Class TestAccessController
java.lang.Object
org.apache.hadoop.hbase.security.access.SecureTestUtil
org.apache.hadoop.hbase.security.access.TestAccessController
@Tag("org.apache.hadoop.hbase.testclassification.SecurityTests") @Tag("org.apache.hadoop.hbase.testclassification.LargeTests")
public class TestAccessController
extends SecureTestUtil
Performs authorization checks for common operations, according to different levels of authorized
users.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate classstatic classstatic classstatic classstatic classNested classes/interfaces inherited from class org.apache.hadoop.hbase.security.access.SecureTestUtil
SecureTestUtil.AccessTestAction, SecureTestUtil.MasterSyncObserver -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static org.apache.hadoop.hbase.security.access.AccessControllerprivate static org.apache.hadoop.conf.Configurationprivate static org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironmentprivate static final org.apache.hadoop.fs.permission.FsPermissionprivate static final Stringprivate static final Stringprivate static final Stringprivate static final Stringprivate static final org.slf4j.Loggerprivate static org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironmentprivate static org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironmentprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.client.ConnectionThe systemUserConnection created here is tied to the system user.private static byte[]private static byte[]private static byte[]private static org.apache.hadoop.hbase.TableNameprivate static org.apache.hadoop.hbase.TableNameprivate static final HBaseTestingUtilprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.Userprivate static org.apache.hadoop.hbase.security.User -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static voidcleanUp()private voidcreateTestTable(org.apache.hadoop.hbase.TableName tname) private voidcreateTestTable(org.apache.hadoop.hbase.TableName tname, byte[] cf) private voidgetNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix, int expectedAmount, String expectedNamespace) List all user permissions match the given regular expression for namespace and verify each of them.private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>>getPrivilegedAction(String regex) private booleanhasFoundUserPermission(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) private booleanhasFoundUserPermission(org.apache.hadoop.hbase.security.access.UserPermission userPermission, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) static voidprivate static voidstatic voidvoidvoidvoidvoidvoidvoidtestAccessControlClientUserPerms(org.junit.jupiter.api.TestInfo testInfo) voidtestAccessControllerUserPermsRegexHandling(org.junit.jupiter.api.TestInfo testInfo) voidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidtestGetProcedures(org.junit.jupiter.api.TestInfo testInfo) voidvoidvoidvoidvoidvoidvoidvoidvoidtestMove()voidvoidvoidtestPermissionList(org.junit.jupiter.api.TestInfo testInfo) voidvoidtestPostGrantRevokeAtQualifierLevel(org.junit.jupiter.api.TestInfo testInfo) voidvoidtestRead()voidvoidvoidtestRemoteLocks(org.junit.jupiter.api.TestInfo testInfo) voidvoidvoidvoidvoidvoidvoidvoidvoidvoidtestSplitWithSplitRow(org.junit.jupiter.api.TestInfo testInfo) voidvoidvoidvoidvoidtestTableCreate(org.junit.jupiter.api.TestInfo testInfo) voidvoidtestTableDeletion(org.junit.jupiter.api.TestInfo testInfo) voidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidvoidprivate voidvalidateGlobalUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User globalGroupUser1, org.apache.hadoop.hbase.security.User globalGroupUser2, Collection<String> superUsers, int superUserCount) private voidvalidateNamespaceUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User nSUser3, org.apache.hadoop.hbase.security.User nsGroupUser1, org.apache.hadoop.hbase.security.User nsGroupUser2, String nsPrefix, String namespace1, String namespace2) private voidvalidateTableACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User tableGroupUser1, org.apache.hadoop.hbase.security.User tableGroupUser2, String nsPrefix, org.apache.hadoop.hbase.TableName table1, org.apache.hadoop.hbase.TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) private voidprivate voidverifyGetUserPermissionResult(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, int resultCount, byte[] cf, byte[] cq, String userName, Collection<String> superUsers) private voidglobal operationsprivate voidprivate voidprivate voidMethods inherited from class org.apache.hadoop.hbase.security.access.SecureTestUtil
