View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import static org.junit.Assert.assertFalse;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.util.ArrayList;
25  import java.util.List;
26  import java.util.concurrent.atomic.AtomicBoolean;
27  
28  import org.apache.commons.logging.Log;
29  import org.apache.commons.logging.LogFactory;
30  import org.apache.hadoop.conf.Configuration;
31  import org.apache.hadoop.hbase.Abortable;
32  import org.apache.hadoop.hbase.TableName;
33  import org.apache.hadoop.hbase.HBaseTestingUtility;
34  import org.apache.hadoop.hbase.LargeTests;
35  import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
36  import org.junit.AfterClass;
37  import org.junit.BeforeClass;
38  import org.junit.Test;
39  import org.junit.experimental.categories.Category;
40  
41  /**
42   * Test the reading and writing of access permissions to and from zookeeper.
43   */
44  @Category(LargeTests.class)
45  public class TestZKPermissionsWatcher {
46    private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
47    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
48    private static TableAuthManager AUTH_A;
49    private static TableAuthManager AUTH_B;
50    private final static Abortable ABORTABLE = new Abortable() {
51      private final AtomicBoolean abort = new AtomicBoolean(false);
52  
53      @Override
54      public void abort(String why, Throwable e) {
55        LOG.info(why, e);
56        abort.set(true);
57      }
58  
59      @Override
60      public boolean isAborted() {
61        return abort.get();
62      }
63    };
64  
65    private static TableName TEST_TABLE =
66        TableName.valueOf("perms_test");
67  
68    @BeforeClass
69    public static void beforeClass() throws Exception {
70      // setup configuration
71      Configuration conf = UTIL.getConfiguration();
72      SecureTestUtil.enableSecurity(conf);
73  
74      // start minicluster
75      UTIL.startMiniCluster();
76      AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
77        "TestZKPermissionsWatcher_1", ABORTABLE), conf);
78      AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
79        "TestZKPermissionsWatcher_2", ABORTABLE), conf);
80    }
81  
82    @AfterClass
83    public static void afterClass() throws Exception {
84      UTIL.shutdownMiniCluster();
85    }
86  
87    @Test
88    public void testPermissionsWatcher() throws Exception {
89      assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
90        TablePermission.Action.READ));
91      assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
92        TablePermission.Action.WRITE));
93      assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
94        TablePermission.Action.READ));
95      assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
96        TablePermission.Action.WRITE));
97  
98      assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
99        TablePermission.Action.READ));
100     assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
101       TablePermission.Action.WRITE));
102     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
103       TablePermission.Action.READ));
104     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
105       TablePermission.Action.WRITE));
106 
107     // update ACL: george RW
108     List<TablePermission> acl = new ArrayList<TablePermission>();
109     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
110       TablePermission.Action.WRITE));
111     AUTH_A.setTableUserPermissions("george", TEST_TABLE, acl);
112     Thread.sleep(100);
113 
114     // check it
115     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
116       TablePermission.Action.READ));
117     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
118       TablePermission.Action.WRITE));
119     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
120       TablePermission.Action.READ));
121     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
122       TablePermission.Action.WRITE));
123     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
124       TablePermission.Action.READ));
125     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
126       TablePermission.Action.WRITE));
127     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
128       TablePermission.Action.READ));
129     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
130       TablePermission.Action.WRITE));
131 
132     // update ACL: hubert R
133     acl = new ArrayList<TablePermission>();
134     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
135     AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
136     Thread.sleep(100);
137 
138     // check it
139     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
140       TablePermission.Action.READ));
141     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
142       TablePermission.Action.WRITE));
143     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
144       TablePermission.Action.READ));
145     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
146       TablePermission.Action.WRITE));
147     assertTrue(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
148       TablePermission.Action.READ));
149     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
150       TablePermission.Action.WRITE));
151     assertTrue(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
152       TablePermission.Action.READ));
153     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
154       TablePermission.Action.WRITE));
155   }
156 }