Class TestZooKeeperACL
java.lang.Object
org.apache.hadoop.hbase.zookeeper.TestZooKeeperACL
@Tag("org.apache.hadoop.hbase.testclassification.ZKTests") @Tag("org.apache.hadoop.hbase.testclassification.MediumTests")
public class TestZooKeeperACL
extends Object
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final org.slf4j.Loggerprivate static booleanprivate static final HBaseTestingUtilprivate static org.apache.hadoop.hbase.zookeeper.ZKWatcher -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidsetUp()static voidstatic voidvoidvoidWhen authentication is enabled on ZooKeeper, /hbase/hbaseid should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.voidWhen authentication is enabled on ZooKeeper, /hbase/master should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.voidWhen authentication is enabled on ZooKeeper, /hbase/root-region-server should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.voidCreate a node and check its ACL.voidCheck if ZooKeeper JaasConfiguration is valid.voidCheck if Programmatic way of setting zookeeper security settings is valid.voidFinally, we check the ACLs of a node outside of the /hbase hierarchy and verify that its ACL is simply 'hbase:Perms.ALL'.
-
Field Details
-
LOG
-
TEST_UTIL
-
zkw
-
secureZKAvailable
-
-
Constructor Details
-
TestZooKeeperACL
public TestZooKeeperACL()
-
-
Method Details
-
setUpBeforeClass
- Throws:
Exception
-
tearDownAfterClass
- Throws:
Exception
-
setUp
- Throws:
Exception
-
testHBaseRootZNodeACL
Create a node and check its ACL. When authentication is enabled on ZooKeeper, all nodes (except /hbase/root-region-server, /hbase/master and /hbase/hbaseid) should be created so that only the hbase server user (master or region server user) that created them can access them, and this user should have all permissions on this node. For /hbase/root-region-server, /hbase/master, and /hbase/hbaseid the permissions should be as above, but should also be world-readable. First we check the general case of /hbase nodes in the following test, and then check the subset of world-readable nodes in the three tests after that.- Throws:
Exception
-
testHBaseRootRegionServerZNodeACL
When authentication is enabled on ZooKeeper, /hbase/root-region-server should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.- Throws:
Exception
-
testHBaseMasterServerZNodeACL
When authentication is enabled on ZooKeeper, /hbase/master should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.- Throws:
Exception
-
testHBaseIDZNodeACL
When authentication is enabled on ZooKeeper, /hbase/hbaseid should be created with 2 ACLs: one specifies that the hbase user has full access to the node; the other, that it is world-readable.- Throws:
Exception
-
testOutsideHBaseNodeACL
Finally, we check the ACLs of a node outside of the /hbase hierarchy and verify that its ACL is simply 'hbase:Perms.ALL'.- Throws:
Exception
-
testIsZooKeeperSecure
Check if ZooKeeper JaasConfiguration is valid.- Throws:
Exception
-
testIsZooKeeperSecureWithProgrammaticConfig
Check if Programmatic way of setting zookeeper security settings is valid.- Throws:
Exception
-
testAdminDrainAllowedOnSecureZK
- Throws:
Exception
-