Return-Path: X-Original-To: apmail-accumulo-commits-archive@www.apache.org Delivered-To: apmail-accumulo-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5E9951061B for ; Tue, 3 Mar 2015 19:15:37 +0000 (UTC) Received: (qmail 66519 invoked by uid 500); 3 Mar 2015 19:15:27 -0000 Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org Received: (qmail 66471 invoked by uid 500); 3 Mar 2015 19:15:27 -0000 Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list commits@accumulo.apache.org Received: (qmail 66462 invoked by uid 99); 3 Mar 2015 19:15:27 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Mar 2015 19:15:27 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id A7E74E03B9; Tue, 3 Mar 2015 19:15:27 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: elserj@apache.org To: commits@accumulo.apache.org Date: Tue, 03 Mar 2015 19:15:27 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/4] accumulo git commit: ACCUMULO-3599 Refactor tests to run over MAC using Kerberos Repository: accumulo Updated Branches: refs/heads/master 31ab27100 -> 1c5bef324 http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java b/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java index e20a252..2f8a83d 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/PermissionsIT.java @@ -16,6 +16,7 @@ */ package org.apache.accumulo.test.functional; +import java.io.IOException; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; @@ -24,8 +25,8 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import java.util.concurrent.atomic.AtomicInteger; +import org.apache.accumulo.cluster.ClusterUser; import org.apache.accumulo.core.client.AccumuloException; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.BatchWriter; @@ -34,9 +35,6 @@ import org.apache.accumulo.core.client.ClientConfiguration; import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.MutationsRejectedException; -import org.apache.accumulo.core.client.NamespaceExistsException; -import org.apache.accumulo.core.client.NamespaceNotEmptyException; -import org.apache.accumulo.core.client.NamespaceNotFoundException; import org.apache.accumulo.core.client.Scanner; import org.apache.accumulo.core.client.TableExistsException; import org.apache.accumulo.core.client.TableNotFoundException; @@ -51,69 +49,54 @@ import org.apache.accumulo.core.metadata.MetadataTable; import org.apache.accumulo.core.security.Authorizations; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; -import org.apache.accumulo.harness.AccumuloIT; -import org.apache.accumulo.harness.MiniClusterHarness; -import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl; +import org.apache.accumulo.harness.AccumuloClusterIT; import org.apache.hadoop.io.Text; import org.apache.log4j.Logger; -import org.junit.After; +import org.junit.Assume; import org.junit.Before; import org.junit.Test; // This test verifies the default permissions so a clean instance must be used. A shared instance might // not be representative of a fresh installation. -public class PermissionsIT extends AccumuloIT { +public class PermissionsIT extends AccumuloClusterIT { private static final Logger log = Logger.getLogger(PermissionsIT.class); - static AtomicInteger userId = new AtomicInteger(0); - private MiniAccumuloClusterImpl cluster; - - static String makeUserName() { - return "user_" + userId.getAndIncrement(); + @Override + public int defaultTimeoutSeconds() { + return 60; } @Before - public void createMiniCluster() throws Exception { - MiniClusterHarness harness = new MiniClusterHarness(); - cluster = harness.create(getToken()); - cluster.start(); + public void limitToMini() { + Assume.assumeTrue(ClusterType.MINI == getClusterType()); } - @After - public void stopMiniCluster() throws Exception { - cluster.stop(); - } - - private AuthenticationToken getToken() { - return new PasswordToken("rootPassword1"); - } - - private Connector getConnector() { - try { - return cluster.getConnector("root", getToken()); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - - @Override - public int defaultTimeoutSeconds() { - return 60; + private void loginAs(ClusterUser user) throws IOException { + // Force a re-login as the provided user + user.getToken(); } @Test public void systemPermissionsTest() throws Exception { - String testUser = makeUserName(); - PasswordToken testPasswd = new PasswordToken("test_password"); + ClusterUser testUser = getUser(0), rootUser = getAdminUser(); // verify that the test is being run by root Connector c = getConnector(); verifyHasOnlyTheseSystemPermissions(c, c.whoami(), SystemPermission.values()); // create the test user - c.securityOperations().createLocalUser(testUser, testPasswd); - Connector test_user_conn = c.getInstance().getConnector(testUser, testPasswd); - verifyHasNoSystemPermissions(c, testUser, SystemPermission.values()); + String principal = testUser.getPrincipal(); + AuthenticationToken token = testUser.getToken(); + PasswordToken passwordToken = null; + if (token instanceof PasswordToken) { + passwordToken = (PasswordToken) token; + } + loginAs(rootUser); + c.securityOperations().createLocalUser(principal, passwordToken); + loginAs(testUser); + Connector test_user_conn = c.getInstance().getConnector(principal, token); + loginAs(rootUser); + verifyHasNoSystemPermissions(c, principal, SystemPermission.values()); // test each permission for (SystemPermission perm : SystemPermission.values()) { @@ -122,9 +105,9 @@ public class PermissionsIT extends AccumuloIT { // verify GRANT can't be granted if (perm.equals(SystemPermission.GRANT)) { try { - c.securityOperations().grantSystemPermission(testUser, perm); + c.securityOperations().grantSystemPermission(principal, perm); } catch (AccumuloSecurityException e) { - verifyHasNoSystemPermissions(c, testUser, perm); + verifyHasNoSystemPermissions(c, principal, perm); continue; } throw new IllegalStateException("Should NOT be able to grant GRANT"); @@ -132,12 +115,14 @@ public class PermissionsIT extends AccumuloIT { // test permission before and after granting it String tableNamePrefix = getUniqueNames(1)[0]; - testMissingSystemPermission(tableNamePrefix, c, test_user_conn, perm); - c.securityOperations().grantSystemPermission(testUser, perm); - verifyHasOnlyTheseSystemPermissions(c, testUser, perm); - testGrantedSystemPermission(tableNamePrefix, c, test_user_conn, perm); - c.securityOperations().revokeSystemPermission(testUser, perm); - verifyHasNoSystemPermissions(c, testUser, perm); + testMissingSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm); + loginAs(rootUser); + c.securityOperations().grantSystemPermission(principal, perm); + verifyHasOnlyTheseSystemPermissions(c, principal, perm); + testGrantedSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm); + loginAs(rootUser); + c.securityOperations().revokeSystemPermission(principal, perm); + verifyHasNoSystemPermissions(c, principal, perm); } } @@ -149,10 +134,10 @@ public class PermissionsIT extends AccumuloIT { return result; } - private void testMissingSystemPermission(String tableNamePrefix, Connector root_conn, Connector test_user_conn, SystemPermission perm) - throws AccumuloException, TableExistsException, AccumuloSecurityException, TableNotFoundException, NamespaceExistsException, NamespaceNotFoundException, - NamespaceNotEmptyException { + private void testMissingSystemPermission(String tableNamePrefix, Connector root_conn, ClusterUser rootUser, Connector test_user_conn, ClusterUser testUser, + SystemPermission perm) throws Exception { String tableName, user, password = "password", namespace; + boolean passwordBased = testUser.getPassword() != null; log.debug("Confirming that the lack of the " + perm + " permission properly restricts the user"); // test permission prior to granting it @@ -160,49 +145,62 @@ public class PermissionsIT extends AccumuloIT { case CREATE_TABLE: tableName = tableNamePrefix + "__CREATE_TABLE_WITHOUT_PERM_TEST__"; try { + loginAs(testUser); test_user_conn.tableOperations().create(tableName); throw new IllegalStateException("Should NOT be able to create a table"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || root_conn.tableOperations().list().contains(tableName)) throw