http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html ---------------------------------------------------------------------- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html index 5062e9b..23b4be7 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html @@ -282,7 +282,7 @@ <span class="sourceLineNo">274</span> public static void tearDownAfterClass() throws Exception {<a name="line.274"></a> <span class="sourceLineNo">275</span> cleanUp();<a name="line.275"></a> <span class="sourceLineNo">276</span> TEST_UTIL.shutdownMiniCluster();<a name="line.276"></a> -<span class="sourceLineNo">277</span> int total = TableAuthManager.getTotalRefCount();<a name="line.277"></a> +<span class="sourceLineNo">277</span> int total = AuthManager.getTotalRefCount();<a name="line.277"></a> <span class="sourceLineNo">278</span> assertTrue("Unexpected reference count: " + total, total == 0);<a name="line.278"></a> <span class="sourceLineNo">279</span> }<a name="line.279"></a> <span class="sourceLineNo">280</span><a name="line.280"></a> @@ -1642,12 +1642,12 @@ <span class="sourceLineNo">1634</span> }<a name="line.1634"></a> <span class="sourceLineNo">1635</span><a name="line.1635"></a> <span class="sourceLineNo">1636</span> UserPermission ownerperm =<a name="line.1636"></a> -<span class="sourceLineNo">1637</span> new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values());<a name="line.1637"></a> +<span class="sourceLineNo">1637</span> new UserPermission(USER_OWNER.getName(), tableName, Action.values());<a name="line.1637"></a> <span class="sourceLineNo">1638</span> assertTrue("Owner should have all permissions on table",<a name="line.1638"></a> <span class="sourceLineNo">1639</span> hasFoundUserPermission(ownerperm, perms));<a name="line.1639"></a> <span class="sourceLineNo">1640</span><a name="line.1640"></a> <span class="sourceLineNo">1641</span> User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]);<a name="line.1641"></a> -<span class="sourceLineNo">1642</span> byte[] userName = Bytes.toBytes(user.getShortName());<a name="line.1642"></a> +<span class="sourceLineNo">1642</span> String userName = user.getShortName();<a name="line.1642"></a> <span class="sourceLineNo">1643</span><a name="line.1643"></a> <span class="sourceLineNo">1644</span> UserPermission up =<a name="line.1644"></a> <span class="sourceLineNo">1645</span> new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ);<a name="line.1645"></a> @@ -1733,7 +1733,7 @@ <span class="sourceLineNo">1725</span> }<a name="line.1725"></a> <span class="sourceLineNo">1726</span><a name="line.1726"></a> <span class="sourceLineNo">1727</span> UserPermission newOwnerperm =<a name="line.1727"></a> -<span class="sourceLineNo">1728</span> new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values());<a name="line.1728"></a> +<span class="sourceLineNo">1728</span> new UserPermission(newOwner.getName(), tableName, Action.values());<a name="line.1728"></a> <span class="sourceLineNo">1729</span> assertTrue("New owner should have all permissions on table",<a name="line.1729"></a> <span class="sourceLineNo">1730</span> hasFoundUserPermission(newOwnerperm, perms));<a name="line.1730"></a> <span class="sourceLineNo">1731</span> } finally {<a name="line.1731"></a> @@ -1757,1888 +1757,1898 @@ <span class="sourceLineNo">1749</span><a name="line.1749"></a> <span class="sourceLineNo">1750</span> Collection<String> superUsers = Superusers.getSuperUsers();<a name="line.1750"></a> <span class="sourceLineNo">1751</span> List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);<a name="line.1751"></a> -<span class="sourceLineNo">1752</span> adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),<a name="line.1752"></a> -<span class="sourceLineNo">1753</span> AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));<a name="line.1753"></a> -<span class="sourceLineNo">1754</span><a name="line.1754"></a> -<span class="sourceLineNo">1755</span> for(String user: superUsers) {<a name="line.1755"></a> -<span class="sourceLineNo">1756</span> adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME,<a name="line.1756"></a> -<span class="sourceLineNo">1757</span> null, null, Action.values()));<a name="line.1757"></a> -<span class="sourceLineNo">1758</span> }<a name="line.1758"></a> -<span class="sourceLineNo">1759</span> assertTrue("Only super users, global users and user admin has permission on table hbase:acl " +<a name="line.1759"></a> -<span class="sourceLineNo">1760</span> "per setup", perms.size() == 5 + superUsers.size() &&<a name="line.1760"></a> -<span class="sourceLineNo">1761</span> hasFoundUserPermission(adminPerms, perms));<a name="line.1761"></a> -<span class="sourceLineNo">1762</span> }<a name="line.1762"></a> -<span class="sourceLineNo">1763</span><a name="line.1763"></a> -<span class="sourceLineNo">1764</span> /** global operations */<a name="line.1764"></a> -<span class="sourceLineNo">1765</span> private void verifyGlobal(AccessTestAction action) throws Exception {<a name="line.1765"></a> -<span class="sourceLineNo">1766</span> verifyAllowed(action, SUPERUSER);<a name="line.1766"></a> -<span class="sourceLineNo">1767</span><a name="line.1767"></a> -<span class="sourceLineNo">1768</span> verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO);<a name="line.1768"></a> -<span class="sourceLineNo">1769</span> }<a name="line.1769"></a> -<span class="sourceLineNo">1770</span><a name="line.1770"></a> -<span class="sourceLineNo">1771</span> @Test<a name="line.1771"></a> -<span class="sourceLineNo">1772</span> public void testCheckPermissions() throws Exception {<a name="line.1772"></a> -<span class="sourceLineNo">1773</span> // --------------------------------------<a name="line.1773"></a> -<span class="sourceLineNo">1774</span> // test global permissions<a name="line.1774"></a> -<span class="sourceLineNo">1775</span> AccessTestAction globalAdmin = new AccessTestAction() {<a name="line.1775"></a> -<span class="sourceLineNo">1776</span> @Override<a name="line.1776"></a> -<span class="sourceLineNo">1777</span> public Void run() throws Exception {<a name="line.1777"></a> -<span class="sourceLineNo">1778</span> checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN);<a name="line.1778"></a> -<span class="sourceLineNo">1779</span> return null;<a name="line.1779"></a> -<span class="sourceLineNo">1780</span> }<a name="line.1780"></a> -<span class="sourceLineNo">1781</span> };<a name="line.1781"></a> -<span class="sourceLineNo">1782</span> // verify that only superuser can admin<a name="line.1782"></a> -<span class="sourceLineNo">1783</span> verifyGlobal(globalAdmin);<a name="line.1783"></a> -<span class="sourceLineNo">1784</span><a name="line.1784"></a> -<span class="sourceLineNo">1785</span> // --------------------------------------<a name="line.1785"></a> -<span class="sourceLineNo">1786</span> // test multiple permissions<a name="line.1786"></a> -<span class="sourceLineNo">1787</span> AccessTestAction globalReadWrite = new AccessTestAction() {<a name="line.1787"></a> -<span class="sourceLineNo">1788</span> @Override<a name="line.1788"></a> -<span class="sourceLineNo">1789</span> public Void run() throws Exception {<a name="line.1789"></a> -<span class="sourceLineNo">1790</span> checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE);<a name="line.1790"></a> -<span class="sourceLineNo">1791</span> return null;<a name="line.1791"></a> -<span class="sourceLineNo">1792</span> }<a name="line.1792"></a> -<span class="sourceLineNo">1793</span> };<a name="line.1793"></a> +<span class="sourceLineNo">1752</span> adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW")));<a name="line.1752"></a> +<span class="sourceLineNo">1753</span> for(String user: superUsers) {<a name="line.1753"></a> +<span class="sourceLineNo">1754</span> // Global permission<a name="line.1754"></a> +<span class="sourceLineNo">1755</span> adminPerms.add(new UserPermission(user, Action.values()));<a name="line.1755"></a> +<span class="sourceLineNo">1756</span> }<a name="line.1756"></a> +<span class="sourceLineNo">1757</span> assertTrue("Only super users, global users and user admin has permission on table hbase:acl " +<a name="line.1757"></a> +<span class="sourceLineNo">1758</span> "per setup", perms.size() == 5 + superUsers.size() &&<a name="line.1758"></a> +<span class="sourceLineNo">1759</span> hasFoundUserPermission(adminPerms, perms));<a name="line.1759"></a> +<span class="sourceLineNo">1760</span> }<a name="line.1760"></a> +<span class="sourceLineNo">1761</span><a name="line.1761"></a> +<span class="sourceLineNo">1762</span> /** global operations */<a name="line.1762"></a> +<span class="sourceLineNo">1763</span> private void verifyGlobal(AccessTestAction action) throws Exception {<a name="line.1763"></a> +<span class="sourceLineNo">1764</span> verifyAllowed(action, SUPERUSER);<a name="line.1764"></a> +<span class="sourceLineNo">1765</span><a name="line.1765"></a> +<span class="sourceLineNo">1766</span> verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO);<a name="line.1766"></a> +<span class="sourceLineNo">1767</span> }<a name="line.1767"></a> +<span class="sourceLineNo">1768</span><a name="line.1768"></a> +<span class="sourceLineNo">1769</span> @Test<a name="line.1769"></a> +<span class="sourceLineNo">1770</span> public void testCheckPermissions() throws Exception {<a name="line.1770"></a> +<span class="sourceLineNo">1771</span> // --------------------------------------<a name="line.1771"></a> +<span class="sourceLineNo">1772</span> // test global permissions<a name="line.1772"></a> +<span class="sourceLineNo">1773</span> AccessTestAction globalAdmin = new AccessTestAction() {<a name="line.1773"></a> +<span class="sourceLineNo">1774</span> @Override<a name="line.1774"></a> +<span class="sourceLineNo">1775</span> public Void run() throws Exception {<a name="line.1775"></a> +<span class="sourceLineNo">1776</span> checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN);<a name="line.1776"></a> +<span class="sourceLineNo">1777</span> return null;<a name="line.1777"></a> +<span class="sourceLineNo">1778</span> }<a name="line.1778"></a> +<span class="sourceLineNo">1779</span> };<a name="line.1779"></a> +<span class="sourceLineNo">1780</span> // verify