HBASE-13294 Fix the critical ancient loopholes in security testing
infrastructure (Srikanth Srungarapu)
Conflicts:
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/993258b1
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/993258b1
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/993258b1
Branch: refs/heads/branch-1.0
Commit: 993258b1a01b57d7bebf0d7ec5b8363dc151b272
Parents: 01fa677
Author: Andrew Purtell <[email protected]>
Authored: Wed Mar 25 09:28:13 2015 -0700
Committer: Andrew Purtell <[email protected]>
Committed: Wed Mar 25 10:36:05 2015 -0700
----------------------------------------------------------------------
.../security/access/AccessControlClient.java | 147 +++++--
.../hbase/security/access/SecureTestUtil.java | 104 +++--
.../security/access/TestAccessController.java | 405 +++++++------------
.../security/access/TestAccessController2.java | 13 +-
.../access/TestCellACLWithMultipleVersions.java | 27 +-
.../hbase/security/access/TestCellACLs.java | 98 ++---
.../security/access/TestNamespaceCommands.java | 185 ++++-----
.../access/TestScanEarlyTermination.java | 35 +-
8 files changed, 483 insertions(+), 531 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index 4500573..99e308f 100644
---
a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -68,16 +68,31 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
+ @Deprecated
public static void grant(Configuration conf, final TableName tableName,
final String userName, final byte[] family, final byte[] qual,
final Permission.Action... actions) throws Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
tableName, family, qual,
- actions);
- }
+ grant(connection, tableName, userName, family, qual, actions);
+ }
+ }
+
+ /**
+ * Grants permission on the specified table for the specified user
+ * @param connection
+ * @param tableName
+ * @param userName
+ * @param family
+ * @param qual
+ * @param actions
+ * @throws Throwable
+ */
+ public static void grant(Connection connection, final TableName tableName,
+ final String userName, final byte[] family, final byte[] qual,
+ final Permission.Action... actions) throws Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
tableName, family, qual,
+ actions);
}
}
@@ -89,39 +104,62 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
+ @Deprecated
public static void grant(Configuration conf, final String namespace,
final String userName, final Permission.Action... actions) throws
Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
namespace, actions);
- }
+ grant(connection, namespace, userName, actions);
+ }
+ }
+
+ /**
+ * Grants permission on the specified namespace for the specified user.
+ * @param conf
+ * @param namespace
+ * @param userName
+ * @param actions
+ * @throws Throwable
+ */
+ public static void grant(Connection connection, final String namespace,
+ final String userName, final Permission.Action... actions) throws
Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
namespace, actions);
}
}
/**
* Grant global permissions for the specified user.
*/
+ @Deprecated
public static void grant(Configuration conf, final String userName,
final Permission.Action... actions) throws Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
actions);
- }
+ grant(connection, userName, actions);
}
}
+ /**
+ * Grant global permissions for the specified user.
+ */
+ public static void grant(Connection connection, final String userName,
+ final Permission.Action... actions) throws Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.grant(getAccessControlServiceStub(table), userName,
actions);
+ }
+ }
+
+ @Deprecated
public static boolean isAccessControllerRunning(Configuration conf)
throws MasterNotRunningException, ZooKeeperConnectionException,
IOException {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Admin admin = connection.getAdmin()) {
- return admin.isTableAvailable(ACL_TABLE_NAME);
- }
+ return isAccessControllerRunning(connection);
+ }
+ }
+
+ public static boolean isAccessControllerRunning(Connection connection)
+ throws MasterNotRunningException, ZooKeeperConnectionException,
IOException {
+ try (Admin admin = connection.getAdmin()) {
+ return admin.isTableAvailable(ACL_TABLE_NAME);
}
}
@@ -135,16 +173,31 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
+ @Deprecated
public static void revoke(Configuration conf, final TableName tableName,
final String username, final byte[] family, final byte[] qualifier,
final Permission.Action... actions) throws Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.revoke(getAccessControlServiceStub(table), username,
tableName, family,
- qualifier, actions);
- }
+ revoke(connection, tableName, username, family, qualifier, actions);
+ }
+ }
+
+ /**
+ * Revokes the permission on the table
+ * @param connection
+ * @param tableName
+ * @param username
+ * @param family
+ * @param qualifier
+ * @param actions
+ * @throws Throwable
+ */
+ public static void revoke(Connection connection, final TableName tableName,
+ final String username, final byte[] family, final byte[] qualifier,
+ final Permission.Action... actions) throws Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.revoke(getAccessControlServiceStub(table), username,
tableName, family,
+ qualifier, actions);
}
}
@@ -156,28 +209,47 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
+ @Deprecated
public static void revoke(Configuration conf, final String namespace,
final String userName, final Permission.Action... actions) throws
Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.revoke(getAccessControlServiceStub(table), userName,
namespace, actions);
- }
+ revoke(connection, namespace, userName, actions);
+ }
+ }
+
+ /**
+ * Revokes the permission on the table for the specified user.
+ * @param connection
+ * @param namespace
+ * @param userName
+ * @param actions
+ * @throws Throwable
+ */
+ public static void revoke(Connection connection, final String namespace,
+ final String userName, final Permission.Action... actions) throws
Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.revoke(getAccessControlServiceStub(table), userName,
namespace, actions);
}
}
/**
* Revoke global permissions for the specified user.
*/
+ @Deprecated
public static void revoke(Configuration conf, final String userName,
final Permission.Action... actions) throws Throwable {
- // TODO: Make it so caller passes in a Connection rather than have us do
this expensive
- // setup each time. This class only used in test and shell at moment
though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
- try (Table table = connection.getTable(ACL_TABLE_NAME)) {
- ProtobufUtil.revoke(getAccessControlServiceStub(table), userName,
actions);
- }
+ revoke(connection, userName, actions);
+ }
+ }
+
+ /**
+ * Revoke global permissions for the specified user.
