View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase;
19  
20  import java.util.ArrayList;
21  import java.util.Arrays;
22  import java.util.List;
23  
24  import org.apache.commons.cli.CommandLine;
25  import org.apache.commons.lang.StringUtils;
26  import org.apache.hadoop.conf.Configuration;
27  import org.apache.hadoop.hbase.io.hfile.HFile;
28  import org.apache.hadoop.hbase.security.User;
29  import org.apache.hadoop.hbase.security.access.AccessController;
30  import org.apache.hadoop.hbase.security.access.SecureTestUtil;
31  import org.apache.hadoop.hbase.util.LoadTestTool;
32  import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
33  import org.apache.hadoop.util.ToolRunner;
34  import org.junit.experimental.categories.Category;
35  /**
36   * /**
37   * An Integration class for tests that does something with the cluster while running
38   * {@link LoadTestTool} to write and verify some data.
39   * Verifies whether cells for users with only WRITE permissions are not read back
40   * and cells with READ permissions are read back. 
41   * Every operation happens in the user's specific context
42   */
43  @Category(IntegrationTests.class)
44  public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
45  
46    private static final char COLON = ':';
47    public static final char HYPHEN = '-';
48    private static final int SPECIAL_PERM_CELL_INSERTION_FACTOR = 100;
49    public static final String OPT_SUPERUSER = "superuser";
50    public static final String OPT_USERS = "userlist";
51    public static final String OPT_AUTHN = "authinfo";
52    private String superUser = "owner";
53    private String userNames = "user1,user2,user3,user4"; 
54    private String authnFileName;
55    @Override
56    public void setUpCluster() throws Exception {
57      util = getTestingUtil(null);
58      Configuration conf = util.getConfiguration();
59      conf.setInt(HFile.FORMAT_VERSION_KEY, 3);
60      conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
61      conf.set("hbase.coprocessor.region.classes", AccessController.class.getName());
62      SecureTestUtil.enableSecurity(conf);
63      super.setUpCluster();
64    }
65  
66    @Override
67    protected String[] getArgsForLoadTestTool(String mode, String modeSpecificArg, long startKey,
68        long numKeys) {
69      String[] args = super.getArgsForLoadTestTool(mode, modeSpecificArg, startKey, numKeys);
70      List<String> tmp = new ArrayList<String>(Arrays.asList(args));
71      tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
72      StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
73      sb.append(COLON);
74      if (User.isHBaseSecurityEnabled(getConf())) {
75        sb.append(authnFileName);
76        sb.append(COLON);
77      }
78      sb.append(superUser);
79      sb.append(COLON);
80      sb.append(userNames);
81      sb.append(COLON);
82      sb.append(Integer.toString(SPECIAL_PERM_CELL_INSERTION_FACTOR));
83      tmp.add(sb.toString());
84      return tmp.toArray(new String[tmp.size()]);
85    }
86    @Override
87    protected void addOptions() {
88      super.addOptions();
89      super.addOptWithArg(OPT_SUPERUSER,
90          "Super user name used to add the ACL permissions");
91      super.addOptWithArg(OPT_USERS,
92        "List of users to be added with the ACLs.  Should be comma seperated.");
93      super
94          .addOptWithArg(
95            OPT_AUTHN,
96            "The name of the properties file that contains kerberos key tab file and principal definitions. " +
97            "The principal key in the file should be of the form hbase.<username>.kerberos.principal." +
98            " The keytab key in the file should be of the form hbase.<username>.keytab.file. Example:  " +
99            "hbase.user1.kerberos.principal=user1/fully.qualified.domain.name@YOUR-REALM.COM, " +
100           "hbase.user1.keytab.file=<filelocation>.");
101   }
102 
103   @Override
104   protected void processOptions(CommandLine cmd) {
105     super.processOptions(cmd);
106     if (cmd.hasOption(OPT_SUPERUSER)) {
107       superUser = cmd.getOptionValue(OPT_SUPERUSER);
108     }
109     if (cmd.hasOption(OPT_USERS)) {
110       userNames = cmd.getOptionValue(OPT_USERS);
111     }
112     if (User.isHBaseSecurityEnabled(getConf())) {
113       boolean authFileNotFound = false;
114       if (cmd.hasOption(OPT_AUTHN)) {
115         authnFileName = cmd.getOptionValue(OPT_AUTHN);
116         if (StringUtils.isEmpty(authnFileName)) {
117           authFileNotFound = true;
118         }
119       } else {
120         authFileNotFound = true;
121       }
122       if (authFileNotFound) {
123         super.printUsage();
124         System.exit(EXIT_FAILURE);
125       }
126     }
127   }
128 
129   public static void main(String[] args) throws Exception {
130     Configuration conf = HBaseConfiguration.create();
131     IntegrationTestingUtility.setUseDistributedCluster(conf);
132     int ret = ToolRunner.run(conf, new IntegrationTestIngestWithACL(), args);
133     System.exit(ret);
134   }
135 }