Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13358 - Update VisibilityClient to accept Connection objects. 

Signed-off-by: Srikanth Srungarapu <ssrungarapu@cloudera.com>
This commit is contained in:
Matt Warhaftig 2015-04-30 20:33:04 -04:00 committed by Srikanth Srungarapu
parent 235dc9734f
commit d50d6d967d
19 changed files with 207 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java
View File

@ -56,87 +56,82 @@ public class VisibilityClient {
/**
* Utility method for adding label to the system.
*
* @param conf
*
* @param connection
* @param label
* @return VisibilityLabelsResponse
* @throws Throwable
*/
public static VisibilityLabelsResponse addLabel(Configuration conf, final String label)
public static VisibilityLabelsResponse addLabel(Connection connection, final String label)
throws Throwable {
return addLabels(conf, new String[] { label });
return addLabels(connection, new String[] { label });
}
/**
* Utility method for adding labels to the system.
*
* @param conf
*
* @param connection
* @param labels
* @return VisibilityLabelsResponse
* @throws Throwable
*/
public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels)
public static VisibilityLabelsResponse addLabels(Connection connection, final String[] labels)
throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable =
new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
ServerRpcController controller = new ServerRpcController();
BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback =
new BlockingRpcCallback<VisibilityLabelsResponse>();
public VisibilityLabelsResponse call(VisibilityLabelsService service)
throws IOException {
VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder();
for (String label : labels) {
if (label.length() > 0) {
VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder();
newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label)));
builder.addVisLabel(newBuilder.build());
try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable =
new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
ServerRpcController controller = new ServerRpcController();
BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback =
new BlockingRpcCallback<VisibilityLabelsResponse>();
public VisibilityLabelsResponse call(VisibilityLabelsService service)
throws IOException {
VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder();
for (String label : labels) {
if (label.length() > 0) {
VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder();
newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label)));
builder.addVisLabel(newBuilder.build());
}
}
service.addLabels(controller, builder.build(), rpcCallback);
VisibilityLabelsResponse response = rpcCallback.get();
if (controller.failedOnException()) {
throw controller.getFailedOn();
}
return response;
}
service.addLabels(controller, builder.build(), rpcCallback);
VisibilityLabelsResponse response = rpcCallback.get();
if (controller.failedOnException()) {
throw controller.getFailedOn();
}
return response;
}
};
Map<byte[], VisibilityLabelsResponse> result =
};
Map<byte[], VisibilityLabelsResponse> result =
table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY,
HConstants.EMPTY_BYTE_ARRAY, callable);
return result.values().iterator().next(); // There will be exactly one region for labels
// table and so one entry in result Map.
}
return result.values().iterator().next(); // There will be exactly one region for labels
// table and so one entry in result Map.
}
}
/**
* Sets given labels globally authorized for the user.
* @param conf
* @param connection
* @param auths
* @param user
* @return VisibilityLabelsResponse
* @throws Throwable
*/
public static VisibilityLabelsResponse setAuths(Configuration conf, final String[] auths,
public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths,
final String user) throws Throwable {
return setOrClearAuths(conf, auths, user, true);
return setOrClearAuths(connection, auths, user, true);
}
/**
* @param conf
* @param connection the Connection instance to use.
* @param user
* @return labels, the given user is globally authorized for.
* @throws Throwable
*/
public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
public static GetAuthsResponse getAuths(Connection connection, final String user)
throws Throwable {
try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
Batch.Call<VisibilityLabelsService, GetAuthsResponse> callable =
new Batch.Call<VisibilityLabelsService, GetAuthsResponse>() {
@ -161,44 +156,41 @@ public class VisibilityClient {
return result.values().iterator().next(); // There will be exactly one region for labels
// table and so one entry in result Map.
}
}
}
/**
* Retrieve the list of visibility labels defined in the system.
* @param conf
* @param connection The Connection instance to use.
* @param regex The regular expression to filter which labels are returned.
* @return labels The list of visibility labels defined in the system.
* @throws Throwable
*/
public static ListLabelsResponse listLabels(Configuration conf, final String regex)
public static ListLabelsResponse listLabels(Connection connection, final String regex)
throws Throwable {
Connection connection = null;
Table table = null;
try {
connection = ConnectionFactory.createConnection(conf);
table = connection.getTable(LABELS_TABLE_NAME);
Batch.Call<VisibilityLabelsService, ListLabelsResponse> callable =
new Batch.Call<VisibilityLabelsService, ListLabelsResponse>() {
ServerRpcController controller = new ServerRpcController();
BlockingRpcCallback<ListLabelsResponse> rpcCallback =
new BlockingRpcCallback<ListLabelsResponse>();
ServerRpcController controller = new ServerRpcController();
BlockingRpcCallback<ListLabelsResponse> rpcCallback =
new BlockingRpcCallback<ListLabelsResponse>();
public ListLabelsResponse call(VisibilityLabelsService service) throws IOException {
ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder();
if (regex != null) {
// Compile the regex here to catch any regex exception earlier.
Pattern pattern = Pattern.compile(regex);
listAuthLabelsReqBuilder.setRegex(pattern.toString());
}
service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback);
ListLabelsResponse response = rpcCallback.get();
if (controller.failedOnException()) {
throw controller.getFailedOn();
}
return response;
}
};
public ListLabelsResponse call(VisibilityLabelsService service) throws IOException {
ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder();
if (regex != null) {
// Compile the regex here to catch any regex exception earlier.
Pattern pattern = Pattern.compile(regex);
listAuthLabelsReqBuilder.setRegex(pattern.toString());
}
service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback);
ListLabelsResponse response = rpcCallback.get();
if (controller.failedOnException()) {
throw controller.getFailedOn();
}
return response;
}
};
Map<byte[], ListLabelsResponse> result =
table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY,
HConstants.EMPTY_BYTE_ARRAY, callable);
@ -217,22 +209,21 @@ public class VisibilityClient {
/**
* Removes given labels from user's globally authorized list of labels.
* @param conf
* @param connection
* @param auths
* @param user
* @return VisibilityLabelsResponse
* @throws Throwable
*/
public static VisibilityLabelsResponse clearAuths(Configuration conf, final String[] auths,
public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths,
final String user) throws Throwable {
return setOrClearAuths(conf, auths, user, false);
return setOrClearAuths(connection, auths, user, false);
}
private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths,
final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
private static VisibilityLabelsResponse setOrClearAuths(Connection connection,
final String[] auths, final String user, final boolean setOrClear)
throws IOException, ServiceException, Throwable {
try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable =
new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
@ -266,6 +257,5 @@ public class VisibilityClient {
return result.values().iterator().next(); // There will be exactly one region for labels
// table and so one entry in result Map.
}
}
}
}

