Class TestRpcAccessChecks
java.lang.Object
org.apache.hadoop.hbase.security.access.TestRpcAccessChecks
This class tests operations in MasterRpcServices which require ADMIN access. It doesn't test all
operations which require ADMIN access, only those which get vetted within MasterRpcServices at
the point of entry itself (unlike old approach of using hooks in AccessController). Sidenote:
There is one big difference between how security tests for AccessController hooks work, and how
the tests in this class for security in MasterRpcServices work. The difference arises because of
the way AC & MasterRpcServices get the user. In AccessController, it first checks if there is an
active rpc user in ObserverContext. If not, it uses UserProvider for current user. This *might*
make sense in the context of coprocessors, because they can be called outside the context of
RPCs. But in the context of MasterRpcServices, only one way makes sense -
RPCServer.getRequestUser(). In AC tests, when we do FooUser.runAs on AccessController instance
directly, it bypasses the rpc framework completely, but works because UserProvider provides the
correct user, i.e. FooUser in this case. But this doesn't work for the tests here, so we go
around by doing complete RPCs.
-
Nested Class Summary
Modifier and TypeClassDescription(package private) static interface
static class
-
Field Summary
Modifier and TypeFieldDescriptionstatic final HBaseClassTestRule
private static org.apache.hadoop.conf.Configuration
private static final String
final org.junit.rules.TestName
private static final HBaseTestingUtility
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
private static org.apache.hadoop.hbase.security.User
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate static void
enableSecurity
(org.apache.hadoop.conf.Configuration conf) static void
setup()
void
void
void
void
void
void
void
void
void
void
void
void
void
void
private void
verifiedDeniedServiceException
(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action) private void
private void
verifyAllowed
(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action) private void
verifyDenied
(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action)
-
Field Details
-
CLASS_RULE
-
TEST_NAME
-
TEST_UTIL
-
conf
-
USER_ADMIN
-
USER_NON_ADMIN
-
USER_IN_SUPERGROUPS
-
USER_ADMIN_NOT_SUPER
-
GROUP_ADMIN
- See Also:
-
USER_GROUP_ADMIN
-
-
Constructor Details
-
TestRpcAccessChecks
public TestRpcAccessChecks()
-
-
Method Details
-
enableSecurity
- Throws:
IOException
-
setup
- Throws:
Exception
-
verifyAllowed
private void verifyAllowed(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action) throws Exception - Throws:
Exception
-
verifyDenied
private void verifyDenied(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action) throws Exception - Throws:
Exception
-
verifiedDeniedServiceException
private void verifiedDeniedServiceException(org.apache.hadoop.hbase.security.User user, TestRpcAccessChecks.Action action) throws Exception - Throws:
Exception
-
verifyAdminCheckForAction
- Throws:
Exception
-
testEnableCatalogJanitor
- Throws:
Exception
-
testRunCatalogJanitor
- Throws:
Exception
-
testCleanerChoreRunning
- Throws:
Exception
-
testRunCleanerChore
- Throws:
Exception
-
testExecProcedure
- Throws:
Exception
-
testExecService
- Throws:
Exception
-
testExecProcedureWithRet
- Throws:
Exception
-
testNormalize
- Throws:
Exception
-
testSetNormalizerRunning
- Throws:
Exception
-
testExecRegionServerService
- Throws:
Exception
-
testTableFlush
- Throws:
Exception
-
testTableFlushAndSnapshot
- Throws:
Exception
-
testGrantDeniedOnSuperUsersGroups
-
testRevokeDeniedOnSuperUsersGroups
-