@BeforeClass public static void setUpBeforeClass() throws Exception { // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.getConfiguration().setInt( LoadIncrementalHFiles.MAX_FILES_PER_REGION_PER_FAMILY, MAX_FILES_PER_REGION_PER_FAMILY); // change default behavior so that tag values are returned with normal rpcs util.getConfiguration().set(HConstants.RPC_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getCanonicalName()); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); setupNamespace(); }
@BeforeClass public static void setUpBeforeClass() throws Exception { setUpBaseConf(TEST_UTIL.getConfiguration()); // set the always on security provider UserProvider.setUserProviderForTesting(TEST_UTIL.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(3); TEST_UTIL.startMiniMapReduceCluster(); // Wait for the ACL table to become available TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.getConfiguration().setInt( LoadIncrementalHFiles.MAX_FILES_PER_REGION_PER_FAMILY, MAX_FILES_PER_REGION_PER_FAMILY); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); setupNamespace(); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // Start mini cluster TEST_UTIL.getConfiguration().setBoolean("hbase.online.schema.update.enable", true); TEST_UTIL.getConfiguration().setInt("hbase.regionserver.msginterval", 100); TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250); TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false); TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3); // Security setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(); // Configure jruby runtime List<String> loadPaths = new ArrayList(); loadPaths.add("src/main/ruby"); loadPaths.add("src/test/ruby"); jruby.getProvider().setLoadPaths(loadPaths); jruby.put("$TEST_CLUSTER", TEST_UTIL); System.setProperty("jruby.jit.logging.verbose", "true"); System.setProperty("jruby.jit.logging", "true"); System.setProperty("jruby.native.verbose", "true"); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.getConfiguration().setInt( LoadIncrementalHFiles.MAX_FILES_PER_REGION_PER_FAMILY, MAX_FILES_PER_REGION_PER_FAMILY); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); }
@BeforeClass public static void setUpBeforeClass() throws Exception { setUpBaseConf(TEST_UTIL.getConfiguration()); // set the always on security provider UserProvider.setUserProviderForTesting(TEST_UTIL.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(3); TEST_UTIL.startMiniMapReduceCluster(); // Wait for the ACL table to become available TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); }
/** * Sets the security firstly for getting the correct default realm. * @throws Exception */ @BeforeClass public static void beforeClass() throws Exception { UserProvider.setUserProviderForTesting(UTIL.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); setUpKdcServer(); SecureTestUtil.enableSecurity(UTIL.getConfiguration()); UTIL.getConfiguration().setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true); VisibilityTestUtil.enableVisiblityLabels(UTIL.getConfiguration()); SecureTestUtil.verifyConfiguration(UTIL.getConfiguration()); setUpClusterKdc(); UTIL.startMiniCluster(); UTIL.waitUntilAllRegionsAssigned(AccessControlLists.ACL_TABLE_NAME); UTIL.waitUntilAllRegionsAssigned(VisibilityConstants.LABELS_TABLE_NAME); UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME, 50000); UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME, 50000); SecureTestUtil.grantGlobal(UTIL, USER_ADMIN, Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.EXEC, Permission.Action.READ, Permission.Action.WRITE); addLabels(UTIL.getConfiguration(), Arrays.asList(USER_OWNER), Arrays.asList(PRIVATE, CONFIDENTIAL, SECRET, TOPSECRET)); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.getConfiguration().setInt(LoadIncrementalHFiles.MAX_FILES_PER_REGION_PER_FAMILY, MAX_FILES_PER_REGION_PER_FAMILY); // change default behavior so that tag values are returned with normal rpcs util.getConfiguration().set(HConstants.RPC_CODEC_CONF_KEY, KeyValueCodecWithTags.class.getCanonicalName()); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); setupNamespace(); }
@BeforeClass public static void setUpBeforeClass() throws Exception { setUpBaseConf(TEST_UTIL.getConfiguration()); // Setup separate test-data directory for MR cluster and set corresponding configurations. // Otherwise, different test classes running MR cluster can step on each other. TEST_UTIL.getDataTestDir(); // set the always on security provider UserProvider.setUserProviderForTesting(TEST_UTIL.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(1, 3); TEST_UTIL.startMiniMapReduceCluster(); // Wait for the ACL table to become available TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); }
