HBASE-13358 - Update VisibilityClient to accept Connection objects.

Signed-off-by: Srikanth Srungarapu <ssrungarapu@cloudera.com>

hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java

@@ -57,86 +57,81 @@ public class VisibilityClient {
   /**
    * Utility method for adding label to the system.
    *
-   * @param conf
+   * @param connection
    * @param label
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse addLabel(Configuration conf, final String label)
+  public static VisibilityLabelsResponse addLabel(Connection connection, final String label)
       throws Throwable {
-    return addLabels(conf, new String[] { label });
+    return addLabels(connection, new String[] { label });
   }
 
   /**
    * Utility method for adding labels to the system.
    *
-   * @param conf
+   * @param connection
    * @param labels
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels)
+  public static VisibilityLabelsResponse addLabels(Connection connection, final String[] labels)
       throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
-        Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = 
-            new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
-          ServerRpcController controller = new ServerRpcController();
-          BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback = 
-              new BlockingRpcCallback<VisibilityLabelsResponse>();
 
-          public VisibilityLabelsResponse call(VisibilityLabelsService service)
+    try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
-          throws IOException {
+      Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable =
-            VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder();
+          new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
-            for (String label : labels) {
+            ServerRpcController controller = new ServerRpcController();
-              if (label.length() > 0) {
+            BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback =
-                VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder();
+                new BlockingRpcCallback<VisibilityLabelsResponse>();
-                newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label)));
+
-                builder.addVisLabel(newBuilder.build());
+            public VisibilityLabelsResponse call(VisibilityLabelsService service)
+                throws IOException {
+              VisibilityLabelsRequest.Builder builder = VisibilityLabelsRequest.newBuilder();
+              for (String label : labels) {
+                if (label.length() > 0) {
+                  VisibilityLabel.Builder newBuilder = VisibilityLabel.newBuilder();
+                  newBuilder.setLabel(ByteStringer.wrap(Bytes.toBytes(label)));
+                  builder.addVisLabel(newBuilder.build());
+                }
               }
+              service.addLabels(controller, builder.build(), rpcCallback);
+              VisibilityLabelsResponse response = rpcCallback.get();
+              if (controller.failedOnException()) {
+                throw controller.getFailedOn();
+              }
+              return response;
             }
-            service.addLabels(controller, builder.build(), rpcCallback);
+          };
-            VisibilityLabelsResponse response = rpcCallback.get();
+      Map<byte[], VisibilityLabelsResponse> result =
-            if (controller.failedOnException()) {
-              throw controller.getFailedOn();
-            }
-            return response;
-          }
-        };
-        Map<byte[], VisibilityLabelsResponse> result =
           table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY,
             HConstants.EMPTY_BYTE_ARRAY, callable);
-        return result.values().iterator().next(); // There will be exactly one region for labels
+      return result.values().iterator().next(); // There will be exactly one region for labels
-        // table and so one entry in result Map.
+      // table and so one entry in result Map.
-      }
     }
   }
 
   /**
    * Sets given labels globally authorized for the user.
-   * @param conf
+   * @param connection
    * @param auths
    * @param user
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse setAuths(Configuration conf, final String[] auths,
+  public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths,
       final String user) throws Throwable {
-    return setOrClearAuths(conf, auths, user, true);
+    return setOrClearAuths(connection, auths, user, true);
   }
 
   /**
-   * @param conf
+   * @param connection the Connection instance to use.
    * @param user
    * @return labels, the given user is globally authorized for.
    * @throws Throwable
    */
-  public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable {
+  public static GetAuthsResponse getAuths(Connection connection, final String user)
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+      throws Throwable {
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
       try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
         Batch.Call<VisibilityLabelsService, GetAuthsResponse> callable = 
             new Batch.Call<VisibilityLabelsService, GetAuthsResponse>() {
@@ -161,44 +156,41 @@ public class VisibilityClient {
         return result.values().iterator().next(); // There will be exactly one region for labels
         // table and so one entry in result Map.
       }
-    }
   }
 
