1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import static org.junit.Assert.assertFalse;
22 import static org.junit.Assert.assertTrue;
23
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.concurrent.atomic.AtomicBoolean;
27
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.apache.hadoop.conf.Configuration;
31 import org.apache.hadoop.hbase.Abortable;
32 import org.apache.hadoop.hbase.TableName;
33 import org.apache.hadoop.hbase.HBaseTestingUtility;
34 import org.apache.hadoop.hbase.LargeTests;
35 import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
36 import org.junit.AfterClass;
37 import org.junit.BeforeClass;
38 import org.junit.Test;
39 import org.junit.experimental.categories.Category;
40
41
42
43
44 @Category(LargeTests.class)
45 public class TestZKPermissionsWatcher {
46 private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
47 private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
48 private static TableAuthManager AUTH_A;
49 private static TableAuthManager AUTH_B;
50 private final static Abortable ABORTABLE = new Abortable() {
51 private final AtomicBoolean abort = new AtomicBoolean(false);
52
53 @Override
54 public void abort(String why, Throwable e) {
55 LOG.info(why, e);
56 abort.set(true);
57 }
58
59 @Override
60 public boolean isAborted() {
61 return abort.get();
62 }
63 };
64
65 private static TableName TEST_TABLE =
66 TableName.valueOf("perms_test");
67
68 @BeforeClass
69 public static void beforeClass() throws Exception {
70
71 Configuration conf = UTIL.getConfiguration();
72 SecureTestUtil.enableSecurity(conf);
73
74
75 UTIL.startMiniCluster();
76 AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
77 "TestZKPermissionsWatcher_1", ABORTABLE), conf);
78 AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
79 "TestZKPermissionsWatcher_2", ABORTABLE), conf);
80 }
81
82 @AfterClass
83 public static void afterClass() throws Exception {
84 UTIL.shutdownMiniCluster();
85 }
86
87 @Test
88 public void testPermissionsWatcher() throws Exception {
89 assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
90 TablePermission.Action.READ));
91 assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
92 TablePermission.Action.WRITE));
93 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
94 TablePermission.Action.READ));
95 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
96 TablePermission.Action.WRITE));
97
98 assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
99 TablePermission.Action.READ));
100 assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
101 TablePermission.Action.WRITE));
102 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
103 TablePermission.Action.READ));
104 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
105 TablePermission.Action.WRITE));
106
107
108 List<TablePermission> acl = new ArrayList<TablePermission>();
109 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
110 TablePermission.Action.WRITE));
111 AUTH_A.setTableUserPermissions("george", TEST_TABLE, acl);
112 Thread.sleep(100);
113
114
115 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
116 TablePermission.Action.READ));
117 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
118 TablePermission.Action.WRITE));
119 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
120 TablePermission.Action.READ));
121 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
122 TablePermission.Action.WRITE));
123 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
124 TablePermission.Action.READ));
125 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
126 TablePermission.Action.WRITE));
127 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
128 TablePermission.Action.READ));
129 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
130 TablePermission.Action.WRITE));
131
132
133 acl = new ArrayList<TablePermission>();
134 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
135 AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
136 Thread.sleep(100);
137
138
139 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
140 TablePermission.Action.READ));
141 assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
142 TablePermission.Action.WRITE));
143 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
144 TablePermission.Action.READ));
145 assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
146 TablePermission.Action.WRITE));
147 assertTrue(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
148 TablePermission.Action.READ));
149 assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
150 TablePermission.Action.WRITE));
151 assertTrue(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
152 TablePermission.Action.READ));
153 assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
154 TablePermission.Action.WRITE));
155 }
156 }