HBASE-13294 Fix the critical ancient loopholes in security testing infrastructure (Srikanth Srungarapu)
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/5a58116b Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/5a58116b Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/5a58116b Branch: refs/heads/hbase-12439 Commit: 5a58116bb531f0b256fdbfcabd3fad20663170fd Parents: 5e1fc25 Author: Andrew Purtell <[email protected]> Authored: Wed Mar 25 11:21:28 2015 -0700 Committer: Andrew Purtell <[email protected]> Committed: Wed Mar 25 11:21:28 2015 -0700 ---------------------------------------------------------------------- .../hbase/security/access/SecureTestUtil.java | 63 +-- .../security/access/TestAccessController.java | 384 +++++++------------ .../security/access/TestAccessController2.java | 12 +- .../access/TestCellACLWithMultipleVersions.java | 35 +- .../hbase/security/access/TestCellACLs.java | 115 ++---- .../security/access/TestNamespaceCommands.java | 161 ++++---- .../access/TestScanEarlyTermination.java | 3 +- 7 files changed, 301 insertions(+), 472 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java index f77bb85..6487ebe 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java @@ -154,6 +154,7 @@ public class SecureTestUtil { */ static interface AccessTestAction extends PrivilegedExceptionAction<Object> { } + /** This fails only in case of ADE or empty list for any of the actions. */ public static void verifyAllowed(User user, AccessTestAction... actions) throws Exception { for (AccessTestAction action : actions) { try { @@ -170,6 +171,7 @@ public class SecureTestUtil { } } + /** This fails only in case of ADE or empty list for any of the users. */ public static void verifyAllowed(AccessTestAction action, User... users) throws Exception { for (User user : users) { verifyAllowed(user, action); @@ -191,36 +193,53 @@ public class SecureTestUtil { } } - public static void verifyDeniedWithException(User user, AccessTestAction... actions) - throws Exception { - verifyDenied(user, true, actions); - } - - public static void verifyDeniedWithException(AccessTestAction action, User... users) - throws Exception { + /** This passes only in case of ADE for all users. */ + public static void verifyDenied(AccessTestAction action, User... users) throws Exception { for (User user : users) { - verifyDenied(user, true, action); + verifyDenied(user, action); } } - public static void verifyDenied(User user, AccessTestAction... actions) throws Exception { - verifyDenied(user, false, actions); - } - - public static void verifyDenied(User user, boolean requireException, - AccessTestAction... actions) throws Exception { - for (AccessTestAction action : actions) { + /** This passes only in case of empty list for all users. */ + public static void verifyIfEmptyList(AccessTestAction action, User... users) throws Exception { + for (User user : users) { try { Object obj = user.runAs(action); - if (requireException) { - fail("Expected exception was not thrown for user '" + user.getShortName() + "'"); - } if (obj != null && obj instanceof List<?>) { List<?> results = (List<?>) obj; if (results != null && !results.isEmpty()) { - fail("Unexpected results for user '" + user.getShortName() + "'"); + fail("Unexpected action results: " + results + " for user '" + + user.getShortName() + "'"); } + } else { + fail("Unexpected results for user '" + user.getShortName() + "'"); } + } catch (AccessDeniedException ade) { + fail("Expected action to pass for user '" + user.getShortName() + "' but was denied"); + } + } + } + + /** This passes only in case of null for all users. */ + public static void verifyIfNull(AccessTestAction action, User... users) throws Exception { + for (User user : users) { + try { + Object obj = user.runAs(action); + if (obj != null) { + fail("Non null results from action for user '" + user.getShortName() + "'"); + } + } catch (AccessDeniedException ade) { + fail("Expected action to pass for user '" + user.getShortName() + "' but was denied"); + } + } + } + + /** This passes only in case of ADE for all actions. */ + public static void verifyDenied(User user, AccessTestAction... actions) throws Exception { + for (AccessTestAction action : actions) { + try { + user.runAs(action); + fail("Expected exception was not thrown for user '" + user.getShortName() + "'"); } catch (IOException e) { boolean isAccessDeniedException = false; if(e instanceof RetriesExhaustedWithDetailsException) { @@ -266,12 +285,6 @@ public class SecureTestUtil { } } - public static void verifyDenied(AccessTestAction action, User... users) throws Exception { - for (User user : users) { - verifyDenied(user, action); - } - } - private static List<AccessController> getAccessControllers(MiniHBaseCluster cluster) { List<AccessController> result = Lists.newArrayList(); for (RegionServerThread t: cluster.getLiveRegionServerThreads()) { http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 11aa5db..8fab5f2 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -139,7 +139,11 @@ public class TestAccessController extends SecureTestUtil { @Rule public TestTableName TEST_TABLE = new TestTableName(); private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); private static Configuration conf; - private static Connection connection; + + /** The systemUserConnection created here is tied to the system user. In case, you are planning + * to create AccessTestAction, DON'T use this systemUserConnection as the 'doAs' user + * gets eclipsed by the system user. */ + private static Connection systemUserConnection; // user with all permissions @@ -213,12 +217,11 @@ public class TestAccessController extends SecureTestUtil { USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]); USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]); - connection = ConnectionFactory.createConnection(conf); + systemUserConnection = TEST_UTIL.getConnection(); } @AfterClass public static void tearDownAfterClass() throws Exception { - connection.close(); TEST_UTIL.shutdownMiniCluster(); } @@ -269,7 +272,7 @@ public class TestAccessController extends SecureTestUtil { assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size()); try { - assertEquals(5, AccessControlClient.getUserPermissions(connection, + assertEquals(5, AccessControlClient.getUserPermissions(systemUserConnection, TEST_TABLE.toString()).size()); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.getUserPermissions. ", e); @@ -357,8 +360,8 @@ public class TestAccessController extends SecureTestUtil { } }; - verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE); - verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE, USER_OWNER); + verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER); + verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE); } @Test @@ -454,8 +457,7 @@ public class TestAccessController extends SecureTestUtil { @Test public void testMove() throws Exception { List<HRegionLocation> regions; - try (RegionLocator locator = - TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) { + try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) { regions = locator.getAllRegionLocations(); } HRegionLocation location = regions.get(0); @@ -477,8 +479,7 @@ public class TestAccessController extends SecureTestUtil { @Test public void testAssign() throws Exception { List<HRegionLocation> regions; - try (RegionLocator locator = - TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) { + try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) { regions = locator.getAllRegionLocations(); } HRegionLocation location = regions.get(0); @@ -498,8 +499,7 @@ public class TestAccessController extends SecureTestUtil { @Test public void testUnassign() throws Exception { List<HRegionLocation> regions; - try (RegionLocator locator = - TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) { + try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) { regions = locator.getAllRegionLocations(); } HRegionLocation location = regions.get(0); @@ -519,8 +519,7 @@ public class TestAccessController extends SecureTestUtil { @Test public void testRegionOffline() throws Exception { List<HRegionLocation> regions; - try (RegionLocator locator = - TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE.getTableName())) { + try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE.getTableName())) { regions = locator.getAllRegionLocations(); } HRegionLocation location = regions.get(0); @@ -676,20 +675,6 @@ public class TestAccessController extends SecureTestUtil { verifyDenied(action, USER_RW, USER_RO, USER_NONE); } - @Test - public void testPreCompactSelection() throws Exception { - AccessTestAction action = new AccessTestAction() { - @Override - public Object run() throws Exception { - ACCESS_CONTROLLER.preCompactSelection(ObserverContext.createAndPrepare(RCP_ENV, null), null, null); - return null; - } - }; - - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER); - verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE); - } - private void verifyRead(AccessTestAction action) throws Exception { verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE, USER_RW, USER_RO); verifyDenied(action, USER_NONE); @@ -708,11 +693,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Get g = new Get(TEST_ROW); g.addFamily(TEST_FAMILY); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName())) { t.get(g); - } finally { - t.close(); } return null; } @@ -725,9 +708,8 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Scan s = new Scan(); s.addFamily(TEST_FAMILY); - - Table table = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table table = conn.getTable(TEST_TABLE.getTableName())) { ResultScanner scanner = table.getScanner(s); try { for (Result r = scanner.next(); r != null; r = scanner.next()) { @@ -737,8 +719,6 @@ public class TestAccessController extends SecureTestUtil { } finally { scanner.close(); } - } finally { - table.close(); } return null; } @@ -755,11 +735,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Put p = new Put(TEST_ROW); p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1)); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName())) { t.put(p); - } finally { - t.close(); } return null; } @@ -772,11 +750,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Delete d = new Delete(TEST_ROW); d.deleteFamily(TEST_FAMILY); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName())) { t.delete(d); - } finally { - t.close(); } return null; } @@ -789,11 +765,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Increment inc = new Increment(TEST_ROW); inc.addColumn(TEST_FAMILY, TEST_QUALIFIER, 1); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { t.increment(inc); - } finally { - t.close(); } return null; } @@ -809,12 +783,10 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Delete d = new Delete(TEST_ROW); d.deleteFamily(TEST_FAMILY); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { t.checkAndDelete(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER, - Bytes.toBytes("test_value"), d); - } finally { - t.close(); + Bytes.toBytes("test_value"), d); } return null; } @@ -827,12 +799,10 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Put p = new