From d104f5e73dd3ea6b73ead4e0b58afd472fe6c7eb Mon Sep 17 00:00:00 2001 From: Matt Warhaftig Date: Sun, 26 Apr 2015 11:33:43 -0400 Subject: [PATCH] HBASE-13358 - Update VisibilityClient to accept Connection objects. --- .../security/visibility/VisibilityClient.java | 204 +++++++++++++++------ .../IntegrationTestIngestWithVisibilityLabels.java | 4 +- ...IntegrationTestBigLinkedListWithVisibility.java | 4 +- ...grationTestWithCellVisibilityLoadAndVerify.java | 6 +- .../hadoop/hbase/rest/TestScannersWithLabels.java | 9 +- .../TestImportTSVWithVisibilityLabels.java | 6 +- .../TestDefaultScanLabelGeneratorStack.java | 7 +- .../TestEnforcingScanLabelGenerator.java | 8 +- .../security/visibility/TestVisibilityLabels.java | 17 +- ...tVisibilityLabelsOpWithDifferentUsersNoACL.java | 52 +++++- .../TestVisibilityLabelsReplication.java | 8 +- .../visibility/TestVisibilityLabelsWithACL.java | 50 +++-- ...estVisibilityLabelsWithCustomVisLabService.java | 2 + ...VisibilityLabelsWithDefaultVisLabelService.java | 20 +- .../TestVisibilityLabelsWithDeletes.java | 13 +- ...stVisibilityLabelsWithDistributedLogReplay.java | 2 + .../TestVisibilityLabelsWithSLGStack.java | 6 +- .../visibility/TestVisibilityLablesWithGroups.java | 15 +- .../visibility/TestVisibilityWithCheckAuths.java | 8 +- .../visibility/TestWithDisabledAuthorization.java | 16 +- .../TestThriftHBaseServiceHandlerWithLabels.java | 8 +- 21 files changed, 335 insertions(+), 130 deletions(-) diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java index fef7d14..172b61a 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java @@ -61,10 +61,26 @@ public class VisibilityClient { * @param label * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@code VisibilityClient.addLabel(Connection,String)} instead. */ public static VisibilityLabelsResponse addLabel(Configuration conf, final String label) throws Throwable { - return addLabels(conf, new String[] { label }); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return addLabels(connection, new String[] { label }); + } + } + + /** + * Utility method for adding label to the system. + * + * @param connection + * @param label + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse addLabel(Connection connection, final String label) + throws Throwable { + return addLabels(connection, new String[] { label }); } /** @@ -74,43 +90,56 @@ public class VisibilityClient { * @param labels * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@code VisibilityClient.addLabels(Connection,String[])} instead. */ public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(LABELS_TABLE_NAME)) { - Batch.Call callable = - new Batch.Call() { - ServerRpcController controller = new ServerRpcController(); - BlockingRpcCallback rpcCallback = - new BlockingRpcCallback(); + return addLabels(connection, labels); + } + } - public VisibilityLabelsResponse call(VisibilityLabelsService service) - throws IOException { - VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder(); - for (String label : labels) { - if (label.length() > 0) { - VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder(); - newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label))); - builder.addVisLabel(newBuilder.build()); + /** + * Utility method for adding labels to the system. + * + * @param connection + * @param labels + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse addLabels(Connection connection, final String[] labels) + throws Throwable { + + try (Table table = connection.getTable(LABELS_TABLE_NAME)) { + Batch.Call callable = + new Batch.Call() { + ServerRpcController controller = new ServerRpcController(); + BlockingRpcCallback rpcCallback = + new BlockingRpcCallback(); + + public VisibilityLabelsResponse call(VisibilityLabelsService service) + throws IOException { + VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder(); + for (String label : labels) { + if (label.length() > 0) { + VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder(); + newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label))); + builder.addVisLabel(newBuilder.build()); + } } + service.addLabels(controller, builder.build(), rpcCallback); + VisibilityLabelsResponse response = rpcCallback.get(); + if (controller.failedOnException()) { + throw controller.getFailedOn(); + } + return response; } - service.addLabels(controller, builder.build(), rpcCallback); - VisibilityLabelsResponse response = rpcCallback.get(); - if (controller.failedOnException()) { - throw controller.getFailedOn(); - } - return response; - } - }; - Map result = + }; + Map result = table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); - return result.values().iterator().next(); // There will be exactly one region for labels - // table and so one entry in result Map. - } + return result.values().iterator().next(); // There will be exactly one region for labels + // table and so one entry in result Map. } } @@ -121,10 +150,26 @@ public class VisibilityClient { * @param user * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@code VisibilityClient.setAuths(Connection,String[])} instead. */ public static VisibilityLabelsResponse setAuths(Configuration conf, final String[] auths, final String user) throws Throwable { - return setOrClearAuths(conf, auths, user, true); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return setOrClearAuths(connection, auths, user, true); + } + } + + /** + * Sets given labels globally authorized for the user. + * @param connection + * @param auths + * @param user + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths, + final String user) throws Throwable { + return setOrClearAuths(connection, auths, user, true); } /** @@ -132,11 +177,22 @@ public class VisibilityClient { * @param user * @return labels, the given user is globally authorized for. * @throws Throwable + * @deprecated Use {@code VisibilityClient.getAuths(Connection,String)} instead. */ public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. try (Connection connection = ConnectionFactory.createConnection(conf)) { + return getAuths(connection, user); + } + } + + /** + * @param connection, the Connection instance to use. + * @param user + * @return labels, the given user is globally authorized for. + * @throws Throwable + */ + public static GetAuthsResponse getAuths(Connection connection, final String user) + throws Throwable { try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call callable = new Batch.Call() { @@ -161,7 +217,6 @@ public class VisibilityClient { return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } - } } /** @@ -170,35 +225,48 @@ public class VisibilityClient { * @param regex The regular expression to filter which labels are returned. * @return labels The list of visibility labels defined in the system. * @throws Throwable + * @deprecated Use {@code VisibilityClient.listLabels(Connection,String)} instead. */ public static ListLabelsResponse listLabels(Configuration conf, final String regex) throws Throwable { - Connection connection = null; + try(Connection connection = ConnectionFactory.createConnection(conf)){ + return listLabels(connection, regex); + } + } + + /** + * Retrieve the list of visibility labels defined in the system. + * @param connection The Connection instance to use. + * @param regex The regular expression to filter which labels are returned. + * @return labels The list of visibility labels defined in the system. + * @throws Throwable + */ + public static ListLabelsResponse listLabels(Connection connection, final String regex) + throws Throwable { Table table = null; try { - connection = ConnectionFactory.createConnection(conf); table = connection.getTable(LABELS_TABLE_NAME); Batch.Call callable = new Batch.Call() { - ServerRpcController controller = new ServerRpcController(); - BlockingRpcCallback rpcCallback = - new BlockingRpcCallback(); + ServerRpcController controller = new ServerRpcController(); + BlockingRpcCallback rpcCallback = + new BlockingRpcCallback(); - public ListLabelsResponse call(VisibilityLabelsService service) throws IOException { - ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder(); - if (regex != null) { - // Compile the regex here to catch any regex exception earlier. - Pattern pattern = Pattern.compile(regex); - listAuthLabelsReqBuilder.setRegex(pattern.toString()); - } - service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback); - ListLabelsResponse response = rpcCallback.get(); - if (controller.failedOnException()) { - throw controller.getFailedOn(); - } - return response; - } - }; + public ListLabelsResponse call(VisibilityLabelsService service) throws IOException { + ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder(); + if (regex != null) { + // Compile the regex here to catch any regex exception earlier. + Pattern pattern = Pattern.compile(regex); + listAuthLabelsReqBuilder.setRegex(pattern.toString()); + } + service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback); + ListLabelsResponse response = rpcCallback.get(); + if (controller.failedOnException()) { + throw controller.getFailedOn(); + } + return response; + } + }; Map result = table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); @@ -222,17 +290,32 @@ public class VisibilityClient { * @param user * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@code VisibilityClient.clearAuths(Connection,String[],String)} instead. */ public static VisibilityLabelsResponse clearAuths(Configuration conf, final String[] auths, final String user) throws Throwable { - return setOrClearAuths(conf, auths, user, false); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return setOrClearAuths(connection, auths, user, false); + } } - private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths, - final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { + /** + * Removes given labels from user's globally authorized list of labels. + * @param connection + * @param auths + * @param user + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths, + final String user) throws Throwable { + return setOrClearAuths(connection, auths, user, false); + } + + private static VisibilityLabelsResponse