hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From te...@apache.org
Subject [1/3] hbase git commit: HBASE-19483 Add proper privilege check for rsgroup commands
Date Fri, 05 Jan 2018 19:18:20 GMT
Repository: hbase
Updated Branches:
  refs/heads/master 032fdc53d -> fc7736eb0


http://git-wip-us.apache.org/repos/asf/hbase/blob/fc7736eb/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
index 89a48bd..4a9c8cd 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift2/TestThriftHBaseServiceHandlerWithLabels.java
@@ -47,7 +47,7 @@ import org.apache.hadoop.hbase.security.visibility.ScanLabelGenerator;
 import org.apache.hadoop.hbase.security.visibility.SimpleScanLabelGenerator;
 import org.apache.hadoop.hbase.security.visibility.VisibilityClient;
 import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
-import org.apache.hadoop.hbase.security.visibility.VisibilityController;
+import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
 import org.apache.hadoop.hbase.security.visibility.VisibilityUtils;
 import org.apache.hadoop.hbase.testclassification.ClientTests;
 import org.apache.hadoop.hbase.testclassification.MediumTests;
@@ -78,389 +78,386 @@ public class TestThriftHBaseServiceHandlerWithLabels {
 
   private static final Logger LOG = LoggerFactory
     .getLogger(TestThriftHBaseServiceHandlerWithLabels.class);
-private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
-
-// Static names for tables, columns, rows, and values
-private static byte[] tableAname = Bytes.toBytes("tableA");
-private static byte[] familyAname = Bytes.toBytes("familyA");
-private static byte[] familyBname = Bytes.toBytes("familyB");
-private static byte[] qualifierAname = Bytes.toBytes("qualifierA");
-private static byte[] qualifierBname = Bytes.toBytes("qualifierB");
-private static byte[] valueAname = Bytes.toBytes("valueA");
-private static byte[] valueBname = Bytes.toBytes("valueB");
-private static HColumnDescriptor[] families = new HColumnDescriptor[] {
-    new HColumnDescriptor(familyAname).setMaxVersions(3),
-    new HColumnDescriptor(familyBname).setMaxVersions(2) };
-
-private final static String TOPSECRET = "topsecret";
-private final static String PUBLIC = "public";
-private final static String PRIVATE = "private";
-private final static String CONFIDENTIAL = "confidential";
-private final static String SECRET = "secret";
-private static User SUPERUSER;
-
-private static Configuration conf;
-
-public void assertTColumnValuesEqual(List<TColumnValue> columnValuesA,
+  private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
+
+  // Static names for tables, columns, rows, and values
+  private static byte[] tableAname = Bytes.toBytes("tableA");
+  private static byte[] familyAname = Bytes.toBytes("familyA");
+  private static byte[] familyBname = Bytes.toBytes("familyB");
+  private static byte[] qualifierAname = Bytes.toBytes("qualifierA");
+  private static byte[] qualifierBname = Bytes.toBytes("qualifierB");
+  private static byte[] valueAname = Bytes.toBytes("valueA");
+  private static byte[] valueBname = Bytes.toBytes("valueB");
+  private static HColumnDescriptor[] families = new HColumnDescriptor[] {
+      new HColumnDescriptor(familyAname).setMaxVersions(3),
+      new HColumnDescriptor(familyBname).setMaxVersions(2) };
+
+  private final static String TOPSECRET = "topsecret";
+  private final static String PUBLIC = "public";
+  private final static String PRIVATE = "private";
+  private final static String CONFIDENTIAL = "confidential";
+  private final static String SECRET = "secret";
+  private static User SUPERUSER;
+
+  private static Configuration conf;
+
+  public void assertTColumnValuesEqual(List<TColumnValue> columnValuesA,
     List<TColumnValue> columnValuesB) {
-  assertEquals(columnValuesA.size(), columnValuesB.size());
-  Comparator<TColumnValue> comparator = new Comparator<TColumnValue>() {
-    @Override
-    public int compare(TColumnValue o1, TColumnValue o2) {
-      return Bytes.compareTo(Bytes.add(o1.getFamily(), o1.getQualifier()),
+    assertEquals(columnValuesA.size(), columnValuesB.size());
+    Comparator<TColumnValue> comparator = new Comparator<TColumnValue>() {
+      @Override
+      public int compare(TColumnValue o1, TColumnValue o2) {
+        return Bytes.compareTo(Bytes.add(o1.getFamily(), o1.getQualifier()),
           Bytes.add(o2.getFamily(), o2.getQualifier()));
+      }
+    };
+    Collections.sort(columnValuesA, comparator);
+    Collections.sort(columnValuesB, comparator);
+
+    for (int i = 0; i < columnValuesA.size(); i++) {
+      TColumnValue a = columnValuesA.get(i);
+      TColumnValue b = columnValuesB.get(i);
+      assertArrayEquals(a.getFamily(), b.getFamily());
+      assertArrayEquals(a.getQualifier(), b.getQualifier());
+      assertArrayEquals(a.getValue(), b.getValue());
     }
-  };
-  Collections.sort(columnValuesA, comparator);
-  Collections.sort(columnValuesB, comparator);
-
-  for (int i = 0; i < columnValuesA.size(); i++) {
-    TColumnValue a = columnValuesA.get(i);
-    TColumnValue b = columnValuesB.get(i);
-    assertArrayEquals(a.getFamily(), b.getFamily());
-    assertArrayEquals(a.getQualifier(), b.getQualifier());
-    assertArrayEquals(a.getValue(), b.getValue());
   }
-}
 
