http://git-wip-us.apache.org/repos/asf/hbase/blob/3fa3dcd9/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java ---------------------------------------------------------------------- diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java index 89a48bd..18a028c 100644 --- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java +++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java @@ -47,7 +47,7 @@ import org.apache.hadoop.hbase.security.visibility.ScanLabelGenerator; import org.apache.hadoop.hbase.security.visibility.SimpleScanLabelGenerator; import org.apache.hadoop.hbase.security.visibility.VisibilityClient; import org.apache.hadoop.hbase.security.visibility.VisibilityConstants; -import org.apache.hadoop.hbase.security.visibility.VisibilityController; +import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil; import org.apache.hadoop.hbase.security.visibility.VisibilityUtils; import org.apache.hadoop.hbase.testclassification.ClientTests; import org.apache.hadoop.hbase.testclassification.MediumTests; @@ -78,389 +78,387 @@ public class TestThriftHBaseServiceHandlerWithLabels { private static final Logger LOG = LoggerFactory .getLogger(TestThriftHBaseServiceHandlerWithLabels.class); -private static final HBaseTestingUtility UTIL = new HBaseTestingUtility(); - -// Static names for tables, columns, rows, and values -private static byte[] tableAname = Bytes.toBytes("tableA"); -private static byte[] familyAname = Bytes.toBytes("familyA"); -private static byte[] familyBname = Bytes.toBytes("familyB"); -private static byte[] qualifierAname = Bytes.toBytes("qualifierA"); -private static byte[] qualifierBname = Bytes.toBytes("qualifierB"); -private static byte[] valueAname = Bytes.toBytes("valueA"); -private static byte[] valueBname = Bytes.toBytes("valueB"); -private static HColumnDescriptor[] families = new HColumnDescriptor[] { - new HColumnDescriptor(familyAname).setMaxVersions(3), - new HColumnDescriptor(familyBname).setMaxVersions(2) }; - -private final static String TOPSECRET = "topsecret"; -private final static String PUBLIC = "public"; -private final static String PRIVATE = "private"; -private final static String CONFIDENTIAL = "confidential"; -private final static String SECRET = "secret"; -private static User SUPERUSER; - -private static Configuration conf; - -public void assertTColumnValuesEqual(List<TColumnValue> columnValuesA, + private static final HBaseTestingUtility UTIL = new HBaseTestingUtility(); + + // Static names for tables, columns, rows, and values + private static byte[] tableAname = Bytes.toBytes("tableA"); + private static byte[] familyAname = Bytes.toBytes("familyA"); + private static byte[] familyBname = Bytes.toBytes("familyB"); + private static byte[] qualifierAname = Bytes.toBytes("qualifierA"); + private static byte[] qualifierBname = Bytes.toBytes("qualifierB"); + private static byte[] valueAname = Bytes.toBytes("valueA"); + private static byte[] valueBname = Bytes.toBytes("valueB"); + private static HColumnDescriptor[] families = new HColumnDescriptor[] { + new HColumnDescriptor(familyAname).setMaxVersions(3), + new HColumnDescriptor(familyBname).setMaxVersions(2) }; + + private final static String TOPSECRET = "topsecret"; + private final static String PUBLIC = "public"; + private final static String PRIVATE = "private"; + private final static String CONFIDENTIAL = "confidential"; + private final static String SECRET = "secret"; + private static User SUPERUSER; + + private static Configuration conf; + + public void assertTColumnValuesEqual(List<TColumnValue> columnValuesA, List<TColumnValue> columnValuesB) { - assertEquals(columnValuesA.size(), columnValuesB.size()); - Comparator<TColumnValue> comparator = new Comparator<TColumnValue>() { - @Override - public int compare(TColumnValue o1, TColumnValue o2) { - return Bytes.compareTo(Bytes.add(o1.getFamily(), o1.getQualifier()), - Bytes.add(o2.getFamily(), o2.getQualifier())); + assertEquals(columnValuesA.size(), columnValuesB.size()); + Comparator<TColumnValue> comparator = new Comparator<TColumnValue>() { + @Override + public int compare(TColumnValue o1, TColumnValue o2) { + return Bytes.compareTo(Bytes.add(o1.getFamily(), o1.getQualifier()), + Bytes.add(o2.getFamily(), o2.getQualifier())); + } + }; + Collections.sort(columnValuesA, comparator); + Collections.sort(columnValuesB, comparator); + + for (int i = 0; i < columnValuesA.size(); i++) { + TColumnValue a = columnValuesA.get(i); + TColumnValue