Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.visibility;
019
020import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
021import static org.junit.Assert.assertArrayEquals;
022import static org.junit.Assert.assertEquals;
023import static org.junit.Assert.assertTrue;
024
025import java.io.IOException;
026import java.security.PrivilegedExceptionAction;
027import org.apache.hadoop.conf.Configuration;
028import org.apache.hadoop.hbase.Cell;
029import org.apache.hadoop.hbase.CellScanner;
030import org.apache.hadoop.hbase.CellUtil;
031import org.apache.hadoop.hbase.HBaseClassTestRule;
032import org.apache.hadoop.hbase.HBaseConfiguration;
033import org.apache.hadoop.hbase.HBaseTestingUtil;
034import org.apache.hadoop.hbase.HConstants;
035import org.apache.hadoop.hbase.Tag;
036import org.apache.hadoop.hbase.client.Admin;
037import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
038import org.apache.hadoop.hbase.client.Connection;
039import org.apache.hadoop.hbase.client.ConnectionFactory;
040import org.apache.hadoop.hbase.client.Get;
041import org.apache.hadoop.hbase.client.Result;
042import org.apache.hadoop.hbase.client.Table;
043import org.apache.hadoop.hbase.client.TableDescriptor;
044import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
045import org.apache.hadoop.hbase.codec.KeyValueCodecWithTags;
046import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
047import org.apache.hadoop.hbase.replication.ReplicationPeerConfig;
048import org.apache.hadoop.hbase.security.User;
049import org.apache.hadoop.hbase.testclassification.MediumTests;
050import org.apache.hadoop.hbase.testclassification.SecurityTests;
051import org.apache.hadoop.hbase.util.Bytes;
052import org.apache.hadoop.hbase.zookeeper.MiniZooKeeperCluster;
053import org.apache.hadoop.hbase.zookeeper.ZKWatcher;
054import org.junit.Before;
055import org.junit.ClassRule;
056import org.junit.experimental.categories.Category;
057import org.slf4j.Logger;
058import org.slf4j.LoggerFactory;
059
060@Category({ SecurityTests.class, MediumTests.class })
061public class TestVisibilityLabelReplicationWithExpAsString extends TestVisibilityLabelsReplication {
062
063  @ClassRule
064  public static final HBaseClassTestRule CLASS_RULE =
065    HBaseClassTestRule.forClass(TestVisibilityLabelReplicationWithExpAsString.class);
066
067  private static final Logger LOG =
068    LoggerFactory.getLogger(TestVisibilityLabelReplicationWithExpAsString.class);
069
070  @Override
071  @Before
072  public void setup() throws Exception {
073    expected[0] = 4;
074    expected[1] = 6;
075    expected[2] = 4;
076    expected[3] = 0;
077    expected[3] = 3;
078    expectedVisString[0] = "(\"public\"&\"secret\"&\"topsecret\")|(\"confidential\"&\"topsecret\")";
079    expectedVisString[1] = "(\"private\"&\"public\")|(\"private\"&\"topsecret\")|"
080      + "(\"confidential\"&\"public\")|(\"confidential\"&\"topsecret\")";
081    expectedVisString[2] = "(!\"topsecret\"&\"secret\")|(!\"topsecret\"&\"confidential\")";
082    expectedVisString[3] = "(\"secret\"&\"" + COPYRIGHT + "\\\"" + ACCENT + "\\\\" + SECRET + "\\\""
083      + "\u0027&\\\\" + "\")";
084    // setup configuration
085    conf = HBaseConfiguration.create();
086    conf.setInt("hfile.format.version", 3);
087    conf.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/1");
088    conf.setInt("replication.source.size.capacity", 10240);
089    conf.setLong("replication.source.sleepforretries", 100);
090    conf.setInt("hbase.regionserver.maxlogs", 10);
091    conf.setLong("hbase.master.logcleaner.ttl", 10);
092    conf.setInt("zookeeper.recovery.retry", 1);
093    conf.setInt("zookeeper.recovery.retry.intervalmill", 10);
094    conf.setLong(HConstants.THREAD_WAKE_FREQUENCY, 100);
095    conf.setInt("replication.stats.thread.period.seconds", 5);
096    conf.setBoolean("hbase.tests.use.shortcircuit.reads", false);
097    setVisibilityLabelServiceImpl(conf, ExpAsStringVisibilityLabelServiceImpl.class);
098    conf.setStrings(HConstants.REPLICATION_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getName());
099    VisibilityTestUtil.enableVisiblityLabels(conf);
100    conf.set(CoprocessorHost.REGIONSERVER_COPROCESSOR_CONF_KEY,
101      VisibilityReplication.class.getName());
102    conf.setStrings(CoprocessorHost.USER_REGION_COPROCESSOR_CONF_KEY, SimpleCP.class.getName());
103    // Have to reset conf1 in case zk cluster location different
104    // than default
105    conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class,
106      ScanLabelGenerator.class);
107    conf.set("hbase.superuser", "admin");
108    conf.set("hbase.superuser", User.getCurrent().getShortName());
109    SUPERUSER = User.createUserForTesting(conf, User.getCurrent().getShortName(),
110      new String[] { "supergroup" });
111    User.createUserForTesting(conf, User.getCurrent().getShortName(),
112      new String[] { "supergroup" });
113    USER1 = User.createUserForTesting(conf, "user1", new String[] {});
114    TEST_UTIL = new HBaseTestingUtil(conf);
115    TEST_UTIL.startMiniZKCluster();
116    MiniZooKeeperCluster miniZK = TEST_UTIL.getZkCluster();
117    zkw1 = new ZKWatcher(conf, "cluster1", null, true);
118
119    // Base conf2 on conf1 so it gets the right zk cluster.
