Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.visibility;
019
020import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_FAMILY;
021import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
022
023import java.util.ArrayList;
024import java.util.List;
025import java.util.NavigableMap;
026import org.apache.hadoop.hbase.TableName;
027import org.apache.hadoop.hbase.client.Result;
028import org.apache.hadoop.hbase.security.User;
029import org.apache.hadoop.hbase.testclassification.MediumTests;
030import org.apache.hadoop.hbase.testclassification.SecurityTests;
031import org.apache.hadoop.hbase.util.Bytes;
032import org.junit.jupiter.api.BeforeAll;
033import org.junit.jupiter.api.Tag;
034import org.junit.jupiter.api.Test;
035
036@Tag(SecurityTests.TAG)
037@Tag(MediumTests.TAG)
038public class TestVisibilityLabelsWithCustomVisLabService extends VisibilityLabelsTestBase {
039
040  @BeforeAll
041  public static void setupBeforeClass() throws Exception {
042    // setup configuration
043    conf = TEST_UTIL.getConfiguration();
044    VisibilityTestUtil.enableVisiblityLabels(conf);
045    conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, SimpleScanLabelGenerator.class,
046      ScanLabelGenerator.class);
047    conf.setClass(VisibilityLabelServiceManager.VISIBILITY_LABEL_SERVICE_CLASS,
048      ExpAsStringVisibilityLabelServiceImpl.class, VisibilityLabelService.class);
049    conf.set("hbase.superuser", "admin");
050    TEST_UTIL.startMiniCluster(2);
051    SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
052
053    // Wait for the labels table to become available
054    TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
055    addLabels();
056  }
057
058  // we don't verify predefined labels in ExpAsStringVisibilityLabelServiceImpl
059  @Test
060  public void testVisibilityLabelsInPutsThatDoesNotMatchAnyDefinedLabels() throws Exception {
061    TableName tableName = name.getTableName();
062    // This put with label "SAMPLE_LABEL" should not get failed.
063    createTableAndWriteDataWithLabels(tableName, "SAMPLE_LABEL", "TEST");
064  }
065
066  @Override
067  protected List<String> extractAuths(String user, List<Result> results) {
068    List<String> auths = new ArrayList<>();
069    for (Result result : results) {
070      if (Bytes.equals(result.getRow(), Bytes.toBytes(user))) {
071        NavigableMap<byte[], byte[]> familyMap = result.getFamilyMap(LABELS_TABLE_FAMILY);
072        for (byte[] q : familyMap.keySet()) {
073          auths.add(Bytes.toString(q, 0, q.length));
074        }
075      }
076    }
077    return auths;
078  }
079}