Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.rest;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertNotNull;
022
023import java.io.ByteArrayInputStream;
024import java.io.IOException;
025import java.io.StringWriter;
026import java.security.PrivilegedExceptionAction;
027import java.util.ArrayList;
028import java.util.Iterator;
029import java.util.List;
030import javax.xml.bind.JAXBContext;
031import javax.xml.bind.JAXBException;
032import javax.xml.bind.Marshaller;
033import javax.xml.bind.Unmarshaller;
034import org.apache.hadoop.conf.Configuration;
035import org.apache.hadoop.hbase.CellUtil;
036import org.apache.hadoop.hbase.HBaseTestingUtil;
037import org.apache.hadoop.hbase.TableName;
038import org.apache.hadoop.hbase.client.Admin;
039import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor;
040import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
041import org.apache.hadoop.hbase.client.Connection;
042import org.apache.hadoop.hbase.client.ConnectionFactory;
043import org.apache.hadoop.hbase.client.Durability;
044import org.apache.hadoop.hbase.client.Put;
045import org.apache.hadoop.hbase.client.Table;
046import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
047import org.apache.hadoop.hbase.rest.client.Client;
048import org.apache.hadoop.hbase.rest.client.Cluster;
049import org.apache.hadoop.hbase.rest.client.Response;
050import org.apache.hadoop.hbase.rest.model.CellModel;
051import org.apache.hadoop.hbase.rest.model.CellSetModel;
052import org.apache.hadoop.hbase.rest.model.RowModel;
053import org.apache.hadoop.hbase.rest.model.ScannerModel;
054import org.apache.hadoop.hbase.security.User;
055import org.apache.hadoop.hbase.security.visibility.CellVisibility;
056import org.apache.hadoop.hbase.security.visibility.ScanLabelGenerator;
057import org.apache.hadoop.hbase.security.visibility.SimpleScanLabelGenerator;
058import org.apache.hadoop.hbase.security.visibility.VisibilityClient;
059import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
060import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
061import org.apache.hadoop.hbase.security.visibility.VisibilityUtils;
062import org.apache.hadoop.hbase.testclassification.MediumTests;
063import org.apache.hadoop.hbase.testclassification.RestTests;
064import org.apache.hadoop.hbase.util.Bytes;
065import org.junit.jupiter.api.AfterAll;
066import org.junit.jupiter.api.BeforeAll;
067import org.junit.jupiter.api.Tag;
068import org.junit.jupiter.api.Test;
069
070import org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
071
072@Tag(RestTests.TAG)
073@Tag(MediumTests.TAG)
074public class TestScannersWithLabels {
075
076  private static final TableName TABLE = TableName.valueOf("TestScannersWithLabels");
077  private static final String CFA = "a";
078  private static final String CFB = "b";
079  private static final String COLUMN_1 = CFA + ":1";
080  private static final String COLUMN_2 = CFB + ":2";
081  private final static String TOPSECRET = "topsecret";
082  private final static String PUBLIC = "public";
083  private final static String PRIVATE = "private";
084  private final static String CONFIDENTIAL = "confidential";
085  private final static String SECRET = "secret";
086  private static User SUPERUSER;
087
088  private static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
089  private static final HBaseRESTTestingUtility REST_TEST_UTIL = new HBaseRESTTestingUtility();
090  private static Client client;
091  private static JAXBContext context;
092  private static Marshaller marshaller;
093  private static Unmarshaller unmarshaller;
094  private static Configuration conf;
095
096  private static int insertData(TableName tableName, String column, double prob)
097    throws IOException {
098    byte[] k = new byte[3];
099    byte[][] famAndQf = CellUtil.parseColumn(Bytes.toBytes(column));
100
101    List<Put> puts = new ArrayList<>(9);
102    for (int i = 0; i < 9; i++) {
103      Put put = new Put(Bytes.toBytes("row" + i));
104      put.setDurability(Durability.SKIP_WAL);
105      put.addColumn(famAndQf[0], famAndQf[1], k);
106      put.setCellVisibility(
107        new CellVisibility("(" + SECRET + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
108      puts.add(put);
109    }
110    try (Table table = TEST_UTIL.getConnection().getTable(tableName)) {
111      table.put(puts);
112    }
113    return puts.size();
114  }
115
116  private static int countCellSet(CellSetModel model) {
117    int count = 0;
118    Iterator<RowModel> rows = model.getRows().iterator();
119    while (rows.hasNext()) {
120      RowModel row = rows.next();
121      Iterator<CellModel> cells = row.getCells().iterator();
122      while (cells.hasNext()) {
123        cells.next();
124        count++;
125      }
126    }
127    return count;
128  }
129
130  @BeforeAll
131  public static void setUpBeforeClass() throws Exception {
132    SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