that only superuser can admin<a name="line.1780"></a> +<span class="sourceLineNo">1781</span> verifyGlobal(globalAdmin);<a name="line.1781"></a> +<span class="sourceLineNo">1782</span><a name="line.1782"></a> +<span class="sourceLineNo">1783</span> // --------------------------------------<a name="line.1783"></a> +<span class="sourceLineNo">1784</span> // test multiple permissions<a name="line.1784"></a> +<span class="sourceLineNo">1785</span> AccessTestAction globalReadWrite = new AccessTestAction() {<a name="line.1785"></a> +<span class="sourceLineNo">1786</span> @Override<a name="line.1786"></a> +<span class="sourceLineNo">1787</span> public Void run() throws Exception {<a name="line.1787"></a> +<span class="sourceLineNo">1788</span> checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE);<a name="line.1788"></a> +<span class="sourceLineNo">1789</span> return null;<a name="line.1789"></a> +<span class="sourceLineNo">1790</span> }<a name="line.1790"></a> +<span class="sourceLineNo">1791</span> };<a name="line.1791"></a> +<span class="sourceLineNo">1792</span><a name="line.1792"></a> +<span class="sourceLineNo">1793</span> verifyGlobal(globalReadWrite);<a name="line.1793"></a> <span class="sourceLineNo">1794</span><a name="line.1794"></a> -<span class="sourceLineNo">1795</span> verifyGlobal(globalReadWrite);<a name="line.1795"></a> -<span class="sourceLineNo">1796</span><a name="line.1796"></a> -<span class="sourceLineNo">1797</span> // --------------------------------------<a name="line.1797"></a> -<span class="sourceLineNo">1798</span> // table/column/qualifier level permissions<a name="line.1798"></a> -<span class="sourceLineNo">1799</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.1799"></a> -<span class="sourceLineNo">1800</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.1800"></a> -<span class="sourceLineNo">1801</span><a name="line.1801"></a> -<span class="sourceLineNo">1802</span> User userTable = User.createUserForTesting(conf, "user_check_perms_table", new String[0]);<a name="line.1802"></a> -<span class="sourceLineNo">1803</span> User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);<a name="line.1803"></a> -<span class="sourceLineNo">1804</span> User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);<a name="line.1804"></a> -<span class="sourceLineNo">1805</span><a name="line.1805"></a> -<span class="sourceLineNo">1806</span> grantOnTable(TEST_UTIL, userTable.getShortName(),<a name="line.1806"></a> -<span class="sourceLineNo">1807</span> TEST_TABLE, null, null,<a name="line.1807"></a> -<span class="sourceLineNo">1808</span> Permission.Action.READ);<a name="line.1808"></a> -<span class="sourceLineNo">1809</span> grantOnTable(TEST_UTIL, userColumn.getShortName(),<a name="line.1809"></a> -<span class="sourceLineNo">1810</span> TEST_TABLE, TEST_FAMILY, null,<a name="line.1810"></a> -<span class="sourceLineNo">1811</span> Permission.Action.READ);<a name="line.1811"></a> -<span class="sourceLineNo">1812</span> grantOnTable(TEST_UTIL, userQualifier.getShortName(),<a name="line.1812"></a> -<span class="sourceLineNo">1813</span> TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1813"></a> -<span class="sourceLineNo">1814</span> Permission.Action.READ);<a name="line.1814"></a> -<span class="sourceLineNo">1815</span><a name="line.1815"></a> -<span class="sourceLineNo">1816</span> try {<a name="line.1816"></a> -<span class="sourceLineNo">1817</span> AccessTestAction tableRead = new AccessTestAction() {<a name="line.1817"></a> -<span class="sourceLineNo">1818</span> @Override<a name="line.1818"></a> -<span class="sourceLineNo">1819</span> public Void run() throws Exception {<a name="line.1819"></a> -<span class="sourceLineNo">1820</span> checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);<a name="line.1820"></a> -<span class="sourceLineNo">1821</span> return null;<a name="line.1821"></a> -<span class="sourceLineNo">1822</span> }<a name="line.1822"></a> -<span class="sourceLineNo">1823</span> };<a name="line.1823"></a> -<span class="sourceLineNo">1824</span><a name="line.1824"></a> -<span class="sourceLineNo">1825</span> AccessTestAction columnRead = new AccessTestAction() {<a name="line.1825"></a> -<span class="sourceLineNo">1826</span> @Override<a name="line.1826"></a> -<span class="sourceLineNo">1827</span> public Void run() throws Exception {<a name="line.1827"></a> -<span class="sourceLineNo">1828</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);<a name="line.1828"></a> -<span class="sourceLineNo">1829</span> return null;<a name="line.1829"></a> -<span class="sourceLineNo">1830</span> }<a name="line.1830"></a> -<span class="sourceLineNo">1831</span> };<a name="line.1831"></a> -<span class="sourceLineNo">1832</span><a name="line.1832"></a> -<span class="sourceLineNo">1833</span> AccessTestAction qualifierRead = new AccessTestAction() {<a name="line.1833"></a> -<span class="sourceLineNo">1834</span> @Override<a name="line.1834"></a> -<span class="sourceLineNo">1835</span> public Void run() throws Exception {<a name="line.1835"></a> -<span class="sourceLineNo">1836</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);<a name="line.1836"></a> -<span class="sourceLineNo">1837</span> return null;<a name="line.1837"></a> -<span class="sourceLineNo">1838</span> }<a name="line.1838"></a> -<span class="sourceLineNo">1839</span> };<a name="line.1839"></a> -<span class="sourceLineNo">1840</span><a name="line.1840"></a> -<span class="sourceLineNo">1841</span> AccessTestAction multiQualifierRead = new AccessTestAction() {<a name="line.1841"></a> -<span class="sourceLineNo">1842</span> @Override<a name="line.1842"></a> -<span class="sourceLineNo">1843</span> public Void run() throws Exception {<a name="line.1843"></a> -<span class="sourceLineNo">1844</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {<a name="line.1844"></a> -<span class="sourceLineNo">1845</span> new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ),<a name="line.1845"></a> -<span class="sourceLineNo">1846</span> new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q2, Permission.Action.READ), });<a name="line.1846"></a> -<span class="sourceLineNo">1847</span> return null;<a name="line.1847"></a> -<span class="sourceLineNo">1848</span> }<a name="line.1848"></a> -<span class="sourceLineNo">1849</span> };<a name="line.1849"></a> -<span class="sourceLineNo">1850</span><a name="line.1850"></a> -<span class="sourceLineNo">1851</span> AccessTestAction globalAndTableRead = new AccessTestAction() {<a name="line.1851"></a> -<span class="sourceLineNo">1852</span> @Override<a name="line.1852"></a> -<span class="sourceLineNo">1853</span> public Void run() throws Exception {<a name="line.1853"></a> -<span class="sourceLineNo">1854</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {<a name="line.1854"></a> -<span class="sourceLineNo">1855</span> new Permission(Permission.Action.READ),<a name="line.1855"></a> -<span class="sourceLineNo">1856</span> new TablePermission(TEST_TABLE, null, (byte[]) null, Permission.Action.READ), });<a name="line.1856"></a> -<span class="sourceLineNo">1857</span> return null;<a name="line.1857"></a> -<span class="sourceLineNo">1858</span> }<a name="line.1858"></a> -<span class="sourceLineNo">1859</span> };<a name="line.1859"></a> -<span class="sourceLineNo">1860</span><a name="line.1860"></a> -<span class="sourceLineNo">1861</span> AccessTestAction noCheck = new AccessTestAction() {<a name="line.1861"></a> -<span class="sourceLineNo">1862</span> @Override<a name="line.1862"></a> -<span class="sourceLineNo">1863</span> public Void run() throws Exception {<a name="line.1863"></a> -<span class="sourceLineNo">1864</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[0]);<a name="line.1864"></a> -<span class="sourceLineNo">1865</span> return null;<a name="line.1865"></a> -<span class="sourceLineNo">1866</span> }<a name="line.1866"></a> -<span class="sourceLineNo">1867</span> };<a name="line.1867"></a> -<span class="sourceLineNo">1868</span><a name="line.1868"></a> -<span class="sourceLineNo">1869</span> verifyAllowed(tableRead, SUPERUSER, userTable);<a name="line.1869"></a> -<span class="sourceLineNo">1870</span> verifyDenied(tableRead, userColumn, userQualifier);<a name="line.1870"></a> -<span class="sourceLineNo">1871</span><a name="line.1871"></a> -<span class="sourceLineNo">1872</span> verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);<a name="line.1872"></a> -<span class="sourceLineNo">1873</span> verifyDenied(columnRead, userQualifier);<a name="line.1873"></a> +<span class="sourceLineNo">1795</span> // --------------------------------------<a name="line.1795"></a> +<span class="sourceLineNo">1796</span> // table/column/qualifier level permissions<a name="line.1796"></a> +<span class="sourceLineNo">1797</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.1797"></a> +<span class="sourceLineNo">1798</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.1798"></a> +<span class="sourceLineNo">1799</span><a name="line.1799"></a> +<span class="sourceLineNo">1800</span> User userTable = User.createUserForTesting(conf, "user_check_perms_table", new String[0]);<a name="line.1800"></a> +<span class="sourceLineNo">1801</span> User userColumn = User.createUserForTesting(conf, "user_check_perms_family", new String[0]);<a name="line.1801"></a> +<span class="sourceLineNo">1802</span> User userQualifier = User.createUserForTesting(conf, "user_check_perms_q", new String[0]);<a name="line.1802"></a> +<span class="sourceLineNo">1803</span><a name="line.1803"></a> +<span class="sourceLineNo">1804</span> grantOnTable(TEST_UTIL, userTable.getShortName(),<a name="line.1804"></a> +<span class="sourceLineNo">1805</span> TEST_TABLE, null, null,<a name="line.1805"></a> +<span class="sourceLineNo">1806</span> Permission.Action.READ);<a name="line.1806"></a> +<span class="sourceLineNo">1807</span> grantOnTable(TEST_UTIL, userColumn.getShortName(),<a name="line.1807"></a> +<span class="sourceLineNo">1808</span> TEST_TABLE, TEST_FAMILY, null,<a name="line.1808"></a> +<span class="sourceLineNo">1809</span> Permission.Action.READ);<a name="line.1809"></a> +<span class="sourceLineNo">1810</span> grantOnTable(TEST_UTIL, userQualifier.getShortName(),<a