001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.wal; 019 020import static org.junit.Assert.assertEquals; 021import static org.junit.Assert.assertFalse; 022import static org.junit.Assert.assertTrue; 023 024import java.util.Arrays; 025import java.util.List; 026import java.util.NavigableMap; 027import java.util.TreeMap; 028import org.apache.commons.io.IOUtils; 029import org.apache.hadoop.conf.Configuration; 030import org.apache.hadoop.fs.FSDataInputStream; 031import org.apache.hadoop.fs.FileSystem; 032import org.apache.hadoop.fs.Path; 033import org.apache.hadoop.hbase.Cell; 034import org.apache.hadoop.hbase.HBaseClassTestRule; 035import org.apache.hadoop.hbase.HBaseTestingUtility; 036import org.apache.hadoop.hbase.HConstants; 037import org.apache.hadoop.hbase.KeyValue; 038import org.apache.hadoop.hbase.TableName; 039import org.apache.hadoop.hbase.client.RegionInfo; 040import org.apache.hadoop.hbase.client.RegionInfoBuilder; 041import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting; 042import org.apache.hadoop.hbase.regionserver.MultiVersionConcurrencyControl; 043import org.apache.hadoop.hbase.regionserver.wal.SecureAsyncProtobufLogWriter; 044import org.apache.hadoop.hbase.regionserver.wal.SecureProtobufLogReader; 045import org.apache.hadoop.hbase.regionserver.wal.SecureProtobufLogWriter; 046import org.apache.hadoop.hbase.testclassification.MediumTests; 047import org.apache.hadoop.hbase.testclassification.RegionServerTests; 048import org.apache.hadoop.hbase.util.Bytes; 049import org.apache.hadoop.hbase.util.FSUtils; 050import org.junit.AfterClass; 051import org.junit.Before; 052import org.junit.BeforeClass; 053import org.junit.ClassRule; 054import org.junit.Rule; 055import org.junit.Test; 056import org.junit.experimental.categories.Category; 057import org.junit.rules.TestName; 058import org.junit.runner.RunWith; 059import org.junit.runners.Parameterized; 060import org.junit.runners.Parameterized.Parameter; 061import org.junit.runners.Parameterized.Parameters; 062 063@RunWith(Parameterized.class) 064@Category({ RegionServerTests.class, MediumTests.class }) 065public class TestSecureWAL { 066 067 @ClassRule 068 public static final HBaseClassTestRule CLASS_RULE = 069 HBaseClassTestRule.forClass(TestSecureWAL.class); 070 071 static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); 072 073 @Rule 074 public TestName name = new TestName(); 075 076 @Parameter 077 public String walProvider; 078 079 @Parameters(name = "{index}: provider={0}") 080 public static Iterable<Object[]> data() { 081 return Arrays.asList(new Object[] { "defaultProvider" }, new Object[] { "asyncfs" }); 082 } 083 084 @BeforeClass 085 public static void setUpBeforeClass() throws Exception { 086 Configuration conf = TEST_UTIL.getConfiguration(); 087 conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName()); 088 conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase"); 089 conf.setClass("hbase.regionserver.hlog.reader.impl", SecureProtobufLogReader.class, 090 WAL.Reader.class); 091 conf.setClass("hbase.regionserver.hlog.writer.impl", SecureProtobufLogWriter.class, 092 WALProvider.Writer.class); 093 conf.setClass("hbase.regionserver.hlog.async.writer.impl", SecureAsyncProtobufLogWriter.class, 094 WALProvider.AsyncWriter.class); 095 conf.setBoolean(HConstants.ENABLE_WAL_ENCRYPTION, true); 096 FSUtils.setRootDir(conf, TEST_UTIL.getDataTestDirOnTestFS()); 097 TEST_UTIL.startMiniDFSCluster(3); 098 } 099 100 @AfterClass 101 public static void tearDownAfterClass() throws Exception { 102 TEST_UTIL.shutdownMiniCluster(); 103 } 104 105 @Before 106 public void setUp() { 107 TEST_UTIL.getConfiguration().set(WALFactory.WAL_PROVIDER, walProvider); 108 } 109 110 @Test 111 public void testSecureWAL() throws Exception { 112 TableName tableName = TableName.valueOf(name.getMethodName().replaceAll("[^a-zA-Z0-9]", "_")); 113 NavigableMap<byte[], Integer> scopes = new TreeMap<>(Bytes.BYTES_COMPARATOR); 114 scopes.put(tableName.getName(), 0); 115 RegionInfo regionInfo = RegionInfoBuilder.newBuilder(tableName).build(); 116 final int total = 10; 117 final byte[] row = Bytes.toBytes("row"); 118 final byte[] family = Bytes.toBytes("family"); 119 final byte[] value = Bytes.toBytes("Test value"); 120 FileSystem fs = TEST_UTIL.getDFSCluster().getFileSystem(); 121 final WALFactory wals = 122 new WALFactory(TEST_UTIL.getConfiguration(), tableName.getNameAsString()); 123 124 // Write the WAL 125 final WAL wal = wals.getWAL(regionInfo); 126 127 MultiVersionConcurrencyControl mvcc = new MultiVersionConcurrencyControl(); 128 129 for (int i = 0; i < total; i++) { 130 WALEdit kvs = new WALEdit(); 131 kvs.add(new KeyValue(row, family, Bytes.toBytes(i), value)); 132 wal.append(regionInfo, new WALKeyImpl(regionInfo.getEncodedNameAsBytes(), tableName, 133 System.currentTimeMillis(), mvcc, scopes), kvs, true); 134 } 135 wal.sync(); 136 final Path walPath = AbstractFSWALProvider.getCurrentFileName(wal); 137 wals.shutdown(); 138 139 // Insure edits are not plaintext 140 long length = fs.getFileStatus(walPath).getLen(); 141 FSDataInputStream in = fs.open(walPath); 142 byte[] fileData = new byte[(int)length]; 143 IOUtils.readFully(in, fileData); 144 in.close(); 145 assertFalse("Cells appear to be plaintext", Bytes.contains(fileData, value)); 146 147 // Confirm the WAL can be read back 148 WAL.Reader reader = wals.createReader(TEST_UTIL.getTestFileSystem(), walPath); 149 int count = 0; 150 WAL.Entry entry = new WAL.Entry(); 151 while (reader.next(entry) != null) { 152 count++; 153 List<Cell> cells = entry.getEdit().getCells(); 154 assertTrue("Should be one KV per WALEdit", cells.size() == 1); 155 for (Cell cell: cells) { 156 assertTrue("Incorrect row", Bytes.equals(cell.getRowArray(), cell.getRowOffset(), 157 cell.getRowLength(), row, 0, row.length)); 158 assertTrue("Incorrect family", Bytes.equals(cell.getFamilyArray(), cell.getFamilyOffset(), 159 cell.getFamilyLength(), family, 0, family.length)); 160 assertTrue("Incorrect value", Bytes.equals(cell.getValueArray(), cell.getValueOffset(), 161 cell.getValueLength(), value, 0, value.length)); 162 } 163 } 164 assertEquals("Should have read back as many KVs as written", total, count); 165 reader.close(); 166 } 167}