   /**
    * Retrieve the list of visibility labels defined in the system.
-   * @param conf
+   * @param connection The Connection instance to use.
    * @param regex  The regular expression to filter which labels are returned.
    * @return labels The list of visibility labels defined in the system.
    * @throws Throwable
    */
-  public static ListLabelsResponse listLabels(Configuration conf, final String regex)
+  public static ListLabelsResponse listLabels(Connection connection, final String regex)
       throws Throwable {
-    Connection connection = null;
     Table table = null;
     try {
-      connection = ConnectionFactory.createConnection(conf);
       table = connection.getTable(LABELS_TABLE_NAME);
       Batch.Call<VisibilityLabelsService, ListLabelsResponse> callable =
           new Batch.Call<VisibilityLabelsService, ListLabelsResponse>() {
-        ServerRpcController controller = new ServerRpcController();
+            ServerRpcController controller = new ServerRpcController();
-        BlockingRpcCallback<ListLabelsResponse> rpcCallback =
+            BlockingRpcCallback<ListLabelsResponse> rpcCallback =
-            new BlockingRpcCallback<ListLabelsResponse>();
+                new BlockingRpcCallback<ListLabelsResponse>();
 
-        public ListLabelsResponse call(VisibilityLabelsService service) throws IOException {
+            public ListLabelsResponse call(VisibilityLabelsService service) throws IOException {
-          ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder();
+              ListLabelsRequest.Builder listAuthLabelsReqBuilder = ListLabelsRequest.newBuilder();
-          if (regex != null) {
+              if (regex != null) {
-            // Compile the regex here to catch any regex exception earlier.
+                // Compile the regex here to catch any regex exception earlier.
-            Pattern pattern = Pattern.compile(regex);
+                Pattern pattern = Pattern.compile(regex);
-            listAuthLabelsReqBuilder.setRegex(pattern.toString());
+                listAuthLabelsReqBuilder.setRegex(pattern.toString());
-          }
+              }
-          service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback);
+              service.listLabels(controller, listAuthLabelsReqBuilder.build(), rpcCallback);
-          ListLabelsResponse response = rpcCallback.get();
+              ListLabelsResponse response = rpcCallback.get();
-          if (controller.failedOnException()) {
+              if (controller.failedOnException()) {
-            throw controller.getFailedOn();
+                throw controller.getFailedOn();
-          }
+              }
-          return response;
+              return response;
-        }
+            }
-      };
+          };
       Map<byte[], ListLabelsResponse> result =
           table.coprocessorService(VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY,
             HConstants.EMPTY_BYTE_ARRAY, callable);
@@ -217,22 +209,21 @@ public class VisibilityClient {
 
   /**
    * Removes given labels from user's globally authorized list of labels.
-   * @param conf
+   * @param connection
    * @param auths
    * @param user
    * @return VisibilityLabelsResponse
    * @throws Throwable
    */
-  public static VisibilityLabelsResponse clearAuths(Configuration conf, final String[] auths,
+  public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths,
       final String user) throws Throwable {
-    return setOrClearAuths(conf, auths, user, false);
+    return setOrClearAuths(connection, auths, user, false);
   }
 
-  private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths,
+  private static VisibilityLabelsResponse setOrClearAuths(Connection connection,
-      final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable {
+      final String[] auths, final String user, final boolean setOrClear)
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+          throws IOException, ServiceException, Throwable {
-    // setup each time.  This class only used in test and shell at moment though.
+
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
       try (Table table = connection.getTable(LABELS_TABLE_NAME)) {
         Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = 
             new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() {
@@ -266,6 +257,5 @@ public class VisibilityClient {
         return result.values().iterator().next(); // There will be exactly one region for labels
         // table and so one entry in result Map.
       }
-    }
   }
 }

hbase-it/src/test/java/org/apache/hadoop/hbase/IntegrationTestIngestWithVisibilityLabels.java