name="line.1810"></a> +<span class="sourceLineNo">1811</span> TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1811"></a> +<span class="sourceLineNo">1812</span> Permission.Action.READ);<a name="line.1812"></a> +<span class="sourceLineNo">1813</span><a name="line.1813"></a> +<span class="sourceLineNo">1814</span> try {<a name="line.1814"></a> +<span class="sourceLineNo">1815</span> AccessTestAction tableRead = new AccessTestAction() {<a name="line.1815"></a> +<span class="sourceLineNo">1816</span> @Override<a name="line.1816"></a> +<span class="sourceLineNo">1817</span> public Void run() throws Exception {<a name="line.1817"></a> +<span class="sourceLineNo">1818</span> checkTablePerms(TEST_UTIL, TEST_TABLE, null, null, Permission.Action.READ);<a name="line.1818"></a> +<span class="sourceLineNo">1819</span> return null;<a name="line.1819"></a> +<span class="sourceLineNo">1820</span> }<a name="line.1820"></a> +<span class="sourceLineNo">1821</span> };<a name="line.1821"></a> +<span class="sourceLineNo">1822</span><a name="line.1822"></a> +<span class="sourceLineNo">1823</span> AccessTestAction columnRead = new AccessTestAction() {<a name="line.1823"></a> +<span class="sourceLineNo">1824</span> @Override<a name="line.1824"></a> +<span class="sourceLineNo">1825</span> public Void run() throws Exception {<a name="line.1825"></a> +<span class="sourceLineNo">1826</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ);<a name="line.1826"></a> +<span class="sourceLineNo">1827</span> return null;<a name="line.1827"></a> +<span class="sourceLineNo">1828</span> }<a name="line.1828"></a> +<span class="sourceLineNo">1829</span> };<a name="line.1829"></a> +<span class="sourceLineNo">1830</span><a name="line.1830"></a> +<span class="sourceLineNo">1831</span> AccessTestAction qualifierRead = new AccessTestAction() {<a name="line.1831"></a> +<span class="sourceLineNo">1832</span> @Override<a name="line.1832"></a> +<span class="sourceLineNo">1833</span> public Void run() throws Exception {<a name="line.1833"></a> +<span class="sourceLineNo">1834</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ);<a name="line.1834"></a> +<span class="sourceLineNo">1835</span> return null;<a name="line.1835"></a> +<span class="sourceLineNo">1836</span> }<a name="line.1836"></a> +<span class="sourceLineNo">1837</span> };<a name="line.1837"></a> +<span class="sourceLineNo">1838</span><a name="line.1838"></a> +<span class="sourceLineNo">1839</span> AccessTestAction multiQualifierRead = new AccessTestAction() {<a name="line.1839"></a> +<span class="sourceLineNo">1840</span> @Override<a name="line.1840"></a> +<span class="sourceLineNo">1841</span> public Void run() throws Exception {<a name="line.1841"></a> +<span class="sourceLineNo">1842</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {<a name="line.1842"></a> +<span class="sourceLineNo">1843</span> new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q1, Permission.Action.READ),<a name="line.1843"></a> +<span class="sourceLineNo">1844</span> new TablePermission(TEST_TABLE, TEST_FAMILY, TEST_Q2, Permission.Action.READ), });<a name="line.1844"></a> +<span class="sourceLineNo">1845</span> return null;<a name="line.1845"></a> +<span class="sourceLineNo">1846</span> }<a name="line.1846"></a> +<span class="sourceLineNo">1847</span> };<a name="line.1847"></a> +<span class="sourceLineNo">1848</span><a name="line.1848"></a> +<span class="sourceLineNo">1849</span> AccessTestAction globalAndTableRead = new AccessTestAction() {<a name="line.1849"></a> +<span class="sourceLineNo">1850</span> @Override<a name="line.1850"></a> +<span class="sourceLineNo">1851</span> public Void run() throws Exception {<a name="line.1851"></a> +<span class="sourceLineNo">1852</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[] {<a name="line.1852"></a> +<span class="sourceLineNo">1853</span> new Permission(Permission.Action.READ),<a name="line.1853"></a> +<span class="sourceLineNo">1854</span> new TablePermission(TEST_TABLE, null, (byte[]) null, Permission.Action.READ), });<a name="line.1854"></a> +<span class="sourceLineNo">1855</span> return null;<a name="line.1855"></a> +<span class="sourceLineNo">1856</span> }<a name="line.1856"></a> +<span class="sourceLineNo">1857</span> };<a name="line.1857"></a> +<span class="sourceLineNo">1858</span><a name="line.1858"></a> +<span class="sourceLineNo">1859</span> AccessTestAction noCheck = new AccessTestAction() {<a name="line.1859"></a> +<span class="sourceLineNo">1860</span> @Override<a name="line.1860"></a> +<span class="sourceLineNo">1861</span> public Void run() throws Exception {<a name="line.1861"></a> +<span class="sourceLineNo">1862</span> checkTablePerms(TEST_UTIL, TEST_TABLE, new Permission[0]);<a name="line.1862"></a> +<span class="sourceLineNo">1863</span> return null;<a name="line.1863"></a> +<span class="sourceLineNo">1864</span> }<a name="line.1864"></a> +<span class="sourceLineNo">1865</span> };<a name="line.1865"></a> +<span class="sourceLineNo">1866</span><a name="line.1866"></a> +<span class="sourceLineNo">1867</span> verifyAllowed(tableRead, SUPERUSER, userTable);<a name="line.1867"></a> +<span class="sourceLineNo">1868</span> verifyDenied(tableRead, userColumn, userQualifier);<a name="line.1868"></a> +<span class="sourceLineNo">1869</span><a name="line.1869"></a> +<span class="sourceLineNo">1870</span> verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);<a name="line.1870"></a> +<span class="sourceLineNo">1871</span> verifyDenied(columnRead, userQualifier);<a name="line.1871"></a> +<span class="sourceLineNo">1872</span><a name="line.1872"></a> +<span class="sourceLineNo">1873</span> verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1873"></a> <span class="sourceLineNo">1874</span><a name="line.1874"></a> -<span class="sourceLineNo">1875</span> verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1875"></a> -<span class="sourceLineNo">1876</span><a name="line.1876"></a> -<span class="sourceLineNo">1877</span> verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);<a name="line.1877"></a> -<span class="sourceLineNo">1878</span> verifyDenied(multiQualifierRead, userQualifier);<a name="line.1878"></a> -<span class="sourceLineNo">1879</span><a name="line.1879"></a> -<span class="sourceLineNo">1880</span> verifyAllowed(globalAndTableRead, SUPERUSER);<a name="line.1880"></a> -<span class="sourceLineNo">1881</span> verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);<a name="line.1881"></a> +<span class="sourceLineNo">1875</span> verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);<a name="line.1875"></a> +<span class="sourceLineNo">1876</span> verifyDenied(multiQualifierRead, userQualifier);<a name="line.1876"></a> +<span class="sourceLineNo">1877</span><a name="line.1877"></a> +<span class="sourceLineNo">1878</span> verifyAllowed(globalAndTableRead, SUPERUSER);<a name="line.1878"></a> +<span class="sourceLineNo">1879</span> verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);<a name="line.1879"></a> +<span class="sourceLineNo">1880</span><a name="line.1880"></a> +<span class="sourceLineNo">1881</span> verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1881"></a> <span class="sourceLineNo">1882</span><a name="line.1882"></a> -<span class="sourceLineNo">1883</span> verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);<a name="line.1883"></a> -<span class="sourceLineNo">1884</span><a name="line.1884"></a> -<span class="sourceLineNo">1885</span> // --------------------------------------<a name="line.1885"></a> -<span class="sourceLineNo">1886</span> // test family level multiple permissions<a name="line.1886"></a> -<span class="sourceLineNo">1887</span> AccessTestAction familyReadWrite = new AccessTestAction() {<a name="line.1887"></a> -<span class="sourceLineNo">1888</span> @Override<a name="line.1888"></a> -<span class="sourceLineNo">1889</span> public Void run() throws Exception {<a name="line.1889"></a> -<span class="sourceLineNo">1890</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ,<a name="line.1890"></a> -<span class="sourceLineNo">1891</span> Permission.Action.WRITE);<a name="line.1891"></a> -<span class="sourceLineNo">1892</span> return null;<a name="line.1892"></a> -<span class="sourceLineNo">1893</span> }<a name="line.1893"></a> -<span class="sourceLineNo">1894</span> };<a name="line.1894"></a> -<span class="sourceLineNo">1895</span><a name="line.1895"></a> -<span class="sourceLineNo">1896</span> verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);<a name="line.1896"></a> -<span class="sourceLineNo">1897</span> verifyDenied(familyReadWrite, USER_NONE, USER_RO);<a name="line.1897"></a> -<span class="sourceLineNo">1898</span><a name="line.1898"></a> -<span class="sourceLineNo">1899</span> // --------------------------------------<a name="line.1899"></a> -<span class="sourceLineNo">1900</span> // check for wrong table region<a name="line.1900"></a> -<span class="sourceLineNo">1901</span> CheckPermissionsRequest checkRequest =<a name="line.1901"></a> -<span class="sourceLineNo">1902</span> CheckPermissionsRequest<a name="line.1902"></a> -<span class="sourceLineNo">1903</span> .newBuilder()<a name="line.1903"></a> -<span class="sourceLineNo">1904</span> .addPermission(<a name="line.1904"></a> -<span class="sourceLineNo">1905</span> AccessControlProtos.Permission<a name="line.1905"></a> -<span class="sourceLineNo">1906</span> .newBuilder()<a name="line.1906"></a> -<span class="sourceLineNo">1907</span> .setType(AccessControlProtos.Permission.Type.Table)<a name="line.1907"></a> -<span class="sourceLineNo">1908</span> .setTablePermission(<a name="line.1908"></a> -<span class="sourceLineNo">1909</span> AccessControlProtos.TablePermission.newBuilder()<a name="line.1909"></a> -<span class="sourceLineNo">1910</span> .