HBASE-11713 Adding hbase shell unit test coverage for visibility labels (Srikanth Srungarapu)
This commit is contained in:
parent
a3f99265c3
commit
baeabeab83
|
@ -13,6 +13,8 @@ package org.apache.hadoop.hbase.security.visibility;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Utility methods for testing visibility labels.
|
* Utility methods for testing visibility labels.
|
||||||
|
@ -21,8 +23,18 @@ public class VisibilityTestUtil {
|
||||||
|
|
||||||
public static void enableVisiblityLabels(Configuration conf) throws IOException {
|
public static void enableVisiblityLabels(Configuration conf) throws IOException {
|
||||||
conf.setInt("hfile.format.version", 3);
|
conf.setInt("hfile.format.version", 3);
|
||||||
conf.set("hbase.coprocessor.master.classes", VisibilityController.class.getName());
|
appendCoprocessor(conf, CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY,
|
||||||
conf.set("hbase.coprocessor.region.classes", VisibilityController.class.getName());
|
VisibilityController.class.getName());
|
||||||
|
appendCoprocessor(conf, CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
|
||||||
|
VisibilityController.class.getName());
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void appendCoprocessor(Configuration conf, String property, String value) {
|
||||||
|
if (conf.get(property) == null) {
|
||||||
|
conf.set(property, VisibilityController.class.getName());
|
||||||
|
} else {
|
||||||
|
conf.set(property, conf.get(property) + "," + VisibilityController.class.getName());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,7 @@ import org.apache.hadoop.hbase.HConstants;
|
||||||
import org.apache.hadoop.hbase.LargeTests;
|
import org.apache.hadoop.hbase.LargeTests;
|
||||||
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
|
||||||
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
|
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
|
||||||
|
import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
|
||||||
import org.jruby.embed.PathType;
|
import org.jruby.embed.PathType;
|
||||||
import org.jruby.embed.ScriptingContainer;
|
import org.jruby.embed.ScriptingContainer;
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
|
@ -51,8 +52,10 @@ public class TestShell {
|
||||||
TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250);
|
TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250);
|
||||||
TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6);
|
TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6);
|
||||||
TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false);
|
TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false);
|
||||||
|
TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3);
|
||||||
// Security setup configuration
|
// Security setup configuration
|
||||||
SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
|
SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration());
|
||||||
|
VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration());
|
||||||
|
|
||||||
TEST_UTIL.startMiniCluster();
|
TEST_UTIL.startMiniCluster();
|
||||||
|
|
||||||
|
|
|
@ -133,9 +133,6 @@ module Hbase
|
||||||
@test_table.put("123", "x:a", 4, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
@test_table.put("123", "x:a", 4, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
||||||
end
|
end
|
||||||
|
|
||||||
define_test "put should work with VISIBILITY" do
|
|
||||||
@test_table.put("123", "x:a", 4, {VISIBILITY=>'mykey'})
|
|
||||||
end
|
|
||||||
#-------------------------------------------------------------------------------
|
#-------------------------------------------------------------------------------
|
||||||
|
|
||||||
define_test "delete should work without timestamp" do
|
define_test "delete should work without timestamp" do
|
||||||
|
@ -207,9 +204,6 @@ module Hbase
|
||||||
@test_table.put(3, "x:a", 21, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
@test_table.put(3, "x:a", 21, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
||||||
@test_table.put(3, "x:b", 22, @test_ts, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
@test_table.put(3, "x:b", 22, @test_ts, {ATTRIBUTES=>{'mykey'=>'myvalue'}})
