From 6f2a969649baaf28d155879b2285706c2013366a Mon Sep 17 00:00:00 2001
From: Andrew Purtell <apurtell@apache.org>
Date: Fri, 11 Jul 2014 17:28:26 -0700
Subject: [PATCH] HBASE-11057 Improve TestShell coverage of grant and revoke
 comamnds (Srikanth Srungarapu)

---
 .../apache/hadoop/hbase/client/TestShell.java |  9 ++-
 .../test/ruby/hbase/security_admin_test.rb    | 67 +++++++++++++++++++
 hbase-shell/src/test/ruby/test_helper.rb      |  4 ++
 3 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 hbase-shell/src/test/ruby/hbase/security_admin_test.rb

diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java
index 4f41c8d2fac..a050553c351 100644
--- a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java
+++ b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java
@@ -29,12 +29,12 @@ import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.LargeTests;
 import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
+import org.apache.hadoop.hbase.security.access.SecureTestUtil;
+import org.jruby.embed.PathType;
+import org.jruby.embed.ScriptingContainer;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
-
-import org.jruby.embed.ScriptingContainer;
-import org.jruby.embed.PathType;
 import org.junit.experimental.categories.Category;
 
 @Category(LargeTests.class)
@@ -51,6 +51,9 @@ public class TestShell {
     TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250);
     TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6);
     TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false);
+    // Security setup configuration
+    SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
+
     TEST_UTIL.startMiniCluster();
 
     // Configure jruby runtime
diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb
new file mode 100644
index 00000000000..9fae31ca529
--- /dev/null
+++ b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb
@@ -0,0 +1,67 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'shell'
+require 'shell/formatter'
+require 'hbase'
+require 'hbase/hbase'
+require 'hbase/table'
+
+include HBaseConstants
+
+module Hbase
+  # Simple secure administration methods tests
+  class SecureAdminMethodsTest < Test::Unit::TestCase
+    include TestHelpers
+
+    def setup
+      setup_hbase
+      # Create test table if it does not exist
+      @test_name = "hbase_shell_tests_table"
+      create_test_table(@test_name)
+
+      # Create table test table name
+      @create_test_name = 'hbase_create_table_test_table'
+    end
+
+    define_test "Revoke should rid access rights appropriately" do
+      drop_test_table(@test_name)
+      create_test_table(@test_name)
+      table = table(@test_name)
+      user = org.apache.hadoop.hbase.security.User.getCurrent().getName();
+      assert_equal(1, security_admin.user_permission(@test_name).length)
+      security_admin.revoke(user, @test_name)
+      assert_equal(0, security_admin.user_permission(@test_name).length)
+    end
+
+    define_test "Grant should set access rights appropriately" do
+      drop_test_table(@test_name)
+      create_test_table(@test_name)
+      table = table(@test_name)
+      user = org.apache.hadoop.hbase.security.User.getCurrent().getName();
+      security_admin.user_permission(@test_name) do |user, permission|
+         assert_match(eval("/WRITE/"), permission.to_s)
+      end
+      security_admin.grant(user,"RXCA", @test_name)
+      security_admin.user_permission(@test_name) do |user, permission|
+         assert_no_match(eval("/WRITE/"), permission.to_s)
+      end
+    end
+  end
+end
diff --git a/hbase-shell/src/test/ruby/test_helper.rb b/hbase-shell/src/test/ruby/test_helper.rb
index 52d5de40be9..a5e2d309de4 100644
--- a/hbase-shell/src/test/ruby/test_helper.rb
+++ b/hbase-shell/src/test/ruby/test_helper.rb
@@ -56,6 +56,10 @@ module Hbase
       @shell.hbase_admin
     end
 
+    def security_admin
+      @shell.hbase_security_admin
+    end
+
     def create_test_table(name)
       # Create the table if needed
       unless admin.exists?(name)