e; } break; case DROP_TABLE: tableName = tableNamePrefix + "__DROP_TABLE_WITHOUT_PERM_TEST__"; + loginAs(rootUser); root_conn.tableOperations().create(tableName); try { + loginAs(testUser); test_user_conn.tableOperations().delete(tableName); throw new IllegalStateException("Should NOT be able to delete a table"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.tableOperations().list().contains(tableName)) throw e; } break; case ALTER_TABLE: tableName = tableNamePrefix + "__ALTER_TABLE_WITHOUT_PERM_TEST__"; + loginAs(rootUser); root_conn.tableOperations().create(tableName); try { + loginAs(testUser); test_user_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); throw new IllegalStateException("Should NOT be able to set a table property"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || map(root_conn.tableOperations().getProperties(tableName)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw e; } + loginAs(rootUser); root_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); try { + loginAs(testUser); test_user_conn.tableOperations().removeProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey()); throw new IllegalStateException("Should NOT be able to remove a table property"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !map(root_conn.tableOperations().getProperties(tableName)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw e; } String table2 = tableName + "2"; try { + loginAs(testUser); test_user_conn.tableOperations().rename(tableName, table2); throw new IllegalStateException("Should NOT be able to rename a table"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.tableOperations().list().contains(tableName) || root_conn.tableOperations().list().contains(table2)) throw e; @@ -211,33 +209,43 @@ public class PermissionsIT extends AccumuloIT { case CREATE_USER: user = "__CREATE_USER_WITHOUT_PERM_TEST__"; try { - test_user_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); + loginAs(testUser); + test_user_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); throw new IllegalStateException("Should NOT be able to create a user"); } catch (AccumuloSecurityException e) { + AuthenticationToken userToken = testUser.getToken(); + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED - || root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) + || (userToken instanceof PasswordToken && root_conn.securityOperations().authenticateUser(user, userToken))) throw e; } break; case DROP_USER: user = "__DROP_USER_WITHOUT_PERM_TEST__"; - root_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); + loginAs(rootUser); + root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); try { + loginAs(testUser); test_user_conn.securityOperations().dropLocalUser(user); throw new IllegalStateException("Should NOT be able to delete a user"); } catch (AccumuloSecurityException e) { + AuthenticationToken userToken = testUser.getToken(); + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED - || !root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) + || (userToken instanceof PasswordToken && !root_conn.securityOperations().authenticateUser(user, userToken))) throw e; } break; case ALTER_USER: user = "__ALTER_USER_WITHOUT_PERM_TEST__"; - root_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); + loginAs(rootUser); + root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); try { + loginAs(testUser); test_user_conn.securityOperations().changeUserAuthorizations(user, new Authorizations("A", "B")); throw new IllegalStateException("Should NOT be able to alter a user"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.securityOperations().getUserAuthorizations(user).isEmpty()) throw e; } @@ -248,49 +256,62 @@ public class PermissionsIT extends AccumuloIT { case CREATE_NAMESPACE: namespace = "__CREATE_NAMESPACE_WITHOUT_PERM_TEST__"; try { + loginAs(testUser); test_user_conn.namespaceOperations().create(namespace); throw new IllegalStateException("Should NOT be able to create a namespace"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || root_conn.namespaceOperations().list().contains(namespace)) throw e; } break; case DROP_NAMESPACE: namespace = "__DROP_NAMESPACE_WITHOUT_PERM_TEST__"; + loginAs(rootUser); root_conn.namespaceOperations().create(namespace); try { + loginAs(testUser); test_user_conn.namespaceOperations().delete(namespace); throw new IllegalStateException("Should NOT be able to delete a namespace"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.namespaceOperations().list().contains(namespace)) throw e; } break; case ALTER_NAMESPACE: namespace = "__ALTER_NAMESPACE_WITHOUT_PERM_TEST__"; + loginAs(rootUser); root_conn.namespaceOperations().create(namespace); try { + loginAs(testUser); test_user_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); throw new IllegalStateException("Should NOT be able to set a namespace property"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || map(root_conn.namespaceOperations().getProperties(namespace)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw e; } + loginAs(rootUser); root_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); try { + loginAs(testUser); test_user_conn.namespaceOperations().removeProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey()); throw new IllegalStateException("Should NOT be able to remove a namespace property"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !map(root_conn.namespaceOperations().getProperties(namespace)).get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw e; } String namespace2 = namespace + "2"; try { + loginAs(testUser); test_user_conn.namespaceOperations().rename(namespace, namespace2); throw new IllegalStateException("Should NOT be able to rename a namespace"); } catch (AccumuloSecurityException e) { + loginAs(rootUser); if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED || !root_conn.namespaceOperations().list().contains(namespace) || root_conn.namespaceOperations().list().contains(namespace2)) throw e; @@ -307,60 +328,80 @@ public class PermissionsIT extends AccumuloIT { } } - private void testGrantedSystemPermission(String tableNamePrefix, Connector root_conn, Connector test_user_conn, SystemPermission perm) - throws AccumuloException, AccumuloSecurityException, TableNotFoundException, TableExistsException, NamespaceExistsException, NamespaceNotFoundException, - NamespaceNotEmptyException { + private void testGrantedSystemPermission(String tableNamePrefix, Connector root_conn, ClusterUser rootUser, Connector test_user_conn, ClusterUser testUser, + SystemPermission perm) throws Exception { String tableName, user, password = "password", namespace; + boolean passwordBased = testUser.getPassword() != null; log.debug("Confirming that the presence of the " + perm + " permission properly permits the user"); // test permission after granting it switch (perm) { case CREATE_TABLE: tableName = tableNamePrefix + "__CREATE_TABLE_WITH_PERM_TEST__"; + loginAs(testUser); test_user_conn.tableOperations().create(tableName); + loginAs(rootUser); if (!root_conn.tableOperations().list().contains(tableName)) throw new IllegalStateException("Should be able to create a table"); break; case DROP_TABLE: tableName = tableNamePrefix + "__DROP_TABLE_WITH_PERM_TEST__"; + loginAs(rootUser); root_conn.tableOperations().create(tableName); + loginAs(testUser); test_user_conn.tableOperations().delete(tableName); + loginAs(rootUser); if (root_conn.tableOperations().list().contains(tableName)) throw new IllegalStateException("Should be able to delete a table"); break; case ALTER_TABLE: tableName = tableNamePrefix + "__ALTER_TABLE_WITH_PERM_TEST__"; String table2 = tableName + "2"; + loginAs(rootUser); root_conn.tableOperations().create(tableName); + loginAs(testUser); test_user_conn.tableOperations().setProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); + loginAs(rootUser); Map properties = map(root_conn.tableOperations().getProperties(tableName)); if (!properties.