accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [1/4] accumulo git commit: ACCUMULO-3599 Refactor tests to run over MAC using Kerberos
Date Tue, 03 Mar 2015 19:15:27 GMT
Repository: accumulo
Updated Branches:
  refs/heads/master 31ab27100 -> 1c5bef324


http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java b/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java
index e20a252..2f8a83d 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java
@@ -16,6 +16,7 @@
  */
 package org.apache.accumulo.test.functional;
 
+import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -24,8 +25,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
 
+import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.client.AccumuloException;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.BatchWriter;
@@ -34,9 +35,6 @@ import org.apache.accumulo.core.client.ClientConfiguration;
 import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.MutationsRejectedException;
-import org.apache.accumulo.core.client.NamespaceExistsException;
-import org.apache.accumulo.core.client.NamespaceNotEmptyException;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.Scanner;
 import org.apache.accumulo.core.client.TableExistsException;
 import org.apache.accumulo.core.client.TableNotFoundException;
@@ -51,69 +49,54 @@ import org.apache.accumulo.core.metadata.MetadataTable;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.harness.AccumuloIT;
-import org.apache.accumulo.harness.MiniClusterHarness;
-import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
+import org.apache.accumulo.harness.AccumuloClusterIT;
 import org.apache.hadoop.io.Text;
 import org.apache.log4j.Logger;
-import org.junit.After;
+import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Test;
 
 // This test verifies the default permissions so a clean instance must be used. A shared instance might
 // not be representative of a fresh installation.
-public class PermissionsIT extends AccumuloIT {
+public class PermissionsIT extends AccumuloClusterIT {
   private static final Logger log = Logger.getLogger(PermissionsIT.class);
-  static AtomicInteger userId = new AtomicInteger(0);
 
-  private MiniAccumuloClusterImpl cluster;
-
-  static String makeUserName() {
-    return "user_" + userId.getAndIncrement();
+  @Override
+  public int defaultTimeoutSeconds() {
+    return 60;
   }
 
   @Before
-  public void createMiniCluster() throws Exception {
-    MiniClusterHarness harness = new MiniClusterHarness();
-    cluster = harness.create(getToken());
-    cluster.start();
+  public void limitToMini() {
+    Assume.assumeTrue(ClusterType.MINI == getClusterType());
   }
 
-  @After
-  public void stopMiniCluster() throws Exception {
-    cluster.stop();
-  }
-
-  private AuthenticationToken getToken() {
-    return new PasswordToken("rootPassword1");
-  }
-
-  private Connector getConnector() {
-    try {
-      return cluster.getConnector("root", getToken());
-    } catch (Exception e) {
-      throw new RuntimeException(e);
-    }
-  }
-
-  @Override
-  public int defaultTimeoutSeconds() {
-    return 60;
+  private void loginAs(ClusterUser user) throws IOException {
+    // Force a re-login as the provided user
+    user.getToken();
   }
 
   @Test
   public void systemPermissionsTest() throws Exception {
-    String testUser = makeUserName();
-    PasswordToken testPasswd = new PasswordToken("test_password");
+    ClusterUser testUser = getUser(0), rootUser = getAdminUser();
 
     // verify that the test is being run by root
     Connector c = getConnector();
     verifyHasOnlyTheseSystemPermissions(c, c.whoami(), SystemPermission.values());
 
     // create the test user
-    c.securityOperations().createLocalUser(testUser, testPasswd);
-    Connector test_user_conn = c.getInstance().getConnector(testUser, testPasswd);
-    verifyHasNoSystemPermissions(c, testUser, SystemPermission.values());
+    String principal = testUser.getPrincipal();
+    AuthenticationToken token = testUser.getToken();
+    PasswordToken passwordToken = null;
+    if (token instanceof PasswordToken) {
+      passwordToken = (PasswordToken) token;
+    }
+    loginAs(rootUser);
+    c.securityOperations().createLocalUser(principal, passwordToken);
+    loginAs(testUser);
+    Connector test_user_conn = c.getInstance().getConnector(principal, token);
+    loginAs(rootUser);
+    verifyHasNoSystemPermissions(c, principal, SystemPermission.values());
 
     // test each permission
     for (SystemPermission perm : SystemPermission.values()) {
@@ -122,9 +105,9 @@ public class PermissionsIT extends AccumuloIT {
       // verify GRANT can't be granted
       if (perm.equals(SystemPermission.GRANT)) {
         try {
-          c.securityOperations().grantSystemPermission(testUser, perm);
+          c.securityOperations().grantSystemPermission(principal, perm);
         } catch (AccumuloSecurityException e) {
-          verifyHasNoSystemPermissions(c, testUser, perm);
+          verifyHasNoSystemPermissions(c, principal, perm);
           continue;
         }
         throw new IllegalStateException("Should NOT be able to grant GRANT");
@@ -132,12 +115,14 @@ public class PermissionsIT extends AccumuloIT {
 
       // test permission before and after granting it
       String tableNamePrefix = getUniqueNames(1)[0];
-      testMissingSystemPermission(tableNamePrefix, c, test_user_conn, perm);
-      c.securityOperations().grantSystemPermission(testUser, perm);
-      verifyHasOnlyTheseSystemPermissions(c, testUser, perm);
-      testGrantedSystemPermission(tableNamePrefix, c, test_user_conn, perm);
-      c.securityOperations().revokeSystemPermission(testUser, perm);
-      verifyHasNoSystemPermissions(c, testUser, perm);
+      testMissingSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm);
+      loginAs(rootUser);
+      c.securityOperations().grantSystemPermission(principal, perm);
+      verifyHasOnlyTheseSystemPermissions(c, principal, perm);
+      testGrantedSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm);
+      loginAs(rootUser);
+      c.securityOperations().revokeSystemPermission(principal, perm);
+      verifyHasNoSystemPermissions(c, principal, perm);
     }
   }
 
@@ -149,10 +134,10 @@ public class PermissionsIT extends AccumuloIT {
     return result;
   }
 
-  private void testMissingSystemPermission(String tableNamePrefix, Connector root_conn, Connector test_user_conn, SystemPermission perm)
-      throws AccumuloException, TableExistsException, AccumuloSecurityException, TableNotFoundException, NamespaceExistsException, NamespaceNotFoundException,
-      NamespaceNotEmptyException {
+  private void testMissingSystemPermission(String tableNamePrefix, Connector root_conn, ClusterUser rootUser, Connector test_user_conn, ClusterUser testUser,
+      SystemPermission perm) throws Exception {
     String tableName, user, password = "password", namespace;
+    boolean passwordBased = testUser.getPassword() != null;
     log.debug("Confirming that the lack of the " + perm + " permission properly restricts the user");
 