120    conf1 = HBaseConfiguration.create(conf);
121    conf1.setInt("hfile.format.version", 3);
122    conf1.set(HConstants.ZOOKEEPER_ZNODE_PARENT, "/2");
123    conf1.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6);
124    conf1.setBoolean("hbase.tests.use.shortcircuit.reads", false);
125    conf1.setStrings(HConstants.REPLICATION_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getName());
126    conf1.setStrings(CoprocessorHost.USER_REGION_COPROCESSOR_CONF_KEY,
127      TestCoprocessorForTagsAtSink.class.getName());
128    setVisibilityLabelServiceImpl(conf1, ExpAsStringVisibilityLabelServiceImpl.class);
129    TEST_UTIL1 = new HBaseTestingUtil(conf1);
130    TEST_UTIL1.setZkCluster(miniZK);
131    zkw2 = new ZKWatcher(conf1, "cluster2", null, true);
132
133    TEST_UTIL.startMiniCluster(1);
134    // Wait for the labels table to become available
135    TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
136    TEST_UTIL1.startMiniCluster(1);
137
138    admin = TEST_UTIL.getAdmin();
139    ReplicationPeerConfig rpc =
140      ReplicationPeerConfig.newBuilder().setClusterKey(TEST_UTIL1.getRpcConnnectionURI()).build();
141    admin.addReplicationPeer("2", rpc);
142
143    TableDescriptor tableDescriptor =
144      TableDescriptorBuilder.newBuilder(TABLE_NAME).setColumnFamily(ColumnFamilyDescriptorBuilder
145        .newBuilder(fam).setScope(HConstants.REPLICATION_SCOPE_GLOBAL).build()).build();
146    try (Admin hBaseAdmin = TEST_UTIL.getAdmin()) {
147      hBaseAdmin.createTable(tableDescriptor);
148    }
149    try (Admin hBaseAdmin1 = TEST_UTIL1.getAdmin()) {
150      hBaseAdmin1.createTable(tableDescriptor);
151    }
152    addLabels();
153    setAuths(conf);
154    setAuths(conf1);
155  }
156
157  protected static void setVisibilityLabelServiceImpl(Configuration conf, Class clazz) {
158    conf.setClass(VisibilityLabelServiceManager.VISIBILITY_LABEL_SERVICE_CLASS, clazz,
159      VisibilityLabelService.class);
160  }
161
162  @Override
163  protected void verifyGet(final byte[] row, final String visString, final int expected,
164    final boolean nullExpected, final String... auths) throws IOException, InterruptedException {
165    PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {
166
167      @Override
168      public Void run() throws Exception {
169        try (Connection connection = ConnectionFactory.createConnection(conf1);
170          Table table2 = connection.getTable(TABLE_NAME)) {
171          CellScanner cellScanner;
172          Cell current;
173          Get get = new Get(row);
174          get.setAuthorizations(new Authorizations(auths));
175          Result result = table2.get(get);
176          cellScanner = result.cellScanner();
177          boolean advance = cellScanner.advance();
178          if (nullExpected) {
179            assertTrue(!advance);
180            return null;
181          }
182          current = cellScanner.current();
183          assertArrayEquals(CellUtil.cloneRow(current), row);
184          assertEquals(expected, TestCoprocessorForTagsAtSink.tags.size());
185          boolean foundNonVisTag = false;
186          for (Tag t : TestCoprocessorForTagsAtSink.tags) {
187            if (t.getType() == NON_VIS_TAG_TYPE) {
188              assertEquals(TEMP, Bytes.toString(Tag.cloneValue(t)));
189              foundNonVisTag = true;
190              break;
191            }
192          }
193          doAssert(row, visString);
194          assertTrue(foundNonVisTag);
195          return null;
196        }
197      }
198    };
199    USER1.runAs(scanAction);
200  }
201}