public class TestAccessController extends SecureTestUtil
Modifier and Type | Class and Description |
---|---|
private class |
TestAccessController.BulkLoadAccessTestAction |
static class |
TestAccessController.BulkLoadHelper |
static class |
TestAccessController.MyShellBasedUnixGroupsMapping |
static class |
TestAccessController.PingCoprocessor |
static class |
TestAccessController.TestTableDDLProcedure |
SecureTestUtil.AccessTestAction, SecureTestUtil.MasterSyncObserver
Modifier and Type | Field and Description |
---|---|
private static org.apache.hadoop.hbase.security.access.AccessController |
ACCESS_CONTROLLER |
static HBaseClassTestRule |
CLASS_RULE |
private static org.apache.hadoop.conf.Configuration |
conf |
private static org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment |
CP_ENV |
private static org.apache.hadoop.fs.permission.FsPermission |
FS_PERMISSION_ALL |
private static String |
GROUP_ADMIN |
private static String |
GROUP_CREATE |
private static String |
GROUP_READ |
private static String |
GROUP_WRITE |
private static org.slf4j.Logger |
LOG |
org.junit.rules.TestName |
name |
private static org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment |
RCP_ENV |
private static org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment |
RSCP_ENV |
private static org.apache.hadoop.hbase.security.User |
SUPERUSER |
private static org.apache.hadoop.hbase.client.Connection |
systemUserConnection
The systemUserConnection created here is tied to the system user.
|
private static byte[] |
TEST_FAMILY |
private static byte[] |
TEST_QUALIFIER |
private static byte[] |
TEST_ROW |
private static org.apache.hadoop.hbase.TableName |
TEST_TABLE |
private static org.apache.hadoop.hbase.TableName |
TEST_TABLE2 |
private static HBaseTestingUtility |
TEST_UTIL |
private static org.apache.hadoop.hbase.security.User |
USER_ADMIN |
private static org.apache.hadoop.hbase.security.User |
USER_ADMIN_CF |
private static org.apache.hadoop.hbase.security.User |
USER_CREATE |
private static org.apache.hadoop.hbase.security.User |
USER_GROUP_ADMIN |
private static org.apache.hadoop.hbase.security.User |
USER_GROUP_CREATE |
private static org.apache.hadoop.hbase.security.User |
USER_GROUP_READ |
private static org.apache.hadoop.hbase.security.User |
USER_GROUP_WRITE |
private static org.apache.hadoop.hbase.security.User |
USER_NONE |
private static org.apache.hadoop.hbase.security.User |
USER_OWNER |
private static org.apache.hadoop.hbase.security.User |
USER_RO |
private static org.apache.hadoop.hbase.security.User |
USER_RW |
Constructor and Description |
---|
TestAccessController() |
Modifier and Type | Method and Description |
---|---|
private static void |
cleanUp() |
private void |
createTestTable(org.apache.hadoop.hbase.TableName tname) |
private void |
createTestTable(org.apache.hadoop.hbase.TableName tname,
byte[] cf) |
private void |
getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix,
int expectedAmount,
String expectedNamespace)
List all user permissions match the given regular expression for namespace
and verify each of them.