     // test permission prior to granting it
@@ -160,49 +145,62 @@ public class PermissionsIT extends AccumuloIT {
       case CREATE_TABLE:
         tableName = tableNamePrefix + "__CREATE_TABLE_WITHOUT_PERM_TEST__";
         try {
+          loginAs(testUser);
           test_user_conn.tableOperations().create(tableName);
           throw new IllegalStateException("Should NOT be able to create a table");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || root_conn.tableOperations().list().contains(tableName))
             throw e;
         }
         break;
       case DROP_TABLE:
         tableName = tableNamePrefix + "__DROP_TABLE_WITHOUT_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.tableOperations().create(tableName);
         try {
+          loginAs(testUser);
           test_user_conn.tableOperations().delete(tableName);
           throw new IllegalStateException("Should NOT be able to delete a table");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.tableOperations().list().contains(tableName))
             throw e;
         }
         break;
       case ALTER_TABLE:
         tableName = tableNamePrefix + "__ALTER_TABLE_WITHOUT_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.tableOperations().create(tableName);
         try {
+          loginAs(testUser);
           test_user_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
           throw new IllegalStateException("Should NOT be able to set a table property");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
               || map(root_conn.tableOperations().getProperties(tableName)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
             throw e;
         }
+        loginAs(rootUser);
         root_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
         try {
+          loginAs(testUser);
           test_user_conn.tableOperations().removeProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey());
           throw new IllegalStateException("Should NOT be able to remove a table property");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
               || !map(root_conn.tableOperations().getProperties(tableName)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
             throw e;
         }
         String table2 = tableName + "2";
         try {
+          loginAs(testUser);
           test_user_conn.tableOperations().rename(tableName, table2);
           throw new IllegalStateException("Should NOT be able to rename a table");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.tableOperations().list().contains(tableName)
               || root_conn.tableOperations().list().contains(table2))
             throw e;
@@ -211,33 +209,43 @@ public class PermissionsIT extends AccumuloIT {
       case CREATE_USER:
         user = "__CREATE_USER_WITHOUT_PERM_TEST__";
         try {
-          test_user_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
+          loginAs(testUser);
+          test_user_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
           throw new IllegalStateException("Should NOT be able to create a user");
         } catch (AccumuloSecurityException e) {
+          AuthenticationToken userToken = testUser.getToken();
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
-              || root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
+              || (userToken instanceof PasswordToken && root_conn.securityOperations().authenticateUser(user, userToken)))
             throw e;
         }
         break;
       case DROP_USER:
         user = "__DROP_USER_WITHOUT_PERM_TEST__";
-        root_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
+        loginAs(rootUser);
+        root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
         try {
+          loginAs(testUser);
           test_user_conn.securityOperations().dropLocalUser(user);
           throw new IllegalStateException("Should NOT be able to delete a user");
         } catch (AccumuloSecurityException e) {
+          AuthenticationToken userToken = testUser.getToken();
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
-              || !root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
+              || (userToken instanceof PasswordToken && !root_conn.securityOperations().authenticateUser(user, userToken)))
             throw e;
         }
         break;
       case ALTER_USER:
         user = "__ALTER_USER_WITHOUT_PERM_TEST__";
-        root_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
+        loginAs(rootUser);
+        root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
         try {
+          loginAs(testUser);
           test_user_conn.securityOperations().changeUserAuthorizations(user, new Authorizations("A", "B"));
           throw new IllegalStateException("Should NOT be able to alter a user");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.securityOperations().getUserAuthorizations(user).isEmpty())
             throw e;
         }
@@ -248,49 +256,62 @@ public class PermissionsIT extends AccumuloIT {
       case CREATE_NAMESPACE:
         namespace = "__CREATE_NAMESPACE_WITHOUT_PERM_TEST__";
         try {
+          loginAs(testUser);
           test_user_conn.namespaceOperations().create(namespace);
           throw new IllegalStateException("Should NOT be able to create a namespace");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || root_conn.namespaceOperations().list().contains(namespace))
             throw e;
         }
         break;
       case DROP_NAMESPACE:
         namespace = "__DROP_NAMESPACE_WITHOUT_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.namespaceOperations().create(namespace);
         try {
+          loginAs(testUser);
           test_user_conn.namespaceOperations().delete(namespace);
           throw new IllegalStateException("Should NOT be able to delete a namespace");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.namespaceOperations().list().contains(namespace))
             throw e;
         }
         break;
       case ALTER_NAMESPACE:
         namespace = "__ALTER_NAMESPACE_WITHOUT_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.namespaceOperations().create(namespace);
         try {
+          loginAs(testUser);
           test_user_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
           throw new IllegalStateException("Should NOT be able to set a namespace property");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
               || map(root_conn.namespaceOperations().getProperties(namespace)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
             throw e;
         }
+        loginAs(rootUser);
         root_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
         try {
+          loginAs(testUser);
           test_user_conn.namespaceOperations().removeProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey());
           throw new IllegalStateException("Should NOT be able to remove a namespace property");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED
               || !map(root_conn.namespaceOperations().getProperties(namespace)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
             throw e;
         }
         String namespace2 = namespace + "2";
         try {
+          loginAs(testUser);
           test_user_conn.namespaceOperations().rename(namespace, namespace2);
           throw new IllegalStateException("Should NOT be able to rename a namespace");
         } catch (AccumuloSecurityException e) {
+          loginAs(rootUser);
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.namespaceOperations().list().contains(namespace)
               || root_conn.namespaceOperations().list().contains(namespace2))
             throw e;
@@ -307,60 +328,80 @@ public class PermissionsIT extends AccumuloIT {
     }
   }
 
-  private void testGrantedSystemPermission(String tableNamePrefix, Connector root_conn, Connector test_user_conn, SystemPermission perm)
-      throws AccumuloException, AccumuloSecurityException, TableNotFoundException, TableExistsException, NamespaceExistsException, NamespaceNotFoundException,
-      NamespaceNotEmptyException {
+  private void testGrantedSystemPermission(String tableNamePrefix, Connector root_conn, ClusterUser rootUser, Connector test_user_conn, ClusterUser testUser,
+      SystemPermission perm) throws Exception {
     String tableName, user, password = "password", namespace;
+    boolean passwordBased = testUser.getPassword() != null;
     log.debug("Confirming that the presence of the " + perm + " permission properly permits the user");
 