Put(TEST_ROW); p.add(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1)); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { t.checkAndPut(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER, - Bytes.toBytes("test_value"), p); - } finally { - t.close(); + Bytes.toBytes("test_value"), p); } return null; } @@ -929,7 +899,9 @@ public class TestAccessController extends SecureTestUtil { //set global read so RegionServer can move it setPermission(loadPath, FsPermission.valueOf("-rwxrwxrwx")); - try (HTable table = (HTable)TEST_UTIL.getConnection().getTable(tableName)) { + + try (Connection conn = ConnectionFactory.createConnection(conf); + HTable table = (HTable)conn.getTable(tableName)) { TEST_UTIL.waitUntilAllRegionsAssigned(tableName); LoadIncrementalHFiles loader = new LoadIncrementalHFiles(conf); loader.doBulkLoad(loadPath, table); @@ -961,12 +933,10 @@ public class TestAccessController extends SecureTestUtil { put.add(TEST_FAMILY, qualifier, Bytes.toBytes(1)); Append append = new Append(row); append.add(TEST_FAMILY, qualifier, Bytes.toBytes(2)); - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName())) { t.put(put); t.append(append); - } finally { - t.close(); } return null; } @@ -981,17 +951,13 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction grantAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName()); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); ProtobufUtil.grant(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(), - TEST_FAMILY, null, Action.READ); - } finally { - acl.close(); - connection.close(); + TEST_FAMILY, null, Action.READ); } return null; } @@ -1000,17 +966,13 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction revokeAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName()); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); ProtobufUtil.revoke(protocol, USER_RO.getShortName(), TEST_TABLE.getTableName(), - TEST_FAMILY, null, Action.READ); - } finally { - acl.close(); - connection.close(); + TEST_FAMILY, null, Action.READ); } return null; } @@ -1019,16 +981,12 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getTablePermissionsAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)){ BlockingRpcChannel service = acl.coprocessorService(TEST_TABLE.getTableName().getName()); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); ProtobufUtil.getUserPermissions(protocol, TEST_TABLE.getTableName()); - } finally { - acl.close(); - connection.close(); } return null; } @@ -1037,16 +995,12 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getGlobalPermissionsAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table acl = connection.getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME);) { BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); ProtobufUtil.getUserPermissions(protocol); - } finally { - acl.close(); - connection.close(); } return null; } @@ -1062,7 +1016,7 @@ public class TestAccessController extends SecureTestUtil { verifyDenied(getTablePermissionsAction, USER_CREATE, USER_RW, USER_RO, USER_NONE); verifyAllowed(getGlobalPermissionsAction, SUPERUSER, USER_ADMIN); - verifyDeniedWithException(getGlobalPermissionsAction, USER_CREATE, + verifyDenied(getGlobalPermissionsAction, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE); } @@ -1097,11 +1051,10 @@ public class TestAccessController extends SecureTestUtil { Put p = new Put(Bytes.toBytes("a")); p.add(family1, qualifier, Bytes.toBytes("v1")); p.add(family2, qualifier, Bytes.toBytes("v2")); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName);) { t.put(p); - } finally { - t.close(); } return null; } @@ -1112,11 +1065,10 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Put p = new Put(Bytes.toBytes("a")); p.add(family1, qualifier, Bytes.toBytes("v1")); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.put(p); - } finally { - t.close(); } return null; } @@ -1127,11 +1079,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Put p = new Put(Bytes.toBytes("a")); p.add(family2, qualifier, Bytes.toBytes("v2")); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName);) { t.put(p); - } finally { - t.close(); } return null; } @@ -1143,11 +1093,9 @@ public class TestAccessController extends SecureTestUtil { Get g = new Get(TEST_ROW); g.addFamily(family1); g.addFamily(family2); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName);) { t.get(g); - } finally { - t.close(); } return null; } @@ -1158,11 +1106,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Get g = new Get(TEST_ROW); g.addFamily(family1); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.get(g); - } finally { - t.close(); } return null; } @@ -1173,11 +1119,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Get g = new Get(TEST_ROW); g.addFamily(family2); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.get(g); - } finally { - t.close(); } return null; } @@ -1189,11 +1133,9 @@ public class TestAccessController extends SecureTestUtil { Delete d = new Delete(TEST_ROW); d.deleteFamily(family1); d.deleteFamily(family2); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.delete(d); - } finally { - t.close(); } return null; } @@ -1204,11 +1146,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Delete d = new Delete(TEST_ROW); d.deleteFamily(family1); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.delete(d); - } finally { - t.close(); } return null; } @@ -1219,11 +1159,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Delete d = new Delete(TEST_ROW); d.deleteFamily(family2); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.delete(d); - } finally { - t.close(); } return null; } @@ -1364,11 +1302,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Get g = new Get(TEST_ROW); g.addColumn(family1, qualifier); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.get(g); - } finally { - t.close(); } return null; } @@ -1379,11 +1315,9 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { Put p = new Put(TEST_ROW); p.add(family1, qualifier, Bytes.toBytes("v1")); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.put(p); - } finally { - t.close(); } return null; } @@ -1395,11 +1329,9 @@ public class TestAccessController extends SecureTestUtil { Delete d = new Delete(TEST_ROW); d.deleteColumn(family1, qualifier); // d.deleteFamily(family1); - Table t = TEST_UTIL.getConnection().getTable(tableName); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(tableName)) { t.delete(d); - } finally { - t.close(); } return null; } @@ -1470,8 +1402,7 @@ public class TestAccessController extends SecureTestUtil { createTable(TEST_UTIL, htd); List<UserPermission> perms; - - Table acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); AccessControlService.BlockingInterface protocol = @@ -1484,7 +1415,7 @@ public class TestAccessController extends SecureTestUtil { UserPermission ownerperm = new UserPermission( Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values()); assertTrue("Owner should have all permissions on table", - hasFoundUserPermission(ownerperm, perms)); + hasFoundUserPermission(ownerperm, perms)); User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]); byte[] userName = Bytes.toBytes(user.getShortName()); @@ -1492,13 +1423,13 @@ public class TestAccessController extends SecureTestUtil { UserPermission up = new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ); assertFalse("User should not be granted permission: " + up.toString(), - hasFoundUserPermission(up, perms)); + hasFoundUserPermission(up, perms)); // grant read permission grantOnTable(TEST_UTIL, user.getShortName(), - tableName, family1, qualifier, Permission.Action.READ); + tableName, family1, qualifier, Permission.Action.READ); - acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); AccessControlService.BlockingInterface protocol = @@ -1511,19 +1442,19 @@ public class TestAccessController extends SecureTestUtil { UserPermission upToVerify = new UserPermission( userName, tableName, family1, qualifier, Permission.Action.READ); assertTrue("User should be granted permission: " + upToVerify.toString(), - hasFoundUserPermission(upToVerify, perms)); + hasFoundUserPermission(upToVerify, perms)); upToVerify = new UserPermission( userName, tableName, family1, qualifier, Permission.Action.WRITE); assertFalse("User should not be granted permission: " + upToVerify.toString(), - hasFoundUserPermission(upToVerify, perms)); + hasFoundUserPermission(upToVerify, perms)); // grant read+write grantOnTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier, Permission.Action.WRITE, Permission.Action.READ); - acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); AccessControlService.BlockingInterface protocol = @@ -1536,13 +1467,13 @@ public class TestAccessController extends SecureTestUtil { upToVerify = new UserPermission(userName, tableName, family1, qualifier, Permission.Action.WRITE, Permission.Action.READ); assertTrue("User should be granted permission: " + upToVerify.toString(), - hasFoundUserPermission(upToVerify, perms)); + hasFoundUserPermission(upToVerify, perms)); // revoke revokeFromTable(TEST_UTIL, user.getShortName(), tableName, family1, qualifier, - Permission.Action.WRITE, Permission.Action.READ); + Permission.Action.WRITE, Permission.Action.READ); - acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); AccessControlService.BlockingInterface protocol = @@ -1553,7 +1484,7 @@ public class TestAccessController extends SecureTestUtil { } assertFalse("User should not be granted permission: " + upToVerify.toString(), - hasFoundUserPermission(upToVerify, perms)); + hasFoundUserPermission(upToVerify, perms)); // disable table before modification admin.disableTable(tableName); @@ -1562,7 +1493,7 @@ public class TestAccessController extends SecureTestUtil { htd.setOwner(newOwner); admin.modifyTable(tableName, htd); - acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); AccessControlService.BlockingInterface protocol = @@ -1575,7 +1506,7 @@ public class TestAccessController extends SecureTestUtil { UserPermission newOwnerperm = new UserPermission( Bytes.toBytes(newOwner.getName()), tableName, null, Action.values()); assertTrue("New owner should have all permissions on table", - hasFoundUserPermission(newOwnerperm, perms)); + hasFoundUserPermission(newOwnerperm, perms)); // delete table deleteTable(TEST_UTIL, tableName); @@ -1584,7 +1515,7 @@ public class TestAccessController extends SecureTestUtil { @Test public void testGlobalPermissionList() throws Exception { List<UserPermission> perms; - Table acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); AccessControlService.BlockingInterface protocol = @@ -1619,8 +1550,8 @@ public class TestAccessController extends SecureTestUtil { AccessControlProtos.GlobalPermission.newBuilder() .addAction(ProtobufUtil.toPermissionAction(a)).build())); } - Table acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { BlockingRpcChannel channel = acl.coprocessorService(new byte[0]); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(channel); @@ -1629,8 +1560,6 @@ public class TestAccessController extends SecureTestUtil { } catch (ServiceException se) { ProtobufUtil.toIOException(se); } - } finally { - acl.close(); } } @@ -1649,8 +1578,9 @@ public class TestAccessController extends SecureTestUtil { for (Permission p : perms) { request.addPermission(ProtobufUtil.toPermission(p)); } - Table acl = TEST_UTIL.getConnection().getTable(table); - try { + + try(Connection conn = ConnectionFactory.createConnection(conf); + Table acl = conn.getTable(table)) { AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0])); try { @@ -1658,8 +1588,6 @@ public class TestAccessController extends SecureTestUtil { } catch (ServiceException se) { ProtobufUtil.toIOException(se); } - } finally { - acl.close(); } } @@ -1799,7 +1727,7 @@ public class TestAccessController extends SecureTestUtil { .