checkGlobalPerms, checkTablePerms, checkTablePerms, configureSuperuser, convertToNamespace, createNamespace, createTable, createTable, createTable, createTable, createTable, createTable, createTable, deleteNamespace, deleteTable, deleteTable, enableSecurity, grantGlobal, grantGlobal, grantGlobalUsingAccessControlClient, grantOnNamespace, grantOnNamespace, grantOnNamespaceUsingAccessControlClient, grantOnTable, grantOnTable, grantOnTableUsingAccessControlClient, revokeFromNamespace, revokeFromNamespace, revokeFromNamespaceUsingAccessControlClient, revokeFromTable, revokeFromTable, revokeFromTableUsingAccessControlClient, revokeGlobal, revokeGlobal, revokeGlobalUsingAccessControlClient, verifyAllowed, verifyAllowed, verifyAllowed, verifyConfiguration, verifyDenied, verifyDenied, verifyIfEmptyList, verifyIfNull
-
Field Details
-
FS_PERMISSION_ALL
-
LOG
-
TEST_TABLE
-
TEST_UTIL
-
conf
-
systemUserConnection
The systemUserConnection created here is tied to the system user. In case, you are planning to create AccessTestAction, DON'T use this systemUserConnection as the 'doAs' user gets eclipsed by the system user. -
SUPERUSER
-
USER_ADMIN
-
USER_RW
-
USER_RO
-
USER_OWNER
-
USER_CREATE
-
USER_NONE
-
USER_ADMIN_CF
-
GROUP_ADMIN
- See Also:
-
GROUP_CREATE
- See Also:
-
GROUP_READ
- See Also:
-
GROUP_WRITE
- See Also:
-
USER_GROUP_ADMIN
-
USER_GROUP_CREATE
-
USER_GROUP_READ
-
USER_GROUP_WRITE
-
TEST_TABLE2
-
TEST_FAMILY
-
TEST_QUALIFIER
-
TEST_ROW
-
CP_ENV
-
ACCESS_CONTROLLER
-
RSCP_ENV
-
RCP_ENV
-
-
Constructor Details
-
TestAccessController
public TestAccessController()
-
-
Method Details
-
setupBeforeClass
- Throws:
Exception
-
tearDownAfterClass
- Throws:
Exception
-
setUpTableAndUserPermissions
- Throws:
Exception
-
cleanUp
- Throws:
Exception
-
testUnauthorizedShutdown
- Throws:
Exception
-
testUnauthorizedStopMaster
- Throws:
Exception
-
testUnauthorizedSetTableStateInMeta
- Throws:
Exception
-
testUnauthorizedSetRegionStateInMeta
- Throws:
Exception
-
testUnauthorizedFixMeta
- Throws:
Exception
-
testSecurityCapabilities
- Throws:
Exception
-
testTableCreate
- Throws:
Exception
-
testTableModify
- Throws:
Exception
-
testTableDelete
- Throws:
Exception
-
testTableTruncate
- Throws:
Exception
-
testTableDisable
- Throws:
Exception
-
testTableEnable
- Throws:
Exception
-
testAbortProcedure
- Throws:
Exception
-
testGetProcedures
- Throws:
Exception
-
testGetLocks
- Throws:
Exception
-
testMove
- Throws:
Exception
-
testAssign
- Throws:
Exception
-
testUnassign
- Throws:
Exception
-
testRegionOffline
- Throws:
Exception
-
testSetSplitOrMergeEnabled
- Throws:
Exception
-
testBalance
- Throws:
Exception
-
testBalanceSwitch
- Throws:
Exception
-
testShutdown
- Throws:
Exception
-
testStopMaster
- Throws:
Exception
-
verifyWrite
- Throws:
Exception
-
testSplitWithSplitRow
- Throws:
Exception
-
testFlush
- Throws:
Exception
-
testCompact
- Throws:
Exception
-
verifyRead
- Throws:
Exception
-
verifyReadWrite
- Throws:
Exception
-
testRead
- Throws:
Exception
-
testWrite
- Throws:
Exception
-
testReadWrite
- Throws:
Exception
-
testBulkLoad
- Throws:
Exception
-
testBulkLoadWithoutWritePermission
- Throws:
Exception
-
testAppend
- Throws:
Exception
-
testGrantRevoke
- Throws:
Exception
-
testPostGrantRevoke
- Throws:
Exception
-
hasFoundUserPermission
private boolean hasFoundUserPermission(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) -
hasFoundUserPermission
private boolean hasFoundUserPermission(org.apache.hadoop.hbase.security.access.UserPermission userPermission, List<org.apache.hadoop.hbase.security.access.UserPermission> perms) -
testPostGrantRevokeAtQualifierLevel
@Test public void testPostGrantRevokeAtQualifierLevel(org.junit.jupiter.api.TestInfo testInfo) throws Exception - Throws:
Exception
-
testPermissionList
- Throws:
Exception
-
testGlobalPermissionList
- Throws:
Exception
-
verifyGlobal
global operations- Throws:
Exception
-
testCheckPermissions
- Throws:
Exception
-
testStopRegionServer
- Throws:
Exception
-
testRollWALWriterRequest
- Throws:
Exception
-
testOpenRegion
- Throws:
Exception
-
testCloseRegion
- Throws:
Exception
-
testSnapshot
- Throws:
Exception
-
testSnapshotWithOwner
- Throws:
Exception
-