     // test permission after granting it
     switch (perm) {
       case CREATE_TABLE:
         tableName = tableNamePrefix + "__CREATE_TABLE_WITH_PERM_TEST__";
+        loginAs(testUser);
         test_user_conn.tableOperations().create(tableName);
+        loginAs(rootUser);
         if (!root_conn.tableOperations().list().contains(tableName))
           throw new IllegalStateException("Should be able to create a table");
         break;
       case DROP_TABLE:
         tableName = tableNamePrefix + "__DROP_TABLE_WITH_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.tableOperations().create(tableName);
+        loginAs(testUser);
         test_user_conn.tableOperations().delete(tableName);
+        loginAs(rootUser);
         if (root_conn.tableOperations().list().contains(tableName))
           throw new IllegalStateException("Should be able to delete a table");
         break;
       case ALTER_TABLE:
         tableName = tableNamePrefix + "__ALTER_TABLE_WITH_PERM_TEST__";
         String table2 = tableName + "2";
+        loginAs(rootUser);
         root_conn.tableOperations().create(tableName);
+        loginAs(testUser);
         test_user_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
+        loginAs(rootUser);
         Map<String,String> properties = map(root_conn.tableOperations().getProperties(tableName));
         if (!properties.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
           throw new IllegalStateException("Should be able to set a table property");
+        loginAs(testUser);
         test_user_conn.tableOperations().removeProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey());
+        loginAs(rootUser);
         properties = map(root_conn.tableOperations().getProperties(tableName));
         if (properties.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
           throw new IllegalStateException("Should be able to remove a table property");
+        loginAs(testUser);
         test_user_conn.tableOperations().rename(tableName, table2);
+        loginAs(rootUser);
         if (root_conn.tableOperations().list().contains(tableName) || !root_conn.tableOperations().list().contains(table2))
           throw new IllegalStateException("Should be able to rename a table");
         break;
       case CREATE_USER:
         user = "__CREATE_USER_WITH_PERM_TEST__";
-        test_user_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
-        if (!root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
+        loginAs(testUser);
+        test_user_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
+        loginAs(rootUser);
+        if (passwordBased && !root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
           throw new IllegalStateException("Should be able to create a user");
         break;
       case DROP_USER:
         user = "__DROP_USER_WITH_PERM_TEST__";
-        root_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
+        loginAs(rootUser);
+        root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
+        loginAs(testUser);
         test_user_conn.securityOperations().dropLocalUser(user);
-        if (root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
+        loginAs(rootUser);
+        if (passwordBased && root_conn.securityOperations().authenticateUser(user, new PasswordToken(password)))
           throw new IllegalStateException("Should be able to delete a user");
         break;
       case ALTER_USER:
         user = "__ALTER_USER_WITH_PERM_TEST__";
-        root_conn.securityOperations().createLocalUser(user, new PasswordToken(password));
+        loginAs(rootUser);
+        root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null));
+        loginAs(testUser);
         test_user_conn.securityOperations().changeUserAuthorizations(user, new Authorizations("A", "B"));
+        loginAs(rootUser);
         if (root_conn.securityOperations().getUserAuthorizations(user).isEmpty())
           throw new IllegalStateException("Should be able to alter a user");
         break;
@@ -369,30 +410,42 @@ public class PermissionsIT extends AccumuloIT {
         break;
       case CREATE_NAMESPACE:
         namespace = "__CREATE_NAMESPACE_WITH_PERM_TEST__";
+        loginAs(testUser);
         test_user_conn.namespaceOperations().create(namespace);
+        loginAs(rootUser);
         if (!root_conn.namespaceOperations().list().contains(namespace))
           throw new IllegalStateException("Should be able to create a namespace");
         break;
       case DROP_NAMESPACE:
         namespace = "__DROP_NAMESPACE_WITH_PERM_TEST__";
+        loginAs(rootUser);
         root_conn.namespaceOperations().create(namespace);
+        loginAs(testUser);
         test_user_conn.namespaceOperations().delete(namespace);
+        loginAs(rootUser);
         if (root_conn.namespaceOperations().list().contains(namespace))
           throw new IllegalStateException("Should be able to delete a namespace");
         break;
       case ALTER_NAMESPACE:
         namespace = "__ALTER_NAMESPACE_WITH_PERM_TEST__";
         String namespace2 = namespace + "2";
+        loginAs(rootUser);
         root_conn.namespaceOperations().create(namespace);
+        loginAs(testUser);
         test_user_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%");
+        loginAs(rootUser);
         Map<String,String> propies = map(root_conn.namespaceOperations().getProperties(namespace));
         if (!propies.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
           throw new IllegalStateException("Should be able to set a table property");
+        loginAs(testUser);
         test_user_conn.namespaceOperations().removeProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey());
+        loginAs(rootUser);
         propies = map(root_conn.namespaceOperations().getProperties(namespace));
         if (propies.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%"))
           throw new IllegalStateException("Should be able to remove a table property");
+        loginAs(testUser);
         test_user_conn.namespaceOperations().rename(namespace, namespace2);
+        loginAs(rootUser);
         if (root_conn.namespaceOperations().list().contains(namespace) || !root_conn.namespaceOperations().list().contains(namespace2))
           throw new IllegalStateException("Should be able to rename a table");
         break;
@@ -424,8 +477,7 @@ public class PermissionsIT extends AccumuloIT {
     }
   }
 
-  private void verifyHasNoSystemPermissions(Connector root_conn, String user, SystemPermission... perms) throws AccumuloException,
-      AccumuloSecurityException {
+  private void verifyHasNoSystemPermissions(Connector root_conn, String user, SystemPermission... perms) throws AccumuloException, AccumuloSecurityException {
     for (SystemPermission p : perms)
       if (root_conn.securityOperations().hasSystemPermission(user, p))
         throw new IllegalStateException(user + " SHOULD NOT have system permission " + p);
@@ -434,16 +486,24 @@ public class PermissionsIT extends AccumuloIT {
   @Test
   public void tablePermissionTest() throws Exception {
     // create the test user
-    String testUser = makeUserName();
-    PasswordToken testPasswd = new PasswordToken("test_password");
+    ClusterUser testUser = getUser(1), rootUser = getAdminUser();
 
+    String principal = testUser.getPrincipal();
+    AuthenticationToken token = testUser.getToken();
+    PasswordToken passwordToken = null;
+    if (token instanceof PasswordToken) {
+      passwordToken = (PasswordToken) token;
+    }
+    loginAs(rootUser);
     Connector c = getConnector();
-    c.securityOperations().createLocalUser(testUser, testPasswd);
-    Connector test_user_conn = c.getInstance().getConnector(testUser, testPasswd);
+    c.securityOperations().createLocalUser(principal, passwordToken);
+    loginAs(testUser);
+    Connector test_user_conn = c.getInstance().getConnector(principal, token);
 
     // check for read-only access to metadata table
+    loginAs(rootUser);
     verifyHasOnlyTheseTablePermissions(c, c.whoami(), MetadataTable.NAME, TablePermission.READ, TablePermission.ALTER_TABLE);
-    verifyHasOnlyTheseTablePermissions(c, testUser, MetadataTable.NAME, TablePermission.READ);
+    verifyHasOnlyTheseTablePermissions(c, principal, MetadataTable.NAME, TablePermission.READ);
     String tableName = getUniqueNames(1)[0] + "__TABLE_PERMISSION_TEST__";
 
     // test each permission
@@ -451,15 +511,19 @@ public class PermissionsIT extends AccumuloIT {
       log.debug("Verifying the " + perm + " permission");
 
       // test permission before and after granting it
-      createTestTable(c, testUser, tableName);
-      testMissingTablePermission(c, test_user_conn, perm, tableName);
-      c.securityOperations().grantTablePermission(testUser, tableName, perm);
-      verifyHasOnlyTheseTablePermissions(c, testUser, tableName, perm);
-      testGrantedTablePermission(c, test_user_conn, perm, tableName);
-
-      createTestTable(c, testUser, tableName);
-      c.securityOperations().revokeTablePermission(testUser, tableName, perm);
-      verifyHasNoTablePermissions(c, testUser, tableName, perm);
+      createTestTable(c, principal, tableName);
+      loginAs(testUser);
+      testMissingTablePermission(test_user_conn, testUser, perm, tableName);
+      loginAs(rootUser);
+      c.securityOperations().grantTablePermission(principal, tableName, perm);
+      verifyHasOnlyTheseTablePermissions(c, principal, tableName, perm);
+      loginAs(testUser);
+      testGrantedTablePermission(test_user_conn, testUser, perm, tableName);
+
+      loginAs(rootUser);
+      createTestTable(c, principal, tableName);
+      c.securityOperations().revokeTablePermission(principal, tableName, perm);
+      verifyHasNoTablePermissions(c, principal, tableName, perm);
     }
   }
 
@@ -481,7 +545,7 @@ public class PermissionsIT extends AccumuloIT {
     }
   }
 
-  private void testMissingTablePermission(Connector root_conn, Connector test_user_conn, TablePermission perm, String tableName) throws Exception {
+  private void testMissingTablePermission(Connector test_user_conn, ClusterUser testUser, TablePermission perm, String tableName) throws Exception {
     Scanner scanner;
     BatchWriter writer;
     Mutation m;
@@ -546,7 +610,7 @@ public class PermissionsIT extends AccumuloIT {
         break;
       case GRANT:
         try {
-          test_user_conn.securityOperations().grantTablePermission("root", tableName, TablePermission.GRANT);
+          test_user_conn.securityOperations().grantTablePermission(getAdminPrincipal(), tableName, TablePermission.GRANT);
           throw new IllegalStateException("User should not be able grant permissions");
         } catch (AccumuloSecurityException e) {
           if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED)
@@ -558,8 +622,8 @@ public class PermissionsIT extends AccumuloIT {
     }
   }
 
