"></a> |
| <span class="sourceLineNo">2805</span> @Override<a name="line.2805"></a> |
| <span class="sourceLineNo">2806</span> public List<UserPermission> run() {<a name="line.2806"></a> |
| <span class="sourceLineNo">2807</span> try(Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.2807"></a> |
| <span class="sourceLineNo">2808</span> return AccessControlClient.getUserPermissions(conn, regex);<a name="line.2808"></a> |
| <span class="sourceLineNo">2809</span> } catch (Throwable e) {<a name="line.2809"></a> |
| <span class="sourceLineNo">2810</span> LOG.error("error during call of AccessControlClient.getUserPermissions.", e);<a name="line.2810"></a> |
| <span class="sourceLineNo">2811</span> return null;<a name="line.2811"></a> |
| <span class="sourceLineNo">2812</span> }<a name="line.2812"></a> |
| <span class="sourceLineNo">2813</span> }<a name="line.2813"></a> |
| <span class="sourceLineNo">2814</span> };<a name="line.2814"></a> |
| <span class="sourceLineNo">2815</span> }<a name="line.2815"></a> |
| <span class="sourceLineNo">2816</span><a name="line.2816"></a> |
| <span class="sourceLineNo">2817</span> @Test<a name="line.2817"></a> |
| <span class="sourceLineNo">2818</span> public void testAccessControlClientUserPerms() throws Exception {<a name="line.2818"></a> |
| <span class="sourceLineNo">2819</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.2819"></a> |
| <span class="sourceLineNo">2820</span> createTestTable(tableName);<a name="line.2820"></a> |
| <span class="sourceLineNo">2821</span> try {<a name="line.2821"></a> |
| <span class="sourceLineNo">2822</span> final String regex = tableName.getNameWithNamespaceInclAsString();<a name="line.2822"></a> |
| <span class="sourceLineNo">2823</span> User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]);<a name="line.2823"></a> |
| <span class="sourceLineNo">2824</span> assertEquals(0, testUserPerms.runAs(getPrivilegedAction(regex)).size());<a name="line.2824"></a> |
| <span class="sourceLineNo">2825</span> // Grant TABLE ADMIN privs to testUserPerms<a name="line.2825"></a> |
| <span class="sourceLineNo">2826</span> grantOnTable(TEST_UTIL, testUserPerms.getShortName(), tableName, null, null, Action.ADMIN);<a name="line.2826"></a> |
| <span class="sourceLineNo">2827</span> List<UserPermission> perms = testUserPerms.runAs(getPrivilegedAction(regex));<a name="line.2827"></a> |
| <span class="sourceLineNo">2828</span> assertNotNull(perms);<a name="line.2828"></a> |
| <span class="sourceLineNo">2829</span> // Superuser, testUserPerms<a name="line.2829"></a> |
| <span class="sourceLineNo">2830</span> assertEquals(2, perms.size());<a name="line.2830"></a> |
| <span class="sourceLineNo">2831</span> } finally {<a name="line.2831"></a> |
| <span class="sourceLineNo">2832</span> deleteTable(TEST_UTIL, tableName);<a name="line.2832"></a> |
| <span class="sourceLineNo">2833</span> }<a name="line.2833"></a> |
| <span class="sourceLineNo">2834</span> }<a name="line.2834"></a> |
| <span class="sourceLineNo">2835</span><a name="line.2835"></a> |
| <span class="sourceLineNo">2836</span> @Test<a name="line.2836"></a> |
| <span class="sourceLineNo">2837</span> public void testAccessControllerUserPermsRegexHandling() throws Exception {<a name="line.2837"></a> |
| <span class="sourceLineNo">2838</span> User testRegexHandler = User.createUserForTesting(conf, "testRegexHandling", new String[0]);<a name="line.2838"></a> |
| <span class="sourceLineNo">2839</span><a name="line.2839"></a> |
| <span class="sourceLineNo">2840</span> final String REGEX_ALL_TABLES = ".*";<a name="line.2840"></a> |
| <span class="sourceLineNo">2841</span> final String tableName = name.getMethodName();<a name="line.2841"></a> |
| <span class="sourceLineNo">2842</span> final TableName table1 = TableName.valueOf(tableName);<a name="line.2842"></a> |
| <span class="sourceLineNo">2843</span> final byte[] family = Bytes.toBytes("f1");<a name="line.2843"></a> |
| <span class="sourceLineNo">2844</span><a name="line.2844"></a> |
| <span class="sourceLineNo">2845</span> // create table in default ns<a name="line.2845"></a> |
| <span class="sourceLineNo">2846</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(table1)<a name="line.2846"></a> |
| <span class="sourceLineNo">2847</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family)).build();<a name="line.2847"></a> |
| <span class="sourceLineNo">2848</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.2848"></a> |
| <span class="sourceLineNo">2849</span><a name="line.2849"></a> |
| <span class="sourceLineNo">2850</span> // creating the ns and table in it<a name="line.2850"></a> |
| <span class="sourceLineNo">2851</span> String ns = "testNamespace";<a name="line.2851"></a> |
| <span class="sourceLineNo">2852</span> NamespaceDescriptor desc = NamespaceDescriptor.create(ns).build();<a name="line.2852"></a> |
| <span class="sourceLineNo">2853</span> final TableName table2 = TableName.valueOf(ns, tableName);<a name="line.2853"></a> |
| <span class="sourceLineNo">2854</span> createNamespace(TEST_UTIL, desc);<a name="line.2854"></a> |
| <span class="sourceLineNo">2855</span> tableDescriptor = TableDescriptorBuilder.newBuilder(table2)<a name="line.2855"></a> |
| <span class="sourceLineNo">2856</span> .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family)).build();<a name="line.2856"></a> |
| <span class="sourceLineNo">2857</span> createTable(TEST_UTIL, tableDescriptor);<a name="line.2857"></a> |
| <span class="sourceLineNo">2858</span><a name="line.2858"></a> |
| <span class="sourceLineNo">2859</span> // Verify that we can read sys-tables<a name="line.2859"></a> |
| <span class="sourceLineNo">2860</span> String aclTableName = PermissionStorage.ACL_TABLE_NAME.getNameAsString();<a name="line.2860"></a> |
| <span class="sourceLineNo">2861</span> assertEquals(5, SUPERUSER.runAs(getPrivilegedAction(aclTableName)).size());<a name="line.2861"></a> |
| <span class="sourceLineNo">2862</span> assertEquals(0, testRegexHandler.runAs(getPrivilegedAction(aclTableName)).size());<a name="line.2862"></a> |
| <span class="sourceLineNo">2863</span><a name="line.2863"></a> |
| <span class="sourceLineNo">2864</span> // Grant TABLE ADMIN privs to testUserPerms<a name="line.2864"></a> |
| <span class="sourceLineNo">2865</span> assertEquals(0, testRegexHandler.runAs(getPrivilegedAction(REGEX_ALL_TABLES)).size());<a name="line.2865"></a> |
| <span class="sourceLineNo">2866</span> grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table1, null, null, Action.ADMIN);<a name="line.2866"></a> |
| <span class="sourceLineNo">2867</span> assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(REGEX_ALL_TABLES)).size());<a name="line.2867"></a> |
| <span class="sourceLineNo">2868</span> grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table2, null, null, Action.ADMIN);<a name="line.2868"></a> |
| <span class="sourceLineNo">2869</span> assertEquals(4, testRegexHandler.runAs(getPrivilegedAction(REGEX_ALL_TABLES)).size());<a name="line.2869"></a> |
| <span class="sourceLineNo">2870</span><a name="line.2870"></a> |
| <span class="sourceLineNo">2871</span> // USER_ADMIN, testUserPerms must have a row each.<a name="line.2871"></a> |
| <span class="sourceLineNo">2872</span> assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(tableName)).size());<a name="line.2872"></a> |
| <span class="sourceLineNo">2873</span> assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(<a name="line.2873"></a> |
| <span class="sourceLineNo">2874</span> NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR + TableName.NAMESPACE_DELIM + tableName)<a name="line.2874"></a> |
| <span class="sourceLineNo">2875</span> ).size());<a name="line.2875"></a> |
| <span class="sourceLineNo">2876</span> assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(<a name="line.2876"></a> |
| <span class="sourceLineNo">2877</span> ns + TableName.NAMESPACE_DELIM + tableName)).size());<a name="line.2877"></a> |
| <span class="sourceLineNo">2878</span> assertEquals(0, testRegexHandler.runAs(getPrivilegedAction("notMatchingAny")).size());<a name="line.2878"></a> |
| <span class="sourceLineNo">2879</span><a name="line.2879"></a> |
| <span class="sourceLineNo">2880</span> deleteTable(TEST_UTIL, table1);<a name="line.2880"></a> |
| <span class="sourceLineNo">2881</span> deleteTable(TEST_UTIL, table2);<a name="line.2881"></a> |
| <span class="sourceLineNo">2882</span> deleteNamespace(TEST_UTIL, ns);<a name="line.2882"></a> |
| <span class="sourceLineNo">2883</span> }<a name="line.2883"></a> |
| <span class="sourceLineNo">2884</span><a name="line.2884"></a> |
| <span class="sourceLineNo">2885</span> private void verifyAnyCreate(AccessTestAction action) throws Exception {<a name="line.2885"></a> |
| <span class="sourceLineNo">2886</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_ADMIN_CF,<a name="line.2886"></a> |
| <span class="sourceLineNo">2887</span> USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.2887"></a> |
| <span class="sourceLineNo">2888</span> verifyDenied(action, USER_NONE, USER_RO, USER_RW, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.2888"></a> |
| <span class="sourceLineNo">2889</span> }<a name="line.2889"></a> |
| <span class="sourceLineNo">2890</span><a name="line.2890"></a> |
| <span class="sourceLineNo">2891</span> @Test<a name="line.2891"></a> |
| <span class="sourceLineNo">2892</span> public void testPrepareAndCleanBulkLoad() throws Exception {<a name="line.2892"></a> |
| <span class="sourceLineNo">2893</span> AccessTestAction prepareBulkLoadAction = new AccessTestAction() {<a name="line.2893"></a> |
| <span class="sourceLineNo">2894</span> @Override<a name="line.2894"></a> |
| <span class="sourceLineNo">2895</span> public Object run() throws Exception {<a name="line.2895"></a> |
| <span class="sourceLineNo">2896</span> ACCESS_CONTROLLER.prePrepareBulkLoad(ObserverContextImpl.createAndPrepare(RCP_ENV));<a name="line.2896"></a> |
| <span class="sourceLineNo">2897</span> return null;<a name="line.2897"></a> |
| <span class="sourceLineNo">2898</span> }<a name="line.2898"></a> |
| <span class="sourceLineNo">2899</span> };<a name="line.2899"></a> |
| <span class="sourceLineNo">2900</span> AccessTestAction cleanupBulkLoadAction = new AccessTestAction() {<a name="line.2900"></a> |
| <span class="sourceLineNo">2901</span> @Override<a name="line.2901"></a> |
| <span class="sourceLineNo">2902</span> public Object run() throws Exception {<a name="line.2902"></a> |
| <span class="sourceLineNo">2903</span> ACCESS_CONTROLLER.preCleanupBulkLoad(ObserverContextImpl.createAndPrepare(RCP_ENV));<a name="line.2903"></a> |
| <span class="sourceLineNo">2904</span> return null;<a name="line.2904"></a> |
| <span class="sourceLineNo">2905</span> }<a name="line.2905"></a> |
| <span class="sourceLineNo">2906</span> };<a name="line.2906"></a> |
| <span class="sourceLineNo">2907</span> verifyAnyCreate(prepareBulkLoadAction);<a name="line.2907"></a> |
| <span class="sourceLineNo">2908</span> verifyAnyCreate(cleanupBulkLoadAction);<a name="line.2908"></a> |
| <span class="sourceLineNo">2909</span> }<a name="line.2909"></a> |
| <span class="sourceLineNo">2910</span><a name="line.2910"></a> |
| <span class="sourceLineNo">2911</span> @Test<a name="line.2911"></a> |
| <span class="sourceLineNo">2912</span> public void testReplicateLogEntries() throws Exception {<a name="line.2912"></a> |
| <span class="sourceLineNo">2913</span> AccessTestAction replicateLogEntriesAction = new AccessTestAction() {<a name="line.2913"></a> |
| <span class="sourceLineNo">2914</span> @Override<a name="line.2914"></a> |
| <span class="sourceLineNo">2915</span> public Object run() throws Exception {<a name="line.2915"></a> |
| <span class="sourceLineNo">2916</span> ACCESS_CONTROLLER.preReplicateLogEntries(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.2916"></a> |
