@AfterClass public static void tearDownAfterClass() throws Exception { cleanUp(); TEST_UTIL.shutdownMiniCluster(); int total = AuthManager.getTotalRefCount(); assertTrue("Unexpected reference count: " + total, total == 0); }
tableBuilder.setColumnFamily(cfd.build()); tableBuilder.setValue(TableDescriptorBuilder.OWNER, USER_OWNER.getShortName()); createTable(TEST_UTIL, tableBuilder.build(), new byte[][] { Bytes.toBytes("s") }); grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.WRITE); grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ, grantOnTable(TEST_UTIL, USER_CREATE.getShortName(), TEST_TABLE, null, null, Permission.Action.CREATE, grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_CREATE), Permission.Action.CREATE); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_READ), Permission.Action.READ); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
@Test public void testGetRSGroupInfoOfServer() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("getRSGroupInfoOfServer"); return null; }; validateAdminPermissions(action); }
private void validateAdminPermissions(AccessTestAction action) throws Exception { verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); } }
RSGroupBasedLoadBalancer.class.getName()); enableSecurity(conf); verifyConfiguration(conf); configureRSGroupAdminEndpoint(conf); setUpTableAndUserPermissions();
private static void cleanUp() throws Exception { // Clean the _acl_ table try { deleteTable(TEST_UTIL, TEST_TABLE); } catch (TableNotFoundException ex) { // Test deleted the table, no problem LOG.info("Test deleted table " + TEST_TABLE); } // Verify all table/namespace permissions are erased assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size()); assertEquals(0, AccessControlLists.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size()); }
@Test public void testGetRSGroupInfoOfTable() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("getRSGroupInfoOfTable"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); }
RSGroupBasedLoadBalancer.class.getName()); enableSecurity(conf); verifyConfiguration(conf); configureRSGroupAdminEndpoint(conf); setUpTableAndUserPermissions();
private static void cleanUp() throws Exception { // Clean the _acl_ table try { deleteTable(TEST_UTIL, TEST_TABLE); } catch (TableNotFoundException ex) { // Test deleted the table, no problem LOG.info("Test deleted table " + TEST_TABLE); } // Verify all table/namespace permissions are erased assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size()); assertEquals(0, AccessControlLists.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size()); }
@Test public void testMoveTables() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("moveTables"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); }
tableBuilder.setColumnFamily(cfd.build()); tableBuilder.setValue(TableDescriptorBuilder.OWNER, USER_OWNER.getShortName()); createTable(TEST_UTIL, tableBuilder.build(), new byte[][] { Bytes.toBytes("s") }); grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(), Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.WRITE); grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ, grantOnTable(TEST_UTIL, USER_CREATE.getShortName(), TEST_TABLE, null, null, Permission.Action.CREATE, grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null, Permission.Action.READ); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_ADMIN), Permission.Action.ADMIN); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_CREATE), Permission.Action.CREATE); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_READ), Permission.Action.READ); grantGlobal(TEST_UTIL, toGroupEntry(GROUP_WRITE), Permission.Action.WRITE);
@Test public void testMoveServers() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("moveServers"); return null; }; validateAdminPermissions(action); }
@AfterClass public static void tearDownAfterClass() throws Exception { cleanUp(); TEST_UTIL.shutdownMiniCluster(); int total = TableAuthManager.getTotalRefCount(); assertTrue("Unexpected reference count: " + total, total == 0); }
@Test public void testMoveServersAndTables() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("moveServersAndTables"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); } }
@Test public void testMoveTables() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("moveTables"); return null; }; validateAdminPermissions(action); }
@Test public void testMoveServers() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("moveServers"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); }
@Test public void testBalanceRSGroup() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("balanceRSGroup"); return null; }; validateAdminPermissions(action); }
@Test public void testAddRSGroup() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("addRSGroup"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); }
@Test public void testListRSGroup() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("listRSGroup"); return null; }; validateAdminPermissions(action); }
@Test public void testRemoveRSGroup() throws Exception { AccessTestAction action = () -> { rsGroupAdminEndpoint.checkPermission("removeRSGroup"); return null; }; verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); }