-  private void testGrantedTablePermission(Connector root_conn, Connector test_user_conn, TablePermission perm, String tableName)
-      throws AccumuloException, TableExistsException, AccumuloSecurityException, TableNotFoundException, MutationsRejectedException {
+  private void testGrantedTablePermission(Connector test_user_conn, ClusterUser normalUser, TablePermission perm, String tableName) throws AccumuloException,
+      TableExistsException, AccumuloSecurityException, TableNotFoundException, MutationsRejectedException {
     Scanner scanner;
     BatchWriter writer;
     Mutation m;
@@ -591,7 +655,7 @@ public class PermissionsIT extends AccumuloIT {
         test_user_conn.tableOperations().delete(tableName);
         break;
       case GRANT:
-        test_user_conn.securityOperations().grantTablePermission("root", tableName, TablePermission.GRANT);
+        test_user_conn.securityOperations().grantTablePermission(getAdminPrincipal(), tableName, TablePermission.GRANT);
         break;
       default:
         throw new IllegalArgumentException("Unrecognized table Permission: " + perm);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
index f4f6c9d..0b8046d 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
@@ -18,6 +18,7 @@ package org.apache.accumulo.test.functional;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import java.io.ByteArrayOutputStream;
@@ -44,10 +45,14 @@ import org.apache.accumulo.core.cli.ScannerOpts;
 import org.apache.accumulo.core.client.BatchScanner;
 import org.apache.accumulo.core.client.BatchWriter;
 import org.apache.accumulo.core.client.BatchWriterConfig;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Scanner;
 import org.apache.accumulo.core.client.ZooKeeperInstance;
 import org.apache.accumulo.core.client.admin.TableOperations;
+import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.client.security.tokens.KerberosToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.data.Key;
 import org.apache.accumulo.core.data.Mutation;
@@ -100,8 +105,8 @@ public class ReadWriteIT extends AccumuloClusterIT {
     cluster.getClusterControl().startAllServers(ServerType.MONITOR);
     Connector connector = getConnector();
     String tableName = getUniqueNames(1)[0];
-    ingest(connector, ROWS, COLS, 50, 0, tableName);
-    verify(connector, ROWS, COLS, 50, 0, tableName);
+    ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS, COLS, 50, 0, tableName);
+    verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS, COLS, 50, 0, tableName);
     String monitorLocation = null;
     while (null == monitorLocation) {
       monitorLocation = MonitorUtil.getLocation(getConnector().getInstance());
@@ -136,11 +141,13 @@ public class ReadWriteIT extends AccumuloClusterIT {
     cluster.start();
   }
 
-  public static void ingest(Connector connector, int rows, int cols, int width, int offset, String tableName) throws Exception {
-    ingest(connector, rows, cols, width, offset, COLF, tableName);
+  public static void ingest(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String tableName)
+      throws Exception {
+    ingest(connector, clientConfig, principal, rows, cols, width, offset, COLF, tableName);
   }
 
-  public static void ingest(Connector connector, int rows, int cols, int width, int offset, String colf, String tableName) throws Exception {
+  public static void ingest(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String colf,
+      String tableName) throws Exception {
     TestIngest.Opts opts = new TestIngest.Opts();
     opts.rows = rows;
     opts.cols = cols;
@@ -149,15 +156,22 @@ public class ReadWriteIT extends AccumuloClusterIT {
     opts.columnFamily = colf;
     opts.createTable = true;
     opts.setTableName(tableName);
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(principal);
+    }
 
     TestIngest.ingest(connector, opts, new BatchWriterOpts());
   }
 
-  public static void verify(Connector connector, int rows, int cols, int width, int offset, String tableName) throws Exception {
-    verify(connector, rows, cols, width, offset, COLF, tableName);
+  public static void verify(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String tableName)
+      throws Exception {
+    verify(connector, clientConfig, principal, rows, cols, width, offset, COLF, tableName);
   }
 
-  private static void verify(Connector connector, int rows, int cols, int width, int offset, String colf, String tableName) throws Exception {
+  private static void verify(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String colf,
+      String tableName) throws Exception {
     ScannerOpts scannerOpts = new ScannerOpts();
     VerifyIngest.Opts opts = new VerifyIngest.Opts();
     opts.rows = rows;
@@ -166,6 +180,12 @@ public class ReadWriteIT extends AccumuloClusterIT {
     opts.startRow = offset;
     opts.columnFamily = colf;
     opts.setTableName(tableName);
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(principal);
+    }
+
     VerifyIngest.verifyIngest(connector, opts, scannerOpts);
   }
 
@@ -185,10 +205,25 @@ public class ReadWriteIT extends AccumuloClusterIT {
       @Override
       public Integer call() {
         try {
+          ClientConfiguration clientConf = cluster.getClientConfig();
+          // Invocation is different for SASL. We're only logged in via this processes memory (not via some credentials cache on disk)
+          // Need to pass along the keytab because of that.
+          if (clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+            String principal = getAdminPrincipal();
+            AuthenticationToken token = getAdminToken();
+            assertTrue("Expected KerberosToken, but was " + token.getClass(), token instanceof KerberosToken);
+            KerberosToken kt = (KerberosToken) token;
+            assertNotNull("Expected keytab in token", kt.getKeytab());
+            return control.exec(
+                TestMultiTableIngest.class,
+                args("--count", Integer.toString(ROWS), "-i", instance, "-z", keepers, "--tablePrefix", prefix, "--keytab", kt.getKeytab().getAbsolutePath(),
+                    "-u", principal));
+          }
+
           return control.exec(
               TestMultiTableIngest.class,
-              args("--count", "" + ROWS, "-u", "root", "-i", instance, "-z", keepers, "-p", new String(((PasswordToken) getToken()).getPassword(),
-                  Charsets.UTF_8), "--tablePrefix", prefix));
+              args("--count", Integer.toString(ROWS), "-u", getAdminPrincipal(), "-i", instance, "-z", keepers, "-p", new String(
+                  ((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix));
         } catch (IOException e) {
           log.error("Error running MultiTableIngest", e);
           return -1;
@@ -199,10 +234,25 @@ public class ReadWriteIT extends AccumuloClusterIT {
       @Override
       public Integer call() {
         try {
+          ClientConfiguration clientConf = cluster.getClientConfig();
+          // Invocation is different for SASL. We're only logged in via this processes memory (not via some credentials cache on disk)
+          // Need to pass along the keytab because of that.
+          if (clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+            String principal = getAdminPrincipal();
+            AuthenticationToken token = getAdminToken();
+            assertTrue("Expected KerberosToken, but was " + token.getClass(), token instanceof KerberosToken);
+            KerberosToken kt = (KerberosToken) token;
+            assertNotNull("Expected keytab in token", kt.getKeytab());
+            return control.exec(
+                TestMultiTableIngest.class,
+                args("--count", Integer.toString(ROWS), "--readonly", "-i", instance, "-z", keepers, "--tablePrefix", prefix, "--keytab", kt.getKeytab()
+                    .getAbsolutePath(), "-u", principal));
+          }
+
           return control.exec(
               TestMultiTableIngest.class,
-              args("--count", "" + ROWS, "--readonly", "-u", "root", "-i", instance, "-z", keepers, "-p", new String(
-                  ((PasswordToken) getToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix));
+              args("--count", Integer.toString(ROWS), "--readonly", "-u", getAdminPrincipal(), "-i", instance, "-z", keepers, "-p", new String(
+                  ((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix));
         } catch (IOException e) {
           log.error("Error running MultiTableIngest", e);
           return -1;
@@ -222,8 +272,8 @@ public class ReadWriteIT extends AccumuloClusterIT {
     // write a few large values
     Connector connector = getConnector();
     String table = getUniqueNames(1)[0];
-    ingest(connector, 2, 1, 500000, 0, table);
-    verify(connector, 2, 1, 500000, 0, table);
+    ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2, 1, 500000, 0, table);
+    verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2, 1, 500000, 0, table);
   }
 
