1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import static org.junit.Assert.assertFalse;
22  import static org.junit.Assert.assertTrue;
23  
24  import java.util.ArrayList;
25  import java.util.List;
26  import java.util.concurrent.atomic.AtomicBoolean;
27  
28  import org.apache.commons.logging.Log;
29  import org.apache.commons.logging.LogFactory;
30  import org.apache.hadoop.conf.Configuration;
31  import org.apache.hadoop.hbase.Abortable;
32  import org.apache.hadoop.hbase.HBaseTestingUtility;
33  import org.apache.hadoop.hbase.LargeTests;
34  import org.apache.hadoop.hbase.util.Bytes;
35  import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
36  import org.junit.AfterClass;
37  import org.junit.BeforeClass;
38  import org.junit.Test;
39  import org.junit.experimental.categories.Category;
40  
41  /**
42   * Test the reading and writing of access permissions to and from zookeeper.
43   */
44  @Category(LargeTests.class)
45  public class TestZKPermissionsWatcher {
46    private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class);
47    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
48    private static TableAuthManager AUTH_A;
49    private static TableAuthManager AUTH_B;
50    private final static Abortable ABORTABLE = new Abortable() {
51      private final AtomicBoolean abort = new AtomicBoolean(false);
52  
53      @Override
54      public void abort(String why, Throwable e) {
55        LOG.info(why, e);
56        abort.set(true);
57      }
58  
59      @Override
60      public boolean isAborted() {
61        return abort.get();
62      }
63    };
64  
65    private static byte[] TEST_TABLE = Bytes.toBytes("perms_test");
66  
67    @BeforeClass
68    public static void beforeClass() throws Exception {
69      // setup configuration
70      Configuration conf = UTIL.getConfiguration();
71      SecureTestUtil.enableSecurity(conf);
72  
73      // start minicluster
74      UTIL.startMiniCluster();
75      AUTH_A = TableAuthManager.get(new ZooKeeperWatcher(conf,
76        "TestZKPermissionsWatcher_1", ABORTABLE), conf);
77      AUTH_B = TableAuthManager.get(new ZooKeeperWatcher(conf,
78        "TestZKPermissionsWatcher_2", ABORTABLE), conf);
79    }
80  
81    @AfterClass
82    public static void afterClass() throws Exception {
83      UTIL.shutdownMiniCluster();
84    }
85  
86    @Test
87    public void testPermissionsWatcher() throws Exception {
88      assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
89        TablePermission.Action.READ));
90      assertFalse(AUTH_A.authorizeUser("george", TEST_TABLE, null,
91        TablePermission.Action.WRITE));
92      assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
93        TablePermission.Action.READ));
94      assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
95        TablePermission.Action.WRITE));
96  
97      assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
98        TablePermission.Action.READ));
99      assertFalse(AUTH_B.authorizeUser("george", TEST_TABLE, null,
100       TablePermission.Action.WRITE));
101     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
102       TablePermission.Action.READ));
103     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
104       TablePermission.Action.WRITE));
105 
106     // update ACL: george RW
107     List<TablePermission> acl = new ArrayList<TablePermission>();
108     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
109       TablePermission.Action.WRITE));
110     AUTH_A.setUserPermissions("george", TEST_TABLE, acl);
111     Thread.sleep(100);
112 
113     // check it
114     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
115       TablePermission.Action.READ));
116     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
117       TablePermission.Action.WRITE));
118     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
119       TablePermission.Action.READ));
120     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
121       TablePermission.Action.WRITE));
122     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
123       TablePermission.Action.READ));
124     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
125       TablePermission.Action.WRITE));
126     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
127       TablePermission.Action.READ));
128     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
129       TablePermission.Action.WRITE));
130 
131     // update ACL: hubert R
132     acl = new ArrayList<TablePermission>();
133     acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
134     AUTH_B.setUserPermissions("hubert", TEST_TABLE, acl);
135     Thread.sleep(100);
136 
137     // check it
138     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
139       TablePermission.Action.READ));
140     assertTrue(AUTH_A.authorizeUser("george", TEST_TABLE, null,
141       TablePermission.Action.WRITE));
142     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
143       TablePermission.Action.READ));
144     assertTrue(AUTH_B.authorizeUser("george", TEST_TABLE, null,
145       TablePermission.Action.WRITE));
146     assertTrue(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
147       TablePermission.Action.READ));
148     assertFalse(AUTH_A.authorizeUser("hubert", TEST_TABLE, null,
149       TablePermission.Action.WRITE));
150     assertTrue(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
151       TablePermission.Action.READ));
152     assertFalse(AUTH_B.authorizeUser("hubert", TEST_TABLE, null,
153       TablePermission.Action.WRITE));
154   }
155 }