Class TestAccessController
java.lang.Object
org.apache.hadoop.hbase.security.access.SecureTestUtil
org.apache.hadoop.hbase.security.access.TestAccessController
Performs authorization checks for common operations, according to different levels of authorized
users.
-
Nested Class Summary
Modifier and TypeClassDescriptionprivate class
static class
static class
static class
static class
Nested classes/interfaces inherited from class org.apache.hadoop.hbase.security.access.SecureTestUtil
SecureTestUtil.AccessTestAction, SecureTestUtil.MasterSyncObserver
-
Field Summary
Modifier and TypeFieldDescriptionprivate static org.apache.hadoop.hbase.security.access.AccessController
static final HBaseClassTestRule
private static org.apache.hadoop.conf.Configuration
private static org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment
private static final org.apache.hadoop.fs.permission.FsPermission
private static final String
private static final String
private static final String
private static final String
private static final org.slf4j.Logger
org.junit.rules.TestName
private static org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment
private static org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.client.Connection
The systemUserConnection created here is tied to the system user.private static byte[]
private static byte[]
private static byte[]
private static org.apache.hadoop.hbase.TableName
private static org.apache.hadoop.hbase.TableName
private static final HBaseTestingUtility
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate static void
cleanUp()
private void
createTestTable
(org.apache.hadoop.hbase.TableName tname) private void
createTestTable
(org.apache.hadoop.hbase.TableName tname, byte[] cf) private void
getNamespacePermissionsAndVerify
(String namespaceRegexWithoutPrefix, int expectedAmount, String expectedNamespace) List all user permissions match the given regular expression for namespace and verify each of them.private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>>
getPrivilegedAction
(String regex) private boolean
hasFoundUserPermission
(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) private boolean
hasFoundUserPermission
(org.apache.hadoop.hbase.security.access.UserPermission userPermission, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) static void
private static void
static void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
testMove()
void
void
void
void
void
void
void
testRead()
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
void
private void
validateGlobalUserACLForGetUserPermissions
(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User globalGroupUser1, org.apache.hadoop.hbase.security.User globalGroupUser2, Collection<String> superUsers, int superUserCount) private void
validateNamespaceUserACLForGetUserPermissions
(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User nSUser3, org.apache.hadoop.hbase.security.User nsGroupUser1, org.apache.hadoop.hbase.security.User nsGroupUser2, String nsPrefix, String namespace1, String namespace2) private void
validateTableACLForGetUserPermissions
(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User tableGroupUser1, org.apache.hadoop.hbase.security.User tableGroupUser2, String nsPrefix, org.apache.hadoop.hbase.TableName table1, org.apache.hadoop.hbase.TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) private void
private void
verifyGetUserPermissionResult
(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, int resultCount, byte[] cf, byte[] cq, String userName, Collection<String> superUsers) private void
global operationsprivate void
private void
private void
Methods inherited from class org.apache.hadoop.hbase.security.access.SecureTestUtil