   @Test
@@ -237,7 +287,7 @@ public class ReadWriteIT extends AccumuloClusterIT {
   static void interleaveTest(final Connector connector, final String tableName) throws Exception {
     final AtomicBoolean fail = new AtomicBoolean(false);
     final int CHUNKSIZE = ROWS / 10;
-    ingest(connector, CHUNKSIZE, 1, 50, 0, tableName);
+    ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, 0, tableName);
     int i;
     for (i = 0; i < ROWS; i += CHUNKSIZE) {
       final int start = i;
@@ -245,18 +295,18 @@ public class ReadWriteIT extends AccumuloClusterIT {
         @Override
         public void run() {
           try {
-            verify(connector, CHUNKSIZE, 1, 50, start, tableName);
+            verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, start, tableName);
           } catch (Exception ex) {
             fail.set(true);
           }
         }
       };
       verify.start();
-      ingest(connector, CHUNKSIZE, 1, 50, i + CHUNKSIZE, tableName);
+      ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, i + CHUNKSIZE, tableName);
       verify.join();
       assertFalse(fail.get());
     }
-    verify(connector, CHUNKSIZE, 1, 50, i, tableName);
+    verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, i, tableName);
   }
 
   public static Text t(String s) {
@@ -277,7 +327,7 @@ public class ReadWriteIT extends AccumuloClusterIT {
     connector.tableOperations().create(tableName);
     connector.tableOperations().setProperty(tableName, "table.group.g1", "colf");
     connector.tableOperations().setProperty(tableName, "table.groups.enabled", "g1");
-    ingest(connector, 2000, 1, 50, 0, tableName);
+    ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName);
     connector.tableOperations().compact(tableName, null, null, true, true);
     BatchWriter bw = connector.createBatchWriter(tableName, new BatchWriterConfig());
     bw.addMutation(m("zzzzzzzzzzz", "colf2", "cq", "value"));
@@ -305,8 +355,8 @@ public class ReadWriteIT extends AccumuloClusterIT {
     Map<String,Set<Text>> groups = new TreeMap<String,Set<Text>>();
     groups.put("g1", Collections.singleton(t("colf")));
     connector.tableOperations().setLocalityGroups(tableName, groups);
-    ingest(connector, 2000, 1, 50, 0, tableName);
-    verify(connector, 2000, 1, 50, 0, tableName);
+    ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName);
+    verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName);
     connector.tableOperations().flush(tableName, null, null, true);
     BatchScanner bscanner = connector.createBatchScanner(MetadataTable.NAME, Authorizations.EMPTY, 1);
     String tableId = connector.tableOperations().tableIdMap().get(tableName);
@@ -345,9 +395,9 @@ public class ReadWriteIT extends AccumuloClusterIT {
     int i = 0;
     for (String cfg : config) {
       to.setLocalityGroups(table, getGroups(cfg));
-      ingest(connector, ROWS * (i + 1), 1, 50, ROWS * i, table);
+      ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * (i + 1), 1, 50, ROWS * i, table);
       to.flush(table, null, null, true);
-      verify(connector, 0, 1, 50, ROWS * (i + 1), table);
+      verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 0, 1, 50, ROWS * (i + 1), table);
       i++;
     }
     to.delete(table);
@@ -355,12 +405,12 @@ public class ReadWriteIT extends AccumuloClusterIT {
     config = new String[] {"lg1:colf", null, "lg1:colf,xyz", "lg1:colf;lg2:colf",};
     i = 1;
     for (String cfg : config) {
-      ingest(connector, ROWS * i, 1, 50, 0, table);
-      ingest(connector, ROWS * i, 1, 50, 0, "xyz", table);
+      ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, table);
+      ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, "xyz", table);
       to.setLocalityGroups(table, getGroups(cfg));
       to.flush(table, null, null, true);
-      verify(connector, ROWS * i, 1, 50, 0, table);
-      verify(connector, ROWS * i, 1, 50, 0, "xyz", table);
+      verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, table);
+      verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, "xyz", table);
       i++;
     }
   }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java
index 5edc137..92fc215 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java
@@ -67,8 +67,8 @@ public class RecoveryWithEmptyRFileIT extends ConfigurableMacIT {
     log.info("Ingest some data, verify it was stored properly, replace an underlying rfile with an empty one and verify we can scan.");
     Connector connector = getConnector();
     String tableName = getUniqueNames(1)[0];
-    ReadWriteIT.ingest(connector, ROWS, COLS, 50, 0, tableName);
-    ReadWriteIT.verify(connector, ROWS, COLS, 50, 0, tableName);
+    ReadWriteIT.ingest(connector, cluster.getClientConfig(), "root", ROWS, COLS, 50, 0, tableName);
+    ReadWriteIT.verify(connector, cluster.getClientConfig(), "root", ROWS, COLS, 50, 0, tableName);
 
     connector.tableOperations().flush(tableName, null, null, true);
     connector.tableOperations().offline(tableName, true);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java
index 99a6858..6befd7e 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java
@@ -18,6 +18,8 @@ package org.apache.accumulo.test.functional;
 
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.harness.AccumuloClusterIT;
 import org.apache.accumulo.test.TestIngest;
@@ -41,11 +43,26 @@ public class RenameIT extends AccumuloClusterIT {
     TestIngest.Opts opts = new TestIngest.Opts();
     opts.createTable = true;
     opts.setTableName(name1);
+
+    final ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(getAdminPrincipal());
+    }
+
     Connector c = getConnector();
     TestIngest.ingest(c, opts, bwOpts);
     c.tableOperations().rename(name1, name2);
     TestIngest.ingest(c, opts, bwOpts);
     VerifyIngest.Opts vopts = new VerifyIngest.Opts();
+
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      vopts.updateKerberosCredentials(clientConfig);
+    } else {
+      vopts.setPrincipal(getAdminPrincipal());
+    }
+
     vopts.setTableName(name2);
     VerifyIngest.verifyIngest(c, vopts, scanOpts);
     c.tableOperations().delete(name1);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java
index 1aa5ad7..2ba6d31 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java
@@ -27,10 +27,15 @@ import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.accumulo.cluster.ClusterControl;
+import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.Constants;
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.client.security.tokens.KerberosToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.metadata.MetadataTable;
@@ -45,6 +50,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
 import org.apache.accumulo.test.TestIngest;
 import org.apache.accumulo.test.VerifyIngest;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -67,7 +73,7 @@ public class RestartIT extends AccumuloClusterIT {
     cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "5s");
     cfg.setProperty(Property.GC_CYCLE_DELAY, "1s");
     cfg.setProperty(Property.GC_CYCLE_START, "1s");
-    cfg.useMiniDFS(true);
+    hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName());
   }
 
   private static final ScannerOpts SOPTS = new ScannerOpts();
@@ -107,16 +113,32 @@ public class RestartIT extends AccumuloClusterIT {
     OPTS.setTableName(tableName);
     VOPTS.setTableName(tableName);
     c.tableOperations().create(tableName);
-    final PasswordToken token = (PasswordToken) getToken();
+    final AuthenticationToken token = getAdminToken();
     final ClusterControl control = getCluster().getClusterControl();
 
