Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.client;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertFalse;
022import static org.junit.jupiter.api.Assertions.assertTrue;
023import static org.junit.jupiter.api.Assertions.fail;
024
025import java.util.List;
026import java.util.function.Supplier;
027import org.apache.hadoop.hbase.HBaseParameterizedTestTemplate;
028import org.apache.hadoop.hbase.TableName;
029import org.apache.hadoop.hbase.security.User;
030import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
031import org.apache.hadoop.hbase.security.access.Permission;
032import org.apache.hadoop.hbase.security.access.PermissionStorage;
033import org.apache.hadoop.hbase.security.access.SecureTestUtil;
034import org.apache.hadoop.hbase.security.access.SecureTestUtil.AccessTestAction;
035import org.apache.hadoop.hbase.security.access.UserPermission;
036import org.apache.hadoop.hbase.testclassification.ClientTests;
037import org.apache.hadoop.hbase.testclassification.SmallTests;
038import org.junit.jupiter.api.AfterAll;
039import org.junit.jupiter.api.BeforeAll;
040import org.junit.jupiter.api.Tag;
041import org.junit.jupiter.api.TestTemplate;
042
043import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
044
045@Tag(ClientTests.TAG)
046@Tag(SmallTests.TAG)
047@HBaseParameterizedTestTemplate(name = "{index}: admin = {0}")
048public class TestAsyncAccessControlAdminApi extends TestAsyncAdminBase {
049
050  public TestAsyncAccessControlAdminApi(Supplier<AsyncAdmin> admin) {
051    super(admin);
052  }
053
054  @BeforeAll
055  public static void setUpBeforeClass() throws Exception {
056    SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
057    TEST_UTIL.startMiniCluster(1);
058    TEST_UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME);
059    ASYNC_CONN = ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
060  }
061
062  @AfterAll
063  public static void tearDownAfterClass() throws Exception {
064    TestAsyncAdminBase.tearDownAfterClass();
065  }
066
067  @TestTemplate
068  public void test() throws Exception {
069    TableName tableName = TableName.valueOf("test-table");
070    String userName1 = "user1";
071    String userName2 = "user2";
072    User user2 = User.createUserForTesting(TEST_UTIL.getConfiguration(), userName2, new String[0]);
073    Permission permission =
074      Permission.newBuilder(tableName).withActions(Permission.Action.READ).build();
075    UserPermission userPermission = new UserPermission(userName1, permission);
076
077    // grant user1 table permission
078    admin.grant(userPermission, false).get();
079
080    // get table permissions
081    List<UserPermission> userPermissions =
082      admin.getUserPermissions(GetUserPermissionsRequest.newBuilder(tableName).build()).get();
083    assertEquals(1, userPermissions.size());
084    assertEquals(userPermission, userPermissions.get(0));
085
086    // get table permissions
087    userPermissions = admin.getUserPermissions(
088      GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName1).build()).get();
089    assertEquals(1, userPermissions.size());
090    assertEquals(userPermission, userPermissions.get(0));
091
092    userPermissions = admin.getUserPermissions(
093      GetUserPermissionsRequest.newBuilder(tableName).withUserName(userName2).build()).get();
094    assertEquals(0, userPermissions.size());
095
096    // has user permission
097    List<Permission> permissions = Lists.newArrayList(permission);
098    boolean hasPermission =
099      admin.hasUserPermissions(userName1, permissions).get().get(0).booleanValue();
100    assertTrue(hasPermission);
101    hasPermission = admin.hasUserPermissions(userName2, permissions).get().get(0).booleanValue();
102    assertFalse(hasPermission);
103
104    AccessTestAction hasPermissionAction = new AccessTestAction() {
105      @Override
106      public Object run() throws Exception {
107        try (AsyncConnection conn =
108          ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
109          return conn.getAdmin().hasUserPermissions(userName1, permissions).get().get(0);
110        }
111      }
112    };
113    try {
114      user2.runAs(hasPermissionAction);
115      fail("Should not come here");
116    } catch (Exception e) {
117      LOG.error("Call has permission error", e);
118    }
119
120    // check permission
121    admin.hasUserPermissions(permissions);
122    AccessTestAction checkPermissionsAction = new AccessTestAction() {
123      @Override
124      public Object run() throws Exception {
125        try (AsyncConnection conn =
126          ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get()) {
127          return conn.getAdmin().hasUserPermissions(permissions).get().get(0);
128        }
129      }
130    };
131    assertFalse((Boolean) user2.runAs(checkPermissionsAction));
132  }
133}