b = columnValuesB.get(i); + assertArrayEquals(a.getFamily(), b.getFamily()); + assertArrayEquals(a.getQualifier(), b.getQualifier()); + assertArrayEquals(a.getValue(), b.getValue()); } - }; - Collections.sort(columnValuesA, comparator); - Collections.sort(columnValuesB, comparator); - - for (int i = 0; i < columnValuesA.size(); i++) { - TColumnValue a = columnValuesA.get(i); - TColumnValue b = columnValuesB.get(i); - assertArrayEquals(a.getFamily(), b.getFamily()); - assertArrayEquals(a.getQualifier(), b.getQualifier()); - assertArrayEquals(a.getValue(), b.getValue()); } -} -@BeforeClass -public static void beforeClass() throws Exception { - SUPERUSER = User.createUserForTesting(conf, "admin", - new String[] { "supergroup" }); - conf = UTIL.getConfiguration(); - conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, - SimpleScanLabelGenerator.class, ScanLabelGenerator.class); - conf.set("hbase.superuser", SUPERUSER.getShortName()); - conf.set("hbase.coprocessor.master.classes", - VisibilityController.class.getName()); - conf.set("hbase.coprocessor.region.classes", - VisibilityController.class.getName()); - conf.setInt("hfile.format.version", 3); - UTIL.startMiniCluster(1); - // Wait for the labels table to become available - UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); - createLabels(); - Admin admin = UTIL.getAdmin(); - HTableDescriptor tableDescriptor = new HTableDescriptor( - TableName.valueOf(tableAname)); - for (HColumnDescriptor family : families) { - tableDescriptor.addFamily(family); + @BeforeClass + public static void beforeClass() throws Exception { + + SUPERUSER = User.createUserForTesting(conf, "admin", + new String[] { "supergroup" }); + conf = UTIL.getConfiguration(); + conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS, + SimpleScanLabelGenerator.class, ScanLabelGenerator.class); + conf.set("hbase.superuser", SUPERUSER.getShortName()); + VisibilityTestUtil.enableVisiblityLabels(conf); + UTIL.startMiniCluster(1); + // Wait for the labels table to become available + UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000); + createLabels(); + Admin admin = UTIL.getAdmin(); + HTableDescriptor tableDescriptor = new HTableDescriptor( + TableName.valueOf(tableAname)); + for (HColumnDescriptor family : families) { + tableDescriptor.addFamily(family); + } + admin.createTable(tableDescriptor); + admin.close(); + setAuths(); } - admin.createTable(tableDescriptor); - admin.close(); - setAuths(); -} -private static void createLabels() throws IOException, InterruptedException { - PrivilegedExceptionAction<VisibilityLabelsResponse> action = - new PrivilegedExceptionAction<VisibilityLabelsResponse>() { - public VisibilityLabelsResponse run() throws Exception { - String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; - try (Connection conn = ConnectionFactory.createConnection(conf)) { - VisibilityClient.addLabels(conn, labels); - } catch (Throwable t) { - throw new IOException(t); + private static void createLabels() throws IOException, InterruptedException { + PrivilegedExceptionAction<VisibilityLabelsResponse> action = + new PrivilegedExceptionAction<VisibilityLabelsResponse>() { + public VisibilityLabelsResponse run() throws Exception { + String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; + try (Connection conn = ConnectionFactory.createConnection(conf)) { + VisibilityClient.addLabels(conn, labels); + } catch (Throwable t) { + throw new IOException(t); + } + return null; } - return null; + }; + SUPERUSER.runAs(action); + } + + private static void setAuths() throws IOException { + String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; + try { + VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName()); + } catch (Throwable t) { + throw new IOException(t); } - }; - SUPERUSER.runAs(action); -} + } -private static void setAuths() throws IOException { - String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET }; - try { - VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName()); - } catch (Throwable t) { - throw new IOException(t); + @AfterClass + public static void afterClass() throws Exception { + UTIL.shutdownMiniCluster(); } -} -@AfterClass -public static void afterClass() throws Exception { - UTIL.shutdownMiniCluster(); -} + @Before + public void setup() throws Exception { -@Before -public void setup() throws Exception { + } -} + private ThriftHBaseServiceHandler createHandler() throws IOException { + return new