View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security.visibility;
19  
20  import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
21  import static org.junit.Assert.assertNotNull;
22  import static org.junit.Assert.assertNull;
23  
24  import java.io.IOException;
25  import java.security.PrivilegedExceptionAction;
26  
27  import org.apache.hadoop.conf.Configuration;
28  import org.apache.hadoop.hbase.HBaseTestingUtility;
29  import org.apache.hadoop.hbase.HConstants;
30  import org.apache.hadoop.hbase.MediumTests;
31  import org.apache.hadoop.hbase.TableName;
32  import org.apache.hadoop.hbase.client.HTable;
33  import org.apache.hadoop.hbase.client.Put;
34  import org.apache.hadoop.hbase.client.Result;
35  import org.apache.hadoop.hbase.client.ResultScanner;
36  import org.apache.hadoop.hbase.client.Scan;
37  import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
38  import org.apache.hadoop.hbase.security.User;
39  import org.apache.hadoop.hbase.util.Bytes;
40  import org.junit.AfterClass;
41  import org.junit.BeforeClass;
42  import org.junit.Rule;
43  import org.junit.Test;
44  import org.junit.experimental.categories.Category;
45  import org.junit.rules.TestName;
46  
47  @Category(MediumTests.class)
48  public class TestVisibilityLabelsWithSLGStack {
49  
50    public static final String CONFIDENTIAL = "confidential";
51    private static final String SECRET = "secret";
52    public static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
53    private static final byte[] ROW_1 = Bytes.toBytes("row1");
54    private final static byte[] CF = Bytes.toBytes("f");
55    private final static byte[] Q1 = Bytes.toBytes("q1");
56    private final static byte[] Q2 = Bytes.toBytes("q2");
57    private final static byte[] value = Bytes.toBytes("value");
58    public static Configuration conf;
59  
60    @Rule
61    public final TestName TEST_NAME = new TestName();
62    public static User SUPERUSER;
63  
64    @BeforeClass
65    public static void setupBeforeClass() throws Exception {
66      // setup configuration
67      conf = TEST_UTIL.getConfiguration();
68      conf.setInt("hfile.format.version", 3);
69      conf.set("hbase.coprocessor.master.classes", VisibilityController.class.getName());
70      conf.set("hbase.coprocessor.region.classes", VisibilityController.class.getName());
71      String classes = SimpleScanLabelGenerator.class.getCanonicalName() + " , "
72          + LabelFilteringScanLabelGenerator.class.getCanonicalName();
73      conf.setStrings(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, classes);
74      conf.set("hbase.superuser", "admin");
75      TEST_UTIL.startMiniCluster(1);
76      SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
77  
78      // Wait for the labels table to become available
79      TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
80      addLabels();
81    }
82  
83    @Test
84    public void testWithSAGStack() throws Exception {
85      TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
86      HTable table = null;
87      try {
88        table = TEST_UTIL.createTable(tableName, CF);
89        Put put = new Put(ROW_1);
90        put.add(CF, Q1, HConstants.LATEST_TIMESTAMP, value);
91        put.setCellVisibility(new CellVisibility(SECRET));
92        table.put(put);
93        put = new Put(ROW_1);
94        put.add(CF, Q2, HConstants.LATEST_TIMESTAMP, value);
95        put.setCellVisibility(new CellVisibility(CONFIDENTIAL));
96        table.put(put);
97  
98        LabelFilteringScanLabelGenerator.labelToFilter = CONFIDENTIAL;
99        Scan s = new Scan();
100       s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
101       ResultScanner scanner = table.getScanner(s);
102       Result next = scanner.next();
103       assertNotNull(next.getColumnLatestCell(CF, Q1));
104       assertNull(next.getColumnLatestCell(CF, Q2));
105     } finally {
106       if (table != null) {
107         table.close();
108       }
109     }
110   }
111 
112   private static void addLabels() throws Exception {
113     PrivilegedExceptionAction<VisibilityLabelsResponse> action = 
114         new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
115       public VisibilityLabelsResponse run() throws Exception {
116         String[] labels = { SECRET, CONFIDENTIAL };
117         try {
118           VisibilityClient.addLabels(conf, labels);
119         } catch (Throwable t) {
120           throw new IOException(t);
121         }
122         return null;
123       }
124     };
125     SUPERUSER.runAs(action);
126   }
127 
128   @AfterClass
129   public static void tearDownAfterClass() throws Exception {
130     TEST_UTIL.shutdownMiniCluster();
131   }
132 }