| <span class="sourceLineNo">2917</span> ACCESS_CONTROLLER.postReplicateLogEntries(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.2917"></a> |
| <span class="sourceLineNo">2918</span> return null;<a name="line.2918"></a> |
| <span class="sourceLineNo">2919</span> }<a name="line.2919"></a> |
| <span class="sourceLineNo">2920</span> };<a name="line.2920"></a> |
| <span class="sourceLineNo">2921</span><a name="line.2921"></a> |
| <span class="sourceLineNo">2922</span> verifyAllowed(replicateLogEntriesAction, SUPERUSER, USER_ADMIN, USER_GROUP_WRITE);<a name="line.2922"></a> |
| <span class="sourceLineNo">2923</span> verifyDenied(replicateLogEntriesAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2923"></a> |
| <span class="sourceLineNo">2924</span> USER_GROUP_READ, USER_GROUP_ADMIN, USER_GROUP_CREATE);<a name="line.2924"></a> |
| <span class="sourceLineNo">2925</span> }<a name="line.2925"></a> |
| <span class="sourceLineNo">2926</span><a name="line.2926"></a> |
| <span class="sourceLineNo">2927</span> @Test<a name="line.2927"></a> |
| <span class="sourceLineNo">2928</span> public void testAddReplicationPeer() throws Exception {<a name="line.2928"></a> |
| <span class="sourceLineNo">2929</span> AccessTestAction action = new AccessTestAction() {<a name="line.2929"></a> |
| <span class="sourceLineNo">2930</span> @Override<a name="line.2930"></a> |
| <span class="sourceLineNo">2931</span> public Object run() throws Exception {<a name="line.2931"></a> |
| <span class="sourceLineNo">2932</span> ACCESS_CONTROLLER.preAddReplicationPeer(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2932"></a> |
| <span class="sourceLineNo">2933</span> "test", null);<a name="line.2933"></a> |
| <span class="sourceLineNo">2934</span> return null;<a name="line.2934"></a> |
| <span class="sourceLineNo">2935</span> }<a name="line.2935"></a> |
| <span class="sourceLineNo">2936</span> };<a name="line.2936"></a> |
| <span class="sourceLineNo">2937</span><a name="line.2937"></a> |
| <span class="sourceLineNo">2938</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.2938"></a> |
| <span class="sourceLineNo">2939</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.2939"></a> |
| <span class="sourceLineNo">2940</span> }<a name="line.2940"></a> |
| <span class="sourceLineNo">2941</span><a name="line.2941"></a> |
| <span class="sourceLineNo">2942</span> @Test<a name="line.2942"></a> |
| <span class="sourceLineNo">2943</span> public void testRemoveReplicationPeer() throws Exception {<a name="line.2943"></a> |
| <span class="sourceLineNo">2944</span> AccessTestAction action = new AccessTestAction() {<a name="line.2944"></a> |
| <span class="sourceLineNo">2945</span> @Override<a name="line.2945"></a> |
| <span class="sourceLineNo">2946</span> public Object run() throws Exception {<a name="line.2946"></a> |
| <span class="sourceLineNo">2947</span> ACCESS_CONTROLLER.preRemoveReplicationPeer(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2947"></a> |
| <span class="sourceLineNo">2948</span> "test");<a name="line.2948"></a> |
| <span class="sourceLineNo">2949</span> return null;<a name="line.2949"></a> |
| <span class="sourceLineNo">2950</span> }<a name="line.2950"></a> |
| <span class="sourceLineNo">2951</span> };<a name="line.2951"></a> |
| <span class="sourceLineNo">2952</span><a name="line.2952"></a> |
| <span class="sourceLineNo">2953</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.2953"></a> |
| <span class="sourceLineNo">2954</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.2954"></a> |
| <span class="sourceLineNo">2955</span> }<a name="line.2955"></a> |
| <span class="sourceLineNo">2956</span><a name="line.2956"></a> |
| <span class="sourceLineNo">2957</span> @Test<a name="line.2957"></a> |
| <span class="sourceLineNo">2958</span> public void testEnableReplicationPeer() throws Exception {<a name="line.2958"></a> |
| <span class="sourceLineNo">2959</span> AccessTestAction action = new AccessTestAction() {<a name="line.2959"></a> |
| <span class="sourceLineNo">2960</span> @Override<a name="line.2960"></a> |
| <span class="sourceLineNo">2961</span> public Object run() throws Exception {<a name="line.2961"></a> |
| <span class="sourceLineNo">2962</span> ACCESS_CONTROLLER.preEnableReplicationPeer(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2962"></a> |
| <span class="sourceLineNo">2963</span> "test");<a name="line.2963"></a> |
| <span class="sourceLineNo">2964</span> return null;<a name="line.2964"></a> |
| <span class="sourceLineNo">2965</span> }<a name="line.2965"></a> |
| <span class="sourceLineNo">2966</span> };<a name="line.2966"></a> |
| <span class="sourceLineNo">2967</span><a name="line.2967"></a> |
| <span class="sourceLineNo">2968</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.2968"></a> |
| <span class="sourceLineNo">2969</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.2969"></a> |
| <span class="sourceLineNo">2970</span> }<a name="line.2970"></a> |
| <span class="sourceLineNo">2971</span><a name="line.2971"></a> |
| <span class="sourceLineNo">2972</span> @Test<a name="line.2972"></a> |
| <span class="sourceLineNo">2973</span> public void testDisableReplicationPeer() throws Exception {<a name="line.2973"></a> |
| <span class="sourceLineNo">2974</span> AccessTestAction action = new AccessTestAction() {<a name="line.2974"></a> |
| <span class="sourceLineNo">2975</span> @Override<a name="line.2975"></a> |
| <span class="sourceLineNo">2976</span> public Object run() throws Exception {<a name="line.2976"></a> |
| <span class="sourceLineNo">2977</span> ACCESS_CONTROLLER.preDisableReplicationPeer(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2977"></a> |
| <span class="sourceLineNo">2978</span> "test");<a name="line.2978"></a> |
| <span class="sourceLineNo">2979</span> return null;<a name="line.2979"></a> |
| <span class="sourceLineNo">2980</span> }<a name="line.2980"></a> |
| <span class="sourceLineNo">2981</span> };<a name="line.2981"></a> |
| <span class="sourceLineNo">2982</span><a name="line.2982"></a> |
| <span class="sourceLineNo">2983</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.2983"></a> |
| <span class="sourceLineNo">2984</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.2984"></a> |
| <span class="sourceLineNo">2985</span> }<a name="line.2985"></a> |
| <span class="sourceLineNo">2986</span><a name="line.2986"></a> |
| <span class="sourceLineNo">2987</span> @Test<a name="line.2987"></a> |
| <span class="sourceLineNo">2988</span> public void testGetReplicationPeerConfig() throws Exception {<a name="line.2988"></a> |
| <span class="sourceLineNo">2989</span> AccessTestAction action = new AccessTestAction() {<a name="line.2989"></a> |
| <span class="sourceLineNo">2990</span> @Override<a name="line.2990"></a> |
| <span class="sourceLineNo">2991</span> public Object run() throws Exception {<a name="line.2991"></a> |
| <span class="sourceLineNo">2992</span> ACCESS_CONTROLLER.preGetReplicationPeerConfig(<a name="line.2992"></a> |
| <span class="sourceLineNo">2993</span> ObserverContextImpl.createAndPrepare(CP_ENV), "test");<a name="line.2993"></a> |
| <span class="sourceLineNo">2994</span> return null;<a name="line.2994"></a> |
| <span class="sourceLineNo">2995</span> }<a name="line.2995"></a> |
| <span class="sourceLineNo">2996</span> };<a name="line.2996"></a> |
| <span class="sourceLineNo">2997</span><a name="line.2997"></a> |
| <span class="sourceLineNo">2998</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.2998"></a> |
| <span class="sourceLineNo">2999</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.2999"></a> |
| <span class="sourceLineNo">3000</span> }<a name="line.3000"></a> |
| <span class="sourceLineNo">3001</span><a name="line.3001"></a> |
| <span class="sourceLineNo">3002</span> @Test<a name="line.3002"></a> |
| <span class="sourceLineNo">3003</span> public void testUpdateReplicationPeerConfig() throws Exception {<a name="line.3003"></a> |
| <span class="sourceLineNo">3004</span> AccessTestAction action = new AccessTestAction() {<a name="line.3004"></a> |
| <span class="sourceLineNo">3005</span> @Override<a name="line.3005"></a> |
| <span class="sourceLineNo">3006</span> public Object run() throws Exception {<a name="line.3006"></a> |
| <span class="sourceLineNo">3007</span> ACCESS_CONTROLLER.preUpdateReplicationPeerConfig(<a name="line.3007"></a> |
| <span class="sourceLineNo">3008</span> ObserverContextImpl.createAndPrepare(CP_ENV), "test", new ReplicationPeerConfig());<a name="line.3008"></a> |
| <span class="sourceLineNo">3009</span> return null;<a name="line.3009"></a> |
| <span class="sourceLineNo">3010</span> }<a name="line.3010"></a> |
| <span class="sourceLineNo">3011</span> };<a name="line.3011"></a> |
| <span class="sourceLineNo">3012</span><a name="line.3012"></a> |
| <span class="sourceLineNo">3013</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3013"></a> |
| <span class="sourceLineNo">3014</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3014"></a> |
| <span class="sourceLineNo">3015</span> }<a name="line.3015"></a> |
| <span class="sourceLineNo">3016</span><a name="line.3016"></a> |
| <span class="sourceLineNo">3017</span> @Test<a name="line.3017"></a> |
| <span class="sourceLineNo">3018</span> public void testTransitSyncReplicationPeerState() throws Exception {<a name="line.3018"></a> |
| <span class="sourceLineNo">3019</span> AccessTestAction action = new AccessTestAction() {<a name="line.3019"></a> |
| <span class="sourceLineNo">3020</span> @Override<a name="line.3020"></a> |
| <span class="sourceLineNo">3021</span> public Object run() throws Exception {<a name="line.3021"></a> |
| <span class="sourceLineNo">3022</span> ACCESS_CONTROLLER.preTransitReplicationPeerSyncReplicationState(<a name="line.3022"></a> |
| <span class="sourceLineNo">3023</span> ObserverContextImpl.createAndPrepare(CP_ENV), "test", SyncReplicationState.NONE);<a name="line.3023"></a> |
| <span class="sourceLineNo">3024</span> return null;<a name="line.3024"></a> |
| <span class="sourceLineNo">3025</span> }<a name="line.3025"></a> |
| <span class="sourceLineNo">3026</span> };<a name="line.3026"></a> |
| <span class="sourceLineNo">3027</span><a name="line.3027"></a> |
| <span class="sourceLineNo">3028</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3028"></a> |
| <span class="sourceLineNo">3029</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3029"></a> |
| <span class="sourceLineNo">3030</span> }<a name="line.3030"></a> |
| <span class="sourceLineNo">3031</span><a name="line.3031"></a> |
| <span class="sourceLineNo">3032</span> @Test<a name="line.3032"></a> |
| <span class="sourceLineNo">3033</span> public void testListReplicationPeers() throws Exception {<a name="line.3033"></a> |
| <span class="sourceLineNo">3034</span> AccessTestAction action = new AccessTestAction() {<a name="line.3034"></a> |
| <span class="sourceLineNo">3035</span> @Override<a name="line.3035"></a> |
| <span class="sourceLineNo">3036</span> public Object run() throws Exception {<a name="line.3036"></a> |
| <span class="sourceLineNo">3037</span> ACCESS_CONTROLLER.preListReplicationPeers(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.3037"></a> |
| <span class="sourceLineNo">3038</span> "test");<a name="line.3038"></a> |
| <span class="sourceLineNo">3039</span> return null;<a name="line.3039"></a> |
| <span class="sourceLineNo">3040</span> }<a name="line.3040"></a> |
| <span class="sourceLineNo">3041</span> };<a name="line.3041"></a> |
| <span class="sourceLineNo">3042</span><a name="line.3042"></a> |
| <span class="sourceLineNo">3043</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3043"></a> |
| <span class="sourceLineNo">3044</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3044"></a> |
| <span class="sourceLineNo">3045</span> }<a name="line.3045"></a> |
| <span class="sourceLineNo">3046</span><a name="line.3046"></a> |