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName())) .addAction(AccessControlProtos.Permission.Action.CREATE)) ).build(); - Table acl = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); + Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME); try { BlockingRpcChannel channel = acl.coprocessorService(new byte[0]); AccessControlService.BlockingInterface protocol = @@ -1942,7 +1870,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), - snapshot, htd); + snapshot, htd); return null; } }; @@ -2011,13 +1939,13 @@ public class TestAccessController extends SecureTestUtil { // Move region to the new RegionServer. List<HRegionLocation> regions; - try (RegionLocator locator = TEST_UTIL.getConnection().getRegionLocator(TEST_TABLE2)) { + try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE2)) { regions = locator.getAllRegionLocations(); } HRegionLocation location = regions.get(0); final HRegionInfo hri = location.getRegionInfo(); final ServerName server = location.getServerName(); - try (HTable table = (HTable)TEST_UTIL.getConnection().getTable(TEST_TABLE2)) { + try (HTable table = (HTable) systemUserConnection.getTable(TEST_TABLE2)) { AccessTestAction moveAction = new AccessTestAction() { @Override public Object run() throws Exception { @@ -2069,37 +1997,25 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction listTablesAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection unmanagedConnection = - ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); - Admin admin = unmanagedConnection.getAdmin(); - try { - admin.listTables(); - } finally { - admin.close(); - unmanagedConnection.close(); + try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); + Admin admin = conn.getAdmin()) { + return Arrays.asList(admin.listTables()); } - return null; } }; AccessTestAction getTableDescAction = new AccessTestAction() { @Override public Object run() throws Exception { - Connection unmanagedConnection = - ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); - Admin admin = unmanagedConnection.getAdmin(); - try { - admin.getTableDescriptor(TEST_TABLE.getTableName()); - } finally { - admin.close(); - unmanagedConnection.close(); + try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); + Admin admin = conn.getAdmin();) { + return admin.getTableDescriptor(TEST_TABLE.getTableName()); } - return null; } }; verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN); - verifyDenied(listTablesAction, USER_RW, USER_RO, USER_NONE); + verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE); verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, TABLE_ADMIN); verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE); @@ -2123,7 +2039,7 @@ public class TestAccessController extends SecureTestUtil { }; verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_RW, USER_RO); - verifyDenied(listTablesAction, USER_NONE); + verifyIfEmptyList(listTablesAction, USER_NONE); } @Test @@ -2159,28 +2075,23 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { return t.get(new Get(TEST_ROW)); - } finally { - t.close(); } } }; - verifyDenied(getAction, USER_NONE); - - String namespace = "testNamespaceUserGrant"; - NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); - TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); + String namespace = TEST_TABLE.getTableName().getNamespaceAsString(); // Grant namespace READ to USER_NONE, this should supersede any table permissions grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); - - // Now USER_NONE should be able to read also + // Now USER_NONE should be able to read verifyAllowed(getAction, USER_NONE); - TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); + // Revoke namespace READ to USER_NONE + revokeFromNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); + verifyDenied(getAction, USER_NONE); } @Test @@ -2190,11 +2101,9 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { return t.get(new Get(TEST_ROW)); - } finally { - t.close(); } } }; @@ -2203,7 +2112,7 @@ public class TestAccessController extends SecureTestUtil { // Grant table READ permissions to testGrantRevoke. try { - grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(), + grantOnTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGrantRevoke.getShortName(), TEST_TABLE.getTableName(), null, null, Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); @@ -2214,7 +2123,7 @@ public class TestAccessController extends SecureTestUtil { // Revoke table READ permission to testGrantRevoke. try { - revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(), + revokeFromTableUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGrantRevoke.getShortName(), TEST_TABLE.getTableName(), null, null, Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); @@ -2232,11 +2141,9 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName())) { return t.get(new Get(TEST_ROW)); - } finally { - t.close(); } } }; @@ -2245,7 +2152,7 @@ public class TestAccessController extends SecureTestUtil { // Grant table READ permissions to testGlobalGrantRevoke. try { - grantGlobalUsingAccessControlClient(TEST_UTIL, connection, + grantGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGlobalGrantRevoke.getShortName(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); @@ -2256,7 +2163,7 @@ public class TestAccessController extends SecureTestUtil { // Revoke table READ permission to testGlobalGrantRevoke. try { - revokeGlobalUsingAccessControlClient(TEST_UTIL, connection, + revokeGlobalUsingAccessControlClient(TEST_UTIL, systemUserConnection, testGlobalGrantRevoke.getShortName(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); @@ -2273,11 +2180,9 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction getAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { return t.get(new Get(TEST_ROW)); - } finally { - t.close(); } } }; @@ -2286,7 +2191,7 @@ public class TestAccessController extends SecureTestUtil { // Grant namespace READ to testNS, this should supersede any table permissions try { - grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(), + grantOnNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, testNS.getShortName(), TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); @@ -2297,7 +2202,7 @@ public class TestAccessController extends SecureTestUtil { // Revoke namespace READ to testNS, this should supersede any table permissions try { - revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(), + revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, systemUserConnection, testNS.getShortName(), TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); @@ -2378,32 +2283,25 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction execEndpointAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { BlockingRpcChannel service = t.coprocessorService(HConstants.EMPTY_BYTE_ARRAY); PingCoprocessor.newBlockingStub(service).noop(null, NoopRequest.newBuilder().build()); - } finally { - t.close(); } return null; } }; - // Verify that EXEC permission is checked correctly - verifyDenied(execEndpointAction, userB); - verifyAllowed(execEndpointAction, userA); - - String namespace = "testCoprocessorExec"; - NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); - TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); - + String namespace = TEST_TABLE.getTableName().getNamespaceAsString(); // Now grant EXEC to the entire namespace to user B grantOnNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC); - // User B should now be allowed also verifyAllowed(execEndpointAction, userA, userB); - TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); + revokeFromNamespace(TEST_UTIL, userB.getShortName(), namespace, Permission.Action.EXEC); + // Verify that EXEC permission is checked correctly + verifyDenied(execEndpointAction, userB); + verifyAllowed(execEndpointAction, userA); } @Test @@ -2411,16 +2309,14 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction putWithReservedTag = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(TEST_TABLE.getTableName());) { KeyValue kv = new KeyValue(TEST_ROW, TEST_FAMILY, TEST_QUALIFIER, HConstants.LATEST_TIMESTAMP, HConstants.EMPTY_BYTE_ARRAY, new Tag[] { new Tag(AccessControlLists.ACL_TAG_TYPE, ProtobufUtil.toUsersAndPermissions(USER_OWNER.getShortName(), new Permission(Permission.Action.READ)).toByteArray()) }); t.put(new Put(TEST_ROW).add(kv)); - } finally { - t.close(); } return null; } @@ -2503,7 +2399,7 @@ public class TestAccessController extends SecureTestUtil { grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); try { List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions( - connection, AccessControlLists.toNamespaceEntry(namespace)); + systemUserConnection, AccessControlLists.toNamespaceEntry(namespace)); assertTrue(namespacePermissions != null); assertTrue(namespacePermissions.size() == 1); } catch (Throwable thw) { @@ -2516,14 +2412,14 @@ public class TestAccessController extends SecureTestUtil { public void testTruncatePerms() throws Exception { try { List<UserPermission> existingPerms = AccessControlClient.getUserPermissions( - connection, TEST_TABLE.getTableName().getNameAsString()); + systemUserConnection, TEST_TABLE.getTableName().getNameAsString()); assertTrue(existingPerms != null); assertTrue(existingPerms.size() > 1); TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName()); TEST_UTIL.truncateTable(TEST_TABLE.getTableName()); TEST_UTIL.waitTableAvailable(TEST_TABLE.getTableName()); List<UserPermission> perms = AccessControlClient.getUserPermissions( - connection, TEST_TABLE.getTableName().getNameAsString()); + systemUserConnection, TEST_TABLE.getTableName().getNameAsString()); assertTrue(perms != null); assertEquals(existingPerms.size(), perms.size()); } catch (Throwable e) { @@ -2535,19 +2431,11 @@ public class TestAccessController extends SecureTestUtil { return new PrivilegedAction<List<UserPermission>>() { @Override public List<UserPermission> run() { - Connection connection = null; - try { - connection = ConnectionFactory.createConnection(conf); - return AccessControlClient.getUserPermissions(connection, regex); + try(Connection conn = ConnectionFactory.createConnection(conf);) { + return AccessControlClient.getUserPermissions(conn, regex); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.getUserPermissions.", e); return null; - } finally { - try { - connection.close(); - } catch (IOException e) { - LOG.error("Error during close of connection.", e); - } } } }; http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java index 9e10104..391dd91 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java @@ -254,13 +254,13 @@ public class TestAccessController2 extends