001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.rest;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotNull;
022
023import java.io.ByteArrayInputStream;
024import java.io.IOException;
025import java.io.StringWriter;
026import java.security.PrivilegedExceptionAction;
027import java.util.ArrayList;
028import java.util.Iterator;
029import java.util.List;
030import javax.xml.bind.JAXBContext;
031import javax.xml.bind.JAXBException;
032import javax.xml.bind.Marshaller;
033import javax.xml.bind.Unmarshaller;
034import org.apache.hadoop.conf.Configuration;
035import org.apache.hadoop.hbase.CellUtil;
036import org.apache.hadoop.hbase.HBaseClassTestRule;
037import org.apache.hadoop.hbase.HBaseTestingUtility;
038import org.apache.hadoop.hbase.HColumnDescriptor;
039import org.apache.hadoop.hbase.HTableDescriptor;
040import org.apache.hadoop.hbase.TableName;
041import org.apache.hadoop.hbase.client.Admin;
042import org.apache.hadoop.hbase.client.Connection;
043import org.apache.hadoop.hbase.client.ConnectionFactory;
044import org.apache.hadoop.hbase.client.Durability;
045import org.apache.hadoop.hbase.client.Put;
046import org.apache.hadoop.hbase.client.Table;
047import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
048import org.apache.hadoop.hbase.rest.client.Client;
049import org.apache.hadoop.hbase.rest.client.Cluster;
050import org.apache.hadoop.hbase.rest.client.Response;
051import org.apache.hadoop.hbase.rest.model.CellModel;
052import org.apache.hadoop.hbase.rest.model.CellSetModel;
053import org.apache.hadoop.hbase.rest.model.RowModel;
054import org.apache.hadoop.hbase.rest.model.ScannerModel;
055import org.apache.hadoop.hbase.security.User;
056import org.apache.hadoop.hbase.security.visibility.CellVisibility;
057import org.apache.hadoop.hbase.security.visibility.ScanLabelGenerator;
058import org.apache.hadoop.hbase.security.visibility.SimpleScanLabelGenerator;
059import org.apache.hadoop.hbase.security.visibility.VisibilityClient;
060import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
061import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
062import org.apache.hadoop.hbase.security.visibility.VisibilityUtils;
063import org.apache.hadoop.hbase.testclassification.MediumTests;
064import org.apache.hadoop.hbase.testclassification.RestTests;
065import org.apache.hadoop.hbase.util.Bytes;
066import org.junit.AfterClass;
067import org.junit.BeforeClass;
068import org.junit.ClassRule;
069import org.junit.Test;
070import org.junit.experimental.categories.Category;
071
072@Category({RestTests.class, MediumTests.class})
073public class TestScannersWithLabels {
074
075  @ClassRule
076  public static final HBaseClassTestRule CLASS_RULE =
077      HBaseClassTestRule.forClass(TestScannersWithLabels.class);
078
079  private static final TableName TABLE = TableName.valueOf("TestScannersWithLabels");
080  private static final String CFA = "a";
081  private static final String CFB = "b";
082  private static final String COLUMN_1 = CFA + ":1";
083  private static final String COLUMN_2 = CFB + ":2";
084  private final static String TOPSECRET = "topsecret";
085  private final static String PUBLIC = "public";
086  private final static String PRIVATE = "private";
087  private final static String CONFIDENTIAL = "confidential";
088  private final static String SECRET = "secret";
089  private static User SUPERUSER;
090
091  private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
092  private static final HBaseRESTTestingUtility REST_TEST_UTIL = new HBaseRESTTestingUtility();
093  private static Client client;
094  private static JAXBContext context;
095  private static Marshaller marshaller;
096  private static Unmarshaller unmarshaller;
097  private static Configuration conf;
098
099  private static int insertData(TableName tableName, String column, double prob) throws IOException {
100    byte[] k = new byte[3];
101    byte[][] famAndQf = CellUtil.parseColumn(Bytes.toBytes(column));
102
103    List<Put> puts = new ArrayList<>(9);
104    for (int i = 0; i < 9; i++) {
105      Put put = new Put(Bytes.toBytes("row" + i));
106      put.setDurability(Durability.SKIP_WAL);
107      put.addColumn(famAndQf[0], famAndQf[1], k);
108      put.setCellVisibility(new CellVisibility("(" + SECRET + "|" + CONFIDENTIAL + ")" + "&" + "!"