| <span class="sourceLineNo">3047</span> @Test<a name="line.3047"></a> |
| <span class="sourceLineNo">3048</span> public void testRemoteLocks() throws Exception {<a name="line.3048"></a> |
| <span class="sourceLineNo">3049</span> String namespace = "preQueueNs";<a name="line.3049"></a> |
| <span class="sourceLineNo">3050</span> final TableName tableName = TableName.valueOf(namespace, name.getMethodName());<a name="line.3050"></a> |
| <span class="sourceLineNo">3051</span> RegionInfo[] regionInfos = new RegionInfo[] { RegionInfoBuilder.newBuilder(tableName).build() };<a name="line.3051"></a> |
| <span class="sourceLineNo">3052</span><a name="line.3052"></a> |
| <span class="sourceLineNo">3053</span> // Setup Users<a name="line.3053"></a> |
| <span class="sourceLineNo">3054</span> // User will be granted ADMIN and CREATE on namespace. Should be denied before grant.<a name="line.3054"></a> |
| <span class="sourceLineNo">3055</span> User namespaceUser = User.createUserForTesting(conf, "qLNSUser", new String[0]);<a name="line.3055"></a> |
| <span class="sourceLineNo">3056</span> // User will be granted ADMIN and CREATE on table. Should be denied before grant.<a name="line.3056"></a> |
| <span class="sourceLineNo">3057</span> User tableACUser = User.createUserForTesting(conf, "qLTableACUser", new String[0]);<a name="line.3057"></a> |
| <span class="sourceLineNo">3058</span> // User will be granted READ, WRITE, EXECUTE on table. Should be denied.<a name="line.3058"></a> |
| <span class="sourceLineNo">3059</span> User tableRWXUser = User.createUserForTesting(conf, "qLTableRWXUser", new String[0]);<a name="line.3059"></a> |
| <span class="sourceLineNo">3060</span> grantOnTable(TEST_UTIL, tableRWXUser.getShortName(), tableName, null, null,<a name="line.3060"></a> |
| <span class="sourceLineNo">3061</span> Action.READ, Action.WRITE, Action.EXEC);<a name="line.3061"></a> |
| <span class="sourceLineNo">3062</span> // User with global READ, WRITE, EXECUTE should be denied lock access.<a name="line.3062"></a> |
| <span class="sourceLineNo">3063</span> User globalRWXUser = User.createUserForTesting(conf, "qLGlobalRWXUser", new String[0]);<a name="line.3063"></a> |
| <span class="sourceLineNo">3064</span> grantGlobal(TEST_UTIL, globalRWXUser.getShortName(), Action.READ, Action.WRITE, Action.EXEC);<a name="line.3064"></a> |
| <span class="sourceLineNo">3065</span><a name="line.3065"></a> |
| <span class="sourceLineNo">3066</span> AccessTestAction namespaceLockAction = new AccessTestAction() {<a name="line.3066"></a> |
| <span class="sourceLineNo">3067</span> @Override public Object run() throws Exception {<a name="line.3067"></a> |
| <span class="sourceLineNo">3068</span> ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV), namespace,<a name="line.3068"></a> |
| <span class="sourceLineNo">3069</span> null, null, null);<a name="line.3069"></a> |
| <span class="sourceLineNo">3070</span> return null;<a name="line.3070"></a> |
| <span class="sourceLineNo">3071</span> }<a name="line.3071"></a> |
| <span class="sourceLineNo">3072</span> };<a name="line.3072"></a> |
| <span class="sourceLineNo">3073</span> verifyAllowed(namespaceLockAction, SUPERUSER, USER_ADMIN);<a name="line.3073"></a> |
| <span class="sourceLineNo">3074</span> verifyDenied(namespaceLockAction, globalRWXUser, tableACUser, namespaceUser, tableRWXUser);<a name="line.3074"></a> |
| <span class="sourceLineNo">3075</span> grantOnNamespace(TEST_UTIL, namespaceUser.getShortName(), namespace, Action.ADMIN);<a name="line.3075"></a> |
| <span class="sourceLineNo">3076</span> // Why I need this pause? I don't need it elsewhere.<a name="line.3076"></a> |
| <span class="sourceLineNo">3077</span> Threads.sleep(1000);<a name="line.3077"></a> |
| <span class="sourceLineNo">3078</span> verifyAllowed(namespaceLockAction, namespaceUser);<a name="line.3078"></a> |
| <span class="sourceLineNo">3079</span><a name="line.3079"></a> |
| <span class="sourceLineNo">3080</span> AccessTestAction tableLockAction = new AccessTestAction() {<a name="line.3080"></a> |
| <span class="sourceLineNo">3081</span> @Override public Object run() throws Exception {<a name="line.3081"></a> |
| <span class="sourceLineNo">3082</span> ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.3082"></a> |
| <span class="sourceLineNo">3083</span> null, tableName, null, null);<a name="line.3083"></a> |
| <span class="sourceLineNo">3084</span> return null;<a name="line.3084"></a> |
| <span class="sourceLineNo">3085</span> }<a name="line.3085"></a> |
| <span class="sourceLineNo">3086</span> };<a name="line.3086"></a> |
| <span class="sourceLineNo">3087</span> verifyAllowed(tableLockAction, SUPERUSER, USER_ADMIN, namespaceUser);<a name="line.3087"></a> |
| <span class="sourceLineNo">3088</span> verifyDenied(tableLockAction, globalRWXUser, tableACUser, tableRWXUser);<a name="line.3088"></a> |
| <span class="sourceLineNo">3089</span> grantOnTable(TEST_UTIL, tableACUser.getShortName(), tableName, null, null,<a name="line.3089"></a> |
| <span class="sourceLineNo">3090</span> Action.ADMIN, Action.CREATE);<a name="line.3090"></a> |
| <span class="sourceLineNo">3091</span> // See if this can fail (flakie) because grant hasn't propagated yet.<a name="line.3091"></a> |
| <span class="sourceLineNo">3092</span> for (int i = 0; i < 10; i++) {<a name="line.3092"></a> |
| <span class="sourceLineNo">3093</span> try {<a name="line.3093"></a> |
| <span class="sourceLineNo">3094</span> verifyAllowed(tableLockAction, tableACUser);<a name="line.3094"></a> |
| <span class="sourceLineNo">3095</span> } catch (AssertionError e) {<a name="line.3095"></a> |
| <span class="sourceLineNo">3096</span> LOG.warn("Retrying assertion error", e);<a name="line.3096"></a> |
| <span class="sourceLineNo">3097</span> Threads.sleep(1000);<a name="line.3097"></a> |
| <span class="sourceLineNo">3098</span> continue;<a name="line.3098"></a> |
| <span class="sourceLineNo">3099</span> }<a name="line.3099"></a> |
| <span class="sourceLineNo">3100</span> }<a name="line.3100"></a> |
| <span class="sourceLineNo">3101</span><a name="line.3101"></a> |
| <span class="sourceLineNo">3102</span> AccessTestAction regionsLockAction = new AccessTestAction() {<a name="line.3102"></a> |
| <span class="sourceLineNo">3103</span> @Override public Object run() throws Exception {<a name="line.3103"></a> |
| <span class="sourceLineNo">3104</span> ACCESS_CONTROLLER.preRequestLock(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.3104"></a> |
| <span class="sourceLineNo">3105</span> null, null, regionInfos, null);<a name="line.3105"></a> |
| <span class="sourceLineNo">3106</span> return null;<a name="line.3106"></a> |
| <span class="sourceLineNo">3107</span> }<a name="line.3107"></a> |
| <span class="sourceLineNo">3108</span> };<a name="line.3108"></a> |
| <span class="sourceLineNo">3109</span> verifyAllowed(regionsLockAction, SUPERUSER, USER_ADMIN, namespaceUser, tableACUser);<a name="line.3109"></a> |
| <span class="sourceLineNo">3110</span> verifyDenied(regionsLockAction, globalRWXUser, tableRWXUser);<a name="line.3110"></a> |
| <span class="sourceLineNo">3111</span><a name="line.3111"></a> |
| <span class="sourceLineNo">3112</span> // Test heartbeats<a name="line.3112"></a> |
| <span class="sourceLineNo">3113</span> // Create a lock procedure and try sending heartbeat to it. It doesn't matter how the lock<a name="line.3113"></a> |
| <span class="sourceLineNo">3114</span> // was created, we just need namespace from the lock's tablename.<a name="line.3114"></a> |
| <span class="sourceLineNo">3115</span> LockProcedure proc = new LockProcedure(conf, tableName, LockType.EXCLUSIVE, "test", null);<a name="line.3115"></a> |
| <span class="sourceLineNo">3116</span> AccessTestAction regionLockHeartbeatAction = new AccessTestAction() {<a name="line.3116"></a> |
| <span class="sourceLineNo">3117</span> @Override public Object run() throws Exception {<a name="line.3117"></a> |
| <span class="sourceLineNo">3118</span> ACCESS_CONTROLLER.preLockHeartbeat(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.3118"></a> |
| <span class="sourceLineNo">3119</span> proc.getTableName(), proc.getDescription());<a name="line.3119"></a> |
| <span class="sourceLineNo">3120</span> return null;<a name="line.3120"></a> |
| <span class="sourceLineNo">3121</span> }<a name="line.3121"></a> |
| <span class="sourceLineNo">3122</span> };<a name="line.3122"></a> |
| <span class="sourceLineNo">3123</span> verifyAllowed(regionLockHeartbeatAction, SUPERUSER, USER_ADMIN, namespaceUser, tableACUser);<a name="line.3123"></a> |
| <span class="sourceLineNo">3124</span> verifyDenied(regionLockHeartbeatAction, globalRWXUser, tableRWXUser);<a name="line.3124"></a> |
| <span class="sourceLineNo">3125</span> }<a name="line.3125"></a> |
| <span class="sourceLineNo">3126</span><a name="line.3126"></a> |
| <span class="sourceLineNo">3127</span> @Test<a name="line.3127"></a> |
| <span class="sourceLineNo">3128</span> public void testAccessControlRevokeOnlyFewPermission() throws Throwable {<a name="line.3128"></a> |
| <span class="sourceLineNo">3129</span> TableName tname = TableName.valueOf("revoke");<a name="line.3129"></a> |
| <span class="sourceLineNo">3130</span> try {<a name="line.3130"></a> |
| <span class="sourceLineNo">3131</span> TEST_UTIL.createTable(tname, TEST_FAMILY);<a name="line.3131"></a> |
| <span class="sourceLineNo">3132</span> User testUserPerms = User.createUserForTesting(conf, "revokePerms", new String[0]);<a name="line.3132"></a> |
| <span class="sourceLineNo">3133</span> Permission.Action[] actions = { Action.READ, Action.WRITE };<a name="line.3133"></a> |
| <span class="sourceLineNo">3134</span> AccessControlClient.grant(TEST_UTIL.getConnection(), tname, testUserPerms.getShortName(),<a name="line.3134"></a> |
| <span class="sourceLineNo">3135</span> null, null, actions);<a name="line.3135"></a> |
| <span class="sourceLineNo">3136</span><a name="line.3136"></a> |
| <span class="sourceLineNo">3137</span> List<UserPermission> userPermissions = AccessControlClient<a name="line.3137"></a> |
| <span class="sourceLineNo">3138</span> .getUserPermissions(TEST_UTIL.getConnection(), tname.getNameAsString());<a name="line.3138"></a> |
| <span class="sourceLineNo">3139</span> assertEquals(2, userPermissions.size());<a name="line.3139"></a> |
| <span class="sourceLineNo">3140</span><a name="line.3140"></a> |
| <span class="sourceLineNo">3141</span> AccessControlClient.revoke(TEST_UTIL.getConnection(), tname, testUserPerms.getShortName(),<a name="line.3141"></a> |
| <span class="sourceLineNo">3142</span> null, null, Action.WRITE);<a name="line.3142"></a> |
| <span class="sourceLineNo">3143</span><a name="line.3143"></a> |
| <span class="sourceLineNo">3144</span> userPermissions = AccessControlClient.getUserPermissions(TEST_UTIL.getConnection(),<a name="line.3144"></a> |
| <span class="sourceLineNo">3145</span> tname.getNameAsString());<a name="line.3145"></a> |
| <span class="sourceLineNo">3146</span> assertEquals(2, userPermissions.size());<a name="line.3146"></a> |
| <span class="sourceLineNo">3147</span><a name="line.3147"></a> |
| <span class="sourceLineNo">3148</span> Permission.Action[] expectedAction = { Action.READ };<a name="line.3148"></a> |
| <span class="sourceLineNo">3149</span> boolean userFound = false;<a name="line.3149"></a> |
| <span class="sourceLineNo">3150</span> for (UserPermission p : userPermissions) {<a name="line.3150"></a> |
| <span class="sourceLineNo">3151</span> if (testUserPerms.getShortName().equals(p.getUser())) {<a name="line.3151"></a> |
| <span class="sourceLineNo">3152</span> assertArrayEquals(expectedAction, p.getPermission().getActions());<a name="line.3152"></a> |
| <span class="sourceLineNo">3153</span> userFound = true;<a name="line.3153"></a> |
| <span class="sourceLineNo">3154</span> break;<a name="line.3154"></a> |
| <span class="sourceLineNo">3155</span> }<a name="line.3155"></a> |