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw new IllegalStateException("Should be able to set a table property"); + loginAs(testUser); test_user_conn.tableOperations().removeProperty(tableName, Property.TABLE_BLOOM_ERRORRATE.getKey()); + loginAs(rootUser); properties = map(root_conn.tableOperations().getProperties(tableName)); if (properties.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw new IllegalStateException("Should be able to remove a table property"); + loginAs(testUser); test_user_conn.tableOperations().rename(tableName, table2); + loginAs(rootUser); if (root_conn.tableOperations().list().contains(tableName) || !root_conn.tableOperations().list().contains(table2)) throw new IllegalStateException("Should be able to rename a table"); break; case CREATE_USER: user = "__CREATE_USER_WITH_PERM_TEST__"; - test_user_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); - if (!root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) + loginAs(testUser); + test_user_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); + loginAs(rootUser); + if (passwordBased && !root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) throw new IllegalStateException("Should be able to create a user"); break; case DROP_USER: user = "__DROP_USER_WITH_PERM_TEST__"; - root_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); + loginAs(rootUser); + root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); + loginAs(testUser); test_user_conn.securityOperations().dropLocalUser(user); - if (root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) + loginAs(rootUser); + if (passwordBased && root_conn.securityOperations().authenticateUser(user, new PasswordToken(password))) throw new IllegalStateException("Should be able to delete a user"); break; case ALTER_USER: user = "__ALTER_USER_WITH_PERM_TEST__"; - root_conn.securityOperations().createLocalUser(user, new PasswordToken(password)); + loginAs(rootUser); + root_conn.securityOperations().createLocalUser(user, (passwordBased ? new PasswordToken(password) : null)); + loginAs(testUser); test_user_conn.securityOperations().changeUserAuthorizations(user, new Authorizations("A", "B")); + loginAs(rootUser); if (root_conn.securityOperations().getUserAuthorizations(user).isEmpty()) throw new IllegalStateException("Should be able to alter a user"); break; @@ -369,30 +410,42 @@ public class PermissionsIT extends AccumuloIT { break; case CREATE_NAMESPACE: namespace = "__CREATE_NAMESPACE_WITH_PERM_TEST__"; + loginAs(testUser); test_user_conn.namespaceOperations().create(namespace); + loginAs(rootUser); if (!root_conn.namespaceOperations().list().contains(namespace)) throw new IllegalStateException("Should be able to create a namespace"); break; case DROP_NAMESPACE: namespace = "__DROP_NAMESPACE_WITH_PERM_TEST__"; + loginAs(rootUser); root_conn.namespaceOperations().create(namespace); + loginAs(testUser); test_user_conn.namespaceOperations().delete(namespace); + loginAs(rootUser); if (root_conn.namespaceOperations().list().contains(namespace)) throw new IllegalStateException("Should be able to delete a namespace"); break; case ALTER_NAMESPACE: namespace = "__ALTER_NAMESPACE_WITH_PERM_TEST__"; String namespace2 = namespace + "2"; + loginAs(rootUser); root_conn.namespaceOperations().create(namespace); + loginAs(testUser); test_user_conn.namespaceOperations().setProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey(), "003.14159%"); + loginAs(rootUser); Map propies = map(root_conn.namespaceOperations().getProperties(namespace)); if (!propies.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw new IllegalStateException("Should be able to set a table property"); + loginAs(testUser); test_user_conn.namespaceOperations().removeProperty(namespace, Property.TABLE_BLOOM_ERRORRATE.getKey()); + loginAs(rootUser); propies = map(root_conn.namespaceOperations().getProperties(namespace)); if (propies.get(Property.TABLE_BLOOM_ERRORRATE.getKey()).equals("003.14159%")) throw new IllegalStateException("Should be able to remove a table property"); + loginAs(testUser); test_user_conn.namespaceOperations().rename(namespace, namespace2); + loginAs(rootUser); if (root_conn.namespaceOperations().list().contains(namespace) || !root_conn.namespaceOperations().list().contains(namespace2)) throw new IllegalStateException("Should be able to rename a table"); break; @@ -424,8 +477,7 @@ public class PermissionsIT extends AccumuloIT { } } - private void verifyHasNoSystemPermissions(Connector root_conn, String user, SystemPermission... perms) throws AccumuloException, - AccumuloSecurityException { + private void verifyHasNoSystemPermissions(Connector root_conn, String user, SystemPermission... perms) throws AccumuloException, AccumuloSecurityException { for (SystemPermission p : perms) if (root_conn.securityOperations().hasSystemPermission(user, p)) throw new IllegalStateException(user + " SHOULD NOT have system permission " + p); @@ -434,16 +486,24 @@ public class PermissionsIT extends AccumuloIT { @Test public void tablePermissionTest() throws Exception { // create the test user - String testUser = makeUserName(); - PasswordToken testPasswd = new PasswordToken("test_password"); + ClusterUser testUser = getUser(1), rootUser = getAdminUser(); + String principal = testUser.getPrincipal(); + AuthenticationToken token = testUser.getToken(); + PasswordToken passwordToken = null; + if (token instanceof PasswordToken) { + passwordToken = (PasswordToken) token; + } + loginAs(rootUser); Connector c = getConnector(); - c.securityOperations().createLocalUser(testUser, testPasswd); - Connector test_user_conn = c.getInstance().getConnector(testUser, testPasswd); + c.securityOperations().createLocalUser(principal, passwordToken); + loginAs(testUser); + Connector test_user_conn = c.getInstance().getConnector(principal, token); // check for read-only access to metadata table + loginAs(rootUser); verifyHasOnlyTheseTablePermissions(c, c.whoami(), MetadataTable.NAME, TablePermission.READ, TablePermission.ALTER_TABLE); - verifyHasOnlyTheseTablePermissions(c, testUser, MetadataTable.NAME, TablePermission.READ); + verifyHasOnlyTheseTablePermissions(c, principal, MetadataTable.NAME, TablePermission.READ); String tableName = getUniqueNames(1)[0] + "__TABLE_PERMISSION_TEST__"; // test each permission @@ -451,15 +511,19 @@ public class PermissionsIT extends AccumuloIT { log.debug("Verifying the " + perm + " permission"); // test permission before and after granting it - createTestTable(c, testUser, tableName); - testMissingTablePermission(c, test_user_conn, perm, tableName); - c.securityOperations().grantTablePermission(testUser, tableName, perm); - verifyHasOnlyTheseTablePermissions(c, testUser, tableName, perm); - testGrantedTablePermission(c, test_user_conn, perm, tableName); - - createTestTable(c, testUser, tableName); - c.securityOperations().revokeTablePermission(testUser, tableName, perm); - verifyHasNoTablePermissions(c, testUser, tableName, perm); + createTestTable(c, principal, tableName); + loginAs(testUser); + testMissingTablePermission(test_user_conn, testUser, perm, tableName); + loginAs(rootUser); + c.securityOperations().grantTablePermission(principal, tableName, perm); + verifyHasOnlyTheseTablePermissions(c, principal, tableName, perm); + loginAs(testUser); + testGrantedTablePermission(test_user_conn, testUser, perm, tableName); + + loginAs(rootUser); + createTestTable(c, principal, tableName); + c.securityOperations().revokeTablePermission(principal, tableName, perm); + verifyHasNoTablePermissions(c, principal, tableName, perm); } } @@ -481,7 +545,7 @@ public class PermissionsIT extends AccumuloIT { } } - private void testMissingTablePermission(Connector root_conn, Connector test_user_conn, TablePermission perm, String tableName) throws Exception { + private void testMissingTablePermission(Connector test_user_conn, ClusterUser testUser, TablePermission perm, String tableName) throws Exception { Scanner scanner; BatchWriter writer; Mutation m; @@ -546,7 +610,7 @@ public class PermissionsIT extends AccumuloIT { break; case GRANT: try { - test_user_conn.securityOperations().grantTablePermission("root", tableName, TablePermission.GRANT); + test_user_conn.securityOperations().grantTablePermission(getAdminPrincipal(), tableName, TablePermission.GRANT); throw