HBASE-13358 - Update VisibilityClient to accept Connection objects.

Signed-off-by: Srikanth Srungarapu <ssrungarapu@cloudera.com>

hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java

@@ -57,29 +57,27 @@ public class VisibilityClient {
   /**
    * Utility method for adding label to the system.
    *
-   * @param conf
+   * @param connection
    * @param label
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse addLabel(Configuration conf, final String label)
+  public static VisibilityLabelsResponse addLabel(Connection connection, final String label)
       throws Throwable {
-    return addLabels(conf, new String[] { label });
+    return addLabels(connection, new String[] { label });
   }
 
   /**
    * Utility method for adding labels to the system.
    *
-   * @param conf
+   * @param connection
    * @param labels
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels)
+  public static VisibilityLabelsResponse addLabels(Connection connection, final String[] labels)
       throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
       Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable =
           new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
@@ -112,31 +110,28 @@ public class VisibilityClient {
       // table and so one entry in result Map.
     }
   }
-  }
 
   /**
    * Sets given labels globally authorized for the user.
-   * @param conf
+   * @param connection
    * @param auths
    * @param user
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse setAuths(Configuration conf, final String[] auths,
+  public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths,
       final String user) throws Throwable {
-    return setOrClearAuths(conf, auths, user, true);
+    return setOrClearAuths(connection, auths, user, true);
   }
 
   /**
-   * @param conf
+   * @param connection the Connection instance to use.
    * @param user
    * @return labels, the given user is globally authorized for.
    * @throws Throwable
    */
-  public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable {
+  public static GetAuthsResponse getAuths(Connection connection, final String user)
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+      throws Throwable {
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
       try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
         Batch.Call<VisibilityLabelsService, GetAuthsResponse> callable = 
             new Batch.Call<VisibilityLabelsService, GetAuthsResponse>() {
@@ -162,21 +157,18 @@ public class VisibilityClient {
         // table and so one entry in result Map.
       }
   }
-  }
 
   /**
    * Retrieve the list of visibility labels defined in the system.
-   * @param conf
+   * @param connection The Connection instance to use.
    * @param regex  The regular expression to filter which labels are returned.
    * @return labels The list of visibility labels defined in the system.
    * @throws Throwable
    */
-  public static ListLabelsResponse listLabels(Configuration conf, final String regex)
+  public static ListLabelsResponse listLabels(Connection connection, final String regex)
       throws Throwable {
-    Connection connection = null;
     Table table = null;
     try {
-      connection = ConnectionFactory.createConnection(conf);
       table = connection.getTable(LABELS_TABLE_NAME);
       Batch.Call<VisibilityLabelsService, ListLabelsResponse> callable =
           new Batch.Call<VisibilityLabelsService, ListLabelsResponse>() {
@@ -217,22 +209,21 @@ public class VisibilityClient {
 
   /**
    * Removes given labels from user's globally authorized list of labels.
-   * @param conf
+   * @param connection
    * @param auths
    * @param user
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse clearAuths(Configuration conf, final String[] auths,
+  public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths,
       final String user) throws Throwable {
-    return setOrClearAuths(conf, auths, user, false);
+    return setOrClearAuths(connection, auths, user, false);
   }
 
-  private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths,
+  private static VisibilityLabelsResponse setOrClearAuths(Connection connection,
-      final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable {
+      final String[] auths, final String user, final boolean setOrClear)
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+          throws IOException, ServiceException, Throwable {
-    // setup each time.  This class only used in test and shell at moment though.
+
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
       try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
         Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = 
             new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
@@ -268,4 +259,3 @@ public class VisibilityClient {
       }
   }
 }
-}

hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java

@@ -115,8 +115,8 @@ public class IntegrationTestIngestWithVisibilityLabels extends IntegrationTestIn
   
   private void addLabels() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), LABELS);
+      VisibilityClient.addLabels(util.getConnection(), LABELS);
-      VisibilityClient.setAuths(util.getConfiguration(), LABELS, User.getCurrent().getName());
+      VisibilityClient.setAuths(util.getConnection(), LABELS, User.getCurrent().getName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java