-@BeforeClass
-public static void beforeClass() throws Exception {
-  SUPERUSER = User.createUserForTesting(conf, "admin",
-      new String[] { "supergroup" });
-  conf = UTIL.getConfiguration();
-  conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS,
-      SimpleScanLabelGenerator.class, ScanLabelGenerator.class);
-  conf.set("hbase.superuser", SUPERUSER.getShortName());
-  conf.set("hbase.coprocessor.master.classes",
-      VisibilityController.class.getName());
-  conf.set("hbase.coprocessor.region.classes",
-      VisibilityController.class.getName());
-  conf.setInt("hfile.format.version", 3);
-  UTIL.startMiniCluster(1);
-  // Wait for the labels table to become available
-  UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000);
-  createLabels();
-  Admin admin = UTIL.getAdmin();
-  HTableDescriptor tableDescriptor = new HTableDescriptor(
-      TableName.valueOf(tableAname));
-  for (HColumnDescriptor family : families) {
-    tableDescriptor.addFamily(family);
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    SUPERUSER = User.createUserForTesting(conf, "admin",
+        new String[] { "supergroup" });
+    conf = UTIL.getConfiguration();
+    conf.setClass(VisibilityUtils.VISIBILITY_LABEL_GENERATOR_CLASS,
+        SimpleScanLabelGenerator.class, ScanLabelGenerator.class);
+    conf.set("hbase.superuser", SUPERUSER.getShortName());
+    VisibilityTestUtil.enableVisiblityLabels(conf);
+    UTIL.startMiniCluster(1);
+    // Wait for the labels table to become available
+    UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME.getName(), 50000);
+    createLabels();
+    Admin admin = UTIL.getAdmin();
+    HTableDescriptor tableDescriptor = new HTableDescriptor(
+        TableName.valueOf(tableAname));
+    for (HColumnDescriptor family : families) {
+      tableDescriptor.addFamily(family);
+    }
+    admin.createTable(tableDescriptor);
+    admin.close();
+    setAuths();
   }
-  admin.createTable(tableDescriptor);
-  admin.close();
-  setAuths();
-}
 
-private static void createLabels() throws IOException, InterruptedException {
-  PrivilegedExceptionAction<VisibilityLabelsResponse> action =
-      new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
-    public VisibilityLabelsResponse run() throws Exception {
-      String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-      try (Connection conn = ConnectionFactory.createConnection(conf)) {
-        VisibilityClient.addLabels(conn, labels);
-      } catch (Throwable t) {
-        throw new IOException(t);
+  private static void createLabels() throws IOException, InterruptedException {
+    PrivilegedExceptionAction<VisibilityLabelsResponse> action =
+        new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
+      public VisibilityLabelsResponse run() throws Exception {
+        String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
+        try (Connection conn = ConnectionFactory.createConnection(conf)) {
+          VisibilityClient.addLabels(conn, labels);
+        } catch (Throwable t) {
+          throw new IOException(t);
+        }
+        return null;
       }
-      return null;
+    };
+    SUPERUSER.runAs(action);
+  }
+
+  private static void setAuths() throws IOException {
+    String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
+    try {
+      VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName());
+    } catch (Throwable t) {
+      throw new IOException(t);
     }
-  };
-  SUPERUSER.runAs(action);
-}
+  }
 
