[jira] [Commented] (HBASE-13241) Add tests for group level grants

Ashish Singhi (JIRA) Wed, 18 Mar 2015 03:54:14 -0700

    [ 
https://issues.apache.org/jira/browse/HBASE-13241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14366957#comment-14366957
 ]


Ashish Singhi commented on HBASE-13241:
---------------------------------------

Thanks [~mbertozzi] for taking a look.
bq. I see only in one place the assert on the scan result
We have it at three different places with different values expected.
1. {code}
+         Scan s1 = new Scan();
+          try (ResultScanner scanner1 = table.getScanner(s1);) {
+            Result[] next1 = scanner1.next(5);
+            assertTrue(next1.length == 3);
+          }
{code}
2. {code}
+         Scan s1 = new Scan();
+          try (ResultScanner scanner1 = table.getScanner(s1);) {
+            Result[] next1 = scanner1.next(5);
+            assertTrue(next1.length == 2);
+          }
{code}
 3. {code}
+         Scan s1 = new Scan();
+          try (ResultScanner scanner1 = table.getScanner(s1);) {
+            Result[] next1 = scanner1.next(5);
+            assertTrue(next1.length == 1);
+          }
{code}

bq. all the other checks seem to just verify if the AccessDeniedException was 
received or not, so verifyAllowed()/verifyDenied() should be enough. if not why?
I tried that way when [~srikanth235] offline suggested me, but here at each 
level we have different results.
Like when we grant a group, table level access then a user from it can perform 
scan at family level also but its not the same when we grant a group, access at 
qualifier level. So I will have to create so many actions for it to have it in 
one test which I did some what in my first patch but [~busbey] had some other 
thought and I felt it was reasonable, so I broke this test at different levels. 
Also verifyAllowed() and verifyDenied() internally uses user.runAs api.

bq. what is the difference with the other scanAction we have already?
If you are pointing at scanAction in TestAccessController#testRead then here we 
are not asserting scan result, we are checking whether user with READ access 
are able to scan the table or not.

> Add tests for group level grants
> --------------------------------
>
>                 Key: HBASE-13241
>                 URL: https://issues.apache.org/jira/browse/HBASE-13241
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, test
>            Reporter: Sean Busbey
>            Assignee: Ashish Singhi
>            Priority: Critical
>         Attachments: HBASE-13241-v1.patch, HBASE-13241-v2.patch, 
> HBASE-13241-v3.patch, HBASE-13241-v4.patch, HBASE-13241-v5.patch, 
> HBASE-13241.patch
>
>
> We need to have tests for group-level grants for various scopes. ref: 
> HBASE-13239



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HBASE-13241) Add tests for group level grants

Reply via email to