4
hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java
View File

@ -115,8 +115,8 @@ public class IntegrationTestIngestWithVisibilityLabels extends IntegrationTestIn
private void addLabels() throws Exception {
try {
VisibilityClient.addLabels(util.getConfiguration(), LABELS);
VisibilityClient.setAuths(util.getConfiguration(), LABELS, User.getCurrent().getName());
VisibilityClient.addLabels(util.getConnection(), LABELS);
VisibilityClient.setAuths(util.getConnection(), LABELS, User.getCurrent().getName());
} catch (Throwable t) {
throw new IOException(t);
}

4
hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
View File

@ -385,8 +385,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
private void addLabels() throws Exception {
try {
VisibilityClient.addLabels(util.getConfiguration(), labels.split(COMMA));
VisibilityClient.setAuths(util.getConfiguration(), labels.split(COMMA), USER.getName());
VisibilityClient.addLabels(util.getConnection(), labels.split(COMMA));
VisibilityClient.setAuths(util.getConnection(), labels.split(COMMA), USER.getName());
} catch (Throwable t) {
throw new IOException(t);
}

6
hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java
View File

@ -141,10 +141,10 @@ public class IntegrationTestWithCellVisibilityLoadAndVerify extends IntegrationT
private void addLabelsAndAuths() throws Exception {
try {
VisibilityClient.addLabels(util.getConfiguration(), LABELS);
VisibilityClient.setAuths(util.getConfiguration(), new String[] { CONFIDENTIAL, TOPSECRET,
VisibilityClient.addLabels(util.getConnection(), LABELS);
VisibilityClient.setAuths(util.getConnection(), new String[] { CONFIDENTIAL, TOPSECRET,
SECRET, PRIVATE }, USER1.getName());
VisibilityClient.setAuths(util.getConfiguration(), new String[] { PUBLIC },
VisibilityClient.setAuths(util.getConnection(), new String[] { PUBLIC },
USER2.getName());
} catch (Throwable t) {
throw new IOException(t);

10
hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java
View File

@ -24,6 +24,8 @@ import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.KeyValue;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Durability;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Table;
@ -165,8 +167,8 @@ public class TestScannersWithLabels {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}
@ -177,8 +179,8 @@ public class TestScannersWithLabels {
}
private static void setAuths() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
try {
VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName());
} catch (Throwable t) {
throw new IOException(t);
}