+    final String[] args;
+    if (token instanceof PasswordToken) {
+      byte[] password = ((PasswordToken) token).getPassword();
+      args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName};
+      OPTS.setPrincipal(getAdminPrincipal());
+      VOPTS.setPrincipal(getAdminPrincipal());
+    } else if (token instanceof KerberosToken) {
+      ClusterUser rootUser = getAdminUser();
+      args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName};
+      ClientConfiguration clientConfig = cluster.getClientConfig();
+      OPTS.updateKerberosCredentials(clientConfig);
+      VOPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      throw new RuntimeException("Unknown token");
+    }
+
     Future<Integer> ret = svc.submit(new Callable<Integer>() {
       @Override
       public Integer call() {
         try {
-          return control.exec(TestIngest.class,
-              new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
-                  cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName});
+          return control.exec(TestIngest.class, args);
         } catch (IOException e) {
           log.error("Error running TestIngest", e);
           return -1;
@@ -137,6 +159,14 @@ public class RestartIT extends AccumuloClusterIT {
     c.tableOperations().create(tableName);
     OPTS.setTableName(tableName);
     VOPTS.setTableName(tableName);
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      OPTS.updateKerberosCredentials(clientConfig);
+      VOPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      OPTS.setPrincipal(getAdminPrincipal());
+      VOPTS.setPrincipal(getAdminPrincipal());
+    }
     TestIngest.ingest(c, OPTS, BWOPTS);
     ClusterControl control = getCluster().getClusterControl();
 
@@ -179,18 +209,35 @@ public class RestartIT extends AccumuloClusterIT {
   public void restartMasterSplit() throws Exception {
     Connector c = getConnector();
     final String tableName = getUniqueNames(1)[0];
-    final PasswordToken token = (PasswordToken) getToken();
+    final AuthenticationToken token = getAdminToken();
     final ClusterControl control = getCluster().getClusterControl();
     VOPTS.setTableName(tableName);
     c.tableOperations().create(tableName);
     c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "5K");
+
+    final String[] args;
+    if (token instanceof PasswordToken) {
+      byte[] password = ((PasswordToken) token).getPassword();
+      args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName};
+      OPTS.setPrincipal(getAdminPrincipal());
+      VOPTS.setPrincipal(getAdminPrincipal());
+    } else if (token instanceof KerberosToken) {
+      ClusterUser rootUser = getAdminUser();
+      args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName};
+      ClientConfiguration clientConfig = cluster.getClientConfig();
+      OPTS.updateKerberosCredentials(clientConfig);
+      VOPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      throw new RuntimeException("Unknown token");
+    }
+
     Future<Integer> ret = svc.submit(new Callable<Integer>() {
       @Override
       public Integer call() {
         try {
-          return control.exec(TestIngest.class,
-              new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
-                  cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName});
+          return control.exec(TestIngest.class, args);
         } catch (Exception e) {
           log.error("Error running TestIngest", e);
           return -1;
@@ -223,6 +270,14 @@ public class RestartIT extends AccumuloClusterIT {
     c.tableOperations().create(tableName);
     OPTS.setTableName(tableName);
     VOPTS.setTableName(tableName);
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      OPTS.updateKerberosCredentials(clientConfig);
+      VOPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      OPTS.setPrincipal(getAdminPrincipal());
+      VOPTS.setPrincipal(getAdminPrincipal());
+    }
     TestIngest.ingest(c, OPTS, BWOPTS);
     VerifyIngest.verifyIngest(c, VOPTS, SOPTS);
     cluster.getClusterControl().stopAllServers(ServerType.TABLET_SERVER);
@@ -251,6 +306,12 @@ public class RestartIT extends AccumuloClusterIT {
     String tableName = getUniqueNames(1)[0];
     c.tableOperations().create(tableName);
     OPTS.setTableName(tableName);
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      OPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      OPTS.setPrincipal(getAdminPrincipal());
+    }
     TestIngest.ingest(c, OPTS, BWOPTS);
     try {
       getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER);
@@ -265,6 +326,14 @@ public class RestartIT extends AccumuloClusterIT {
     Connector c = getConnector();
     String tableName = getUniqueNames(1)[0];
     VOPTS.setTableName(tableName);
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      OPTS.updateKerberosCredentials(clientConfig);
+      VOPTS.updateKerberosCredentials(clientConfig);
+    } else {
+      OPTS.setPrincipal(getAdminPrincipal());
+      VOPTS.setPrincipal(getAdminPrincipal());
+    }
     c.tableOperations().create(tableName);
     c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "10K");
     String splitThreshold = null;
@@ -279,6 +348,11 @@ public class RestartIT extends AccumuloClusterIT {
       c.tableOperations().setProperty(MetadataTable.NAME, Property.TABLE_SPLIT_THRESHOLD.getKey(), "20K");
       TestIngest.Opts opts = new TestIngest.Opts();
       opts.setTableName(tableName);
+      if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+        opts.updateKerberosCredentials(clientConfig);
+      } else {
+        opts.setPrincipal(getAdminPrincipal());
+      }
       TestIngest.ingest(c, opts, BWOPTS);
       c.tableOperations().flush(tableName, null, null, false);
       VerifyIngest.verifyIngest(c, VOPTS, SOPTS);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java
index 253a59c..3f7d67d 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java
@@ -18,7 +18,6 @@ package org.apache.accumulo.test.functional;
 
 import static org.junit.Assert.assertEquals;
 
-import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ExecutorService;
@@ -27,8 +26,11 @@ import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.accumulo.cluster.ClusterControl;
+import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.cli.ScannerOpts;
 import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.client.security.tokens.KerberosToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.core.util.UtilWaitThread;
@@ -38,6 +40,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
 import org.apache.accumulo.test.TestIngest;
 import org.apache.accumulo.test.VerifyIngest;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -51,14 +54,14 @@ public class RestartStressIT extends AccumuloClusterIT {
 
   @Override
   public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
-    Map<String,String> opts = new HashMap<String,String>();
+    Map<String,String> opts = cfg.getSiteConfig();
     opts.put(Property.TSERV_MAXMEM.getKey(), "100K");
     opts.put(Property.TSERV_MAJC_DELAY.getKey(), "100ms");
     opts.put(Property.TSERV_WALOG_MAX_SIZE.getKey(), "1M");
     opts.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "5s");
     opts.put(Property.MASTER_RECOVERY_DELAY.getKey(), "1s");
     cfg.setSiteConfig(opts);
-    cfg.useMiniDFS(true);
+    hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName());
   }
 
   @Override
@@ -88,12 +91,10 @@ public class RestartStressIT extends AccumuloClusterIT {
     }
   }
 
-  private static final TestIngest.Opts IOPTS;
   private static final VerifyIngest.Opts VOPTS;
   static {
-    IOPTS = new TestIngest.Opts();
     VOPTS = new VerifyIngest.Opts();
-    IOPTS.rows = VOPTS.rows = 10 * 1000;
+    VOPTS.rows = 10 * 1000;
   }
   private static final ScannerOpts SOPTS = new ScannerOpts();
 