+ */
+ public static void revoke(Connection connection, final String userName,
+ final Permission.Action... actions) throws Throwable {
+ try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+ ProtobufUtil.revoke(getAccessControlServiceStub(table), userName,
actions);
}
}
@@ -188,6 +260,7 @@ public class AccessControlClient {
* @return - returns an array of UserPermissions
* @throws Throwable
*/
+ @Deprecated
public static List<UserPermission> getUserPermissions(Configuration conf,
String tableRegex)
throws Throwable {
try (Connection connection = ConnectionFactory.createConnection(conf)) {
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
index ea1baeb..93e4938 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -145,6 +145,7 @@ public class SecureTestUtil {
*/
static interface AccessTestAction extends PrivilegedExceptionAction<Object>
{ }
+ /** This fails only in case of ADE or empty list for any of the actions. */
public static void verifyAllowed(User user, AccessTestAction... actions)
throws Exception {
for (AccessTestAction action : actions) {
try {
@@ -161,6 +162,7 @@ public class SecureTestUtil {
}
}
+ /** This fails only in case of ADE or empty list for any of the users. */
public static void verifyAllowed(AccessTestAction action, User... users)
throws Exception {
for (User user : users) {
verifyAllowed(user, action);
@@ -182,36 +184,53 @@ public class SecureTestUtil {
}
}
- public static void verifyDeniedWithException(User user, AccessTestAction...
actions)
- throws Exception {
- verifyDenied(user, true, actions);
- }
-
- public static void verifyDeniedWithException(AccessTestAction action,
User... users)
- throws Exception {
+ /** This passes only in case of ADE for all users. */
+ public static void verifyDenied(AccessTestAction action, User... users)
throws Exception {
for (User user : users) {
- verifyDenied(user, true, action);
+ verifyDenied(user, action);
}
}
- public static void verifyDenied(User user, AccessTestAction... actions)
throws Exception {
- verifyDenied(user, false, actions);
- }
-
- public static void verifyDenied(User user, boolean requireException,
- AccessTestAction... actions) throws Exception {
- for (AccessTestAction action : actions) {
+ /** This passes only in case of empty list for all users. */
+ public static void verifyIfEmptyList(AccessTestAction action, User... users)
throws Exception {
+ for (User user : users) {
try {
Object obj = user.runAs(action);
- if (requireException) {
- fail("Expected exception was not thrown for user '" +
user.getShortName() + "'");
- }
if (obj != null && obj instanceof List<?>) {
List<?> results = (List<?>) obj;
if (results != null && !results.isEmpty()) {
- fail("Unexpected results for user '" + user.getShortName() + "'");
+ fail("Unexpected action results: " + results + " for user '"
+ + user.getShortName() + "'");
}
+ } else {
+ fail("Unexpected results for user '" + user.getShortName() + "'");
+ }
+ } catch (AccessDeniedException ade) {
+ fail("Expected action to pass for user '" + user.getShortName() + "'
but was denied");
+ }
+ }
+ }
+
+ /** This passes only in case of null for all users. */
+ public static void verifyIfNull(AccessTestAction action, User... users)
throws Exception {
+ for (User user : users) {
+ try {
+ Object obj = user.runAs(action);
+ if (obj != null) {
+ fail("Non null results from action for user '" + user.getShortName()
+ "'");
}
+ } catch (AccessDeniedException ade) {
+ fail("Expected action to pass for user '" + user.getShortName() + "'
but was denied");
+ }
+ }
+ }
+
+ /** This passes only in case of ADE for all actions. */
+ public static void verifyDenied(User user, AccessTestAction... actions)
throws Exception {
+ for (AccessTestAction action : actions) {
+ try {
+ user.runAs(action);
+ fail("Expected exception was not thrown for user '" +
user.getShortName() + "'");
} catch (IOException e) {
boolean isAccessDeniedException = false;
if(e instanceof RetriesExhaustedWithDetailsException) {
@@ -257,12 +276,6 @@ public class SecureTestUtil {
}
}
- public static void verifyDenied(AccessTestAction action, User... users)
throws Exception {
- for (User user : users) {
- verifyDenied(user, action);
- }
- }
-
private static List<AccessController> getAccessControllers(MiniHBaseCluster
cluster) {
List<AccessController> result = Lists.newArrayList();
for (RegionServerThread t: cluster.getLiveRegionServerThreads()) {
@@ -410,18 +423,39 @@ public class SecureTestUtil {
}
/**
+ * Grant permissions on a namespace to the given user using AccessControl
Client.
+ * Will wait until all active AccessController instances have updated their
permissions caches
+ * or will throw an exception upon timeout (10 seconds).
+ */
+ public static void grantOnNamespaceUsingAccessControlClient(final
HBaseTestingUtility util,
+ final Connection connection, final String user, final String namespace,
+ final Permission.Action... actions) throws Exception {
+ SecureTestUtil.updateACLs(util, new Callable<Void>() {
+ @Override
+ public Void call() throws Exception {
+ try {
+ AccessControlClient.grant(connection, namespace, user, actions);
+ } catch (Throwable t) {
+ t.printStackTrace();
+ }
+ return null;
+ }
+ });
+ }
+
+ /**
* Revoke permissions on a namespace from the given user using AccessControl
Client.
* Will wait until all active AccessController instances have updated their
permissions caches
* or will throw an exception upon timeout (10 seconds).
