hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apurt...@apache.org
Subject svn commit: r1557857 - in /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security: access/TestAccessControlFilter.java visibility/TestVisibilityLabelsWithACL.java
Date Mon, 13 Jan 2014 21:23:23 GMT
Author: apurtell
Date: Mon Jan 13 21:23:23 2014
New Revision: 1557857

URL: http://svn.apache.org/r1557857
Log:
HBASE-10331. Insure security tests use SecureTestUtil methods for grants

Modified:
    hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
    hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java

Modified: hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java?rev=1557857&r1=1557856&r2=1557857&view=diff
==============================================================================
--- hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
(original)
+++ hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
Mon Jan 13 21:23:23 2014
@@ -22,7 +22,6 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import java.io.IOException;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.List;
@@ -37,8 +36,6 @@ import org.apache.hadoop.hbase.client.Pu
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.junit.AfterClass;
@@ -49,19 +46,15 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TestName;
 
-import com.google.protobuf.BlockingRpcChannel;
-
 @Category(LargeTests.class)
 public class TestAccessControlFilter {
   @Rule public TestName name = new TestName();
   private static HBaseTestingUtility TEST_UTIL;
 
-  private static User ADMIN;
   private static User READER;
   private static User LIMITED;
   private static User DENIED;
 
-  
   private static TableName TABLE;
   private static byte[] FAMILY = Bytes.toBytes("f1");
   private static byte[] PRIVATE_COL = Bytes.toBytes("private");
@@ -83,7 +76,6 @@ public class TestAccessControlFilter {
     TEST_UTIL.startMiniCluster();
     TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName());
 
-    ADMIN = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
     READER = User.createUserForTesting(conf, "reader", new String[0]);
     LIMITED = User.createUserForTesting(conf, "limited", new String[0]);
     DENIED = User.createUserForTesting(conf, "denied", new String[0]);
@@ -104,28 +96,12 @@ public class TestAccessControlFilter {
     }
   }
 
-  private void doQualifierAccess(final HTable table) throws IOException, InterruptedException
{
+  private void doQualifierAccess(final HTable table) throws Exception {
     // set permissions
-    ADMIN.runAs(new PrivilegedExceptionAction<Object>() {
-      @Override
-      public Object run() throws Exception {
-        HTable aclmeta = new HTable(TEST_UTIL.getConfiguration(),
-            AccessControlLists.ACL_TABLE_NAME);
-        try {
-          byte[] table = Bytes.toBytes(name.getMethodName());
-          BlockingRpcChannel service = aclmeta.coprocessorService(table);
-          AccessControlService.BlockingInterface protocol =
-            AccessControlService.newBlockingStub(service);
-          ProtobufUtil.grant(protocol, READER.getShortName(),
-            TABLE, null, null, Permission.Action.READ);
-          ProtobufUtil.grant(protocol, LIMITED.getShortName(),
-            TABLE, FAMILY, PUBLIC_COL, Permission.Action.READ);
-          return null;
-        } finally {
-          aclmeta.close();
-        }
-      }
-    });
+    SecureTestUtil.grantOnTable(TEST_UTIL, READER.getShortName(), TABLE, null, null,
+      Permission.Action.READ);
+    SecureTestUtil.grantOnTable(TEST_UTIL, LIMITED.getShortName(), TABLE, FAMILY, PUBLIC_COL,
+      Permission.Action.READ);
 
     // put some test data
     List<Put> puts = new ArrayList<Put>(100);

Modified: hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java?rev=1557857&r1=1557856&r2=1557857&view=diff
==============================================================================
--- hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
(original)
+++ hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
Mon Jan 13 21:23:23 2014
@@ -38,8 +38,6 @@ import org.apache.hadoop.hbase.client.Pu
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.ResultScanner;
 import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
-import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse;
 import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse;
 import org.apache.hadoop.hbase.security.User;
@@ -55,7 +53,6 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TestName;
 
-import com.google.protobuf.BlockingRpcChannel;
 import com.google.protobuf.ByteString;
 
 @Category(MediumTests.class)
@@ -97,21 +94,13 @@ public class TestVisibilityLabelsWithACL
     SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" });
     NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {});
     NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {});
-    // Grant NORMAL_USER EXEC privilege on the labels table. For the purposes of this
+    // Grant users EXEC privilege on the labels table. For the purposes of this
     // test, we want to insure that access is denied even with the ability to access
     // the endpoint.
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(LABELS_TABLE_NAME.getName());
-      AccessControlService.BlockingInterface protocol =
-        AccessControlService.newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null,
null,
-        Permission.Action.EXEC);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null,
null,
-          Permission.Action.EXEC);
-    } finally {
-      acl.close();
-    }
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME,
+      null, null, Permission.Action.EXEC);
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME,
+      null, null, Permission.Action.EXEC);
   }
 
   @AfterClass
@@ -127,16 +116,8 @@ public class TestVisibilityLabelsWithACL
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" +
CONFIDENTIAL
         + "&!" + PRIVATE, SECRET + "&!" + PRIVATE);
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol = AccessControlService
-          .newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-    } finally {
-      acl.close();
-    }
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+      null, null, Permission.Action.READ);
     PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>()
{
       public Void run() throws Exception {
         Scan s = new Scan();
@@ -217,20 +198,11 @@ public class TestVisibilityLabelsWithACL
     VisibilityClient.setAuths(conf, auths, "user1");
     TableName tableName = TableName.valueOf(TEST_NAME.getMethodName());
     final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET);
-    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
-    try {
-      BlockingRpcChannel service = acl.coprocessorService(tableName.getName());
-      AccessControlService.BlockingInterface protocol = AccessControlService
-          .newBlockingStub(service);
-      ProtobufUtil.grant(protocol, NORMAL_USER1.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-      ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null,
-          Permission.Action.READ);
-    } finally {
-      acl.close();
-    }
-
-   PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>()
{
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName,
+      null, null, Permission.Action.READ);
+    SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName,
+      null, null, Permission.Action.READ);
+    PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>()
{
       public Void run() throws Exception {
         Get g = new Get(row1);
         g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));



Mime
View raw message