1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.access;
20
21 import static org.junit.Assert.assertFalse;
22 import static org.junit.Assert.assertTrue;
23
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.concurrent.atomic.AtomicBoolean;
27
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.apache.hadoop.conf.Configuration;
31 import org.apache.hadoop.hbase.Abortable;
32 import org.apache.hadoop.hbase.TableName;
33 import org.apache.hadoop.hbase.HBaseTestingUtility;
34 import org.apache.hadoop.hbase.LargeTests;
35 import org.apache.hadoop.hbase.Waiter.Predicate;
36 import org.apache.hadoop.hbase.security.User;
37 import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
38 import org.junit.AfterClass;
39 import org.junit.BeforeClass;
40 import org.junit.Test;
41 import org.junit.experimental.categories.Category;
42
43
44
45
46 @Category(LargeTests.class)
47 public class TestZKPermissionsWatcher {
48 private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
49 private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
50 private static TableAuthManager AUTH_A;
51 private static TableAuthManager AUTH_B;
52 private final static Abortable ABORTABLE = new Abortable() {
53 private final AtomicBoolean abort = new AtomicBoolean(false);
54
55 @Override
56 public void abort(String why, Throwable e) {
57 LOG.info(why, e);
58 abort.set(true);
59 }
60
61 @Override
62 public boolean isAborted() {
63 return abort.get();
64 }
65 };
66
67 private static TableName TEST_TABLE =
68 TableName.valueOf("perms_test");
69
70 @BeforeClass
71 public static void beforeClass() throws Exception {
72
73 Configuration conf = UTIL.getConfiguration();
74 SecureTestUtil.enableSecurity(conf);
75
76
77 UTIL.startMiniCluster();
78 AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
79 "TestZKPermissionsWatcher_1", ABORTABLE), conf);
80 AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
81 "TestZKPermissionsWatcher_2", ABORTABLE), conf);
82 }
83
84 @AfterClass
85 public static void afterClass() throws Exception {
86 UTIL.shutdownMiniCluster();
87 }
88
89 @Test
90 public void testPermissionsWatcher() throws Exception {
91 Configuration conf = UTIL.getConfiguration();
92 User george = User.createUserForTesting(conf, "george", new String[] { });
93 User hubert = User.createUserForTesting(conf, "hubert", new String[] { });
94
95 assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
96 TablePermission.Action.READ));
97 assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
98 TablePermission.Action.WRITE));
99 assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
100 TablePermission.Action.READ));
101 assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
102 TablePermission.Action.WRITE));
103
104 assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
105 TablePermission.Action.READ));
106 assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
107 TablePermission.Action.WRITE));
108 assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
109 TablePermission.Action.READ));
110 assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
111 TablePermission.Action.WRITE));
112
113
114 List<TablePermission> acl = new ArrayList<TablePermission>();
115 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
116 TablePermission.Action.WRITE));
117 final long mtimeB = AUTH_B.getMTime();
118 AUTH_A.setTableUserPermissions(george.getShortName(), TEST_TABLE, acl);
119
120 UTIL.waitFor(10000, 100, new Predicate<Exception>() {
121 @Override
122 public boolean evaluate() throws Exception {
123 return AUTH_B.getMTime() > mtimeB;
124 }
125 });
126 Thread.sleep(1000);
127
128
129 assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
130 TablePermission.Action.READ));
131 assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
132 TablePermission.Action.WRITE));
133 assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
134 TablePermission.Action.READ));
135 assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
136 TablePermission.Action.WRITE));
137 assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
138 TablePermission.Action.READ));
139 assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
140 TablePermission.Action.WRITE));
141 assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
142 TablePermission.Action.READ));
143 assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
144 TablePermission.Action.WRITE));
145
146
147 acl = new ArrayList<TablePermission>();
148 acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
149 final long mtimeA = AUTH_A.getMTime();
150 AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
151
152 UTIL.waitFor(10000, 100, new Predicate<Exception>() {
153 @Override
154 public boolean evaluate() throws Exception {
155 return AUTH_A.getMTime() > mtimeA;
156 }
157 });
158 Thread.sleep(1000);
159
160
161 assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
162 TablePermission.Action.READ));
163 assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
164 TablePermission.Action.WRITE));
165 assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
166 TablePermission.Action.READ));
167 assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
168 TablePermission.Action.WRITE));
169 assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
170 TablePermission.Action.READ));
171 assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
172 TablePermission.Action.WRITE));
173 assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
174 TablePermission.Action.READ));
175 assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
176 TablePermission.Action.WRITE));
177 }
178 }