*/
public static void revokeFromNamespaceUsingAccessControlClient(final
HBaseTestingUtility util,
- final Configuration conf, final String user, final String namespace,
+ final Connection connection, final String user, final String namespace,
final Permission.Action... actions) throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
- AccessControlClient.revoke(conf, namespace, user, actions);
+ AccessControlClient.revoke(connection, namespace, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@@ -483,13 +517,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void grantOnTableUsingAccessControlClient(final
HBaseTestingUtility util,
- final Configuration conf, final String user, final TableName table,
final byte[] family,
+ final Connection connection, final String user, final TableName table,
final byte[] family,
final byte[] qualifier, final Permission.Action... actions) throws
Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
- AccessControlClient.grant(conf, table, user, family, qualifier,
actions);
+ AccessControlClient.grant(connection, table, user, family,
qualifier, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@@ -504,13 +538,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void grantGlobalUsingAccessControlClient(final
HBaseTestingUtility util,
- final Configuration conf, final String user, final Permission.Action...
actions)
+ final Connection connection, final String user, final
Permission.Action... actions)
throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
- AccessControlClient.grant(conf, user, actions);
+ AccessControlClient.grant(connection, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@@ -549,13 +583,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void revokeFromTableUsingAccessControlClient(final
HBaseTestingUtility util,
- final Configuration conf, final String user, final TableName table,
final byte[] family,
+ final Connection connection, final String user, final TableName table,
final byte[] family,
final byte[] qualifier, final Permission.Action... actions) throws
Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
- AccessControlClient.revoke(conf, table, user, family, qualifier,
actions);
+ AccessControlClient.revoke(connection, table, user, family,
qualifier, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@@ -570,13 +604,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void revokeGlobalUsingAccessControlClient(final
HBaseTestingUtility util,
- final Configuration conf, final String user,final Permission.Action...
actions)
+ final Connection connection, final String user,final
Permission.Action... actions)
throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
- AccessControlClient.revoke(conf, user, actions);
+ AccessControlClient.revoke(connection, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index 44135f5..9c4bc69 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -138,6 +138,11 @@ public class TestAccessController extends SecureTestUtil {
private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
private static Configuration conf;
+ /** The systemUserConnection created here is tied to the system user. In
case, you are planning
+ * to create AccessTestAction, DON'T use this systemUserConnection as the
'doAs' user
+ * gets eclipsed by the system user. */
+ private static Connection systemUserConnection;
+
// user with all permissions
private static User SUPERUSER;
// user granted with all global permission
@@ -213,6 +218,8 @@ public class TestAccessController extends SecureTestUtil {
USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new
String[0]);
+
+ systemUserConnection = TEST_UTIL.getConnection();
}
@AfterClass
@@ -267,7 +274,8 @@ public class TestAccessController extends SecureTestUtil {
assertEquals(5, AccessControlLists.getTablePermissions(conf,
TEST_TABLE.getTableName()).size());
try {
- assertEquals(5, AccessControlClient.getUserPermissions(conf,
TEST_TABLE.toString()).size());
+ assertEquals(5,
AccessControlClient.getUserPermissions(systemUserConnection,
+ TEST_TABLE.toString()).size());
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.getUserPermissions.
", e);
}
@@ -354,8 +362,8 @@ public class TestAccessController extends SecureTestUtil {
}
};
- verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE);
- verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE, USER_OWNER);
+ verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE,
USER_OWNER);
+ verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE);
}
@Test
@@ -451,8 +459,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testMove() throws Exception {
List<HRegionLocation> regions;
- try (RegionLocator locator =
- TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) {
+ try (RegionLocator locator =
systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
regions = locator.getAllRegionLocations();
}
HRegionLocation location = regions.get(0);
@@ -474,8 +481,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testAssign() throws Exception {
List<HRegionLocation> regions;
- try (RegionLocator locator =
- TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) {
+ try (RegionLocator locator =
systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
regions = locator.getAllRegionLocations();
}
HRegionLocation location = regions.get(0);
@@ -495,8 +501,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testUnassign() throws Exception {
List<HRegionLocation> regions;
- try (RegionLocator locator =
- TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) {
+ try (RegionLocator locator =
systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
regions = locator.getAllRegionLocations();
}
HRegionLocation location = regions.get(0);
@@ -516,8 +521,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testRegionOffline() throws Exception {
List<HRegionLocation> regions;
- try (RegionLocator locator =
- TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) {
+ try (RegionLocator locator =
systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) {
regions = locator.getAllRegionLocations();
}
HRegionLocation location = regions.get(0);
@@ -673,20 +677,6 @@ public class TestAccessController extends SecureTestUtil {
verifyDenied(action, USER_RW, USER_RO, USER_NONE);
}
- @Test
- public void testPreCompactSelection() throws Exception {
- AccessTestAction action = new AccessTestAction() {
- @Override
- public Object run() throws Exception {
-
ACCESS_CONTROLLER.preCompactSelection(ObserverContext.createAndPrepare(RCP_ENV,
null), null, null);
- return null;
- }
- };
-
- verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
- verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
- }
-
private void verifyRead(AccessTestAction action) throws Exception {
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE,
USER_RW, USER_RO);
verifyDenied(action, USER_NONE);
@@ -705,11 +695,9 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Get g = new Get(TEST_ROW);
g.addFamily(TEST_FAMILY);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName())) {