| <span class="sourceLineNo">3156</span> }<a name="line.3156"></a> |
| <span class="sourceLineNo">3157</span> assertTrue(userFound);<a name="line.3157"></a> |
| <span class="sourceLineNo">3158</span> } finally {<a name="line.3158"></a> |
| <span class="sourceLineNo">3159</span> TEST_UTIL.deleteTable(tname);<a name="line.3159"></a> |
| <span class="sourceLineNo">3160</span> }<a name="line.3160"></a> |
| <span class="sourceLineNo">3161</span> }<a name="line.3161"></a> |
| <span class="sourceLineNo">3162</span><a name="line.3162"></a> |
| <span class="sourceLineNo">3163</span> @Test<a name="line.3163"></a> |
| <span class="sourceLineNo">3164</span> public void testGetClusterStatus() throws Exception {<a name="line.3164"></a> |
| <span class="sourceLineNo">3165</span> AccessTestAction action = new AccessTestAction() {<a name="line.3165"></a> |
| <span class="sourceLineNo">3166</span> @Override<a name="line.3166"></a> |
| <span class="sourceLineNo">3167</span> public Object run() throws Exception {<a name="line.3167"></a> |
| <span class="sourceLineNo">3168</span> ACCESS_CONTROLLER.preGetClusterMetrics(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.3168"></a> |
| <span class="sourceLineNo">3169</span> return null;<a name="line.3169"></a> |
| <span class="sourceLineNo">3170</span> }<a name="line.3170"></a> |
| <span class="sourceLineNo">3171</span> };<a name="line.3171"></a> |
| <span class="sourceLineNo">3172</span><a name="line.3172"></a> |
| <span class="sourceLineNo">3173</span> verifyAllowed(<a name="line.3173"></a> |
| <span class="sourceLineNo">3174</span> action, SUPERUSER, USER_ADMIN, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3174"></a> |
| <span class="sourceLineNo">3175</span> }<a name="line.3175"></a> |
| <span class="sourceLineNo">3176</span><a name="line.3176"></a> |
| <span class="sourceLineNo">3177</span> @Test<a name="line.3177"></a> |
| <span class="sourceLineNo">3178</span> public void testExecuteProcedures() throws Exception {<a name="line.3178"></a> |
| <span class="sourceLineNo">3179</span> AccessTestAction action = new AccessTestAction() {<a name="line.3179"></a> |
| <span class="sourceLineNo">3180</span> @Override<a name="line.3180"></a> |
| <span class="sourceLineNo">3181</span> public Object run() throws Exception {<a name="line.3181"></a> |
| <span class="sourceLineNo">3182</span> ACCESS_CONTROLLER.preExecuteProcedures(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.3182"></a> |
| <span class="sourceLineNo">3183</span> return null;<a name="line.3183"></a> |
| <span class="sourceLineNo">3184</span> }<a name="line.3184"></a> |
| <span class="sourceLineNo">3185</span> };<a name="line.3185"></a> |
| <span class="sourceLineNo">3186</span><a name="line.3186"></a> |
| <span class="sourceLineNo">3187</span> verifyAllowed(action, SUPERUSER);<a name="line.3187"></a> |
| <span class="sourceLineNo">3188</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_ADMIN);<a name="line.3188"></a> |
| <span class="sourceLineNo">3189</span> }<a name="line.3189"></a> |
| <span class="sourceLineNo">3190</span><a name="line.3190"></a> |
| <span class="sourceLineNo">3191</span> @Test<a name="line.3191"></a> |
| <span class="sourceLineNo">3192</span> public void testGetUserPermissions() throws Throwable {<a name="line.3192"></a> |
| <span class="sourceLineNo">3193</span> Connection conn = null;<a name="line.3193"></a> |
| <span class="sourceLineNo">3194</span> try {<a name="line.3194"></a> |
| <span class="sourceLineNo">3195</span> conn = ConnectionFactory.createConnection(conf);<a name="line.3195"></a> |
| <span class="sourceLineNo">3196</span> User nSUser1 = User.createUserForTesting(conf, "nsuser1", new String[0]);<a name="line.3196"></a> |
| <span class="sourceLineNo">3197</span> User nSUser2 = User.createUserForTesting(conf, "nsuser2", new String[0]);<a name="line.3197"></a> |
| <span class="sourceLineNo">3198</span> User nSUser3 = User.createUserForTesting(conf, "nsuser3", new String[0]);<a name="line.3198"></a> |
| <span class="sourceLineNo">3199</span><a name="line.3199"></a> |
| <span class="sourceLineNo">3200</span> // Global access groups<a name="line.3200"></a> |
| <span class="sourceLineNo">3201</span> User globalGroupUser1 =<a name="line.3201"></a> |
| <span class="sourceLineNo">3202</span> User.createUserForTesting(conf, "globalGroupUser1", new String[] { "group_admin" });<a name="line.3202"></a> |
| <span class="sourceLineNo">3203</span> User globalGroupUser2 = User.createUserForTesting(conf, "globalGroupUser2",<a name="line.3203"></a> |
| <span class="sourceLineNo">3204</span> new String[] { "group_admin", "group_create" });<a name="line.3204"></a> |
| <span class="sourceLineNo">3205</span> // Namespace access groups<a name="line.3205"></a> |
| <span class="sourceLineNo">3206</span> User nsGroupUser1 =<a name="line.3206"></a> |
| <span class="sourceLineNo">3207</span> User.createUserForTesting(conf, "nsGroupUser1", new String[] { "ns_group1" });<a name="line.3207"></a> |
| <span class="sourceLineNo">3208</span> User nsGroupUser2 =<a name="line.3208"></a> |
| <span class="sourceLineNo">3209</span> User.createUserForTesting(conf, "nsGroupUser2", new String[] { "ns_group2" });<a name="line.3209"></a> |
| <span class="sourceLineNo">3210</span> // table Access groups<a name="line.3210"></a> |
| <span class="sourceLineNo">3211</span> User tableGroupUser1 =<a name="line.3211"></a> |
| <span class="sourceLineNo">3212</span> User.createUserForTesting(conf, "tableGroupUser1", new String[] { "table_group1" });<a name="line.3212"></a> |
| <span class="sourceLineNo">3213</span> User tableGroupUser2 =<a name="line.3213"></a> |
| <span class="sourceLineNo">3214</span> User.createUserForTesting(conf, "tableGroupUser2", new String[] { "table_group2" });<a name="line.3214"></a> |
| <span class="sourceLineNo">3215</span><a name="line.3215"></a> |
| <span class="sourceLineNo">3216</span> // Create namespaces<a name="line.3216"></a> |
| <span class="sourceLineNo">3217</span> String nsPrefix = "testNS";<a name="line.3217"></a> |
| <span class="sourceLineNo">3218</span> final String namespace1 = nsPrefix + "1";<a name="line.3218"></a> |
| <span class="sourceLineNo">3219</span> NamespaceDescriptor desc1 = NamespaceDescriptor.create(namespace1).build();<a name="line.3219"></a> |
| <span class="sourceLineNo">3220</span> createNamespace(TEST_UTIL, desc1);<a name="line.3220"></a> |
| <span class="sourceLineNo">3221</span> String namespace2 = nsPrefix + "2";<a name="line.3221"></a> |
| <span class="sourceLineNo">3222</span> NamespaceDescriptor desc2 = NamespaceDescriptor.create(namespace2).build();<a name="line.3222"></a> |
| <span class="sourceLineNo">3223</span> createNamespace(TEST_UTIL, desc2);<a name="line.3223"></a> |
| <span class="sourceLineNo">3224</span><a name="line.3224"></a> |
| <span class="sourceLineNo">3225</span> // Grant namespace permission<a name="line.3225"></a> |
| <span class="sourceLineNo">3226</span> grantOnNamespace(TEST_UTIL, nSUser1.getShortName(), namespace1, Permission.Action.ADMIN);<a name="line.3226"></a> |
| <span class="sourceLineNo">3227</span> grantOnNamespace(TEST_UTIL, nSUser3.getShortName(), namespace1, Permission.Action.READ);<a name="line.3227"></a> |
| <span class="sourceLineNo">3228</span> grantOnNamespace(TEST_UTIL, toGroupEntry("ns_group1"), namespace1, Permission.Action.ADMIN);<a name="line.3228"></a> |
| <span class="sourceLineNo">3229</span> grantOnNamespace(TEST_UTIL, nSUser2.getShortName(), namespace2, Permission.Action.ADMIN);<a name="line.3229"></a> |
| <span class="sourceLineNo">3230</span> grantOnNamespace(TEST_UTIL, nSUser3.getShortName(), namespace2, Permission.Action.ADMIN);<a name="line.3230"></a> |
| <span class="sourceLineNo">3231</span> grantOnNamespace(TEST_UTIL, toGroupEntry("ns_group2"), namespace2, Permission.Action.READ,<a name="line.3231"></a> |
| <span class="sourceLineNo">3232</span> Permission.Action.WRITE);<a name="line.3232"></a> |
| <span class="sourceLineNo">3233</span><a name="line.3233"></a> |
| <span class="sourceLineNo">3234</span> // Create tables<a name="line.3234"></a> |
| <span class="sourceLineNo">3235</span> TableName table1 = TableName.valueOf(namespace1 + TableName.NAMESPACE_DELIM + "t1");<a name="line.3235"></a> |
| <span class="sourceLineNo">3236</span> TableName table2 = TableName.valueOf(namespace2 + TableName.NAMESPACE_DELIM + "t2");<a name="line.3236"></a> |
| <span class="sourceLineNo">3237</span> byte[] TEST_FAMILY2 = Bytes.toBytes("f2");<a name="line.3237"></a> |
| <span class="sourceLineNo">3238</span> byte[] TEST_QUALIFIER2 = Bytes.toBytes("q2");<a name="line.3238"></a> |
| <span class="sourceLineNo">3239</span> createTestTable(table1, TEST_FAMILY);<a name="line.3239"></a> |
| <span class="sourceLineNo">3240</span> createTestTable(table2, TEST_FAMILY2);<a name="line.3240"></a> |
| <span class="sourceLineNo">3241</span><a name="line.3241"></a> |
| <span class="sourceLineNo">3242</span> // Grant table permissions<a name="line.3242"></a> |
| <span class="sourceLineNo">3243</span> grantOnTable(TEST_UTIL, toGroupEntry("table_group1"), table1, null, null,<a name="line.3243"></a> |
| <span class="sourceLineNo">3244</span> Permission.Action.ADMIN);<a name="line.3244"></a> |
| <span class="sourceLineNo">3245</span> grantOnTable(TEST_UTIL, USER_ADMIN.getShortName(), table1, null, null,<a name="line.3245"></a> |
| <span class="sourceLineNo">3246</span> Permission.Action.ADMIN);<a name="line.3246"></a> |
| <span class="sourceLineNo">3247</span> grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(), table1, TEST_FAMILY, null,<a name="line.3247"></a> |
| <span class="sourceLineNo">3248</span> Permission.Action.ADMIN);<a name="line.3248"></a> |
| <span class="sourceLineNo">3249</span> grantOnTable(TEST_UTIL, USER_RW.getShortName(), table1, TEST_FAMILY, TEST_QUALIFIER,<a name="line.3249"></a> |
| <span class="sourceLineNo">3250</span> Permission.Action.READ);<a name="line.3250"></a> |
| <span class="sourceLineNo">3251</span> grantOnTable(TEST_UTIL, USER_RW.getShortName(), table1, TEST_FAMILY, TEST_QUALIFIER2,<a name="line.3251"></a> |
| <span class="sourceLineNo">3252</span> Permission.Action.WRITE);<a name="line.3252"></a> |
| <span class="sourceLineNo">3253</span><a name="line.3253"></a> |
| <span class="sourceLineNo">3254</span> grantOnTable(TEST_UTIL, toGroupEntry("table_group2"), table2, null, null,<a name="line.3254"></a> |
| <span class="sourceLineNo">3255</span> Permission.Action.ADMIN);<a name="line.3255"></a> |
| <span class="sourceLineNo">3256</span> grantOnTable(TEST_UTIL, USER_ADMIN.getShortName(), table2, null, null,<a name="line.3256"></a> |
| <span class="sourceLineNo">3257</span> Permission.Action.ADMIN);<a name="line.3257"></a> |
| <span class="sourceLineNo">3258</span> grantOnTable(TEST_UTIL, USER_ADMIN_CF.getShortName(), table2, TEST_FAMILY2, null,<a name="line.3258"></a> |
| <span class="sourceLineNo">3259</span> Permission.Action.ADMIN);<a name="line.3259"></a> |
| <span class="sourceLineNo">3260</span> grantOnTable(TEST_UTIL, USER_RW.getShortName(), table2, TEST_FAMILY2, TEST_QUALIFIER,<a name="line.3260"></a> |
| <span class="sourceLineNo">3261</span> Permission.Action.READ);<a name="line.3261"></a> |
| <span class="sourceLineNo">3262</span> grantOnTable(TEST_UTIL, USER_RW.getShortName(), table2, TEST_FAMILY2, TEST_QUALIFIER2,<a name="line.3262"></a> |
| <span class="sourceLineNo">3263</span> Permission.Action.WRITE);<a name="line.3263"></a> |
| <span class="sourceLineNo">3264</span><a name="line.3264"></a> |
| <span class="sourceLineNo">3265</span> List<UserPermission> userPermissions = null;<a name="line.3265"></a> |
| <span class="sourceLineNo">3266</span> Collection<String> superUsers = Superusers.getSuperUsers();<a name="line.3266"></a> |
| <span class="sourceLineNo">3267</span> int superUserCount = superUsers.size();<a name="line.3267"></a> |