setOrClearAuths(Connection connection, + final String[] auths, final String user, final boolean setOrClear) + throws IOException, ServiceException, Throwable { + try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call callable = new Batch.Call() { @@ -266,6 +349,5 @@ public class VisibilityClient { return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } - } } -} \ No newline at end of file +} diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java index 8da811b..b942918 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java @@ -115,8 +115,8 @@ public class IntegrationTestIngestWithVisibilityLabels extends IntegrationTestIn private void addLabels() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), LABELS); - VisibilityClient.setAuths(util.getConfiguration(), LABELS, User.getCurrent().getName()); + VisibilityClient.addLabels(util.getConnection(), LABELS); + VisibilityClient.setAuths(util.getConnection(), LABELS, User.getCurrent().getName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java index b82c750..18f6f77 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java @@ -384,8 +384,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB private void addLabels() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), labels.split(COMMA)); - VisibilityClient.setAuths(util.getConfiguration(), labels.split(COMMA), USER.getName()); + VisibilityClient.addLabels(util.getConnection(), labels.split(COMMA)); + VisibilityClient.setAuths(util.getConnection(), labels.split(COMMA), USER.getName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java index 05e214b..d9559a1 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java @@ -140,10 +140,10 @@ public class IntegrationTestWithCellVisibilityLoadAndVerify extends IntegrationT private void addLabelsAndAuths() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), LABELS); - VisibilityClient.setAuths(util.getConfiguration(), new String[] { CONFIDENTIAL, TOPSECRET, + VisibilityClient.addLabels(util.getConnection(), LABELS); + VisibilityClient.setAuths(util.getConnection(), new String[] { CONFIDENTIAL, TOPSECRET, SECRET, PRIVATE }, USER1.getName()); - VisibilityClient.setAuths(util.getConfiguration(), new String[] { PUBLIC }, + VisibilityClient.setAuths(util.getConnection(), new String[] { PUBLIC }, USER2.getName()); } catch (Throwable t) { throw new IOException(t); diff --git a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java index 41c036d..831ae6a 100644 --- a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java +++ b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java @@ -24,6 +24,8 @@ import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.KeyValue; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Durability; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Table; @@ -79,6 +81,7 @@ public class TestScannersWithLabels { private final static String CONFIDENTIAL = "confidential"; private final static String SECRET = "secret"; private static User SUPERUSER; + private static Connection SUPERUSER_CONN; private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); private static final HBaseRESTTestingUtility REST_TEST_UTIL = new HBaseRESTTestingUtility(); @@ -135,6 +138,7 @@ public class TestScannersWithLabels { TEST_UTIL.startMiniCluster(1); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); createLabels(); setAuths(); REST_TEST_UTIL.startServletContainer(conf); @@ -166,7 +170,7 @@ public class TestScannersWithLabels { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } @@ -178,7 +182,8 @@ public class TestScannersWithLabels { private static void setAuths() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; try { - VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName()); + VisibilityClient.setAuths(SUPERUSER_CONN, labels, + User.getCurrent().getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java index 6754ce9..268f112 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java @@ -45,6 +45,8 @@ import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.testclassification.LargeTests; import org.apache.hadoop.hbase.testclassification.MapReduceTests; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.client.HTable; @@ -96,6 +98,7 @@ public class TestImportTSVWithVisibilityLabels implements Configurable { private final static String CONFIDENTIAL = "confidential"; private final static String SECRET = "secret"; private static User SUPERUSER; + private static Connection SUPERUSER_CONN; private static Configuration conf; @Override @@ -119,6 +122,7 @@ public class TestImportTSVWithVisibilityLabels implements Configurable { conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class, ScanLabelGenerator.class); util.startMiniCluster(); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available util.