@@ -385,8 +385,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
 
   private void addLabels() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), labels.split(COMMA));
+      VisibilityClient.addLabels(util.getConnection(), labels.split(COMMA));
-      VisibilityClient.setAuths(util.getConfiguration(), labels.split(COMMA), USER.getName());
+      VisibilityClient.setAuths(util.getConnection(), labels.split(COMMA), USER.getName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java

@@ -141,10 +141,10 @@ public class IntegrationTestWithCellVisibilityLoadAndVerify extends IntegrationT
 
   private void addLabelsAndAuths() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), LABELS);
+      VisibilityClient.addLabels(util.getConnection(), LABELS);
-      VisibilityClient.setAuths(util.getConfiguration(), new String[] { CONFIDENTIAL, TOPSECRET,
+      VisibilityClient.setAuths(util.getConnection(), new String[] { CONFIDENTIAL, TOPSECRET,
           SECRET, PRIVATE }, USER1.getName());
-      VisibilityClient.setAuths(util.getConfiguration(), new String[] { PUBLIC },
+      VisibilityClient.setAuths(util.getConnection(), new String[] { PUBLIC },
           USER2.getName());
     } catch (Throwable t) {
       throw new IOException(t);

hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java

@@ -24,6 +24,8 @@ import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.KeyValue;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Table;
@@ -165,8 +167,8 @@ public class TestScannersWithLabels {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -177,8 +179,8 @@ public class TestScannersWithLabels {
   }
   private static void setAuths() throws Exception {
     String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-    try {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
-      VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
+      VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java

@@ -45,6 +45,8 @@ import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.apache.hadoop.hbase.testclassification.MapReduceTests;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HTable;
@@ -131,8 +133,8 @@ public class TestImportTSVWithVisibilityLabels implements Configurable {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
           LOG.info("Added labels ");
         } catch (Throwable t) {
           LOG.error("Error in adding labels" , t);

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java

@@ -86,9 +86,9 @@ public class TestDefaultScanLabelGeneratorStack {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java

@@ -84,9 +84,9 @@ public class TestEnforcingScanLabelGenerator {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java

@@ -413,8 +413,8 @@ public abstract class TestVisibilityLabels {
     PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         String[] auths = { SECRET, CONFIDENTIAL };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(conf, auths, user);
+          VisibilityClient.setAuths(conn, auths, user);
         } catch (Throwable e) {
         }
         return null;
@@ -439,8 +439,8 @@ public abstract class TestVisibilityLabels {
     action = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, user);
+          authsResponse = VisibilityClient.getAuths(conn, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -461,10 +461,10 @@ public abstract class TestVisibilityLabels {
       public Void run() throws Exception {
         String[] auths1 = { SECRET, CONFIDENTIAL };
         GetAuthsResponse authsResponse = null;
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
+          VisibilityClient.setAuths(conn, auths1, user);
           try {
-          VisibilityClient.setAuths(conf, auths1, user);
+            authsResponse = VisibilityClient.getAuths(conn, user);
-          try {
-            authsResponse = VisibilityClient.getAuths(conf, user);
           } catch (Throwable e) {
             fail("Should not have failed");
           }
@@ -502,8 +502,8 @@ public abstract class TestVisibilityLabels {
       public Void run() throws Exception {
         String[] auths = { SECRET, CONFIDENTIAL, PRIVATE };
         String user = "testUser";
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(conf, auths, user);
+          VisibilityClient.setAuths(conn, auths, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -511,8 +511,8 @@ public abstract class TestVisibilityLabels {
         // Passing a non existing auth also.
         auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL };
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.clearAuths(conf, auths, user);
+          response = VisibilityClient.clearAuths(conn, auths, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -540,8 +540,8 @@ public abstract class TestVisibilityLabels {
         }
 
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, user);
+          authsResponse = VisibilityClient.getAuths(conn, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -826,8 +826,8 @@ public abstract class TestVisibilityLabels {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT,
             UNICODE_VIS_TAG, UC1, UC2 };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java

