001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.regionserver;
019
020import org.apache.hadoop.conf.Configuration;
021import org.apache.hadoop.hbase.DoNotRetryIOException;
022import org.apache.hadoop.hbase.HBaseClassTestRule;
023import org.apache.hadoop.hbase.HBaseTestingUtil;
024import org.apache.hadoop.hbase.HConstants;
025import org.apache.hadoop.hbase.TableName;
026import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
027import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
028import org.apache.hadoop.hbase.io.crypto.Encryption;
029import org.apache.hadoop.hbase.io.crypto.KeyProviderForTesting;
030import org.apache.hadoop.hbase.testclassification.MasterTests;
031import org.apache.hadoop.hbase.testclassification.MediumTests;
032import org.apache.hadoop.hbase.util.Bytes;
033import org.apache.hadoop.hbase.util.TableDescriptorChecker;
034import org.junit.AfterClass;
035import org.junit.BeforeClass;
036import org.junit.ClassRule;
037import org.junit.Rule;
038import org.junit.Test;
039import org.junit.experimental.categories.Category;
040import org.junit.rules.ExpectedException;
041
042@Category({MasterTests.class, MediumTests.class})
043public class TestEncryptionDisabled {
044
045  @ClassRule
046  public static final HBaseClassTestRule CLASS_RULE =
047      HBaseClassTestRule.forClass(TestEncryptionDisabled.class);
048
049  @Rule
050  public ExpectedException exception = ExpectedException.none();
051
052  private static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
053  private static Configuration conf = TEST_UTIL.getConfiguration();
054  private static TableDescriptorBuilder tdb;
055
056
057  @BeforeClass
058  public static void setUp() throws Exception {
059    conf.setInt("hfile.format.version", 3);
060    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyProviderForTesting.class.getName());
061    conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
062    conf.set(Encryption.CRYPTO_ENABLED_CONF_KEY, "false");
063    conf.set(TableDescriptorChecker.TABLE_SANITY_CHECKS, "true");
064
065    // Start the minicluster
066    TEST_UTIL.startMiniCluster(1);
067  }
068
069  @AfterClass
070  public static void tearDown() throws Exception {
071    TEST_UTIL.shutdownMiniCluster();
072  }
073
074  @Test
075  public void testEncryptedTableShouldNotBeCreatedWhenEncryptionDisabled() throws Exception {
076    // Create the table schema
077    // Specify an encryption algorithm without a key (normally HBase would generate a random key)
078    tdb = TableDescriptorBuilder.newBuilder(TableName.valueOf("default",
079      "TestEncryptionDisabledFail"));
080    ColumnFamilyDescriptorBuilder columnFamilyDescriptorBuilder =
081      ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf"));
082    String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
083    columnFamilyDescriptorBuilder.setEncryptionType(algorithm);
084    tdb.setColumnFamily(columnFamilyDescriptorBuilder.build());
085
086    // Create the test table, we expect to get back an exception
087    exception.expect(DoNotRetryIOException.class);
088    exception.expectMessage("encryption is disabled on the cluster");
089    TEST_UTIL.getAdmin().createTable(tdb.build());
090  }
091
092  @Test
093  public void testNonEncryptedTableShouldBeCreatedWhenEncryptionDisabled() throws Exception {
094    // Create the table schema
095    tdb = TableDescriptorBuilder.newBuilder(TableName.valueOf("default",
096      "TestEncryptionDisabledSuccess"));
097    ColumnFamilyDescriptorBuilder columnFamilyDescriptorBuilder =
098      ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf"));
099    tdb.setColumnFamily(columnFamilyDescriptorBuilder.build());
100
101    // Create the test table, this should succeed, as we don't use encryption
102    TEST_UTIL.getAdmin().createTable(tdb.build());
103    TEST_UTIL.waitTableAvailable(tdb.build().getTableName(), 5000);
104  }
105
106}