1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.security.access;
19
20 import static org.junit.Assert.*;
21
22 import java.util.List;
23
24 import org.apache.hadoop.conf.Configuration;
25 import org.apache.hadoop.hbase.HBaseTestingUtility;
26 import org.apache.hadoop.hbase.HColumnDescriptor;
27 import org.apache.hadoop.hbase.HTableDescriptor;
28 import org.apache.hadoop.hbase.LargeTests;
29 import org.apache.hadoop.hbase.client.HBaseAdmin;
30 import org.apache.hadoop.hbase.security.User;
31 import org.apache.hadoop.hbase.security.access.Permission.Action;
32 import org.apache.hadoop.hbase.util.Bytes;
33 import org.apache.hadoop.hbase.util.TestTableName;
34 import org.junit.AfterClass;
35 import org.junit.BeforeClass;
36 import org.junit.Rule;
37 import org.junit.Test;
38 import org.junit.experimental.categories.Category;
39
40 @Category(LargeTests.class)
41 public class TestAccessController2 extends SecureTestUtil {
42
43 private static final byte[] TEST_FAMILY = Bytes.toBytes("f");
44 private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
45 private static Configuration conf;
46
47 @Rule public TestTableName TEST_TABLE = new TestTableName();
48
49 @BeforeClass
50 public static void setupBeforeClass() throws Exception {
51 conf = TEST_UTIL.getConfiguration();
52
53 enableSecurity(conf);
54
55 verifyConfiguration(conf);
56 TEST_UTIL.startMiniCluster();
57
58 TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
59 }
60
61 @AfterClass
62 public static void tearDownAfterClass() throws Exception {
63 TEST_UTIL.shutdownMiniCluster();
64 }
65
66 @Test
67 public void testCreateWithCorrectOwner() throws Exception {
68
69 User testUser = User.createUserForTesting(TEST_UTIL.getConfiguration(), "TestUser",
70 new String[0]);
71
72 SecureTestUtil.grantGlobal(TEST_UTIL, testUser.getShortName(), Action.CREATE);
73 verifyAllowed(new AccessTestAction() {
74 @Override
75 public Object run() throws Exception {
76 HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
77 desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
78 HBaseAdmin admin = new HBaseAdmin(conf);
79 try {
80 admin.createTable(desc);
81 } finally {
82 admin.close();
83 }
84 return null;
85 }
86 }, testUser);
87 TEST_UTIL.waitTableEnabled(TEST_TABLE.getTableName().getName());
88
89
90 List<TablePermission> perms = AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName())
91 .get(testUser.getShortName());
92 assertNotNull(perms);
93 assertFalse(perms.isEmpty());
94
95 assertTrue(perms.get(0).implies(Permission.Action.READ));
96 assertTrue(perms.get(0).implies(Permission.Action.WRITE));
97 assertTrue(perms.get(0).implies(Permission.Action.EXEC));
98 assertTrue(perms.get(0).implies(Permission.Action.CREATE));
99 assertTrue(perms.get(0).implies(Permission.Action.ADMIN));
100 }
101
102 }