| <span class="sourceLineNo">3268</span><a name="line.3268"></a> |
| <span class="sourceLineNo">3269</span> // Global User ACL<a name="line.3269"></a> |
| <span class="sourceLineNo">3270</span> validateGlobalUserACLForGetUserPermissions(conn, nSUser1, globalGroupUser1, globalGroupUser2,<a name="line.3270"></a> |
| <span class="sourceLineNo">3271</span> superUsers, superUserCount);<a name="line.3271"></a> |
| <span class="sourceLineNo">3272</span><a name="line.3272"></a> |
| <span class="sourceLineNo">3273</span> // Namespace ACL<a name="line.3273"></a> |
| <span class="sourceLineNo">3274</span> validateNamespaceUserACLForGetUserPermissions(conn, nSUser1, nSUser3, nsGroupUser1,<a name="line.3274"></a> |
| <span class="sourceLineNo">3275</span> nsGroupUser2, nsPrefix, namespace1, namespace2);<a name="line.3275"></a> |
| <span class="sourceLineNo">3276</span><a name="line.3276"></a> |
| <span class="sourceLineNo">3277</span> // Table + Users<a name="line.3277"></a> |
| <span class="sourceLineNo">3278</span> validateTableACLForGetUserPermissions(conn, nSUser1, tableGroupUser1, tableGroupUser2,<a name="line.3278"></a> |
| <span class="sourceLineNo">3279</span> nsPrefix, table1, table2, TEST_QUALIFIER2, superUsers);<a name="line.3279"></a> |
| <span class="sourceLineNo">3280</span><a name="line.3280"></a> |
| <span class="sourceLineNo">3281</span> // exception scenarios<a name="line.3281"></a> |
| <span class="sourceLineNo">3282</span><a name="line.3282"></a> |
| <span class="sourceLineNo">3283</span> try {<a name="line.3283"></a> |
| <span class="sourceLineNo">3284</span> // test case with table name as null<a name="line.3284"></a> |
| <span class="sourceLineNo">3285</span> assertEquals(3, AccessControlClient.getUserPermissions(conn, null, TEST_FAMILY).size());<a name="line.3285"></a> |
| <span class="sourceLineNo">3286</span> fail("this should have thrown IllegalArgumentException");<a name="line.3286"></a> |
| <span class="sourceLineNo">3287</span> } catch (IllegalArgumentException ex) {<a name="line.3287"></a> |
| <span class="sourceLineNo">3288</span> // expected<a name="line.3288"></a> |
| <span class="sourceLineNo">3289</span> }<a name="line.3289"></a> |
| <span class="sourceLineNo">3290</span> try {<a name="line.3290"></a> |
| <span class="sourceLineNo">3291</span> // test case with table name as emplty<a name="line.3291"></a> |
| <span class="sourceLineNo">3292</span> assertEquals(3, AccessControlClient<a name="line.3292"></a> |
| <span class="sourceLineNo">3293</span> .getUserPermissions(conn, HConstants.EMPTY_STRING, TEST_FAMILY).size());<a name="line.3293"></a> |
| <span class="sourceLineNo">3294</span> fail("this should have thrown IllegalArgumentException");<a name="line.3294"></a> |
| <span class="sourceLineNo">3295</span> } catch (IllegalArgumentException ex) {<a name="line.3295"></a> |
| <span class="sourceLineNo">3296</span> // expected<a name="line.3296"></a> |
| <span class="sourceLineNo">3297</span> }<a name="line.3297"></a> |
| <span class="sourceLineNo">3298</span> try {<a name="line.3298"></a> |
| <span class="sourceLineNo">3299</span> // test case with table name as namespace name<a name="line.3299"></a> |
| <span class="sourceLineNo">3300</span> assertEquals(3,<a name="line.3300"></a> |
| <span class="sourceLineNo">3301</span> AccessControlClient.getUserPermissions(conn, "@" + namespace2, TEST_FAMILY).size());<a name="line.3301"></a> |
| <span class="sourceLineNo">3302</span> fail("this should have thrown IllegalArgumentException");<a name="line.3302"></a> |
| <span class="sourceLineNo">3303</span> } catch (IllegalArgumentException ex) {<a name="line.3303"></a> |
| <span class="sourceLineNo">3304</span> // expected<a name="line.3304"></a> |
| <span class="sourceLineNo">3305</span> }<a name="line.3305"></a> |
| <span class="sourceLineNo">3306</span><a name="line.3306"></a> |
| <span class="sourceLineNo">3307</span> // Clean the table and namespace<a name="line.3307"></a> |
| <span class="sourceLineNo">3308</span> deleteTable(TEST_UTIL, table1);<a name="line.3308"></a> |
| <span class="sourceLineNo">3309</span> deleteTable(TEST_UTIL, table2);<a name="line.3309"></a> |
| <span class="sourceLineNo">3310</span> deleteNamespace(TEST_UTIL, namespace1);<a name="line.3310"></a> |
| <span class="sourceLineNo">3311</span> deleteNamespace(TEST_UTIL, namespace2);<a name="line.3311"></a> |
| <span class="sourceLineNo">3312</span> } finally {<a name="line.3312"></a> |
| <span class="sourceLineNo">3313</span> if (conn != null) {<a name="line.3313"></a> |
| <span class="sourceLineNo">3314</span> conn.close();<a name="line.3314"></a> |
| <span class="sourceLineNo">3315</span> }<a name="line.3315"></a> |
| <span class="sourceLineNo">3316</span> }<a name="line.3316"></a> |
| <span class="sourceLineNo">3317</span> }<a name="line.3317"></a> |
| <span class="sourceLineNo">3318</span><a name="line.3318"></a> |
| <span class="sourceLineNo">3319</span> @Test<a name="line.3319"></a> |
| <span class="sourceLineNo">3320</span> public void testHasPermission() throws Throwable {<a name="line.3320"></a> |
| <span class="sourceLineNo">3321</span> Connection conn = null;<a name="line.3321"></a> |
| <span class="sourceLineNo">3322</span> try {<a name="line.3322"></a> |
| <span class="sourceLineNo">3323</span> conn = ConnectionFactory.createConnection(conf);<a name="line.3323"></a> |
| <span class="sourceLineNo">3324</span> // Create user and set namespace ACL<a name="line.3324"></a> |
| <span class="sourceLineNo">3325</span> User user1 = User.createUserForTesting(conf, "testHasPermissionUser1", new String[0]);<a name="line.3325"></a> |
| <span class="sourceLineNo">3326</span> // Grant namespace permission<a name="line.3326"></a> |
| <span class="sourceLineNo">3327</span> grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conn, user1.getShortName(),<a name="line.3327"></a> |
| <span class="sourceLineNo">3328</span> NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.ADMIN,<a name="line.3328"></a> |
| <span class="sourceLineNo">3329</span> Permission.Action.CREATE, Permission.Action.READ);<a name="line.3329"></a> |
| <span class="sourceLineNo">3330</span><a name="line.3330"></a> |
| <span class="sourceLineNo">3331</span> // Create user and set table ACL<a name="line.3331"></a> |
| <span class="sourceLineNo">3332</span> User user2 = User.createUserForTesting(conf, "testHasPermissionUser2", new String[0]);<a name="line.3332"></a> |
| <span class="sourceLineNo">3333</span> // Grant namespace permission<a name="line.3333"></a> |
| <span class="sourceLineNo">3334</span> grantOnTableUsingAccessControlClient(TEST_UTIL, conn, user2.getShortName(), TEST_TABLE,<a name="line.3334"></a> |
| <span class="sourceLineNo">3335</span> TEST_FAMILY, TEST_QUALIFIER, Permission.Action.READ, Permission.Action.WRITE);<a name="line.3335"></a> |
| <span class="sourceLineNo">3336</span><a name="line.3336"></a> |
| <span class="sourceLineNo">3337</span> // Verify action privilege<a name="line.3337"></a> |
| <span class="sourceLineNo">3338</span> AccessTestAction hasPermissionActionCP = new AccessTestAction() {<a name="line.3338"></a> |
| <span class="sourceLineNo">3339</span> @Override<a name="line.3339"></a> |
| <span class="sourceLineNo">3340</span> public Object run() throws Exception {<a name="line.3340"></a> |
| <span class="sourceLineNo">3341</span> try (Connection conn = ConnectionFactory.createConnection(conf);<a name="line.3341"></a> |
| <span class="sourceLineNo">3342</span> Table acl = conn.getTable(PermissionStorage.ACL_TABLE_NAME)) {<a name="line.3342"></a> |
| <span class="sourceLineNo">3343</span> BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getName());<a name="line.3343"></a> |
| <span class="sourceLineNo">3344</span> AccessControlService.BlockingInterface protocol =<a name="line.3344"></a> |
| <span class="sourceLineNo">3345</span> AccessControlService.newBlockingStub(service);<a name="line.3345"></a> |
| <span class="sourceLineNo">3346</span> Permission.Action[] actions = { Permission.Action.READ, Permission.Action.WRITE };<a name="line.3346"></a> |
| <span class="sourceLineNo">3347</span> AccessControlUtil.hasPermission(null, protocol, TEST_TABLE, TEST_FAMILY,<a name="line.3347"></a> |
| <span class="sourceLineNo">3348</span> HConstants.EMPTY_BYTE_ARRAY, "dummy", actions);<a name="line.3348"></a> |
| <span class="sourceLineNo">3349</span> }<a name="line.3349"></a> |
| <span class="sourceLineNo">3350</span> return null;<a name="line.3350"></a> |
| <span class="sourceLineNo">3351</span> }<a name="line.3351"></a> |
| <span class="sourceLineNo">3352</span> };<a name="line.3352"></a> |
| <span class="sourceLineNo">3353</span> AccessTestAction hasPermissionAction = new AccessTestAction() {<a name="line.3353"></a> |
| <span class="sourceLineNo">3354</span> @Override<a name="line.3354"></a> |
| <span class="sourceLineNo">3355</span> public Object run() throws Exception {<a name="line.3355"></a> |
| <span class="sourceLineNo">3356</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.3356"></a> |
| <span class="sourceLineNo">3357</span> Permission.Action[] actions = { Permission.Action.READ, Permission.Action.WRITE };<a name="line.3357"></a> |
| <span class="sourceLineNo">3358</span> conn.getAdmin().hasUserPermissions("dummy",<a name="line.3358"></a> |
| <span class="sourceLineNo">3359</span> Arrays.asList(Permission.newBuilder(TEST_TABLE).withFamily(TEST_FAMILY)<a name="line.3359"></a> |
| <span class="sourceLineNo">3360</span> .withQualifier(HConstants.EMPTY_BYTE_ARRAY).withActions(actions).build()));<a name="line.3360"></a> |
| <span class="sourceLineNo">3361</span> }<a name="line.3361"></a> |
| <span class="sourceLineNo">3362</span> return null;<a name="line.3362"></a> |
| <span class="sourceLineNo">3363</span> }<a name="line.3363"></a> |
| <span class="sourceLineNo">3364</span> };<a name="line.3364"></a> |
| <span class="sourceLineNo">3365</span> verifyAllowed(hasPermissionActionCP, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER,<a name="line.3365"></a> |
| <span class="sourceLineNo">3366</span> USER_ADMIN_CF, user1);<a name="line.3366"></a> |
| <span class="sourceLineNo">3367</span> verifyDenied(hasPermissionActionCP, USER_CREATE, USER_RW, USER_RO, USER_NONE, user2);<a name="line.3367"></a> |
| <span class="sourceLineNo">3368</span> verifyAllowed(hasPermissionAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER,<a name="line.3368"></a> |
| <span class="sourceLineNo">3369</span> USER_ADMIN_CF, user1);<a name="line.3369"></a> |
| <span class="sourceLineNo">3370</span> verifyDenied(hasPermissionAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, user2);<a name="line.3370"></a> |
| <span class="sourceLineNo">3371</span><a name="line.3371"></a> |
| <span class="sourceLineNo">3372</span> // Check for global user<a name="line.3372"></a> |
| <span class="sourceLineNo">3373</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3373"></a> |
| <span class="sourceLineNo">3374</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN.getShortName(),<a name="line.3374"></a> |
| <span class="sourceLineNo">3375</span> Permission.Action.READ, Permission.Action.WRITE, Permission.Action.CREATE,<a name="line.3375"></a> |
| <span class="sourceLineNo">3376</span> Permission.Action.ADMIN));<a name="line.3376"></a> |
| <span class="sourceLineNo">3377</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3377"></a> |
| <span class="sourceLineNo">3378</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN.getShortName(),<a name="line.3378"></a> |
| <span class="sourceLineNo">3379</span> Permission.Action.READ, Permission.Action.WRITE, Permission.Action.CREATE,<a name="line.3379"></a> |
| <span class="sourceLineNo">3380</span> Permission.Action.ADMIN, Permission.Action.EXEC));<a name="line.3380"></a> |
| <span class="sourceLineNo">3381</span><a name="line.3381"></a> |