-private static void setAuths() throws IOException {
-  String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, PUBLIC, TOPSECRET };
-  try {
-    VisibilityClient.setAuths(UTIL.getConnection(), labels, User.getCurrent().getShortName());
-  } catch (Throwable t) {
-    throw new IOException(t);
+  @AfterClass
+  public static void afterClass() throws Exception {
+    UTIL.shutdownMiniCluster();
   }
-}
 
-@AfterClass
-public static void afterClass() throws Exception {
-  UTIL.shutdownMiniCluster();
-}
+  @Before
+  public void setup() throws Exception {
 
-@Before
-public void setup() throws Exception {
+  }
 
-}
+  private ThriftHBaseServiceHandler createHandler() throws IOException {
+    return new ThriftHBaseServiceHandler(conf, UserProvider.instantiate(conf));
+  }
 
-private ThriftHBaseServiceHandler createHandler() throws IOException {
-  return new ThriftHBaseServiceHandler(conf, UserProvider.instantiate(conf));
-}
+  @Test
+  public void testScanWithVisibilityLabels() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    ByteBuffer table = wrap(tableAname);
+
+    // insert data
+    TColumnValue columnValue = new TColumnValue(wrap(familyAname),
+        wrap(qualifierAname), wrap(valueAname));
+    List<TColumnValue> columnValues = new ArrayList<>(1);
+    columnValues.add(columnValue);
+    for (int i = 0; i < 10; i++) {
+      TPut put = new TPut(wrap(("testScan" + i).getBytes()), columnValues);
+      if (i == 5) {
+        put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC));
+      } else {
+        put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET
+            + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
+      }
+      handler.put(table, put);
+    }
 
-@Test
-public void testScanWithVisibilityLabels() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  ByteBuffer table = wrap(tableAname);
-
-  // insert data
-  TColumnValue columnValue = new TColumnValue(wrap(familyAname),
-      wrap(qualifierAname), wrap(valueAname));
-  List<TColumnValue> columnValues = new ArrayList<>(1);
-  columnValues.add(columnValue);
-  for (int i = 0; i < 10; i++) {
-    TPut put = new TPut(wrap(("testScan" + i).getBytes()), columnValues);
-    if (i == 5) {
-      put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC));
-    } else {
-      put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET
-          + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
+    // create scan instance
+    TScan scan = new TScan();
+    List<TColumn> columns = new ArrayList<>(1);
+    TColumn column = new TColumn();
+    column.setFamily(familyAname);
+    column.setQualifier(qualifierAname);
+    columns.add(column);
+    scan.setColumns(columns);
+    scan.setStartRow("testScan".getBytes());
+    scan.setStopRow("testScan\uffff".getBytes());
+
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(2);
+    labels.add(SECRET);
+    labels.add(PRIVATE);
+    tauth.setLabels(labels);
+    scan.setAuthorizations(tauth);
+    // get scanner and rows
+    int scanId = handler.openScanner(table, scan);
+    List<TResult> results = handler.getScannerRows(scanId, 10);
+    assertEquals(9, results.size());
+    Assert.assertFalse(Bytes.equals(results.get(5).getRow(),
+        ("testScan" + 5).getBytes()));
+    for (int i = 0; i < 9; i++) {
+      if (i < 5) {
+        assertArrayEquals(("testScan" + i).getBytes(), results.get(i).getRow());
+      } else if (i == 5) {
+        continue;
+      } else {
+        assertArrayEquals(("testScan" + (i + 1)).getBytes(), results.get(i)
+            .getRow());
+      }
     }
-    handler.put(table, put);
-  }
 