|
private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>> |
getPrivilegedAction(String regex) |
private boolean |
hasFoundUserPermission(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions,
List<org.apache.hadoop.hbase.security.access.UserPermission> perms) |
private boolean |
hasFoundUserPermission(org.apache.hadoop.hbase.security.access.UserPermission userPermission,
List<org.apache.hadoop.hbase.security.access.UserPermission> perms) |
static void |
setupBeforeClass() |
private static void |
setUpTableAndUserPermissions() |
static void |
tearDownAfterClass() |
void |
testAbortProcedure() |
void |
testAccessControlClientGlobalGrantRevoke() |
void |
testAccessControlClientGrantRevoke() |
void |
testAccessControlClientGrantRevokeOnNamespace() |
void |
testAccessControlClientMultiGrantRevoke() |
void |
testAccessControlClientUserPerms() |
void |
testAccessControllerUserPermsRegexHandling() |
void |
testAccessControlRevokeOnlyFewPermission() |
void |
testAddReplicationPeer() |
void |
testAppend() |
void |
testAssign() |
void |
testBalance() |
void |
testBalanceSwitch() |
void |
testBulkLoad() |
void |
testBulkLoadWithoutWritePermission() |
void |
testCheckPermissions() |
void |
testCloseRegion() |
void |
testCompact() |
void |
testCoprocessorExec() |
void |
testDisableReplicationPeer() |
void |
testEnableReplicationPeer() |
void |
testExecuteProcedures() |
void |
testFlush() |
void |
testGetClusterStatus() |
void |
testGetLocks() |
void |
testGetNamespacePermission() |
void |
testGetProcedures() |
void |
testGetReplicationPeerConfig() |
void |
testGetUserPermissions() |
void |
testGlobalAuthorizationForNewRegisteredRS() |
void |
testGlobalPermissionList() |
void |
testGrantRevoke() |
void |
testHasPermission() |
void |
testIsRpcThrottleEnabled() |
void |
testListReplicationPeers() |
void |
testMove() |
void |
testNamespaceUserGrant() |
void |
testOpenRegion() |
void |
testPermissionList() |
void |
testPostGrantRevoke() |
void |
testPostGrantRevokeAtQualifierLevel() |
void |
testPrepareAndCleanBulkLoad() |
void |
testRead() |
void |
testReadWrite() |
void |
testRegionOffline() |
void |
testRemoteLocks() |
void |
testRemoveReplicationPeer() |
void |
testReplicateLogEntries() |
void |
testRollWALWriterRequest() |
void |
testSecurityCapabilities() |
void |
testSetQuota() |
void |
testSetSplitOrMergeEnabled() |
void |
testShutdown() |
void |
testSnapshot() |
void |
testSnapshotWithOwner() |
void |
testSplitWithSplitRow() |
void |
testStopMaster() |
void |
testStopRegionServer() |
void |
testSwitchExceedThrottleQuota() |
void |
testSwitchRpcThrottle() |
void |
testTableCreate() |
void |
testTableDelete() |
void |
testTableDeletion() |
void |
testTableDescriptorsEnumeration() |
void |
testTableDisable() |
void |
testTableEnable() |
void |
testTableModify() |
void |
testTableNameEnumeration() |
void |
testTableTruncate() |
void |
testTruncatePerms() |
void |
testUnassign() |
void |
testUnauthorizedShutdown() |
void |
testUnauthorizedStopMaster() |
void |
testUpdateReplicationPeerConfig() |
void |
testWrite() |
private void |
validateGlobalUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn,
org.apache.hadoop.hbase.security.User nSUser1,
org.apache.hadoop.hbase.security.User globalGroupUser1,
org.apache.hadoop.hbase.security.User globalGroupUser2,
Collection<String> superUsers,
int superUserCount) |
private void |
validateNamespaceUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn,
org.apache.hadoop.hbase.security.User nSUser1,
org.apache.hadoop.hbase.security.User nSUser3,
org.apache.hadoop.hbase.security.User nsGroupUser1,
org.apache.hadoop.hbase.security.User nsGroupUser2,
String nsPrefix,
String namespace1,
String namespace2) |
private void |
validateTableACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn,
org.apache.hadoop.hbase.security.User nSUser1,
org.apache.hadoop.hbase.security.User tableGroupUser1,
org.apache.hadoop.hbase.security.User tableGroupUser2,
String nsPrefix,
org.apache.hadoop.hbase.TableName table1,
org.apache.hadoop.hbase.TableName table2,
byte[] TEST_QUALIFIER2,
Collection<String> superUsers) |
private void |
verifyAnyCreate(SecureTestUtil.AccessTestAction action) |
private void |
verifyGetUserPermissionResult(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions,
int resultCount,
byte[] cf,
byte[] cq,
String userName,
Collection<String> superUsers) |
private void |
verifyGlobal(SecureTestUtil.AccessTestAction action)
global operations
|
private void |
verifyRead(SecureTestUtil.AccessTestAction action) |
private void |
verifyReadWrite(SecureTestUtil.AccessTestAction action) |
private void |
verifyWrite(SecureTestUtil.AccessTestAction action) |
