diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java index 1f21fb62bc6..4d64deee264 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java @@ -22,7 +22,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; -import java.io.IOException; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.List; @@ -37,8 +36,6 @@ import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.Scan; -import org.apache.hadoop.hbase.protobuf.ProtobufUtil; -import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.Bytes; import org.junit.AfterClass; @@ -49,19 +46,15 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.rules.TestName; -import com.google.protobuf.BlockingRpcChannel; - @Category(LargeTests.class) public class TestAccessControlFilter { @Rule public TestName name = new TestName(); private static HBaseTestingUtility TEST_UTIL; - private static User ADMIN; private static User READER; private static User LIMITED; private static User DENIED; - private static TableName TABLE; private static byte[] FAMILY = Bytes.toBytes("f1"); private static byte[] PRIVATE_COL = Bytes.toBytes("private"); @@ -83,7 +76,6 @@ public class TestAccessControlFilter { TEST_UTIL.startMiniCluster(); TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); - ADMIN = User.createUserForTesting(conf, "admin", new String[]{"supergroup"}); READER = User.createUserForTesting(conf, "reader", new String[0]); LIMITED = User.createUserForTesting(conf, "limited", new String[0]); DENIED = User.createUserForTesting(conf, "denied", new String[0]); @@ -104,28 +96,12 @@ public class TestAccessControlFilter { } } - private void doQualifierAccess(final HTable table) throws IOException, InterruptedException { + private void doQualifierAccess(final HTable table) throws Exception { // set permissions - ADMIN.runAs(new PrivilegedExceptionAction() { - @Override - public Object run() throws Exception { - HTable aclmeta = new HTable(TEST_UTIL.getConfiguration(), - AccessControlLists.ACL_TABLE_NAME); - try { - byte[] table = Bytes.toBytes(name.getMethodName()); - BlockingRpcChannel service = aclmeta.coprocessorService(table); - AccessControlService.BlockingInterface protocol = - AccessControlService.newBlockingStub(service); - ProtobufUtil.grant(protocol, READER.getShortName(), - TABLE, null, null, Permission.Action.READ); - ProtobufUtil.grant(protocol, LIMITED.getShortName(), - TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ); - return null; - } finally { - aclmeta.close(); - } - } - }); + SecureTestUtil.grantOnTable(TEST_UTIL, READER.getShortName(), TABLE, null, null, + Permission.Action.READ); + SecureTestUtil.grantOnTable(TEST_UTIL, LIMITED.getShortName(), TABLE, FAMILY, PUBLIC_COL, + Permission.Action.READ); // put some test data List puts = new ArrayList(100); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java index ee3d5f1a492..15b31363055 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java @@ -38,8 +38,6 @@ import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.Scan; -import org.apache.hadoop.hbase.protobuf.ProtobufUtil; -import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse; import org.apache.hadoop.hbase.security.User; @@ -55,7 +53,6 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.rules.TestName; -import com.google.protobuf.BlockingRpcChannel; import com.google.protobuf.ByteString; @Category(MediumTests.class) @@ -97,21 +94,13 @@ public class TestVisibilityLabelsWithACL { SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {}); - // Grant NORMAL_USER EXEC privilege on the labels table. For the purposes of this + // Grant users EXEC privilege on the labels table. For the purposes of this // test, we want to insure that access is denied even with the ability to access // the endpoint. - HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); - try { - BlockingRpcChannel service = acl.coprocessorService(LABELS_TABLE_NAME.getName()); - AccessControlService.BlockingInterface protocol = - AccessControlService.newBlockingStub(service); - ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null, null, - Permission.Action.EXEC); - ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null, null, - Permission.Action.EXEC); - } finally { - acl.close(); - } + SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, + null, null, Permission.Action.EXEC); + SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, + null, null, Permission.Action.EXEC); } @AfterClass @@ -127,16 +116,8 @@ public class TestVisibilityLabelsWithACL { TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); - HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); - try { - BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); - AccessControlService.BlockingInterface protocol = AccessControlService - .newBlockingStub(service); - ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null, - Permission.Action.READ); - } finally { - acl.close(); - } + SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, + null, null, Permission.Action.READ); PrivilegedExceptionAction scanAction = new PrivilegedExceptionAction() { public Void run() throws Exception { Scan s = new Scan(); @@ -217,20 +198,11 @@ public class TestVisibilityLabelsWithACL { VisibilityClient.setAuths(conf, auths, "user1"); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET); - HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); - try { - BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); - AccessControlService.BlockingInterface protocol = AccessControlService - .newBlockingStub(service); - ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), tableName, null, null, - Permission.Action.READ); - ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null, - Permission.Action.READ); - } finally { - acl.close(); - } - - PrivilegedExceptionAction getAction = new PrivilegedExceptionAction() { + SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, + null, null, Permission.Action.READ); + SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, + null, null, Permission.Action.READ); + PrivilegedExceptionAction getAction = new PrivilegedExceptionAction() { public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));