Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-10618 User should not be allowed to disable/drop visibility labels table (Anoop Sam John) 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1572354 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2014-02-26 23:52:42 +00:00
parent c6236a57a5
commit 8c18ecfba3
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
View File

@ -63,6 +63,7 @@ import org.apache.hadoop.hbase.client.Mutation;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.constraint.ConstraintException;
import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver;
import org.apache.hadoop.hbase.coprocessor.CoprocessorException;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@ -272,6 +273,9 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
@Override
public void preModifyTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, HTableDescriptor htd) throws IOException {
if (LABELS_TABLE_NAME.equals(tableName)) {
throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
}
}
@Override
@ -292,6 +296,9 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
@Override
public void preAddColumn(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName,
HColumnDescriptor column) throws IOException {
if (LABELS_TABLE_NAME.equals(tableName)) {
throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
}
}
@Override
@ -312,6 +319,9 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
@Override
public void preModifyColumn(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, HColumnDescriptor descriptor) throws IOException {
if (LABELS_TABLE_NAME.equals(tableName)) {
throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
}
}
@Override
@ -332,6 +342,9 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
@Override
public void preDeleteColumn(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName, byte[] c) throws IOException {
if (LABELS_TABLE_NAME.equals(tableName)) {
throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME);
}
}
@Override
@ -372,6 +385,9 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
@Override
public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)
throws IOException {
if (LABELS_TABLE_NAME.equals(tableName)) {
throw new ConstraintException("Cannot disable " + LABELS_TABLE_NAME);
}
}
@Override

46
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
View File

@ -35,11 +35,14 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.CellScanner;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.MediumTests;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Put;
@ -49,6 +52,7 @@ import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
import org.apache.hadoop.hbase.regionserver.BloomType;
import org.apache.hadoop.hbase.regionserver.HRegion;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.security.User;
@ -96,6 +100,7 @@ public class TestVisibilityLabels {
// setup configuration
conf = TEST_UTIL.getConfiguration();
conf.setBoolean(HConstants.DISTRIBUTED_LOG_REPLAY_KEY, false);
conf.setBoolean("hbase.online.schema.update.enable", true);
conf.setInt("hfile.format.version", 3);
conf.set("hbase.coprocessor.master.classes", VisibilityController.class.getName());
conf.set("hbase.coprocessor.region.classes", VisibilityController.class.getName());
@ -718,6 +723,47 @@ public class TestVisibilityLabels {
}
}
@Test
public void testUserShouldNotDoDDLOpOnLabelsTable() throws Exception {
HBaseAdmin admin = TEST_UTIL.getHBaseAdmin();
try {
admin.disableTable(LABELS_TABLE_NAME);
fail("Lables table should not get disabled by user.");
} catch (Exception e) {
}
try {
admin.deleteTable(LABELS_TABLE_NAME);
fail("Lables table should not get disabled by user.");
} catch (Exception e) {
}
try {
HColumnDescriptor hcd = new HColumnDescriptor("testFamily");
admin.addColumn(LABELS_TABLE_NAME, hcd);
fail("Lables table should not get altered by user.");
} catch (Exception e) {
}
try {
admin.deleteColumn(LABELS_TABLE_NAME, VisibilityConstants.LABELS_TABLE_FAMILY);
fail("Lables table should not get altered by user.");
} catch (Exception e) {
}
try {
HColumnDescriptor hcd = new HColumnDescriptor(VisibilityConstants.LABELS_TABLE_FAMILY);
hcd.setBloomFilterType(BloomType.ROWCOL);
admin.modifyColumn(LABELS_TABLE_NAME, hcd);
fail("Lables table should not get altered by user.");
} catch (Exception e) {
}
try {
HTableDescriptor htd = new HTableDescriptor(LABELS_TABLE_NAME);
htd.addFamily(new HColumnDescriptor("f1"));
htd.addFamily(new HColumnDescriptor("f2"));
admin.modifyTable(LABELS_TABLE_NAME, htd);
fail("Lables table should not get altered by user.");
} catch (Exception e) {
}
}
private static HTable createTableAndWriteDataWithLabels(TableName tableName, String... labelExps)
throws Exception {
HTable table = null;