-  // create scan instance
-  TScan scan = new TScan();
-  List<TColumn> columns = new ArrayList<>(1);
-  TColumn column = new TColumn();
-  column.setFamily(familyAname);
-  column.setQualifier(qualifierAname);
-  columns.add(column);
-  scan.setColumns(columns);
-  scan.setStartRow("testScan".getBytes());
-  scan.setStopRow("testScan\uffff".getBytes());
-
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(2);
-  labels.add(SECRET);
-  labels.add(PRIVATE);
-  tauth.setLabels(labels);
-  scan.setAuthorizations(tauth);
-  // get scanner and rows
-  int scanId = handler.openScanner(table, scan);
-  List<TResult> results = handler.getScannerRows(scanId, 10);
-  assertEquals(9, results.size());
-  Assert.assertFalse(Bytes.equals(results.get(5).getRow(),
-      ("testScan" + 5).getBytes()));
-  for (int i = 0; i < 9; i++) {
-    if (i < 5) {
-      assertArrayEquals(("testScan" + i).getBytes(), results.get(i).getRow());
-    } else if (i == 5) {
-      continue;
-    } else {
-      assertArrayEquals(("testScan" + (i + 1)).getBytes(), results.get(i)
-          .getRow());
+    // check that we are at the end of the scan
+    results = handler.getScannerRows(scanId, 9);
+    assertEquals(0, results.size());
+
+    // close scanner and check that it was indeed closed
+    handler.closeScanner(scanId);
+    try {
+      handler.getScannerRows(scanId, 9);
+      fail("Scanner id should be invalid");
+    } catch (TIllegalArgument e) {
     }
   }
 
-  // check that we are at the end of the scan
-  results = handler.getScannerRows(scanId, 9);
-  assertEquals(0, results.size());
+  @Test
+  public void testGetScannerResultsWithAuthorizations() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    ByteBuffer table = wrap(tableAname);
+
+    // insert data
+    TColumnValue columnValue = new TColumnValue(wrap(familyAname),
+        wrap(qualifierAname), wrap(valueAname));
+    List<TColumnValue> columnValues = new ArrayList<>(1);
+    columnValues.add(columnValue);
+    for (int i = 0; i < 20; i++) {
+      TPut put = new TPut(
+          wrap(("testGetScannerResults" + pad(i, (byte) 2)).getBytes()),
+          columnValues);
+      if (i == 3) {
+        put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC));
+      } else {
+        put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET
+            + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
+      }
+      handler.put(table, put);
+    }
 
-  // close scanner and check that it was indeed closed
-  handler.closeScanner(scanId);
-  try {
-    handler.getScannerRows(scanId, 9);
-    fail("Scanner id should be invalid");
-  } catch (TIllegalArgument e) {
+    // create scan instance
+    TScan scan = new TScan();
+    List<TColumn> columns = new ArrayList<>(1);
+    TColumn column = new TColumn();
+    column.setFamily(familyAname);
+    column.setQualifier(qualifierAname);
+    columns.add(column);
+    scan.setColumns(columns);
+    scan.setStartRow("testGetScannerResults".getBytes());
+
+    // get 5 rows and check the returned results
+    scan.setStopRow("testGetScannerResults05".getBytes());
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(2);
+    labels.add(SECRET);
+    labels.add(PRIVATE);
+    tauth.setLabels(labels);
+    scan.setAuthorizations(tauth);
+    List<TResult> results = handler.getScannerResults(table, scan, 5);
+    assertEquals(4, results.size());
+    for (int i = 0; i < 4; i++) {
+      if (i < 3) {
+        assertArrayEquals(
+            ("testGetScannerResults" + pad(i, (byte) 2)).getBytes(),
+            results.get(i).getRow());
+      } else if (i == 3) {
+        continue;
+      } else {
+        assertArrayEquals(
+            ("testGetScannerResults" + pad(i + 1, (byte) 2)).getBytes(), results
+                .get(i).getRow());
+      }
+    }
   }
-}
 
