Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.visibility;
019
020import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
021import static org.junit.Assert.assertNotNull;
022import static org.junit.Assert.assertNull;
023
024import java.io.IOException;
025import java.security.PrivilegedExceptionAction;
026import org.apache.hadoop.conf.Configuration;
027import org.apache.hadoop.hbase.HBaseClassTestRule;
028import org.apache.hadoop.hbase.HBaseTestingUtil;
029import org.apache.hadoop.hbase.HConstants;
030import org.apache.hadoop.hbase.TableName;
031import org.apache.hadoop.hbase.client.Connection;
032import org.apache.hadoop.hbase.client.ConnectionFactory;
033import org.apache.hadoop.hbase.client.Put;
034import org.apache.hadoop.hbase.client.Result;
035import org.apache.hadoop.hbase.client.ResultScanner;
036import org.apache.hadoop.hbase.client.Scan;
037import org.apache.hadoop.hbase.client.Table;
038import org.apache.hadoop.hbase.security.User;
039import org.apache.hadoop.hbase.testclassification.MediumTests;
040import org.apache.hadoop.hbase.testclassification.SecurityTests;
041import org.apache.hadoop.hbase.util.Bytes;
042import org.junit.AfterClass;
043import org.junit.BeforeClass;
044import org.junit.ClassRule;
045import org.junit.Rule;
046import org.junit.Test;
047import org.junit.experimental.categories.Category;
048import org.junit.rules.TestName;
049
050import org.apache.hadoop.hbase.shaded.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
051
052@Category({ SecurityTests.class, MediumTests.class })
053public class TestVisibilityLabelsWithSLGStack {
054
055  @ClassRule
056  public static final HBaseClassTestRule CLASS_RULE =
057    HBaseClassTestRule.forClass(TestVisibilityLabelsWithSLGStack.class);
058
059  public static final String CONFIDENTIAL = "confidential";
060  private static final String SECRET = "secret";
061  public static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
062  private static final byte[] ROW_1 = Bytes.toBytes("row1");
063  private final static byte[] CF = Bytes.toBytes("f");
064  private final static byte[] Q1 = Bytes.toBytes("q1");
065  private final static byte[] Q2 = Bytes.toBytes("q2");
066  private final static byte[] value = Bytes.toBytes("value");
067  public static Configuration conf;
068
069  @Rule
070  public final TestName TEST_NAME = new TestName();
071  public static User SUPERUSER;
072
073  @BeforeClass
074  public static void setupBeforeClass() throws Exception {
075    // setup configuration
076    conf = TEST_UTIL.getConfiguration();
077    VisibilityTestUtil.enableVisiblityLabels(conf);
078    String classes = SimpleScanLabelGenerator.class.getCanonicalName() + " , "
079      + LabelFilteringScanLabelGenerator.class.getCanonicalName();
080    conf.setStrings(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, classes);
081    conf.set("hbase.superuser", "admin");
082    TEST_UTIL.startMiniCluster(1);
083    SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
084
085    // Wait for the labels table to become available
086    TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
087    addLabels();
088  }
089
090  @Test
091  public void testWithSAGStack() throws Exception {
092    TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
093    try (Table table = TEST_UTIL.createTable(tableName, CF)) {
094      Put put = new Put(ROW_1);
095      put.addColumn(CF, Q1, HConstants.LATEST_TIMESTAMP, value);
096      put.setCellVisibility(new CellVisibility(SECRET));
097      table.put(put);
098      put = new Put(ROW_1);
099      put.addColumn(CF, Q2, HConstants.LATEST_TIMESTAMP, value);
100      put.setCellVisibility(new CellVisibility(CONFIDENTIAL));
101      table.put(put);
102
103      LabelFilteringScanLabelGenerator.labelToFilter = CONFIDENTIAL;
104      Scan s = new Scan();
105      s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
106      ResultScanner scanner = table.getScanner(s);
107      Result next = scanner.next();
108      assertNotNull(next.getColumnLatestCell(CF, Q1));
109      assertNull(next.getColumnLatestCell(CF, Q2));
110    }
111  }
112
113  private static void addLabels() throws Exception {
114    PrivilegedExceptionAction<VisibilityLabelsResponse> action =
115      new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
116        @Override
117        public VisibilityLabelsResponse run() throws Exception {
118          String[] labels = { SECRET, CONFIDENTIAL };
119          try (Connection conn = ConnectionFactory.createConnection(conf)) {
120            VisibilityClient.addLabels(conn, labels);
121          } catch (Throwable t) {
122            throw new IOException(t);
123          }
124          return null;
125        }
126      };
127    SUPERUSER.runAs(action);
128  }
129
130  @AfterClass
131  public static void tearDownAfterClass() throws Exception {
132    TEST_UTIL.shutdownMiniCluster();
133  }
134}