Return-Path: 
 <commits-return-16421-apmail-hbase-commits-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-commits-archive@www.apache.org
Delivered-To: apmail-hbase-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id EFA4D10C8E
	for <apmail-hbase-commits-archive@www.apache.org>;
 Sat, 21 Dec 2013 21:30:02 +0000 (UTC)
Received: (qmail 16571 invoked by uid 500); 21 Dec 2013 21:30:02 -0000
Delivered-To: apmail-hbase-commits-archive@hbase.apache.org
Received: (qmail 16537 invoked by uid 500); 21 Dec 2013 21:30:02 -0000
Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hbase.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hbase.apache.org>
List-Post: <mailto:commits@hbase.apache.org>
List-Id: <commits.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list commits@hbase.apache.org
Received: (qmail 16530 invoked by uid 99); 21 Dec 2013 21:30:01 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Dec 2013 21:30:01 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 21 Dec 2013 21:30:00 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id A73CB23888A6;
	Sat, 21 Dec 2013 21:29:40 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1552947 - in
 /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security:
 access/SecureTestUtil.java visibility/TestVisibilityLabelsWithACL.java
Date: Sat, 21 Dec 2013 21:29:40 -0000
To: commits@hbase.apache.org
From: apurtell@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20131221212940.A73CB23888A6@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: apurtell
Date: Sat Dec 21 21:29:40 2013
New Revision: 1552947

URL: http://svn.apache.org/r1552947
Log:
HBASE-10220. Put all test service principals into the superusers list

Modified:
    hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
    hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java

Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java?rev=1552947&r1=1552946&r2=1552947&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java Sat Dec 21 21:29:40 2013
@@ -47,13 +47,24 @@ public class SecureTestUtil {
     conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
     conf.set("hbase.coprocessor.region.classes", AccessController.class.getName()+
         ","+SecureBulkLoadEndpoint.class.getName());
-    // add the process running user to superusers
+    // The secure minicluster creates separate service principals based on the
+    // current user's name, one for each slave. We need to add all of these to
+    // the superuser list or security won't function properly. We expect the
+    // HBase service account(s) to have superuser privilege.
     String currentUser = User.getCurrent().getName();
-    conf.set("hbase.superuser", "admin,"+currentUser);
+    StringBuffer sb = new StringBuffer();
+    sb.append("admin,");
+    sb.append(currentUser);
+    // Assumes we won't ever have a minicluster with more than 5 slaves
+    for (int i = 0; i < 5; i++) {
+      sb.append(',');
+      sb.append(currentUser); sb.append(".hfs."); sb.append(i);
+    }
+    conf.set("hbase.superuser", sb.toString());
     // Need HFile V3 for tags for security features
     conf.setInt("hfile.format.version", 3);
   }
-  
+
   public void verifyAllowed(User user, PrivilegedExceptionAction... actions) throws Exception {
     for (PrivilegedExceptionAction action : actions) {
       try {

Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java?rev=1552947&r1=1552946&r2=1552947&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java Sat Dec 21 21:29:40 2013
@@ -76,7 +76,6 @@ public class TestVisibilityLabelsWithACL
   public static void setupBeforeClass() throws Exception {
     // setup configuration
     conf = TEST_UTIL.getConfiguration();
-    conf.setInt("hfile.format.version", 3);
     SecureTestUtil.enableSecurity(conf);
     conf.set("hbase.coprocessor.master.classes", AccessController.class.getName() + ","
         + VisibilityController.class.getName());