Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase;
019
020import java.util.ArrayList;
021import java.util.Arrays;
022import java.util.List;
023import org.apache.commons.lang3.StringUtils;
024import org.apache.hadoop.conf.Configuration;
025import org.apache.hadoop.hbase.io.hfile.HFile;
026import org.apache.hadoop.hbase.security.User;
027import org.apache.hadoop.hbase.security.access.AccessController;
028import org.apache.hadoop.hbase.testclassification.IntegrationTests;
029import org.apache.hadoop.hbase.util.LoadTestTool;
030import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
031import org.apache.hadoop.util.ToolRunner;
032import org.junit.experimental.categories.Category;
033
034import org.apache.hbase.thirdparty.org.apache.commons.cli.CommandLine;
035
036/**
037 * /** An Integration class for tests that does something with the cluster while running
038 * {@link LoadTestTool} to write and verify some data. Verifies whether cells for users with only
039 * WRITE permissions are not read back and cells with READ permissions are read back. Every
040 * operation happens in the user's specific context
041 */
042@Category(IntegrationTests.class)
043public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
044
045  private static final char COLON = ':';
046  public static final char HYPHEN = '-';
047  private static final int SPECIAL_PERM_CELL_INSERTION_FACTOR = 100;
048  public static final String OPT_SUPERUSER = "superuser";
049  public static final String OPT_USERS = "userlist";
050  public static final String OPT_AUTHN = "authinfo";
051  private String superUser = "owner";
052  private String userNames = "user1,user2,user3,user4";
053  private String authnFileName;
054
055  @Override
056  public void setUpCluster() throws Exception {
057    util = getTestingUtil(null);
058    Configuration conf = util.getConfiguration();
059    conf.setInt(HFile.FORMAT_VERSION_KEY, 3);
060    conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
061    conf.set("hbase.coprocessor.region.classes", AccessController.class.getName());
062    conf.setBoolean("hbase.security.access.early_out", false);
063    // conf.set("hbase.superuser", "admin");
064    super.setUpCluster();
065  }
066
067  @Override
068  protected String[] getArgsForLoadTestTool(String mode, String modeSpecificArg, long startKey,
069    long numKeys) {
070    String[] args = super.getArgsForLoadTestTool(mode, modeSpecificArg, startKey, numKeys);
071    List<String> tmp = new ArrayList<>(Arrays.asList(args));
072    tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
073    StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
074    sb.append(COLON);
075    if (User.isHBaseSecurityEnabled(getConf())) {
076      sb.append(authnFileName);
077      sb.append(COLON);
078    }
079    sb.append(superUser);
080    sb.append(COLON);
081    sb.append(userNames);
082    sb.append(COLON);
083    sb.append(Integer.toString(SPECIAL_PERM_CELL_INSERTION_FACTOR));
084    tmp.add(sb.toString());
085    return tmp.toArray(new String[tmp.size()]);
086  }
087
088  @Override
089  protected void addOptions() {
090    super.addOptions();
091    super.addOptWithArg(OPT_SUPERUSER, "Super user name used to add the ACL permissions");
092    super.addOptWithArg(OPT_USERS,
093      "List of users to be added with the ACLs.  Should be comma seperated.");
094    super.addOptWithArg(OPT_AUTHN,
095      "The name of the properties file that contains"
096        + " kerberos key tab file and principal definitions. The principal key in the file"
097        + " should be of the form hbase.<username>.kerberos.principal. The keytab key in the"
098        + " file should be of the form hbase.<username>.keytab.file. Example:"
099        + "  hbase.user1.kerberos.principal=user1/fully.qualified.domain.name@YOUR-REALM.COM,"
100        + " hbase.user1.keytab.file=<filelocation>.");
101  }
102
103  @Override
104  protected void processOptions(CommandLine cmd) {
105    super.processOptions(cmd);
106    if (cmd.hasOption(OPT_SUPERUSER)) {
107      superUser = cmd.getOptionValue(OPT_SUPERUSER);
108    }
109    if (cmd.hasOption(OPT_USERS)) {
110      userNames = cmd.getOptionValue(OPT_USERS);
111    }
112    if (User.isHBaseSecurityEnabled(getConf())) {
113      boolean authFileNotFound = false;
114      if (cmd.hasOption(OPT_AUTHN)) {
115        authnFileName = cmd.getOptionValue(OPT_AUTHN);
116        if (StringUtils.isEmpty(authnFileName)) {
117          authFileNotFound = true;
118        }
119      } else {
120        authFileNotFound = true;
121      }
122      if (authFileNotFound) {
123        super.printUsage();
124        System.exit(EXIT_FAILURE);
125      }
126    }
127  }
128
129  public static void main(String[] args) throws Exception {
130    Configuration conf = HBaseConfiguration.create();
131    IntegrationTestingUtility.setUseDistributedCluster(conf);
132    int ret = ToolRunner.run(conf, new IntegrationTestIngestWithACL(), args);
133    System.exit(ret);
134  }
135}