@@ -101,17 +102,28 @@ public class RestartStressIT extends AccumuloClusterIT {
   public void test() throws Exception {
     final Connector c = getConnector();
     final String tableName = getUniqueNames(1)[0];
-    final PasswordToken token = (PasswordToken) getToken();
+    final AuthenticationToken token = getAdminToken();
     c.tableOperations().create(tableName);
     c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "500K");
     final ClusterControl control = getCluster().getClusterControl();
+    final String[] args;
+    if (token instanceof PasswordToken) {
+      byte[] password = ((PasswordToken) token).getPassword();
+      args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", "" + VOPTS.rows, "--table", tableName};
+    } else if (token instanceof KerberosToken) {
+      ClusterUser rootUser = getAdminUser();
+      args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z",
+          cluster.getZooKeepers(), "--rows", "" + VOPTS.rows, "--table", tableName};
+    } else {
+      throw new RuntimeException("Unrecognized token");
+    }
+
     Future<Integer> retCode = svc.submit(new Callable<Integer>() {
       @Override
       public Integer call() {
         try {
-          return control.exec(TestIngest.class,
-              new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z",
-                  cluster.getZooKeepers(), "--rows", "" + IOPTS.rows, "--table", tableName});
+          return control.exec(TestIngest.class, args);
         } catch (Exception e) {
           log.error("Error running TestIngest", e);
           return -1;
@@ -126,6 +138,15 @@ public class RestartStressIT extends AccumuloClusterIT {
     }
     assertEquals(0, retCode.get().intValue());
     VOPTS.setTableName(tableName);
+
+    if (token instanceof PasswordToken) {
+      VOPTS.setPrincipal(getAdminPrincipal());
+    } else if (token instanceof KerberosToken) {
+      VOPTS.updateKerberosCredentials(cluster.getClientConfig());
+    } else {
+      throw new RuntimeException("Unrecognized token");
+    }
+
     VerifyIngest.verifyIngest(c, VOPTS, SOPTS);
   }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java
index b43a92a..6d343ce 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java
@@ -45,7 +45,9 @@ public class RowDeleteIT extends AccumuloClusterIT {
 
   @Override
   public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
-    cfg.setSiteConfig(Collections.singletonMap(Property.TSERV_MAJC_DELAY.getKey(), "50ms"));
+    Map<String,String> siteConfig = cfg.getSiteConfig();
+    siteConfig.put(Property.TSERV_MAJC_DELAY.getKey(), "50ms");
+    cfg.setSiteConfig(siteConfig);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java b/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java
index 6d1961c..daf781f 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java
@@ -18,8 +18,8 @@ package org.apache.accumulo.test.functional;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
-import java.util.Collections;
 import java.util.Iterator;
+import java.util.Map;
 import java.util.Map.Entry;
 
 import org.apache.accumulo.core.client.BatchWriter;
@@ -49,7 +49,9 @@ public class ScanSessionTimeOutIT extends AccumuloClusterIT {
 
   @Override
   public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
-    cfg.setSiteConfig(Collections.singletonMap(Property.TSERV_SESSION_MAXIDLE.getKey(), "3"));
+    Map<String,String> siteConfig = cfg.getSiteConfig();
+    siteConfig.put(Property.TSERV_SESSION_MAXIDLE.getKey(), "3");
+    cfg.setSiteConfig(siteConfig);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java
index 5c1ad8c..8b140e7 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java
@@ -70,6 +70,7 @@ public class SimpleBalancerFairnessIT extends ConfigurableMacIT {
     List<String> tservers = c.instanceOperations().getTabletServers();
     TestIngest.Opts opts = new TestIngest.Opts();
     opts.rows = 50000;
+    opts.setPrincipal("root");
     TestIngest.ingest(c, opts, new BatchWriterOpts());
     c.tableOperations().flush("test_ingest", null, null, false);
     UtilWaitThread.sleep(45 * 1000);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java
index 69b0ea1..93a4f69 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java
@@ -22,8 +22,11 @@ import static org.junit.Assert.assertTrue;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Scanner;
 import org.apache.accumulo.core.client.admin.InstanceOperations;
@@ -46,6 +49,7 @@ import org.apache.accumulo.test.VerifyIngest;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.io.Text;
 import org.junit.After;
+import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Test;
 import org.slf4j.Logger;
@@ -71,9 +75,7 @@ public class SplitIT extends AccumuloClusterIT {
 
   @Before
   public void alterConfig() throws Exception {
-    if (ClusterType.MINI == getClusterType()) {
-      return;
-    }
+    Assume.assumeTrue(ClusterType.MINI == getClusterType());
 
     InstanceOperations iops = getConnector().instanceOperations();
     Map<String,String> config = iops.getSystemConfiguration();
@@ -126,10 +128,20 @@ public class SplitIT extends AccumuloClusterIT {
     c.tableOperations().setProperty(table, Property.TABLE_SPLIT_THRESHOLD.getKey(), "256K");
     c.tableOperations().setProperty(table, Property.TABLE_FILE_COMPRESSED_BLOCK_SIZE.getKey(), "1K");
     TestIngest.Opts opts = new TestIngest.Opts();
+    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     opts.rows = 100000;
     opts.setTableName(table);
+
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+      vopts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(getAdminPrincipal());
+      vopts.setPrincipal(getAdminPrincipal());
+    }
+
     TestIngest.ingest(c, opts, new BatchWriterOpts());
-    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     vopts.rows = opts.rows;
     vopts.setTableName(table);
     VerifyIngest.verifyIngest(c, vopts, new ScannerOpts());
@@ -149,13 +161,21 @@ public class SplitIT extends AccumuloClusterIT {
         shortened++;
       count++;
     }
+
     assertTrue("Shortened should be greater than zero: " + shortened, shortened > 0);
     assertTrue("Count should be cgreater than 10: " + count, count > 10);
-    PasswordToken token = (PasswordToken) getToken();
-    assertEquals(
-        0,
-        getCluster().getClusterControl().exec(CheckForMetadataProblems.class,
-            new String[] {"-i", cluster.getInstanceName(), "-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-z", cluster.getZooKeepers()}));
+
+    String[] args;
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      ClusterUser rootUser = getAdminUser();
+      args = new String[] {"-i", cluster.getInstanceName(), "-u", rootUser.getPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-z",
+          cluster.getZooKeepers()};
+    } else {
+      PasswordToken token = (PasswordToken) getAdminToken();
+      args = new String[] {"-i", cluster.getInstanceName(), "-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-z", cluster.getZooKeepers()};
+    }
+
+    assertEquals(0, getCluster().getClusterControl().exec(CheckForMetadataProblems.class, args));
   }
 
   @Test
@@ -182,9 +202,15 @@ public class SplitIT extends AccumuloClusterIT {
     Connector c = getConnector();
     String tableName = getUniqueNames(1)[0];
     c.tableOperations().create(tableName);
-    PasswordToken token = (PasswordToken) getToken();
     c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "10K");
-    DeleteIT.deleteTest(c, getCluster(), new String(token.getPassword(), Charsets.UTF_8), tableName);
+    ClientConfiguration clientConfig = getCluster().getClientConfig();
+    String password = null, keytab = null;
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      keytab = getAdminUser().getKeytab().getAbsolutePath();
+    } else {
+      password = new String(((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8);
+    }
+    DeleteIT.deleteTest(c, getCluster(), getAdminPrincipal(), password, tableName, keytab);
     c.tableOperations().flush(tableName, null, null, true);
     for (int i = 0; i < 5; i++) {
       UtilWaitThread.sleep(10 * 1000);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java b/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java
index 023d17a..ded599e 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java
@@ -25,6 +25,8 @@ import java.io.FileNotFoundException;
 import org.apache.accumulo.cluster.AccumuloCluster;
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Scanner;
 import org.apache.accumulo.core.client.admin.TableOperations;
@@ -63,11 +65,21 @@ public class TableIT extends AccumuloClusterIT {
     TableOperations to = c.tableOperations();
     String tableName = getUniqueNames(1)[0];
     to.create(tableName);
+
     TestIngest.Opts opts = new TestIngest.Opts();
+    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
+    ClientConfiguration clientConfig = getCluster().getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+      vopts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(getAdminPrincipal());
+      vopts.setPrincipal(getAdminPrincipal());
+    }
+
     opts.setTableName(tableName);
     TestIngest.ingest(c, opts, new BatchWriterOpts());
     to.flush(tableName, null, null, true);
-    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     vopts.setTableName(tableName);
     VerifyIngest.verifyIngest(c, vopts, new ScannerOpts());
     String id = to.tableIdMap().get(tableName);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java b/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java
index 4515c3d..8aa6cf2 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java
@@ -19,7 +19,6 @@ package org.apache.accumulo.test.functional;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
 