ThriftHBaseServiceHandler(conf, UserProvider.instantiate(conf)); + } -private ThriftHBaseServiceHandler createHandler() throws IOException { - return new ThriftHBaseServiceHandler(conf, UserProvider.instantiate(conf)); -} + @Test + public void testScanWithVisibilityLabels() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + ByteBuffer table = wrap(tableAname); + + // insert data + TColumnValue columnValue = new TColumnValue(wrap(familyAname), + wrap(qualifierAname), wrap(valueAname)); + List<TColumnValue> columnValues = new ArrayList<>(1); + columnValues.add(columnValue); + for (int i = 0; i < 10; i++) { + TPut put = new TPut(wrap(("testScan" + i).getBytes()), columnValues); + if (i == 5) { + put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC)); + } else { + put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); + } + handler.put(table, put); + } -@Test -public void testScanWithVisibilityLabels() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - ByteBuffer table = wrap(tableAname); - - // insert data - TColumnValue columnValue = new TColumnValue(wrap(familyAname), - wrap(qualifierAname), wrap(valueAname)); - List<TColumnValue> columnValues = new ArrayList<>(1); - columnValues.add(columnValue); - for (int i = 0; i < 10; i++) { - TPut put = new TPut(wrap(("testScan" + i).getBytes()), columnValues); - if (i == 5) { - put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC)); - } else { - put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET - + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); + // create scan instance + TScan scan = new TScan(); + List<TColumn> columns = new ArrayList<>(1); + TColumn column = new TColumn(); + column.setFamily(familyAname); + column.setQualifier(qualifierAname); + columns.add(column); + scan.setColumns(columns); + scan.setStartRow("testScan".getBytes()); + scan.setStopRow("testScan\uffff".getBytes()); + + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(2); + labels.add(SECRET); + labels.add(PRIVATE); + tauth.setLabels(labels); + scan.setAuthorizations(tauth); + // get scanner and rows + int scanId = handler.openScanner(table, scan); + List<TResult> results = handler.getScannerRows(scanId, 10); + assertEquals(9, results.size()); + Assert.assertFalse(Bytes.equals(results.get(5).getRow(), + ("testScan" + 5).getBytes())); + for (int i = 0; i < 9; i++) { + if (i < 5) { + assertArrayEquals(("testScan" + i).getBytes(), results.get(i).getRow()); + } else if (i == 5) { + continue; + } else { + assertArrayEquals(("testScan" + (i + 1)).getBytes(), results.get(i) + .getRow()); + } } - handler.put(table, put); - } - // create scan instance - TScan scan = new TScan(); - List<TColumn> columns = new ArrayList<>(1); - TColumn column = new TColumn(); - column.setFamily(familyAname); - column.setQualifier(qualifierAname); - columns.add(column); - scan.setColumns(columns); - scan.setStartRow("testScan".getBytes()); - scan.setStopRow("testScan\uffff".getBytes()); - - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(2); - labels.add(SECRET); - labels.add(PRIVATE); - tauth.setLabels(labels); - scan.setAuthorizations(tauth); - // get scanner and rows - int scanId = handler.openScanner(table, scan); - List<TResult> results = handler.getScannerRows(scanId, 10); - assertEquals(9, results.size()); - Assert.assertFalse(Bytes.equals(results.get(5).getRow(), - ("testScan" + 5).getBytes())); - for (int i = 0; i < 9; i++) { - if (i < 5) { - assertArrayEquals(("testScan" + i).getBytes(), results.get(i).getRow()); - } else if (i == 5) { - continue; - } else { - assertArrayEquals(("testScan" + (i + 1)).getBytes(), results.get(i) - .getRow()); + // check that we are at the end of the scan + results = handler.getScannerRows(scanId, 9); + assertEquals(0, results.size()); + + // close scanner and check that it was indeed closed + handler.closeScanner(scanId); + try { + handler.getScannerRows(scanId, 9); + fail("Scanner id should be invalid"); + } catch (TIllegalArgument e) { } } - // check that we are at the end of the scan - results = handler.getScannerRows(scanId, 9); - assertEquals(0, results.size()); + @Test + public void testGetScannerResultsWithAuthorizations() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + ByteBuffer table = wrap(tableAname); + + // insert data + TColumnValue columnValue = new TColumnValue(wrap(familyAname), + wrap(qualifierAname), wrap(valueAname)); + List<TColumnValue> columnValues = new ArrayList<>(1); + columnValues.add(columnValue); + for (int