| <span class="sourceLineNo">3382</span> // Check for namespace access user<a name="line.3382"></a> |
| <span class="sourceLineNo">3383</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3383"></a> |
| <span class="sourceLineNo">3384</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, user1.getShortName(),<a name="line.3384"></a> |
| <span class="sourceLineNo">3385</span> Permission.Action.ADMIN, Permission.Action.CREATE));<a name="line.3385"></a> |
| <span class="sourceLineNo">3386</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3386"></a> |
| <span class="sourceLineNo">3387</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, user1.getShortName(),<a name="line.3387"></a> |
| <span class="sourceLineNo">3388</span> Permission.Action.ADMIN, Permission.Action.READ, Permission.Action.EXEC));<a name="line.3388"></a> |
| <span class="sourceLineNo">3389</span><a name="line.3389"></a> |
| <span class="sourceLineNo">3390</span> // Check for table owner<a name="line.3390"></a> |
| <span class="sourceLineNo">3391</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3391"></a> |
| <span class="sourceLineNo">3392</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_OWNER.getShortName(),<a name="line.3392"></a> |
| <span class="sourceLineNo">3393</span> Permission.Action.READ, Permission.Action.WRITE, Permission.Action.EXEC,<a name="line.3393"></a> |
| <span class="sourceLineNo">3394</span> Permission.Action.CREATE, Permission.Action.ADMIN));<a name="line.3394"></a> |
| <span class="sourceLineNo">3395</span><a name="line.3395"></a> |
| <span class="sourceLineNo">3396</span> // Check for table user<a name="line.3396"></a> |
| <span class="sourceLineNo">3397</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3397"></a> |
| <span class="sourceLineNo">3398</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_CREATE.getShortName(),<a name="line.3398"></a> |
| <span class="sourceLineNo">3399</span> Permission.Action.READ, Permission.Action.WRITE));<a name="line.3399"></a> |
| <span class="sourceLineNo">3400</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3400"></a> |
| <span class="sourceLineNo">3401</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_RO.getShortName(),<a name="line.3401"></a> |
| <span class="sourceLineNo">3402</span> Permission.Action.READ, Permission.Action.WRITE));<a name="line.3402"></a> |
| <span class="sourceLineNo">3403</span><a name="line.3403"></a> |
| <span class="sourceLineNo">3404</span> // Check for family access user<a name="line.3404"></a> |
| <span class="sourceLineNo">3405</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3405"></a> |
| <span class="sourceLineNo">3406</span> HConstants.EMPTY_BYTE_ARRAY, USER_RO.getShortName(), Permission.Action.READ));<a name="line.3406"></a> |
| <span class="sourceLineNo">3407</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3407"></a> |
| <span class="sourceLineNo">3408</span> HConstants.EMPTY_BYTE_ARRAY, USER_RW.getShortName(), Permission.Action.READ,<a name="line.3408"></a> |
| <span class="sourceLineNo">3409</span> Permission.Action.WRITE));<a name="line.3409"></a> |
| <span class="sourceLineNo">3410</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3410"></a> |
| <span class="sourceLineNo">3411</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(),<a name="line.3411"></a> |
| <span class="sourceLineNo">3412</span> Permission.Action.ADMIN, Permission.Action.CREATE));<a name="line.3412"></a> |
| <span class="sourceLineNo">3413</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3413"></a> |
| <span class="sourceLineNo">3414</span> HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(), Permission.Action.ADMIN,<a name="line.3414"></a> |
| <span class="sourceLineNo">3415</span> Permission.Action.CREATE));<a name="line.3415"></a> |
| <span class="sourceLineNo">3416</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3416"></a> |
| <span class="sourceLineNo">3417</span> HConstants.EMPTY_BYTE_ARRAY, USER_ADMIN_CF.getShortName(), Permission.Action.READ));<a name="line.3417"></a> |
| <span class="sourceLineNo">3418</span><a name="line.3418"></a> |
| <span class="sourceLineNo">3419</span> // Check for qualifier access user<a name="line.3419"></a> |
| <span class="sourceLineNo">3420</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3420"></a> |
| <span class="sourceLineNo">3421</span> TEST_QUALIFIER, user2.getShortName(), Permission.Action.READ, Permission.Action.WRITE));<a name="line.3421"></a> |
| <span class="sourceLineNo">3422</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(), TEST_FAMILY,<a name="line.3422"></a> |
| <span class="sourceLineNo">3423</span> TEST_QUALIFIER, user2.getShortName(), Permission.Action.EXEC, Permission.Action.READ));<a name="line.3423"></a> |
| <span class="sourceLineNo">3424</span> assertFalse(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3424"></a> |
| <span class="sourceLineNo">3425</span> HConstants.EMPTY_BYTE_ARRAY, TEST_QUALIFIER, USER_RW.getShortName(),<a name="line.3425"></a> |
| <span class="sourceLineNo">3426</span> Permission.Action.WRITE, Permission.Action.READ));<a name="line.3426"></a> |
| <span class="sourceLineNo">3427</span><a name="line.3427"></a> |
| <span class="sourceLineNo">3428</span> // exception scenarios<a name="line.3428"></a> |
| <span class="sourceLineNo">3429</span> try {<a name="line.3429"></a> |
| <span class="sourceLineNo">3430</span> // test case with table name as null<a name="line.3430"></a> |
| <span class="sourceLineNo">3431</span> assertTrue(AccessControlClient.hasPermission(conn, null, HConstants.EMPTY_BYTE_ARRAY,<a name="line.3431"></a> |
| <span class="sourceLineNo">3432</span> HConstants.EMPTY_BYTE_ARRAY, null, Permission.Action.READ));<a name="line.3432"></a> |
| <span class="sourceLineNo">3433</span> fail("this should have thrown IllegalArgumentException");<a name="line.3433"></a> |
| <span class="sourceLineNo">3434</span> } catch (IllegalArgumentException ex) {<a name="line.3434"></a> |
| <span class="sourceLineNo">3435</span> // expected<a name="line.3435"></a> |
| <span class="sourceLineNo">3436</span> }<a name="line.3436"></a> |
| <span class="sourceLineNo">3437</span> try {<a name="line.3437"></a> |
| <span class="sourceLineNo">3438</span> // test case with username as null<a name="line.3438"></a> |
| <span class="sourceLineNo">3439</span> assertTrue(AccessControlClient.hasPermission(conn, TEST_TABLE.getNameAsString(),<a name="line.3439"></a> |
| <span class="sourceLineNo">3440</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, null, Permission.Action.READ));<a name="line.3440"></a> |
| <span class="sourceLineNo">3441</span> fail("this should have thrown IllegalArgumentException");<a name="line.3441"></a> |
| <span class="sourceLineNo">3442</span> } catch (IllegalArgumentException ex) {<a name="line.3442"></a> |
| <span class="sourceLineNo">3443</span> // expected<a name="line.3443"></a> |
| <span class="sourceLineNo">3444</span> }<a name="line.3444"></a> |
| <span class="sourceLineNo">3445</span><a name="line.3445"></a> |
| <span class="sourceLineNo">3446</span> revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conn, user1.getShortName(),<a name="line.3446"></a> |
| <span class="sourceLineNo">3447</span> NamespaceDescriptor.DEFAULT_NAMESPACE.getName(), Permission.Action.ADMIN,<a name="line.3447"></a> |
| <span class="sourceLineNo">3448</span> Permission.Action.CREATE, Permission.Action.READ);<a name="line.3448"></a> |
| <span class="sourceLineNo">3449</span> revokeFromTableUsingAccessControlClient(TEST_UTIL, conn, user2.getShortName(), TEST_TABLE,<a name="line.3449"></a> |
| <span class="sourceLineNo">3450</span> TEST_FAMILY, TEST_QUALIFIER, Permission.Action.READ, Permission.Action.WRITE);<a name="line.3450"></a> |
| <span class="sourceLineNo">3451</span> } finally {<a name="line.3451"></a> |
| <span class="sourceLineNo">3452</span> if (conn != null) {<a name="line.3452"></a> |
| <span class="sourceLineNo">3453</span> conn.close();<a name="line.3453"></a> |
| <span class="sourceLineNo">3454</span> }<a name="line.3454"></a> |
| <span class="sourceLineNo">3455</span> }<a name="line.3455"></a> |
| <span class="sourceLineNo">3456</span> }<a name="line.3456"></a> |
| <span class="sourceLineNo">3457</span><a name="line.3457"></a> |
| <span class="sourceLineNo">3458</span> @Test<a name="line.3458"></a> |
| <span class="sourceLineNo">3459</span> public void testSwitchRpcThrottle() throws Exception {<a name="line.3459"></a> |
| <span class="sourceLineNo">3460</span> AccessTestAction action = new AccessTestAction() {<a name="line.3460"></a> |
| <span class="sourceLineNo">3461</span> @Override<a name="line.3461"></a> |
| <span class="sourceLineNo">3462</span> public Object run() throws Exception {<a name="line.3462"></a> |
| <span class="sourceLineNo">3463</span> ACCESS_CONTROLLER.preSwitchRpcThrottle(ObserverContextImpl.createAndPrepare(CP_ENV), true);<a name="line.3463"></a> |
| <span class="sourceLineNo">3464</span> return null;<a name="line.3464"></a> |
| <span class="sourceLineNo">3465</span> }<a name="line.3465"></a> |
| <span class="sourceLineNo">3466</span> };<a name="line.3466"></a> |
| <span class="sourceLineNo">3467</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3467"></a> |
| <span class="sourceLineNo">3468</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3468"></a> |
| <span class="sourceLineNo">3469</span> }<a name="line.3469"></a> |
| <span class="sourceLineNo">3470</span><a name="line.3470"></a> |
| <span class="sourceLineNo">3471</span> @Test<a name="line.3471"></a> |
| <span class="sourceLineNo">3472</span> public void testIsRpcThrottleEnabled() throws Exception {<a name="line.3472"></a> |
| <span class="sourceLineNo">3473</span> AccessTestAction action = new AccessTestAction() {<a name="line.3473"></a> |
| <span class="sourceLineNo">3474</span> @Override<a name="line.3474"></a> |
| <span class="sourceLineNo">3475</span> public Object run() throws Exception {<a name="line.3475"></a> |
| <span class="sourceLineNo">3476</span> ACCESS_CONTROLLER.preIsRpcThrottleEnabled(ObserverContextImpl.createAndPrepare(CP_ENV));<a name="line.3476"></a> |
| <span class="sourceLineNo">3477</span> return null;<a name="line.3477"></a> |
| <span class="sourceLineNo">3478</span> }<a name="line.3478"></a> |
| <span class="sourceLineNo">3479</span> };<a name="line.3479"></a> |
| <span class="sourceLineNo">3480</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3480"></a> |
| <span class="sourceLineNo">3481</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3481"></a> |
| <span class="sourceLineNo">3482</span> }<a name="line.3482"></a> |
| <span class="sourceLineNo">3483</span><a name="line.3483"></a> |
| <span class="sourceLineNo">3484</span> @Test<a name="line.3484"></a> |
| <span class="sourceLineNo">3485</span> public void testSwitchExceedThrottleQuota() throws Exception {<a name="line.3485"></a> |
| <span class="sourceLineNo">3486</span> AccessTestAction action = new AccessTestAction() {<a name="line.3486"></a> |
| <span class="sourceLineNo">3487</span> @Override<a name="line.3487"></a> |
| <span class="sourceLineNo">3488</span> public Object run() throws Exception {<a name="line.3488"></a> |
| <span class="sourceLineNo">3489</span> ACCESS_CONTROLLER.preSwitchExceedThrottleQuota(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.3489"></a> |
| <span class="sourceLineNo">3490</span> true);<a name="line.3490"></a> |
| <span class="sourceLineNo">3491</span> return null;<a name="line.3491"></a> |
| <span class="sourceLineNo">3492</span> }<a name="line.3492"></a> |
| <span class="sourceLineNo">3493</span> };<a name="line.3493"></a> |
| <span class="sourceLineNo">3494</span> verifyAllowed(action, SUPERUSER, USER_ADMIN);<a name="line.3494"></a> |
| <span class="sourceLineNo">3495</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER);<a name="line.3495"></a> |
| <span class="sourceLineNo">3496</span> }<a name="line.3496"></a> |