t.get(g);
- } finally {
- t.close();
}
return null;
}
@@ -722,9 +710,8 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Scan s = new Scan();
s.addFamily(TEST_FAMILY);
-
- Table table = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table table = conn.getTable(TEST_TABLE.getTableName())) {
ResultScanner scanner = table.getScanner(s);
try {
for (Result r = scanner.next(); r != null; r = scanner.next()) {
@@ -734,8 +721,6 @@ public class TestAccessController extends SecureTestUtil {
} finally {
scanner.close();
}
- } finally {
- table.close();
}
return null;
}
@@ -752,11 +737,9 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Put p = new Put(TEST_ROW);
p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName())) {
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -769,11 +752,9 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(TEST_FAMILY);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName())) {
t.delete(d);
- } finally {
- t.close();
}
return null;
}
@@ -786,11 +767,9 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Increment inc = new Increment(TEST_ROW);
inc.addColumn(TEST_FAMILY, TEST_QUALIFIER, 1);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
t.increment(inc);
- } finally {
- t.close();
}
return null;
}
@@ -806,12 +785,10 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(TEST_FAMILY);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
t.checkAndDelete(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
- Bytes.toBytes("test_value"), d);
- } finally {
- t.close();
+ Bytes.toBytes("test_value"), d);
}
return null;
}
@@ -824,12 +801,10 @@ public class TestAccessController extends SecureTestUtil {
public Object run() throws Exception {
Put p = new Put(TEST_ROW);
p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
t.checkAndPut(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
- Bytes.toBytes("test_value"), p);
- } finally {
- t.close();
+ Bytes.toBytes("test_value"), p);
}
return null;
}
@@ -926,12 +901,11 @@ public class TestAccessController extends SecureTestUtil {
//set global read so RegionServer can move it
setPermission(loadPath, FsPermission.valueOf("-rwxrwxrwx"));
- try (HTable table =
(HTable)TEST_UTIL.getConnection().getTable(tableName)) {
- try (Admin admin = TEST_UTIL.getHBaseAdmin()) {
- TEST_UTIL.waitTableEnabled(admin, tableName.getName());
- LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf);
- loader.doBulkLoad(loadPath, table);
- }
+ try (Connection conn = ConnectionFactory.createConnection(conf);
+ HTable table = (HTable)conn.getTable(tableName)) {
+ TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
+ LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf);
+ loader.doBulkLoad(loadPath, table);
}
}
@@ -960,12 +934,10 @@ public class TestAccessController extends SecureTestUtil {
put.add(TEST_FAMILY, qualifier, Bytes.toBytes(1));
Append append = new Append(row);
append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2));
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName())) {
t.put(put);
t.append(append);
- } finally {
- t.close();
}
return null;
}
@@ -980,15 +952,13 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction grantAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
BlockingRpcChannel service =
acl.coprocessorService(TEST_TABLE.getTableName().getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.grant(protocol, USER_RO.getShortName(),
TEST_TABLE.getTableName(),
- TEST_FAMILY, null, Action.READ);
- } finally {
- acl.close();
+ TEST_FAMILY, null, Action.READ);
}
return null;
}
@@ -997,15 +967,13 @@ public class TestAccessController extends SecureTestUtil {
AccessTestAction revokeAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
BlockingRpcChannel service =
acl.coprocessorService(TEST_TABLE.getTableName().getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.revoke(protocol, USER_RO.getShortName(),
TEST_TABLE.getTableName(),
- TEST_FAMILY, null, Action.READ);
- } finally {
- acl.close();
+ TEST_FAMILY, null, Action.READ);
}
return null;
}
@@ -1014,14 +982,12 @@ public class TestAccessController extends SecureTestUtil
{
AccessTestAction getTablePermissionsAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)){
BlockingRpcChannel service =
acl.coprocessorService(TEST_TABLE.getTableName().getName());
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.getUserPermissions(protocol, TEST_TABLE.getTableName());
- } finally {
- acl.close();
}
return null;
}
@@ -1030,14 +996,12 @@ public class TestAccessController extends SecureTestUtil
{
AccessTestAction getGlobalPermissionsAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME);) {
BlockingRpcChannel service =
acl.coprocessorService(HConstants.EMPTY_START_ROW);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
ProtobufUtil.getUserPermissions(protocol);
- } finally {
- acl.close();
}
return null;
}
@@ -1053,7 +1017,7 @@ public class TestAccessController extends SecureTestUtil {
verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO,
USER_NONE);
verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN);
- verifyDeniedWithException(getGlobalPermissionsAction, USER_CREATE,
+ verifyDenied(getGlobalPermissionsAction, USER_CREATE,
USER_OWNER, USER_RW, USER_RO, USER_NONE);
}
@@ -1090,11 +1054,9 @@ public class TestAccessController extends SecureTestUtil
{
Put p = new Put(Bytes.toBytes("a"));
p.add(family1, qualifier, Bytes.toBytes("v1"));
p.add(family2, qualifier, Bytes.toBytes("v2"));
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName);) {
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -1105,11 +1067,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Put p = new Put(Bytes.toBytes("a"));
p.add(family1, qualifier, Bytes.toBytes("v1"));
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -1120,11 +1080,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Put p = new Put(Bytes.toBytes("a"));
p.add(family2, qualifier, Bytes.toBytes("v2"));
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName);) {
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -1136,11 +1094,9 @@ public class TestAccessController extends SecureTestUtil
{
Get g = new Get(TEST_ROW);
g.addFamily(family1);
g.addFamily(family2);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName);) {
t.get(g);
- } finally {
- t.close();
}
return null;
}
@@ -1151,11 +1107,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Get g = new Get(TEST_ROW);
g.addFamily(family1);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.get(g);
- } finally {
- t.close();
}
return null;
}
@@ -1166,11 +1120,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Get g = new Get(TEST_ROW);
g.addFamily(family2);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.get(g);
- } finally {
- t.close();
}
return null;
}
@@ -1182,11 +1134,9 @@ public class TestAccessController extends SecureTestUtil
{
Delete d = new Delete(TEST_ROW);
d.deleteFamily(family1);
d.deleteFamily(family2);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.delete(d);
- } finally {
- t.close();
}
return null;
}
