From 33df9fac20c61b28bccdd5493291e4ed1e68680d Mon Sep 17 00:00:00 2001
From: Andrew Kyle Purtell <apurtell@apache.org>
Date: Mon, 13 Jan 2014 21:22:13 +0000
Subject: [PATCH] HBASE-10331. Insure security tests use SecureTestUtil methods
 for grants

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1557856 13f79535-47bb-0310-9956-ffa450edef68
---
 .../access/TestAccessControlFilter.java       | 34 ++----------
 .../TestVisibilityLabelsWithACL.java          | 52 +++++--------------
 2 files changed, 17 insertions(+), 69 deletions(-)

diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
index 1f21fb62bc6..4d64deee264 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
@@ -22,7 +22,6 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import java.io.IOException;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
@@ -37,8 +36,6 @@ import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.junit.AfterClass;
@@ -49,19 +46,15 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TestName;
 
-import com.google.protobuf.BlockingRpcChannel;
-
 @Category(LargeTests.class)
 public class TestAccessControlFilter {
   @Rule public TestName name = new TestName();
   private static HBaseTestingUtility TEST_UTIL;
 
-  private static User ADMIN;
   private static User READER;
   private static User LIMITED;
   private static User DENIED;
 
-  
   private static TableName TABLE;
   private static byte[] FAMILY = Bytes.toBytes("f1");
   private static byte[] PRIVATE_COL = Bytes.toBytes("private");
@@ -83,7 +76,6 @@ public class TestAccessControlFilter {
     TEST_UTIL.startMiniCluster();
     TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
 
-    ADMIN = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
     READER = User.createUserForTesting(conf, "reader", new String[0]);
     LIMITED = User.createUserForTesting(conf, "limited", new String[0]);
     DENIED = User.createUserForTesting(conf, "denied", new String[0]);
@@ -104,28 +96,12 @@ public class TestAccessControlFilter {
     }
   }
 
-  private void doQualifierAccess(final HTable table) throws IOException, InterruptedException {
+  private void doQualifierAccess(final HTable table) throws Exception {
     // set permissions
-    ADMIN.runAs(new PrivilegedExceptionAction<Object>() {
-      @Override
-      public Object run() throws Exception {
-        HTable aclmeta = new HTable(TEST_UTIL.getConfiguration(),
-            AccessControlLists.ACL_TABLE_NAME);
-        try {
-          byte[] table = Bytes.toBytes(name.getMethodName());
-          BlockingRpcChannel service = aclmeta.coprocessorService(table);
-          AccessControlService.BlockingInterface protocol =
-            AccessControlService.newBlockingStub(service);
-          ProtobufUtil.grant(protocol, READER.getShortName(),
-            TABLE, null, null, Permission.Action.READ);
-          ProtobufUtil.grant(protocol, LIMITED.getShortName(),
-            TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ);
-          return null;
-        } finally {
-          aclmeta.close();
-        }
-      }
-    });
+    SecureTestUtil.grantOnTable(TEST_UTIL, READER.getShortName(), TABLE, null, null,
+      Permission.Action.READ);
+    SecureTestUtil.grantOnTable(TEST_UTIL, LIMITED.getShortName(), TABLE, FAMILY, PUBLIC_COL,
+      Permission.Action.READ);
 
     // put some test data
     List<Put> puts = new ArrayList<Put>(100);
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
index ee3d5f1a492..15b31363055 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
@@ -38,8 +38,6 @@ import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -55,7 +53,6 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TestName;
 
-import com.google.protobuf.BlockingRpcChannel;
 import com.google.protobuf.ByteString;
 
 @Category(MediumTests.class)
@@ -97,21 +94,13 @@ public class TestVisibilityLabelsWithACL {
     SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
     NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {});
     NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {});
-    // Grant NORMAL_USER EXEC privilege on the labels table. For the purposes of this
+    // Grant users EXEC privilege on the labels table. For the purposes of this
     // test, we want to insure that access is denied even with the ability to access
     // the endpoint.
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(LABELS_TABLE_NAME.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null, null,
-        Permission.Action.EXEC);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null, null,
-          Permission.Action.EXEC);
-    } finally {
-      acl.close();
-    }
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME,
+      null, null, Permission.Action.EXEC);
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME,
+      null, null, Permission.Action.EXEC);
   }
 
   @AfterClass
@@ -127,16 +116,8 @@ public class TestVisibilityLabelsWithACL {
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol = AccessControlService
-          .newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-    } finally {
-      acl.close();
-    }
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+      null, null, Permission.Action.READ);
     PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         Scan s = new Scan();
@@ -217,20 +198,11 @@ public class TestVisibilityLabelsWithACL {
     VisibilityClient.setAuths(conf, auths, "user1");
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET);
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol = AccessControlService
-          .newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-    } finally {
-      acl.close();
-    }
-
-   PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() {
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
+      null, null, Permission.Action.READ);
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+      null, null, Permission.Action.READ);
+    PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         Get g = new Get(row1);
         g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));