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE))<a name="line.1910"></a> -<span class="sourceLineNo">1911</span> .addAction(AccessControlProtos.Permission.Action.CREATE))).build();<a name="line.1911"></a> -<span class="sourceLineNo">1912</span> Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.1912"></a> -<span class="sourceLineNo">1913</span> try {<a name="line.1913"></a> -<span class="sourceLineNo">1914</span> BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);<a name="line.1914"></a> -<span class="sourceLineNo">1915</span> AccessControlService.BlockingInterface protocol =<a name="line.1915"></a> -<span class="sourceLineNo">1916</span> AccessControlService.newBlockingStub(channel);<a name="line.1916"></a> -<span class="sourceLineNo">1917</span> try {<a name="line.1917"></a> -<span class="sourceLineNo">1918</span> // but ask for TablePermissions for TEST_TABLE<a name="line.1918"></a> -<span class="sourceLineNo">1919</span> protocol.checkPermissions(null, checkRequest);<a name="line.1919"></a> -<span class="sourceLineNo">1920</span> fail("this should have thrown CoprocessorException");<a name="line.1920"></a> -<span class="sourceLineNo">1921</span> } catch (ServiceException ex) {<a name="line.1921"></a> -<span class="sourceLineNo">1922</span> // expected<a name="line.1922"></a> -<span class="sourceLineNo">1923</span> }<a name="line.1923"></a> -<span class="sourceLineNo">1924</span> } finally {<a name="line.1924"></a> -<span class="sourceLineNo">1925</span> acl.close();<a name="line.1925"></a> -<span class="sourceLineNo">1926</span> }<a name="line.1926"></a> -<span class="sourceLineNo">1927</span><a name="line.1927"></a> -<span class="sourceLineNo">1928</span> } finally {<a name="line.1928"></a> -<span class="sourceLineNo">1929</span> revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null,<a name="line.1929"></a> +<span class="sourceLineNo">1883</span> // --------------------------------------<a name="line.1883"></a> +<span class="sourceLineNo">1884</span> // test family level multiple permissions<a name="line.1884"></a> +<span class="sourceLineNo">1885</span> AccessTestAction familyReadWrite = new AccessTestAction() {<a name="line.1885"></a> +<span class="sourceLineNo">1886</span> @Override<a name="line.1886"></a> +<span class="sourceLineNo">1887</span> public Void run() throws Exception {<a name="line.1887"></a> +<span class="sourceLineNo">1888</span> checkTablePerms(TEST_UTIL, TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ,<a name="line.1888"></a> +<span class="sourceLineNo">1889</span> Permission.Action.WRITE);<a name="line.1889"></a> +<span class="sourceLineNo">1890</span> return null;<a name="line.1890"></a> +<span class="sourceLineNo">1891</span> }<a name="line.1891"></a> +<span class="sourceLineNo">1892</span> };<a name="line.1892"></a> +<span class="sourceLineNo">1893</span><a name="line.1893"></a> +<span class="sourceLineNo">1894</span> verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);<a name="line.1894"></a> +<span class="sourceLineNo">1895</span> verifyDenied(familyReadWrite, USER_NONE, USER_RO);<a name="line.1895"></a> +<span class="sourceLineNo">1896</span><a name="line.1896"></a> +<span class="sourceLineNo">1897</span> // --------------------------------------<a name="line.1897"></a> +<span class="sourceLineNo">1898</span> // check for wrong table region<a name="line.1898"></a> +<span class="sourceLineNo">1899</span> CheckPermissionsRequest checkRequest =<a name="line.1899"></a> +<span class="sourceLineNo">1900</span> CheckPermissionsRequest<a name="line.1900"></a> +<span class="sourceLineNo">1901</span> .newBuilder()<a name="line.1901"></a> +<span class="sourceLineNo">1902</span> .addPermission(<a name="line.1902"></a> +<span class="sourceLineNo">1903</span> AccessControlProtos.Permission<a name="line.1903"></a> +<span class="sourceLineNo">1904</span> .newBuilder()<a name="line.1904"></a> +<span class="sourceLineNo">1905</span> .setType(AccessControlProtos.Permission.Type.Table)<a name="line.1905"></a> +<span class="sourceLineNo">1906</span> .setTablePermission(<a name="line.1906"></a> +<span class="sourceLineNo">1907</span> AccessControlProtos.TablePermission.newBuilder()<a name="line.1907"></a> +<span class="sourceLineNo">1908</span> .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE))<a name="line.1908"></a> +<span class="sourceLineNo">1909</span> .addAction(AccessControlProtos.Permission.Action.CREATE))).build();<a name="line.1909"></a> +<span class="sourceLineNo">1910</span> Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);<a name="line.1910"></a> +<span class="sourceLineNo">1911</span> try {<a name="line.1911"></a> +<span class="sourceLineNo">1912</span> BlockingRpcChannel channel = acl.coprocessorService(new byte[0]);<a name="line.1912"></a> +<span class="sourceLineNo">1913</span> AccessControlService.BlockingInterface protocol =<a name="line.1913"></a> +<span class="sourceLineNo">1914</span> AccessControlService.newBlockingStub(channel);<a name="line.1914"></a> +<span class="sourceLineNo">1915</span> try {<a name="line.1915"></a> +<span class="sourceLineNo">1916</span> // but ask for TablePermissions for TEST_TABLE<a name="line.1916"></a> +<span class="sourceLineNo">1917</span> protocol.checkPermissions(null, checkRequest);<a name="line.1917"></a> +<span class="sourceLineNo">1918</span> fail("this should have thrown CoprocessorException");<a name="line.1918"></a> +<span class="sourceLineNo">1919</span> } catch (ServiceException ex) {<a name="line.1919"></a> +<span class="sourceLineNo">1920</span> // expected<a name="line.1920"></a> +<span class="sourceLineNo">1921</span> }<a name="line.1921"></a> +<span class="sourceLineNo">1922</span> } finally {<a name="line.1922"></a> +<span class="sourceLineNo">1923</span> acl.close();<a name="line.1923"></a> +<span class="sourceLineNo">1924</span> }<a name="line.1924"></a> +<span class="sourceLineNo">1925</span><a name="line.1925"></a> +<span class="sourceLineNo">1926</span> } finally {<a name="line.1926"></a> +<span class="sourceLineNo">1927</span> revokeFromTable(TEST_UTIL, userTable.getShortName(), TEST_TABLE, null, null,<a name="line.1927"></a> +<span class="sourceLineNo">1928</span> Permission.Action.READ);<a name="line.1928"></a> +<span class="sourceLineNo">1929</span> revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null,<a name="line.1929"></a> <span class="sourceLineNo">1930</span> Permission.Action.READ);<a name="line.1930"></a> -<span class="sourceLineNo">1931</span> revokeFromTable(TEST_UTIL, userColumn.getShortName(), TEST_TABLE, TEST_FAMILY, null,<a name="line.1931"></a> +<span class="sourceLineNo">1931</span> revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1931"></a> <span class="sourceLineNo">1932</span> Permission.Action.READ);<a name="line.1932"></a> -<span class="sourceLineNo">1933</span> revokeFromTable(TEST_UTIL, userQualifier.getShortName(), TEST_TABLE, TEST_FAMILY, TEST_Q1,<a name="line.1933"></a> -<span class="sourceLineNo">1934</span> Permission.Action.READ);<a name="line.1934"></a> -<span class="sourceLineNo">1935</span> }<a name="line.1935"></a> -<span class="sourceLineNo">1936</span> }<a name="line.1936"></a> -<span class="sourceLineNo">1937</span><a name="line.1937"></a> -<span class="sourceLineNo">1938</span> @Test<a name="line.1938"></a> -<span class="sourceLineNo">1939</span> public void testStopRegionServer() throws Exception {<a name="line.1939"></a> -<span class="sourceLineNo">1940</span> AccessTestAction action = new AccessTestAction() {<a name="line.1940"></a> -<span class="sourceLineNo">1941</span> @Override<a name="line.1941"></a> -<span class="sourceLineNo">1942</span> public Object run() throws Exception {<a name="line.1942"></a> -<span class="sourceLineNo">1943</span> ACCESS_CONTROLLER.preStopRegionServer(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1943"></a> -<span class="sourceLineNo">1944</span> return null;<a name="line.1944"></a> -<span class="sourceLineNo">1945</span> }<a name="line.1945"></a> -<span class="sourceLineNo">1946</span> };<a name="line.1946"></a> -<span class="sourceLineNo">1947</span><a name="line.1947"></a> -<span class="sourceLineNo">1948</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1948"></a> -<span class="sourceLineNo">1949</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1949"></a> -<span class="sourceLineNo">1950</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1950"></a> -<span class="sourceLineNo">1951</span> }<a name="line.1951"></a> -<span class="sourceLineNo">1952</span><a name="line.1952"></a> -<span class="sourceLineNo">1953</span> @Test<a name="line.1953"></a> -<span class="sourceLineNo">1954</span> public void testRollWALWriterRequest() throws Exception {<a name="line.1954"></a> -<span class="sourceLineNo">1955</span> AccessTestAction action = new AccessTestAction() {<a name="line.1955"></a> -<span class="sourceLineNo">1956</span> @Override<a name="line.1956"></a> -<span class="sourceLineNo">1957</span> public Object run() throws Exception {<a name="line.1957"></a> -<span class="sourceLineNo">1958</span> ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1958"></a> -<span class="sourceLineNo">1959</span> return null;<a name="line.1959"></a> -<span class="sourceLineNo">1960</span> }<a name="line.1960"></a> -<span class="sourceLineNo">1961</span> };<a name="line.1961"></a> -<span class="sourceLineNo">1962</span><a name="line.1962"></a> -<span class="sourceLineNo">1963</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1963"></a> -<span class="sourceLineNo">1964</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1964"></a> -<span class="sourceLineNo">1965</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1965"></a> -<span class="sourceLineNo">1966</span> }<a name="line.1966"></a> -<span class="sourceLineNo">1967</span><a name="line.1967"></a> -<span class="sourceLineNo">1968</span> @Test<a name="line.1968"></a> -<span class="sourceLineNo">1969</span> public void testOpenRegion() throws Exception {<a name="line.1969"></a> -<span class="sourceLineNo">1970</span> AccessTestAction action = new AccessTestAction() {<a name="line.1970"></a> -<span class="sourceLineNo">1971</span> @Override<a name="line.1971"></a> -<span class="sourceLineNo">1972</span> public Object run() throws Exception {<a name="line.1972"></a> -<span class="sourceLineNo">1973</span> ACCESS_CONTROLLER.preOpen(ObserverContextImpl.createAndPrepare(RCP_ENV));<a name="line.1973"></a> -<span class="sourceLineNo">1974</span> return null;<a name="line.1974"></a> -<span class="sourceLineNo">1975</span> }<a name="line.1975"></a> -<span class="sourceLineNo">1976</span> };<a name="line.1976"></a> -<span