@@ -115,8 +115,8 @@ public class IntegrationTestIngestWithVisibilityLabels extends IntegrationTestIn
   
   private void addLabels() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), LABELS);
+      VisibilityClient.addLabels(util.getConnection(), LABELS);
-      VisibilityClient.setAuths(util.getConfiguration(), LABELS, User.getCurrent().getName());
+      VisibilityClient.setAuths(util.getConnection(), LABELS, User.getCurrent().getName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java

@@ -385,8 +385,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
 
   private void addLabels() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), labels.split(COMMA));
+      VisibilityClient.addLabels(util.getConnection(), labels.split(COMMA));
-      VisibilityClient.setAuths(util.getConfiguration(), labels.split(COMMA), USER.getName());
+      VisibilityClient.setAuths(util.getConnection(), labels.split(COMMA), USER.getName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java

@@ -141,10 +141,10 @@ public class IntegrationTestWithCellVisibilityLoadAndVerify extends IntegrationT
 
   private void addLabelsAndAuths() throws Exception {
     try {
-      VisibilityClient.addLabels(util.getConfiguration(), LABELS);
+      VisibilityClient.addLabels(util.getConnection(), LABELS);
-      VisibilityClient.setAuths(util.getConfiguration(), new String[] { CONFIDENTIAL, TOPSECRET,
+      VisibilityClient.setAuths(util.getConnection(), new String[] { CONFIDENTIAL, TOPSECRET,
           SECRET, PRIVATE }, USER1.getName());
-      VisibilityClient.setAuths(util.getConfiguration(), new String[] { PUBLIC },
+      VisibilityClient.setAuths(util.getConnection(), new String[] { PUBLIC },
           USER2.getName());
     } catch (Throwable t) {
       throw new IOException(t);

hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/TestScannersWithLabels.java

@@ -24,6 +24,8 @@ import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.KeyValue;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Table;
@@ -165,8 +167,8 @@ public class TestScannersWithLabels {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -177,8 +179,8 @@ public class TestScannersWithLabels {
   }
   private static void setAuths() throws Exception {
     String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-    try {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
-      VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
+      VisibilityClient.setAuths(conn, labels, User.getCurrent().getShortName());
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestImportTSVWithVisibilityLabels.java

@@ -45,6 +45,8 @@ import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.apache.hadoop.hbase.testclassification.MapReduceTests;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HTable;
@@ -131,8 +133,8 @@ public class TestImportTSVWithVisibilityLabels implements Configurable {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
           LOG.info("Added labels ");
         } catch (Throwable t) {
           LOG.error("Error in adding labels" , t);

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestDefaultScanLabelGeneratorStack.java

@@ -86,9 +86,9 @@ public class TestDefaultScanLabelGeneratorStack {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, TESTUSER.getShortName());
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestEnforcingScanLabelGenerator.java

@@ -84,9 +84,9 @@ public class TestEnforcingScanLabelGenerator {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName());
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java

@@ -413,8 +413,8 @@ public abstract class TestVisibilityLabels {
     PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         String[] auths = { SECRET, CONFIDENTIAL };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(conf, auths, user);
+          VisibilityClient.setAuths(conn, auths, user);
         } catch (Throwable e) {
         }
         return null;
@@ -439,8 +439,8 @@ public abstract class TestVisibilityLabels {
     action = new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, user);
+          authsResponse = VisibilityClient.getAuths(conn, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -461,10 +461,10 @@ public abstract class TestVisibilityLabels {
       public Void run() throws Exception {
         String[] auths1 = { SECRET, CONFIDENTIAL };
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(conf, auths1, user);
+          VisibilityClient.setAuths(conn, auths1, user);
           try {
-            authsResponse = VisibilityClient.getAuths(conf, user);
+            authsResponse = VisibilityClient.getAuths(conn, user);
           } catch (Throwable e) {
             fail("Should not have failed");
           }
@@ -502,8 +502,8 @@ public abstract class TestVisibilityLabels {
       public Void run() throws Exception {
         String[] auths = { SECRET, CONFIDENTIAL, PRIVATE };
         String user = "testUser";
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(conf, auths, user);
+          VisibilityClient.setAuths(conn, auths, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -511,8 +511,8 @@ public abstract class TestVisibilityLabels {
         // Passing a non existing auth also.
         auths = new String[] { SECRET, PUBLIC, CONFIDENTIAL };
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.clearAuths(conf, auths, user);
+          response = VisibilityClient.clearAuths(conn, auths, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -540,8 +540,8 @@ public abstract class TestVisibilityLabels {
         }
 