6
hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java
View File

@ -45,6 +45,8 @@ import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.testclassification.MapReduceTests;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HTable;
@ -131,8 +133,8 @@ public class TestImportTSVWithVisibilityLabels implements Configurable {
@Override
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
LOG.info("Added labels ");
} catch (Throwable t) {
LOG.error("Error in adding labels" , t);

6
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java
View File

@ -86,9 +86,9 @@ public class TestDefaultScanLabelGeneratorStack {
// Set up for the test
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
} catch (Throwable t) {
throw new IOException(t);
}

6
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java
View File

@ -84,9 +84,9 @@ public class TestEnforcingScanLabelGenerator {
// Set up for the test
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
} catch (Throwable t) {
throw new IOException(t);
}

30
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
View File

@ -413,8 +413,8 @@ public abstract class TestVisibilityLabels {
PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
String[] auths = { SECRET, CONFIDENTIAL };
try {
VisibilityClient.setAuths(conf, auths, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths, user);
} catch (Throwable e) {
}
return null;
@ -439,8 +439,8 @@ public abstract class TestVisibilityLabels {
action = new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try {
authsResponse = VisibilityClient.getAuths(conf, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, user);
} catch (Throwable e) {
fail("Should not have failed");
}
@ -461,10 +461,10 @@ public abstract class TestVisibilityLabels {
public Void run() throws Exception {
String[] auths1 = { SECRET, CONFIDENTIAL };
GetAuthsResponse authsResponse = null;
try {
VisibilityClient.setAuths(conf, auths1, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths1, user);
try {
authsResponse = VisibilityClient.getAuths(conf, user);
authsResponse = VisibilityClient.getAuths(conn, user);
} catch (Throwable e) {
fail("Should not have failed");
}
@ -502,8 +502,8 @@ public abstract class TestVisibilityLabels {
public Void run() throws Exception {
String[] auths = { SECRET, CONFIDENTIAL, PRIVATE };
String user = "testUser";
try {
VisibilityClient.setAuths(conf, auths, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths, user);
} catch (Throwable e) {
fail("Should not have failed");
}
@ -511,8 +511,8 @@ public abstract class TestVisibilityLabels {
// Passing a non existing auth also.
auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL };
VisibilityLabelsResponse response = null;
try {
response = VisibilityClient.clearAuths(conf, auths, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.clearAuths(conn, auths, user);
} catch (Throwable e) {
fail("Should not have failed");
}
@ -540,8 +540,8 @@ public abstract class TestVisibilityLabels {
}
GetAuthsResponse authsResponse = null;
try {
authsResponse = VisibilityClient.getAuths(conf, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, user);
} catch (Throwable e) {
fail("Should not have failed");
}
@ -826,8 +826,8 @@ public abstract class TestVisibilityLabels {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT,
UNICODE_VIS_TAG, UC1, UC2 };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}

23
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java
View File

@ -28,6 +28,8 @@ import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
import org.apache.hadoop.hbase.security.User;
@ -84,8 +86,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
PrivilegedExceptionAction<VisibilityLabelsResponse> action =
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
@ -98,8 +100,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
// Ideally this should not be allowed. this operation should fail or do nothing.
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
} catch (Throwable e) {
}
return null;
@ -114,8 +116,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
PrivilegedExceptionAction<GetAuthsResponse> action1 =
new PrivilegedExceptionAction<GetAuthsResponse>() {
public GetAuthsResponse run() throws Exception {
try {
return VisibilityClient.getAuths(conf, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.getAuths(conn, "user1");
} catch (Throwable e) {
}
return null;
@ -137,8 +139,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
PrivilegedExceptionAction<VisibilityLabelsResponse> action2 =
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.clearAuths(conn, new String[] {
CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
@ -161,8 +164,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}

10
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java
View File

@ -350,8 +350,8 @@ public class TestVisibilityLabelsReplication {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, UNICODE_VIS_TAG };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}
@ -365,9 +365,9 @@ public class TestVisibilityLabelsReplication {
PrivilegedExceptionAction<VisibilityLabelsResponse> action =
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { SECRET, CONFIDENTIAL, PRIVATE,
TOPSECRET, UNICODE_VIS_TAG }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { SECRET,
CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1");
} catch (Throwable e) {
throw new Exception(e);
}

