Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase;
019
020import java.util.ArrayList;
021import java.util.Arrays;
022import java.util.List;
023
024import org.apache.commons.lang3.StringUtils;
025import org.apache.hadoop.conf.Configuration;
026import org.apache.hadoop.hbase.io.hfile.HFile;
027import org.apache.hadoop.hbase.security.User;
028import org.apache.hadoop.hbase.security.access.AccessController;
029import org.apache.hadoop.hbase.testclassification.IntegrationTests;
030import org.apache.hadoop.hbase.util.LoadTestTool;
031import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
032import org.apache.hadoop.util.ToolRunner;
033import org.junit.experimental.categories.Category;
034
035import org.apache.hbase.thirdparty.org.apache.commons.cli.CommandLine;
036
037/**
038 * /**
039 * An Integration class for tests that does something with the cluster while running
040 * {@link LoadTestTool} to write and verify some data.
041 * Verifies whether cells for users with only WRITE permissions are not read back
042 * and cells with READ permissions are read back. 
043 * Every operation happens in the user's specific context
044 */
045@Category(IntegrationTests.class)
046public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
047
048  private static final char COLON = ':';
049  public static final char HYPHEN = '-';
050  private static final int SPECIAL_PERM_CELL_INSERTION_FACTOR = 100;
051  public static final String OPT_SUPERUSER = "superuser";
052  public static final String OPT_USERS = "userlist";
053  public static final String OPT_AUTHN = "authinfo";
054  private String superUser = "owner";
055  private String userNames = "user1,user2,user3,user4"; 
056  private String authnFileName;
057  @Override
058  public void setUpCluster() throws Exception {
059    util = getTestingUtil(null);
060    Configuration conf = util.getConfiguration();
061    conf.setInt(HFile.FORMAT_VERSION_KEY, 3);
062    conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
063    conf.set("hbase.coprocessor.region.classes", AccessController.class.getName());
064    conf.setBoolean("hbase.security.access.early_out", false);
065    // conf.set("hbase.superuser", "admin");
066    super.setUpCluster();
067  }
068
069  @Override
070  protected String[] getArgsForLoadTestTool(String mode, String modeSpecificArg, long startKey,
071      long numKeys) {
072    String[] args = super.getArgsForLoadTestTool(mode, modeSpecificArg, startKey, numKeys);
073    List<String> tmp = new ArrayList<>(Arrays.asList(args));
074    tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
075    StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
076    sb.append(COLON);
077    if (User.isHBaseSecurityEnabled(getConf())) {
078      sb.append(authnFileName);
079      sb.append(COLON);
080    }
081    sb.append(superUser);
082    sb.append(COLON);
083    sb.append(userNames);
084    sb.append(COLON);
085    sb.append(Integer.toString(SPECIAL_PERM_CELL_INSERTION_FACTOR));
086    tmp.add(sb.toString());
087    return tmp.toArray(new String[tmp.size()]);
088  }
089  @Override
090  protected void addOptions() {
091    super.addOptions();
092    super.addOptWithArg(OPT_SUPERUSER,
093        "Super user name used to add the ACL permissions");
094    super.addOptWithArg(OPT_USERS,
095      "List of users to be added with the ACLs.  Should be comma seperated.");
096    super
097        .addOptWithArg(
098          OPT_AUTHN,
099          "The name of the properties file that contains kerberos key tab file and principal definitions. " +
100          "The principal key in the file should be of the form hbase.<username>.kerberos.principal." +
101          " The keytab key in the file should be of the form hbase.<username>.keytab.file. Example:  " +
102          "hbase.user1.kerberos.principal=user1/fully.qualified.domain.name@YOUR-REALM.COM, " +
103          "hbase.user1.keytab.file=<filelocation>.");
104  }
105
106  @Override
107  protected void processOptions(CommandLine cmd) {
108    super.processOptions(cmd);
109    if (cmd.hasOption(OPT_SUPERUSER)) {
110      superUser = cmd.getOptionValue(OPT_SUPERUSER);
111    }
112    if (cmd.hasOption(OPT_USERS)) {
113      userNames = cmd.getOptionValue(OPT_USERS);
114    }
115    if (User.isHBaseSecurityEnabled(getConf())) {
116      boolean authFileNotFound = false;
117      if (cmd.hasOption(OPT_AUTHN)) {
118        authnFileName = cmd.getOptionValue(OPT_AUTHN);
119        if (StringUtils.isEmpty(authnFileName)) {
120          authFileNotFound = true;
121        }
122      } else {
123        authFileNotFound = true;
124      }
125      if (authFileNotFound) {
126        super.printUsage();
127        System.exit(EXIT_FAILURE);
128      }
129    }
130  }
131
132  public static void main(String[] args) throws Exception {
133    Configuration conf = HBaseConfiguration.create();
134    IntegrationTestingUtility.setUseDistributedCluster(conf);
135    int ret = ToolRunner.run(conf, new IntegrationTestIngestWithACL(), args);
136    System.exit(ret);
137  }
138}