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.TreeSet;
@@ -46,7 +45,7 @@ public class TabletIT extends AccumuloClusterIT {
 
   @Override
   public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
-    Map<String,String> siteConfig = new HashMap<String,String>();
+    Map<String,String> siteConfig = cfg.getSiteConfig();
     siteConfig.put(Property.TSERV_MAXMEM.getKey(), "128M");
     cfg.setDefaultMemory(256, MemoryUnit.MEGABYTE);
     cfg.setSiteConfig(siteConfig);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java b/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java
index f102d01..7211494 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java
@@ -45,6 +45,8 @@ import org.apache.accumulo.core.security.ColumnVisibility;
 import org.apache.accumulo.core.util.ByteArraySet;
 import org.apache.accumulo.harness.AccumuloClusterIT;
 import org.apache.hadoop.io.Text;
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 
 public class VisibilityIT extends AccumuloClusterIT {
@@ -54,6 +56,22 @@ public class VisibilityIT extends AccumuloClusterIT {
     return 2 * 60;
   }
 
+  Authorizations origAuths = null;
+
+  @Before
+  public void emptyAuths() throws Exception {
+    Connector c = getConnector();
+    origAuths = c.securityOperations().getUserAuthorizations(getAdminPrincipal());
+  }
+
+  @After
+  public void resetAuths() throws Exception {
+    Connector c = getConnector();
+    if (null != origAuths) {
+      c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), origAuths);
+    }
+  }
+
   @Test
   public void run() throws Exception {
     Connector c = getConnector();
@@ -205,7 +223,7 @@ public class VisibilityIT extends AccumuloClusterIT {
 
   private void queryData(Connector c, String tableName, Set<String> allAuths, Set<String> userAuths, Map<Set<String>,Set<String>> expected) throws Exception {
 
-    c.securityOperations().changeUserAuthorizations("root", new Authorizations(nbas(userAuths)));
+    c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations(nbas(userAuths)));
 
     ArrayList<Set<String>> combos = new ArrayList<Set<String>>();
     uniqueCombos(combos, nss(), allAuths);
@@ -232,7 +250,7 @@ public class VisibilityIT extends AccumuloClusterIT {
     Scanner scanner;
 
     // should return no records
-    c.securityOperations().changeUserAuthorizations("root", new Authorizations("BASE", "DEFLABEL"));
+    c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations("BASE", "DEFLABEL"));
     scanner = getConnector().createScanner(tableName, new Authorizations());
     verifyDefault(scanner, 0);
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java b/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java
index d375f01..44473b0 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java
@@ -18,6 +18,8 @@ package org.apache.accumulo.test.functional;
 
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.accumulo.harness.AccumuloClusterIT;
@@ -26,6 +28,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
 import org.apache.accumulo.test.TestIngest;
 import org.apache.accumulo.test.VerifyIngest;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.junit.Test;
 
 public class WriteAheadLogIT extends AccumuloClusterIT {
@@ -38,7 +41,7 @@ public class WriteAheadLogIT extends AccumuloClusterIT {
     cfg.setProperty(Property.MASTER_RECOVERY_DELAY, "1s");
     cfg.setProperty(Property.TSERV_MAJC_DELAY, "1");
     cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "4s");
-    cfg.useMiniDFS(true);
+    hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName());
   }
 
   @Override
@@ -53,9 +56,19 @@ public class WriteAheadLogIT extends AccumuloClusterIT {
     c.tableOperations().create(tableName);
     c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "750K");
     TestIngest.Opts opts = new TestIngest.Opts();
+    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     opts.setTableName(tableName);
+
+    ClientConfiguration clientConfig = cluster.getClientConfig();
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      opts.updateKerberosCredentials(clientConfig);
+      vopts.updateKerberosCredentials(clientConfig);
+    } else {
+      opts.setPrincipal(getAdminPrincipal());
+      vopts.setPrincipal(getAdminPrincipal());
+    }
+
     TestIngest.ingest(c, opts, new BatchWriterOpts());
-    VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     vopts.setTableName(tableName);
     VerifyIngest.verifyIngest(c, vopts, new ScannerOpts());
     getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
index d38588f..d8dba87 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
@@ -22,6 +22,8 @@ import java.util.concurrent.atomic.AtomicReference;
 
 import org.apache.accumulo.core.cli.BatchWriterOpts;
 import org.apache.accumulo.core.cli.ScannerOpts;
+import org.apache.accumulo.core.client.ClientConfiguration;
+import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.harness.AccumuloClusterIT;
 import org.apache.accumulo.test.TestIngest;
@@ -42,6 +44,7 @@ public class WriteLotsIT extends AccumuloClusterIT {
     c.tableOperations().create(tableName);
     final AtomicReference<Exception> ref = new AtomicReference<Exception>();
     List<Thread> threads = new ArrayList<Thread>();
+    final ClientConfiguration clientConfig = getCluster().getClientConfig();
     for (int i = 0; i < 10; i++) {
       final int index = i;
       Thread t = new Thread() {
@@ -52,6 +55,11 @@ public class WriteLotsIT extends AccumuloClusterIT {
             opts.startRow = index * 10000;
             opts.rows = 10000;
             opts.setTableName(tableName);
+            if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+              opts.updateKerberosCredentials(clientConfig);
+            } else {
+              opts.setPrincipal(getAdminPrincipal());
+            }
             TestIngest.ingest(c, opts, new BatchWriterOpts());
           } catch (Exception ex) {
             ref.set(ex);
@@ -70,6 +78,11 @@ public class WriteLotsIT extends AccumuloClusterIT {
     VerifyIngest.Opts vopts = new VerifyIngest.Opts();
     vopts.rows = 10000 * 10;
     vopts.setTableName(tableName);
+    if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) {
+      vopts.updateKerberosCredentials(clientConfig);
+    } else {
+      vopts.setPrincipal(getAdminPrincipal());
+    }
     VerifyIngest.verifyIngest(c, vopts, new ScannerOpts());
   }
 

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java b/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java
index 53dbaf6..2b33b4d 100644
--- a/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java
@@ -21,6 +21,7 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import org.apache.accumulo.cluster.ClusterUser;
 import org.apache.accumulo.core.client.BatchWriter;
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.Scanner;
@@ -81,9 +82,10 @@ public class StatusCombinerMacIT extends SharedMiniClusterIT {
   @Test
   public void test() throws Exception {
     Connector conn = getConnector();
+    ClusterUser user = getAdminUser();
 
     ReplicationTable.setOnline(conn);
-    conn.securityOperations().grantTablePermission("root", ReplicationTable.NAME, TablePermission.WRITE);
+    conn.securityOperations().grantTablePermission(user.getPrincipal(), ReplicationTable.NAME, TablePermission.WRITE);
     BatchWriter bw = ReplicationTable.getBatchWriter(conn);
     long createTime = System.currentTimeMillis();
     try {

http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/test/src/test/resources/log4j.properties b/test/src/test/resources/log4j.properties
index 1b89dfe..40ad717 100644
--- a/test/src/test/resources/log4j.properties
+++ b/test/src/test/resources/log4j.properties
@@ -51,4 +51,4 @@ log4j.logger.org.apache.directory.api.ldap=WARN
 log4j.logger.org.apache.thrift.transport.TSaslTransport=INFO
 # From apache-ds/minikdc
 log4j.logger.org.apache.mina=INFO
-log4j.logger.org.apache.accumulo.server.thrift.UGIAssumingProcessor=TRACE
\ No newline at end of file
+log4j.logger.org.apache.accumulo.server.thrift.UGIAssumingProcessor=TRACE


Mime
View raw message