001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security.visibility; 019 020import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME; 021import static org.junit.Assert.assertEquals; 022import static org.junit.Assert.assertFalse; 023import static org.junit.Assert.assertTrue; 024import static org.junit.Assert.fail; 025 026import com.google.protobuf.ByteString; 027import java.io.IOException; 028import java.security.PrivilegedExceptionAction; 029import java.util.ArrayList; 030import java.util.List; 031import org.apache.hadoop.conf.Configuration; 032import org.apache.hadoop.hbase.Cell; 033import org.apache.hadoop.hbase.CellScanner; 034import org.apache.hadoop.hbase.HBaseClassTestRule; 035import org.apache.hadoop.hbase.HBaseTestingUtility; 036import org.apache.hadoop.hbase.HConstants; 037import org.apache.hadoop.hbase.TableName; 038import org.apache.hadoop.hbase.client.Connection; 039import org.apache.hadoop.hbase.client.ConnectionFactory; 040import org.apache.hadoop.hbase.client.Put; 041import org.apache.hadoop.hbase.client.Result; 042import org.apache.hadoop.hbase.client.ResultScanner; 043import org.apache.hadoop.hbase.client.Scan; 044import org.apache.hadoop.hbase.client.Table; 045import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse; 046import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; 047import org.apache.hadoop.hbase.security.User; 048import org.apache.hadoop.hbase.testclassification.MediumTests; 049import org.apache.hadoop.hbase.testclassification.SecurityTests; 050import org.apache.hadoop.hbase.util.Bytes; 051import org.junit.AfterClass; 052import org.junit.BeforeClass; 053import org.junit.ClassRule; 054import org.junit.Rule; 055import org.junit.Test; 056import org.junit.experimental.categories.Category; 057import org.junit.rules.TestName; 058 059@Category({SecurityTests.class, MediumTests.class}) 060public class TestVisibilityLablesWithGroups { 061 062 @ClassRule 063 public static final HBaseClassTestRule CLASS_RULE = 064 HBaseClassTestRule.forClass(TestVisibilityLablesWithGroups.class); 065 066 public static final String CONFIDENTIAL = "confidential"; 067 private static final String SECRET = "secret"; 068 public static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); 069 private static final byte[] ROW_1 = Bytes.toBytes("row1"); 070 private final static byte[] CF = Bytes.toBytes("f"); 071 private final static byte[] Q1 = Bytes.toBytes("q1"); 072 private final static byte[] Q2 = Bytes.toBytes("q2"); 073 private final static byte[] Q3 = Bytes.toBytes("q3"); 074 private final static byte[] value1 = Bytes.toBytes("value1"); 075 private final static byte[] value2 = Bytes.toBytes("value2"); 076 private final static byte[] value3 = Bytes.toBytes("value3"); 077 public static Configuration conf; 078 079 @Rule 080 public final TestName TEST_NAME = new TestName(); 081 public static User SUPERUSER; 082 public static User TESTUSER; 083 084 @BeforeClass 085 public static void setupBeforeClass() throws Exception { 086 // setup configuration 087 conf = TEST_UTIL.getConfiguration(); 088 VisibilityTestUtil.enableVisiblityLabels(conf); 089 // Not setting any SLG class. This means to use the default behavior. 090 // Use a group as the super user. 091 conf.set("hbase.superuser", "@supergroup"); 092 TEST_UTIL.startMiniCluster(1); 093 // 'admin' has super user permission because it is part of the 'supergroup' 094 SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); 095 // 'test' user will inherit 'testgroup' visibility labels 096 TESTUSER = User.createUserForTesting(conf, "test", new String[] {"testgroup" }); 097 098 // Wait for the labels table to become available 099 TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); 100 101 // Set up for the test 102 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 103 @Override 104 public Void run() throws Exception { 105 try (Connection conn = ConnectionFactory.createConnection(conf)) { 106 VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); 107 // set auth for @testgroup 108 VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup"); 109 } catch (Throwable t) { 110 throw new IOException(t); 111 } 112 return null; 113 } 114 }); 115 } 116 117 @Test 118 public void testGroupAuths() throws Exception { 119 final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); 120 // create the table 121 TEST_UTIL.createTable(tableName, CF); 122 // put the data. 123 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 124 @Override 125 public Void run() throws Exception { 126 try (Connection connection = ConnectionFactory.createConnection(conf); 127 Table table = connection.getTable(tableName)) { 128 Put put = new Put(ROW_1); 129 put.addColumn(CF, Q1, HConstants.LATEST_TIMESTAMP, value1); 130 put.setCellVisibility(new CellVisibility(SECRET)); 131 table.put(put); 132 put = new Put(ROW_1); 133 put.addColumn(CF, Q2, HConstants.LATEST_TIMESTAMP, value2); 134 put.setCellVisibility(new CellVisibility(CONFIDENTIAL)); 135 table.put(put); 136 put = new Put(ROW_1); 137 put.addColumn(CF, Q3, HConstants.LATEST_TIMESTAMP, value3); 138 table.put(put); 139 } 140 return null; 141 } 142 }); 143 144 // 'admin' user is part of 'supergroup', thus can see all the cells. 