checkGlobalPerms, checkTablePerms, checkTablePerms, configureSuperuser, convertToNamespace, createNamespace, createTable, createTable, createTable, createTable, createTable, deleteNamespace, deleteTable, deleteTable, enableSecurity, grantGlobal, grantGlobal, grantGlobalUsingAccessControlClient, grantOnNamespace, grantOnNamespace, grantOnNamespaceUsingAccessControlClient, grantOnTable, grantOnTable, grantOnTableUsingAccessControlClient, revokeFromNamespace, revokeFromNamespace, revokeFromNamespaceUsingAccessControlClient, revokeFromTable, revokeFromTable, revokeFromTableUsingAccessControlClient, revokeGlobal, revokeGlobal, revokeGlobalUsingAccessControlClient, verifyAllowed, verifyAllowed, verifyAllowed, verifyConfiguration, verifyDenied, verifyDenied, verifyIfEmptyList, verifyIfNull
-
Field Details
-
CLASS_RULE
-
FS_PERMISSION_ALL
-
LOG
-
TEST_TABLE
-
TEST_UTIL
-
conf
-
systemUserConnection
The systemUserConnection created here is tied to the system user. In case, you are planning to create AccessTestAction, DON'T use this systemUserConnection as the 'doAs' user gets eclipsed by the system user. -
SUPERUSER
-
USER_ADMIN
-
USER_RW
-
USER_RO
-
USER_OWNER
-
USER_CREATE
-
USER_NONE
-
USER_ADMIN_CF
-
GROUP_ADMIN
- See Also:
-
GROUP_CREATE
- See Also:
-
GROUP_READ
- See Also:
-
GROUP_WRITE
- See Also:
-
USER_GROUP_ADMIN
-
USER_GROUP_CREATE
-
USER_GROUP_READ
-
USER_GROUP_WRITE
-
TEST_TABLE2
-
TEST_FAMILY
-
TEST_QUALIFIER
-
TEST_ROW
-
CP_ENV
-
ACCESS_CONTROLLER
-
RSCP_ENV
-
RCP_ENV
-
name
-
-
Constructor Details
-
TestAccessController
public TestAccessController()
-
-
Method Details
-
setupBeforeClass
- Throws:
Exception
-
tearDownAfterClass
- Throws:
Exception
-
setUpTableAndUserPermissions
- Throws:
Exception
-
cleanUp
- Throws:
Exception
-
testUnauthorizedShutdown
- Throws:
Exception
-
testUnauthorizedStopMaster
- Throws:
Exception
-
testUnauthorizedSetTableStateInMeta
- Throws:
Exception
-
testUnauthorizedSetRegionStateInMeta
- Throws:
Exception
-
testUnauthorizedFixMeta
- Throws:
Exception
-
testSecurityCapabilities
- Throws:
Exception
-
testTableCreate
- Throws:
Exception
-
testTableModify
- Throws:
Exception
-
testTableDelete
- Throws:
Exception
-
testTableTruncate
- Throws:
Exception
-
testTableDisable
- Throws:
Exception
-
testTableEnable
- Throws:
Exception
-
testAbortProcedure
- Throws:
Exception
-
testGetProcedures
- Throws:
Exception
-
testGetLocks
- Throws:
Exception
-
testMove
- Throws:
Exception
-
testAssign
- Throws:
Exception
-
testUnassign
- Throws:
Exception
-
testRegionOffline
- Throws:
Exception
-
testSetSplitOrMergeEnabled
- Throws:
Exception
-
testBalance
- Throws:
Exception
-
testBalanceSwitch
- Throws:
Exception
-
testShutdown
- Throws:
Exception
-
testStopMaster
- Throws:
Exception
-
verifyWrite
- Throws:
Exception
-
testSplitWithSplitRow
- Throws:
Exception
-
testFlush
- Throws:
Exception
-
testCompact
- Throws:
Exception
-
verifyRead
- Throws:
Exception
-
verifyReadWrite
- Throws:
Exception
-
testRead
- Throws:
Exception
-
testWrite
- Throws:
Exception
-
testReadWrite
- Throws:
Exception
-
testBulkLoad
- Throws:
Exception
-
testBulkLoadWithoutWritePermission
- Throws:
Exception
-
testAppend
- Throws:
Exception
-
testGrantRevoke
- Throws:
Exception
-
testPostGrantRevoke
- Throws:
Exception
-
hasFoundUserPermission
private boolean hasFoundUserPermission(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) -
hasFoundUserPermission
private boolean hasFoundUserPermission(org.apache.hadoop.hbase.security.access.UserPermission userPermission, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) -
testPostGrantRevokeAtQualifierLevel
- Throws:
Exception
-
testPermissionList
- Throws:
Exception
-
testGlobalPermissionList
- Throws:
Exception
-
verifyGlobal
global operations- Throws:
Exception
-
testCheckPermissions
- Throws:
Exception
-
testStopRegionServer
- Throws:
Exception
-
testRollWALWriterRequest
- Throws:
Exception
-
testOpenRegion
- Throws:
Exception
-
testCloseRegion
- Throws:
Exception
-
testSnapshot
- Throws:
Exception
-
testSnapshotWithOwner
- Throws:
Exception
-
testCloneSnapshotWithOwner
- Throws:
Exception
-