109          + TOPSECRET));
110      puts.add(put);
111    }
112    try (Table table = TEST_UTIL.getConnection().getTable(tableName)) {
113      table.put(puts);
114    }
115    return puts.size();
116  }
117
118  private static int countCellSet(CellSetModel model) {
119    int count = 0;
120    Iterator<RowModel> rows = model.getRows().iterator();
121    while (rows.hasNext()) {
122      RowModel row = rows.next();
123      Iterator<CellModel> cells = row.getCells().iterator();
124      while (cells.hasNext()) {
125        cells.next();
126        count++;
127      }
128    }
129    return count;
130  }
131
132  @BeforeClass
133  public static void setUpBeforeClass() throws Exception {
134    SUPERUSER = User.createUserForTesting(conf, "admin",
135        new String[] { "supergroup" });
136    conf = TEST_UTIL.getConfiguration();
137    conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS,
138        SimpleScanLabelGenerator.class, ScanLabelGenerator.class);
139    conf.set("hbase.superuser", SUPERUSER.getShortName());
140    VisibilityTestUtil.enableVisiblityLabels(conf);
141    TEST_UTIL.startMiniCluster(1);
142    // Wait for the labels table to become available
143    TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000);
144    createLabels();
145    setAuths();
146    REST_TEST_UTIL.startServletContainer(conf);
147    client = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()));
148    context = JAXBContext.newInstance(CellModel.class, CellSetModel.class, RowModel.class,
149        ScannerModel.class);
150    marshaller = context.createMarshaller();
151    unmarshaller = context.createUnmarshaller();
152    Admin admin = TEST_UTIL.getAdmin();
153    if (admin.tableExists(TABLE)) {
154      return;
155    }
156    HTableDescriptor htd = new HTableDescriptor(TABLE);
157    htd.addFamily(new HColumnDescriptor(CFA));
158    htd.addFamily(new HColumnDescriptor(CFB));
159    admin.createTable(htd);
160    insertData(TABLE, COLUMN_1, 1.0);
161    insertData(TABLE, COLUMN_2, 0.5);
162  }
163
164  @AfterClass
165  public static void tearDownAfterClass() throws Exception {
166    REST_TEST_UTIL.shutdownServletContainer();
167    TEST_UTIL.shutdownMiniCluster();
168  }
169
170  private static void createLabels() throws IOException, InterruptedException {
171    PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
172      @Override
173      public VisibilityLabelsResponse run() throws Exception {
174        String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
175        try (Connection conn = ConnectionFactory.createConnection(conf)) {
176          VisibilityClient.addLabels(conn, labels);
177        } catch (Throwable t) {
178          throw new IOException(t);
179        }
180        return null;
181      }
182    };
183    SUPERUSER.runAs(action);
184  }
185  private static void setAuths() throws Exception {
186    String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
187    try (Connection conn = ConnectionFactory.createConnection(conf)) {
188      VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName());
189    } catch (Throwable t) {
190      throw new IOException(t);
191    }
192  }
193  @Test
194  public void testSimpleScannerXMLWithLabelsThatReceivesNoData() throws IOException, JAXBException {
195    final int BATCH_SIZE = 5;
196    // new scanner
197    ScannerModel model = new ScannerModel();
198    model.setBatch(BATCH_SIZE);
199    model.addColumn(Bytes.toBytes(COLUMN_1));
200    model.addLabel(PUBLIC);
201    StringWriter writer = new StringWriter();
202    marshaller.marshal(model, writer);
203    byte[] body = Bytes.toBytes(writer.toString());
204    // recall previous put operation with read-only off
205    conf.set("hbase.rest.readonly", "false");
206    Response response = client.put("/" + TABLE + "/scanner", Constants.MIMETYPE_XML, body);
207    assertEquals(201, response.getCode());
208    String scannerURI = response.getLocation();
209    assertNotNull(scannerURI);
210
211    // get a cell set
212    response = client.get(scannerURI, Constants.MIMETYPE_XML);
213    // Respond with 204 as there are no cells to be retrieved
214    assertEquals(204, response.getCode());
215    // With no content in the payload, the 'Content-Type' header is not echo back
216  }
217
218  @Test
219  public void testSimpleScannerXMLWithLabelsThatReceivesData() throws IOException, JAXBException {
220    // new scanner
221    ScannerModel model = new ScannerModel();
222    model.setBatch(5);
223    model.addColumn(Bytes.toBytes(COLUMN_1));
224    model.addLabel(SECRET);
225    StringWriter writer = new StringWriter();
226    marshaller.marshal(model, writer);
227    byte[] body = Bytes.toBytes(writer.toString());
228
229    // recall previous put operation with read-only off
230    conf.set("hbase.rest.readonly", "false");
231    Response response = client.put("/" + TABLE + "/scanner", Constants.MIMETYPE_XML, body);
232    assertEquals(201, response.getCode());
233    String scannerURI = response.getLocation();
234    assertNotNull(scannerURI);
235
236    // get a cell set
237    response = client.get(scannerURI, Constants.MIMETYPE_XML);
238    // Respond with 204 as there are no cells to be retrieved
239    assertEquals(200, response.getCode());
240    assertEquals(Constants.MIMETYPE_XML, response.getHeader("content-type"));
241    CellSetModel cellSet = (CellSetModel) unmarshaller.unmarshal(new ByteArrayInputStream(response
242        .getBody()));
243    assertEquals(5, countCellSet(cellSet));
244  }
245
246}