Thanks, that got me a little further, but it seems like even though the
security capabilities say that cell visibility is enabled, the scanner
ignores the authorization list I pass. This is the relevant code:

    private static HBaseTestingUtility UTILITY;

    private static final String[] FULL_AUTHS = new String[] { "PII", "PHI",
"UNRESTRICTED" };
    private static final String[] PII_AUTHS  = new String[] { "PII",
"UNRESTRICTED" };
    private static final String[] PHI_AUTHS  = new String[] { "PHI",
"UNRESTRICTED" };

    private static final String USER_ID = "john.smith";
    private static final String TABLE_NAME = "label_test_table";
    private static final String FAM = "prop";
    private static final String ROW  = "test-row-id";
    private static final String DEFAULT_VISIBILITY = "PII|UNRESTRICTED";
    private static final String CLIENT_VAL = "hbaseClient";

    @BeforeClass
    public static void setup() throws Throwable {


        UTILITY = new HBaseTestingUtility();///conf);
        Configuration conf = UTILITY.getConfiguration();
        SecureTestUtil.enableSecurity(conf);
        conf.set("hbase.coprocessor.region.classes",
"org.apache.hadoop.hbase.security.access.AccessController,org.apache.hadoop.hbase.security.visibility.VisibilityController");
        conf.set("hbase.coprocessor.master.classes",
"org.apache.hadoop.hbase.security.access.AccessController,org.apache.hadoop.hbase.security.visibility.VisibilityController");
        UTILITY.startMiniCluster();

        UTILITY.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);

UTILITY.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName(),
50000);

        List<SecurityCapability> capabilities =
UTILITY.getConnection().getAdmin()
                .getSecurityCapabilities();
        Assert.assertTrue("CELL_VISIBILITY capability is missing",
                capabilities.contains(SecurityCapability.CELL_VISIBILITY));

        LOCAL_USER = User.createUserForTesting(conf, USER_ID, new
String[]{});

        VisibilityClient.addLabels(UTILITY.getConnection(), FULL_AUTHS);
        VisibilityClient.setAuths(UTILITY.getConnection(), new
String[]{"PHI"}, USER_ID);

        clientService = new
IntegrationTestClientService(UTILITY.getConnection());

        UTILITY.createTable(TABLE_NAME.getBytes(), FAM.getBytes());
    }


    @Test
    public void testGetHBase() throws Exception {
        Table table =
UTILITY.getConnection().getTable(TableName.valueOf(TABLE_NAME));
        Put put = new Put(ROW.getBytes());

        put.addColumn(FAM.getBytes(), "fullName".getBytes(),
"john.smith2".getBytes());
        put.setCellVisibility(new CellVisibility("PII&UNRESTRICTED"));
//Also tried PII|UNRESTRICTED
        table.put(put);
        table.close();

        LOCAL_USER.runAs((PrivilegedExceptionAction<Object>) () -> {
            Scan scan = new Scan();
            scan.setAuthorizations(new Authorizations("PHI"));
            ResultScanner scanner = table.getScanner(scan);
            Result res = scanner.next();
            Assert.assertTrue("It was not null", res == null);
            return null;
        });
    }

(A chunk of that is copy pasta from trying to figure out why things weren't
working along the way)

Any ideas?

Thanks,

Mike

On Thu, Feb 22, 2018 at 3:14 PM, Ted Yu <yuzhih...@gmail.com> wrote:

> labels table is created by VisibilityController#postStartMaster().
>
> You can add the following call in the @BeforeClass method:
>
>
>     TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000);
>
>
> See TestVisibilityLabelsWithACL for complete example.
>
>
>
> On Thu, Feb 22, 2018 at 12:07 PM, Mike Thomsen <mikerthom...@gmail.com>
> wrote:
>
> > I'm trying to spin up a mini cluster for integration testing. Can someone
> > give me an idea of what I'm doing wrong?
> >
> >     public static void main(String[] args) throws Throwable {
> >
> >         Configuration conf =
> > org.apache.hadoop.hbase.HBaseConfiguration.create();
> >         conf.set("hbase.coprocessor.region.classes",
> > "org.apache.hadoop.hbase.security.visibility.VisibilityController");
> >         conf.set("hbase.coprocessor.master.classes",
> > "org.apache.hadoop.hbase.security.visibility.VisibilityController");
> >
> >         utility = new HBaseTestingUtility(conf);
> >
> >         utility.startMiniCluster();
> >
> >         VisibilityClient.addLabels(utility.getConnection(), new
> String[]{
> > "X", "Y", "Z" });
> >     }
> >
> > That results in this:
> >
> > org.apache.hadoop.hbase.TableNotFoundException: hbase:labels
> >
> > Thanks,
> >
> > Mike
> >
>

Reply via email to