-@Test
-public void testGetScannerResultsWithAuthorizations() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  ByteBuffer table = wrap(tableAname);
-
-  // insert data
-  TColumnValue columnValue = new TColumnValue(wrap(familyAname),
-      wrap(qualifierAname), wrap(valueAname));
-  List<TColumnValue> columnValues = new ArrayList<>(1);
-  columnValues.add(columnValue);
-  for (int i = 0; i < 20; i++) {
-    TPut put = new TPut(
-        wrap(("testGetScannerResults" + pad(i, (byte) 2)).getBytes()),
-        columnValues);
-    if (i == 3) {
-      put.setCellVisibility(new TCellVisibility().setExpression(PUBLIC));
-    } else {
-      put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET
-          + "|" + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
-    }
+  @Test
+  public void testGetsWithLabels() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    byte[] rowName = "testPutGet".getBytes();
+    ByteBuffer table = wrap(tableAname);
+
+    List<TColumnValue> columnValues = new ArrayList<>(2);
+    columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
+        wrap(valueAname)));
+    columnValues.add(new TColumnValue(wrap(familyBname), wrap(qualifierBname),
+        wrap(valueBname)));
+    TPut put = new TPut(wrap(rowName), columnValues);
+
+    put.setColumnValues(columnValues);
+    put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + "|"
+        + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
     handler.put(table, put);
+    TGet get = new TGet(wrap(rowName));
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(2);
+    labels.add(SECRET);
+    labels.add(PRIVATE);
+    tauth.setLabels(labels);
+    get.setAuthorizations(tauth);
+    TResult result = handler.get(table, get);
+    assertArrayEquals(rowName, result.getRow());
+    List<TColumnValue> returnedColumnValues = result.getColumnValues();
+    assertTColumnValuesEqual(columnValues, returnedColumnValues);
   }
 
-  // create scan instance
-  TScan scan = new TScan();
-  List<TColumn> columns = new ArrayList<>(1);
-  TColumn column = new TColumn();
-  column.setFamily(familyAname);
-  column.setQualifier(qualifierAname);
-  columns.add(column);
-  scan.setColumns(columns);
-  scan.setStartRow("testGetScannerResults".getBytes());
-
-  // get 5 rows and check the returned results
-  scan.setStopRow("testGetScannerResults05".getBytes());
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(2);
-  labels.add(SECRET);
-  labels.add(PRIVATE);
-  tauth.setLabels(labels);
-  scan.setAuthorizations(tauth);
-  List<TResult> results = handler.getScannerResults(table, scan, 5);
-  assertEquals(4, results.size());
-  for (int i = 0; i < 4; i++) {
-    if (i < 3) {
-      assertArrayEquals(
-          ("testGetScannerResults" + pad(i, (byte) 2)).getBytes(),
-          results.get(i).getRow());
-    } else if (i == 3) {
-      continue;
-    } else {
-      assertArrayEquals(
-          ("testGetScannerResults" + pad(i + 1, (byte) 2)).getBytes(), results
-              .get(i).getRow());
-    }
+  @Test
+  public void testIncrementWithTags() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    byte[] rowName = "testIncrementWithTags".getBytes();
+    ByteBuffer table = wrap(tableAname);
+
+    List<TColumnValue> columnValues = new ArrayList<>(1);
+    columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
+        wrap(Bytes.toBytes(1L))));
+    TPut put = new TPut(wrap(rowName), columnValues);
+    put.setColumnValues(columnValues);
+    put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
+    handler.put(table, put);
+
+    List<TColumnIncrement> incrementColumns = new ArrayList<>(1);
+    incrementColumns.add(new TColumnIncrement(wrap(familyAname),
+        wrap(qualifierAname)));
+    TIncrement increment = new TIncrement(wrap(rowName), incrementColumns);
+    increment.setCellVisibility(new TCellVisibility().setExpression(SECRET));
+    handler.increment(table, increment);
+
+    TGet get = new TGet(wrap(rowName));
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(1);
+    labels.add(SECRET);
+    tauth.setLabels(labels);
+    get.setAuthorizations(tauth);
+    TResult result = handler.get(table, get);
+
+    assertArrayEquals(rowName, result.getRow());
+    assertEquals(1, result.getColumnValuesSize());
+    TColumnValue columnValue = result.getColumnValues().get(0);
+    assertArrayEquals(Bytes.toBytes(2L), columnValue.getValue());
   }
-}
 