@@ -1197,11 +1147,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(family1);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.delete(d);
- } finally {
- t.close();
}
return null;
}
@@ -1212,11 +1160,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Delete d = new Delete(TEST_ROW);
d.deleteFamily(family2);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.delete(d);
- } finally {
- t.close();
}
return null;
}
@@ -1360,11 +1306,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Get g = new Get(TEST_ROW);
g.addColumn(family1, qualifier);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.get(g);
- } finally {
- t.close();
}
return null;
}
@@ -1375,11 +1319,9 @@ public class TestAccessController extends SecureTestUtil
{
public Object run() throws Exception {
Put p = new Put(TEST_ROW);
p.add(family1, qualifier, Bytes.toBytes("v1"));
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -1391,11 +1333,9 @@ public class TestAccessController extends SecureTestUtil
{
Delete d = new Delete(TEST_ROW);
d.deleteColumn(family1, qualifier);
// d.deleteFamily(family1);
- Table t = new HTable(conf, tableName);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(tableName)) {
t.delete(d);
- } finally {
- t.close();
}
return null;
}
@@ -1469,8 +1409,7 @@ public class TestAccessController extends SecureTestUtil {
TEST_UTIL.waitUntilAllRegionsAssigned(tableName);
List<UserPermission> perms;
-
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ Table acl =
systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
AccessControlService.BlockingInterface protocol =
@@ -1483,7 +1422,7 @@ public class TestAccessController extends SecureTestUtil {
UserPermission ownerperm = new UserPermission(
Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());
assertTrue("Owner should have all permissions on table",
- hasFoundUserPermission(ownerperm, perms));
+ hasFoundUserPermission(ownerperm, perms));
User user = User.createUserForTesting(TEST_UTIL.getConfiguration(),
"user", new String[0]);
byte[] userName = Bytes.toBytes(user.getShortName());
@@ -1491,13 +1430,13 @@ public class TestAccessController extends
SecureTestUtil {
UserPermission up = new UserPermission(userName,
tableName, family1, qualifier, Permission.Action.READ);
assertFalse("User should not be granted permission: " + up.toString(),
- hasFoundUserPermission(up, perms));
+ hasFoundUserPermission(up, perms));
// grant read permission
grantOnTable(TEST_UTIL, user.getShortName(),
- tableName, family1, qualifier, Permission.Action.READ);
+ tableName, family1, qualifier, Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
AccessControlService.BlockingInterface protocol =
@@ -1510,19 +1449,19 @@ public class TestAccessController extends
SecureTestUtil {
UserPermission upToVerify = new UserPermission(
userName, tableName, family1, qualifier, Permission.Action.READ);
assertTrue("User should be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ hasFoundUserPermission(upToVerify, perms));
upToVerify = new UserPermission(
userName, tableName, family1, qualifier, Permission.Action.WRITE);
assertFalse("User should not be granted permission: " +
upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ hasFoundUserPermission(upToVerify, perms));
// grant read+write
grantOnTable(TEST_UTIL, user.getShortName(),
tableName, family1, qualifier,
Permission.Action.WRITE, Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
AccessControlService.BlockingInterface protocol =
@@ -1535,13 +1474,13 @@ public class TestAccessController extends
SecureTestUtil {
upToVerify = new UserPermission(userName, tableName, family1,
qualifier, Permission.Action.WRITE, Permission.Action.READ);
assertTrue("User should be granted permission: " + upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ hasFoundUserPermission(upToVerify, perms));
// revoke
revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1,
qualifier,
- Permission.Action.WRITE, Permission.Action.READ);
+ Permission.Action.WRITE, Permission.Action.READ);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
AccessControlService.BlockingInterface protocol =
@@ -1552,7 +1491,7 @@ public class TestAccessController extends SecureTestUtil {
}
assertFalse("User should not be granted permission: " +
upToVerify.toString(),
- hasFoundUserPermission(upToVerify, perms));
+ hasFoundUserPermission(upToVerify, perms));
// disable table before modification
admin.disableTable(tableName);
@@ -1561,7 +1500,7 @@ public class TestAccessController extends SecureTestUtil {
htd.setOwner(newOwner);
admin.modifyTable(tableName, htd);
- acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
AccessControlService.BlockingInterface protocol =
@@ -1574,7 +1513,7 @@ public class TestAccessController extends SecureTestUtil {
UserPermission newOwnerperm = new UserPermission(
Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());
assertTrue("New owner should have all permissions on table",
- hasFoundUserPermission(newOwnerperm, perms));
+ hasFoundUserPermission(newOwnerperm, perms));
// delete table
admin.deleteTable(tableName);
@@ -1583,7 +1522,7 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testGlobalPermissionList() throws Exception {
List<UserPermission> perms;
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ Table acl =
systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel service =
acl.coprocessorService(HConstants.EMPTY_START_ROW);
AccessControlService.BlockingInterface protocol =
@@ -1618,8 +1557,8 @@ public class TestAccessController extends SecureTestUtil {
AccessControlProtos.GlobalPermission.newBuilder()
.addAction(ProtobufUtil.toPermissionAction(a)).build()));
}
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(channel);
@@ -1628,8 +1567,6 @@ public class TestAccessController extends SecureTestUtil {
} catch (ServiceException se) {
ProtobufUtil.toIOException(se);
}
- } finally {
- acl.close();
}
}
@@ -1648,8 +1585,8 @@ public class TestAccessController extends SecureTestUtil {
for (Permission p : perms) {
request.addPermission(ProtobufUtil.toPermission(p));
}
- Table acl = new HTable(conf, table);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table acl = conn.getTable(table)) {
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(acl.coprocessorService(new
byte[0]));
try {
@@ -1657,8 +1594,6 @@ public class TestAccessController extends SecureTestUtil {
} catch (ServiceException se) {
ProtobufUtil.toIOException(se);
}
- } finally {
- acl.close();
}
}
@@ -1798,7 +1733,7 @@ public class TestAccessController extends SecureTestUtil {
.setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName()))
.addAction(AccessControlProtos.Permission.Action.CREATE))
).build();
- Table acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ Table acl =
systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);
try {
BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);
AccessControlService.BlockingInterface protocol =
@@ -1949,13 +1884,13 @@ public class TestAccessController extends
SecureTestUtil {
// Move region to the new RegionServer.