43
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
View File

@ -115,7 +115,7 @@ public class TestVisibilityLabelsWithACL {
public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable {
String[] auths = { SECRET };
String user = "user2";
VisibilityClient.setAuths(conf, auths, user);
VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
+ "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@ -144,7 +144,9 @@ public class TestVisibilityLabelsWithACL {
public void testScanForSuperUserWithFewerLabelAuths() throws Throwable {
String[] auths = { SECRET };
String user = "admin";
VisibilityClient.setAuths(conf, auths, user);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn, auths, user);
}
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
+ "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@ -168,7 +170,7 @@ public class TestVisibilityLabelsWithACL {
public void testGetForSuperUserWithFewerLabelAuths() throws Throwable {
String[] auths = { SECRET };
String user = "admin";
VisibilityClient.setAuths(conf, auths, user);
VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
+ "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@ -191,8 +193,10 @@ public class TestVisibilityLabelsWithACL {
public void testVisibilityLabelsForUserWithNoAuths() throws Throwable {
String user = "admin";
String[] auths = { SECRET };
VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any.
VisibilityClient.setAuths(conf, auths, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any.
VisibilityClient.setAuths(conn, auths, "user1");
}
TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
final Table table = createTableAndWriteDataWithLabels(tableName, SECRET);
SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
@ -219,8 +223,8 @@ public class TestVisibilityLabelsWithACL {
PrivilegedExceptionAction<VisibilityLabelsResponse> action =
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.addLabels(conf, new String[] { "l1", "l2" });
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" });
} catch (Throwable e) {
}
return null;
@ -234,8 +238,8 @@ public class TestVisibilityLabelsWithACL {
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
@ -249,8 +253,8 @@ public class TestVisibilityLabelsWithACL {
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
@ -262,8 +266,9 @@ public class TestVisibilityLabelsWithACL {
action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.clearAuths(conn, new String[] {
CONFIDENTIAL, PRIVATE }, "user1");
} catch (Throwable e) {
}
return null;
@ -275,16 +280,18 @@ public class TestVisibilityLabelsWithACL {
assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1)
.getException().getName());
response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL,
PRIVATE }, "user1");
assertTrue(response.getResult(0).getException().getValue().isEmpty());
assertTrue(response.getResult(1).getException().getValue().isEmpty());
VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE },
"user3");
PrivilegedExceptionAction<GetAuthsResponse> action1 =
new PrivilegedExceptionAction<GetAuthsResponse>() {
public GetAuthsResponse run() throws Exception {
try {
return VisibilityClient.getAuths(conf, "user3");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.getAuths(conn, "user3");
} catch (Throwable e) {
}
return null;
@ -328,7 +335,7 @@ public class TestVisibilityLabelsWithACL {
private static void addLabels() throws IOException {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
try {
VisibilityClient.addLabels(conf, labels);
VisibilityClient.addLabels(TEST_UTIL.getConnection(), labels);
} catch (Throwable t) {
throw new IOException(t);
}

18
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java
View File

@ -32,6 +32,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
@ -85,8 +87,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" };
VisibilityLabelsResponse response = null;
try {
response = VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.addLabels(conn, labels);
} catch (Throwable e) {
fail("Should not have thrown exception");
}
@ -124,8 +126,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
try {
VisibilityLabelsResponse resp = VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels);
List<RegionActionResult> results = resp.getResultList();
if (results.get(0).hasException()) {
NameBytesPair pair = results.get(0).getException();
@ -172,8 +174,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
new PrivilegedExceptionAction<ListLabelsResponse>() {
public ListLabelsResponse run() throws Exception {
ListLabelsResponse response = null;
try {
response = VisibilityClient.listLabels(conf, null);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.listLabels(conn, null);
} catch (Throwable e) {
fail("Should not have thrown exception");
}
@ -202,8 +204,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
new PrivilegedExceptionAction<ListLabelsResponse>() {
public ListLabelsResponse run() throws Exception {
ListLabelsResponse response = null;
try {
response = VisibilityClient.listLabels(conf, ".*secret");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.listLabels(conn, ".*secret");
} catch (Throwable e) {
fail("Should not have thrown exception");
}

18
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java
View File

@ -1780,8 +1780,8 @@ public class TestVisibilityLabelsWithDeletes {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
SUPERUSER.getShortName());
} catch (Throwable e) {
}
@ -1931,8 +1931,9 @@ public class TestVisibilityLabelsWithDeletes {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
PRIVATE, SECRET },
SUPERUSER.getShortName());
} catch (Throwable e) {
}
@ -2460,8 +2461,9 @@ public class TestVisibilityLabelsWithDeletes {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET,
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
PRIVATE, SECRET,
TOPSECRET }, SUPERUSER.getShortName());
} catch (Throwable e) {
}
@ -2867,8 +2869,8 @@ public class TestVisibilityLabelsWithDeletes {
@Override
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}