-@Test
-public void testGetsWithLabels() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  byte[] rowName = "testPutGet".getBytes();
-  ByteBuffer table = wrap(tableAname);
-
-  List<TColumnValue> columnValues = new ArrayList<>(2);
-  columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
-      wrap(valueAname)));
-  columnValues.add(new TColumnValue(wrap(familyBname), wrap(qualifierBname),
-      wrap(valueBname)));
-  TPut put = new TPut(wrap(rowName), columnValues);
-
-  put.setColumnValues(columnValues);
-  put.setCellVisibility(new TCellVisibility().setExpression("(" + SECRET + "|"
-      + CONFIDENTIAL + ")" + "&" + "!" + TOPSECRET));
-  handler.put(table, put);
-  TGet get = new TGet(wrap(rowName));
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(2);
-  labels.add(SECRET);
-  labels.add(PRIVATE);
-  tauth.setLabels(labels);
-  get.setAuthorizations(tauth);
-  TResult result = handler.get(table, get);
-  assertArrayEquals(rowName, result.getRow());
-  List<TColumnValue> returnedColumnValues = result.getColumnValues();
-  assertTColumnValuesEqual(columnValues, returnedColumnValues);
-}
+  @Test
+  public void testIncrementWithTagsWithNotMatchLabels() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    byte[] rowName = "testIncrementWithTagsWithNotMatchLabels".getBytes();
+    ByteBuffer table = wrap(tableAname);
+
+    List<TColumnValue> columnValues = new ArrayList<>(1);
+    columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
+        wrap(Bytes.toBytes(1L))));
+    TPut put = new TPut(wrap(rowName), columnValues);
+    put.setColumnValues(columnValues);
+    put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
+    handler.put(table, put);
 
-@Test
-public void testIncrementWithTags() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  byte[] rowName = "testIncrementWithTags".getBytes();
-  ByteBuffer table = wrap(tableAname);
-
-  List<TColumnValue> columnValues = new ArrayList<>(1);
-  columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
-      wrap(Bytes.toBytes(1L))));
-  TPut put = new TPut(wrap(rowName), columnValues);
-  put.setColumnValues(columnValues);
-  put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
-  handler.put(table, put);
-
-  List<TColumnIncrement> incrementColumns = new ArrayList<>(1);
-  incrementColumns.add(new TColumnIncrement(wrap(familyAname),
-      wrap(qualifierAname)));
-  TIncrement increment = new TIncrement(wrap(rowName), incrementColumns);
-  increment.setCellVisibility(new TCellVisibility().setExpression(SECRET));
-  handler.increment(table, increment);
-
-  TGet get = new TGet(wrap(rowName));
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(1);
-  labels.add(SECRET);
-  tauth.setLabels(labels);
-  get.setAuthorizations(tauth);
-  TResult result = handler.get(table, get);
-
-  assertArrayEquals(rowName, result.getRow());
-  assertEquals(1, result.getColumnValuesSize());
-  TColumnValue columnValue = result.getColumnValues().get(0);
-  assertArrayEquals(Bytes.toBytes(2L), columnValue.getValue());
-}
+    List<TColumnIncrement> incrementColumns = new ArrayList<>(1);
+    incrementColumns.add(new TColumnIncrement(wrap(familyAname),
+        wrap(qualifierAname)));
+    TIncrement increment = new TIncrement(wrap(rowName), incrementColumns);
+    increment.setCellVisibility(new TCellVisibility().setExpression(SECRET));
+    handler.increment(table, increment);
+
+    TGet get = new TGet(wrap(rowName));
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(1);
+    labels.add(PUBLIC);
+    tauth.setLabels(labels);
+    get.setAuthorizations(tauth);
+    TResult result = handler.get(table, get);
+    assertNull(result.getRow());
+  }
 
-@Test
-public void testIncrementWithTagsWithNotMatchLabels() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  byte[] rowName = "testIncrementWithTagsWithNotMatchLabels".getBytes();
-  ByteBuffer table = wrap(tableAname);
-
-  List<TColumnValue> columnValues = new ArrayList<>(1);
-  columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
-      wrap(Bytes.toBytes(1L))));
-  TPut put = new TPut(wrap(rowName), columnValues);
-  put.setColumnValues(columnValues);
-  put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
-  handler.put(table, put);
-
-  List<TColumnIncrement> incrementColumns = new ArrayList<>(1);
-  incrementColumns.add(new TColumnIncrement(wrap(familyAname),
-      wrap(qualifierAname)));
-  TIncrement increment = new TIncrement(wrap(rowName), incrementColumns);
-  increment.setCellVisibility(new TCellVisibility().setExpression(SECRET));
-  handler.increment(table, increment);
-
-  TGet get = new TGet(wrap(rowName));
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(1);
-  labels.add(PUBLIC);
-  tauth.setLabels(labels);
-  get.setAuthorizations(tauth);
-  TResult result = handler.get(table, get);
-  assertNull(result.getRow());
-}
+  @Test
+  public void testAppend() throws Exception {
+    ThriftHBaseServiceHandler handler = createHandler();
+    byte[] rowName = "testAppend".getBytes();
+    ByteBuffer table = wrap(tableAname);
+    byte[] v1 = Bytes.toBytes(1L);
+    byte[] v2 = Bytes.toBytes(5L);
+    List<TColumnValue> columnValues = new ArrayList<>(1);
+    columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
+        wrap(Bytes.toBytes(1L))));
+    TPut put = new TPut(wrap(rowName), columnValues);
+    put.setColumnValues(columnValues);
+    put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
+    handler.put(table, put);
 