List<HRegionLocation> regions;
- try (RegionLocator locator =
TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE2)) {
+ try (RegionLocator locator =
systemUserConnection.getRegionLocator(TEST_TABLE2)) {
regions = locator.getAllRegionLocations();
}
HRegionLocation location = regions.get(0);
final HRegionInfo hri = location.getRegionInfo();
final ServerName server = location.getServerName();
- try (HTable table =
(HTable)TEST_UTIL.getConnection().getTable(TEST_TABLE2)) {
+ try (HTable table = (HTable) systemUserConnection.getTable(TEST_TABLE2)) {
AccessTestAction moveAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
@@ -2007,37 +1942,25 @@ public class TestAccessController extends
SecureTestUtil {
AccessTestAction listTablesAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Connection unmanagedConnection =
- ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
- Admin admin = unmanagedConnection.getAdmin();
- try {
- admin.listTables();
- } finally {
- admin.close();
- unmanagedConnection.close();
+ try(Connection conn =
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+ Admin admin = conn.getAdmin()) {
+ return Arrays.asList(admin.listTables());
}
- return null;
}
};
AccessTestAction getTableDescAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Connection unmanagedConnection =
- ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
- Admin admin = unmanagedConnection.getAdmin();
- try {
- admin.getTableDescriptor(TEST_TABLE.getTableName());
- } finally {
- admin.close();
- unmanagedConnection.close();
+ try(Connection conn =
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+ Admin admin = conn.getAdmin();) {
+ return admin.getTableDescriptor(TEST_TABLE.getTableName());
}
- return null;
}
};
verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE,
TABLE_ADMIN);
- verifyDenied(listTablesAction, USER_RW, USER_RO, USER_NONE);
+ verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE);
verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE,
TABLE_ADMIN);
verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE);
@@ -2061,7 +1984,7 @@ public class TestAccessController extends SecureTestUtil {
};
verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE,
USER_RW, USER_RO);
- verifyDenied(listTablesAction, USER_NONE);
+ verifyIfEmptyList(listTablesAction, USER_NONE);
}
@Test
@@ -2098,28 +2021,23 @@ public class TestAccessController extends
SecureTestUtil {
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t =
TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
return t.get(new Get(TEST_ROW));
- } finally {
- t.close();
}
}
};
- verifyDenied(getAction, USER_NONE);
-
- String namespace = "testNamespaceUserGrant";
- NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
- TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
+ String namespace = TEST_TABLE.getTableName().getNamespaceAsString();
// Grant namespace READ to USER_NONE, this should supersede any table
permissions
grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace,
Permission.Action.READ);
-
- // Now USER_NONE should be able to read also
+ // Now USER_NONE should be able to read
verifyAllowed(getAction, USER_NONE);
- TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
+ // Revoke namespace READ to USER_NONE
+ revokeFromNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace,
Permission.Action.READ);
+ verifyDenied(getAction, USER_NONE);
}
@Test
@@ -2129,11 +2047,9 @@ public class TestAccessController extends SecureTestUtil
{
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
return t.get(new Get(TEST_ROW));
- } finally {
- t.close();
}
}
};
@@ -2142,7 +2058,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant table READ permissions to testGrantRevoke.
try {
- grantOnTableUsingAccessControlClient(TEST_UTIL, conf,
testGrantRevoke.getShortName(),
+ grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection,
testGrantRevoke.getShortName(),
TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2153,7 +2069,7 @@ public class TestAccessController extends SecureTestUtil {
// Revoke table READ permission to testGrantRevoke.
try {
- revokeFromTableUsingAccessControlClient(TEST_UTIL, conf,
testGrantRevoke.getShortName(),
+ revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection,
testGrantRevoke.getShortName(),
TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2171,11 +2087,9 @@ public class TestAccessController extends SecureTestUtil
{
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName())) {
return t.get(new Get(TEST_ROW));
- } finally {
- t.close();
}
}
};
@@ -2184,8 +2098,8 @@ public class TestAccessController extends SecureTestUtil {
// Grant table READ permissions to testGlobalGrantRevoke.
try {
- grantGlobalUsingAccessControlClient(TEST_UTIL, conf,
testGlobalGrantRevoke.getShortName(),
- Permission.Action.READ);
+ grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection,
+ testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
}
@@ -2195,8 +2109,8 @@ public class TestAccessController extends SecureTestUtil {
// Revoke table READ permission to testGlobalGrantRevoke.