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); createLabels(); @@ -132,7 +136,7 @@ public class TestImportTSVWithVisibilityLabels implements Configurable { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); LOG.info("Added labels "); } catch (Throwable t) { LOG.error("Error in adding labels" , t); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java index 2cd5ff9..232e0dc 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java @@ -67,6 +67,7 @@ public class TestDefaultScanLabelGeneratorStack { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; public static User TESTUSER; @BeforeClass @@ -79,6 +80,7 @@ public class TestDefaultScanLabelGeneratorStack { TEST_UTIL.startMiniCluster(1); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); TESTUSER = User.createUserForTesting(conf, "test", new String[] { }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -87,8 +89,9 @@ public class TestDefaultScanLabelGeneratorStack { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName()); + VisibilityClient.addLabels(SUPERUSER_CONN, new String[] { SECRET, CONFIDENTIAL }); + VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL }, + TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java index 2fa8afd..10dd212 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java @@ -63,6 +63,7 @@ public class TestEnforcingScanLabelGenerator { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; public static User TESTUSER; @BeforeClass @@ -77,6 +78,7 @@ public class TestEnforcingScanLabelGenerator { TEST_UTIL.startMiniCluster(1); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); TESTUSER = User.createUserForTesting(conf, "test", new String[] { }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -85,8 +87,10 @@ public class TestEnforcingScanLabelGenerator { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName()); + VisibilityClient.addLabels(SUPERUSER_CONN, new String[] { SECRET, + CONFIDENTIAL }); + VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, }, + TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java index 3671386..b6fd58f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java @@ -100,6 +100,7 @@ public abstract class TestVisibilityLabels { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER, USER1; + public static Connection SUPERUSER_CONN, USER1_CONN; @AfterClass public static void tearDownAfterClass() throws Exception { @@ -414,7 +415,7 @@ public abstract class TestVisibilityLabels { public Void run() throws Exception { String[] auths = { SECRET, CONFIDENTIAL }; try { - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(SUPERUSER_CONN, auths, user); } catch (Throwable e) { } return null; @@ -440,7 +441,7 @@ public abstract class TestVisibilityLabels { public Void run() throws Exception { GetAuthsResponse authsResponse = null; try { - authsResponse = VisibilityClient.getAuths(conf, user); + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -462,9 +463,9 @@ public abstract class TestVisibilityLabels { String[] auths1 = { SECRET, CONFIDENTIAL }; GetAuthsResponse authsResponse = null; try { - VisibilityClient.setAuths(conf, auths1, user); + VisibilityClient.setAuths(SUPERUSER_CONN, auths1, user); try { - authsResponse = VisibilityClient.getAuths(conf, user); + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -503,7 +504,7 @@ public abstract class TestVisibilityLabels { String[] auths = { SECRET, CONFIDENTIAL, PRIVATE }; String user = "testUser"; try { - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(SUPERUSER_CONN, auths, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -512,7 +513,7 @@ public abstract class TestVisibilityLabels { auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL }; VisibilityLabelsResponse response = null; try { - response = VisibilityClient.clearAuths(conf, auths, user); + response = VisibilityClient.clearAuths(SUPERUSER_CONN, auths, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -541,7 +542,7 @@ public abstract class TestVisibilityLabels { GetAuthsResponse authsResponse = null; try { - authsResponse = VisibilityClient.getAuths(conf, user); + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -827,7 +828,7 @@ public abstract class TestVisibilityLabels { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT, UNICODE_VIS_TAG, UC1, UC2 }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java index 2c4955c..5edff42 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java @@ -28,6 +28,8 @@ import java.util.List; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseTestingUtility; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; import org.apache.hadoop.hbase.security.User; @@ -56,6 +58,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { private static User SUPERUSER; private static User NORMAL_USER; private static User NORMAL_USER1; + private static Connection SUPERUSER_CONN; + private static Connection NORMAL_USER_CONN; + private static Connection NORMAL_USER1_CONN; @BeforeClass public static void setupBeforeClass() throws Exception { @@ -71,6 +76,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER1 = User.createUserForTesting(conf, "user2", new String[] {}); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); + NORMAL_USER_CONN = ConnectionFactory.createConnection(conf, NORMAL_USER); + NORMAL_USER1_CONN = ConnectionFactory.createConnection(conf, NORMAL_USER1); addLabels(); } @@ -85,7 +93,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, + PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -99,7 +108,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); + return VisibilityClient.setAuths(NORMAL_USER1_CONN, new String[] { CONFIDENTIAL, + PRIVATE }, "user3"); } catch (Throwable e) { } return null; @@ -115,7 +125,7 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { new PrivilegedExceptionAction() { public GetAuthsResponse run() throws Exception { try { - return VisibilityClient.getAuths(conf, "user1"); + return VisibilityClient.getAuths(NORMAL_USER_CONN, "user1"); } catch (Throwable e) { } return null; @@ -123,8 +133,28 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { }; GetAuthsResponse authsResponse = NORMAL_USER.runAs(action1); assertTrue(authsResponse.getAuthList().isEmpty()); + + action1 = new PrivilegedExceptionAction() { + public GetAuthsResponse run() throws Exception { + try { + return VisibilityClient.getAuths(NORMAL_USER1_CONN, "user1"); + } catch (Throwable e) { + } + return null; + } + }; authsResponse = NORMAL_USER1.runAs(action1); assertTrue(authsResponse.getAuthList().isEmpty()); + + action1 = new PrivilegedExceptionAction() { + public GetAuthsResponse run() throws Exception { + try { + return VisibilityClient.getAuths(SUPERUSER_CONN, "user1"); + } catch (Throwable e) { + } + return null; + } + }; authsResponse = SUPERUSER.runAs(action1); List authsList = new ArrayList(); for (ByteString authBS : authsResponse.getAuthList()) { @@ -138,7 +168,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + return VisibilityClient.clearAuths(NORMAL_USER1_CONN, new String[] { + CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -149,6 +180,17 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { .getResult(0).getException().getName()); assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response .getResult(1).getException().getName()); + + action2 = new PrivilegedExceptionAction() { + public VisibilityLabelsResponse run() throws Exception { + try { + return VisibilityClient.clearAuths(SUPERUSER_CONN, new String[] { + CONFIDENTIAL, PRIVATE }, "user1"); + } catch (Throwable e) { + } + return null; + } + }; response = SUPERUSER.runAs(action2); assertTrue(response.getResult(0).getException().getValue().isEmpty()); assertTrue(response.getResult(1).getException().getValue().isEmpty()); @@ -162,7 +204,7 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java index bc34ce3..ab55350 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java @@ -351,7 +351,8 @@ public class TestVisibilityLabelsReplication { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, UNICODE_VIS_TAG }; try { - VisibilityClient.addLabels(conf, labels); + Connection conn = ConnectionFactory.createConnection(conf, SUPERUSER); + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } @@ -366,8 +367,9 @@ public class TestVisibilityLabelsReplication { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { SECRET, CONFIDENTIAL, PRIVATE, - TOPSECRET, UNICODE_VIS_TAG }, "user1"); + Connection conn = ConnectionFactory.createConnection(conf, SUPERUSER); + return VisibilityClient.setAuths(conn, new String[] { SECRET, + CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1"); } catch (Throwable e) { throw new Exception(e); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java index 3175fcc..99773e4 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java @@ -76,6 +76,9 @@ public class TestVisibilityLabelsWithACL { private static User SUPERUSER; private static User NORMAL_USER1; private static User NORMAL_USER2; + private static Connection NORMAL_USER1_CONN; + private static Connection SUPERUSER_CONN; + private static Connection NORMAL_USER2_CONN; @BeforeClass public static void setupBeforeClass() throws Exception { @@ -97,6 +100,10 @@ public class TestVisibilityLabelsWithACL { SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {}); + NORMAL_USER1_CONN = ConnectionFactory.createConnection(conf, NORMAL_USER1); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); + NORMAL_USER2_CONN = ConnectionFactory.createConnection(conf, NORMAL_USER2); + // Grant users EXEC privilege on the labels table. For the purposes of this // test, we want to insure that access is denied even with the ability to access // the endpoint. @@ -115,7 +122,7 @@ public class TestVisibilityLabelsWithACL { public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -144,7 +151,7 @@ public class TestVisibilityLabelsWithACL { public void testScanForSuperUserWithFewerLabelAuths() throws Throwable { String[] auths = { SECRET }; String user = "admin"; - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(SUPERUSER_CONN, auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -168,7 +175,7 @@ public class TestVisibilityLabelsWithACL { public void testGetForSuperUserWithFewerLabelAuths() throws Throwable { String[] auths = { SECRET }; String user = "admin"; - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(SUPERUSER_CONN, auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -191,8 +198,9 @@ public class TestVisibilityLabelsWithACL { public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; - VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any. - VisibilityClient.setAuths(conf, auths, "user1"); + // Removing all auths if any. + VisibilityClient.clearAuths(NORMAL_USER2_CONN, auths, user); + VisibilityClient.setAuths(NORMAL_USER2_CONN, auths, "user1"); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, @@ -220,7 +228,8 @@ public class TestVisibilityLabelsWithACL { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.addLabels(conf, new String[] { "l1", "l2" }); + return VisibilityClient.addLabels(NORMAL_USER1_CONN, + new String[] { "l1", "l2" }); } catch (Throwable e) { } return null; @@ -235,7 +244,8 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + return VisibilityClient.setAuths(NORMAL_USER1_CONN, new String[] { CONFIDENTIAL, + PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -250,7 +260,8 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, + PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -263,7 +274,8 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + return VisibilityClient.clearAuths(NORMAL_USER1_CONN, new String[] { + CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -275,16 +287,18 @@ public class TestVisibilityLabelsWithACL { assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1) .getException().getName()); - response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, + PRIVATE }, "user1"); assertTrue(response.getResult(0).getException().getValue().isEmpty()); assertTrue(response.getResult(1).getException().getValue().isEmpty()); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); + VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, + "user3"); PrivilegedExceptionAction action1 = new PrivilegedExceptionAction() { public GetAuthsResponse run() throws Exception { try { - return VisibilityClient.getAuths(conf, "user3"); + return VisibilityClient.getAuths(NORMAL_USER1_CONN, "user3"); } catch (Throwable e) { } return null; @@ -292,6 +306,16 @@ public class TestVisibilityLabelsWithACL { }; GetAuthsResponse authsResponse = NORMAL_USER1.runAs(action1); assertNull(authsResponse); + + action1 = new PrivilegedExceptionAction() { + public GetAuthsResponse run() throws Exception { + try { + return VisibilityClient.getAuths(SUPERUSER_CONN, "user3"); + } catch (Throwable e) { + } + return null; + } + }; authsResponse = SUPERUSER.runAs(action1); List authsList = new ArrayList(); for (ByteString authBS : authsResponse.getAuthList()) { @@ -328,7 +352,7 @@ public class TestVisibilityLabelsWithACL { private static void addLabels() throws IOException { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(TEST_UTIL.getConnection(), labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java index 5cc72d2..9303f63 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java @@ -26,6 +26,7 @@ import java.util.NavigableMap; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.testclassification.MediumTests; @@ -51,6 +52,7 @@ public class TestVisibilityLabelsWithCustomVisLabService extends TestVisibilityL conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java index 3297002..ec2fb30 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java @@ -32,6 +32,8 @@ import java.util.concurrent.atomic.AtomicBoolean; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.Scan; @@ -58,6 +60,8 @@ import com.google.protobuf.ByteString; public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibilityLabels { final Log LOG = LogFactory.getLog(getClass()); + static Connection SUPERUSER_CONN_DEF; + @BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration @@ -70,7 +74,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); - USER1 = User.createUserForTesting(conf, "user1", new String[] {}); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); + SUPERUSER_CONN_DEF = SUPERUSER_CONN; // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -85,7 +90,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" }; VisibilityLabelsResponse response = null; try { - response = VisibilityClient.addLabels(conf, labels); + SUPERUSER_CONN_DEF = ConnectionFactory.createConnection(conf, SUPERUSER); + response = VisibilityClient.addLabels(SUPERUSER_CONN_DEF, labels); } catch (Throwable e) { fail("Should not have thrown exception"); } @@ -124,7 +130,9 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" }; try { - VisibilityLabelsResponse resp = VisibilityClient.addLabels(conf, labels); + SUPERUSER_CONN_DEF = ConnectionFactory.createConnection(conf, SUPERUSER); + VisibilityLabelsResponse resp = VisibilityClient.addLabels(SUPERUSER_CONN_DEF, + labels); List results = resp.getResultList(); if (results.get(0).hasException()) { NameBytesPair pair = results.get(0).getException(); @@ -172,7 +180,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili public ListLabelsResponse run() throws Exception { ListLabelsResponse response = null; try { - response = VisibilityClient.listLabels(conf, null); + SUPERUSER_CONN_DEF = ConnectionFactory.createConnection(conf, SUPERUSER); + response = VisibilityClient.listLabels(SUPERUSER_CONN_DEF, null); } catch (Throwable e) { fail("Should not have thrown exception"); } @@ -202,7 +211,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili public ListLabelsResponse run() throws Exception { ListLabelsResponse response = null; try { - response = VisibilityClient.listLabels(conf, ".