new IllegalStateException("User should not be able grant permissions"); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() != SecurityErrorCode.PERMISSION_DENIED) @@ -558,8 +622,8 @@ public class PermissionsIT extends AccumuloIT { } } - private void testGrantedTablePermission(Connector root_conn, Connector test_user_conn, TablePermission perm, String tableName) - throws AccumuloException, TableExistsException, AccumuloSecurityException, TableNotFoundException, MutationsRejectedException { + private void testGrantedTablePermission(Connector test_user_conn, ClusterUser normalUser, TablePermission perm, String tableName) throws AccumuloException, + TableExistsException, AccumuloSecurityException, TableNotFoundException, MutationsRejectedException { Scanner scanner; BatchWriter writer; Mutation m; @@ -591,7 +655,7 @@ public class PermissionsIT extends AccumuloIT { test_user_conn.tableOperations().delete(tableName); break; case GRANT: - test_user_conn.securityOperations().grantTablePermission("root", tableName, TablePermission.GRANT); + test_user_conn.securityOperations().grantTablePermission(getAdminPrincipal(), tableName, TablePermission.GRANT); break; default: throw new IllegalArgumentException("Unrecognized table Permission: " + perm); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java index f4f6c9d..0b8046d 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java @@ -18,6 +18,7 @@ package org.apache.accumulo.test.functional; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.io.ByteArrayOutputStream; @@ -44,10 +45,14 @@ import org.apache.accumulo.core.cli.ScannerOpts; import org.apache.accumulo.core.client.BatchScanner; import org.apache.accumulo.core.client.BatchWriter; import org.apache.accumulo.core.client.BatchWriterConfig; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.Scanner; import org.apache.accumulo.core.client.ZooKeeperInstance; import org.apache.accumulo.core.client.admin.TableOperations; +import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; +import org.apache.accumulo.core.client.security.tokens.KerberosToken; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.apache.accumulo.core.data.Key; import org.apache.accumulo.core.data.Mutation; @@ -100,8 +105,8 @@ public class ReadWriteIT extends AccumuloClusterIT { cluster.getClusterControl().startAllServers(ServerType.MONITOR); Connector connector = getConnector(); String tableName = getUniqueNames(1)[0]; - ingest(connector, ROWS, COLS, 50, 0, tableName); - verify(connector, ROWS, COLS, 50, 0, tableName); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS, COLS, 50, 0, tableName); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS, COLS, 50, 0, tableName); String monitorLocation = null; while (null == monitorLocation) { monitorLocation = MonitorUtil.getLocation(getConnector().getInstance()); @@ -136,11 +141,13 @@ public class ReadWriteIT extends AccumuloClusterIT { cluster.start(); } - public static void ingest(Connector connector, int rows, int cols, int width, int offset, String tableName) throws Exception { - ingest(connector, rows, cols, width, offset, COLF, tableName); + public static void ingest(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String tableName) + throws Exception { + ingest(connector, clientConfig, principal, rows, cols, width, offset, COLF, tableName); } - public static void ingest(Connector connector, int rows, int cols, int width, int offset, String colf, String tableName) throws Exception { + public static void ingest(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String colf, + String tableName) throws Exception { TestIngest.Opts opts = new TestIngest.Opts(); opts.rows = rows; opts.cols = cols; @@ -149,15 +156,22 @@ public class ReadWriteIT extends AccumuloClusterIT { opts.columnFamily = colf; opts.createTable = true; opts.setTableName(tableName); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(principal); + } TestIngest.ingest(connector, opts, new BatchWriterOpts()); } - public static void verify(Connector connector, int rows, int cols, int width, int offset, String tableName) throws Exception { - verify(connector, rows, cols, width, offset, COLF, tableName); + public static void verify(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String tableName) + throws Exception { + verify(connector, clientConfig, principal, rows, cols, width, offset, COLF, tableName); } - private static void verify(Connector connector, int rows, int cols, int width, int offset, String colf, String tableName) throws Exception { + private static void verify(Connector connector, ClientConfiguration clientConfig, String principal, int rows, int cols, int width, int offset, String colf, + String tableName) throws Exception { ScannerOpts scannerOpts = new ScannerOpts(); VerifyIngest.Opts opts = new VerifyIngest.Opts(); opts.rows = rows; @@ -166,6 +180,12 @@ public class ReadWriteIT extends AccumuloClusterIT { opts.startRow = offset; opts.columnFamily = colf; opts.setTableName(tableName); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(principal); + } + VerifyIngest.verifyIngest(connector, opts, scannerOpts); } @@ -185,10 +205,25 @@ public class ReadWriteIT extends AccumuloClusterIT { @Override public Integer call() { try { + ClientConfiguration clientConf = cluster.getClientConfig(); + // Invocation is different for SASL. We're only logged in via this processes memory (not via some credentials cache on disk) + // Need to pass along the keytab because of that. + if (clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + String principal = getAdminPrincipal(); + AuthenticationToken token = getAdminToken(); + assertTrue("Expected KerberosToken, but was " + token.getClass(), token instanceof KerberosToken); + KerberosToken kt = (KerberosToken) token; + assertNotNull("Expected keytab in token", kt.getKeytab()); + return control.exec( + TestMultiTableIngest.class, + args("--count", Integer.toString(ROWS), "-i", instance, "-z", keepers, "--tablePrefix", prefix, "--keytab", kt.getKeytab().getAbsolutePath(), + "-u", principal)); + } + return control.exec( TestMultiTableIngest.class, - args("--count", "" + ROWS, "-u", "root", "-i", instance, "-z", keepers, "-p", new String(((PasswordToken) getToken()).getPassword(), - Charsets.UTF_8), "--tablePrefix", prefix)); + args("--count", Integer.toString(ROWS), "-u", getAdminPrincipal(), "-i", instance, "-z", keepers, "-p", new String( + ((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix)); } catch (IOException e) { log.error("Error running MultiTableIngest", e); return -1; @@ -199,10 +234,25 @@ public class ReadWriteIT extends AccumuloClusterIT { @Override public Integer call() { try { + ClientConfiguration clientConf = cluster.getClientConfig(); + // Invocation is different for SASL. We're only logged in via this processes memory (not via some credentials cache on disk) + // Need to pass along the keytab because of that. + if (clientConf.