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, user);
+          authsResponse = VisibilityClient.getAuths(conn, user);
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -826,8 +826,8 @@ public abstract class TestVisibilityLabels {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, COPYRIGHT, ACCENT,
             UNICODE_VIS_TAG, UC1, UC2 };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java

@@ -28,6 +28,8 @@ import java.util.List;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -84,8 +86,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action =
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -98,8 +100,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     // Ideally this should not be allowed.  this operation should fail or do nothing.
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
         } catch (Throwable e) {
         }
         return null;
@@ -114,8 +116,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<GetAuthsResponse> action1 =
         new PrivilegedExceptionAction<GetAuthsResponse>() {
       public GetAuthsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.getAuths(conf, "user1");
+          return VisibilityClient.getAuths(conn, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -137,8 +139,9 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action2 = 
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.clearAuths(conn, new String[] {
+              CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -161,8 +164,8 @@ public class TestVisibilityLabelsOpWithDifferentUsersNoACL {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsReplication.java

@@ -350,8 +350,8 @@ public class TestVisibilityLabelsReplication {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE, UNICODE_VIS_TAG };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -365,9 +365,9 @@ public class TestVisibilityLabelsReplication {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action =
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { SECRET, CONFIDENTIAL, PRIVATE,
+          return VisibilityClient.setAuths(conn, new String[] { SECRET,
-              TOPSECRET, UNICODE_VIS_TAG }, "user1");
+            CONFIDENTIAL, PRIVATE, TOPSECRET, UNICODE_VIS_TAG }, "user1");
         } catch (Throwable e) {
           throw new Exception(e);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java

@@ -115,7 +115,7 @@ public class TestVisibilityLabelsWithACL {
   public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable {
     String[] auths = { SECRET };
     String user = "user2";
-    VisibilityClient.setAuths(conf, auths, user);
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -144,7 +144,9 @@ public class TestVisibilityLabelsWithACL {
   public void testScanForSuperUserWithFewerLabelAuths() throws Throwable {
     String[] auths = { SECRET };
     String user = "admin";
-    VisibilityClient.setAuths(conf, auths, user);
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      VisibilityClient.setAuths(conn, auths, user);
+    }
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -168,7 +170,7 @@ public class TestVisibilityLabelsWithACL {
   public void testGetForSuperUserWithFewerLabelAuths() throws Throwable {
     String[] auths = { SECRET };
     String user = "admin";
-    VisibilityClient.setAuths(conf, auths, user);
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user);
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
@@ -191,8 +193,10 @@ public class TestVisibilityLabelsWithACL {
   public void testVisibilityLabelsForUserWithNoAuths() throws Throwable {
     String user = "admin";
     String[] auths = { SECRET };
-    VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any.
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
-    VisibilityClient.setAuths(conf, auths, "user1");
+      VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any.
+      VisibilityClient.setAuths(conn, auths, "user1");
+    }
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final Table table = createTableAndWriteDataWithLabels(tableName, SECRET);
     SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
@@ -219,8 +223,8 @@ public class TestVisibilityLabelsWithACL {
     PrivilegedExceptionAction<VisibilityLabelsResponse> action = 
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.addLabels(conf, new String[] { "l1", "l2" });
+          return VisibilityClient.addLabels(conn, new String[] { "l1", "l2" });
         } catch (Throwable e) {
         }
         return null;
@@ -234,8 +238,8 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -249,8 +253,8 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -262,8 +266,9 @@ public class TestVisibilityLabelsWithACL {
 
     action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+          return VisibilityClient.clearAuths(conn, new String[] {
+              CONFIDENTIAL, PRIVATE }, "user1");
         } catch (Throwable e) {
         }
         return null;
@@ -275,16 +280,18 @@ public class TestVisibilityLabelsWithACL {
     assertEquals("org.apache.hadoop.hbase.security.AccessDeniedException", response.getResult(1)
         .getException().getName());
 