*secret"); + SUPERUSER_CONN_DEF = ConnectionFactory.createConnection(conf, SUPERUSER); + response = VisibilityClient.listLabels(SUPERUSER_CONN_DEF, ".*secret"); } catch (Throwable e) { fail("Should not have thrown exception"); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java index 033299b..06ee59c 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java @@ -83,6 +83,7 @@ public class TestVisibilityLabelsWithDeletes { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; @BeforeClass public static void setupBeforeClass() throws Exception { @@ -95,6 +96,7 @@ public class TestVisibilityLabelsWithDeletes { conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -1781,7 +1783,8 @@ public class TestVisibilityLabelsWithDeletes { @Override public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, + PRIVATE, SECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -1932,7 +1935,8 @@ public class TestVisibilityLabelsWithDeletes { @Override public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, + PRIVATE, SECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -2461,7 +2465,8 @@ public class TestVisibilityLabelsWithDeletes { @Override public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET, + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL, + PRIVATE, SECRET, TOPSECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -2868,7 +2873,7 @@ public class TestVisibilityLabelsWithDeletes { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDistributedLogReplay.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDistributedLogReplay.java index 8c00db4..235f7db 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDistributedLogReplay.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDistributedLogReplay.java @@ -20,6 +20,7 @@ package org.apache.hadoop.hbase.security.visibility; import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME; import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.testclassification.SecurityTests; @@ -45,6 +46,7 @@ public class TestVisibilityLabelsWithDistributedLogReplay extends conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); USER1 = User.createUserForTesting(conf, "user1", new String[] {}); // Wait for the labels table to become available diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java index 5abfecc..49a2da6 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java @@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; @@ -61,6 +63,7 @@ public class TestVisibilityLabelsWithSLGStack { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; @BeforeClass public static void setupBeforeClass() throws Exception { @@ -73,6 +76,7 @@ public class TestVisibilityLabelsWithSLGStack { conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(1); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -108,7 +112,7 @@ public class TestVisibilityLabelsWithSLGStack { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java index f0881fd..b308cff 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java @@ -75,6 +75,7 @@ public class TestVisibilityLablesWithGroups { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; public static User TESTUSER; @BeforeClass @@ -88,6 +89,7 @@ public class TestVisibilityLablesWithGroups { TEST_UTIL.startMiniCluster(1); // 'admin' has super user permission because it is part of the 'supergroup' SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); // 'test' user will inherit 'testgroup' visibility labels TESTUSER = User.createUserForTesting(conf, "test", new String[] {"testgroup" }); @@ -98,9 +100,11 @@ public class TestVisibilityLablesWithGroups { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); + VisibilityClient.addLabels(SUPERUSER_CONN, new String[] { + SECRET, CONFIDENTIAL }); // set auth for @testgroup - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup"); + VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { + CONFIDENTIAL }, "@testgroup"); } catch (Throwable t) { throw new IOException(t); } @@ -175,7 +179,7 @@ public class TestVisibilityLablesWithGroups { public Void run() throws Exception { GetAuthsResponse authsResponse = null; try { - authsResponse = VisibilityClient.getAuths(conf, "@testgroup"); + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } @@ -268,7 +272,8 @@ public class TestVisibilityLablesWithGroups { public Void run() throws Exception { VisibilityLabelsResponse response = null; try { - response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup"); + response = VisibilityClient.clearAuths(SUPERUSER_CONN, new String[] { + CONFIDENTIAL }, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } @@ -281,7 +286,7 @@ public class TestVisibilityLablesWithGroups { public Void run() throws Exception { GetAuthsResponse authsResponse = null; try { - authsResponse = VisibilityClient.getAuths(conf, "@testgroup"); + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java index 67d9c63..7f593bf 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java @@ -65,6 +65,7 @@ public class TestVisibilityWithCheckAuths { @Rule public final TestName TEST_NAME = new TestName(); public static User SUPERUSER; + public static Connection SUPERUSER_CONN; public static User USER; @BeforeClass public static void setupBeforeClass() throws Exception { @@ -78,6 +79,7 @@ public class TestVisibilityWithCheckAuths { conf.set("hbase.superuser", "admin"); TEST_UTIL.startMiniCluster(2); SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); USER = User.createUserForTesting(conf, "user", new String[]{}); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); @@ -96,7 +98,7 @@ public class TestVisibilityWithCheckAuths { public VisibilityLabelsResponse run() throws Exception { String[] labels = { TOPSECRET }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } @@ -113,7 +115,7 @@ public class TestVisibilityWithCheckAuths { @Override public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { TOPSECRET }, + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { TOPSECRET }, USER.getShortName()); } catch (Throwable e) { } @@ -159,7 +161,7 @@ public class TestVisibilityWithCheckAuths { @Override public VisibilityLabelsResponse run() throws Exception { try { - return VisibilityClient.setAuths(conf, new String[] { TOPSECRET }, + return VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { TOPSECRET }, USER.getShortName()); } catch (Throwable e) { } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java index d5e83de..d1aea2e 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java @@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; @@ -65,6 +67,7 @@ public class TestWithDisabledAuthorization { public final TestName TEST_NAME = new TestName(); private static User SUPERUSER; + private static Connection SUPERUSER_CONN; private static User USER_RW; @BeforeClass @@ -87,15 +90,16 @@ public class TestWithDisabledAuthorization { // create a set of test users SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]); // Define test labels SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.addLabels(TEST_UTIL.getConfiguration(), + VisibilityClient.addLabels(SUPERUSER_CONN, new String[] { SECRET, CONFIDENTIAL, PRIVATE }); - VisibilityClient.setAuths(TEST_UTIL.getConfiguration(), + VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { @@ -118,7 +122,7 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.setAuths(TEST_UTIL.getConfiguration(), + VisibilityClient.setAuths(SUPERUSER_CONN, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { @@ -133,7 +137,7 @@ public class TestWithDisabledAuthorization { public List run() throws Exception { GetAuthsResponse authsResponse = null; try { - authsResponse = VisibilityClient.getAuths(TEST_UTIL.getConfiguration(), + authsResponse = VisibilityClient.getAuths(SUPERUSER_CONN, USER_RW.getShortName()); } catch (Throwable t) { fail("Should not have failed"); @@ -154,7 +158,7 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(), + VisibilityClient.clearAuths(SUPERUSER_CONN, new String[] { SECRET }, USER_RW.getShortName()); } catch (Throwable t) { @@ -171,7 +175,7 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { try { - VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(), + VisibilityClient.clearAuths(SUPERUSER_CONN, new String[] { CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java index 42d1b08..c346936 100644 --- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java +++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java @@ -39,6 +39,8 @@ import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; import org.apache.hadoop.hbase.security.User; @@ -96,6 +98,7 @@ private final static String PRIVATE = "private"; private final static String CONFIDENTIAL = "confidential"; private final static String SECRET = "secret"; private static User SUPERUSER; +private static Connection SUPERUSER_CONN; private static Configuration conf; @@ -137,6 +140,7 @@ public static void beforeClass() throws Exception { UTIL.startMiniCluster(1); // Wait for the labels table to become available UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); + SUPERUSER_CONN = ConnectionFactory.createConnection(conf, SUPERUSER); createLabels(); Admin admin = UTIL.getHBaseAdmin(); HTableDescriptor tableDescriptor = new HTableDescriptor( @@ -154,7 +158,7 @@ private static void createLabels() throws IOException, InterruptedException { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(SUPERUSER_CONN, labels); } catch (Throwable t) { throw new IOException(t); } @@ -167,7 +171,7 @@ private static void createLabels() throws IOException, InterruptedException { private static void setAuths() throws IOException { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; try { - VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName()); + VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName()); } catch (Throwable t) { throw new IOException(t); } -- 2.3.2 (Apple Git-55)