SecureTestUtil { AccessTestAction writeAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); - try { + + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { t.put(new Put(TEST_ROW).add(AccessControlLists.ACL_LIST_FAMILY, TEST_QUALIFIER, TEST_VALUE)); return null; } finally { - t.close(); } } }; @@ -277,8 +277,8 @@ public class TestAccessController2 extends SecureTestUtil { AccessTestAction scanAction = new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME); - try { + try(Connection conn = ConnectionFactory.createConnection(conf); + Table t = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { ResultScanner s = t.getScanner(new Scan()); try { for (Result r = s.next(); r != null; r = s.next()) { @@ -288,8 +288,6 @@ public class TestAccessController2 extends SecureTestUtil { s.close(); } return null; - } finally { - t.close(); } } }; http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java index e239647..c7c49cd 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java @@ -37,7 +37,6 @@ import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.Get; -import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Increment; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Table; @@ -154,9 +153,8 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; // with ro ACL p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO); @@ -175,9 +173,6 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO); p.setACL(USER_OTHER.getShortName(), new Permission(Permission.Action.WRITE)); t.put(p); - } finally { - t.close(); - connection.close(); } return null; } @@ -190,13 +185,9 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { public Object run() throws Exception { Get get = new Get(TEST_ROW); get.setMaxVersions(10); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); - connection.close(); } } }; @@ -206,13 +197,9 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { public Object run() throws Exception { Get get = new Get(TEST_ROW); get.setMaxVersions(10); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); - connection.close(); } } }; @@ -225,9 +212,8 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO); p.setACL(USER_OTHER.getShortName(), new Permission(Permission.Action.WRITE)); @@ -238,9 +224,6 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { p = new Put(TEST_ROW).add(TEST_FAMILY1, TEST_Q1, ZERO); p.setACL(USER_OTHER.getShortName(), new Permission(Permission.Action.WRITE)); t.put(p); - } finally { - t.close(); - connection.close(); } return null; } @@ -448,7 +431,7 @@ public class TestCellACLWithMultipleVersions extends SecureTestUtil { // The other put should be covered by the tombstone - verifyDenied(getQ2, USER_OTHER); + verifyIfNull(getQ2, USER_OTHER); } @Test http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java index b7cbc52..aed9bc2 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java @@ -147,9 +147,8 @@ public class TestCellACLs extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; // with ro ACL p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO); @@ -164,9 +163,6 @@ public class TestCellACLs extends SecureTestUtil { .add(TEST_FAMILY, TEST_Q3, ZERO) .add(TEST_FAMILY, TEST_Q4, ZERO); t.put(p); - } finally { - t.close(); - connection.close(); } return null; } @@ -178,13 +174,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); - connection.close(); } } }; @@ -193,13 +185,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); - connection.close(); } } }; @@ -208,13 +196,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q3); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); - connection.close(); } } }; @@ -223,12 +207,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q4); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(get).listCells(); - } finally { - t.close(); } } }; @@ -240,8 +221,8 @@ public class TestCellACLs extends SecureTestUtil { // Confirm this access does not extend to other cells - verifyDenied(getQ3, USER_OTHER); - verifyDenied(getQ4, USER_OTHER); + verifyIfNull(getQ3, USER_OTHER); + verifyIfNull(getQ4, USER_OTHER); /* ---- Scans ---- */ @@ -291,13 +272,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1, 1L); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.increment(i); - } finally { - t.close(); - connection.close(); } return null; } @@ -307,13 +284,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2, 1L); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.increment(i); - } finally { - t.close(); - connection.close(); } return null; } @@ -325,13 +298,9 @@ public class TestCellACLs extends SecureTestUtil { Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q2, 1L); // Tag this increment with an ACL that denies write permissions to USER_OTHER i.setACL(USER_OTHER.getShortName(), new Permission(Action.READ)); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.increment(i); - } finally { - t.close(); - connection.close(); } return null; } @@ -341,13 +310,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Increment i = new Increment(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q3, 1L); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.increment(i); - } finally { - t.close(); - connection.close(); } return null; } @@ -370,13 +335,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Delete delete = new Delete(TEST_ROW).deleteFamily(TEST_FAMILY); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.delete(delete); - } finally { - t.close(); - connection.close(); } return null; } @@ -386,13 +347,9 @@ public class TestCellACLs extends SecureTestUtil { @Override public Object run() throws Exception { Delete