133    conf = TEST_UTIL.getConfiguration();
134    conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class,
135      ScanLabelGenerator.class);
136    conf.set("hbase.superuser", SUPERUSER.getShortName());
137    VisibilityTestUtil.enableVisiblityLabels(conf);
138    TEST_UTIL.startMiniCluster(1);
139    // Wait for the labels table to become available
140    TEST_UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000);
141    createLabels();
142    setAuths();
143    REST_TEST_UTIL.startServletContainer(conf);
144    client = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()));
145    context = JAXBContext.newInstance(CellModel.class, CellSetModel.class, RowModel.class,
146      ScannerModel.class);
147    marshaller = context.createMarshaller();
148    unmarshaller = context.createUnmarshaller();
149    Admin admin = TEST_UTIL.getAdmin();
150    if (admin.tableExists(TABLE)) {
151      return;
152    }
153    TableDescriptorBuilder tableDescriptorBuilder = TableDescriptorBuilder.newBuilder(TABLE);
154    ColumnFamilyDescriptor columnFamilyDescriptor =
155      ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes(CFA)).build();
156    tableDescriptorBuilder.setColumnFamily(columnFamilyDescriptor);
157    columnFamilyDescriptor = ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes(CFB)).build();
158    tableDescriptorBuilder.setColumnFamily(columnFamilyDescriptor);
159    admin.createTable(tableDescriptorBuilder.build());
160    insertData(TABLE, COLUMN_1, 1.0);
161    insertData(TABLE, COLUMN_2, 0.5);
162  }
163
164  @AfterAll
165  public static void tearDownAfterClass() throws Exception {
166    REST_TEST_UTIL.shutdownServletContainer();
167    TEST_UTIL.shutdownMiniCluster();
168  }
169
170  private static void createLabels() throws IOException, InterruptedException {
171    PrivilegedExceptionAction<VisibilityLabelsResponse> action = () -> {
172      String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
173      try (Connection conn = ConnectionFactory.createConnection(conf)) {
174        VisibilityClient.addLabels(conn, labels);
175      } catch (Throwable t) {
176        throw new IOException(t);
177      }
178      return null;
179    };
180    SUPERUSER.runAs(action);
181  }
182
183  private static void setAuths() throws Exception {
184    String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
185    try (Connection conn = ConnectionFactory.createConnection(conf)) {
186      VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName());
187    } catch (Throwable t) {
188      throw new IOException(t);
189    }
190  }
191
192  @Test
193  public void testSimpleScannerXMLWithLabelsThatReceivesNoData() throws IOException, JAXBException {
194    final int BATCH_SIZE = 5;
195    // new scanner
196    ScannerModel model = new ScannerModel();
197    model.setBatch(BATCH_SIZE);
198    model.addColumn(Bytes.toBytes(COLUMN_1));
199    model.addLabel(PUBLIC);
200    StringWriter writer = new StringWriter();
201    marshaller.marshal(model, writer);
202    byte[] body = Bytes.toBytes(writer.toString());
203    // recall previous put operation with read-only off
204    conf.set("hbase.rest.readonly", "false");
205    Response response = client.put("/" + TABLE + "/scanner", Constants.MIMETYPE_XML, body);
206    assertEquals(201, response.getCode());
207    String scannerURI = response.getLocation();
208    assertNotNull(scannerURI);
209
210    // get a cell set
211    response = client.get(scannerURI, Constants.MIMETYPE_XML);
212    // Respond with 204 as there are no cells to be retrieved
213    assertEquals(204, response.getCode());
214    // With no content in the payload, the 'Content-Type' header is not echo back
215  }
216
217  @Test
218  public void testSimpleScannerXMLWithLabelsThatReceivesData() throws IOException, JAXBException {
219    // new scanner
220    ScannerModel model = new ScannerModel();
221    model.setBatch(5);
222    model.addColumn(Bytes.toBytes(COLUMN_1));
223    model.addLabel(SECRET);
224    StringWriter writer = new StringWriter();
225    marshaller.marshal(model, writer);
226    byte[] body = Bytes.toBytes(writer.toString());
227
228    // recall previous put operation with read-only off
229    conf.set("hbase.rest.readonly", "false");
230    Response response = client.put("/" + TABLE + "/scanner", Constants.MIMETYPE_XML, body);
231    assertEquals(201, response.getCode());
232    String scannerURI = response.getLocation();
233    assertNotNull(scannerURI);
234
235    // get a cell set
236    response = client.get(scannerURI, Constants.MIMETYPE_XML);
237    // Respond with 204 as there are no cells to be retrieved
238    assertEquals(200, response.getCode());
239    assertEquals(Constants.MIMETYPE_XML, response.getHeader("content-type"));
240    CellSetModel cellSet =
241      (CellSetModel) unmarshaller.unmarshal(new ByteArrayInputStream(response.getBody()));
242    assertEquals(5, countCellSet(cellSet));
243  }
244}