class="sourceLineNo">1977</span><a name="line.1977"></a> -<span class="sourceLineNo">1978</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1978"></a> -<span class="sourceLineNo">1979</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1979"></a> -<span class="sourceLineNo">1980</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1980"></a> -<span class="sourceLineNo">1981</span> }<a name="line.1981"></a> -<span class="sourceLineNo">1982</span><a name="line.1982"></a> -<span class="sourceLineNo">1983</span> @Test<a name="line.1983"></a> -<span class="sourceLineNo">1984</span> public void testCloseRegion() throws Exception {<a name="line.1984"></a> -<span class="sourceLineNo">1985</span> AccessTestAction action = new AccessTestAction() {<a name="line.1985"></a> -<span class="sourceLineNo">1986</span> @Override<a name="line.1986"></a> -<span class="sourceLineNo">1987</span> public Object run() throws Exception {<a name="line.1987"></a> -<span class="sourceLineNo">1988</span> ACCESS_CONTROLLER.preClose(ObserverContextImpl.createAndPrepare(RCP_ENV), false);<a name="line.1988"></a> -<span class="sourceLineNo">1989</span> return null;<a name="line.1989"></a> -<span class="sourceLineNo">1990</span> }<a name="line.1990"></a> -<span class="sourceLineNo">1991</span> };<a name="line.1991"></a> -<span class="sourceLineNo">1992</span><a name="line.1992"></a> -<span class="sourceLineNo">1993</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1993"></a> -<span class="sourceLineNo">1994</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1994"></a> -<span class="sourceLineNo">1995</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1995"></a> -<span class="sourceLineNo">1996</span> }<a name="line.1996"></a> -<span class="sourceLineNo">1997</span><a name="line.1997"></a> -<span class="sourceLineNo">1998</span> @Test<a name="line.1998"></a> -<span class="sourceLineNo">1999</span> public void testSnapshot() throws Exception {<a name="line.1999"></a> -<span class="sourceLineNo">2000</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.2000"></a> -<span class="sourceLineNo">2001</span> final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE);<a name="line.2001"></a> -<span class="sourceLineNo">2002</span> final SnapshotDescription snapshot = new SnapshotDescription(<a name="line.2002"></a> -<span class="sourceLineNo">2003</span> TEST_TABLE.getNameAsString() + "-snapshot", TEST_TABLE);<a name="line.2003"></a> -<span class="sourceLineNo">2004</span> AccessTestAction snapshotAction = new AccessTestAction() {<a name="line.2004"></a> -<span class="sourceLineNo">2005</span> @Override<a name="line.2005"></a> -<span class="sourceLineNo">2006</span> public Object run() throws Exception {<a name="line.2006"></a> -<span class="sourceLineNo">2007</span> ACCESS_CONTROLLER.preSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2007"></a> -<span class="sourceLineNo">2008</span> snapshot, htd);<a name="line.2008"></a> -<span class="sourceLineNo">2009</span> return null;<a name="line.2009"></a> -<span class="sourceLineNo">2010</span> }<a name="line.2010"></a> -<span class="sourceLineNo">2011</span> };<a name="line.2011"></a> -<span class="sourceLineNo">2012</span><a name="line.2012"></a> -<span class="sourceLineNo">2013</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.2013"></a> -<span class="sourceLineNo">2014</span> @Override<a name="line.2014"></a> -<span class="sourceLineNo">2015</span> public Object run() throws Exception {<a name="line.2015"></a> -<span class="sourceLineNo">2016</span> ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2016"></a> -<span class="sourceLineNo">2017</span> snapshot);<a name="line.2017"></a> -<span class="sourceLineNo">2018</span> return null;<a name="line.2018"></a> -<span class="sourceLineNo">2019</span> }<a name="line.2019"></a> -<span class="sourceLineNo">2020</span> };<a name="line.2020"></a> -<span class="sourceLineNo">2021</span><a name="line.2021"></a> -<span class="sourceLineNo">2022</span> AccessTestAction restoreAction = new AccessTestAction() {<a name="line.2022"></a> -<span class="sourceLineNo">2023</span> @Override<a name="line.2023"></a> -<span class="sourceLineNo">2024</span> public Object run() throws Exception {<a name="line.2024"></a> -<span class="sourceLineNo">2025</span> ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2025"></a> -<span class="sourceLineNo">2026</span> snapshot, htd);<a name="line.2026"></a> -<span class="sourceLineNo">2027</span> return null;<a name="line.2027"></a> -<span class="sourceLineNo">2028</span> }<a name="line.2028"></a> -<span class="sourceLineNo">2029</span> };<a name="line.2029"></a> -<span class="sourceLineNo">2030</span><a name="line.2030"></a> -<span class="sourceLineNo">2031</span> AccessTestAction cloneAction = new AccessTestAction() {<a name="line.2031"></a> -<span class="sourceLineNo">2032</span> @Override<a name="line.2032"></a> -<span class="sourceLineNo">2033</span> public Object run() throws Exception {<a name="line.2033"></a> -<span class="sourceLineNo">2034</span> ACCESS_CONTROLLER.preCloneSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2034"></a> -<span class="sourceLineNo">2035</span> snapshot, null);<a name="line.2035"></a> -<span class="sourceLineNo">2036</span> return null;<a name="line.2036"></a> -<span class="sourceLineNo">2037</span> }<a name="line.2037"></a> -<span class="sourceLineNo">2038</span> };<a name="line.2038"></a> -<span class="sourceLineNo">2039</span><a name="line.2039"></a> -<span class="sourceLineNo">2040</span> verifyAllowed(snapshotAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2040"></a> -<span class="sourceLineNo">2041</span> verifyDenied(snapshotAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2041"></a> -<span class="sourceLineNo">2042</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2042"></a> -<span class="sourceLineNo">2043</span><a name="line.2043"></a> -<span class="sourceLineNo">2044</span> verifyAllowed(cloneAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2044"></a> -<span class="sourceLineNo">2045</span> verifyDenied(deleteAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2045"></a> -<span class="sourceLineNo">2046</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2046"></a> -<span class="sourceLineNo">2047</span><a name="line.2047"></a> -<span class="sourceLineNo">2048</span> verifyAllowed(restoreAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2048"></a> -<span class="sourceLineNo">2049</span> verifyDenied(restoreAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2049"></a> -<span class="sourceLineNo">2050</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2050"></a> -<span class="sourceLineNo">2051</span><a name="line.2051"></a> -<span class="sourceLineNo">2052</span> verifyAllowed(deleteAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2052"></a> -<span class="sourceLineNo">2053</span> verifyDenied(cloneAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2053"></a> -<span class="sourceLineNo">2054</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2054"></a> -<span class="sourceLineNo">2055</span> }<a name="line.2055"></a> -<span class="sourceLineNo">2056</span><a name="line.2056"></a> -<span class="sourceLineNo">2057</span> @Test<a name="line.2057"></a> -<span class="sourceLineNo">2058</span> public void testSnapshotWithOwner() throws Exception {<a name="line.2058"></a> -<span class="sourceLineNo">2059</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.2059"></a> -<span class="sourceLineNo">2060</span> final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE);<a name="line.2060"></a> -<span class="sourceLineNo">2061</span> final SnapshotDescription snapshot = new SnapshotDescription(<a name="line.2061"></a> -<span class="sourceLineNo">2062</span> TEST_TABLE.getNameAsString() + "-snapshot", TEST_TABLE, null, USER_OWNER.getName());<a name="line.2062"></a> -<span class="sourceLineNo">2063</span><a name="line.2063"></a> -<span class="sourceLineNo">2064</span> AccessTestAction snapshotAction = new AccessTestAction() {<a name="line.2064"></a> -<span class="sourceLineNo">2065</span> @Override<a name="line.2065"></a> -<span class="sourceLineNo">2066</span> public Object run() throws Exception {<a name="line.2066"></a> -<span class="sourceLineNo">2067</span> ACCESS_CONTROLLER.preSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2067"></a> -<span class="sourceLineNo">2068</span> snapshot, htd);<a name="line.2068"></a> -<span class="sourceLineNo">2069</span> return null;<a name="line.2069"></a> -<span class="sourceLineNo">2070</span> }<a name="line.2070"></a> -<span class="sourceLineNo">2071</span> };<a name="line.2071"></a> -<span class="sourceLineNo">2072</span> verifyAllowed(snapshotAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2072"></a> -<span class="sourceLineNo">2073</span> verifyDenied(snapshotAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2073"></a> -<span class="sourceLineNo">2074</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2074"></a> -<span class="sourceLineNo">2075</span><a name="line.2075"></a> -<span class="sourceLineNo">2076</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.2076"></a> -<span class="sourceLineNo">2077</span> @Override<a name="line.2077"></a> -<span class="sourceLineNo">2078</span> public Object run() throws Exception {<a name="line.2078"></a> -<span class="sourceLineNo">2079</span> ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2079"></a> -<span class="sourceLineNo">2080</span> snapshot);<a name="line.2080"></a> -<span class="sourceLineNo">2081</span> return null;<a name="line.2081"></a> -<span class="sourceLineNo">2082</span> }<a name="line.2082"></a> -<span class="sourceLineNo">2083</span> };<a name="line.2083"></a> -<span class="sourceLineNo">2084</span> verifyAllowed(deleteAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2084"></a> -<span class="sourceLineNo">2085</span> verifyDenied(deleteAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2085"></a> -<span class="sourceLineNo">2086</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2086"></a> -<span class="sourceLineNo">2087</span><a name="line.2087"></a> -<span class="sourceLineNo">2088</span> AccessTestAction restoreAction = new AccessTestAction() {<a