View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import static org.junit.Assert.assertFalse;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.util.ArrayList;
25  import java.util.List;
26  import java.util.concurrent.atomic.AtomicBoolean;
27  
28  import org.apache.commons.logging.Log;
29  import org.apache.commons.logging.LogFactory;
30  import org.apache.hadoop.conf.Configuration;
31  import org.apache.hadoop.hbase.Abortable;
32  import org.apache.hadoop.hbase.TableName;
33  import org.apache.hadoop.hbase.HBaseTestingUtility;
34  import org.apache.hadoop.hbase.testclassification.LargeTests;
35  import org.apache.hadoop.hbase.Waiter.Predicate;
36  import org.apache.hadoop.hbase.security.User;
37  import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
38  import org.junit.AfterClass;
39  import org.junit.BeforeClass;
40  import org.junit.Test;
41  import org.junit.experimental.categories.Category;
42  
43  /**
44   * Test the reading and writing of access permissions to and from zookeeper.
45   */
46  @Category(LargeTests.class)
47  public class TestZKPermissionsWatcher {
48    private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
49    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
50    private static TableAuthManager AUTH_A;
51    private static TableAuthManager AUTH_B;
52    private final static Abortable ABORTABLE = new Abortable() {
53      private final AtomicBoolean abort = new AtomicBoolean(false);
54  
55      @Override
56      public void abort(String why, Throwable e) {
57        LOG.info(why, e);
58        abort.set(true);
59      }
60  
61      @Override
62      public boolean isAborted() {
63        return abort.get();
64      }
65    };
66  
67    private static TableName TEST_TABLE =
68        TableName.valueOf("perms_test");
69  
70    @BeforeClass
71    public static void beforeClass() throws Exception {
72      // setup configuration
73      Configuration conf = UTIL.getConfiguration();
74      SecureTestUtil.enableSecurity(conf);
75  
76      // start minicluster
77      UTIL.startMiniCluster();
78      AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
79        "TestZKPermissionsWatcher_1", ABORTABLE), conf);
80      AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
81        "TestZKPermissionsWatcher_2", ABORTABLE), conf);
82    }
83  
84    @AfterClass
85    public static void afterClass() throws Exception {
86      UTIL.shutdownMiniCluster();
87    }
88  
89    @Test
90    public void testPermissionsWatcher() throws Exception {
91      Configuration conf = UTIL.getConfiguration();
92      User george = User.createUserForTesting(conf, "george", new String[] { });
93      User hubert = User.createUserForTesting(conf, "hubert", new String[] { });
94      
95      assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
96        TablePermission.Action.READ));
97      assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null,
98        TablePermission.Action.WRITE));
99      assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
100       TablePermission.Action.READ));
101     assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
102       TablePermission.Action.WRITE));
103 
104     assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
105       TablePermission.Action.READ));
106     assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null,
107       TablePermission.Action.WRITE));
108     assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
109       TablePermission.Action.READ));
110     assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
111       TablePermission.Action.WRITE));
112 
113     // update ACL: george RW
114     List<TablePermission> acl = new ArrayList<TablePermission>();
115     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
116       TablePermission.Action.WRITE));
117     final long mtimeB = AUTH_B.getMTime();
118     AUTH_A.setTableUserPermissions(george.getShortName(), TEST_TABLE, acl);
119     // Wait for the update to propagate
120     UTIL.waitFor(10000, 100, new Predicate<Exception>() {
121       @Override
122       public boolean evaluate() throws Exception {
123         return AUTH_B.getMTime() > mtimeB;
124       }
125     });
126     Thread.sleep(1000);
127 
128     // check it
129     assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
130       TablePermission.Action.READ));
131     assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
132       TablePermission.Action.WRITE));
133     assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
134       TablePermission.Action.READ));
135     assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
136       TablePermission.Action.WRITE));
137     assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
138       TablePermission.Action.READ));
139     assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
140       TablePermission.Action.WRITE));
141     assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
142       TablePermission.Action.READ));
143     assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
144       TablePermission.Action.WRITE));
145 
146     // update ACL: hubert R
147     acl = new ArrayList<TablePermission>();
148     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
149     final long mtimeA = AUTH_A.getMTime();
150     AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
151     // Wait for the update to propagate
152     UTIL.waitFor(10000, 100, new Predicate<Exception>() {
153       @Override
154       public boolean evaluate() throws Exception {
155         return AUTH_A.getMTime() > mtimeA;
156       }
157     });
158     Thread.sleep(1000);
159 
160     // check it
161     assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
162       TablePermission.Action.READ));
163     assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
164       TablePermission.Action.WRITE));
165     assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
166       TablePermission.Action.READ));
167     assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null,
168       TablePermission.Action.WRITE));
169     assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
170       TablePermission.Action.READ));
171     assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null,
172       TablePermission.Action.WRITE));
173     assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
174       TablePermission.Action.READ));
175     assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
176       TablePermission.Action.WRITE));
177   }
178 }