delete = new Delete(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1); - Connection connection = ConnectionFactory.createConnection(conf); - Table t = connection.getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { t.delete(delete); - } finally { - t.close(); - connection.close(); } return null; } @@ -419,13 +376,11 @@ public class TestCellACLs extends SecureTestUtil { verifyDenied(new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO); t.put(p); - } finally { - t.close(); } return null; } @@ -435,13 +390,11 @@ public class TestCellACLs extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ZERO); t.put(p); - } finally { - t.close(); } return null; } @@ -451,13 +404,11 @@ public class TestCellACLs extends SecureTestUtil { verifyDenied(new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { Put p; p = new Put(TEST_ROW).add(TEST_FAMILY, TEST_Q1, ONE); t.put(p); - } finally { - t.close(); } return null; } @@ -467,11 +418,9 @@ public class TestCellACLs extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - Table t = TEST_UTIL.getConnection().getTable(TEST_TABLE.getTableName()); - try { + try(Connection connection = ConnectionFactory.createConnection(conf); + Table t = connection.getTable(TEST_TABLE.getTableName())) { return t.get(new Get(TEST_ROW).addColumn(TEST_FAMILY, TEST_Q1)); - } finally { - t.close(); } } }, USER_OTHER); http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java index 887b56d..457bb3b 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java @@ -34,7 +34,6 @@ import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Get; -import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.Table; import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; @@ -209,16 +208,16 @@ public class TestNamespaceCommands extends SecureTestUtil { SUPERUSER, USER_GLOBAL_ADMIN); - verifyDeniedWithException(modifyNamespace, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_ADMIN, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC); + verifyDenied(modifyNamespace, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_ADMIN, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC); } @Test @@ -247,7 +246,7 @@ public class TestNamespaceCommands extends SecureTestUtil { USER_GLOBAL_ADMIN); // all others should be denied - verifyDeniedWithException(createNamespace, + verifyDenied(createNamespace, USER_GLOBAL_CREATE, USER_GLOBAL_WRITE, USER_GLOBAL_READ, @@ -265,18 +264,18 @@ public class TestNamespaceCommands extends SecureTestUtil { SUPERUSER, USER_GLOBAL_ADMIN); - verifyDeniedWithException(deleteNamespace, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_ADMIN, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(deleteNamespace, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_ADMIN, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); } @Test @@ -295,17 +294,17 @@ public class TestNamespaceCommands extends SecureTestUtil { USER_GLOBAL_ADMIN, USER_NS_ADMIN); - verifyDeniedWithException(getNamespaceAction, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(getNamespaceAction, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); } @Test @@ -416,52 +415,52 @@ public class TestNamespaceCommands extends SecureTestUtil { SUPERUSER, USER_GLOBAL_ADMIN); - verifyDeniedWithException(grantAction, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_ADMIN, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(grantAction, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_ADMIN, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); verifyAllowed(revokeAction, SUPERUSER, USER_GLOBAL_ADMIN); - verifyDeniedWithException(revokeAction, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_ADMIN, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(revokeAction, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_ADMIN, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); verifyAllowed(getPermissionsAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN); - verifyDeniedWithException(getPermissionsAction, - USER_GLOBAL_CREATE, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_CREATE, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(getPermissionsAction, + USER_GLOBAL_CREATE, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_CREATE, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); } @Test @@ -482,16 +481,16 @@ public class TestNamespaceCommands extends SecureTestUtil { USER_GLOBAL_CREATE, USER_NS_CREATE); - verifyDeniedWithException(createTable, - USER_GLOBAL_ADMIN, - USER_GLOBAL_WRITE, - USER_GLOBAL_READ, - USER_GLOBAL_EXEC, - USER_NS_ADMIN, - USER_NS_WRITE, - USER_NS_READ, - USER_NS_EXEC, - USER_TABLE_CREATE, - USER_TABLE_WRITE); + verifyDenied(createTable, + USER_GLOBAL_ADMIN, + USER_GLOBAL_WRITE, + USER_GLOBAL_READ, + USER_GLOBAL_EXEC, + USER_NS_ADMIN, + USER_NS_WRITE, + USER_NS_READ, + USER_NS_EXEC, + USER_TABLE_CREATE, + USER_TABLE_WRITE); } } http://git-wip-us.apache.org/repos/asf/hbase/blob/5a58116b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java index e1dfdbf..6002a4d 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestScanEarlyTermination.java @@ -32,7 +32,6 @@ import org.apache.hadoop.hbase.TableNotFoundException; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; -import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.Scan; @@ -229,7 +228,7 @@ public class TestScanEarlyTermination extends SecureTestUtil { }, USER_OTHER); // A scan of FAMILY2 will throw an AccessDeniedException - verifyDeniedWithException(new AccessTestAction() { + verifyDenied(new AccessTestAction() { @Override public Object run() throws Exception { // force a new RS connection
