hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestAsyncAccessControlAdminApi.java - hbase - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
  * law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
  * for the specific language governing permissions and limitations under the License.
  */

 package org.apache.hadoop.hbase.client;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;

 import java.util.List;
 import org.apache.hadoop.hbase.HBaseClassTestRule;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
 import org.apache.hadoop.hbase.security.access.Permission;
 import org.apache.hadoop.hbase.security.access.PermissionStorage;
 import org.apache.hadoop.hbase.security.access.SecureTestUtil;
 import org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction;
 import org.apache.hadoop.hbase.security.access.UserPermission;
 import org.apache.hadoop.hbase.testclassification.ClientTests;
 import org.apache.hadoop.hbase.testclassification.SmallTests;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.apache.hbase.thirdparty.com.google.common.collect.Lists;

 @RunWith(Parameterized.class)
 @Category({ ClientTests.class, SmallTests.class })
 public class TestAsyncAccessControlAdminApi extends TestAsyncAdminBase {

   @ClassRule
   public static final HBaseClassTestRule CLASS_RULE =
       HBaseClassTestRule.forClass(TestAsyncAccessControlAdminApi.class);

   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
     SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
     TEST_UTIL.startMiniCluster(1);
     TEST_UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME);
     ASYNC_CONN = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
   }

   @Test
   public void test() throws Exception {
     TableName tableName = TableName.valueOf("test-table");
     String userName1 = "user1";
     String userName2 = "user2";
     User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
     Permission permission =
         Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
     UserPermission userPermission = new UserPermission(userName1, permission);

     // grant user1 table permission
     admin.grant(userPermission, false).get();

     // get table permissions
     List<UserPermission> userPermissions =
         admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
     assertEquals(1, userPermissions.size());
     assertEquals(userPermission, userPermissions.get(0));

     // get table permissions
     userPermissions =
         admin
             .getUserPermissions(
               GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build())
             .get();
     assertEquals(1, userPermissions.size());
     assertEquals(userPermission, userPermissions.get(0));

     userPermissions =
         admin
             .getUserPermissions(
               GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build())
             .get();
     assertEquals(0, userPermissions.size());

     // has user permission
     List<Permission> permissions = Lists.newArrayList(permission);
     boolean hasPermission =
         admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
     assertTrue(hasPermission);
     hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
     assertFalse(hasPermission);

     AccessTestAction hasPermissionAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
         try (AsyncConnection conn =
             ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
           return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
         }
       }
     };
     try {
       user2.runAs(hasPermissionAction);
       fail("Should not come here");
     } catch (Exception e) {
       LOG.error("Call has permission error", e);
     }

     // check permission
     admin.hasUserPermissions(permissions);
     AccessTestAction checkPermissionsAction = new AccessTestAction() {
       @Override
       public Object run() throws Exception {
         try (AsyncConnection conn =
             ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
           return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
         }
       }
     };
     assertFalse((Boolean) user2.runAs(checkPermissionsAction));
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
	* law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
	* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
	* for the specific language governing permissions and limitations under the License.
	*/

	package org.apache.hadoop.hbase.client;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertTrue;
	import static org.junit.Assert.fail;

	import java.util.List;
	import org.apache.hadoop.hbase.HBaseClassTestRule;
	import org.apache.hadoop.hbase.TableName;
	import org.apache.hadoop.hbase.security.User;
	import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
	import org.apache.hadoop.hbase.security.access.Permission;
	import org.apache.hadoop.hbase.security.access.PermissionStorage;
	import org.apache.hadoop.hbase.security.access.SecureTestUtil;
	import org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction;
	import org.apache.hadoop.hbase.security.access.UserPermission;
	import org.apache.hadoop.hbase.testclassification.ClientTests;
	import org.apache.hadoop.hbase.testclassification.SmallTests;
	import org.junit.BeforeClass;
	import org.junit.ClassRule;
	import org.junit.Test;
	import org.junit.experimental.categories.Category;
	import org.junit.runner.RunWith;
	import org.junit.runners.Parameterized;
	import org.apache.hbase.thirdparty.com.google.common.collect.Lists;

	@RunWith(Parameterized.class)
	@Category({ ClientTests.class, SmallTests.class })
	public class TestAsyncAccessControlAdminApi extends TestAsyncAdminBase {

	@ClassRule
	public static final HBaseClassTestRule CLASS_RULE =
	HBaseClassTestRule.forClass(TestAsyncAccessControlAdminApi.class);

	@BeforeClass
	public static void setUpBeforeClass() throws Exception {
	SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
	TEST_UTIL.startMiniCluster(1);
	TEST_UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME);
	ASYNC_CONN = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
	}

	@Test
	public void test() throws Exception {
	TableName tableName = TableName.valueOf("test-table");
	String userName1 = "user1";
	String userName2 = "user2";
	User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
	Permission permission =
	Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
	UserPermission userPermission = new UserPermission(userName1, permission);

	// grant user1 table permission
	admin.grant(userPermission, false).get();

	// get table permissions
	List<UserPermission> userPermissions =
	admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
	assertEquals(1, userPermissions.size());
	assertEquals(userPermission, userPermissions.get(0));

	// get table permissions
	userPermissions =
	admin
	.getUserPermissions(
	GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build())
	.get();
	assertEquals(1, userPermissions.size());
	assertEquals(userPermission, userPermissions.get(0));

	userPermissions =
	admin
	.getUserPermissions(
	GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build())
	.get();
	assertEquals(0, userPermissions.size());

	// has user permission
	List<Permission> permissions = Lists.newArrayList(permission);
	boolean hasPermission =
	admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
	assertTrue(hasPermission);
	hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
	assertFalse(hasPermission);

	AccessTestAction hasPermissionAction = new AccessTestAction() {
	@Override
	public Object run() throws Exception {
	try (AsyncConnection conn =
	ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
	return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
	}
	}
	};
	try {
	user2.runAs(hasPermissionAction);
	fail("Should not come here");
	} catch (Exception e) {
	LOG.error("Call has permission error", e);
	}

	// check permission
	admin.hasUserPermissions(permissions);
	AccessTestAction checkPermissionsAction = new AccessTestAction() {
	@Override
	public Object run() throws Exception {
	try (AsyncConnection conn =
	ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
	return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
	}
	}
	};
	assertFalse((Boolean) user2.runAs(checkPermissionsAction));
	}
	}