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10); SecureTestUtil.enableSecurity(conf); conf.set("hbase.coprocessor.master.classes", AccessController.class.getName() + "," + VisibilityController.class.getName()); conf.set("hbase.coprocessor.region.classes", AccessController.class.getName() + "," + VisibilityController.class.getName()); TEST_UTIL.startMiniCluster(2); TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName(), 50000); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); addLabels(); // Create users for testing SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {}); // Grant users EXEC privilege on the labels table. For the purposes of this // test, we want to insure that access is denied even with the ability to access // the endpoint. SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null, null, Permission.Action.EXEC); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null, null, Permission.Action.EXEC); }
@Test public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Scan s = new Scan(); s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); try (Connection connection = ConnectionFactory.createConnection(conf); Table t = connection.getTable(table.getName())) { ResultScanner scanner = t.getScanner(s); Result result = scanner.next(); assertTrue(!result.isEmpty()); assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow())); result = scanner.next(); assertNull(result); } return null; } }; NORMAL_USER2.runAs(scanAction); }
@Test public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any. VisibilityClient.setAuths(conn, auths, "user1"); } TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, null, null, Permission.Action.READ); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); try (Connection connection = ConnectionFactory.createConnection(conf); Table t = connection.getTable(table.getName())) { Result result = t.get(g); assertTrue(result.isEmpty()); } return null; } }; NORMAL_USER2.runAs(getAction); }
@BeforeClass public static void setUpBeforeClass() throws Exception { conf = TEST_UTIL.getConfiguration(); // Up the handlers; this test needs more than usual. conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10); // Set up superuser SecureTestUtil.configureSuperuser(conf); // Install the VisibilityController as a system processor VisibilityTestUtil.enableVisiblityLabels(conf); // Now, DISABLE active authorization conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, false); TEST_UTIL.startMiniCluster(); // Wait for the labels table to become available TEST_UTIL.waitUntilAllRegionsAssigned(LABELS_TABLE_NAME); // create a set of test users SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]); // Define test labels SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL, PRIVATE }); VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { fail("Should not have failed"); } return null; } }); }
@BeforeClass public static void setupCluster() throws Exception { util = new HBaseTestingUtility(); // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // Start mini cluster TEST_UTIL.getConfiguration().setBoolean("hbase.online.schema.update.enable", true); TEST_UTIL.getConfiguration().setInt("hbase.regionserver.msginterval", 100); TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250); TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false); TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3); TEST_UTIL.getConfiguration().setInt(HConstants.MASTER_INFO_PORT, -1); TEST_UTIL.getConfiguration().setInt(HConstants.REGIONSERVER_INFO_PORT, -1); // Security setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(); // Configure jruby runtime List<String> loadPaths = new ArrayList(); loadPaths.add("src/main/ruby"); loadPaths.add("src/test/ruby"); jruby.getProvider().setLoadPaths(loadPaths); jruby.put("$TEST_CLUSTER", TEST_UTIL); System.setProperty("jruby.jit.logging.verbose", "true"); System.setProperty("jruby.jit.logging", "true"); System.setProperty("jruby.native.verbose", "true"); }