145 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 146 @Override 147 public Void run() throws Exception { 148 try (Connection connection = ConnectionFactory.createConnection(conf); 149 Table table = connection.getTable(tableName)) { 150 Scan s = new Scan(); 151 ResultScanner scanner = table.getScanner(s); 152 Result[] next = scanner.next(1); 153 154 // Test that super user can see all the cells. 155 assertTrue(next.length == 1); 156 CellScanner cellScanner = next[0].cellScanner(); 157 cellScanner.advance(); 158 Cell current = cellScanner.current(); 159 assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), 160 current.getRowLength(), ROW_1, 0, ROW_1.length)); 161 assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), 162 current.getQualifierLength(), Q1, 0, Q1.length)); 163 assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), 164 current.getValueLength(), value1, 0, value1.length)); 165 cellScanner.advance(); 166 current = cellScanner.current(); 167 assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), 168 current.getRowLength(), ROW_1, 0, ROW_1.length)); 169 assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), 170 current.getQualifierLength(), Q2, 0, Q2.length)); 171 assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), 172 current.getValueLength(), value2, 0, value2.length)); 173 cellScanner.advance(); 174 current = cellScanner.current(); 175 assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), 176 current.getRowLength(), ROW_1, 0, ROW_1.length)); 177 assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), 178 current.getQualifierLength(), Q3, 0, Q3.length)); 179 assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), 180 current.getValueLength(), value3, 0, value3.length)); 181 } 182 return null; 183 } 184 }); 185 186 // Get testgroup's labels. 187 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 188 @Override 189 public Void run() throws Exception { 190 GetAuthsResponse authsResponse = null; 191 try (Connection conn = ConnectionFactory.createConnection(conf)) { 192 authsResponse = VisibilityClient.getAuths(conn, "@testgroup"); 193 } catch (Throwable e) { 194 fail("Should not have failed"); 195 } 196 List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size()); 197 for (ByteString authBS : authsResponse.getAuthList()) { 198 authsList.add(Bytes.toString(authBS.toByteArray())); 199 } 200 assertEquals(1, authsList.size()); 201 assertTrue(authsList.contains(CONFIDENTIAL)); 202 return null; 203 } 204 }); 205 206 // Test that test user can see what 'testgroup' has been authorized to. 207 TESTUSER.runAs(new PrivilegedExceptionAction<Void>() { 208 @Override 209 public Void run() throws Exception { 210 try (Connection connection = ConnectionFactory.createConnection(conf); 211 Table table = connection.getTable(tableName)) { 212 // Test scan with no auth attribute 213 Scan s = new Scan(); 214 ResultScanner scanner = table.getScanner(s); 215 Result[] next = scanner.next(1); 216 217 assertTrue(next.length == 1); 218 CellScanner cellScanner = next[0].cellScanner(); 219 cellScanner.advance(); 220 Cell current = cellScanner.current(); 221 // test user can see value2 (CONFIDENTIAL) and value3 (no label) 222 assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), 223 current.getRowLength(), ROW_1, 0, ROW_1.length)); 224 assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), 225 current.getQualifierLength(), Q2, 0, Q2.length)); 226 assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), 227 current.getValueLength(), value2, 0, value2.length)); 228 cellScanner.advance(); 229 current = cellScanner.current(); 230 // test user can see value2 (CONFIDENTIAL) and value3 (no label) 231 assertTrue(Bytes.equals(current.getRowArray(), current.getRowOffset(), 232 current.getRowLength(), ROW_1, 0, ROW_1.length)); 233 assertTrue(Bytes.equals(current.getQualifierArray(), current.getQualifierOffset(), 234 current.getQualifierLength(), Q3, 0, Q3.length)); 235 assertTrue(Bytes.equals(current.getValueArray(), current.getValueOffset(), 236 current.getValueLength(), value3, 0, value3.length)); 237 238 // Test scan with correct auth attribute for test user 239 Scan s1 = new Scan(); 240 // test user is entitled to 'CONFIDENTIAL'. 