001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.access;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertTrue;
022import static org.junit.Assert.fail;
023
024import org.apache.hadoop.hbase.HBaseClassTestRule;
025import org.apache.hadoop.hbase.TableName;
026import org.apache.hadoop.hbase.security.access.Permission.Action;
027import org.apache.hadoop.hbase.testclassification.SecurityTests;
028import org.apache.hadoop.hbase.testclassification.SmallTests;
029import org.apache.hadoop.hbase.util.Bytes;
030import org.junit.ClassRule;
031import org.junit.Test;
032import org.junit.experimental.categories.Category;
033
034@Category({ SecurityTests.class, SmallTests.class })
035public class TestPermissionBuilder {
036
037  @ClassRule
038  public static final HBaseClassTestRule CLASS_RULE =
039    HBaseClassTestRule.forClass(TestPermissionBuilder.class);
040
041  @Test
042  public void testBuildGlobalPermission() {
043    // check global permission with empty action
044    Permission permission = Permission.newBuilder().build();
045    assertTrue(permission instanceof GlobalPermission);
046    assertEquals(0, permission.getActions().length);
047
048    // check global permission with ADMIN action
049    permission = Permission.newBuilder().withActionCodes(Bytes.toBytes("A")).build();
050    assertTrue(permission instanceof GlobalPermission);
051    assertEquals(1, permission.getActions().length);
052    assertTrue(permission.getActions()[0] == Action.ADMIN);
053
054    byte[] qualifier = Bytes.toBytes("q");
055    try {
056      permission = Permission.newBuilder().withQualifier(qualifier)
057        .withActions(Action.CREATE, Action.READ).build();
058      fail("Should throw NPE");
059    } catch (NullPointerException e) {
060      // catch NPE because set qualifier but table name is null
061    }
062
063    permission = Permission.newBuilder().withActionCodes(Bytes.toBytes("ACP"))
064      .withActions(Action.READ, Action.ADMIN).build();
065    assertEquals(3, permission.getActions().length);
066    assertEquals(Action.READ, permission.getActions()[0]);
067    assertEquals(Action.CREATE, permission.getActions()[1]);
068    assertEquals(Action.ADMIN, permission.getActions()[2]);
069  }
070
071  @Test
072  public void testBuildNamespacePermission() {
073    String namespace = "ns";
074    // check namespace permission with CREATE and READ actions
075    Permission permission =
076      Permission.newBuilder(namespace).withActions(Action.CREATE, Action.READ).build();
077    assertTrue(permission instanceof NamespacePermission);
078    NamespacePermission namespacePermission = (NamespacePermission) permission;
079    assertEquals(namespace, namespacePermission.getNamespace());
080    assertEquals(2, permission.getActions().length);
081    assertEquals(Action.READ, permission.getActions()[0]);
082    assertEquals(Action.CREATE, permission.getActions()[1]);
083
084    byte[] family = Bytes.toBytes("f");
085    try {
086      permission = Permission.newBuilder(namespace).withFamily(family)
087        .withActions(Action.CREATE, Action.READ).build();
088      fail("Should throw NPE");
089    } catch (NullPointerException e) {
090      // catch NPE because set family but table name is null
091    }
092  }
093
094  @Test
095  public void testBuildTablePermission() {
096    TableName tableName = TableName.valueOf("ns", "table");
097    byte[] family = Bytes.toBytes("f");
098    byte[] qualifier = Bytes.toBytes("q");
099    // check table permission without family or qualifier
100    Permission permission =
101      Permission.newBuilder(tableName).withActions(Action.WRITE, Action.READ).build();
102    assertTrue(permission instanceof TablePermission);
103    assertEquals(2, permission.getActions().length);
104    assertEquals(Action.READ, permission.getActions()[0]);
105    assertEquals(Action.WRITE, permission.getActions()[1]);
106    TablePermission tPerm = (TablePermission) permission;
107    assertEquals(tableName, tPerm.getTableName());
108    assertEquals(null, tPerm.getFamily());
109    assertEquals(null, tPerm.getQualifier());
110
111    // check table permission with family
112    permission =
113      Permission.newBuilder(tableName).withFamily(family).withActions(Action.EXEC).build();
114    assertTrue(permission instanceof TablePermission);
115    assertEquals(1, permission.getActions().length);
116    assertEquals(Action.EXEC, permission.getActions()[0]);
117    tPerm = (TablePermission) permission;
118    assertEquals(tableName, tPerm.getTableName());
119    assertTrue(Bytes.equals(family, tPerm.getFamily()));
120    assertTrue(Bytes.equals(null, tPerm.getQualifier()));
121
122    // check table permission with family and qualifier
123    permission =
124      Permission.newBuilder(tableName).withFamily(family).withQualifier(qualifier).build();
125    assertTrue(permission instanceof TablePermission);
126    assertEquals(0, permission.getActions().length);
127    tPerm = (TablePermission) permission;
128    assertEquals(tableName, tPerm.getTableName());
129    assertTrue(Bytes.equals(family, tPerm.getFamily()));
130    assertTrue(Bytes.equals(qualifier, tPerm.getQualifier()));
131  }
132}