6
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java
View File

@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
@ -107,8 +109,8 @@ public class TestVisibilityLabelsWithSLGStack {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}

19
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java
View File

@ -97,10 +97,10 @@ public class TestVisibilityLablesWithGroups {
// Set up for the test
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
// set auth for @testgroup
VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup");
} catch (Throwable t) {
throw new IOException(t);
}
@ -174,8 +174,8 @@ public class TestVisibilityLablesWithGroups {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try {
authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}
@ -267,8 +267,9 @@ public class TestVisibilityLablesWithGroups {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
VisibilityLabelsResponse response = null;
try {
response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
response = VisibilityClient.clearAuths(conn, new String[] {
CONFIDENTIAL }, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}
@ -280,8 +281,8 @@ public class TestVisibilityLablesWithGroups {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
GetAuthsResponse authsResponse = null;
try {
authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
} catch (Throwable e) {
fail("Should not have failed");
}

12
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java
View File

@ -95,8 +95,8 @@ public class TestVisibilityWithCheckAuths {
@Override
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { TOPSECRET };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}
@ -112,8 +112,8 @@ public class TestVisibilityWithCheckAuths {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
USER.getShortName());
} catch (Throwable e) {
}
@ -158,8 +158,8 @@ public class TestVisibilityWithCheckAuths {
new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
@Override
public VisibilityLabelsResponse run() throws Exception {
try {
return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
try (Connection conn = ConnectionFactory.createConnection(conf)) {
return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
USER.getShortName());
} catch (Throwable e) {
}

27
hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java
View File

@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
@ -66,10 +68,11 @@ public class TestWithDisabledAuthorization {
private static User SUPERUSER;
private static User USER_RW;
private static Configuration conf;
@BeforeClass
public static void setUpBeforeClass() throws Exception {
Configuration conf = TEST_UTIL.getConfiguration();
conf = TEST_UTIL.getConfiguration();
// Set up superuser
SecureTestUtil.configureSuperuser(conf);
@ -92,10 +95,10 @@ public class TestWithDisabledAuthorization {
// Define test labels
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.addLabels(TEST_UTIL.getConfiguration(),
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn,
new String[] { SECRET, CONFIDENTIAL, PRIVATE });
VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
VisibilityClient.setAuths(conn,
new String[] { SECRET, CONFIDENTIAL },
USER_RW.getShortName());
} catch (Throwable t) {
@ -117,8 +120,8 @@ public class TestWithDisabledAuthorization {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.setAuths(conn,
new String[] { SECRET, CONFIDENTIAL },
USER_RW.getShortName());
} catch (Throwable t) {
@ -132,8 +135,8 @@ public class TestWithDisabledAuthorization {
new PrivilegedExceptionAction<List<String>>() {
public List<String> run() throws Exception {
GetAuthsResponse authsResponse = null;
try {
authsResponse = VisibilityClient.getAuths(TEST_UTIL.getConfiguration(),
try (Connection conn = ConnectionFactory.createConnection(conf)) {
authsResponse = VisibilityClient.getAuths(conn,
USER_RW.getShortName());
} catch (Throwable t) {
fail("Should not have failed");
@ -153,8 +156,8 @@ public class TestWithDisabledAuthorization {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.clearAuths(conn,
new String[] { SECRET },
USER_RW.getShortName());
} catch (Throwable t) {
@ -170,8 +173,8 @@ public class TestWithDisabledAuthorization {
SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
try {
VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.clearAuths(conn,
new String[] { CONFIDENTIAL },
USER_RW.getShortName());
} catch (Throwable t) {

8
hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
View File

@ -39,6 +39,8 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
import org.apache.hadoop.hbase.security.User;
@ -153,8 +155,8 @@ private static void createLabels() throws IOException, InterruptedException {
PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
public VisibilityLabelsResponse run() throws Exception {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
try {
VisibilityClient.addLabels(conf, labels);
try (Connection conn = ConnectionFactory.createConnection(conf)) {
VisibilityClient.addLabels(conn, labels);
} catch (Throwable t) {
throw new IOException(t);
}
@ -167,7 +169,7 @@ private static void createLabels() throws IOException, InterruptedException {
private static void setAuths() throws IOException {
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
try {
VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName());
} catch (Throwable t) {
throw new IOException(t);
}