Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.access;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertTrue;
022import static org.junit.jupiter.api.Assertions.fail;
023
024import org.apache.hadoop.hbase.TableName;
025import org.apache.hadoop.hbase.security.access.Permission.Action;
026import org.apache.hadoop.hbase.testclassification.SecurityTests;
027import org.apache.hadoop.hbase.testclassification.SmallTests;
028import org.apache.hadoop.hbase.util.Bytes;
029import org.junit.jupiter.api.Tag;
030import org.junit.jupiter.api.Test;
031
032@Tag(SecurityTests.TAG)
033@Tag(SmallTests.TAG)
034public class TestPermissionBuilder {
035
036  @Test
037  public void testBuildGlobalPermission() {
038    // check global permission with empty action
039    Permission permission = Permission.newBuilder().build();
040    assertTrue(permission instanceof GlobalPermission);
041    assertEquals(0, permission.getActions().length);
042
043    // check global permission with ADMIN action
044    permission = Permission.newBuilder().withActionCodes(Bytes.toBytes("A")).build();
045    assertTrue(permission instanceof GlobalPermission);
046    assertEquals(1, permission.getActions().length);
047    assertTrue(permission.getActions()[0] == Action.ADMIN);
048
049    byte[] qualifier = Bytes.toBytes("q");
050    try {
051      permission = Permission.newBuilder().withQualifier(qualifier)
052        .withActions(Action.CREATE, Action.READ).build();
053      fail("Should throw NPE");
054    } catch (NullPointerException e) {
055      // catch NPE because set qualifier but table name is null
056    }
057
058    permission = Permission.newBuilder().withActionCodes(Bytes.toBytes("ACP"))
059      .withActions(Action.READ, Action.ADMIN).build();
060    assertEquals(3, permission.getActions().length);
061    assertEquals(Action.READ, permission.getActions()[0]);
062    assertEquals(Action.CREATE, permission.getActions()[1]);
063    assertEquals(Action.ADMIN, permission.getActions()[2]);
064  }
065
066  @Test
067  public void testBuildNamespacePermission() {
068    String namespace = "ns";
069    // check namespace permission with CREATE and READ actions
070    Permission permission =
071      Permission.newBuilder(namespace).withActions(Action.CREATE, Action.READ).build();
072    assertTrue(permission instanceof NamespacePermission);
073    NamespacePermission namespacePermission = (NamespacePermission) permission;
074    assertEquals(namespace, namespacePermission.getNamespace());
075    assertEquals(2, permission.getActions().length);
076    assertEquals(Action.READ, permission.getActions()[0]);
077    assertEquals(Action.CREATE, permission.getActions()[1]);
078
079    byte[] family = Bytes.toBytes("f");
080    try {
081      permission = Permission.newBuilder(namespace).withFamily(family)
082        .withActions(Action.CREATE, Action.READ).build();
083      fail("Should throw NPE");
084    } catch (NullPointerException e) {
085      // catch NPE because set family but table name is null
086    }
087  }
088
089  @Test
090  public void testBuildTablePermission() {
091    TableName tableName = TableName.valueOf("ns", "table");
092    byte[] family = Bytes.toBytes("f");
093    byte[] qualifier = Bytes.toBytes("q");
094    // check table permission without family or qualifier
095    Permission permission =
096      Permission.newBuilder(tableName).withActions(Action.WRITE, Action.READ).build();
097    assertTrue(permission instanceof TablePermission);
098    assertEquals(2, permission.getActions().length);
099    assertEquals(Action.READ, permission.getActions()[0]);
100    assertEquals(Action.WRITE, permission.getActions()[1]);
101    TablePermission tPerm = (TablePermission) permission;
102    assertEquals(tableName, tPerm.getTableName());
103    assertEquals(null, tPerm.getFamily());
104    assertEquals(null, tPerm.getQualifier());
105
106    // check table permission with family
107    permission =
108      Permission.newBuilder(tableName).withFamily(family).withActions(Action.EXEC).build();
109    assertTrue(permission instanceof TablePermission);
110    assertEquals(1, permission.getActions().length);
111    assertEquals(Action.EXEC, permission.getActions()[0]);
112    tPerm = (TablePermission) permission;
113    assertEquals(tableName, tPerm.getTableName());
114    assertTrue(Bytes.equals(family, tPerm.getFamily()));
115    assertTrue(Bytes.equals(null, tPerm.getQualifier()));
116
117    // check table permission with family and qualifier
118    permission =
119      Permission.newBuilder(tableName).withFamily(family).withQualifier(qualifier).build();
120    assertTrue(permission instanceof TablePermission);
121    assertEquals(0, permission.getActions().length);
122    tPerm = (TablePermission) permission;
123    assertEquals(tableName, tPerm.getTableName());
124    assertTrue(Bytes.equals(family, tPerm.getFamily()));
125    assertTrue(Bytes.equals(qualifier, tPerm.getQualifier()));
126  }
127}