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + String principal = getAdminPrincipal(); + AuthenticationToken token = getAdminToken(); + assertTrue("Expected KerberosToken, but was " + token.getClass(), token instanceof KerberosToken); + KerberosToken kt = (KerberosToken) token; + assertNotNull("Expected keytab in token", kt.getKeytab()); + return control.exec( + TestMultiTableIngest.class, + args("--count", Integer.toString(ROWS), "--readonly", "-i", instance, "-z", keepers, "--tablePrefix", prefix, "--keytab", kt.getKeytab() + .getAbsolutePath(), "-u", principal)); + } + return control.exec( TestMultiTableIngest.class, - args("--count", "" + ROWS, "--readonly", "-u", "root", "-i", instance, "-z", keepers, "-p", new String( - ((PasswordToken) getToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix)); + args("--count", Integer.toString(ROWS), "--readonly", "-u", getAdminPrincipal(), "-i", instance, "-z", keepers, "-p", new String( + ((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8), "--tablePrefix", prefix)); } catch (IOException e) { log.error("Error running MultiTableIngest", e); return -1; @@ -222,8 +272,8 @@ public class ReadWriteIT extends AccumuloClusterIT { // write a few large values Connector connector = getConnector(); String table = getUniqueNames(1)[0]; - ingest(connector, 2, 1, 500000, 0, table); - verify(connector, 2, 1, 500000, 0, table); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2, 1, 500000, 0, table); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2, 1, 500000, 0, table); } @Test @@ -237,7 +287,7 @@ public class ReadWriteIT extends AccumuloClusterIT { static void interleaveTest(final Connector connector, final String tableName) throws Exception { final AtomicBoolean fail = new AtomicBoolean(false); final int CHUNKSIZE = ROWS / 10; - ingest(connector, CHUNKSIZE, 1, 50, 0, tableName); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, 0, tableName); int i; for (i = 0; i < ROWS; i += CHUNKSIZE) { final int start = i; @@ -245,18 +295,18 @@ public class ReadWriteIT extends AccumuloClusterIT { @Override public void run() { try { - verify(connector, CHUNKSIZE, 1, 50, start, tableName); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, start, tableName); } catch (Exception ex) { fail.set(true); } } }; verify.start(); - ingest(connector, CHUNKSIZE, 1, 50, i + CHUNKSIZE, tableName); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, i + CHUNKSIZE, tableName); verify.join(); assertFalse(fail.get()); } - verify(connector, CHUNKSIZE, 1, 50, i, tableName); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), CHUNKSIZE, 1, 50, i, tableName); } public static Text t(String s) { @@ -277,7 +327,7 @@ public class ReadWriteIT extends AccumuloClusterIT { connector.tableOperations().create(tableName); connector.tableOperations().setProperty(tableName, "table.group.g1", "colf"); connector.tableOperations().setProperty(tableName, "table.groups.enabled", "g1"); - ingest(connector, 2000, 1, 50, 0, tableName); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName); connector.tableOperations().compact(tableName, null, null, true, true); BatchWriter bw = connector.createBatchWriter(tableName, new BatchWriterConfig()); bw.addMutation(m("zzzzzzzzzzz", "colf2", "cq", "value")); @@ -305,8 +355,8 @@ public class ReadWriteIT extends AccumuloClusterIT { Map> groups = new TreeMap>(); groups.put("g1", Collections.singleton(t("colf"))); connector.tableOperations().setLocalityGroups(tableName, groups); - ingest(connector, 2000, 1, 50, 0, tableName); - verify(connector, 2000, 1, 50, 0, tableName); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 2000, 1, 50, 0, tableName); connector.tableOperations().flush(tableName, null, null, true); BatchScanner bscanner = connector.createBatchScanner(MetadataTable.NAME, Authorizations.EMPTY, 1); String tableId = connector.tableOperations().tableIdMap().get(tableName); @@ -345,9 +395,9 @@ public class ReadWriteIT extends AccumuloClusterIT { int i = 0; for (String cfg : config) { to.setLocalityGroups(table, getGroups(cfg)); - ingest(connector, ROWS * (i + 1), 1, 50, ROWS * i, table); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * (i + 1), 1, 50, ROWS * i, table); to.flush(table, null, null, true); - verify(connector, 0, 1, 50, ROWS * (i + 1), table); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), 0, 1, 50, ROWS * (i + 1), table); i++; } to.delete(table); @@ -355,12 +405,12 @@ public class ReadWriteIT extends AccumuloClusterIT { config = new String[] {"lg1:colf", null, "lg1:colf,xyz", "lg1:colf;lg2:colf",}; i = 1; for (String cfg : config) { - ingest(connector, ROWS * i, 1, 50, 0, table); - ingest(connector, ROWS * i, 1, 50, 0, "xyz", table); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, table); + ingest(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, "xyz", table); to.setLocalityGroups(table, getGroups(cfg)); to.flush(table, null, null, true); - verify(connector, ROWS * i, 1, 50, 0, table); - verify(connector, ROWS * i, 1, 50, 0, "xyz", table); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, table); + verify(connector, getCluster().getClientConfig(), getAdminPrincipal(), ROWS * i, 1, 50, 0, "xyz", table); i++; } } http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java index 5edc137..92fc215 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/RecoveryWithEmptyRFileIT.java @@ -67,8 +67,8 @@ public class RecoveryWithEmptyRFileIT extends ConfigurableMacIT { log.info("Ingest some data, verify it was stored properly, replace an underlying rfile with an empty one and verify we can scan."); Connector connector = getConnector(); String tableName = getUniqueNames(1)[0]; - ReadWriteIT.ingest(connector, ROWS, COLS, 50, 0, tableName); - ReadWriteIT.verify(connector, ROWS, COLS, 50, 0, tableName); + ReadWriteIT.ingest(connector, cluster.getClientConfig(), "root", ROWS, COLS, 50, 0, tableName); + ReadWriteIT.verify(connector, cluster.getClientConfig(), "root", ROWS, COLS, 50, 0, tableName); connector.tableOperations().flush(tableName, null, null, true); connector.tableOperations().offline(tableName, true); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java index 99a6858..6befd7e 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/RenameIT.java @@ -18,6 +18,8 @@ package org.apache.accumulo.test.functional; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.harness.AccumuloClusterIT; import org.apache.accumulo.test.TestIngest; @@ -41,11 +43,26 @@ public class RenameIT extends AccumuloClusterIT { TestIngest.Opts opts = new TestIngest.Opts(); opts.createTable = true; opts.setTableName(name1); + + final ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + } + Connector c = getConnector(); TestIngest.ingest(c, opts, bwOpts); c.tableOperations().rename(name1, name2); TestIngest.ingest(c, opts, bwOpts); VerifyIngest.Opts vopts = new VerifyIngest.Opts(); + + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + vopts.updateKerberosCredentials(clientConfig); + } else { + vopts.setPrincipal(getAdminPrincipal()); + } + vopts.setTableName(name2); VerifyIngest.verifyIngest(c, vopts, scanOpts); c.tableOperations().delete(name1); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java index 1aa5ad7..2ba6d31 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/RestartIT.java @@ -27,10 +27,15 @@ import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import org.apache.accumulo.cluster.ClusterControl; +import org.apache.accumulo.cluster.ClusterUser; import org.apache.accumulo.core.Constants; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; +import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; +import org.apache.accumulo.core.client.security.tokens.KerberosToken; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.apache.accumulo.core.conf.Property; import org.apache.accumulo.core.metadata.MetadataTable; @@ -45,6 +50,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl; import org.apache.accumulo.test.TestIngest; import org.apache.accumulo.test.VerifyIngest; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.RawLocalFileSystem; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -67,7 +73,7 @@ public class RestartIT extends AccumuloClusterIT { cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "5s"); cfg.setProperty(Property.GC_CYCLE_DELAY, "1s"); cfg.setProperty(Property.GC_CYCLE_START, "1s"); - cfg.useMiniDFS(true); + hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName()); } private static final ScannerOpts SOPTS = new ScannerOpts(); @@ -107,16 +113,32 @@ public class RestartIT extends AccumuloClusterIT { OPTS.setTableName(tableName); VOPTS.setTableName(tableName); c.tableOperations().create(tableName); - final PasswordToken token = (PasswordToken) getToken(); + final AuthenticationToken token = getAdminToken(); final ClusterControl control = getCluster().getClusterControl(); + final String[] args; + if (token instanceof PasswordToken) { + byte[] password = ((PasswordToken) token).getPassword(); + args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName}; + OPTS.setPrincipal(getAdminPrincipal()); + VOPTS.setPrincipal(getAdminPrincipal()); + } else if (token instanceof KerberosToken) { + ClusterUser rootUser = getAdminUser(); + args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName}; + ClientConfiguration clientConfig = cluster.getClientConfig(); + OPTS.updateKerberosCredentials(clientConfig); + VOPTS.updateKerberosCredentials(clientConfig); + } else { + throw new RuntimeException("Unknown token"); + } + Future ret = svc.submit(new Callable() { @Override public Integer call() { try { - return control.exec(TestIngest.class, - new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", - cluster.getZooKeepers(), "--rows", "" + OPTS.rows, "--table", tableName}); + return control.exec(TestIngest.class, args); } catch (IOException e) { log.error("Error running TestIngest", e); return -1; @@ -137,6 +159,14 @@ public class RestartIT extends AccumuloClusterIT { c.tableOperations().create(tableName); OPTS.setTableName(tableName); VOPTS.setTableName(tableName); + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + OPTS.updateKerberosCredentials(clientConfig); + VOPTS.updateKerberosCredentials(clientConfig); + } else { + OPTS.setPrincipal(getAdminPrincipal()); + VOPTS.setPrincipal(getAdminPrincipal()); + } TestIngest.ingest(c, OPTS, BWOPTS); ClusterControl control = getCluster().getClusterControl(); @@ -179,18 +209,35 @@ public class RestartIT extends AccumuloClusterIT { public void restartMasterSplit() throws Exception { Connector c = getConnector(); final String tableName = getUniqueNames(1)[0]; - final PasswordToken token = (PasswordToken) getToken(); + final AuthenticationToken token = getAdminToken(); final ClusterControl control = getCluster().getClusterControl(); VOPTS.setTableName(tableName); c.tableOperations().create(tableName); c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "5K"); + + final String[] args; + if (token instanceof PasswordToken) { + byte[] password = ((PasswordToken) token).getPassword(); + args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName}; + OPTS.setPrincipal(getAdminPrincipal()); + VOPTS.setPrincipal(getAdminPrincipal()); + } else if (token instanceof KerberosToken) { + ClusterUser rootUser = getAdminUser(); + args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName}; + ClientConfiguration clientConfig = cluster.getClientConfig(); + OPTS.updateKerberosCredentials(clientConfig); + VOPTS.updateKerberosCredentials(clientConfig); + } else { + throw new RuntimeException("Unknown token"); + } + Future ret = svc.submit(new Callable() { @Override public Integer call() { try { - return control.exec(TestIngest.class, - new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", - cluster.getZooKeepers(), "--rows", Integer.toString(VOPTS.rows), "--table", tableName}); + return control.exec(TestIngest.class, args); } catch (Exception e) { log.error("Error running TestIngest", e); return -1; @@ -223,6 +270,14 @@ public class RestartIT extends AccumuloClusterIT { c.tableOperations().create(tableName); OPTS.setTableName(tableName); VOPTS.setTableName(tableName); + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + OPTS.updateKerberosCredentials(clientConfig); + VOPTS.updateKerberosCredentials(clientConfig); + } else { + OPTS.setPrincipal(getAdminPrincipal()); + VOPTS.setPrincipal(getAdminPrincipal()); + } TestIngest.ingest(c, OPTS, BWOPTS); VerifyIngest.verifyIngest(c, VOPTS, SOPTS); cluster.getClusterControl().stopAllServers(ServerType.TABLET_SERVER); @@ -251,6 +306,12 @@ public class RestartIT extends AccumuloClusterIT { String tableName = getUniqueNames(1)[0]; c.tableOperations().create(tableName); OPTS.setTableName(tableName); + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + OPTS.updateKerberosCredentials(clientConfig); + } else { + OPTS.setPrincipal(getAdminPrincipal()); + } TestIngest.ingest(c, OPTS, BWOPTS); try { getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER); @@ -265,6 +326,14 @@ public class RestartIT extends AccumuloClusterIT { Connector c = getConnector(); String tableName = getUniqueNames(1)[0]; VOPTS.setTableName(tableName); + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + OPTS.updateKerberosCredentials(clientConfig); + VOPTS.updateKerberosCredentials(clientConfig); + } else { + OPTS.setPrincipal(getAdminPrincipal()); + VOPTS.setPrincipal(getAdminPrincipal()); + } c.tableOperations().create(tableName); c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "10K"); String splitThreshold = null; @@ -279,6 +348,11 @@ public class RestartIT extends AccumuloClusterIT { c.tableOperations().setProperty(MetadataTable.NAME, Property.TABLE_SPLIT_THRESHOLD.getKey(), "20K"); TestIngest.Opts opts = new TestIngest.Opts(); opts.setTableName(tableName); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + } TestIngest.ingest(c, opts, BWOPTS); c.tableOperations().flush(tableName, null, null, false); VerifyIngest.verifyIngest(c, VOPTS, SOPTS); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java index 253a59c..3f7d67d 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/RestartStressIT.java @@ -18,7 +18,6 @@ package org.apache.accumulo.test.functional; import static org.junit.Assert.assertEquals; -import java.util.HashMap; import java.util.Map; import java.util.concurrent.Callable; import java.util.concurrent.ExecutorService; @@ -27,8 +26,11 @@ import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import org.apache.accumulo.cluster.ClusterControl; +import org.apache.accumulo.cluster.ClusterUser; import org.apache.accumulo.core.cli.ScannerOpts; import org.apache.accumulo.core.client.Connector; +import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; +import org.apache.accumulo.core.client.security.tokens.KerberosToken; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.apache.accumulo.core.conf.Property; import org.apache.accumulo.core.util.UtilWaitThread; @@ -38,6 +40,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl; import org.apache.accumulo.test.TestIngest; import org.apache.accumulo.test.VerifyIngest; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.RawLocalFileSystem; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -51,14 +54,14 @@ public class RestartStressIT extends AccumuloClusterIT { @Override public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { - Map opts = new HashMap(); + Map opts = cfg.getSiteConfig(); opts.put(Property.TSERV_MAXMEM.getKey(), "100K"); opts.put(Property.TSERV_MAJC_DELAY.getKey(), "100ms"); opts.put(Property.TSERV_WALOG_MAX_SIZE.getKey(), "1M"); opts.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "5s"); opts.put(Property.MASTER_RECOVERY_DELAY.getKey(), "1s"); cfg.setSiteConfig(opts); - cfg.useMiniDFS(true); + hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName()); } @Override @@ -88,12 +91,10 @@ public class RestartStressIT extends AccumuloClusterIT { } } - private static final TestIngest.Opts IOPTS; private static final VerifyIngest.Opts VOPTS; static { - IOPTS = new TestIngest.Opts(); VOPTS = new VerifyIngest.Opts(); - IOPTS.rows = VOPTS.rows = 10 * 1000; + VOPTS.rows = 10 * 1000; } private static final ScannerOpts SOPTS = new ScannerOpts(); @@ -101,17 +102,28 @@ public class RestartStressIT extends AccumuloClusterIT { public void test() throws Exception { final Connector c = getConnector(); final String tableName = getUniqueNames(1)[0]; - final PasswordToken token = (PasswordToken) getToken(); + final AuthenticationToken token = getAdminToken(); c.tableOperations().create(tableName); c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "500K"); final ClusterControl control = getCluster().getClusterControl(); + final String[] args; + if (token instanceof PasswordToken) { + byte[] password = ((PasswordToken) token).getPassword(); + args = new String[] {"-u", getAdminPrincipal(), "-p", new String(password, Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", "" + VOPTS.rows, "--table", tableName}; + } else if (token instanceof KerberosToken) { + ClusterUser rootUser = getAdminUser(); + args = new String[] {"-u", getAdminPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-i", cluster.getInstanceName(), "-z", + cluster.getZooKeepers(), "--rows", "" + VOPTS.rows, "--table", tableName}; + } else { + throw new RuntimeException("Unrecognized token"); + } + Future retCode = svc.submit(new Callable() { @Override public Integer call() { try { - return control.exec(TestIngest.class, - new String[] {"-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-i", cluster.getInstanceName(), "-z", - cluster.getZooKeepers(), "--rows", "" + IOPTS.rows, "--table", tableName}); + return control.exec(TestIngest.class, args); } catch (Exception e) { log.error("Error running TestIngest", e); return -1; @@ -126,6 +138,15 @@ public class RestartStressIT extends AccumuloClusterIT { } assertEquals(0, retCode.get().intValue()); VOPTS.setTableName(tableName); + + if (token instanceof PasswordToken) { + VOPTS.setPrincipal(getAdminPrincipal()); + } else if (token instanceof KerberosToken) { + VOPTS.updateKerberosCredentials(cluster.getClientConfig()); + } else { + throw new RuntimeException("Unrecognized token"); + } + VerifyIngest.verifyIngest(c, VOPTS, SOPTS); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java b/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java index b43a92a..6d343ce 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/RowDeleteIT.java @@ -45,7 +45,9 @@ public class RowDeleteIT extends AccumuloClusterIT { @Override public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { - cfg.setSiteConfig(Collections.singletonMap(Property.TSERV_MAJC_DELAY.getKey(), "50ms")); + Map siteConfig = cfg.getSiteConfig(); + siteConfig.put(Property.TSERV_MAJC_DELAY.getKey(), "50ms"); + cfg.setSiteConfig(siteConfig); } @Override http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java b/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java index 6d1961c..daf781f 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/ScanSessionTimeOutIT.java @@ -18,8 +18,8 @@ package org.apache.accumulo.test.functional; import static java.nio.charset.StandardCharsets.UTF_8; -import java.util.Collections; import java.util.Iterator; +import java.util.Map; import java.util.Map.Entry; import org.apache.accumulo.core.client.BatchWriter; @@ -49,7 +49,9 @@ public class ScanSessionTimeOutIT extends AccumuloClusterIT { @Override public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { - cfg.setSiteConfig(Collections.singletonMap(Property.TSERV_SESSION_MAXIDLE.getKey(), "3")); + Map siteConfig = cfg.getSiteConfig(); + siteConfig.put(Property.TSERV_SESSION_MAXIDLE.getKey(), "3"); + cfg.setSiteConfig(siteConfig); } @Override http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java index 5c1ad8c..8b140e7 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/SimpleBalancerFairnessIT.java @@ -70,6 +70,7 @@ public class SimpleBalancerFairnessIT extends ConfigurableMacIT { List tservers = c.instanceOperations().getTabletServers(); TestIngest.Opts opts = new TestIngest.Opts(); opts.rows = 50000; + opts.setPrincipal("root"); TestIngest.ingest(c, opts, new BatchWriterOpts()); c.tableOperations().flush("test_ingest", null, null, false); UtilWaitThread.sleep(45 * 1000); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java index 69b0ea1..93a4f69 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/SplitIT.java @@ -22,8 +22,11 @@ import static org.junit.Assert.assertTrue; import java.util.Map; import java.util.Map.Entry; +import org.apache.accumulo.cluster.ClusterUser; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.Scanner; import org.apache.accumulo.core.client.admin.InstanceOperations; @@ -46,6 +49,7 @@ import org.apache.accumulo.test.VerifyIngest; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.io.Text; import org.junit.After; +import org.junit.Assume; import org.junit.Before; import org.junit.Test; import org.slf4j.Logger; @@ -71,9 +75,7 @@ public class SplitIT extends AccumuloClusterIT { @Before public void alterConfig() throws Exception { - if (ClusterType.MINI == getClusterType()) { - return; - } + Assume.assumeTrue(ClusterType.MINI == getClusterType()); InstanceOperations iops = getConnector().instanceOperations(); Map config = iops.getSystemConfiguration(); @@ -126,10 +128,20 @@ public class SplitIT extends AccumuloClusterIT { c.tableOperations().setProperty(table, Property.TABLE_SPLIT_THRESHOLD.getKey(), "256K"); c.tableOperations().setProperty(table, Property.TABLE_FILE_COMPRESSED_BLOCK_SIZE.getKey(), "1K"); TestIngest.Opts opts = new TestIngest.Opts(); + VerifyIngest.Opts vopts = new VerifyIngest.Opts(); opts.rows = 100000; opts.setTableName(table); + + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + vopts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + vopts.setPrincipal(getAdminPrincipal()); + } + TestIngest.ingest(c, opts, new BatchWriterOpts()); - VerifyIngest.Opts vopts = new VerifyIngest.Opts(); vopts.rows = opts.rows; vopts.setTableName(table); VerifyIngest.verifyIngest(c, vopts, new ScannerOpts()); @@ -149,13 +161,21 @@ public class SplitIT extends AccumuloClusterIT { shortened++; count++; } + assertTrue("Shortened should be greater than zero: " + shortened, shortened > 0); assertTrue("Count should be cgreater than 10: " + count, count > 10); - PasswordToken token = (PasswordToken) getToken(); - assertEquals( - 0, - getCluster().getClusterControl().exec(CheckForMetadataProblems.class, - new String[] {"-i", cluster.getInstanceName(), "-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-z", cluster.getZooKeepers()})); + + String[] args; + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + ClusterUser rootUser = getAdminUser(); + args = new String[] {"-i", cluster.getInstanceName(), "-u", rootUser.getPrincipal(), "--keytab", rootUser.getKeytab().getAbsolutePath(), "-z", + cluster.getZooKeepers()}; + } else { + PasswordToken token = (PasswordToken) getAdminToken(); + args = new String[] {"-i", cluster.getInstanceName(), "-u", "root", "-p", new String(token.getPassword(), Charsets.UTF_8), "-z", cluster.getZooKeepers()}; + } + + assertEquals(0, getCluster().getClusterControl().exec(CheckForMetadataProblems.class, args)); } @Test @@ -182,9 +202,15 @@ public class SplitIT extends AccumuloClusterIT { Connector c = getConnector(); String tableName = getUniqueNames(1)[0]; c.tableOperations().create(tableName); - PasswordToken token = (PasswordToken) getToken(); c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "10K"); - DeleteIT.deleteTest(c, getCluster(), new String(token.getPassword(), Charsets.UTF_8), tableName); + ClientConfiguration clientConfig = getCluster().getClientConfig(); + String password = null, keytab = null; + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + keytab = getAdminUser().getKeytab().getAbsolutePath(); + } else { + password = new String(((PasswordToken) getAdminToken()).getPassword(), Charsets.UTF_8); + } + DeleteIT.deleteTest(c, getCluster(), getAdminPrincipal(), password, tableName, keytab); c.tableOperations().flush(tableName, null, null, true); for (int i = 0; i < 5; i++) { UtilWaitThread.sleep(10 * 1000); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java b/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java index 023d17a..ded599e 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/TableIT.java @@ -25,6 +25,8 @@ import java.io.FileNotFoundException; import org.apache.accumulo.cluster.AccumuloCluster; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.Scanner; import org.apache.accumulo.core.client.admin.TableOperations; @@ -63,11 +65,21 @@ public class TableIT extends AccumuloClusterIT { TableOperations to = c.tableOperations(); String tableName = getUniqueNames(1)[0]; to.create(tableName); + TestIngest.Opts opts = new TestIngest.Opts(); + VerifyIngest.Opts vopts = new VerifyIngest.Opts(); + ClientConfiguration clientConfig = getCluster().getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + vopts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + vopts.setPrincipal(getAdminPrincipal()); + } + opts.setTableName(tableName); TestIngest.ingest(c, opts, new BatchWriterOpts()); to.flush(tableName, null, null, true); - VerifyIngest.Opts vopts = new VerifyIngest.Opts(); vopts.setTableName(tableName); VerifyIngest.verifyIngest(c, vopts, new ScannerOpts()); String id = to.tableIdMap().get(tableName); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java