View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security.access;
19  
20  import static org.junit.Assert.*;
21  
22  import java.util.List;
23  
24  import org.apache.hadoop.conf.Configuration;
25  import org.apache.hadoop.hbase.HBaseTestingUtility;
26  import org.apache.hadoop.hbase.HColumnDescriptor;
27  import org.apache.hadoop.hbase.HTableDescriptor;
28  import org.apache.hadoop.hbase.LargeTests;
29  import org.apache.hadoop.hbase.client.HBaseAdmin;
30  import org.apache.hadoop.hbase.security.User;
31  import org.apache.hadoop.hbase.security.access.Permission.Action;
32  import org.apache.hadoop.hbase.util.Bytes;
33  import org.apache.hadoop.hbase.util.TestTableName;
34  import org.junit.AfterClass;
35  import org.junit.BeforeClass;
36  import org.junit.Rule;
37  import org.junit.Test;
38  import org.junit.experimental.categories.Category;
39  
40  @Category(LargeTests.class)
41  public class TestAccessController2 extends SecureTestUtil {
42  
43    private static final byte[] TEST_FAMILY = Bytes.toBytes("f");
44    private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
45    private static Configuration conf;
46  
47    @Rule public TestTableName TEST_TABLE = new TestTableName();
48  
49    @BeforeClass
50    public static void setupBeforeClass() throws Exception {
51      conf = TEST_UTIL.getConfiguration();
52      // Enable security
53      enableSecurity(conf);
54      // Verify enableSecurity sets up what we require
55      verifyConfiguration(conf);
56      TEST_UTIL.startMiniCluster();
57      // Wait for the ACL table to become available
58      TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
59    }
60  
61    @AfterClass
62    public static void tearDownAfterClass() throws Exception {
63      TEST_UTIL.shutdownMiniCluster();
64    }
65  
66    @Test
67    public void testCreateWithCorrectOwner() throws Exception {
68      // Create a test user
69      User testUser = User.createUserForTesting(TEST_UTIL.getConfiguration(), "TestUser",
70        new String[0]);
71      // Grant the test user the ability to create tables
72      SecureTestUtil.grantGlobal(TEST_UTIL, testUser.getShortName(), Action.CREATE);
73      verifyAllowed(new AccessTestAction() {
74        @Override
75        public Object run() throws Exception {
76          HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
77          desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
78          HBaseAdmin admin = new HBaseAdmin(conf);
79          try {
80            admin.createTable(desc);
81          } finally {
82            admin.close();
83          }
84          return null;
85        }
86      }, testUser);
87      TEST_UTIL.waitTableEnabled(TEST_TABLE.getTableName().getName());
88      // Verify that owner permissions have been granted to the test user on the
89      // table just created
90      List<TablePermission> perms = AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName())
91         .get(testUser.getShortName());
92      assertNotNull(perms);
93      assertFalse(perms.isEmpty());
94      // Should be RWXCA
95      assertTrue(perms.get(0).implies(Permission.Action.READ));
96      assertTrue(perms.get(0).implies(Permission.Action.WRITE));
97      assertTrue(perms.get(0).implies(Permission.Action.EXEC));
98      assertTrue(perms.get(0).implies(Permission.Action.CREATE));
99      assertTrue(perms.get(0).implies(Permission.Action.ADMIN));
100   }
101 
102 }