|
||||||
|
|
||||||
@test_table.put(4, "x:a", 31, {VISIBILITY=>'mykey'})
|
|
||||||
@test_table.put(4, "x:b", 32, @test_ts, {VISIBILITY=>'mykey'})
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
define_test "count should work w/o a block passed" do
|
define_test "count should work w/o a block passed" do
|
||||||
|
@ -243,14 +237,6 @@ module Hbase
|
||||||
assert_not_nil(res['x:b'])
|
assert_not_nil(res['x:b'])
|
||||||
end
|
end
|
||||||
|
|
||||||
define_test "get should work for data written with Visibility" do
|
|
||||||
res = @test_table._get_internal('4')
|
|
||||||
assert_not_nil(res)
|
|
||||||
assert_kind_of(Hash, res)
|
|
||||||
assert_not_nil(res['x:a'])
|
|
||||||
assert_not_nil(res['x:b'])
|
|
||||||
end
|
|
||||||
|
|
||||||
define_test "get should work with integer keys" do
|
define_test "get should work with integer keys" do
|
||||||
res = @test_table._get_internal(1)
|
res = @test_table._get_internal(1)
|
||||||
assert_not_nil(res)
|
assert_not_nil(res)
|
||||||
|
|
|
@ -0,0 +1,85 @@
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
require 'shell'
|
||||||
|
require 'shell/formatter'
|
||||||
|
require 'hbase'
|
||||||
|
require 'hbase/hbase'
|
||||||
|
require 'hbase/table'
|
||||||
|
|
||||||
|
include HBaseConstants
|
||||||
|
|
||||||
|
module Hbase
|
||||||
|
# Simple secure administration methods tests
|
||||||
|
class VisibilityLabelsAdminMethodsTest < Test::Unit::TestCase
|
||||||
|
include TestHelpers
|
||||||
|
|
||||||
|
def setup
|
||||||
|
setup_hbase
|
||||||
|
@test_name = "hbase_shell_tests_table"
|
||||||
|
@test_table = table(@test_name)
|
||||||
|
# Create table test table name
|
||||||
|
create_test_table(@test_name)
|
||||||
|
end
|
||||||
|
|
||||||
|
define_test "Labels should be created as specified" do
|
||||||
|
label = 'TEST_LABELS'
|
||||||
|
count = table('hbase:labels')._count_internal
|
||||||
|
visibility_admin.add_labels('test_label')
|
||||||
|
assert_equal(count + 1, table('hbase:labels')._count_internal)
|
||||||
|
end
|
||||||
|
|
||||||
|
define_test "The set/clear methods should work with authorizations" do
|
||||||
|
label = 'TEST_AUTHS'
|
||||||
|
user = org.apache.hadoop.hbase.security.User.getCurrent().getName();
|
||||||
|
visibility_admin.add_labels(label)
|
||||||
|
count = visibility_admin.get_auths(user).length
|
||||||
|
|
||||||
|
# verifying the set functionality
|
||||||
|
visibility_admin.set_auths(user, label)
|
||||||
|
assert_equal(count + 1, visibility_admin.get_auths(user).length)
|
||||||
|
assert_block do
|
||||||
|
visibility_admin.get_auths(user).any? {
|
||||||
|
|auth| org.apache.hadoop.hbase.util.Bytes::toStringBinary(auth.toByteArray) == label
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
# verifying the clear functionality
|
||||||
|
visibility_admin.clear_auths(user, label)
|
||||||
|
assert_equal(count, visibility_admin.get_auths(user).length)
|
||||||
|
end
|
||||||
|
|
||||||
|
define_test "The get/put methods should work for data written with Visibility" do
|
||||||
|
label = 'TEST_VISIBILITY'
|
||||||
|
user = org.apache.hadoop.hbase.security.User.getCurrent().getName();
|
||||||
|
visibility_admin.add_labels(label)
|
||||||
|
visibility_admin.set_auths(user, label)
|
||||||
|
|
||||||
|
# verifying put functionality
|
||||||
|
@test_table.put(1, "x:a", 31, {VISIBILITY=>label})
|
||||||
|
|
||||||
|
# verifying get functionality
|
||||||
|
res = @test_table._get_internal('1', {AUTHORIZATIONS=>[label]})
|
||||||
|
assert_not_nil(res)
|
||||||
|
assert_kind_of(Hash, res)
|
||||||
|
assert_not_nil(res['x:a'])
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
|
@ -60,6 +60,10 @@ module Hbase
|
||||||
@shell.hbase_security_admin
|
@shell.hbase_security_admin
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def visibility_admin
|
||||||
|
@shell.hbase_visibility_labels_admin
|
||||||
|
end
|
||||||
|
|
||||||
def create_test_table(name)
|
def create_test_table(name)
|
||||||
# Create the table if needed
|
# Create the table if needed
|
||||||
unless admin.exists?(name)
|
unless admin.exists?(name)
|
||||||
|
|
Loading…
Reference in New Issue