Repository: hbase Updated Branches: refs/heads/branch-1.0 0a07e92df -> 9cdcddcfa
HBASE-13246 Correct the assertion for namespace permissions in tearDown method of TestAccessController (Ashish Singhi) Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/9cdcddcf Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/9cdcddcf Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/9cdcddcf Branch: refs/heads/branch-1.0 Commit: 9cdcddcfaf1ce29d67410bfe0ef7b7b9854817d2 Parents: 0a07e92 Author: tedyu <[email protected]> Authored: Mon Mar 16 06:47:33 2015 -0700 Committer: tedyu <[email protected]> Committed: Mon Mar 16 06:47:33 2015 -0700 ---------------------------------------------------------------------- .../security/access/TestAccessController.java | 29 ++++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/9cdcddcf/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index cdc87e5..2d8be95 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -284,7 +284,10 @@ public class TestAccessController extends SecureTestUtil { } // Verify all table/namespace permissions are erased assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size()); - assertEquals(0, AccessControlLists.getNamespacePermissions(conf, TEST_TABLE.getTableName().getNameAsString()).size()); + assertEquals( + 0, + AccessControlLists.getNamespacePermissions(conf, + TEST_TABLE.getTableName().getNamespaceAsString()).size()); } @Test @@ -2095,7 +2098,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = new HTable(conf, TEST_TABLE.getTableName()); + Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); try { return t.get(new Get(TEST_ROW)); } finally { @@ -2106,13 +2109,17 @@ public class TestAccessController extends SecureTestUtil { verifyDenied(getAction, USER_NONE); + String namespace = "testNamespaceUserGrant"; + NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); + TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); + // Grant namespace READ to USER_NONE, this should supersede any table permissions - grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), - TEST_TABLE.getTableName().getNamespaceAsString(), - Permission.Action.READ); + grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); // Now USER_NONE should be able to read also verifyAllowed(getAction, USER_NONE); + + TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); } @Test @@ -2310,7 +2317,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction execEndpointAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = new HTable(conf, TEST_TABLE.getTableName()); + Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); try { BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY); PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build()); @@ -2324,14 +2331,18 @@ public class TestAccessController extends SecureTestUtil { // Verify that EXEC permission is checked correctly verifyDenied(execEndpointAction, userB); verifyAllowed(execEndpointAction, userA); + + String namespace = "testCoprocessorExec"; + NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); + TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); // Now grant EXEC to the entire namespace to user B - grantOnNamespace(TEST_UTIL, userB.getShortName(), - TEST_TABLE.getTableName().getNamespaceAsString(), - Permission.Action.EXEC); + grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC); // User B should now be allowed also verifyAllowed(execEndpointAction, userA, userB); + + TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); } @Test