i = 0; i < 20; i++) { + TPut put = new TPut( + wrap(("testGetScannerResults" + pad(i, (byte) 2)).getBytes()), + columnValues); + if (i == 3) { + put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC)); + } else { + put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); + } + handler.put(table, put); + } - // close scanner and check that it was indeed closed - handler.closeScanner(scanId); - try { - handler.getScannerRows(scanId, 9); - fail("Scanner id should be invalid"); - } catch (TIllegalArgument e) { + // create scan instance + TScan scan = new TScan(); + List<TColumn> columns = new ArrayList<>(1); + TColumn column = new TColumn(); + column.setFamily(familyAname); + column.setQualifier(qualifierAname); + columns.add(column); + scan.setColumns(columns); + scan.setStartRow("testGetScannerResults".getBytes()); + + // get 5 rows and check the returned results + scan.setStopRow("testGetScannerResults05".getBytes()); + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(2); + labels.add(SECRET); + labels.add(PRIVATE); + tauth.setLabels(labels); + scan.setAuthorizations(tauth); + List<TResult> results = handler.getScannerResults(table, scan, 5); + assertEquals(4, results.size()); + for (int i = 0; i < 4; i++) { + if (i < 3) { + assertArrayEquals( + ("testGetScannerResults" + pad(i, (byte) 2)).getBytes(), + results.get(i).getRow()); + } else if (i == 3) { + continue; + } else { + assertArrayEquals( + ("testGetScannerResults" + pad(i + 1, (byte) 2)).getBytes(), results + .get(i).getRow()); + } + } } -} -@Test -public void testGetScannerResultsWithAuthorizations() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - ByteBuffer table = wrap(tableAname); - - // insert data - TColumnValue columnValue = new TColumnValue(wrap(familyAname), - wrap(qualifierAname), wrap(valueAname)); - List<TColumnValue> columnValues = new ArrayList<>(1); - columnValues.add(columnValue); - for (int i = 0; i < 20; i++) { - TPut put = new TPut( - wrap(("testGetScannerResults" + pad(i, (byte) 2)).getBytes()), - columnValues); - if (i == 3) { - put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC)); - } else { - put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET - + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); - } + @Test + public void testGetsWithLabels() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + byte[] rowName = "testPutGet".getBytes(); + ByteBuffer table = wrap(tableAname); + + List<TColumnValue> columnValues = new ArrayList<>(2); + columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), + wrap(valueAname))); + columnValues.add(new TColumnValue(wrap(familyBname), wrap(qualifierBname), + wrap(valueBname))); + TPut put = new TPut(wrap(rowName), columnValues); + + put.setColumnValues(columnValues); + put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + "|" + + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); handler.put(table, put); + TGet get = new TGet(wrap(rowName)); + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(2); + labels.add(SECRET); + labels.add(PRIVATE); + tauth.setLabels(labels); + get.setAuthorizations(tauth); + TResult result = handler.get(table, get); + assertArrayEquals(rowName, result.getRow()); + List<TColumnValue> returnedColumnValues = result.getColumnValues(); + assertTColumnValuesEqual(columnValues, returnedColumnValues); } - // create scan instance - TScan scan = new TScan(); - List<TColumn> columns = new ArrayList<>(1); - TColumn column = new TColumn(); - column.setFamily(familyAname); - column.setQualifier(qualifierAname); - columns.add(column); - scan.setColumns(columns); - scan.setStartRow("testGetScannerResults".getBytes()); - - // get 5 rows and check the returned results - scan.setStopRow("testGetScannerResults05".getBytes()); - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(2); - labels.add(SECRET); - labels.add(PRIVATE); - tauth.setLabels(labels); - scan.setAuthorizations(tauth); - List<TResult> results = handler.getScannerResults(table, scan, 5); - assertEquals(4, results.size()); - for (int i = 0; i < 4; i++) { - if (i < 3) { - assertArrayEquals( - ("testGetScannerResults" + pad(i, (byte) 2)).getBytes(), - results.get(i).getRow()); - } else if (i == 3) { - continue; - } else { - assertArrayEquals( - ("testGetScannerResults" + pad(i + 1, (byte) 2)).getBytes(), results - .get(i).getRow()); - } + @Test + public void testIncrementWithTags() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + byte[] rowName = "testIncrementWithTags".getBytes(); + ByteBuffer table = wrap(tableAname); + + List<TColumnValue> columnValues = new ArrayList<>(1); + columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), + wrap(Bytes.toBytes(1L)))); + TPut put = new TPut(wrap(rowName), columnValues); + put.setColumnValues(columnValues); + put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); + handler.put(table, put); + + List<TColumnIncrement> incrementColumns = new ArrayList<>(1); + incrementColumns.add(new TColumnIncrement(wrap(familyAname), + wrap(qualifierAname))); + TIncrement increment = new TIncrement(wrap(rowName), incrementColumns); + increment.setCellVisibility(new TCellVisibility().setExpression(SECRET)); + handler.increment(table, increment); + + TGet get = new TGet(wrap(rowName)); + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(1); + labels.add(SECRET); + tauth.setLabels(labels); + get.setAuthorizations(tauth); + TResult result = handler.get(table, get); + + assertArrayEquals(rowName, result.getRow()); + assertEquals(1, result.getColumnValuesSize()); + TColumnValue columnValue = result.getColumnValues().get(0); + assertArrayEquals(Bytes.toBytes(2L), columnValue.getValue()); } -} -@Test -public void testGetsWithLabels() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - byte[] rowName = "testPutGet".getBytes(); - ByteBuffer table = wrap(tableAname); - - List<TColumnValue> columnValues = new ArrayList<>(2); - columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), - wrap(valueAname))); - columnValues.add(new TColumnValue(wrap(familyBname), wrap(qualifierBname), - wrap(valueBname))); - TPut put = new TPut(wrap(rowName), columnValues); - - put.setColumnValues(columnValues); - put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + "|" - + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET)); - handler.put(table, put); - TGet get = new TGet(wrap(rowName)); - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(2); - labels.add(SECRET); - labels.add(PRIVATE); - tauth.setLabels(labels); - get.setAuthorizations(tauth); - TResult result = handler.get(table, get); - assertArrayEquals(rowName, result.getRow()); - List<TColumnValue> returnedColumnValues = result.getColumnValues(); - assertTColumnValuesEqual(columnValues, returnedColumnValues); -} + @Test + public void testIncrementWithTagsWithNotMatchLabels() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + byte[] rowName = "testIncrementWithTagsWithNotMatchLabels".getBytes(); + ByteBuffer table = wrap(tableAname); + + List<TColumnValue> columnValues = new ArrayList<>(1); + columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), + wrap(Bytes.toBytes(1L)))); + TPut put = new TPut(wrap(rowName), columnValues); + put.setColumnValues(columnValues); + put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); + handler.put(table, put); -@Test -public void testIncrementWithTags() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - byte[] rowName = "testIncrementWithTags".getBytes(); - ByteBuffer table = wrap(tableAname); - - List<TColumnValue> columnValues = new ArrayList<>(1); - columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), - wrap(Bytes.toBytes(1L)))); - TPut put = new TPut(wrap(rowName), columnValues); - put.setColumnValues(columnValues); - put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); - handler.put(table, put); - - List<TColumnIncrement> incrementColumns = new ArrayList<>(1); - incrementColumns.add(new TColumnIncrement(wrap(familyAname), - wrap(qualifierAname))); - TIncrement increment = new TIncrement(wrap(rowName), incrementColumns); - increment.setCellVisibility(new TCellVisibility().setExpression(SECRET)); - handler.increment(table, increment); - - TGet get = new TGet(wrap(rowName)); - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(1); - labels.add(SECRET); - tauth.setLabels(labels); - get.setAuthorizations(tauth); - TResult result = handler.get(table, get); - - assertArrayEquals(rowName, result.getRow()); - assertEquals(1, result.getColumnValuesSize()); - TColumnValue columnValue = result.getColumnValues().get(0); - assertArrayEquals(Bytes.toBytes(2L), columnValue.getValue()); -} + List<TColumnIncrement> incrementColumns = new ArrayList<>(1); + incrementColumns.add(new TColumnIncrement(wrap(familyAname), + wrap(qualifierAname))); + TIncrement increment = new TIncrement(wrap(rowName), incrementColumns); + increment.setCellVisibility(new TCellVisibility().setExpression(SECRET)); + handler.increment(table, increment); + + TGet