try {
- revokeGlobalUsingAccessControlClient(TEST_UTIL, conf,
testGlobalGrantRevoke.getShortName(),
- Permission.Action.READ);
+ revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection,
+ testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
}
@@ -2212,11 +2126,9 @@ public class TestAccessController extends SecureTestUtil
{
AccessTestAction getAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
return t.get(new Get(TEST_ROW));
- } finally {
- t.close();
}
}
};
@@ -2225,7 +2137,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant namespace READ to testNS, this should supersede any table
permissions
try {
- grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf,
testNS.getShortName(),
+ grantOnNamespaceUsingAccessControlClient(TEST_UTIL,
systemUserConnection, testNS.getShortName(),
TEST_TABLE.getTableName().getNamespaceAsString(),
Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2236,7 +2148,7 @@ public class TestAccessController extends SecureTestUtil {
// Revoke namespace READ to testNS, this should supersede any table
permissions
try {
- revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf,
testNS.getShortName(),
+ revokeFromNamespaceUsingAccessControlClient(TEST_UTIL,
systemUserConnection, testNS.getShortName(),
TEST_TABLE.getTableName().getNamespaceAsString(),
Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2317,32 +2229,25 @@ public class TestAccessController extends
SecureTestUtil {
AccessTestAction execEndpointAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t =
TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
BlockingRpcChannel service =
t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY);
PingCoprocessor.newBlockingStub(service).noop(null,
NoopRequest.newBuilder().build());
- } finally {
- t.close();
}
return null;
}
};
- // Verify that EXEC permission is checked correctly
- verifyDenied(execEndpointAction, userB);
- verifyAllowed(execEndpointAction, userA);
-
- String namespace = "testCoprocessorExec";
- NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
- TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
-
+ String namespace = TEST_TABLE.getTableName().getNamespaceAsString();
// Now grant EXEC to the entire namespace to user B
grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace,
Permission.Action.EXEC);
-
// User B should now be allowed also
verifyAllowed(execEndpointAction, userA, userB);
- TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
+ revokeFromNamespace(TEST_UTIL, userB.getShortName(), namespace,
Permission.Action.EXEC);
+ // Verify that EXEC permission is checked correctly
+ verifyDenied(execEndpointAction, userB);
+ verifyAllowed(execEndpointAction, userA);
}
@Test
@@ -2350,16 +2255,14 @@ public class TestAccessController extends
SecureTestUtil {
AccessTestAction putWithReservedTag = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(TEST_TABLE.getTableName());) {
KeyValue kv = new KeyValue(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER,
HConstants.LATEST_TIMESTAMP, HConstants.EMPTY_BYTE_ARRAY,
new Tag[] { new Tag(AccessControlLists.ACL_TAG_TYPE,
ProtobufUtil.toUsersAndPermissions(USER_OWNER.getShortName(),
new Permission(Permission.Action.READ)).toByteArray()) });
t.put(new Put(TEST_ROW).add(kv));
- } finally {
- t.close();
}
return null;
}
@@ -2371,29 +2274,29 @@ public class TestAccessController extends
SecureTestUtil {
verifyDenied(putWithReservedTag, USER_OWNER, USER_ADMIN, USER_CREATE,
USER_RW, USER_RO);
}
- @Test
- public void testGetNamespacePermission() throws Exception {
- String namespace = "testNamespace";
- NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
- TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
- grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace,
Permission.Action.READ);
- try {
- List<UserPermission> namespacePermissions =
AccessControlClient.getUserPermissions(conf,
- AccessControlLists.toNamespaceEntry(namespace));
- assertTrue(namespacePermissions != null);
- assertTrue(namespacePermissions.size() == 1);
- } catch (Throwable thw) {
- throw new HBaseException(thw);
- }
- TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
- }
+ @Test
+ public void testGetNamespacePermission() throws Exception {
+ String namespace = "testGetNamespacePermission";
+ NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
+ TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
+ grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace,
Permission.Action.READ);
+ try {
+ List<UserPermission> namespacePermissions =
AccessControlClient.getUserPermissions(
+ systemUserConnection,
AccessControlLists.toNamespaceEntry(namespace));
+ assertTrue(namespacePermissions != null);
+ assertTrue(namespacePermissions.size() == 1);
+ } catch (Throwable thw) {
+ throw new HBaseException(thw);
+ }
+ TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
+ }
@Test
- public void testTruncatePerms() throws Throwable {
+ public void testTruncatePerms() throws Exception {
try (Connection connection =
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
List<UserPermission> existingPerms =
AccessControlClient.getUserPermissions(connection,
- TEST_TABLE.getTableName().getNameAsString());
+ TEST_TABLE.getTableName().getNameAsString());
assertTrue(existingPerms != null);
assertTrue(existingPerms.size() > 1);
try (Admin admin = connection.getAdmin()) {
@@ -2404,6 +2307,8 @@ public class TestAccessController extends SecureTestUtil {
TEST_TABLE.getTableName().getNameAsString());
assertTrue(perms != null);
assertEquals(existingPerms.size(), perms.size());
+ } catch (Throwable thw) {
+ throw new HBaseException(thw);
}
}
@@ -2411,8 +2316,8 @@ public class TestAccessController extends SecureTestUtil {
return new PrivilegedAction<List<UserPermission>>() {
@Override
public List<UserPermission> run() {
- try {
- return AccessControlClient.getUserPermissions(conf, regex);
+ try(Connection conn = ConnectionFactory.createConnection(conf);) {
+ return AccessControlClient.getUserPermissions(conn, regex);
} catch (Throwable e) {
LOG.error("error during call of
AccessControlClient.getUserPermissions.", e);
return null;
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
index 316105c..ec43854 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
@@ -33,11 +33,9 @@ import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.NamespaceDescriptor;
import org.apache.hadoop.hbase.TableName;
-import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
-import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
@@ -249,13 +247,12 @@ public class TestAccessController2 extends SecureTestUtil
{
AccessTestAction writeAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