-    response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user1");
+    response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL,
+      PRIVATE }, "user1");
     assertTrue(response.getResult(0).getException().getValue().isEmpty());
     assertTrue(response.getResult(1).getException().getValue().isEmpty());
 
-    VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE }, "user3");
+    VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE },
+      "user3");
     PrivilegedExceptionAction<GetAuthsResponse> action1 = 
         new PrivilegedExceptionAction<GetAuthsResponse>() {
       public GetAuthsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.getAuths(conf, "user3");
+          return VisibilityClient.getAuths(conn, "user3");
         } catch (Throwable e) {
         }
         return null;
@@ -328,7 +335,7 @@ public class TestVisibilityLabelsWithACL {
   private static void addLabels() throws IOException {
     String[] labels = { SECRET, CONFIDENTIAL, PRIVATE };
     try {
-      VisibilityClient.addLabels(conf, labels);
+      VisibilityClient.addLabels(TEST_UTIL.getConnection(), labels);
     } catch (Throwable t) {
       throw new IOException(t);
     }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDefaultVisLabelService.java

@@ -32,6 +32,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
@@ -85,8 +87,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { "L1", SECRET, "L2", "invalid~", "L3" };
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.addLabels(conf, labels);
+          response = VisibilityClient.addLabels(conn, labels);
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }
@@ -124,8 +126,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
           new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
         public VisibilityLabelsResponse run() throws Exception {
           String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
-          try {
+          try (Connection conn = ConnectionFactory.createConnection(conf)) {
-            VisibilityLabelsResponse resp = VisibilityClient.addLabels(conf, labels);
+            VisibilityLabelsResponse resp = VisibilityClient.addLabels(conn, labels);
             List<RegionActionResult> results = resp.getResultList();
             if (results.get(0).hasException()) {
               NameBytesPair pair = results.get(0).getException();
@@ -172,8 +174,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
         new PrivilegedExceptionAction<ListLabelsResponse>() {
       public ListLabelsResponse run() throws Exception {
         ListLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.listLabels(conf, null);
+          response = VisibilityClient.listLabels(conn, null);
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }
@@ -202,8 +204,8 @@ public class TestVisibilityLabelsWithDefaultVisLabelService extends TestVisibili
         new PrivilegedExceptionAction<ListLabelsResponse>() {
       public ListLabelsResponse run() throws Exception {
         ListLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.listLabels(conf, ".*secret");
+          response = VisibilityClient.listLabels(conn, ".*secret");
         } catch (Throwable e) {
           fail("Should not have thrown exception");
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java

@@ -1780,8 +1780,8 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
               SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -1931,8 +1931,9 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET },
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
+            PRIVATE, SECRET },
               SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -2460,8 +2461,9 @@ public class TestVisibilityLabelsWithDeletes {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL, PRIVATE, SECRET,
+          return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL,
+            PRIVATE, SECRET,
               TOPSECRET }, SUPERUSER.getShortName());
         } catch (Throwable e) {
         }
@@ -2867,8 +2869,8 @@ public class TestVisibilityLabelsWithDeletes {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, TOPSECRET, CONFIDENTIAL, PUBLIC, PRIVATE };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithSLGStack.java

@@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
@@ -107,8 +109,8 @@ public class TestVisibilityLabelsWithSLGStack {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { SECRET, CONFIDENTIAL };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLablesWithGroups.java

@@ -97,10 +97,10 @@ public class TestVisibilityLablesWithGroups {
     // Set up for the test
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, new String[] { SECRET, CONFIDENTIAL });
+          VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL });
           // set auth for @testgroup
-          VisibilityClient.setAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
+          VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup");
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -174,8 +174,8 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
+          authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -267,8 +267,9 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         VisibilityLabelsResponse response = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          response = VisibilityClient.clearAuths(conf, new String[] { CONFIDENTIAL }, "@testgroup");
+          response = VisibilityClient.clearAuths(conn, new String[] {
+            CONFIDENTIAL }, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }
@@ -280,8 +281,8 @@ public class TestVisibilityLablesWithGroups {
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
         GetAuthsResponse authsResponse = null;
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          authsResponse = VisibilityClient.getAuths(conf, "@testgroup");
+          authsResponse = VisibilityClient.getAuths(conn, "@testgroup");
         } catch (Throwable e) {
           fail("Should not have failed");
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityWithCheckAuths.java