checkGlobalPerms, checkTablePerms, checkTablePerms, configureSuperuser, convertToNamespace, createNamespace, createTable, createTable, createTable, createTable, createTable, deleteNamespace, deleteTable, deleteTable, enableSecurity, grantGlobal, grantGlobal, grantGlobalUsingAccessControlClient, grantOnNamespace, grantOnNamespace, grantOnNamespaceUsingAccessControlClient, grantOnTable, grantOnTable, grantOnTableUsingAccessControlClient, revokeFromNamespace, revokeFromNamespace, revokeFromNamespaceUsingAccessControlClient, revokeFromTable, revokeFromTable, revokeFromTableUsingAccessControlClient, revokeGlobal, revokeGlobal, revokeGlobalUsingAccessControlClient, verifyAllowed, verifyAllowed, verifyAllowed, verifyConfiguration, verifyDenied, verifyDenied, verifyIfEmptyList, verifyIfNull
public static final HBaseClassTestRule CLASS_RULE
private static final org.apache.hadoop.fs.permission.FsPermission FS_PERMISSION_ALL
private static final org.slf4j.Logger LOG
private static org.apache.hadoop.hbase.TableName TEST_TABLE
private static final HBaseTestingUtility TEST_UTIL
private static org.apache.hadoop.conf.Configuration conf
private static org.apache.hadoop.hbase.client.Connection systemUserConnection
private static org.apache.hadoop.hbase.security.User SUPERUSER
private static org.apache.hadoop.hbase.security.User USER_ADMIN
private static org.apache.hadoop.hbase.security.User USER_RW
private static org.apache.hadoop.hbase.security.User USER_RO
private static org.apache.hadoop.hbase.security.User USER_OWNER
private static org.apache.hadoop.hbase.security.User USER_CREATE
private static org.apache.hadoop.hbase.security.User USER_NONE
private static org.apache.hadoop.hbase.security.User USER_ADMIN_CF
private static final String GROUP_ADMIN
private static final String GROUP_CREATE
private static final String GROUP_READ
private static final String GROUP_WRITE
private static org.apache.hadoop.hbase.security.User USER_GROUP_ADMIN
private static org.apache.hadoop.hbase.security.User USER_GROUP_CREATE
private static org.apache.hadoop.hbase.security.User USER_GROUP_READ
private static org.apache.hadoop.hbase.security.User USER_GROUP_WRITE
private static org.apache.hadoop.hbase.TableName TEST_TABLE2
private static byte[] TEST_FAMILY
private static byte[] TEST_QUALIFIER
private static byte[] TEST_ROW
private static org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment CP_ENV
private static org.apache.hadoop.hbase.security.access.AccessController ACCESS_CONTROLLER
private static org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment RSCP_ENV
private static org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment RCP_ENV
public org.junit.rules.TestName name
public TestAccessController()
public static void setupBeforeClass() throws Exception
Exception
public static void tearDownAfterClass() throws Exception
Exception
private static void setUpTableAndUserPermissions() throws Exception
Exception
public void testUnauthorizedShutdown() throws Exception
Exception
public void testUnauthorizedStopMaster() throws Exception
Exception
public void testSecurityCapabilities() throws Exception
Exception
public void testTableCreate() throws Exception
Exception
public void testTableModify() throws Exception
Exception
public void testTableDelete() throws Exception
Exception
public void testTableTruncate() throws Exception
Exception
public void testTableDisable() throws Exception
Exception
public void testTableEnable() throws Exception
Exception
public void testAbortProcedure() throws Exception
Exception
public void testGetProcedures() throws Exception
Exception
public void testGetLocks() throws Exception
Exception
public void testAssign() throws Exception
Exception
public void testUnassign() throws Exception
Exception
public void testRegionOffline() throws Exception
Exception
public void testSetSplitOrMergeEnabled() throws Exception
Exception
public void testBalance() throws Exception
Exception
public void testBalanceSwitch() throws Exception
Exception
public void testShutdown() throws Exception
Exception
public void testStopMaster() throws Exception
Exception
private void verifyWrite(SecureTestUtil.AccessTestAction action) throws Exception
Exception
public void testSplitWithSplitRow() throws Exception
Exception
public void testCompact() throws Exception
Exception
private void verifyRead(SecureTestUtil.AccessTestAction action) throws Exception
Exception
private void verifyReadWrite(SecureTestUtil.AccessTestAction action) throws Exception
Exception
public void testReadWrite() throws Exception
Exception
public void testBulkLoad() throws Exception
Exception
public void testBulkLoadWithoutWritePermission() throws Exception
Exception
public void testAppend() throws Exception
Exception
public void testGrantRevoke() throws Exception
Exception
public void testPostGrantRevoke() throws Exception
Exception
private boolean hasFoundUserPermission(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, List<org.apache.hadoop.hbase.security.access.UserPermission> perms)
private boolean hasFoundUserPermission(org.apache.hadoop.hbase.security.access.UserPermission userPermission, List<org.apache.hadoop.hbase.security.access.UserPermission> perms)
public void testPostGrantRevokeAtQualifierLevel() throws Exception