name="line.2088"></a> -<span class="sourceLineNo">2089</span> @Override<a name="line.2089"></a> -<span class="sourceLineNo">2090</span> public Object run() throws Exception {<a name="line.2090"></a> -<span class="sourceLineNo">2091</span> ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2091"></a> -<span class="sourceLineNo">2092</span> snapshot, htd);<a name="line.2092"></a> -<span class="sourceLineNo">2093</span> return null;<a name="line.2093"></a> -<span class="sourceLineNo">2094</span> }<a name="line.2094"></a> -<span class="sourceLineNo">2095</span> };<a name="line.2095"></a> -<span class="sourceLineNo">2096</span> verifyAllowed(restoreAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2096"></a> -<span class="sourceLineNo">2097</span> verifyDenied(restoreAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2097"></a> -<span class="sourceLineNo">2098</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2098"></a> -<span class="sourceLineNo">2099</span><a name="line.2099"></a> -<span class="sourceLineNo">2100</span> AccessTestAction cloneAction = new AccessTestAction() {<a name="line.2100"></a> -<span class="sourceLineNo">2101</span> @Override<a name="line.2101"></a> -<span class="sourceLineNo">2102</span> public Object run() throws Exception {<a name="line.2102"></a> -<span class="sourceLineNo">2103</span> ACCESS_CONTROLLER.preCloneSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2103"></a> -<span class="sourceLineNo">2104</span> snapshot, htd);<a name="line.2104"></a> -<span class="sourceLineNo">2105</span> return null;<a name="line.2105"></a> -<span class="sourceLineNo">2106</span> }<a name="line.2106"></a> -<span class="sourceLineNo">2107</span> };<a name="line.2107"></a> -<span class="sourceLineNo">2108</span> verifyAllowed(cloneAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN, USER_OWNER);<a name="line.2108"></a> -<span class="sourceLineNo">2109</span> verifyDenied(cloneAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2109"></a> -<span class="sourceLineNo">2110</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2110"></a> -<span class="sourceLineNo">2111</span> }<a name="line.2111"></a> -<span class="sourceLineNo">2112</span><a name="line.2112"></a> -<span class="sourceLineNo">2113</span> @Test<a name="line.2113"></a> -<span class="sourceLineNo">2114</span> public void testGlobalAuthorizationForNewRegisteredRS() throws Exception {<a name="line.2114"></a> -<span class="sourceLineNo">2115</span> LOG.debug("Test for global authorization for a new registered RegionServer.");<a name="line.2115"></a> -<span class="sourceLineNo">2116</span> MiniHBaseCluster hbaseCluster = TEST_UTIL.getHBaseCluster();<a name="line.2116"></a> -<span class="sourceLineNo">2117</span><a name="line.2117"></a> -<span class="sourceLineNo">2118</span> final Admin admin = TEST_UTIL.getAdmin();<a name="line.2118"></a> -<span class="sourceLineNo">2119</span> HTableDescriptor htd = new HTableDescriptor(TEST_TABLE2);<a name="line.2119"></a> -<span class="sourceLineNo">2120</span> htd.addFamily(new HColumnDescriptor(TEST_FAMILY));<a name="line.2120"></a> -<span class="sourceLineNo">2121</span> createTable(TEST_UTIL, htd);<a name="line.2121"></a> -<span class="sourceLineNo">2122</span><a name="line.2122"></a> -<span class="sourceLineNo">2123</span> // Starting a new RegionServer.<a name="line.2123"></a> -<span class="sourceLineNo">2124</span> JVMClusterUtil.RegionServerThread newRsThread = hbaseCluster<a name="line.2124"></a> -<span class="sourceLineNo">2125</span> .startRegionServer();<a name="line.2125"></a> -<span class="sourceLineNo">2126</span> final HRegionServer newRs = newRsThread.getRegionServer();<a name="line.2126"></a> -<span class="sourceLineNo">2127</span><a name="line.2127"></a> -<span class="sourceLineNo">2128</span> // Move region to the new RegionServer.<a name="line.2128"></a> -<span class="sourceLineNo">2129</span> List<HRegionLocation> regions;<a name="line.2129"></a> -<span class="sourceLineNo">2130</span> try (RegionLocator locator = systemUserConnection.getRegionLocator(TEST_TABLE2)) {<a name="line.2130"></a> -<span class="sourceLineNo">2131</span> regions = locator.getAllRegionLocations();<a name="line.2131"></a> -<span class="sourceLineNo">2132</span> }<a name="line.2132"></a> -<span class="sourceLineNo">2133</span> HRegionLocation location = regions.get(0);<a name="line.2133"></a> -<span class="sourceLineNo">2134</span> final HRegionInfo hri = location.getRegionInfo();<a name="line.2134"></a> -<span class="sourceLineNo">2135</span> final ServerName server = location.getServerName();<a name="line.2135"></a> -<span class="sourceLineNo">2136</span> try (Table table = systemUserConnection.getTable(TEST_TABLE2)) {<a name="line.2136"></a> -<span class="sourceLineNo">2137</span> AccessTestAction moveAction = new AccessTestAction() {<a name="line.2137"></a> -<span class="sourceLineNo">2138</span> @Override<a name="line.2138"></a> -<span class="sourceLineNo">2139</span> public Object run() throws Exception {<a name="line.2139"></a> -<span class="sourceLineNo">2140</span> admin.move(hri.getEncodedNameAsBytes(),<a name="line.2140"></a> -<span class="sourceLineNo">2141</span> Bytes.toBytes(newRs.getServerName().getServerName()));<a name="line.2141"></a> -<span class="sourceLineNo">2142</span> return null;<a name="line.2142"></a> -<span class="sourceLineNo">2143</span> }<a name="line.2143"></a> -<span class="sourceLineNo">2144</span> };<a name="line.2144"></a> -<span class="sourceLineNo">2145</span> SUPERUSER.runAs(moveAction);<a name="line.2145"></a> -<span class="sourceLineNo">2146</span><a name="line.2146"></a> -<span class="sourceLineNo">2147</span> final int RETRIES_LIMIT = 10;<a name="line.2147"></a> -<span class="sourceLineNo">2148</span> int retries = 0;<a name="line.2148"></a> -<span class="sourceLineNo">2149</span> while (newRs.getRegions(TEST_TABLE2).size() < 1 && retries < RETRIES_LIMIT) {<a name="line.2149"></a> -<span class="sourceLineNo">2150</span> LOG.debug("Waiting for region to be opened. Already retried " + retries<a name="line.2150"></a> -<span class="sourceLineNo">2151</span> + " times.");<a name="line.2151"></a> -<span class="sourceLineNo">2152</span> try {<a name="line.2152"></a> -<span class="sourceLineNo">2153</span> Thread.sleep(1000);<a name="line.2153"></a> -<span class="sourceLineNo">2154</span> } catch (InterruptedException e) {<a name="line.2154"></a> -<span class="sourceLineNo">2155</span> }<a name="line.2155"></a> -<span class="sourceLineNo">2156</span> retries++;<a name="line.2156"></a> -<span class="sourceLineNo">2157</span> if (retries == RETRIES_LIMIT - 1) {<a name="line.2157"></a> -<span class="sourceLineNo">2158</span> fail("Retry exhaust for waiting region to be opened.");<a name="line.2158"></a> -<span class="sourceLineNo">2159</span> }<a name="line.2159"></a> -<span class="sourceLineNo">2160</span> }<a name="line.2160"></a> -<span class="sourceLineNo">2161</span> // Verify write permission for user "admin2" who has the global<a name="line.2161"></a> -<span class="sourceLineNo">2162</span> // permissions.<a name="line.2162"></a> -<span class="sourceLineNo">2163</span> AccessTestAction putAction = new AccessTestAction() {<a name="line.2163"></a> -<span class="sourceLineNo">2164</span> @Override<a name="line.2164"></a> -<span class="sourceLineNo">2165</span> public Object run() throws Exception {<a name="line.2165"></a> -<span class="sourceLineNo">2166</span> Put put = new Put(Bytes.toBytes("test"));<a name="line.2166"></a> -<span class="sourceLineNo">2167</span> put.addColumn(TEST_FAMILY, Bytes.toBytes("qual"), Bytes.toBytes("value"));<a name="line.2167"></a> -<span class="sourceLineNo">2168</span> table.put(put);<a name="line.2168"></a> -<span class="sourceLineNo">2169</span> return null;<a name="line.2169"></a> -<span class="sourceLineNo">2170</span> }<a name="line.2170"></a> -<span class="sourceLineNo">2171</span> };<a name="line.2171"></a> -<span class="sourceLineNo">2172</span> USER_ADMIN.runAs(putAction);<a name="line.2172"></a> -<span class="sourceLineNo">2173</span> }<a name="line.2173"></a> -<span class="sourceLineNo">2174</span> }<a name="line.2174"></a> -<span class="sourceLineNo">2175</span><a name="line.2175"></a> -<span class="sourceLineNo">2176</span> @Test<a name="line.2176"></a> -<span class="sourceLineNo">2177</span> public void testTableDescriptorsEnumeration() throws Exception {<a name="line.2177"></a> -<span class="sourceLineNo">2178</span> User TABLE_ADMIN = User.createUserForTesting(conf, "UserA", new String[0]);<a name="line.2178"></a> -<span class="sourceLineNo">2179</span><a name="line.2179"></a> -<span class="sourceLineNo">2180</span> // Grant TABLE ADMIN privs<a name="line.2180"></a> -<span class="sourceLineNo">2181</span> grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,<a name="line.2181"></a> -<span class="sourceLineNo">2182</span> Permission.Action.ADMIN);<a name="line.2182"></a> -<span class="sourceLineNo">2183</span> try {<a name="line.2183"></a> -<span class="sourceLineNo">2184</span> AccessTestAction listTablesAction = new AccessTestAction() {<a name="line.2184"></a> -<span class="sourceLineNo">2185</span> @Override<a name="line.2185"></a> -<span class="sourceLineNo">2186</span> public Object run() throws Exception {<a name="line.2186"></a> -<span class="sourceLineNo">2187</span> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2187"></a> -<span class="sourceLineNo">2188</span> Admin admin = conn.getAdmin()) {<a name="line.2188"></a> -<span class="sourceLineNo">2189</span> return Arrays.asList(admin.listTables());<a name="line.2189"></a> -<span class="sourceLineNo">2190</span> }<a name="line.2190"></a> -<span class="sourceLineNo">2191</span> }<a name="line.2191"></a> -<span class="sourceLineNo">2192</span> };<a name="line.2192"></a> -<span class="sourceLineNo">2193</span><a name="line.2193"></a> -<span class="sourceLineNo">2194</span> AccessTestAction getTableDescAction = new AccessTestAction() {<a name="line.2194"></a> -<span class="sourceLineNo">2195</span> @Override<a name="line.2195"></a> -<span class="sourceLineNo">2196</span> public Object run() throws Exception {<a name="line.2196"></a> -<span class="sourceLineNo">2197</span> try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2197"></a> -<span