t.put(new Put(TEST_ROW).add(AccessControlLists.ACL_LIST_FAMILY,
TEST_QUALIFIER,
TEST_VALUE));
return null;
} finally {
- t.close();
}
}
};
@@ -272,8 +269,8 @@ public class TestAccessController2 extends SecureTestUtil {
AccessTestAction scanAction = new AccessTestAction() {
@Override
public Object run() throws Exception {
- HTable t = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
- try {
+ try(Connection conn = ConnectionFactory.createConnection(conf);
+ Table t = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) {
ResultScanner s = t.getScanner(new Scan());
try {
for (Result r = s.next(); r != null; r = s.next()) {
@@ -283,8 +280,6 @@ public class TestAccessController2 extends SecureTestUtil {
s.close();
}
return null;
- } finally {
- t.close();
}
}
};
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
index 0edc1e9..864df5a 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
@@ -38,7 +38,6 @@ import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
-import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Table;
@@ -153,8 +152,8 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
// with ro ACL
p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO);
@@ -173,8 +172,6 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO);
p.setACL(USER_OTHER.getShortName(), new
Permission(Permission.Action.WRITE));
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -187,11 +184,9 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
public Object run() throws Exception {
Get get = new Get(TEST_ROW);
get.setMaxVersions(10);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -201,11 +196,9 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
public Object run() throws Exception {
Get get = new Get(TEST_ROW);
get.setMaxVersions(10);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -218,8 +211,8 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO);
p.setACL(USER_OTHER.getShortName(), new
Permission(Permission.Action.WRITE));
@@ -230,8 +223,6 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO);
p.setACL(USER_OTHER.getShortName(), new
Permission(Permission.Action.WRITE));
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -439,7 +430,7 @@ public class TestCellACLWithMultipleVersions extends
SecureTestUtil {
// The other put should be covered by the tombstone
- verifyDenied(getQ2, USER_OTHER);
+ verifyIfNull(getQ2, USER_OTHER);
}
@Test
http://git-wip-us.apache.org/repos/asf/hbase/blob/993258b1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
index ae08a15..a4580a8 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java
@@ -32,6 +32,8 @@ import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.HTable;
@@ -144,8 +146,8 @@ public class TestCellACLs extends SecureTestUtil {
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
// with ro ACL
p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO);
@@ -160,8 +162,6 @@ public class TestCellACLs extends SecureTestUtil {
.add(TEST_FAMILY, TEST_Q3, ZERO)
.add(TEST_FAMILY, TEST_Q4, ZERO);
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -173,11 +173,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -186,11 +184,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -199,11 +195,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q3);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -212,11 +206,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q4);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(get).listCells();
- } finally {
- t.close();
}
}
};
@@ -228,8 +220,8 @@ public class TestCellACLs extends SecureTestUtil {
// Confirm this access does not extend to other cells
- verifyDenied(getQ3, USER_OTHER);
- verifyDenied(getQ4, USER_OTHER);
+ verifyIfNull(getQ3, USER_OTHER);
+ verifyIfNull(getQ4, USER_OTHER);
/* ---- Scans ---- */
@@ -277,11 +269,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1,
1L);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.increment(i);
- } finally {
- t.close();
}
return null;
}
@@ -291,11 +281,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2,
1L);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.increment(i);
- } finally {
- t.close();
}
return null;
}
@@ -307,11 +295,9 @@ public class TestCellACLs extends SecureTestUtil {
Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2,
1L);
// Tag this increment with an ACL that denies write permissions to
USER_OTHER
i.setACL(USER_OTHER.getShortName(), new Permission(Action.READ));
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.increment(i);
- } finally {
- t.close();
}
return null;
}
@@ -321,11 +307,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q3,
1L);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.increment(i);
- } finally {
- t.close();
}
return null;
}
@@ -348,11 +332,9 @@ public class TestCellACLs extends SecureTestUtil {
@Override
public Object run() throws Exception {
Delete delete = new Delete(TEST_ROW).deleteFamily(TEST_FAMILY);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.delete(delete);
- } finally {
- t.close();
}
return null;
}
@@ -361,12 +343,10 @@ public class TestCellACLs extends SecureTestUtil {
AccessTestAction deleteQ1 = new AccessTestAction() {
@Override
public Object run() throws Exception {
- Delete delete = new Delete(TEST_ROW).deleteColumn(TEST_FAMILY,
TEST_Q1);
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ Delete delete = new Delete(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1);
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
t.delete(delete);
- } finally {
- t.close();
}
return null;
}
@@ -393,13 +373,11 @@ public class TestCellACLs extends SecureTestUtil {
verifyDenied(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO);
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -409,13 +387,11 @@ public class TestCellACLs extends SecureTestUtil {
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO);
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -425,13 +401,11 @@ public class TestCellACLs extends SecureTestUtil {
verifyDenied(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
Put p;
p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ONE);
t.put(p);
- } finally {
- t.close();
}
return null;
}
@@ -441,11 +415,9 @@ public class TestCellACLs extends SecureTestUtil {
verifyAllowed(new AccessTestAction() {
@Override
public Object run() throws Exception {
- Table t = new HTable(conf, TEST_TABLE.getTableName());
- try {
+ try(Connection connection = ConnectionFactory.createConnection(conf);
+ Table t = connection.getTable(TEST_TABLE.getTableName())) {
return t.get(new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1));
- } finally {
- t.close();
}
}
}, USER_OTHER);
