001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
003 * agreements. See the NOTICE file distributed with this work for additional information regarding
004 * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
005 * "License"); you may not use this file except in compliance with the License. You may obtain a
006 * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable
007 * law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
008 * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License
009 * for the specific language governing permissions and limitations under the License.
010 */
011
012package org.apache.hadoop.hbase.client;
013
014import static org.junit.Assert.assertEquals;
015import static org.junit.Assert.assertFalse;
016import static org.junit.Assert.assertTrue;
017import static org.junit.Assert.fail;
018
019import java.util.List;
020import org.apache.hadoop.hbase.HBaseClassTestRule;
021import org.apache.hadoop.hbase.TableName;
022import org.apache.hadoop.hbase.security.User;
023import org.apache.hadoop.hbase.security.access.AccessControlLists;
024import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
025import org.apache.hadoop.hbase.security.access.Permission;
026import org.apache.hadoop.hbase.security.access.SecureTestUtil;
027import org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction;
028import org.apache.hadoop.hbase.security.access.UserPermission;
029import org.apache.hadoop.hbase.testclassification.ClientTests;
030import org.apache.hadoop.hbase.testclassification.SmallTests;
031import org.junit.BeforeClass;
032import org.junit.ClassRule;
033import org.junit.Test;
034import org.junit.experimental.categories.Category;
035import org.junit.runner.RunWith;
036import org.junit.runners.Parameterized;
037import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
038
039@RunWith(Parameterized.class)
040@Category({ ClientTests.class, SmallTests.class })
041public class TestAsyncAccessControlAdminApi extends TestAsyncAdminBase {
042
043  @ClassRule
044  public static final HBaseClassTestRule CLASS_RULE =
045      HBaseClassTestRule.forClass(TestAsyncAccessControlAdminApi.class);
046
047  @BeforeClass
048  public static void setUpBeforeClass() throws Exception {
049    SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
050    TEST_UTIL.startMiniCluster(1);
051    TEST_UTIL.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME);
052    ASYNC_CONN = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
053  }
054
055  @Test
056  public void test() throws Exception {
057    TableName tableName = TableName.valueOf("test-table");
058    String userName1 = "user1";
059    String userName2 = "user2";
060    User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
061    Permission permission =
062        Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
063    UserPermission userPermission = new UserPermission(userName1, permission);
064
065    // grant user1 table permission
066    admin.grant(userPermission, false).get();
067
068    // get table permissions
069    List<UserPermission> userPermissions =
070        admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
071    assertEquals(1, userPermissions.size());
072    assertEquals(userPermission, userPermissions.get(0));
073
074    // get table permissions
075    userPermissions =
076        admin
077            .getUserPermissions(
078              GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build())
079            .get();
080    assertEquals(1, userPermissions.size());
081    assertEquals(userPermission, userPermissions.get(0));
082
083    userPermissions =
084        admin
085            .getUserPermissions(
086              GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build())
087            .get();
088    assertEquals(0, userPermissions.size());
089
090    // has user permission
091    List<Permission> permissions = Lists.newArrayList(permission);
092    boolean hasPermission =
093        admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
094    assertTrue(hasPermission);
095    hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
096    assertFalse(hasPermission);
097
098    AccessTestAction hasPermissionAction = new AccessTestAction() {
099      @Override
100      public Object run() throws Exception {
101        try (AsyncConnection conn =
102            ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
103          return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
104        }
105      }
106    };
107    try {
108      user2.runAs(hasPermissionAction);
109      fail("Should not come here");
110    } catch (Exception e) {
111      LOG.error("Call has permission error", e);
112    }
113
114    // check permission
115    admin.hasUserPermissions(permissions);
116    AccessTestAction checkPermissionsAction = new AccessTestAction() {
117      @Override
118      public Object run() throws Exception {
119        try (AsyncConnection conn =
120            ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
121          return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
122        }
123      }
124    };
125    assertFalse((Boolean) user2.runAs(checkPermissionsAction));
126  }
127}