class="sourceLineNo">2198</span> Admin admin = conn.getAdmin()) {<a name="line.2198"></a> -<span class="sourceLineNo">2199</span> return admin.getTableDescriptor(TEST_TABLE);<a name="line.2199"></a> -<span class="sourceLineNo">2200</span> }<a name="line.2200"></a> -<span class="sourceLineNo">2201</span> }<a name="line.2201"></a> -<span class="sourceLineNo">2202</span> };<a name="line.2202"></a> -<span class="sourceLineNo">2203</span><a name="line.2203"></a> -<span class="sourceLineNo">2204</span> verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, TABLE_ADMIN,<a name="line.2204"></a> -<span class="sourceLineNo">2205</span> USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.2205"></a> -<span class="sourceLineNo">2206</span> verifyIfEmptyList(listTablesAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2206"></a> -<span class="sourceLineNo">2207</span> USER_GROUP_WRITE);<a name="line.2207"></a> -<span class="sourceLineNo">2208</span><a name="line.2208"></a> -<span class="sourceLineNo">2209</span> verifyAllowed(getTableDescAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER,<a name="line.2209"></a> -<span class="sourceLineNo">2210</span> TABLE_ADMIN, USER_GROUP_CREATE, USER_GROUP_ADMIN);<a name="line.2210"></a> -<span class="sourceLineNo">2211</span> verifyDenied(getTableDescAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2211"></a> -<span class="sourceLineNo">2212</span> USER_GROUP_WRITE);<a name="line.2212"></a> -<span class="sourceLineNo">2213</span> } finally {<a name="line.2213"></a> -<span class="sourceLineNo">2214</span> // Cleanup, revoke TABLE ADMIN privs<a name="line.2214"></a> -<span class="sourceLineNo">2215</span> revokeFromTable(TEST_UTIL, TABLE_ADMIN.getShortName(), TEST_TABLE, null, null,<a name="line.2215"></a> -<span class="sourceLineNo">2216</span> Permission.Action.ADMIN);<a name="line.2216"></a> -<span class="sourceLineNo">2217</span> }<a name="line.2217"></a> -<span class="sourceLineNo">2218</span> }<a name="line.2218"></a> -<span class="sourceLineNo">2219</span><a name="line.2219"></a> -<span class="sourceLineNo">2220</span> @Test<a name="line.2220"></a> -<span class="sourceLineNo">2221</span> public void testTableNameEnumeration() throws Exception {<a name="line.2221"></a> -<span class="sourceLineNo">2222</span> AccessTestAction listTablesAction = new AccessTestAction() {<a name="line.2222"></a> -<span class="sourceLineNo">2223</span> @Override<a name="line.2223"></a> -<span class="sourceLineNo">2224</span> public Object run() throws Exception {<a name="line.2224"></a> -<span class="sourceLineNo">2225</span> Connection unmanagedConnection =<a name="line.2225"></a> -<span class="sourceLineNo">2226</span> ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2226"></a> -<span class="sourceLineNo">2227</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.2227"></a> -<span class="sourceLineNo">2228</span> try {<a name="line.2228"></a> -<span class="sourceLineNo">2229</span> return Arrays.asList(admin.listTableNames());<a name="line.2229"></a> -<span class="sourceLineNo">2230</span> } finally {<a name="line.2230"></a> -<span class="sourceLineNo">2231</span> admin.close();<a name="line.2231"></a> -<span class="sourceLineNo">2232</span> unmanagedConnection.close();<a name="line.2232"></a> -<span class="sourceLineNo">2233</span> }<a name="line.2233"></a> -<span class="sourceLineNo">2234</span> }<a name="line.2234"></a> -<span class="sourceLineNo">2235</span> };<a name="line.2235"></a> -<span class="sourceLineNo">2236</span><a name="line.2236"></a> -<span class="sourceLineNo">2237</span> verifyAllowed(listTablesAction, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER, USER_RW,<a name="line.2237"></a> -<span class="sourceLineNo">2238</span> USER_RO, USER_GROUP_CREATE, USER_GROUP_ADMIN, USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.2238"></a> -<span class="sourceLineNo">2239</span> verifyIfEmptyList(listTablesAction, USER_NONE);<a name="line.2239"></a> -<span class="sourceLineNo">2240</span> }<a name="line.2240"></a> -<span class="sourceLineNo">2241</span><a name="line.2241"></a> -<span class="sourceLineNo">2242</span> @Test<a name="line.2242"></a> -<span class="sourceLineNo">2243</span> public void testTableDeletion() throws Exception {<a name="line.2243"></a> -<span class="sourceLineNo">2244</span> User TABLE_ADMIN = User.createUserForTesting(conf, "TestUser", new String[0]);<a name="line.2244"></a> -<span class="sourceLineNo">2245</span> final TableName tableName = TableName.valueOf(name.getMethodName());<a name="line.2245"></a> -<span class="sourceLineNo">2246</span> createTestTable(tableName);<a name="line.2246"></a> -<span class="sourceLineNo">2247</span><a name="line.2247"></a> -<span class="sourceLineNo">2248</span> // Grant TABLE ADMIN privs<a name="line.2248"></a> -<span class="sourceLineNo">2249</span> grantOnTable(TEST_UTIL, TABLE_ADMIN.getShortName(), tableName, null, null, Permission.Action.ADMIN);<a name="line.2249"></a> -<span class="sourceLineNo">2250</span><a name="line.2250"></a> -<span class="sourceLineNo">2251</span> AccessTestAction deleteTableAction = new AccessTestAction() {<a name="line.2251"></a> -<span class="sourceLineNo">2252</span> @Override<a name="line.2252"></a> -<span class="sourceLineNo">2253</span> public Object run() throws Exception {<a name="line.2253"></a> -<span class="sourceLineNo">2254</span> Connection unmanagedConnection =<a name="line.2254"></a> -<span class="sourceLineNo">2255</span> ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());<a name="line.2255"></a> -<span class="sourceLineNo">2256</span> Admin admin = unmanagedConnection.getAdmin();<a name="line.2256"></a> -<span class="sourceLineNo">2257</span> try {<a name="line.2257"></a> -<span class="sourceLineNo">2258</span> deleteTable(TEST_UTIL, admin, tableName);<a name="line.2258"></a> -<span class="sourceLineNo">2259</span> } finally {<a name="line.2259"></a> -<span class="sourceLineNo">2260</span> admin.close();<a name="line.2260"></a> -<span class="sourceLineNo">2261</span> unmanagedConnection.close();<a name="line.2261"></a> -<span class="sourceLineNo">2262</span> }<a name="line.2262"></a> -<span class="sourceLineNo">2263</span> return null;<a name="line.2263"></a> -<span class="sourceLineNo">2264</span> }<a name="line.2264"></a> -<span class="sourceLineNo">2265</span> };<a name="line.2265"></a> -<span class="sourceLineNo">2266</span><a name="line.2266"></a> -<span class="sourceLineNo">2267</span> verifyDenied(deleteTableAction, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2267"></a> -<span class="sourceLineNo">2268</span> USER_GROUP_WRITE);<a name="line.2268"></a> -<span class="sourceLineNo">2269</span> verifyAllowed(deleteTableAction, TABLE_ADMIN);<a name="line.2269"></a> -<span class="sourceLineNo">2270</span> }<a name="line.2270"></a> -<span class="sourceLineNo">2271</span><a name="line.2271"></a> -<span class="sourceLineNo">2272</span> private void createTestTable(TableName tname) throws Exception {<a name="line.2272"></a> -<span class="sourceLineNo">2273</span> createTestTable(tname, TEST_FAMILY);<a name="line.2273"></a> -<span class="sourceLineNo">2274</span> }<a name="line.2274"></a> -<span class="sourceLineNo">2275</span><a name="line.2275"></a> -<span class="sourceLineNo">2276</span> private void createTestTable(TableName tname, byte[] cf) throws Exception {<a name="line.2276"></a> -<span class="sourceLineNo">2277</span> HTableDescriptor htd = new HTableDescriptor(tname);<a name="line.2277"></a> -<span class="sourceLineNo">2278</span> HColumnDescriptor hcd = new HColumnDescriptor(cf);<a name="line.2278"></a> -<span class="sourceLineNo">2279</span> hcd.setMaxVersions(100);<a name="line.2279"></a> -<span class="sourceLineNo">2280</span> htd.addFamily(hcd);<a name="line.2280"></a> -<span class="sourceLineNo">2281</span> htd.setOwner(USER_OWNER);<a name="line.2281"></a> -<span class="sourceLineNo">2282</span> createTable(TEST_UTIL, htd, new byte[][] { Bytes.toBytes("s") });<a name="line.2282"></a> -<span class="sourceLineNo">2283</span> }<a name="line.2283"></a> -<span class="sourceLineNo">2284</span><a name="line.2284"></a> -<span class="sourceLineNo">2285</span> @Test<a name="line.2285"></a> -<span class="sourceLineNo">2286</span> public void testNamespaceUserGrant() throws Exception {<a name="line.2286"></a> -<span class="sourceLineNo">2287</span> AccessTestAction getAction = new AccessTestAction() {<a name="line.2287"></a> -<span class="sourceLineNo">2288</span> @Override<a name="line.2288"></a> -<span class="sourceLineNo">2289</span> public Object run() throws Exception {<a name="line.2289"></a> -<span class="sourceLineNo">2290</span> try(Connection conn = ConnectionFactory.createConnection(conf);<a name="line.2290"></a> -<span class="sourceLineNo">2291</span> Table t = conn.getTable(TEST_TABLE)) {<a name="line.2291"></a> -<span class="sourceLineNo">2292</span> return t.get(new Get(TEST_ROW));<a name="line.2292"></a> -<span class="sourceLineNo">2293</span> }<a name="line.2293"></a> -<span class="sourceLineNo">2294</span> }<a name="line.2294"></a> -<span class="sourceLineNo">2295</span> };<a name="line.2295"></a> +<span class="sourceLineNo">1933</span> }<a name="line.1933"></a> +<span class="sourceLineNo">1934</span> }<a name="line.1934"></a> +<span class="sourceLineNo">1935</span><a name="line.1935"></a> +<span class="sourceLineNo">1936</span> @Test<a name="line.1936"></a> +<span class="sourceLineNo">1937</span> public void testStopRegionServer() throws Exception {<a name="line.1937"></a> +<span class="sourceLineNo">1938</span> AccessTestAction action = new AccessTestAction() {<a name="line.1938"></a> +<span class="sourceLineNo">1939</span> @Override<a name="line.1939"></a> +<span class="sourceLineNo">1940</span> public Object run() throws Exception {<a name="line.1940"></a> +<span class="sourceLineNo">1941</span> ACCESS_CONTROLLER.preStopRegionServer(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1941"></a> +<span class="sourceLineNo">1942</span> return null;<a name="line.1942"></a> +<span class="sourceLineNo">1943</span> }<a name="line.1943"></a> +<span class="sourceLineNo">1944</span> };<a name="line.1944"></a> +<span class="sourceLineNo">1945</span><a