testGlobalAuthorizationForNewRegisteredRS
- Throws:
Exception
-
testTableDescriptorsEnumeration
- Throws:
Exception
-
testTableNameEnumeration
- Throws:
Exception
-
testTableDeletion
- Throws:
Exception
-
createTestTable
- Throws:
Exception
-
createTestTable
- Throws:
Exception
-
testNamespaceUserGrant
- Throws:
Exception
-
testAccessControlClientGrantRevoke
- Throws:
Exception
-
testAccessControlClientGlobalGrantRevoke
- Throws:
Exception
-
testAccessControlClientMultiGrantRevoke
- Throws:
Exception
-
testAccessControlClientGrantRevokeOnNamespace
- Throws:
Exception
-
testCoprocessorExec
- Throws:
Exception
-
testSetQuota
- Throws:
Exception
-
testGetNamespacePermission
- Throws:
Exception
-
getNamespacePermissionsAndVerify
private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix, int expectedAmount, String expectedNamespace) throws org.apache.hadoop.hbase.exceptions.HBaseException List all user permissions match the given regular expression for namespace and verify each of them.- Parameters:
namespaceRegexWithoutPrefix
- the regualar expression for namespace, without NAMESPACE_PREFIXexpectedAmount
- the expected amount of user permissions returnedexpectedNamespace
- the expected namespace of each user permission returned- Throws:
org.apache.hadoop.hbase.exceptions.HBaseException
- in the case of any HBase exception when accessing hbase:acl table
-
testTruncatePerms
- Throws:
Exception
-
getPrivilegedAction
private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>> getPrivilegedAction(String regex) -
testAccessControlClientUserPerms
- Throws:
Exception
-
testAccessControllerUserPermsRegexHandling
- Throws:
Exception
-
verifyAnyCreate
- Throws:
Exception
-
testPrepareAndCleanBulkLoad
- Throws:
Exception
-
testReplicateLogEntries
- Throws:
Exception
-
testAddReplicationPeer
- Throws:
Exception
-
testRemoveReplicationPeer
- Throws:
Exception
-
testEnableReplicationPeer
- Throws:
Exception
-
testDisableReplicationPeer
- Throws:
Exception
-
testGetReplicationPeerConfig
- Throws:
Exception
-
testUpdateReplicationPeerConfig
- Throws:
Exception
-
testUpdateMasterConfiguration
- Throws:
Exception
-
testUpdateRegionServerConfiguration
- Throws:
Exception
-
testClearRegionBlockCache
- Throws:
Exception
-
testListReplicationPeers
- Throws:
Exception
-
testRemoteLocks
- Throws:
Exception
-
testAccessControlRevokeOnlyFewPermission
- Throws:
Throwable
-
testGetClusterStatus
- Throws:
Exception
-
testExecuteProcedures
- Throws:
Exception
-
testGetUserPermissions
- Throws:
Throwable
-
testHasPermission
- Throws:
Throwable
-
testSwitchRpcThrottle
- Throws:
Exception
-
testIsRpcThrottleEnabled
- Throws:
Exception
-
testSwitchExceedThrottleQuota
- Throws:
Exception
-
validateGlobalUserACLForGetUserPermissions
private void validateGlobalUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User globalGroupUser1, org.apache.hadoop.hbase.security.User globalGroupUser2, Collection<String> superUsers, int superUserCount) throws Throwable - Throws:
Throwable
-
validateNamespaceUserACLForGetUserPermissions
private void validateNamespaceUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User nSUser3, org.apache.hadoop.hbase.security.User nsGroupUser1, org.apache.hadoop.hbase.security.User nsGroupUser2, String nsPrefix, String namespace1, String namespace2) throws Throwable - Throws:
Throwable
-
validateTableACLForGetUserPermissions
private void validateTableACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User tableGroupUser1, org.apache.hadoop.hbase.security.User tableGroupUser2, String nsPrefix, org.apache.hadoop.hbase.TableName table1, org.apache.hadoop.hbase.TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) throws Throwable - Throws:
Throwable
-
verifyGetUserPermissionResult
private void verifyGetUserPermissionResult(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, int resultCount, byte[] cf, byte[] cq, String userName, Collection<String> superUsers)
-