b/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java index 4515c3d..8aa6cf2 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/TabletIT.java @@ -19,7 +19,6 @@ package org.apache.accumulo.test.functional; import static java.nio.charset.StandardCharsets.UTF_8; import static org.junit.Assert.assertEquals; -import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; import java.util.TreeSet; @@ -46,7 +45,7 @@ public class TabletIT extends AccumuloClusterIT { @Override public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { - Map siteConfig = new HashMap(); + Map siteConfig = cfg.getSiteConfig(); siteConfig.put(Property.TSERV_MAXMEM.getKey(), "128M"); cfg.setDefaultMemory(256, MemoryUnit.MEGABYTE); cfg.setSiteConfig(siteConfig); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java b/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java index f102d01..7211494 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/VisibilityIT.java @@ -45,6 +45,8 @@ import org.apache.accumulo.core.security.ColumnVisibility; import org.apache.accumulo.core.util.ByteArraySet; import org.apache.accumulo.harness.AccumuloClusterIT; import org.apache.hadoop.io.Text; +import org.junit.After; +import org.junit.Before; import org.junit.Test; public class VisibilityIT extends AccumuloClusterIT { @@ -54,6 +56,22 @@ public class VisibilityIT extends AccumuloClusterIT { return 2 * 60; } + Authorizations origAuths = null; + + @Before + public void emptyAuths() throws Exception { + Connector c = getConnector(); + origAuths = c.securityOperations().getUserAuthorizations(getAdminPrincipal()); + } + + @After + public void resetAuths() throws Exception { + Connector c = getConnector(); + if (null != origAuths) { + c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), origAuths); + } + } + @Test public void run() throws Exception { Connector c = getConnector(); @@ -205,7 +223,7 @@ public class VisibilityIT extends AccumuloClusterIT { private void queryData(Connector c, String tableName, Set allAuths, Set userAuths, Map,Set> expected) throws Exception { - c.securityOperations().changeUserAuthorizations("root", new Authorizations(nbas(userAuths))); + c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations(nbas(userAuths))); ArrayList> combos = new ArrayList>(); uniqueCombos(combos, nss(), allAuths); @@ -232,7 +250,7 @@ public class VisibilityIT extends AccumuloClusterIT { Scanner scanner; // should return no records - c.securityOperations().changeUserAuthorizations("root", new Authorizations("BASE", "DEFLABEL")); + c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations("BASE", "DEFLABEL")); scanner = getConnector().createScanner(tableName, new Authorizations()); verifyDefault(scanner, 0); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java b/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java index d375f01..44473b0 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/WriteAheadLogIT.java @@ -18,6 +18,8 @@ package org.apache.accumulo.test.functional; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.conf.Property; import org.apache.accumulo.harness.AccumuloClusterIT; @@ -26,6 +28,7 @@ import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl; import org.apache.accumulo.test.TestIngest; import org.apache.accumulo.test.VerifyIngest; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.RawLocalFileSystem; import org.junit.Test; public class WriteAheadLogIT extends AccumuloClusterIT { @@ -38,7 +41,7 @@ public class WriteAheadLogIT extends AccumuloClusterIT { cfg.setProperty(Property.MASTER_RECOVERY_DELAY, "1s"); cfg.setProperty(Property.TSERV_MAJC_DELAY, "1"); cfg.setProperty(Property.INSTANCE_ZK_TIMEOUT, "4s"); - cfg.useMiniDFS(true); + hadoopCoreSite.set("fs.file.impl", RawLocalFileSystem.class.getName()); } @Override @@ -53,9 +56,19 @@ public class WriteAheadLogIT extends AccumuloClusterIT { c.tableOperations().create(tableName); c.tableOperations().setProperty(tableName, Property.TABLE_SPLIT_THRESHOLD.getKey(), "750K"); TestIngest.Opts opts = new TestIngest.Opts(); + VerifyIngest.Opts vopts = new VerifyIngest.Opts(); opts.setTableName(tableName); + + ClientConfiguration clientConfig = cluster.getClientConfig(); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + vopts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + vopts.setPrincipal(getAdminPrincipal()); + } + TestIngest.ingest(c, opts, new BatchWriterOpts()); - VerifyIngest.Opts vopts = new VerifyIngest.Opts(); vopts.setTableName(tableName); VerifyIngest.verifyIngest(c, vopts, new ScannerOpts()); getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER); http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java index d38588f..d8dba87 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java @@ -22,6 +22,8 @@ import java.util.concurrent.atomic.AtomicReference; import org.apache.accumulo.core.cli.BatchWriterOpts; import org.apache.accumulo.core.cli.ScannerOpts; +import org.apache.accumulo.core.client.ClientConfiguration; +import org.apache.accumulo.core.client.ClientConfiguration.ClientProperty; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.harness.AccumuloClusterIT; import org.apache.accumulo.test.TestIngest; @@ -42,6 +44,7 @@ public class WriteLotsIT extends AccumuloClusterIT { c.tableOperations().create(tableName); final AtomicReference ref = new AtomicReference(); List threads = new ArrayList(); + final ClientConfiguration clientConfig = getCluster().getClientConfig(); for (int i = 0; i < 10; i++) { final int index = i; Thread t = new Thread() { @@ -52,6 +55,11 @@ public class WriteLotsIT extends AccumuloClusterIT { opts.startRow = index * 10000; opts.rows = 10000; opts.setTableName(tableName); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + opts.updateKerberosCredentials(clientConfig); + } else { + opts.setPrincipal(getAdminPrincipal()); + } TestIngest.ingest(c, opts, new BatchWriterOpts()); } catch (Exception ex) { ref.set(ex); @@ -70,6 +78,11 @@ public class WriteLotsIT extends AccumuloClusterIT { VerifyIngest.Opts vopts = new VerifyIngest.Opts(); vopts.rows = 10000 * 10; vopts.setTableName(tableName); + if (clientConfig.getBoolean(ClientProperty.INSTANCE_RPC_SASL_ENABLED.getKey(), false)) { + vopts.updateKerberosCredentials(clientConfig); + } else { + vopts.setPrincipal(getAdminPrincipal()); + } VerifyIngest.verifyIngest(c, vopts, new ScannerOpts()); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java b/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java index 53dbaf6..2b33b4d 100644 --- a/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java +++ b/test/src/test/java/org/apache/accumulo/test/replication/StatusCombinerMacIT.java @@ -21,6 +21,7 @@ import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; +import org.apache.accumulo.cluster.ClusterUser; import org.apache.accumulo.core.client.BatchWriter; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.Scanner; @@ -81,9 +82,10 @@ public class StatusCombinerMacIT extends SharedMiniClusterIT { @Test public void test() throws Exception { Connector conn = getConnector(); + ClusterUser user = getAdminUser(); ReplicationTable.setOnline(conn); - conn.securityOperations().grantTablePermission("root", ReplicationTable.NAME, TablePermission.WRITE); + conn.securityOperations().grantTablePermission(user.getPrincipal(), ReplicationTable.NAME, TablePermission.WRITE); BatchWriter bw = ReplicationTable.getBatchWriter(conn); long createTime = System.currentTimeMillis(); try { http://git-wip-us.apache.org/repos/asf/accumulo/blob/1c5bef32/test/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/test/src/test/resources/log4j.properties b/test/src/test/resources/log4j.properties index 1b89dfe..40ad717 100644 --- a/test/src/test/resources/log4j.properties +++ b/test/src/test/resources/log4j.properties @@ -51,4 +51,4 @@ log4j.logger.org.apache.directory.api.ldap=WARN log4j.logger.org.apache.thrift.transport.TSaslTransport=INFO # From apache-ds/minikdc log4j.logger.org.apache.mina=INFO -log4j.logger.org.apache.accumulo.server.thrift.UGIAssumingProcessor=TRACE \ No newline at end of file +log4j.logger.org.apache.accumulo.server.thrift.UGIAssumingProcessor=TRACE