get = new TGet(wrap(rowName)); + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(1); + labels.add(PUBLIC); + tauth.setLabels(labels); + get.setAuthorizations(tauth); + TResult result = handler.get(table, get); + assertNull(result.getRow()); + } -@Test -public void testIncrementWithTagsWithNotMatchLabels() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - byte[] rowName = "testIncrementWithTagsWithNotMatchLabels".getBytes(); - ByteBuffer table = wrap(tableAname); - - List<TColumnValue> columnValues = new ArrayList<>(1); - columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), - wrap(Bytes.toBytes(1L)))); - TPut put = new TPut(wrap(rowName), columnValues); - put.setColumnValues(columnValues); - put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); - handler.put(table, put); - - List<TColumnIncrement> incrementColumns = new ArrayList<>(1); - incrementColumns.add(new TColumnIncrement(wrap(familyAname), - wrap(qualifierAname))); - TIncrement increment = new TIncrement(wrap(rowName), incrementColumns); - increment.setCellVisibility(new TCellVisibility().setExpression(SECRET)); - handler.increment(table, increment); - - TGet get = new TGet(wrap(rowName)); - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(1); - labels.add(PUBLIC); - tauth.setLabels(labels); - get.setAuthorizations(tauth); - TResult result = handler.get(table, get); - assertNull(result.getRow()); -} + @Test + public void testAppend() throws Exception { + ThriftHBaseServiceHandler handler = createHandler(); + byte[] rowName = "testAppend".getBytes(); + ByteBuffer table = wrap(tableAname); + byte[] v1 = Bytes.toBytes(1L); + byte[] v2 = Bytes.toBytes(5L); + List<TColumnValue> columnValues = new ArrayList<>(1); + columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), + wrap(Bytes.toBytes(1L)))); + TPut put = new TPut(wrap(rowName), columnValues); + put.setColumnValues(columnValues); + put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); + handler.put(table, put); -@Test -public void testAppend() throws Exception { - ThriftHBaseServiceHandler handler = createHandler(); - byte[] rowName = "testAppend".getBytes(); - ByteBuffer table = wrap(tableAname); - byte[] v1 = Bytes.toBytes(1L); - byte[] v2 = Bytes.toBytes(5L); - List<TColumnValue> columnValues = new ArrayList<>(1); - columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), - wrap(Bytes.toBytes(1L)))); - TPut put = new TPut(wrap(rowName), columnValues); - put.setColumnValues(columnValues); - put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE)); - handler.put(table, put); - - List<TColumnValue> appendColumns = new ArrayList<>(1); - appendColumns.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), - wrap(v2))); - TAppend append = new TAppend(wrap(rowName), appendColumns); - append.setCellVisibility(new TCellVisibility().setExpression(SECRET)); - handler.append(table, append); - - TGet get = new TGet(wrap(rowName)); - TAuthorization tauth = new TAuthorization(); - List<String> labels = new ArrayList<>(1); - labels.add(SECRET); - tauth.setLabels(labels); - get.setAuthorizations(tauth); - TResult result = handler.get(table, get); - - assertArrayEquals(rowName, result.getRow()); - assertEquals(1, result.getColumnValuesSize()); - TColumnValue columnValue = result.getColumnValues().get(0); - assertArrayEquals(Bytes.add(v1, v2), columnValue.getValue()); -} + List<TColumnValue> appendColumns = new ArrayList<>(1); + appendColumns.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname), + wrap(v2))); + TAppend append = new TAppend(wrap(rowName), appendColumns); + append.setCellVisibility(new TCellVisibility().setExpression(SECRET)); + handler.append(table, append); + + TGet get = new TGet(wrap(rowName)); + TAuthorization tauth = new TAuthorization(); + List<String> labels = new ArrayList<>(1); + labels.add(SECRET); + tauth.setLabels(labels); + get.setAuthorizations(tauth); + TResult result = handler.get(table, get); + + assertArrayEquals(rowName, result.getRow()); + assertEquals(1, result.getColumnValuesSize()); + TColumnValue columnValue = result.getColumnValues().get(0); + assertArrayEquals(Bytes.add(v1, v2), columnValue.getValue()); + } -/** - * Padding numbers to make comparison of sort order easier in a for loop - * - * @param n - * The number to pad. - * @param pad - * The length to pad up to. - * @return The padded number as a string. - */ -private String pad(int n, byte pad) { - String res = Integer.toString(n); - while (res.length() < pad) - res = "0" + res; - return res; -} + /** + * Padding numbers to make comparison of sort order easier in a for loop + * + * @param n + * The number to pad. + * @param pad + * The length to pad up to. + * @return The padded number as a string. + */ + private String pad(int n, byte pad) { + String res = Integer.toString(n); + while (res.length() < pad) { + res = "0" + res; + } + return res; + } }
