Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.client;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertFalse;
022import static org.junit.Assert.assertTrue;
023import static org.junit.Assert.fail;
024
025import java.util.List;
026import org.apache.hadoop.hbase.HBaseClassTestRule;
027import org.apache.hadoop.hbase.TableName;
028import org.apache.hadoop.hbase.security.User;
029import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
030import org.apache.hadoop.hbase.security.access.Permission;
031import org.apache.hadoop.hbase.security.access.PermissionStorage;
032import org.apache.hadoop.hbase.security.access.SecureTestUtil;
033import org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction;
034import org.apache.hadoop.hbase.security.access.UserPermission;
035import org.apache.hadoop.hbase.testclassification.ClientTests;
036import org.apache.hadoop.hbase.testclassification.SmallTests;
037import org.junit.BeforeClass;
038import org.junit.ClassRule;
039import org.junit.Test;
040import org.junit.experimental.categories.Category;
041import org.junit.runner.RunWith;
042import org.junit.runners.Parameterized;
043
044import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
045
046@RunWith(Parameterized.class)
047@Category({ ClientTests.class, SmallTests.class })
048public class TestAsyncAccessControlAdminApi extends TestAsyncAdminBase {
049
050  @ClassRule
051  public static final HBaseClassTestRule CLASS_RULE =
052    HBaseClassTestRule.forClass(TestAsyncAccessControlAdminApi.class);
053
054  @BeforeClass
055  public static void setUpBeforeClass() throws Exception {
056    SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
057    TEST_UTIL.startMiniCluster(1);
058    TEST_UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME);
059    ASYNC_CONN = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
060  }
061
062  @Test
063  public void test() throws Exception {
064    TableName tableName = TableName.valueOf("test-table");
065    String userName1 = "user1";
066    String userName2 = "user2";
067    User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
068    Permission permission =
069      Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
070    UserPermission userPermission = new UserPermission(userName1, permission);
071
072    // grant user1 table permission
073    admin.grant(userPermission, false).get();
074
075    // get table permissions
076    List<UserPermission> userPermissions =
077      admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
078    assertEquals(1, userPermissions.size());
079    assertEquals(userPermission, userPermissions.get(0));
080
081    // get table permissions
082    userPermissions = admin.getUserPermissions(
083      GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build()).get();
084    assertEquals(1, userPermissions.size());
085    assertEquals(userPermission, userPermissions.get(0));
086
087    userPermissions = admin.getUserPermissions(
088      GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build()).get();
089    assertEquals(0, userPermissions.size());
090
091    // has user permission
092    List<Permission> permissions = Lists.newArrayList(permission);
093    boolean hasPermission =
094      admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
095    assertTrue(hasPermission);
096    hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
097    assertFalse(hasPermission);
098
099    AccessTestAction hasPermissionAction = new AccessTestAction() {
100      @Override
101      public Object run() throws Exception {
102        try (AsyncConnection conn =
103          ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
104          return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
105        }
106      }
107    };
108    try {
109      user2.runAs(hasPermissionAction);
110      fail("Should not come here");
111    } catch (Exception e) {
112      LOG.error("Call has permission error", e);
113    }
114
115    // check permission
116    admin.hasUserPermissions(permissions);
117    AccessTestAction checkPermissionsAction = new AccessTestAction() {
118      @Override
119      public Object run() throws Exception {
120        try (AsyncConnection conn =
121          ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
122          return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
123        }
124      }
125    };
126    assertFalse((Boolean) user2.runAs(checkPermissionsAction));
127  }
128}