Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.regionserver;
019
020import static org.junit.jupiter.api.Assertions.assertThrows;
021import static org.junit.jupiter.api.Assertions.assertTrue;
022
023import org.apache.hadoop.conf.Configuration;
024import org.apache.hadoop.hbase.DoNotRetryIOException;
025import org.apache.hadoop.hbase.HBaseTestingUtil;
026import org.apache.hadoop.hbase.HConstants;
027import org.apache.hadoop.hbase.TableName;
028import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
029import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
030import org.apache.hadoop.hbase.io.crypto.Encryption;
031import org.apache.hadoop.hbase.io.crypto.MockAesKeyProvider;
032import org.apache.hadoop.hbase.testclassification.MasterTests;
033import org.apache.hadoop.hbase.testclassification.MediumTests;
034import org.apache.hadoop.hbase.util.Bytes;
035import org.apache.hadoop.hbase.util.TableDescriptorChecker;
036import org.junit.jupiter.api.AfterAll;
037import org.junit.jupiter.api.BeforeAll;
038import org.junit.jupiter.api.Tag;
039import org.junit.jupiter.api.Test;
040
041@Tag(MasterTests.TAG)
042@Tag(MediumTests.TAG)
043public class TestEncryptionDisabled {
044
045  private static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
046  private static Configuration conf = TEST_UTIL.getConfiguration();
047  private static TableDescriptorBuilder tdb;
048
049  @BeforeAll
050  public static void setUp() throws Exception {
051    conf.setInt("hfile.format.version", 3);
052    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, MockAesKeyProvider.class.getName());
053    conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
054    conf.set(Encryption.CRYPTO_ENABLED_CONF_KEY, "false");
055    conf.set(TableDescriptorChecker.TABLE_SANITY_CHECKS, "true");
056
057    // Start the minicluster
058    TEST_UTIL.startMiniCluster(1);
059  }
060
061  @AfterAll
062  public static void tearDown() throws Exception {
063    TEST_UTIL.shutdownMiniCluster();
064  }
065
066  @Test
067  public void testEncryptedTableShouldNotBeCreatedWhenEncryptionDisabled() throws Exception {
068    // Create the table schema
069    // Specify an encryption algorithm without a key (normally HBase would generate a random key)
070    tdb =
071      TableDescriptorBuilder.newBuilder(TableName.valueOf("default", "TestEncryptionDisabledFail"));
072    ColumnFamilyDescriptorBuilder columnFamilyDescriptorBuilder =
073      ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf"));
074    String algorithm = conf.get(HConstants.CRYPTO_KEY_ALGORITHM_CONF_KEY, HConstants.CIPHER_AES);
075    columnFamilyDescriptorBuilder.setEncryptionType(algorithm);
076    tdb.setColumnFamily(columnFamilyDescriptorBuilder.build());
077
078    // Create the test table, we expect to get back an exception
079    DoNotRetryIOException exception = assertThrows(DoNotRetryIOException.class,
080      () -> TEST_UTIL.getAdmin().createTable(tdb.build()));
081    assertTrue(exception.getMessage().contains("encryption is disabled on the cluster"));
082  }
083
084  @Test
085  public void testNonEncryptedTableShouldBeCreatedWhenEncryptionDisabled() throws Exception {
086    // Create the table schema
087    tdb = TableDescriptorBuilder
088      .newBuilder(TableName.valueOf("default", "TestEncryptionDisabledSuccess"));
089    ColumnFamilyDescriptorBuilder columnFamilyDescriptorBuilder =
090      ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf"));
091    tdb.setColumnFamily(columnFamilyDescriptorBuilder.build());
092
093    // Create the test table, this should succeed, as we don't use encryption
094    TEST_UTIL.getAdmin().createTable(tdb.build());
095    TEST_UTIL.waitTableAvailable(tdb.build().getTableName(), 5000);
096  }
097
098}