From dd140d857c923dd137f662590703cc751666b26f Mon Sep 17 00:00:00 2001 From: Matt Warhaftig Date: Thu, 30 Apr 2015 20:33:04 -0400 Subject: [PATCH] HBASE-13358 - Update VisibilityClient to accept Connection objects. --- .../security/visibility/VisibilityClient.java | 210 +++++++++++++++------ .../IntegrationTestIngestWithVisibilityLabels.java | 4 +- ...IntegrationTestBigLinkedListWithVisibility.java | 4 +- ...grationTestWithCellVisibilityLoadAndVerify.java | 6 +- .../hadoop/hbase/rest/TestScannersWithLabels.java | 10 +- .../TestImportTSVWithVisibilityLabels.java | 6 +- .../TestDefaultScanLabelGeneratorStack.java | 6 +- .../TestEnforcingScanLabelGenerator.java | 6 +- .../security/visibility/TestVisibilityLabels.java | 30 +-- ...tVisibilityLabelsOpWithDifferentUsersNoACL.java | 23 ++- .../TestVisibilityLabelsReplication.java | 10 +- .../visibility/TestVisibilityLabelsWithACL.java | 43 +++-- ...VisibilityLabelsWithDefaultVisLabelService.java | 18 +- .../TestVisibilityLabelsWithDeletes.java | 18 +- .../TestVisibilityLabelsWithSLGStack.java | 6 +- .../visibility/TestVisibilityLablesWithGroups.java | 19 +- .../visibility/TestVisibilityWithCheckAuths.java | 12 +- .../visibility/TestWithDisabledAuthorization.java | 27 +-- .../TestThriftHBaseServiceHandlerWithLabels.java | 8 +- 19 files changed, 290 insertions(+), 176 deletions(-) diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java index 5ef8fad..42d5531 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java @@ -62,10 +62,27 @@ public class VisibilityClient { * @param label * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@link #addLabel(Connection,String)} instead. */ + @Deprecated public static VisibilityLabelsResponse addLabel(Configuration conf, final String label) throws Throwable { - return addLabels(conf, new String[] { label }); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return addLabels(connection, new String[] { label }); + } + } + + /** + * Utility method for adding label to the system. + * + * @param connection + * @param label + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse addLabel(Connection connection, final String label) + throws Throwable { + return addLabels(connection, new String[] { label }); } /** @@ -75,43 +92,57 @@ public class VisibilityClient { * @param labels * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@link #addLabels(Connection,String[])} instead. */ + @Deprecated public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(LABELS_TABLE_NAME)) { - Batch.Call callable = - new Batch.Call() { - ServerRpcController controller = new ServerRpcController(); - BlockingRpcCallback rpcCallback = - new BlockingRpcCallback(); + return addLabels(connection, labels); + } + } + + /** + * Utility method for adding labels to the system. + * + * @param connection + * @param labels + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse addLabels(Connection connection, final String[] labels) + throws Throwable { + + try (Table table = connection.getTable(LABELS_TABLE_NAME)) { + Batch.Call callable = + new Batch.Call() { + ServerRpcController controller = new ServerRpcController(); + BlockingRpcCallback rpcCallback = + new BlockingRpcCallback(); - public VisibilityLabelsResponse call(VisibilityLabelsService service) - throws IOException { - VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder(); - for (String label : labels) { - if (label.length() > 0) { - VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder(); - newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label))); - builder.addVisLabel(newBuilder.build()); + public VisibilityLabelsResponse call(VisibilityLabelsService service) + throws IOException { + VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder(); + for (String label : labels) { + if (label.length() > 0) { + VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder(); + newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label))); + builder.addVisLabel(newBuilder.build()); + } } + service.addLabels(controller, builder.build(), rpcCallback); + VisibilityLabelsResponse response = rpcCallback.get(); + if (controller.failedOnException()) { + throw controller.getFailedOn(); + } + return response; } - service.addLabels(controller, builder.build(), rpcCallback); - VisibilityLabelsResponse response = rpcCallback.get(); - if (controller.failedOnException()) { - throw controller.getFailedOn(); - } - return response; - } - }; - Map result = + }; + Map result = table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); - return result.values().iterator().next(); // There will be exactly one region for labels - // table and so one entry in result Map. - } + return result.values().iterator().next(); // There will be exactly one region for labels + // table and so one entry in result Map. } } @@ -122,10 +153,27 @@ public class VisibilityClient { * @param user * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@link #setAuths(Connection,String[],String)} instead. */ + @Deprecated public static VisibilityLabelsResponse setAuths(Configuration conf, final String[] auths, final String user) throws Throwable { - return setOrClearAuths(conf, auths, user, true); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return