@@ -28,6 +28,8 @@ import java.util.List;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -84,8 +86,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action =
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -98,8 +100,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     // Ideally this should not be allowed.  this operation should fail or do nothing.
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
         } catch (Throwable e) {
         }
         return null;
@@ -114,8 +116,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<GetAuthsResponse> action1 =
         new PrivilegedExceptionAction<GetAuthsResponse>() {
       public GetAuthsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.getAuths(conf, "user1");
+          return VisibilityClient.getAuths(conn, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -137,8 +139,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action2 = 
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.clearAuths(conn, new String[] {
+              CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -161,8 +164,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java

@@ -350,8 +350,8 @@ public class TestVisibilityLabelsReplication {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, UNICODE_VIS_TAG };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -365,9 +365,9 @@ public class TestVisibilityLabelsReplication {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action =
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { SECRET, CONFIDENTIAL, PRIVATE,
+          return VisibilityClient.setAuths(conn, new String[] { SECRET,
-              TOPSECRET, UNICODE_VIS_TAG }, "user1");
+            CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1");
         } catch (Throwable e) {
           throw new Exception(e);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java

@@ -115,7 +115,7 @@ public class TestVisibilityLabelsWithACL {
   public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable {
     String[] auths = { SECRET };
     String user = "user2";
-    VisibilityClient.setAuths(conf, auths, user);
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -144,7 +144,9 @@ public class TestVisibilityLabelsWithACL {
   public void testScanForSuperUserWithFewerLabelAuths() throws Throwable {
     String[] auths = { SECRET };
     String user = "admin";
-    VisibilityClient.setAuths(conf, auths, user);
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      VisibilityClient.setAuths(conn, auths, user);
+    }
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -168,7 +170,7 @@ public class TestVisibilityLabelsWithACL {
   public void testGetForSuperUserWithFewerLabelAuths() throws Throwable {
     String[] auths = { SECRET };
     String user = "admin";
-    VisibilityClient.setAuths(conf, auths, user);
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -191,8 +193,10 @@ public class TestVisibilityLabelsWithACL {
   public void testVisibilityLabelsForUserWithNoAuths() throws Throwable {
     String user = "admin";
     String[] auths = { SECRET };
-    VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any.
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
-    VisibilityClient.setAuths(conf, auths, "user1");
+      VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any.
+      VisibilityClient.setAuths(conn, auths, "user1");
+    }
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET);
     SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
@@ -219,8 +223,8 @@ public class TestVisibilityLabelsWithACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action = 
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.addLabels(conf, new String[] { "l1", "l2" });
+          return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" });
         } catch (Throwable e) {
         }
         return null;
@@ -234,8 +238,8 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -249,8 +253,8 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -262,8 +266,9 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.clearAuths(conn, new String[] {
+              CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -275,16 +280,18 @@ public class TestVisibilityLabelsWithACL {
     assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1)
         .getException().getName());
 
-    response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+    response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL,
+      PRIVATE }, "user1");
     assertTrue(response.getResult(0).getException().getValue().isEmpty());
     assertTrue(response.getResult(1).getException().getValue().isEmpty());
 
-    VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE },
+      "user3");
     PrivilegedExceptionAction<GetAuthsResponse> action1 = 
         new PrivilegedExceptionAction<GetAuthsResponse>() {
       public GetAuthsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.getAuths(conf, "user3");
+          return VisibilityClient.getAuths(conn, "user3");
         } catch (Throwable e) {
         }
         return null;
@@ -328,7 +335,7 @@ public class TestVisibilityLabelsWithACL {
   private static void addLabels() throws IOException {
     String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
     try {
-      VisibilityClient.addLabels(conf, labels);
+      VisibilityClient.addLabels(TEST_UTIL.getConnection(), labels);
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java