testCloneSnapshotWithOwner
- Throws:
Exception
-
testGlobalAuthorizationForNewRegisteredRS
- Throws:
Exception
-
testTableDescriptorsEnumeration
- Throws:
Exception
-
testTableNameEnumeration
- Throws:
Exception
-
testTableDeletion
- Throws:
Exception
-
createTestTable
- Throws:
Exception
-
createTestTable
- Throws:
Exception
-
testNamespaceUserGrant
- Throws:
Exception
-
testAccessControlClientGrantRevoke
- Throws:
Exception
-
testAccessControlClientGlobalGrantRevoke
- Throws:
Exception
-
testAccessControlClientMultiGrantRevoke
- Throws:
Exception
-
testAccessControlClientGrantRevokeOnNamespace
- Throws:
Exception
-
testCoprocessorExec
- Throws:
Exception
-
testSetQuota
- Throws:
Exception
-
testGetNamespacePermission
- Throws:
Exception
-
getNamespacePermissionsAndVerify
private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix, int expectedAmount, String expectedNamespace) throws org.apache.hadoop.hbase.exceptions.HBaseException List all user permissions match the given regular expression for namespace and verify each of them.- Parameters:
namespaceRegexWithoutPrefix- the regualar expression for namespace, without NAMESPACE_PREFIXexpectedAmount- the expected amount of user permissions returnedexpectedNamespace- the expected namespace of each user permission returned- Throws:
org.apache.hadoop.hbase.exceptions.HBaseException- in the case of any HBase exception when accessing hbase:acl table
-
testTruncatePerms
- Throws:
Exception
-
getPrivilegedAction
private PrivilegedAction<List<org.apache.hadoop.hbase.security.access.UserPermission>> getPrivilegedAction(String regex) -
testAccessControlClientUserPerms
@Test public void testAccessControlClientUserPerms(org.junit.jupiter.api.TestInfo testInfo) throws Exception - Throws:
Exception
-
testAccessControllerUserPermsRegexHandling
@Test public void testAccessControllerUserPermsRegexHandling(org.junit.jupiter.api.TestInfo testInfo) throws Exception - Throws:
Exception
-
verifyAnyCreate
- Throws:
Exception
-
testPrepareAndCleanBulkLoad
- Throws:
Exception
-
testReplicateLogEntries
- Throws:
Exception
-
testAddReplicationPeer
- Throws:
Exception
-
testRemoveReplicationPeer
- Throws:
Exception
-
testEnableReplicationPeer
- Throws:
Exception
-
testDisableReplicationPeer
- Throws:
Exception
-
testGetReplicationPeerConfig
- Throws:
Exception
-
testUpdateReplicationPeerConfig
- Throws:
Exception
-
testUpdateMasterConfiguration
- Throws:
Exception
-
testUpdateRegionServerConfiguration
- Throws:
Exception
-
testClearRegionBlockCache
- Throws:
Exception
-
testTransitSyncReplicationPeerState
- Throws:
Exception
-
testListReplicationPeers
- Throws:
Exception
-
testRemoteLocks
- Throws:
Exception
-
testAccessControlRevokeOnlyFewPermission
- Throws:
Throwable
-
testGetClusterStatus
- Throws:
Exception
-
testExecuteProcedures
- Throws:
Exception
-
testGetUserPermissions
- Throws:
Throwable
-
testHasPermission
- Throws:
Throwable
-
testSwitchRpcThrottle
- Throws:
Exception
-
testIsRpcThrottleEnabled
- Throws:
Exception
-
testSwitchExceedThrottleQuota
- Throws:
Exception
-
validateGlobalUserACLForGetUserPermissions
private void validateGlobalUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User globalGroupUser1, org.apache.hadoop.hbase.security.User globalGroupUser2, Collection<String> superUsers, int superUserCount) throws Throwable - Throws:
Throwable
-
validateNamespaceUserACLForGetUserPermissions
private void validateNamespaceUserACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User nSUser3, org.apache.hadoop.hbase.security.User nsGroupUser1, org.apache.hadoop.hbase.security.User nsGroupUser2, String nsPrefix, String namespace1, String namespace2) throws Throwable - Throws:
Throwable
-
validateTableACLForGetUserPermissions
private void validateTableACLForGetUserPermissions(org.apache.hadoop.hbase.client.Connection conn, org.apache.hadoop.hbase.security.User nSUser1, org.apache.hadoop.hbase.security.User tableGroupUser1, org.apache.hadoop.hbase.security.User tableGroupUser2, String nsPrefix, org.apache.hadoop.hbase.TableName table1, org.apache.hadoop.hbase.TableName table2, byte[] TEST_QUALIFIER2, Collection<String> superUsers) throws Throwable - Throws:
Throwable
-
verifyGetUserPermissionResult
private void verifyGetUserPermissionResult(List<org.apache.hadoop.hbase.security.access.UserPermission> userPermissions, int resultCount, byte[] cf, byte[] cq, String userName, Collection<String> superUsers)
-