setOrClearAuths(connection, auths, user, true); + } + } + + /** + * Sets given labels globally authorized for the user. + * @param connection + * @param auths + * @param user + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths, + final String user) throws Throwable { + return setOrClearAuths(connection, auths, user, true); } /** @@ -133,11 +181,23 @@ public class VisibilityClient { * @param user * @return labels, the given user is globally authorized for. * @throws Throwable + * @deprecated Use {@link #getAuths(Connection,String)} instead. */ + @Deprecated public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. try (Connection connection = ConnectionFactory.createConnection(conf)) { + return getAuths(connection, user); + } + } + + /** + * @param connection the Connection instance to use. + * @param user + * @return labels, the given user is globally authorized for. + * @throws Throwable + */ + public static GetAuthsResponse getAuths(Connection connection, final String user) + throws Throwable { try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call callable = new Batch.Call() { @@ -162,7 +222,6 @@ public class VisibilityClient { return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } - } } /** @@ -171,35 +230,49 @@ public class VisibilityClient { * @param regex The regular expression to filter which labels are returned. * @return labels The list of visibility labels defined in the system. * @throws Throwable + * @deprecated Use {@link #listLabels(Connection,String)} instead. */ + @Deprecated public static ListLabelsResponse listLabels(Configuration conf, final String regex) throws Throwable { - Connection connection = null; + try(Connection connection = ConnectionFactory.createConnection(conf)){ + return listLabels(connection, regex); + } + } + + /** + * Retrieve the list of visibility labels defined in the system. + * @param connection The Connection instance to use. + * @param regex The regular expression to filter which labels are returned. + * @return labels The list of visibility labels defined in the system. + * @throws Throwable + */ + public static ListLabelsResponse listLabels(Connection connection, final String regex) + throws Throwable { Table table = null; try { - connection = ConnectionFactory.createConnection(conf); table = connection.getTable(LABELS_TABLE_NAME); Batch.Call callable = new Batch.Call() { - ServerRpcController controller = new ServerRpcController(); - BlockingRpcCallback rpcCallback = - new BlockingRpcCallback(); + ServerRpcController controller = new ServerRpcController(); + BlockingRpcCallback rpcCallback = + new BlockingRpcCallback(); - public ListLabelsResponse call(VisibilityLabelsService service) throws IOException { - ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder(); - if (regex != null) { - // Compile the regex here to catch any regex exception earlier. - Pattern pattern = Pattern.compile(regex); - listAuthLabelsReqBuilder.setRegex(pattern.toString()); - } - service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback); - ListLabelsResponse response = rpcCallback.get(); - if (controller.failedOnException()) { - throw controller.getFailedOn(); - } - return response; - } - }; + public ListLabelsResponse call(VisibilityLabelsService service) throws IOException { + ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder(); + if (regex != null) { + // Compile the regex here to catch any regex exception earlier. + Pattern pattern = Pattern.compile(regex); + listAuthLabelsReqBuilder.setRegex(pattern.toString()); + } + service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback); + ListLabelsResponse response = rpcCallback.get(); + if (controller.failedOnException()) { + throw controller.getFailedOn(); + } + return response; + } + }; Map result = table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); @@ -223,17 +296,33 @@ public class VisibilityClient { * @param user * @return VisibilityLabelsResponse * @throws Throwable + * @deprecated Use {@link #clearAuths(Connection,String[],String)} instead. */ + @Deprecated public static VisibilityLabelsResponse clearAuths(Configuration conf, final String[] auths, final String user) throws Throwable { - return setOrClearAuths(conf, auths, user, false); + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return setOrClearAuths(connection, auths, user, false); + } } - private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths, - final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { + /** + * Removes given labels from user's globally authorized list of labels. + * @param connection + * @param auths + * @param user + * @return VisibilityLabelsResponse + * @throws Throwable + */ + public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths, + final String user) throws Throwable { + return setOrClearAuths(connection, auths, user, false); + } + + private static VisibilityLabelsResponse setOrClearAuths(Connection connection, + final String[] auths, final String user, final boolean setOrClear) + throws IOException, ServiceException, Throwable { + try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call callable = new Batch.Call() { @@ -267,6 +356,5 @@ public class VisibilityClient { return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } - } } -} +} \ No newline at end of file diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java index 8da811b..b942918 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java @@ -115,8 +115,8 @@ public class IntegrationTestIngestWithVisibilityLabels extends IntegrationTestIn private void addLabels() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), LABELS); - VisibilityClient.setAuths(util.getConfiguration(), LABELS, User.getCurrent().getName()); + VisibilityClient.addLabels(util.getConnection(), LABELS); + VisibilityClient.setAuths(util.getConnection(), LABELS, User.getCurrent().getName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java index 5e190e5..4dd62d1 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java @@ -385,8 +385,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB private void addLabels() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), labels.split(COMMA)); - VisibilityClient.setAuths(util.getConfiguration(), labels.split(COMMA), USER.getName()); + VisibilityClient.addLabels(util.getConnection(), labels.split(COMMA)); + VisibilityClient.setAuths(util.getConnection(), labels.split(COMMA), USER.getName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java index e68cb38..4285309 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java @@ -140,10 +140,10 @@ public class IntegrationTestWithCellVisibilityLoadAndVerify extends IntegrationT private void addLabelsAndAuths() throws Exception { try { - VisibilityClient.addLabels(util.getConfiguration(), LABELS); - VisibilityClient.setAuths(util.getConfiguration(), new String[] { CONFIDENTIAL, TOPSECRET, + VisibilityClient.addLabels(util.getConnection(), LABELS); + VisibilityClient.setAuths(util.getConnection(), new String[] { CONFIDENTIAL, TOPSECRET, SECRET, PRIVATE }, USER1.getName()); - VisibilityClient.setAuths(util.getConfiguration(), new String[] { PUBLIC }, + VisibilityClient.setAuths(util.getConnection(), new String[] { PUBLIC }, USER2.getName()); } catch (Throwable t) { throw new IOException(t); diff --git a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java index 1be14f2..175b9f3 100644 --- a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java +++ b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java @@ -41,6 +41,8 @@ import org.apache.hadoop.hbase.KeyValue; import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Durability; import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Put; @@ -166,8 +168,8 @@ public class TestScannersWithLabels { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } @@ -178,8 +180,8 @@ public class TestScannersWithLabels { } private static void setAuths() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; - try { - VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName()); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java index 5aa425a..d74a103 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java @@ -44,6 +44,8 @@ import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.testclassification.LargeTests; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.client.HTable; @@ -131,8 +133,8 @@ public class TestImportTSVWithVisibilityLabels implements Configurable { @Override public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); LOG.info("Added labels "); } catch (Throwable t) { LOG.error("Error in adding labels" , t); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java index 1b3bb14..bf066b6 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java @@ -85,9 +85,9 @@ public class TestDefaultScanLabelGeneratorStack { // Set up for the test SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName()); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); + VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java index 326fda7..0252ce8 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java @@ -83,9 +83,9 @@ public class TestEnforcingScanLabelGenerator { // Set up for the test SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName()); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); + VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java index 1f9f79e..85e947b 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java @@ -412,8 +412,8 @@ public abstract class TestVisibilityLabels { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public Void run() throws Exception { String[] auths = { SECRET, CONFIDENTIAL }; - try { - VisibilityClient.setAuths(conf, auths, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, auths, user); } catch (Throwable e) { } return null; @@ -438,8 +438,8 @@ public abstract class TestVisibilityLabels { action = new PrivilegedExceptionAction() { public Void run() throws Exception { GetAuthsResponse authsResponse = null; - try { - authsResponse = VisibilityClient.getAuths(conf, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -460,10 +460,10 @@ public abstract class TestVisibilityLabels { public Void run() throws Exception { String[] auths1 = { SECRET, CONFIDENTIAL }; GetAuthsResponse authsResponse = null; - try { - VisibilityClient.setAuths(conf, auths1, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, auths1, user); try { - authsResponse = VisibilityClient.getAuths(conf, user); + authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -501,8 +501,8 @@ public abstract class TestVisibilityLabels { public Void run() throws Exception { String[] auths = { SECRET, CONFIDENTIAL, PRIVATE }; String user = "testUser"; - try { - VisibilityClient.setAuths(conf, auths, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, auths, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -510,8 +510,8 @@ public abstract class TestVisibilityLabels { // Passing a non existing auth also. auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL }; VisibilityLabelsResponse response = null; - try { - response = VisibilityClient.clearAuths(conf, auths, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + response = VisibilityClient.clearAuths(conn, auths, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -539,8 +539,8 @@ public abstract class TestVisibilityLabels { } GetAuthsResponse authsResponse = null; - try { - authsResponse = VisibilityClient.getAuths(conf, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { fail("Should not have failed"); } @@ -825,8 +825,8 @@ public abstract class TestVisibilityLabels { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT, UNICODE_VIS_TAG, UC1, UC2 }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java index c0dcf41..f213629 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java @@ -29,6 +29,8 @@ import java.util.List; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.testclassification.MediumTests; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; import org.apache.hadoop.hbase.security.User; @@ -83,8 +85,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -97,8 +99,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { // Ideally this should not be allowed. this operation should fail or do nothing. action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); } catch (Throwable e) { } return null; @@ -113,8 +115,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { PrivilegedExceptionAction action1 = new PrivilegedExceptionAction() { public GetAuthsResponse run() throws Exception { - try { - return VisibilityClient.getAuths(conf, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.getAuths(conn, "user1"); } catch (Throwable e) { } return null; @@ -136,8 +138,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { PrivilegedExceptionAction action2 = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.clearAuths(conn, new String[] { + CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -160,8 +163,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java index b3f3c1c..419ad91 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java @@ -350,8 +350,8 @@ public class TestVisibilityLabelsReplication { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, UNICODE_VIS_TAG }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } @@ -365,9 +365,9 @@ public class TestVisibilityLabelsReplication { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { SECRET, CONFIDENTIAL, PRIVATE, - TOPSECRET, UNICODE_VIS_TAG }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { SECRET, + CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1"); } catch (Throwable e) { throw new Exception(e); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java index 1d5add9..f89bd00 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java @@ -114,7 +114,7 @@ public class TestVisibilityLabelsWithACL { public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -143,7 +143,9 @@ public class TestVisibilityLabelsWithACL { public void testScanForSuperUserWithFewerLabelAuths() throws Throwable { String[] auths = { SECRET }; String user = "admin"; - VisibilityClient.setAuths(conf, auths, user); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, auths, user); + } TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -167,7 +169,7 @@ public class TestVisibilityLabelsWithACL { public void testGetForSuperUserWithFewerLabelAuths() throws Throwable { String[] auths = { SECRET }; String user = "admin"; - VisibilityClient.setAuths(conf, auths, user); + VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); @@ -190,8 +192,10 @@ public class TestVisibilityLabelsWithACL { public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; - VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any. - VisibilityClient.setAuths(conf, auths, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any. + VisibilityClient.setAuths(conn, auths, "user1"); + } TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, @@ -218,8 +222,8 @@ public class TestVisibilityLabelsWithACL { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.addLabels(conf, new String[] { "l1", "l2" }); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" }); } catch (Throwable e) { } return null; @@ -233,8 +237,8 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -248,8 +252,8 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -261,8 +265,9 @@ public class TestVisibilityLabelsWithACL { action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.clearAuths(conn, new String[] { + CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; @@ -274,16 +279,18 @@ public class TestVisibilityLabelsWithACL { assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1) .getException().getName()); - response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); + response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, + PRIVATE }, "user1"); assertTrue(response.getResult(0).getException().getValue().isEmpty()); assertTrue(response.getResult(1).getException().getValue().isEmpty()); - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); + VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, + "user3"); PrivilegedExceptionAction action1 = new PrivilegedExceptionAction() { public GetAuthsResponse run() throws Exception { - try { - return VisibilityClient.getAuths(conf, "user3"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.getAuths(conn, "user3"); } catch (Throwable e) { } return null; @@ -327,7 +334,7 @@ public class TestVisibilityLabelsWithACL { private static void addLabels() throws IOException { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE }; try { - VisibilityClient.addLabels(conf, labels); + VisibilityClient.addLabels(TEST_UTIL.getConnection(), labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java index 98c63f1..e89457e 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java @@ -33,6 +33,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.testclassification.MediumTests; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.Scan; @@ -83,8 +85,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili public VisibilityLabelsResponse run() throws Exception { String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" }; VisibilityLabelsResponse response = null; - try { - response = VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + response = VisibilityClient.addLabels(conn, labels); } catch (Throwable e) { fail("Should not have thrown exception"); } @@ -122,8 +124,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" }; - try { - VisibilityLabelsResponse resp = VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels); List results = resp.getResultList(); if (results.get(0).hasException()) { NameBytesPair pair = results.get(0).getException(); @@ -170,8 +172,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili new PrivilegedExceptionAction() { public ListLabelsResponse run() throws Exception { ListLabelsResponse response = null; - try { - response = VisibilityClient.listLabels(conf, null); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + response = VisibilityClient.listLabels(conn, null); } catch (Throwable e) { fail("Should not have thrown exception"); } @@ -200,8 +202,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili new PrivilegedExceptionAction() { public ListLabelsResponse run() throws Exception { ListLabelsResponse response = null; - try { - response = VisibilityClient.listLabels(conf, ".*secret"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + response = VisibilityClient.listLabels(conn, ".*secret"); } catch (Throwable e) { fail("Should not have thrown exception"); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java index 0430525..f7e09b8 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java @@ -1780,8 +1780,8 @@ public class TestVisibilityLabelsWithDeletes { new PrivilegedExceptionAction() { @Override public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -1931,8 +1931,9 @@ public class TestVisibilityLabelsWithDeletes { new PrivilegedExceptionAction() { @Override public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET }, + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, + PRIVATE, SECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -2460,8 +2461,9 @@ public class TestVisibilityLabelsWithDeletes { new PrivilegedExceptionAction() { @Override public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET, + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, + PRIVATE, SECRET, TOPSECRET }, SUPERUSER.getShortName()); } catch (Throwable e) { } @@ -2867,8 +2869,8 @@ public class TestVisibilityLabelsWithDeletes { @Override public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java index acf324d..c78b0eb 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java @@ -29,6 +29,8 @@ import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; @@ -106,8 +108,8 @@ public class TestVisibilityLabelsWithSLGStack { new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java index 01e1f82..5dba3dd 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java @@ -96,10 +96,10 @@ public class TestVisibilityLablesWithGroups { // Set up for the test SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL }); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); // set auth for @testgroup - VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup"); + VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup"); } catch (Throwable t) { throw new IOException(t); } @@ -173,8 +173,8 @@ public class TestVisibilityLablesWithGroups { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { GetAuthsResponse authsResponse = null; - try { - authsResponse = VisibilityClient.getAuths(conf, "@testgroup"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + authsResponse = VisibilityClient.getAuths(conn, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } @@ -266,8 +266,9 @@ public class TestVisibilityLablesWithGroups { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { VisibilityLabelsResponse response = null; - try { - response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + response = VisibilityClient.clearAuths(conn, new String[] { + CONFIDENTIAL }, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } @@ -279,8 +280,8 @@ public class TestVisibilityLablesWithGroups { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { GetAuthsResponse authsResponse = null; - try { - authsResponse = VisibilityClient.getAuths(conf, "@testgroup"); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + authsResponse = VisibilityClient.getAuths(conn, "@testgroup"); } catch (Throwable e) { fail("Should not have failed"); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java index 2b9b762..e4baae6 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java @@ -94,8 +94,8 @@ public class TestVisibilityWithCheckAuths { @Override public VisibilityLabelsResponse run() throws Exception { String[] labels = { TOPSECRET }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } @@ -111,8 +111,8 @@ public class TestVisibilityWithCheckAuths { new PrivilegedExceptionAction() { @Override public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { TOPSECRET }, + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { TOPSECRET }, USER.getShortName()); } catch (Throwable e) { } @@ -157,8 +157,8 @@ public class TestVisibilityWithCheckAuths { new PrivilegedExceptionAction() { @Override public VisibilityLabelsResponse run() throws Exception { - try { - return VisibilityClient.setAuths(conf, new String[] { TOPSECRET }, + try (Connection conn = ConnectionFactory.createConnection(conf)) { + return VisibilityClient.setAuths(conn, new String[] { TOPSECRET }, USER.getShortName()); } catch (Throwable e) { } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java index aef6088..f9538ea 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java @@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; @@ -65,10 +67,11 @@ public class TestWithDisabledAuthorization { private static User SUPERUSER; private static User USER_RW; + private static Configuration conf; @BeforeClass public static void setUpBeforeClass() throws Exception { - Configuration conf = TEST_UTIL.getConfiguration(); + conf = TEST_UTIL.getConfiguration(); // Set up superuser SecureTestUtil.configureSuperuser(conf); @@ -91,10 +94,10 @@ public class TestWithDisabledAuthorization { // Define test labels SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.addLabels(TEST_UTIL.getConfiguration(), + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL, PRIVATE }); - VisibilityClient.setAuths(TEST_UTIL.getConfiguration(), + VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { @@ -116,8 +119,8 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.setAuths(TEST_UTIL.getConfiguration(), + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { @@ -131,8 +134,8 @@ public class TestWithDisabledAuthorization { new PrivilegedExceptionAction>() { public List run() throws Exception { GetAuthsResponse authsResponse = null; - try { - authsResponse = VisibilityClient.getAuths(TEST_UTIL.getConfiguration(), + try (Connection conn = ConnectionFactory.createConnection(conf)) { + authsResponse = VisibilityClient.getAuths(conn, USER_RW.getShortName()); } catch (Throwable t) { fail("Should not have failed"); @@ -152,8 +155,8 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(), + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.clearAuths(conn, new String[] { SECRET }, USER_RW.getShortName()); } catch (Throwable t) { @@ -169,8 +172,8 @@ public class TestWithDisabledAuthorization { SUPERUSER.runAs(new PrivilegedExceptionAction() { public Void run() throws Exception { - try { - VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(), + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.clearAuths(conn, new String[] { CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java index 670df40..4326ce3 100644 --- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java +++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java @@ -40,6 +40,8 @@ import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; import org.apache.hadoop.hbase.security.User; @@ -152,8 +154,8 @@ private static void createLabels() throws IOException, InterruptedException { PrivilegedExceptionAction action = new PrivilegedExceptionAction() { public VisibilityLabelsResponse run() throws Exception { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; - try { - VisibilityClient.addLabels(conf, labels); + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); } catch (Throwable t) { throw new IOException(t); } @@ -166,7 +168,7 @@ private static void createLabels() throws IOException, InterruptedException { private static void setAuths() throws IOException { String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; try { - VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName()); + VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName()); } catch (Throwable t) { throw new IOException(t); } -- 2.3.2 (Apple Git-55)