diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/VisibilityTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/VisibilityTestUtil.java index 84273f7a376..7dbe2561469 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/VisibilityTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/VisibilityTestUtil.java @@ -13,6 +13,8 @@ package org.apache.hadoop.hbase.security.visibility; import java.io.IOException; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; + /** * Utility methods for testing visibility labels. @@ -21,8 +23,18 @@ public class VisibilityTestUtil { public static void enableVisiblityLabels(Configuration conf) throws IOException { conf.setInt("hfile.format.version", 3); - conf.set("hbase.coprocessor.master.classes", VisibilityController.class.getName()); - conf.set("hbase.coprocessor.region.classes", VisibilityController.class.getName()); + appendCoprocessor(conf, CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, + VisibilityController.class.getName()); + appendCoprocessor(conf, CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, + VisibilityController.class.getName()); + } + + private static void appendCoprocessor(Configuration conf, String property, String value) { + if (conf.get(property) == null) { + conf.set(property, VisibilityController.class.getName()); + } else { + conf.set(property, conf.get(property) + "," + VisibilityController.class.getName()); + } } } diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java index a050553c351..43fe3f8dc25 100644 --- a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java +++ b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java @@ -30,6 +30,7 @@ import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.LargeTests; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; import org.apache.hadoop.hbase.security.access.SecureTestUtil; +import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil; import org.jruby.embed.PathType; import org.jruby.embed.ScriptingContainer; import org.junit.AfterClass; @@ -51,8 +52,10 @@ public class TestShell { TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250); TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false); + TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3); // Security setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); + VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(); diff --git a/hbase-shell/src/test/ruby/hbase/table_test.rb b/hbase-shell/src/test/ruby/hbase/table_test.rb index 6fe213c0c80..7272229f2c0 100644 --- a/hbase-shell/src/test/ruby/hbase/table_test.rb +++ b/hbase-shell/src/test/ruby/hbase/table_test.rb @@ -132,10 +132,7 @@ module Hbase define_test "put should work with attributes" do @test_table.put("123", "x:a", 4, {ATTRIBUTES=>{'mykey'=>'myvalue'}}) end - - define_test "put should work with VISIBILITY" do - @test_table.put("123", "x:a", 4, {VISIBILITY=>'mykey'}) - end + #------------------------------------------------------------------------------- define_test "delete should work without timestamp" do @@ -206,9 +203,6 @@ module Hbase @test_table.put(3, "x:a", 21, {ATTRIBUTES=>{'mykey'=>'myvalue'}}) @test_table.put(3, "x:b", 22, @test_ts, {ATTRIBUTES=>{'mykey'=>'myvalue'}}) - - @test_table.put(4, "x:a", 31, {VISIBILITY=>'mykey'}) - @test_table.put(4, "x:b", 32, @test_ts, {VISIBILITY=>'mykey'}) end @@ -242,14 +236,6 @@ module Hbase assert_not_nil(res['x:a']) assert_not_nil(res['x:b']) end - - define_test "get should work for data written with Visibility" do - res = @test_table._get_internal('4') - assert_not_nil(res) - assert_kind_of(Hash, res) - assert_not_nil(res['x:a']) - assert_not_nil(res['x:b']) - end define_test "get should work with integer keys" do res = @test_table._get_internal(1) diff --git a/hbase-shell/src/test/ruby/hbase/visibility_labels_admin_test.rb b/hbase-shell/src/test/ruby/hbase/visibility_labels_admin_test.rb new file mode 100644 index 00000000000..2c20a179dff --- /dev/null +++ b/hbase-shell/src/test/ruby/hbase/visibility_labels_admin_test.rb @@ -0,0 +1,85 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'shell' +require 'shell/formatter' +require 'hbase' +require 'hbase/hbase' +require 'hbase/table' + +include HBaseConstants + +module Hbase + # Simple secure administration methods tests + class VisibilityLabelsAdminMethodsTest < Test::Unit::TestCase + include TestHelpers + + def setup + setup_hbase + @test_name = "hbase_shell_tests_table" + @test_table = table(@test_name) + # Create table test table name + create_test_table(@test_name) + end + + define_test "Labels should be created as specified" do + label = 'TEST_LABELS' + count = table('hbase:labels')._count_internal + visibility_admin.add_labels('test_label') + assert_equal(count + 1, table('hbase:labels')._count_internal) + end + + define_test "The set/clear methods should work with authorizations" do + label = 'TEST_AUTHS' + user = org.apache.hadoop.hbase.security.User.getCurrent().getName(); + visibility_admin.add_labels(label) + count = visibility_admin.get_auths(user).length + + # verifying the set functionality + visibility_admin.set_auths(user, label) + assert_equal(count + 1, visibility_admin.get_auths(user).length) + assert_block do + visibility_admin.get_auths(user).any? { + |auth| org.apache.hadoop.hbase.util.Bytes::toStringBinary(auth.toByteArray) == label + } + end + + # verifying the clear functionality + visibility_admin.clear_auths(user, label) + assert_equal(count, visibility_admin.get_auths(user).length) + end + + define_test "The get/put methods should work for data written with Visibility" do + label = 'TEST_VISIBILITY' + user = org.apache.hadoop.hbase.security.User.getCurrent().getName(); + visibility_admin.add_labels(label) + visibility_admin.set_auths(user, label) + + # verifying put functionality + @test_table.put(1, "x:a", 31, {VISIBILITY=>label}) + + # verifying get functionality + res = @test_table._get_internal('1', {AUTHORIZATIONS=>[label]}) + assert_not_nil(res) + assert_kind_of(Hash, res) + assert_not_nil(res['x:a']) + end + + end +end diff --git a/hbase-shell/src/test/ruby/test_helper.rb b/hbase-shell/src/test/ruby/test_helper.rb index a5e2d309de4..0540a57724d 100644 --- a/hbase-shell/src/test/ruby/test_helper.rb +++ b/hbase-shell/src/test/ruby/test_helper.rb @@ -60,6 +60,10 @@ module Hbase @shell.hbase_security_admin end + def visibility_admin + @shell.hbase_visibility_labels_admin + end + def create_test_table(name) # Create the table if needed unless admin.exists?(name)