http://git-wip-us.apache.org/repos/asf/hbase/blob/3fa3dcd9/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc index 83043f7..d5ea076 100644 --- a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc +++ b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc @@ -164,6 +164,17 @@ In case the table goes out of date, the unit tests which check for accuracy of p | | mergeRegions | superuser\|global(A) | | rollWALWriterRequest | superuser\|global(A) | | replicateLogEntries | superuser\|global(W) +|RSGroup |addRSGroup |superuser\|global(A) +| |balanceRSGroup |superuser\|global(A) +| |getRSGroupInfo |superuser\|global(A) +| |getRSGroupInfoOfTable|superuser\|global(A) +| |getRSGroupOfServer |superuser\|global(A) +| |listRSGroups |superuser\|global(A) +| |moveServers |superuser\|global(A) +| |moveServersAndTables |superuser\|global(A) +| |moveTables |superuser\|global(A) +| |removeRSGroup |superuser\|global(A) +| |removeServers |superuser\|global(A) |=== :numbered: http://git-wip-us.apache.org/repos/asf/hbase/blob/3fa3dcd9/src/main/asciidoc/_chapters/ops_mgt.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/_chapters/ops_mgt.adoc b/src/main/asciidoc/_chapters/ops_mgt.adoc index 7b0f89b..bdd9c60 100644 --- a/src/main/asciidoc/_chapters/ops_mgt.adoc +++ b/src/main/asciidoc/_chapters/ops_mgt.adoc @@ -2703,5 +2703,15 @@ Viewing the Master log will give you insight on rsgroup operation. If it appears stuck, restart the Master process. +=== ACL +To enable ACL, add the following to your hbase-site.xml and restart your Master: + +[source,xml] +---- +<property> + <name>hbase.security.authorization</name> + <value>true</value> +<property> +---- http://git-wip-us.apache.org/repos/asf/hbase/blob/3fa3dcd9/src/main/asciidoc/_chapters/security.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index cca9364..ef7d6c4 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -807,6 +807,10 @@ For an example of using both together, see <<security.example.config>>. [source,xml] ---- <property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController, org.apache.hadoop.hbase.security.token.TokenProvider</value> </property> @@ -1187,6 +1191,10 @@ NOTE: Visibility labels are not currently applied for superusers. [source,xml] ---- <property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value> </property> @@ -1454,6 +1462,10 @@ As mentioned in the above sections, the interface `VisibilityLabelService` could [source,xml] ---- <property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +<property> <name>hbase.coprocessor.regionserver.classes</name> <value>org.apache.hadoop.hbase.security.visibility.VisibilityController$VisibilityReplication</value> </property> @@ -1672,6 +1684,10 @@ To enable secure bulk load, add the following properties to _hbase-site.xml_. [source,xml] ---- <property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +<property> <name>hbase.bulkload.staging.dir</name> <value>/tmp/hbase-staging</value> </property> @@ -1682,6 +1698,22 @@ To enable secure bulk load, add the following properties to _hbase-site.xml_. </property> ---- +[[hbase.secure.enable]] +=== Secure Enable +After hbase-2.x, the default 'hbase.security.authorization' changed. +Before hbase-2.x, it defaulted to true, in later HBase versions, the +default became false. +So to enable hbase authorization, the following propertie must be configured in _hbase-site.xml_. +See link:https://issues.apache.org/jira/browse/HBASE-19483[HBASE-19483]; + +[source,xml] +---- +<property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +---- + [[security.example.config]] == Security Configuration Example @@ -1704,6 +1736,10 @@ All options have been discussed separately in the sections above. </property> <!-- Coprocessors for ACLs and Visibility Tags --> <property> + <name>hbase.security.authorization</name> + <value>true</value> +</property> +<property> <name>hbase.coprocessor.region.classes</name> <value>org.apache.hadoop.hbase.security.access.AccessController, org.apache.hadoop.hbase.security.visibility.VisibilityController,