241 // If we set both labels in the scan, 'SECRET' will be dropped by the SLGs. 242 s1.setAuthorizations(new Authorizations(new String[] { SECRET, CONFIDENTIAL })); 243 ResultScanner scanner1 = table.getScanner(s1); 244 Result[] next1 = scanner1.next(1); 245 246 assertTrue(next1.length == 1); 247 CellScanner cellScanner1 = next1[0].cellScanner(); 248 cellScanner1.advance(); 249 Cell current1 = cellScanner1.current(); 250 // test user can see value2 (CONFIDENTIAL) and value3 (no label) 251 assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), 252 current1.getRowLength(), ROW_1, 0, ROW_1.length)); 253 assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), 254 current1.getQualifierLength(), Q2, 0, Q2.length)); 255 assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), 256 current1.getValueLength(), value2, 0, value2.length)); 257 cellScanner1.advance(); 258 current1 = cellScanner1.current(); 259 // test user can see value2 (CONFIDENTIAL) and value3 (no label) 260 assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), 261 current1.getRowLength(), ROW_1, 0, ROW_1.length)); 262 assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), 263 current1.getQualifierLength(), Q3, 0, Q3.length)); 264 assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), 265 current1.getValueLength(), value3, 0, value3.length)); 266 267 // Test scan with incorrect auth attribute for test user 268 Scan s2 = new Scan(); 269 // test user is entitled to 'CONFIDENTIAL'. 270 // If we set 'SECRET', it will be dropped by the SLGs. 271 s2.setAuthorizations(new Authorizations(new String[] { SECRET })); 272 ResultScanner scanner2 = table.getScanner(s2); 273 Result next2 = scanner2.next(); 274 CellScanner cellScanner2 = next2.cellScanner(); 275 cellScanner2.advance(); 276 Cell current2 = cellScanner2.current(); 277 // This scan will only see value3 (no label) 278 assertTrue(Bytes.equals(current2.getRowArray(), current2.getRowOffset(), 279 current2.getRowLength(), ROW_1, 0, ROW_1.length)); 280 assertTrue(Bytes.equals(current2.getQualifierArray(), current2.getQualifierOffset(), 281 current2.getQualifierLength(), Q3, 0, Q3.length)); 282 assertTrue(Bytes.equals(current2.getValueArray(), current2.getValueOffset(), 283 current2.getValueLength(), value3, 0, value3.length)); 284 285 assertFalse(cellScanner2.advance()); 286 } 287 return null; 288 } 289 }); 290 291 // Clear 'testgroup' of CONFIDENTIAL label. 292 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 293 @Override 294 public Void run() throws Exception { 295 VisibilityLabelsResponse response = null; 296 try (Connection conn = ConnectionFactory.createConnection(conf)) { 297 response = VisibilityClient.clearAuths(conn, new String[] { 298 CONFIDENTIAL }, "@testgroup"); 299 } catch (Throwable e) { 300 fail("Should not have failed"); 301 } 302 return null; 303 } 304 }); 305 306 // Get testgroup's labels. No label is returned. 307 SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { 308 @Override 309 public Void run() throws Exception { 310 GetAuthsResponse authsResponse = null; 311 try (Connection conn = ConnectionFactory.createConnection(conf)) { 312 authsResponse = VisibilityClient.getAuths(conn, "@testgroup"); 313 } catch (Throwable e) { 314 fail("Should not have failed"); 315 } 316 List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size()); 317 for (ByteString authBS : authsResponse.getAuthList()) { 318 authsList.add(Bytes.toString(authBS.toByteArray())); 319 } 320 assertEquals(0, authsList.size()); 321 return null; 322 } 323 }); 324 325 // Test that test user cannot see the cells with the labels anymore. 326 TESTUSER.runAs(new PrivilegedExceptionAction<Void>() { 327 @Override 328 public Void run() throws Exception { 329 try (Connection connection = ConnectionFactory.createConnection(conf); 330 Table table = connection.getTable(tableName)) { 331 Scan s1 = new Scan(); 332 // test user is not entitled to 'CONFIDENTIAL' anymore since we dropped 333 // testgroup's label. test user has no auth labels now. 334 // scan's labels will be dropped on the server side. 335 s1.setAuthorizations(new Authorizations(new String[] { SECRET, CONFIDENTIAL })); 336 ResultScanner scanner1 = table.getScanner(s1); 337 Result[] next1 = scanner1.next(1); 338 339 assertTrue(next1.length == 1); 340 CellScanner cellScanner1 = next1[0].cellScanner(); 341 cellScanner1.advance(); 342 Cell current1 = cellScanner1.current(); 343 // test user can only see value3 (no label) 344 assertTrue(Bytes.equals(current1.getRowArray(), current1.getRowOffset(), 345 current1.getRowLength(), ROW_1, 0, ROW_1.length)); 346 assertTrue(Bytes.equals(current1.getQualifierArray(), current1.getQualifierOffset(), 347 current1.getQualifierLength(), Q3, 0, Q3.length)); 348 assertTrue(Bytes.equals(current1.getValueArray(), current1.getValueOffset(), 349 current1.getValueLength(), value3, 0, value3.length)); 350 351 assertFalse(cellScanner1.advance()); 352 } 353 return null; 354 } 355 }); 356 357 } 358 359 @AfterClass 360 public static void tearDownAfterClass() throws Exception { 361 TEST_UTIL.shutdownMiniCluster(); 362 } 363}