Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.wal;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertFalse;
022import static org.junit.jupiter.api.Assertions.assertTrue;
023
024import java.util.List;
025import java.util.NavigableMap;
026import java.util.TreeMap;
027import java.util.stream.Stream;
028import org.apache.commons.io.IOUtils;
029import org.apache.hadoop.conf.Configuration;
030import org.apache.hadoop.fs.FSDataInputStream;
031import org.apache.hadoop.fs.FileSystem;
032import org.apache.hadoop.fs.Path;
033import org.apache.hadoop.hbase.Cell;
034import org.apache.hadoop.hbase.HBaseParameterizedTestTemplate;
035import org.apache.hadoop.hbase.HBaseTestingUtil;
036import org.apache.hadoop.hbase.HConstants;
037import org.apache.hadoop.hbase.KeyValue;
038import org.apache.hadoop.hbase.TableName;
039import org.apache.hadoop.hbase.client.RegionInfo;
040import org.apache.hadoop.hbase.client.RegionInfoBuilder;
041import org.apache.hadoop.hbase.io.crypto.MockAesKeyProvider;
042import org.apache.hadoop.hbase.regionserver.MultiVersionConcurrencyControl;
043import org.apache.hadoop.hbase.testclassification.MediumTests;
044import org.apache.hadoop.hbase.testclassification.RegionServerTests;
045import org.apache.hadoop.hbase.util.Bytes;
046import org.apache.hadoop.hbase.util.CommonFSUtils;
047import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
048import org.junit.jupiter.api.AfterAll;
049import org.junit.jupiter.api.BeforeAll;
050import org.junit.jupiter.api.BeforeEach;
051import org.junit.jupiter.api.Tag;
052import org.junit.jupiter.api.TestInfo;
053import org.junit.jupiter.api.TestTemplate;
054import org.junit.jupiter.params.provider.Arguments;
055
056@Tag(RegionServerTests.TAG)
057@Tag(MediumTests.TAG)
058@HBaseParameterizedTestTemplate
059public class TestSecureWAL {
060
061  static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
062
063  private String testMethodName;
064
065  public String walProvider;
066
067  public TestSecureWAL(String walProvider) {
068    this.walProvider = walProvider;
069  }
070
071  public static Stream<Arguments> parameters() {
072    return Stream.of(Arguments.of("defaultProvider"), Arguments.of("asyncfs"));
073  }
074
075  @BeforeAll
076  public static void setUpBeforeClass() throws Exception {
077    Configuration conf = TEST_UTIL.getConfiguration();
078    conf.set(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, MockAesKeyProvider.class.getName());
079    conf.set(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase");
080    conf.setBoolean(HConstants.ENABLE_WAL_ENCRYPTION, true);
081    CommonFSUtils.setRootDir(conf, TEST_UTIL.getDataTestDirOnTestFS());
082    TEST_UTIL.startMiniDFSCluster(3);
083  }
084
085  @AfterAll
086  public static void tearDownAfterClass() throws Exception {
087    TEST_UTIL.shutdownMiniCluster();
088  }
089
090  @BeforeEach
091  public void setUp(TestInfo testInfo) {
092    testMethodName = testInfo.getTestMethod().get().getName();
093    TEST_UTIL.getConfiguration().set(WALFactory.WAL_PROVIDER, walProvider);
094  }
095
096  @TestTemplate
097  public void testSecureWAL() throws Exception {
098    TableName tableName = TableName.valueOf(testMethodName.replaceAll("[^a-zA-Z0-9]", "_"));
099    NavigableMap<byte[], Integer> scopes = new TreeMap<>(Bytes.BYTES_COMPARATOR);
100    scopes.put(tableName.getName(), 0);
101    RegionInfo regionInfo = RegionInfoBuilder.newBuilder(tableName).build();
102    final int total = 10;
103    final byte[] row = Bytes.toBytes("row");
104    final byte[] family = Bytes.toBytes("family");
105    final byte[] value = Bytes.toBytes("Test value");
106    FileSystem fs = TEST_UTIL.getDFSCluster().getFileSystem();
107    final WALFactory wals =
108      new WALFactory(TEST_UTIL.getConfiguration(), tableName.getNameAsString());
109
110    // Write the WAL
111    final WAL wal = wals.getWAL(regionInfo);
112
113    MultiVersionConcurrencyControl mvcc = new MultiVersionConcurrencyControl();
114
115    for (int i = 0; i < total; i++) {
116      WALEdit kvs = new WALEdit();
117      kvs.add(new KeyValue(row, family, Bytes.toBytes(i), value));
118      wal.appendData(regionInfo, new WALKeyImpl(regionInfo.getEncodedNameAsBytes(), tableName,
119        EnvironmentEdgeManager.currentTime(), mvcc, scopes), kvs);
120    }
121    wal.sync();
122    final Path walPath = AbstractFSWALProvider.getCurrentFileName(wal);
123    wals.shutdown();
124
125    // Insure edits are not plaintext
126    long length = fs.getFileStatus(walPath).getLen();
127    FSDataInputStream in = fs.open(walPath);
128    byte[] fileData = new byte[(int) length];
129    IOUtils.readFully(in, fileData);
130    in.close();
131    assertFalse(Bytes.contains(fileData, value), "Cells appear to be plaintext");
132
133    // Confirm the WAL can be read back
134    int count = 0;
135    try (WALStreamReader reader = wals.createStreamReader(TEST_UTIL.getTestFileSystem(), walPath)) {
136      WAL.Entry entry = new WAL.Entry();
137      while (reader.next(entry) != null) {
138        count++;
139        List<Cell> cells = entry.getEdit().getCells();
140        assertTrue(cells.size() == 1, "Should be one KV per WALEdit");
141        for (Cell cell : cells) {
142          assertTrue(Bytes.equals(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength(), row,
143            0, row.length), "Incorrect row");
144          assertTrue(Bytes.equals(cell.getFamilyArray(), cell.getFamilyOffset(),
145            cell.getFamilyLength(), family, 0, family.length), "Incorrect family");
146          assertTrue(Bytes.equals(cell.getValueArray(), cell.getValueOffset(),
147            cell.getValueLength(), value, 0, value.length), "Incorrect value");
148        }
149      }
150      assertEquals(total, count, "Should have read back as many KVs as written");
151    }
152  }
153}