Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.token;
019
020import static org.junit.jupiter.api.Assertions.assertArrayEquals;
021
022import java.util.stream.Stream;
023import org.apache.hadoop.hbase.TableName;
024import org.apache.hadoop.hbase.TableNameTestExtension;
025import org.apache.hadoop.hbase.client.Admin;
026import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
027import org.apache.hadoop.hbase.client.Connection;
028import org.apache.hadoop.hbase.client.ConnectionFactory;
029import org.apache.hadoop.hbase.client.Get;
030import org.apache.hadoop.hbase.client.Put;
031import org.apache.hadoop.hbase.client.Result;
032import org.apache.hadoop.hbase.client.Table;
033import org.apache.hadoop.hbase.client.TableDescriptor;
034import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
035import org.apache.hadoop.hbase.ipc.NettyRpcClient;
036import org.apache.hadoop.hbase.ipc.RpcClientFactory;
037import org.apache.hadoop.hbase.testclassification.MediumTests;
038import org.apache.hadoop.hbase.testclassification.SecurityTests;
039import org.apache.hadoop.hbase.util.Bytes;
040import org.apache.hadoop.security.UserGroupInformation;
041import org.apache.hadoop.security.token.Token;
042import org.apache.hadoop.security.token.TokenIdentifier;
043import org.junit.jupiter.api.BeforeAll;
044import org.junit.jupiter.api.Tag;
045import org.junit.jupiter.api.TestInfo;
046import org.junit.jupiter.params.ParameterizedTest;
047import org.junit.jupiter.params.provider.MethodSource;
048
049@Tag(SecurityTests.TAG)
050@Tag(MediumTests.TAG)
051public class TestDelegationTokenWithEncryption extends SecureTestCluster {
052
053  @BeforeAll
054  public static void setUp() throws Exception {
055    // enable rpc encryption
056    TEST_UTIL.getConfiguration().set("hbase.rpc.protection", "privacy");
057    SecureTestCluster.setUpCluster();
058    try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
059      Token<? extends TokenIdentifier> token = ClientTokenUtil.obtainToken(conn);
060      UserGroupInformation.getCurrentUser().addToken(token);
061    }
062  }
063
064  static Stream<String> parameters() {
065    // Client connection supports only non-blocking RPCs (due to master registry restriction), hence
066    // we only test NettyRpcClient.
067    return Stream.of(NettyRpcClient.class.getName());
068  }
069
070  @ParameterizedTest(name = "{index}: rpcClientImpl={0}")
071  @MethodSource("parameters")
072  public void testPutGetWithDelegationToken(String rpcClientImpl, TestInfo testInfo)
073    throws Exception {
074    TEST_UTIL.getConfiguration().set(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY,
075      rpcClientImpl);
076    TableName tableName = TableName
077      .valueOf(TableNameTestExtension.cleanUpTestName(testInfo.getTestMethod().get().getName()));
078    byte[] family = Bytes.toBytes("f");
079    byte[] qualifier = Bytes.toBytes("q");
080    byte[] row = Bytes.toBytes("row");
081    byte[] value = Bytes.toBytes("data");
082    try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
083      Admin admin = conn.getAdmin();
084      TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName)
085        .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family)).build();
086      admin.createTable(tableDescriptor);
087      try (Table table = conn.getTable(tableName)) {
088        table.put(new Put(row).addColumn(family, qualifier, value));
089        Result result = table.get(new Get(row));
090        assertArrayEquals(value, result.getValue(family, qualifier));
091      }
092    }
093  }
094}