name="line.1945"></a> +<span class="sourceLineNo">1946</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1946"></a> +<span class="sourceLineNo">1947</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1947"></a> +<span class="sourceLineNo">1948</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1948"></a> +<span class="sourceLineNo">1949</span> }<a name="line.1949"></a> +<span class="sourceLineNo">1950</span><a name="line.1950"></a> +<span class="sourceLineNo">1951</span> @Test<a name="line.1951"></a> +<span class="sourceLineNo">1952</span> public void testRollWALWriterRequest() throws Exception {<a name="line.1952"></a> +<span class="sourceLineNo">1953</span> AccessTestAction action = new AccessTestAction() {<a name="line.1953"></a> +<span class="sourceLineNo">1954</span> @Override<a name="line.1954"></a> +<span class="sourceLineNo">1955</span> public Object run() throws Exception {<a name="line.1955"></a> +<span class="sourceLineNo">1956</span> ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContextImpl.createAndPrepare(RSCP_ENV));<a name="line.1956"></a> +<span class="sourceLineNo">1957</span> return null;<a name="line.1957"></a> +<span class="sourceLineNo">1958</span> }<a name="line.1958"></a> +<span class="sourceLineNo">1959</span> };<a name="line.1959"></a> +<span class="sourceLineNo">1960</span><a name="line.1960"></a> +<span class="sourceLineNo">1961</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1961"></a> +<span class="sourceLineNo">1962</span> verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.1962"></a> +<span class="sourceLineNo">1963</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.1963"></a> +<span class="sourceLineNo">1964</span> }<a name="line.1964"></a> +<span class="sourceLineNo">1965</span><a name="line.1965"></a> +<span class="sourceLineNo">1966</span> @Test<a name="line.1966"></a> +<span class="sourceLineNo">1967</span> public void testOpenRegion() throws Exception {<a name="line.1967"></a> +<span class="sourceLineNo">1968</span> AccessTestAction action = new AccessTestAction() {<a name="line.1968"></a> +<span class="sourceLineNo">1969</span> @Override<a name="line.1969"></a> +<span class="sourceLineNo">1970</span> public Object run() throws Exception {<a name="line.1970"></a> +<span class="sourceLineNo">1971</span> ACCESS_CONTROLLER.preOpen(ObserverContextImpl.createAndPrepare(RCP_ENV));<a name="line.1971"></a> +<span class="sourceLineNo">1972</span> return null;<a name="line.1972"></a> +<span class="sourceLineNo">1973</span> }<a name="line.1973"></a> +<span class="sourceLineNo">1974</span> };<a name="line.1974"></a> +<span class="sourceLineNo">1975</span><a name="line.1975"></a> +<span class="sourceLineNo">1976</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1976"></a> +<span class="sourceLineNo">1977</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1977"></a> +<span class="sourceLineNo">1978</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1978"></a> +<span class="sourceLineNo">1979</span> }<a name="line.1979"></a> +<span class="sourceLineNo">1980</span><a name="line.1980"></a> +<span class="sourceLineNo">1981</span> @Test<a name="line.1981"></a> +<span class="sourceLineNo">1982</span> public void testCloseRegion() throws Exception {<a name="line.1982"></a> +<span class="sourceLineNo">1983</span> AccessTestAction action = new AccessTestAction() {<a name="line.1983"></a> +<span class="sourceLineNo">1984</span> @Override<a name="line.1984"></a> +<span class="sourceLineNo">1985</span> public Object run() throws Exception {<a name="line.1985"></a> +<span class="sourceLineNo">1986</span> ACCESS_CONTROLLER.preClose(ObserverContextImpl.createAndPrepare(RCP_ENV), false);<a name="line.1986"></a> +<span class="sourceLineNo">1987</span> return null;<a name="line.1987"></a> +<span class="sourceLineNo">1988</span> }<a name="line.1988"></a> +<span class="sourceLineNo">1989</span> };<a name="line.1989"></a> +<span class="sourceLineNo">1990</span><a name="line.1990"></a> +<span class="sourceLineNo">1991</span> verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.1991"></a> +<span class="sourceLineNo">1992</span> verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER, USER_GROUP_CREATE,<a name="line.1992"></a> +<span class="sourceLineNo">1993</span> USER_GROUP_READ, USER_GROUP_WRITE);<a name="line.1993"></a> +<span class="sourceLineNo">1994</span> }<a name="line.1994"></a> +<span class="sourceLineNo">1995</span><a name="line.1995"></a> +<span class="sourceLineNo">1996</span> @Test<a name="line.1996"></a> +<span class="sourceLineNo">1997</span> public void testSnapshot() throws Exception {<a name="line.1997"></a> +<span class="sourceLineNo">1998</span> Admin admin = TEST_UTIL.getAdmin();<a name="line.1998"></a> +<span class="sourceLineNo">1999</span> final HTableDescriptor htd = admin.getTableDescriptor(TEST_TABLE);<a name="line.1999"></a> +<span class="sourceLineNo">2000</span> final SnapshotDescription snapshot = new SnapshotDescription(<a name="line.2000"></a> +<span class="sourceLineNo">2001</span> TEST_TABLE.getNameAsString() + "-snapshot", TEST_TABLE);<a name="line.2001"></a> +<span class="sourceLineNo">2002</span> AccessTestAction snapshotAction = new AccessTestAction() {<a name="line.2002"></a> +<span class="sourceLineNo">2003</span> @Override<a name="line.2003"></a> +<span class="sourceLineNo">2004</span> public Object run() throws Exception {<a name="line.2004"></a> +<span class="sourceLineNo">2005</span> ACCESS_CONTROLLER.preSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2005"></a> +<span class="sourceLineNo">2006</span> snapshot, htd);<a name="line.2006"></a> +<span class="sourceLineNo">2007</span> return null;<a name="line.2007"></a> +<span class="sourceLineNo">2008</span> }<a name="line.2008"></a> +<span class="sourceLineNo">2009</span> };<a name="line.2009"></a> +<span class="sourceLineNo">2010</span><a name="line.2010"></a> +<span class="sourceLineNo">2011</span> AccessTestAction deleteAction = new AccessTestAction() {<a name="line.2011"></a> +<span class="sourceLineNo">2012</span> @Override<a name="line.2012"></a> +<span class="sourceLineNo">2013</span> public Object run() throws Exception {<a name="line.2013"></a> +<span class="sourceLineNo">2014</span> ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2014"></a> +<span class="sourceLineNo">2015</span> snapshot);<a name="line.2015"></a> +<span class="sourceLineNo">2016</span> return null;<a name="line.2016"></a> +<span class="sourceLineNo">2017</span> }<a name="line.2017"></a> +<span class="sourceLineNo">2018</span> };<a name="line.2018"></a> +<span class="sourceLineNo">2019</span><a name="line.2019"></a> +<span class="sourceLineNo">2020</span> AccessTestAction restoreAction = new AccessTestAction() {<a name="line.2020"></a> +<span class="sourceLineNo">2021</span> @Override<a name="line.2021"></a> +<span class="sourceLineNo">2022</span> public Object run() throws Exception {<a name="line.2022"></a> +<span class="sourceLineNo">2023</span> ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2023"></a> +<span class="sourceLineNo">2024</span> snapshot, htd);<a name="line.2024"></a> +<span class="sourceLineNo">2025</span> return null;<a name="line.2025"></a> +<span class="sourceLineNo">2026</span> }<a name="line.2026"></a> +<span class="sourceLineNo">2027</span> };<a name="line.2027"></a> +<span class="sourceLineNo">2028</span><a name="line.2028"></a> +<span class="sourceLineNo">2029</span> AccessTestAction cloneAction = new AccessTestAction() {<a name="line.2029"></a> +<span class="sourceLineNo">2030</span> @Override<a name="line.2030"></a> +<span class="sourceLineNo">2031</span> public Object run() throws Exception {<a name="line.2031"></a> +<span class="sourceLineNo">2032</span> ACCESS_CONTROLLER.preCloneSnapshot(ObserverContextImpl.createAndPrepare(CP_ENV),<a name="line.2032"></a> +<span class="sourceLineNo">2033</span> snapshot, null);<a name="line.2033"></a> +<span class="sourceLineNo">2034</span> return null;<a name="line.2034"></a> +<span class="sourceLineNo">2035</span> }<a name="line.2035"></a> +<span class="sourceLineNo">2036</span> };<a name="line.2036"></a> +<span class="sourceLineNo">2037</span><a name="line.2037"></a> +<span class="sourceLineNo">2038</span> verifyAllowed(snapshotAction, SUPERUSER, USER_ADMIN, USER_OWNER, USER_GROUP_ADMIN);<a name="line.2038"></a> +<span class="sourceLineNo">2039</span> verifyDenied(snapshotAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,<a name="line.2039"></a> +<span class="sourceLineNo">2040</span> USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2040"></a> +<span class="sourceLineNo">2041</span><a name="line.2041"></a> +<span class="sourceLineNo">2042</span> verifyAllowed(cloneAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2042"></a> +<span class="sourceLineNo">2043</span> verifyDenied(deleteAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2043"></a> +<span class="sourceLineNo">2044</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2044"></a> +<span class="sourceLineNo">2045</span><a name="line.2045"></a> +<span class="sourceLineNo">2046</span> verifyAllowed(restoreAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2046"></a> +<span class="sourceLineNo">2047</span> verifyDenied(restoreAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2047"></a> +<span class="sourceLineNo">2048</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2048"></a> +<span class="sourceLineNo">2049</span><a name="line.2049"></a> +<span class="sourceLineNo">2050</span> verifyAllowed(deleteAction, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);<a name="line.2050"></a> +<span class="sourceLineNo">2051</span> verifyDenied(cloneAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER,<a name="line.2051"></a> +<span class="sourceLineNo">2052</span> USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);<a name="line.2052"></a> +<span class="sourceLineNo">2053</span> }<a name="line.2053"></a> +<span class="sourceLineNo">2054</span><a name="line.2054"></a> +<span class="sourceLineNo">2055</span> @Test<a name="line.2055"></a> +<span class="sourceLineNo">2056</span> public void testSnapshotWithOwner() throws Exception {<a name="line.2056"></a> +<span class="sou
<TRUNCATED>