| <span class="sourceLineNo">3497</span><a name="line.3497"></a> |
| <span class="sourceLineNo">3498</span> /*<a name="line.3498"></a> |
| <span class="sourceLineNo">3499</span> * Validate Global User ACL<a name="line.3499"></a> |
| <span class="sourceLineNo">3500</span> */<a name="line.3500"></a> |
| <span class="sourceLineNo">3501</span> private void validateGlobalUserACLForGetUserPermissions(final Connection conn, User nSUser1,<a name="line.3501"></a> |
| <span class="sourceLineNo">3502</span> User globalGroupUser1, User globalGroupUser2, Collection<String> superUsers,<a name="line.3502"></a> |
| <span class="sourceLineNo">3503</span> int superUserCount) throws Throwable {<a name="line.3503"></a> |
| <span class="sourceLineNo">3504</span> // Verify action privilege<a name="line.3504"></a> |
| <span class="sourceLineNo">3505</span> AccessTestAction globalUserPermissionAction = new AccessTestAction() {<a name="line.3505"></a> |
| <span class="sourceLineNo">3506</span> @Override<a name="line.3506"></a> |
| <span class="sourceLineNo">3507</span> public Object run() throws Exception {<a name="line.3507"></a> |
| <span class="sourceLineNo">3508</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.3508"></a> |
| <span class="sourceLineNo">3509</span> conn.getAdmin().getUserPermissions(<a name="line.3509"></a> |
| <span class="sourceLineNo">3510</span> GetUserPermissionsRequest.newBuilder().withUserName("dummy").build());<a name="line.3510"></a> |
| <span class="sourceLineNo">3511</span> }<a name="line.3511"></a> |
| <span class="sourceLineNo">3512</span> return null;<a name="line.3512"></a> |
| <span class="sourceLineNo">3513</span> }<a name="line.3513"></a> |
| <span class="sourceLineNo">3514</span> };<a name="line.3514"></a> |
| <span class="sourceLineNo">3515</span> verifyAllowed(globalUserPermissionAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.3515"></a> |
| <span class="sourceLineNo">3516</span> verifyDenied(globalUserPermissionAction, USER_GROUP_CREATE, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.3516"></a> |
| <span class="sourceLineNo">3517</span><a name="line.3517"></a> |
| <span class="sourceLineNo">3518</span> // Validate global user permission<a name="line.3518"></a> |
| <span class="sourceLineNo">3519</span> List<UserPermission> userPermissions;<a name="line.3519"></a> |
| <span class="sourceLineNo">3520</span> assertEquals(5 + superUserCount, AccessControlClient.getUserPermissions(conn, null).size());<a name="line.3520"></a> |
| <span class="sourceLineNo">3521</span> assertEquals(5 + superUserCount,<a name="line.3521"></a> |
| <span class="sourceLineNo">3522</span> AccessControlClient.getUserPermissions(conn, HConstants.EMPTY_STRING).size());<a name="line.3522"></a> |
| <span class="sourceLineNo">3523</span> assertEquals(5 + superUserCount,<a name="line.3523"></a> |
| <span class="sourceLineNo">3524</span> AccessControlClient.getUserPermissions(conn, null, HConstants.EMPTY_STRING).size());<a name="line.3524"></a> |
| <span class="sourceLineNo">3525</span> userPermissions = AccessControlClient.getUserPermissions(conn, null, USER_ADMIN.getName());<a name="line.3525"></a> |
| <span class="sourceLineNo">3526</span> verifyGetUserPermissionResult(userPermissions, 1, null, null, USER_ADMIN.getName(), superUsers);<a name="line.3526"></a> |
| <span class="sourceLineNo">3527</span> assertEquals(0, AccessControlClient.getUserPermissions(conn, null, nSUser1.getName()).size());<a name="line.3527"></a> |
| <span class="sourceLineNo">3528</span> // Global group user ACL<a name="line.3528"></a> |
| <span class="sourceLineNo">3529</span> assertEquals(1,<a name="line.3529"></a> |
| <span class="sourceLineNo">3530</span> AccessControlClient.getUserPermissions(conn, null, globalGroupUser1.getName()).size());<a name="line.3530"></a> |
| <span class="sourceLineNo">3531</span> assertEquals(2,<a name="line.3531"></a> |
| <span class="sourceLineNo">3532</span> AccessControlClient.getUserPermissions(conn, null, globalGroupUser2.getName()).size());<a name="line.3532"></a> |
| <span class="sourceLineNo">3533</span> }<a name="line.3533"></a> |
| <span class="sourceLineNo">3534</span><a name="line.3534"></a> |
| <span class="sourceLineNo">3535</span> /*<a name="line.3535"></a> |
| <span class="sourceLineNo">3536</span> * Validate Namespace User ACL<a name="line.3536"></a> |
| <span class="sourceLineNo">3537</span> */<a name="line.3537"></a> |
| <span class="sourceLineNo">3538</span> private void validateNamespaceUserACLForGetUserPermissions(final Connection conn, User nSUser1,<a name="line.3538"></a> |
| <span class="sourceLineNo">3539</span> User nSUser3, User nsGroupUser1, User nsGroupUser2, String nsPrefix, final String namespace1,<a name="line.3539"></a> |
| <span class="sourceLineNo">3540</span> String namespace2) throws Throwable {<a name="line.3540"></a> |
| <span class="sourceLineNo">3541</span> AccessTestAction namespaceUserPermissionAction = new AccessTestAction() {<a name="line.3541"></a> |
| <span class="sourceLineNo">3542</span> @Override<a name="line.3542"></a> |
| <span class="sourceLineNo">3543</span> public Object run() throws Exception {<a name="line.3543"></a> |
| <span class="sourceLineNo">3544</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.3544"></a> |
| <span class="sourceLineNo">3545</span> conn.getAdmin().getUserPermissions(<a name="line.3545"></a> |
| <span class="sourceLineNo">3546</span> GetUserPermissionsRequest.newBuilder(namespace1).withUserName("dummy").build());<a name="line.3546"></a> |
| <span class="sourceLineNo">3547</span> }<a name="line.3547"></a> |
| <span class="sourceLineNo">3548</span> return null;<a name="line.3548"></a> |
| <span class="sourceLineNo">3549</span> }<a name="line.3549"></a> |
| <span class="sourceLineNo">3550</span> };<a name="line.3550"></a> |
| <span class="sourceLineNo">3551</span> verifyAllowed(namespaceUserPermissionAction, SUPERUSER, USER_GROUP_ADMIN, USER_ADMIN, nSUser1,<a name="line.3551"></a> |
| <span class="sourceLineNo">3552</span> nsGroupUser1);<a name="line.3552"></a> |
| <span class="sourceLineNo">3553</span> verifyDenied(namespaceUserPermissionAction, USER_GROUP_CREATE, USER_GROUP_READ,<a name="line.3553"></a> |
| <span class="sourceLineNo">3554</span> USER_GROUP_WRITE, nSUser3, nsGroupUser2);<a name="line.3554"></a> |
| <span class="sourceLineNo">3555</span><a name="line.3555"></a> |
| <span class="sourceLineNo">3556</span> List<UserPermission> userPermissions;<a name="line.3556"></a> |
| <span class="sourceLineNo">3557</span> assertEquals(6, AccessControlClient.getUserPermissions(conn, "@" + nsPrefix + ".*").size());<a name="line.3557"></a> |
| <span class="sourceLineNo">3558</span> assertEquals(3, AccessControlClient.getUserPermissions(conn, "@" + namespace1).size());<a name="line.3558"></a> |
| <span class="sourceLineNo">3559</span> assertEquals(3, AccessControlClient<a name="line.3559"></a> |
| <span class="sourceLineNo">3560</span> .getUserPermissions(conn, "@" + namespace1, HConstants.EMPTY_STRING).size());<a name="line.3560"></a> |
| <span class="sourceLineNo">3561</span> userPermissions =<a name="line.3561"></a> |
| <span class="sourceLineNo">3562</span> AccessControlClient.getUserPermissions(conn, "@" + namespace1, nSUser1.getName());<a name="line.3562"></a> |
| <span class="sourceLineNo">3563</span> verifyGetUserPermissionResult(userPermissions, 1, null, null, nSUser1.getName(), null);<a name="line.3563"></a> |
| <span class="sourceLineNo">3564</span> userPermissions =<a name="line.3564"></a> |
| <span class="sourceLineNo">3565</span> AccessControlClient.getUserPermissions(conn, "@" + namespace1, nSUser3.getName());<a name="line.3565"></a> |
| <span class="sourceLineNo">3566</span> verifyGetUserPermissionResult(userPermissions, 1, null, null, nSUser3.getName(), null);<a name="line.3566"></a> |
| <span class="sourceLineNo">3567</span> assertEquals(0,<a name="line.3567"></a> |
| <span class="sourceLineNo">3568</span> AccessControlClient.getUserPermissions(conn, "@" + namespace1, USER_ADMIN.getName()).size());<a name="line.3568"></a> |
| <span class="sourceLineNo">3569</span> // Namespace group user ACL<a name="line.3569"></a> |
| <span class="sourceLineNo">3570</span> assertEquals(1, AccessControlClient<a name="line.3570"></a> |
| <span class="sourceLineNo">3571</span> .getUserPermissions(conn, "@" + namespace1, nsGroupUser1.getName()).size());<a name="line.3571"></a> |
| <span class="sourceLineNo">3572</span> assertEquals(1, AccessControlClient<a name="line.3572"></a> |
| <span class="sourceLineNo">3573</span> .getUserPermissions(conn, "@" + namespace2, nsGroupUser2.getName()).size());<a name="line.3573"></a> |
| <span class="sourceLineNo">3574</span> }<a name="line.3574"></a> |
| <span class="sourceLineNo">3575</span><a name="line.3575"></a> |
| <span class="sourceLineNo">3576</span> /*<a name="line.3576"></a> |
| <span class="sourceLineNo">3577</span> * Validate Table User ACL<a name="line.3577"></a> |
| <span class="sourceLineNo">3578</span> */<a name="line.3578"></a> |
| <span class="sourceLineNo">3579</span> private void validateTableACLForGetUserPermissions(final Connection conn, User nSUser1,<a name="line.3579"></a> |
| <span class="sourceLineNo">3580</span> User tableGroupUser1, User tableGroupUser2, String nsPrefix, TableName table1,<a name="line.3580"></a> |
| <span class="sourceLineNo">3581</span> TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) throws Throwable {<a name="line.3581"></a> |
| <span class="sourceLineNo">3582</span> AccessTestAction tableUserPermissionAction = new AccessTestAction() {<a name="line.3582"></a> |
| <span class="sourceLineNo">3583</span> @Override<a name="line.3583"></a> |
| <span class="sourceLineNo">3584</span> public Object run() throws Exception {<a name="line.3584"></a> |
| <span class="sourceLineNo">3585</span> try (Connection conn = ConnectionFactory.createConnection(conf)) {<a name="line.3585"></a> |
| <span class="sourceLineNo">3586</span> conn.getAdmin().getUserPermissions(GetUserPermissionsRequest.newBuilder(TEST_TABLE)<a name="line.3586"></a> |
| <span class="sourceLineNo">3587</span> .withFamily(TEST_FAMILY).withQualifier(TEST_QUALIFIER).withUserName("dummy").build());<a name="line.3587"></a> |
| <span class="sourceLineNo">3588</span> }<a name="line.3588"></a> |
| <span class="sourceLineNo">3589</span> return null;<a name="line.3589"></a> |
| <span class="sourceLineNo">3590</span> }<a name="line.3590"></a> |
| <span class="sourceLineNo">3591</span> };<a name="line.3591"></a> |
| <span class="sourceLineNo">3592</span> verifyAllowed(tableUserPermissionAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_ADMIN_CF);<a name="line.3592"></a> |
| <span class="sourceLineNo">3593</span> verifyDenied(tableUserPermissionAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_CREATE);<a name="line.3593"></a> |
| <span class="sourceLineNo">3594</span><a name="line.3594"></a> |
| <span class="sourceLineNo">3595</span> List<UserPermission> userPermissions;<a name="line.3595"></a> |
| <span class="sourceLineNo">3596</span> assertEquals(12, AccessControlClient.getUserPermissions(conn, nsPrefix + ".*").size());<a name="line.3596"></a> |
| <span class="sourceLineNo">3597</span> assertEquals(6, AccessControlClient.getUserPermissions(conn, table1.getNameAsString()).size());<a name="line.3597"></a> |
| <span class="sourceLineNo">3598</span> assertEquals(6, AccessControlClient<a name="line.3598"></a> |
| <span class="sourceLineNo">3599</span> .getUserPermissions(conn, table1.getNameAsString(), HConstants.EMPTY_STRING).size());<a name="line.3599"></a> |
| <span class="sourceLineNo">3600</span> userPermissions = AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3600"></a> |
| <span class="sourceLineNo">3601</span> USER_ADMIN_CF.getName());<a name="line.3601"></a> |