@@ -95,8 +95,8 @@ public class TestVisibilityWithCheckAuths {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
         String[] labels = { TOPSECRET };
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(conf, labels);
+          VisibilityClient.addLabels(conn, labels);
         } catch (Throwable t) {
           throw new IOException(t);
         }
@@ -112,8 +112,8 @@ public class TestVisibilityWithCheckAuths {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
+          return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
               USER.getShortName());
         } catch (Throwable e) {
         }
@@ -158,8 +158,8 @@ public class TestVisibilityWithCheckAuths {
         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
       @Override
       public VisibilityLabelsResponse run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          return VisibilityClient.setAuths(conf, new String[] { TOPSECRET },
+          return VisibilityClient.setAuths(conn, new String[] { TOPSECRET },
               USER.getShortName());
         } catch (Throwable e) {
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestWithDisabledAuthorization.java

@@ -28,6 +28,8 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
@@ -66,10 +68,11 @@ public class TestWithDisabledAuthorization {
 
   private static User SUPERUSER;
   private static User USER_RW;
+  private static Configuration conf;
 
   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
-    Configuration conf = TEST_UTIL.getConfiguration();
+    conf = TEST_UTIL.getConfiguration();
 
     // Set up superuser
     SecureTestUtil.configureSuperuser(conf);
@@ -92,10 +95,10 @@ public class TestWithDisabledAuthorization {
     // Define test labels
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.addLabels(TEST_UTIL.getConfiguration(),
+          VisibilityClient.addLabels(conn,
             new String[] { SECRET, CONFIDENTIAL, PRIVATE });
-          VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.setAuths(conn,
             new String[] { SECRET, CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -117,8 +120,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.setAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.setAuths(conn,
             new String[] { SECRET, CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -132,8 +135,8 @@ public class TestWithDisabledAuthorization {
       new PrivilegedExceptionAction<List<String>>() {
         public List<String> run() throws Exception {
           GetAuthsResponse authsResponse = null;
-          try {
+          try (Connection conn = ConnectionFactory.createConnection(conf)) {
-            authsResponse = VisibilityClient.getAuths(TEST_UTIL.getConfiguration(),
+            authsResponse = VisibilityClient.getAuths(conn,
               USER_RW.getShortName());
           } catch (Throwable t) {
             fail("Should not have failed");
@@ -153,8 +156,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.clearAuths(conn,
             new String[] { SECRET },
             USER_RW.getShortName());
         } catch (Throwable t) {
@@ -170,8 +173,8 @@ public class TestWithDisabledAuthorization {
 
     SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() {
       public Void run() throws Exception {
-        try {
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
-          VisibilityClient.clearAuths(TEST_UTIL.getConfiguration(),
+          VisibilityClient.clearAuths(conn,
             new String[] { CONFIDENTIAL },
             USER_RW.getShortName());
         } catch (Throwable t) {

hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java

@@ -39,6 +39,8 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -153,8 +155,8 @@ private static void createLabels() throws IOException, InterruptedException {
   PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
     public VisibilityLabelsResponse run() throws Exception {
       String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-      try {
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
-        VisibilityClient.addLabels(conf, labels);
+        VisibilityClient.addLabels(conn, labels);
       } catch (Throwable t) {
         throw new IOException(t);
       }
@@ -167,7 +169,7 @@ private static void createLabels() throws IOException, InterruptedException {
 private static void setAuths() throws IOException {
   String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
   try {
-    VisibilityClient.setAuths(conf, labels, User.getCurrent().getShortName());
+    VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName());
   } catch (Throwable t) {
     throw new IOException(t);
   }