/** * Sets the security firstly for getting the correct default realm. * @throws Exception */ @BeforeClass public static void beforeClass() throws Exception { UserProvider.setUserProviderForTesting(UTIL.getConfiguration(), HadoopSecurityEnabledUserProviderForTesting.class); setUpKdcServer(); SecureTestUtil.enableSecurity(UTIL.getConfiguration()); UTIL.getConfiguration().setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true); VisibilityTestUtil.enableVisiblityLabels(UTIL.getConfiguration()); SecureTestUtil.verifyConfiguration(UTIL.getConfiguration()); setUpClusterKdc(); UTIL.startMiniCluster(); UTIL.waitUntilAllRegionsAssigned(AccessControlLists.ACL_TABLE_NAME); UTIL.waitUntilAllRegionsAssigned(VisibilityConstants.LABELS_TABLE_NAME); UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME, 50000); UTIL.waitTableEnabled(VisibilityConstants.LABELS_TABLE_NAME, 50000); SecureTestUtil.grantGlobal(UTIL, USER_ADMIN, Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.EXEC, Permission.Action.READ, Permission.Action.WRITE); addLabels(UTIL.getConfiguration(), Arrays.asList(USER_OWNER), Arrays.asList(PRIVATE, CONFIDENTIAL, SECRET, TOPSECRET)); }
@BeforeClass public static void setupBeforeClass() throws Exception { conf = TEST_UTIL.getConfiguration(); // Enable security enableSecurity(conf); conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName()); // Verify enableSecurity sets up what we require verifyConfiguration(conf); // Enable EXEC permission checking conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true); TEST_UTIL.startMiniCluster(); TEST_UTIL.waitUntilAllRegionsAssigned(AccessControlLists.ACL_TABLE_NAME); MasterCoprocessorHost cpHost = TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost(); cpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf); USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]); USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]); USER_RO = User.createUserForTesting(conf, "rouser", new String[0]); USER_NONE = User.createUserForTesting(conf, "usernone", new String[0]); }
/** * @param perms A map of permissions for a user or users */ public Query setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
/** * @param perms A map of permissions for a user or users */ public Mutation setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
/** * @param perms A map of permissions for a user or users */ public void setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(permMap).toByteArray()); }
/** * @return true if ACLs should be evaluated on the cell level first */ public boolean getACLStrategy() { byte[] bytes = getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL_STRATEGY); if (bytes != null) { return Bytes.equals(bytes, AccessControlConstants.OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST); } return false; }
/** * @param cellFirstStrategy true if ACLs should be evaluated on the cell * level first, false if ACL should first be checked at the CF and table * levels */ public void setACLStrategy(boolean cellFirstStrategy) { if (cellFirstStrategy) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL_STRATEGY, AccessControlConstants.OP_ATTRIBUTE_ACL_STRATEGY_CELL_FIRST); } }
/** * @param perms A map of permissions for a user or users */ public Query setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
/** * @param perms A map of permissions for a user or users */ public Mutation setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
/** * @return The serialized ACL for this operation, or null if none */ public byte[] getACL() { return getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL); }
/** * @param user User short name * @param perms Permissions for the user */ public Query setACL(String user, Permission perms) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(user, perms).toByteArray()); return this; }
/** * @param user User short name * @param perms Permissions for the user */ public Mutation setACL(String user, Permission perms) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(user, perms).toByteArray()); return this; }
/** * @param user User short name * @param perms Permissions for the user */ public void setACL(String user, Permission perms) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, ProtobufUtil.toUsersAndPermissions(user, perms).toByteArray()); }
/** * @param user User short name * @param perms Permissions for the user */ public Query setACL(String user, Permission perms) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(user, perms).toByteArray()); return this; }
/** * @param user User short name * @param perms Permissions for the user */ public Mutation setACL(String user, Permission perms) { setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(user, perms).toByteArray()); return this; }