Exception
public void testPermissionList() throws Exception
Exception
public void testGlobalPermissionList() throws Exception
Exception
private void verifyGlobal(SecureTestUtil.AccessTestAction action) throws Exception
Exception
public void testCheckPermissions() throws Exception
Exception
public void testStopRegionServer() throws Exception
Exception
public void testRollWALWriterRequest() throws Exception
Exception
public void testOpenRegion() throws Exception
Exception
public void testCloseRegion() throws Exception
Exception
public void testSnapshot() throws Exception
Exception
public void testSnapshotWithOwner() throws Exception
Exception
public void testGlobalAuthorizationForNewRegisteredRS() throws Exception
Exception
public void testTableDescriptorsEnumeration() throws Exception
Exception
public void testTableNameEnumeration() throws Exception
Exception
public void testTableDeletion() throws Exception
Exception
private void createTestTable(org.apache.hadoop.hbase.TableName tname) throws Exception
Exception
private void createTestTable(org.apache.hadoop.hbase.TableName tname, byte[] cf) throws Exception
Exception
public void testNamespaceUserGrant() throws Exception
Exception
public void testAccessControlClientGrantRevoke() throws Exception
Exception
public void testAccessControlClientGlobalGrantRevoke() throws Exception
Exception
public void testAccessControlClientMultiGrantRevoke() throws Exception
Exception
public void testAccessControlClientGrantRevokeOnNamespace() throws Exception
Exception
public void testCoprocessorExec() throws Exception
Exception
public void testSetQuota() throws Exception
Exception
public void testGetNamespacePermission() throws Exception
Exception
private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix, int expectedAmount, String expectedNamespace) throws org.apache.hadoop.hbase.exceptions.HBaseException
namespaceRegexWithoutPrefix
- the regualar expression for namespace, without NAMESPACE_PREFIXexpectedAmount
- the expected amount of user permissions returnedexpectedNamespace
- the expected namespace of each user permission returnedorg.apache.hadoop.hbase.exceptions.HBaseException
- in the case of any HBase exception when accessing hbase:acl tablepublic void testTruncatePerms() throws Exception
Exception
private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>> getPrivilegedAction(String regex)
public void testAccessControlClientUserPerms() throws Exception
Exception
public void testAccessControllerUserPermsRegexHandling() throws Exception
Exception
private void verifyAnyCreate(SecureTestUtil.AccessTestAction action) throws Exception
Exception
public void testPrepareAndCleanBulkLoad() throws Exception
Exception
public void testReplicateLogEntries() throws Exception
Exception
public void testAddReplicationPeer() throws Exception
Exception
public void testRemoveReplicationPeer() throws Exception
Exception
public void testEnableReplicationPeer() throws Exception
Exception
public void testDisableReplicationPeer() throws Exception
Exception
public void testGetReplicationPeerConfig() throws Exception
Exception
public void testUpdateReplicationPeerConfig() throws Exception
Exception
public void testListReplicationPeers() throws Exception
Exception
public void testRemoteLocks() throws Exception
Exception
public void testAccessControlRevokeOnlyFewPermission() throws Throwable
Throwable
public void testGetClusterStatus() throws Exception
Exception
public void testExecuteProcedures() throws Exception
Exception
public void testGetUserPermissions() throws Throwable
Throwable
public void testHasPermission() throws Throwable
Throwable
public void testSwitchRpcThrottle() throws Exception
Exception
public void testIsRpcThrottleEnabled() throws Exception
Exception
public void testSwitchExceedThrottleQuota() throws Exception
Exception
private void validateGlobalUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User globalGroupUser1, org.apache.hadoop.hbase.security.User globalGroupUser2, Collection<String> superUsers, int superUserCount) throws Throwable
Throwable
private void validateNamespaceUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User nSUser3, org.apache.hadoop.hbase.security.User nsGroupUser1, org.apache.hadoop.hbase.security.User nsGroupUser2, String nsPrefix, String namespace1, String namespace2) throws Throwable
Throwable
private void validateTableACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User tableGroupUser1, org.apache.hadoop.hbase.security.User tableGroupUser2, String nsPrefix, org.apache.hadoop.hbase.TableName table1, org.apache.hadoop.hbase.TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) throws Throwable
Throwable
private void verifyGetUserPermissionResult(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, int resultCount, byte[] cf, byte[] cq, String userName, Collection<String> superUsers)
Copyright © 2007–2021 The Apache Software Foundation. All rights reserved.