@@ -32,6 +32,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
@@ -85,8 +87,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" };
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.addLabels(conf, labels);
+          response = VisibilityClient.addLabels(conn, labels);
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }
@@ -124,8 +126,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
           new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
         public VisibilityLabelsResponse run() throws Exception {
           String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
-          try {
+          try (Connection conn = ConnectionFactory.createConnection(conf)) {
-            VisibilityLabelsResponse resp = VisibilityClient.addLabels(conf, labels);
+            VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels);
             List<RegionActionResult> results = resp.getResultList();
             if (results.get(0).hasException()) {
               NameBytesPair pair = results.get(0).getException();
@@ -172,8 +174,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
         new PrivilegedExceptionAction<ListLabelsResponse>() {
       public ListLabelsResponse run() throws Exception {
         ListLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.listLabels(conf, null);
+          response = VisibilityClient.listLabels(conn, null);
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }
@@ -202,8 +204,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
         new PrivilegedExceptionAction<ListLabelsResponse>() {
       public ListLabelsResponse run() throws Exception {
         ListLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.listLabels(conf, ".*secret");
+          response = VisibilityClient.listLabels(conn, ".*secret");
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java

@@ -1780,8 +1780,8 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
               SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -1931,8 +1931,9 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
+            PRIVATE, SECRET },
               SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -2460,8 +2461,9 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET,
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
+            PRIVATE, SECRET,
               TOPSECRET }, SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -2867,8 +2869,8 @@ public class TestVisibilityLabelsWithDeletes {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java

@@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
@@ -107,8 +109,8 @@ public class TestVisibilityLabelsWithSLGStack {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java

@@ -97,10 +97,10 @@ public class TestVisibilityLablesWithGroups {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
           // set auth for @testgroup
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup");
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -174,8 +174,8 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
+          authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -267,8 +267,9 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
+          response = VisibilityClient.clearAuths(conn, new String[] {
+            CONFIDENTIAL }, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -280,8 +281,8 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
+          authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java

@@ -95,8 +95,8 @@ public class TestVisibilityWithCheckAuths {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { TOPSECRET };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -112,8 +112,8 @@ public class TestVisibilityWithCheckAuths {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
+          return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
               USER.getShortName());
         } catch (Throwable e) {
         }
@@ -158,8 +158,8 @@ public class TestVisibilityWithCheckAuths {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
+          return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
               USER.getShortName());
         } catch (Throwable e) {
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java

@@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
@@ -66,10 +68,11 @@ public class TestWithDisabledAuthorization {
 
   private static User SUPERUSER;
   private static User USER_RW;
+  private static Configuration conf;
 
   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
-    Configuration conf = TEST_UTIL.getConfiguration();
+    conf = TEST_UTIL.getConfiguration();
 
     // Set up superuser
     SecureTestUtil.configureSuperuser(conf);
@@ -92,10 +95,10 @@ public class TestWithDisabledAuthorization {
     // Define test labels
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(TEST_UTIL.getConfiguration(),
+          VisibilityClient.addLabels(conn,
             new String[] { SECRET, CONFIDENTIAL, PRIVATE });
-          VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.setAuths(conn,
             new String[] { SECRET, CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -117,8 +120,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.setAuths(conn,
             new String[] { SECRET, CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -132,8 +135,8 @@ public class TestWithDisabledAuthorization {
       new PrivilegedExceptionAction<List<String>>() {
         public List<String> run() throws Exception {
           GetAuthsResponse authsResponse = null;
-          try {
+          try (Connection conn = ConnectionFactory.createConnection(conf)) {
-            authsResponse = VisibilityClient.getAuths(TEST_UTIL.getConfiguration(),
+            authsResponse = VisibilityClient.getAuths(conn,
               USER_RW.getShortName());
           } catch (Throwable t) {
             fail("Should not have failed");
@@ -153,8 +156,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.clearAuths(conn,
             new String[] { SECRET },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -170,8 +173,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.clearAuths(conn,
             new String[] { CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {

hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java

@@ -39,6 +39,8 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -153,8 +155,8 @@ private static void createLabels() throws IOException, InterruptedException {
   PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
     public VisibilityLabelsResponse run() throws Exception {
       String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-      try {
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
-        VisibilityClient.addLabels(conf, labels);
+        VisibilityClient.addLabels(conn, labels);
       } catch (Throwable t) {
         throw new IOException(t);
       }
@@ -167,7 +169,7 @@ private static void createLabels() throws IOException, InterruptedException {
 private static void setAuths() throws IOException {
   String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
   try {
-    VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
+    VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName());
   } catch (Throwable t) {
     throw new IOException(t);
   }