@BeforeClass public static void setupBeforeClass() throws Exception { // setup configuration conf = TEST_UTIL.getConfiguration(); SecureTestUtil.enableSecurity(conf); conf.set("hbase.coprocessor.master.classes", AccessController.class.getName() + "," + VisibilityController.class.getName()); conf.set("hbase.coprocessor.region.classes", AccessController.class.getName() + "," + VisibilityController.class.getName()); TEST_UTIL.startMiniCluster(2); TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName(), 50000); // Wait for the labels table to become available TEST_UTIL.waitTableEnabled(LABELS_TABLE_NAME.getName(), 50000); addLabels(); // Create users for testing SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); NORMAL_USER1 = User.createUserForTesting(conf, "user1", new String[] {}); NORMAL_USER2 = User.createUserForTesting(conf, "user2", new String[] {}); // Grant users EXEC privilege on the labels table. For the purposes of this // test, we want to insure that access is denied even with the ability to access // the endpoint. SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), LABELS_TABLE_NAME, null, null, Permission.Action.EXEC); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), LABELS_TABLE_NAME, null, null, Permission.Action.EXEC); }
@Test public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; VisibilityClient.setAuths(conf, auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Scan s = new Scan(); s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); Table t = new HTable(conf, table.getName()); try { ResultScanner scanner = t.getScanner(s); Result result = scanner.next(); assertTrue(!result.isEmpty()); assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow())); result = scanner.next(); assertNull(result); } finally { t.close(); } return null; } }; NORMAL_USER2.runAs(scanAction); }
@Test public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any. VisibilityClient.setAuths(conf, auths, "user1"); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, null, null, Permission.Action.READ); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); Table t = new HTable(conf, table.getName()); try { Result result = t.get(g); assertTrue(result.isEmpty()); } finally { t.close(); } return null; } }; NORMAL_USER2.runAs(getAction); }
@Test public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; VisibilityClient.setAuths(conf, auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Scan s = new Scan(); s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); HTable t = new HTable(conf, table.getTableName()); try { ResultScanner scanner = t.getScanner(s); Result result = scanner.next(); assertTrue(!result.isEmpty()); assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow())); result = scanner.next(); assertNull(result); } finally { t.close(); } return null; } }; NORMAL_USER2.runAs(scanAction); }
@Test public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; VisibilityClient.clearAuths(conf, auths, user); // Removing all auths if any. VisibilityClient.setAuths(conf, auths, "user1"); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final HTable table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, null, null, Permission.Action.READ); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); HTable t = new HTable(conf, table.getTableName()); try { Result result = t.get(g); assertTrue(result.isEmpty()); } finally { t.close(); } return null; } }; NORMAL_USER2.runAs(getAction); }
@BeforeClass public static void setupCluster() throws Exception { util = new HBaseTestingUtility(); // set the always on security provider UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); }
@BeforeClass public static void setupCluster() throws Exception { util = new HBaseTestingUtility(); // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME, 5000); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // setup configuration SecureTestUtil.enableSecurity(util.getConfiguration()); UserProvider.setUserProviderForTesting(util.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); util.startMiniCluster(); // Wait for the ACL table to become available util.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME, 5000); }
@Test public void testScanForUserWithFewerLabelAuthsThanLabelsInScanAuthorizations() throws Throwable { String[] auths = { SECRET }; String user = "user2"; VisibilityClient.setAuths(TEST_UTIL.getConnection(), auths, user); TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET + "&" + CONFIDENTIAL + "&!" + PRIVATE, SECRET + "&!" + PRIVATE); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> scanAction = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Scan s = new Scan(); s.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); try (Connection connection = ConnectionFactory.createConnection(conf); Table t = connection.getTable(table.getName())) { ResultScanner scanner = t.getScanner(s); Result result = scanner.next(); assertTrue(!result.isEmpty()); assertTrue(Bytes.equals(Bytes.toBytes("row2"), result.getRow())); result = scanner.next(); assertNull(result); } return null; } }; NORMAL_USER2.runAs(scanAction); }