-@Test
-public void testAppend() throws Exception {
-  ThriftHBaseServiceHandler handler = createHandler();
-  byte[] rowName = "testAppend".getBytes();
-  ByteBuffer table = wrap(tableAname);
-  byte[] v1 = Bytes.toBytes(1L);
-  byte[] v2 = Bytes.toBytes(5L);
-  List<TColumnValue> columnValues = new ArrayList<>(1);
-  columnValues.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
-      wrap(Bytes.toBytes(1L))));
-  TPut put = new TPut(wrap(rowName), columnValues);
-  put.setColumnValues(columnValues);
-  put.setCellVisibility(new TCellVisibility().setExpression(PRIVATE));
-  handler.put(table, put);
-
-  List<TColumnValue> appendColumns = new ArrayList<>(1);
-  appendColumns.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
-      wrap(v2)));
-  TAppend append = new TAppend(wrap(rowName), appendColumns);
-  append.setCellVisibility(new TCellVisibility().setExpression(SECRET));
-  handler.append(table, append);
-
-  TGet get = new TGet(wrap(rowName));
-  TAuthorization tauth = new TAuthorization();
-  List<String> labels = new ArrayList<>(1);
-  labels.add(SECRET);
-  tauth.setLabels(labels);
-  get.setAuthorizations(tauth);
-  TResult result = handler.get(table, get);
-
-  assertArrayEquals(rowName, result.getRow());
-  assertEquals(1, result.getColumnValuesSize());
-  TColumnValue columnValue = result.getColumnValues().get(0);
-  assertArrayEquals(Bytes.add(v1, v2), columnValue.getValue());
-}
+    List<TColumnValue> appendColumns = new ArrayList<>(1);
+    appendColumns.add(new TColumnValue(wrap(familyAname), wrap(qualifierAname),
+        wrap(v2)));
+    TAppend append = new TAppend(wrap(rowName), appendColumns);
+    append.setCellVisibility(new TCellVisibility().setExpression(SECRET));
+    handler.append(table, append);
+
+    TGet get = new TGet(wrap(rowName));
+    TAuthorization tauth = new TAuthorization();
+    List<String> labels = new ArrayList<>(1);
+    labels.add(SECRET);
+    tauth.setLabels(labels);
+    get.setAuthorizations(tauth);
+    TResult result = handler.get(table, get);
+
+    assertArrayEquals(rowName, result.getRow());
+    assertEquals(1, result.getColumnValuesSize());
+    TColumnValue columnValue = result.getColumnValues().get(0);
+    assertArrayEquals(Bytes.add(v1, v2), columnValue.getValue());
+  }
 
-/**
- * Padding numbers to make comparison of sort order easier in a for loop
- * 
- * @param n
- *          The number to pad.
- * @param pad
- *          The length to pad up to.
- * @return The padded number as a string.
- */
-private String pad(int n, byte pad) {
-  String res = Integer.toString(n);
-  while (res.length() < pad)
-    res = "0" + res;
-  return res;
-}
+  /**
+   * Padding numbers to make comparison of sort order easier in a for loop
+   *
+   * @param n
+   *          The number to pad.
+   * @param pad
+   *          The length to pad up to.
+   * @return The padded number as a string.
+   */
+  private String pad(int n, byte pad) {
+    String res = Integer.toString(n);
+    while (res.length() < pad) {
+      res = "0" + res;
+    }
+    return res;
+  }
 }