| <span class="sourceLineNo">3602</span> verifyGetUserPermissionResult(userPermissions, 1, null, null, USER_ADMIN_CF.getName(), null);<a name="line.3602"></a> |
| <span class="sourceLineNo">3603</span> assertEquals(0, AccessControlClient<a name="line.3603"></a> |
| <span class="sourceLineNo">3604</span> .getUserPermissions(conn, table1.getNameAsString(), nSUser1.getName()).size());<a name="line.3604"></a> |
| <span class="sourceLineNo">3605</span> // Table group user ACL<a name="line.3605"></a> |
| <span class="sourceLineNo">3606</span> assertEquals(1, AccessControlClient<a name="line.3606"></a> |
| <span class="sourceLineNo">3607</span> .getUserPermissions(conn, table1.getNameAsString(), tableGroupUser1.getName()).size());<a name="line.3607"></a> |
| <span class="sourceLineNo">3608</span> assertEquals(1, AccessControlClient<a name="line.3608"></a> |
| <span class="sourceLineNo">3609</span> .getUserPermissions(conn, table2.getNameAsString(), tableGroupUser2.getName()).size());<a name="line.3609"></a> |
| <span class="sourceLineNo">3610</span><a name="line.3610"></a> |
| <span class="sourceLineNo">3611</span> // Table Users + CF<a name="line.3611"></a> |
| <span class="sourceLineNo">3612</span> assertEquals(12, AccessControlClient<a name="line.3612"></a> |
| <span class="sourceLineNo">3613</span> .getUserPermissions(conn, nsPrefix + ".*", HConstants.EMPTY_BYTE_ARRAY).size());<a name="line.3613"></a> |
| <span class="sourceLineNo">3614</span> userPermissions = AccessControlClient.getUserPermissions(conn, nsPrefix + ".*", TEST_FAMILY);<a name="line.3614"></a> |
| <span class="sourceLineNo">3615</span> verifyGetUserPermissionResult(userPermissions, 3, TEST_FAMILY, null, null, null);<a name="line.3615"></a> |
| <span class="sourceLineNo">3616</span> assertEquals(0, AccessControlClient<a name="line.3616"></a> |
| <span class="sourceLineNo">3617</span> .getUserPermissions(conn, table1.getNameAsString(), Bytes.toBytes("dummmyCF")).size());<a name="line.3617"></a> |
| <span class="sourceLineNo">3618</span><a name="line.3618"></a> |
| <span class="sourceLineNo">3619</span> // Table Users + CF + User<a name="line.3619"></a> |
| <span class="sourceLineNo">3620</span> assertEquals(3,<a name="line.3620"></a> |
| <span class="sourceLineNo">3621</span> AccessControlClient<a name="line.3621"></a> |
| <span class="sourceLineNo">3622</span> .getUserPermissions(conn, table1.getNameAsString(), TEST_FAMILY, HConstants.EMPTY_STRING)<a name="line.3622"></a> |
| <span class="sourceLineNo">3623</span> .size());<a name="line.3623"></a> |
| <span class="sourceLineNo">3624</span> userPermissions = AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3624"></a> |
| <span class="sourceLineNo">3625</span> TEST_FAMILY, USER_ADMIN_CF.getName());<a name="line.3625"></a> |
| <span class="sourceLineNo">3626</span> verifyGetUserPermissionResult(userPermissions, 1, null, null, USER_ADMIN_CF.getName(),<a name="line.3626"></a> |
| <span class="sourceLineNo">3627</span> superUsers);<a name="line.3627"></a> |
| <span class="sourceLineNo">3628</span> assertEquals(0, AccessControlClient<a name="line.3628"></a> |
| <span class="sourceLineNo">3629</span> .getUserPermissions(conn, table1.getNameAsString(), TEST_FAMILY, nSUser1.getName()).size());<a name="line.3629"></a> |
| <span class="sourceLineNo">3630</span><a name="line.3630"></a> |
| <span class="sourceLineNo">3631</span> // Table Users + CF + CQ<a name="line.3631"></a> |
| <span class="sourceLineNo">3632</span> assertEquals(3, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3632"></a> |
| <span class="sourceLineNo">3633</span> TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY).size());<a name="line.3633"></a> |
| <span class="sourceLineNo">3634</span> assertEquals(1, AccessControlClient<a name="line.3634"></a> |
| <span class="sourceLineNo">3635</span> .getUserPermissions(conn, table1.getNameAsString(), TEST_FAMILY, TEST_QUALIFIER).size());<a name="line.3635"></a> |
| <span class="sourceLineNo">3636</span> assertEquals(1, AccessControlClient<a name="line.3636"></a> |
| <span class="sourceLineNo">3637</span> .getUserPermissions(conn, table1.getNameAsString(), TEST_FAMILY, TEST_QUALIFIER2).size());<a name="line.3637"></a> |
| <span class="sourceLineNo">3638</span> assertEquals(2, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3638"></a> |
| <span class="sourceLineNo">3639</span> HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, USER_RW.getName()).size());<a name="line.3639"></a> |
| <span class="sourceLineNo">3640</span> assertEquals(0, AccessControlClient<a name="line.3640"></a> |
| <span class="sourceLineNo">3641</span> .getUserPermissions(conn, table1.getNameAsString(), TEST_FAMILY, Bytes.toBytes("dummmyCQ"))<a name="line.3641"></a> |
| <span class="sourceLineNo">3642</span> .size());<a name="line.3642"></a> |
| <span class="sourceLineNo">3643</span><a name="line.3643"></a> |
| <span class="sourceLineNo">3644</span> // Table Users + CF + CQ + User<a name="line.3644"></a> |
| <span class="sourceLineNo">3645</span> assertEquals(3, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3645"></a> |
| <span class="sourceLineNo">3646</span> TEST_FAMILY, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_STRING).size());<a name="line.3646"></a> |
| <span class="sourceLineNo">3647</span> assertEquals(1, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3647"></a> |
| <span class="sourceLineNo">3648</span> TEST_FAMILY, TEST_QUALIFIER, USER_RW.getName()).size());<a name="line.3648"></a> |
| <span class="sourceLineNo">3649</span> assertEquals(1, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3649"></a> |
| <span class="sourceLineNo">3650</span> TEST_FAMILY, TEST_QUALIFIER2, USER_RW.getName()).size());<a name="line.3650"></a> |
| <span class="sourceLineNo">3651</span> assertEquals(0, AccessControlClient.getUserPermissions(conn, table1.getNameAsString(),<a name="line.3651"></a> |
| <span class="sourceLineNo">3652</span> TEST_FAMILY, TEST_QUALIFIER2, nSUser1.getName()).size());<a name="line.3652"></a> |
| <span class="sourceLineNo">3653</span> }<a name="line.3653"></a> |
| <span class="sourceLineNo">3654</span><a name="line.3654"></a> |
| <span class="sourceLineNo">3655</span> /*<a name="line.3655"></a> |
| <span class="sourceLineNo">3656</span> * Validate the user permission against the specified column family, column qualifier and user<a name="line.3656"></a> |
| <span class="sourceLineNo">3657</span> * name.<a name="line.3657"></a> |
| <span class="sourceLineNo">3658</span> */<a name="line.3658"></a> |
| <span class="sourceLineNo">3659</span> private void verifyGetUserPermissionResult(List<UserPermission> userPermissions, int resultCount,<a name="line.3659"></a> |
| <span class="sourceLineNo">3660</span> byte[] cf, byte[] cq, String userName, Collection<String> superUsers) {<a name="line.3660"></a> |
| <span class="sourceLineNo">3661</span> assertEquals(resultCount, userPermissions.size());<a name="line.3661"></a> |
| <span class="sourceLineNo">3662</span><a name="line.3662"></a> |
| <span class="sourceLineNo">3663</span> for (UserPermission perm : userPermissions) {<a name="line.3663"></a> |
| <span class="sourceLineNo">3664</span> if (perm.getPermission() instanceof TablePermission) {<a name="line.3664"></a> |
| <span class="sourceLineNo">3665</span> TablePermission tablePerm = (TablePermission) perm.getPermission();<a name="line.3665"></a> |
| <span class="sourceLineNo">3666</span> if (cf != null) {<a name="line.3666"></a> |
| <span class="sourceLineNo">3667</span> assertTrue(Bytes.equals(cf, tablePerm.getFamily()));<a name="line.3667"></a> |
| <span class="sourceLineNo">3668</span> }<a name="line.3668"></a> |
| <span class="sourceLineNo">3669</span> if (cq != null) {<a name="line.3669"></a> |
| <span class="sourceLineNo">3670</span> assertTrue(Bytes.equals(cq, tablePerm.getQualifier()));<a name="line.3670"></a> |
| <span class="sourceLineNo">3671</span> }<a name="line.3671"></a> |
| <span class="sourceLineNo">3672</span> if (userName != null<a name="line.3672"></a> |
| <span class="sourceLineNo">3673</span> && (superUsers == null || !superUsers.contains(perm.getUser()))) {<a name="line.3673"></a> |
| <span class="sourceLineNo">3674</span> assertTrue(userName.equals(perm.getUser()));<a name="line.3674"></a> |
| <span class="sourceLineNo">3675</span> }<a name="line.3675"></a> |
| <span class="sourceLineNo">3676</span> } else if (perm.getPermission() instanceof NamespacePermission ||<a name="line.3676"></a> |
| <span class="sourceLineNo">3677</span> perm.getPermission() instanceof GlobalPermission) {<a name="line.3677"></a> |
| <span class="sourceLineNo">3678</span> if (userName != null &&<a name="line.3678"></a> |
| <span class="sourceLineNo">3679</span> (superUsers == null || !superUsers.contains(perm.getUser()))) {<a name="line.3679"></a> |
| <span class="sourceLineNo">3680</span> assertTrue(userName.equals(perm.getUser()));<a name="line.3680"></a> |
| <span class="sourceLineNo">3681</span> }<a name="line.3681"></a> |
| <span class="sourceLineNo">3682</span> }<a name="line.3682"></a> |
| <span class="sourceLineNo">3683</span> }<a name="line.3683"></a> |
| <span class="sourceLineNo">3684</span> }<a name="line.3684"></a> |
| <span class="sourceLineNo">3685</span><a name="line.3685"></a> |
| <span class="sourceLineNo">3686</span> /*<a name="line.3686"></a> |
| <span class="sourceLineNo">3687</span> * Dummy ShellBasedUnixGroupsMapping class to retrieve the groups for the test users.<a name="line.3687"></a> |
| <span class="sourceLineNo">3688</span> */<a name="line.3688"></a> |
| <span class="sourceLineNo">3689</span> public static class MyShellBasedUnixGroupsMapping extends ShellBasedUnixGroupsMapping<a name="line.3689"></a> |
| <span class="sourceLineNo">3690</span> implements GroupMappingServiceProvider {<a name="line.3690"></a> |
| <span class="sourceLineNo">3691</span> @Override<a name="line.3691"></a> |
| <span class="sourceLineNo">3692</span> public List<String> getGroups(String user) throws IOException {<a name="line.3692"></a> |
| <span class="sourceLineNo">3693</span> if (user.equals("globalGroupUser1")) {<a name="line.3693"></a> |
| <span class="sourceLineNo">3694</span> return Arrays.asList(new String[] { "group_admin" });<a name="line.3694"></a> |
| <span class="sourceLineNo">3695</span> } else if (user.equals("globalGroupUser2")) {<a name="line.3695"></a> |
| <span class="sourceLineNo">3696</span> return Arrays.asList(new String[] { "group_admin", "group_create" });<a name="line.3696"></a> |
| <span class="sourceLineNo">3697</span> } else if (user.equals("nsGroupUser1")) {<a name="line.3697"></a> |
| <span class="sourceLineNo">3698</span> return Arrays.asList(new String[] { "ns_group1" });<a name="line.3698"></a> |
| <span class="sourceLineNo">3699</span> } else if (user.equals("nsGroupUser2")) {<a name="line.3699"></a> |
| <span class="sourceLineNo">3700</span> return Arrays.asList(new String[] { "ns_group2" });<a name="line.3700"></a> |
| <span class="sourceLineNo">3701</span> } else if (user.equals("tableGroupUser1")) {<a name="line.3701"></a> |
| <span class="sourceLineNo">3702</span> return Arrays.asList(new String[] { "table_group1" });<a name="line.3702"></a> |
| <span class="sourceLineNo">3703</span> } else if (user.equals("tableGroupUser2")) {<a name="line.3703"></a> |
| <span class="sourceLineNo">3704</span> return Arrays.asList(new String[] { "table_group2" });<a name="line.3704"></a> |
| <span class="sourceLineNo">3705</span> } else {<a name="line.3705"></a> |
| <span class="sourceLineNo">3706</span> return super.getGroups(user);<a name="line.3706"></a> |
| <span class="sourceLineNo">3707</span> }<a name="line.3707"></a> |
| <span class="sourceLineNo">3708</span> }<a name="line.3708"></a> |
| <span class="sourceLineNo">3709</span> }<a name="line.3709"></a> |
| <span class="sourceLineNo">3710</span>}<a name="line.3710"></a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </body> |
| </html> |