@Test public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any. VisibilityClient.setAuths(conn, auths, "user1"); } TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, null, null, Permission.Action.READ); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); try (Connection connection = ConnectionFactory.createConnection(conf); Table t = connection.getTable(table.getName())) { Result result = t.get(g); assertTrue(result.isEmpty()); } return null; } }; NORMAL_USER2.runAs(getAction); }
@BeforeClass public static void setUpBeforeClass() throws Exception { conf = TEST_UTIL.getConfiguration(); // Up the handlers; this test needs more than usual. conf.setInt(HConstants.REGION_SERVER_HIGH_PRIORITY_HANDLER_COUNT, 10); // Set up superuser SecureTestUtil.configureSuperuser(conf); // Install the VisibilityController as a system processor VisibilityTestUtil.enableVisiblityLabels(conf); // Now, DISABLE active authorization conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, false); TEST_UTIL.startMiniCluster(); // Wait for the labels table to become available TEST_UTIL.waitUntilAllRegionsAssigned(LABELS_TABLE_NAME); // create a set of test users SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]); // Define test labels SUPERUSER.runAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL, PRIVATE }); VisibilityClient.setAuths(conn, new String[] { SECRET, CONFIDENTIAL }, USER_RW.getShortName()); } catch (Throwable t) { fail("Should not have failed"); } return null; } }); }
@BeforeClass public static void setUpBeforeClass() throws Exception { // Start mini cluster TEST_UTIL.getConfiguration().setInt("hbase.regionserver.msginterval", 100); TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250); TEST_UTIL.getConfiguration().setBoolean("hbase.quota.enabled", true); TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false); TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3); // Below settings are necessary for task monitor test. TEST_UTIL.getConfiguration().setInt(HConstants.MASTER_INFO_PORT, 0); TEST_UTIL.getConfiguration().setInt(HConstants.REGIONSERVER_INFO_PORT, 0); TEST_UTIL.getConfiguration().setBoolean(HConstants.REGIONSERVER_INFO_PORT_AUTO, true); // Security setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration()); TEST_UTIL.startMiniCluster(); // Configure jruby runtime List<String> loadPaths = new ArrayList<>(2); loadPaths.add("src/main/ruby"); loadPaths.add("src/test/ruby"); jruby.setLoadPaths(loadPaths); jruby.put("$TEST_CLUSTER", TEST_UTIL); System.setProperty("jruby.jit.logging.verbose", "true"); System.setProperty("jruby.jit.logging", "true"); System.setProperty("jruby.native.verbose", "true"); }
@BeforeClass public static void setUpBeforeClass() throws Exception { basePath = System.getProperty("basedir"); // Start mini cluster TEST_UTIL.getConfiguration().setInt("hbase.regionserver.msginterval", 100); TEST_UTIL.getConfiguration().setInt("hbase.client.pause", 250); TEST_UTIL.getConfiguration().setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, 6); TEST_UTIL.getConfiguration().setBoolean(CoprocessorHost.ABORT_ON_ERROR_KEY, false); TEST_UTIL.getConfiguration().setInt("hfile.format.version", 3); // Security setup configuration SecureTestUtil.enableSecurity(TEST_UTIL.getConfiguration()); VisibilityTestUtil.enableVisiblityLabels(TEST_UTIL.getConfiguration()); //Setup RegionServer Groups TEST_UTIL.getConfiguration().set( HConstants.HBASE_MASTER_LOADBALANCER_CLASS, RSGroupBasedLoadBalancer.class.getName()); TEST_UTIL.getConfiguration().set( CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, RSGroupAdminEndpoint.class.getName()); TEST_UTIL.startMiniCluster(1,4); // Configure jruby runtime List<String> loadPaths = new ArrayList<>(2); loadPaths.add(basePath+"/src/main/ruby"); loadPaths.add(basePath+"/src/test/ruby"); jruby.setLoadPaths(loadPaths); jruby.put("$TEST_CLUSTER", TEST_UTIL); System.setProperty("jruby.jit.logging.verbose", "true"); System.setProperty("jruby.jit.logging", "true"); System.setProperty("jruby.native.verbose", "true"); }