http://git-wip-us.apache.org/repos/asf/hbase/blob/fc7736eb/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
index 83043f7..d5ea076 100644
--- a/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
+++ b/src/main/asciidoc/_chapters/appendix_acl_matrix.adoc
@@ -164,6 +164,17 @@ In case the table goes out of date, the unit tests which check for accuracy
of p
 |              | mergeRegions | superuser\|global(A)
 |              | rollWALWriterRequest | superuser\|global(A)
 |              | replicateLogEntries | superuser\|global(W)
+|RSGroup |addRSGroup           |superuser\|global(A)
+|        |balanceRSGroup       |superuser\|global(A)
+|        |getRSGroupInfo       |superuser\|global(A)
+|        |getRSGroupInfoOfTable|superuser\|global(A)
+|        |getRSGroupOfServer   |superuser\|global(A)
+|        |listRSGroups         |superuser\|global(A)
+|        |moveServers          |superuser\|global(A)
+|        |moveServersAndTables |superuser\|global(A)
+|        |moveTables           |superuser\|global(A)
+|        |removeRSGroup        |superuser\|global(A)
+|        |removeServers        |superuser\|global(A)
 |===
 
 :numbered:

http://git-wip-us.apache.org/repos/asf/hbase/blob/fc7736eb/src/main/asciidoc/_chapters/ops_mgt.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/_chapters/ops_mgt.adoc b/src/main/asciidoc/_chapters/ops_mgt.adoc
index f5fa456..508815f 100644
--- a/src/main/asciidoc/_chapters/ops_mgt.adoc
+++ b/src/main/asciidoc/_chapters/ops_mgt.adoc
@@ -2703,6 +2703,18 @@ Viewing the Master log will give you insight on rsgroup operation.
 
 If it appears stuck, restart the Master process.
 
+=== ACL
+To enable ACL, add the following to your hbase-site.xml and restart your Master:
+
+[source,xml]
+----
+<property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+<property>
+----
+
+
 
 [[normalizer]]
 == Region Normalizer

http://git-wip-us.apache.org/repos/asf/hbase/blob/fc7736eb/src/main/asciidoc/_chapters/security.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc
index cca9364..ef7d6c4 100644
--- a/src/main/asciidoc/_chapters/security.adoc
+++ b/src/main/asciidoc/_chapters/security.adoc
@@ -807,6 +807,10 @@ For an example of using both together, see <<security.example.config>>.
 [source,xml]
 ----
 <property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+<property>
   <name>hbase.coprocessor.region.classes</name>
   <value>org.apache.hadoop.hbase.security.access.AccessController, org.apache.hadoop.hbase.security.token.TokenProvider</value>
 </property>
@@ -1187,6 +1191,10 @@ NOTE: Visibility labels are not currently applied for superusers.
 [source,xml]
 ----
 <property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+<property>
   <name>hbase.coprocessor.region.classes</name>
   <value>org.apache.hadoop.hbase.security.visibility.VisibilityController</value>
 </property>
@@ -1454,6 +1462,10 @@ As mentioned in the above sections, the interface `VisibilityLabelService`
could
 [source,xml]
 ----
 <property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+<property>
   <name>hbase.coprocessor.regionserver.classes</name>
   <value>org.apache.hadoop.hbase.security.visibility.VisibilityController$VisibilityReplication</value>
 </property>
@@ -1672,6 +1684,10 @@ To enable secure bulk load, add the following properties to _hbase-site.xml_.
 [source,xml]
 ----
 <property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+<property>
   <name>hbase.bulkload.staging.dir</name>
   <value>/tmp/hbase-staging</value>
 </property>
@@ -1682,6 +1698,22 @@ To enable secure bulk load, add the following properties to _hbase-site.xml_.
 </property>
 ----
 
+[[hbase.secure.enable]]
+=== Secure Enable
+After hbase-2.x, the default 'hbase.security.authorization' changed.
+Before hbase-2.x, it defaulted to true, in later HBase versions, the
+default became false.
+So to enable hbase authorization, the following propertie must be configured in _hbase-site.xml_.
+See link:https://issues.apache.org/jira/browse/HBASE-19483[HBASE-19483];
+
+[source,xml]
+----
+<property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+----
+
 [[security.example.config]]
 == Security Configuration Example
 
@@ -1704,6 +1736,10 @@ All options have been discussed separately in the sections above.
 </property>
 <!-- Coprocessors for ACLs and Visibility Tags -->
 <property>
+  <name>hbase.security.authorization</name>
+  <value>true</value>
+</property>
+<property>
   <name>hbase.coprocessor.region.classes</name>
   <value>org.apache.hadoop.hbase.security.access.AccessController,
   org.apache.hadoop.hbase.security.visibility.VisibilityController,


Mime
View raw message