@Override public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); // set auth for @testgroup VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL }, "@testgroup"); } catch (Throwable t) { throw new IOException(t); } return null; } });
/** * @param conf * @param user * @return labels, the given user is globally authorized for. * @throws Throwable * @deprecated Use {@link #getAuths(Connection,String)} instead. */ @Deprecated public static GetAuthsResponse getAuths(Configuration conf, final String user) throws Throwable { try (Connection connection = ConnectionFactory.createConnection(conf)) { return getAuths(connection, user); } }
/** * Retrieve the list of visibility labels defined in the system. * @param conf * @param regex The regular expression to filter which labels are returned. * @return labels The list of visibility labels defined in the system. * @throws Throwable * @deprecated Use {@link #listLabels(Connection,String)} instead. */ @Deprecated public static ListLabelsResponse listLabels(Configuration conf, final String regex) throws Throwable { try(Connection connection = ConnectionFactory.createConnection(conf)){ return listLabels(connection, regex); } }
/** * Utility method for adding label to the system. * * @param connection * @param label * @return VisibilityLabelsResponse * @throws Throwable */ public static VisibilityLabelsResponse addLabel(Connection connection, final String label) throws Throwable { return addLabels(connection, new String[] { label }); }
@Override public VisibilityLabelsResponse run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; } };
String user = "testUser"; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.setAuths(conn, auths, user); } catch (Throwable e) { throw new IOException(e); VisibilityLabelsResponse response = null; try (Connection conn = ConnectionFactory.createConnection(conf)) { response = VisibilityClient.clearAuths(conn, auths, user); } catch (Throwable e) { fail("Should not have failed"); authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { throw new IOException(e);
@Override public Void run() throws Exception { String[] auths1 = { SECRET, CONFIDENTIAL }; GetAuthsResponse authsResponse = null; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.setAuths(conn, auths1, user); try { authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { throw new IOException(e); } } catch (Throwable e) { } List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size()); for (ByteString authBS : authsResponse.getAuthList()) { authsList.add(Bytes.toString(authBS.toByteArray())); } assertEquals(2, authsList.size()); assertTrue(authsList.contains(SECRET)); assertTrue(authsList.contains(CONFIDENTIAL)); return null; } };
@Test public void testVisibilityLabelsForUserWithNoAuths() throws Throwable { String user = "admin"; String[] auths = { SECRET }; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.clearAuths(conn, auths, user); // Removing all auths if any. VisibilityClient.setAuths(conn, auths, "user1"); } TableName tableName = TableName.valueOf(TEST_NAME.getMethodName()); final Table table = createTableAndWriteDataWithLabels(tableName, SECRET); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER1.getShortName(), tableName, null, null, Permission.Action.READ); SecureTestUtil.grantOnTable(TEST_UTIL, NORMAL_USER2.getShortName(), tableName, null, null, Permission.Action.READ); PrivilegedExceptionAction<Void> getAction = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Get g = new Get(row1); g.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); try (Connection connection = ConnectionFactory.createConnection(conf); Table t = connection.getTable(table.getName())) { Result result = t.get(g); assertTrue(result.isEmpty()); } return null; } }; NORMAL_USER2.runAs(getAction); }
/** * Sets given labels globally authorized for the user. * @param connection * @param auths * @param user * @return VisibilityLabelsResponse * @throws Throwable */ public static VisibilityLabelsResponse setAuths(Connection connection, final String[] auths, final String user) throws Throwable { return setOrClearAuths(connection, auths, user, true); }
/** * Utility method for adding label to the system. * * @param conf * @param label * @return VisibilityLabelsResponse * @throws Throwable * @deprecated Use {@link #addLabel(Connection,String)} instead. */ @Deprecated public static VisibilityLabelsResponse addLabel(Configuration conf, final String label) throws Throwable { try (Connection connection = ConnectionFactory.createConnection(conf)) { return addLabels(connection, new String[] { label }); } }
@Override public VisibilityLabelsResponse run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user1"); } catch (Throwable e) { } return null; } };
String user = "testUser"; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.setAuths(conn, auths, user); } catch (Throwable e) { fail("Should not have failed"); VisibilityLabelsResponse response = null; try (Connection conn = ConnectionFactory.createConnection(conf)) { response = VisibilityClient.clearAuths(conn, auths, user); } catch (Throwable e) { fail("Should not have failed"); authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { fail("Should not have failed");
@Override public Void run() throws Exception { String[] auths1 = { SECRET, CONFIDENTIAL }; GetAuthsResponse authsResponse = null; try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.setAuths(conn, auths1, user); try { authsResponse = VisibilityClient.getAuths(conn, user); } catch (Throwable e) { fail("Should not have failed"); } } catch (Throwable e) { } List<String> authsList = new ArrayList<>(authsResponse.getAuthList().size()); for (ByteString authBS : authsResponse.getAuthList()) { authsList.add(Bytes.toString(authBS.toByteArray())); } assertEquals(2, authsList.size()); assertTrue(authsList.contains(SECRET)); assertTrue(authsList.contains(CONFIDENTIAL)); return null; } };
.getException().getName()); response = VisibilityClient.clearAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user1"); assertTrue(response.getResult(0).getException().getValue().isEmpty()); assertTrue(response.getResult(1).getException().getValue().isEmpty()); VisibilityClient.setAuths(TEST_UTIL.getConnection(), new String[] { CONFIDENTIAL, PRIVATE }, "user3"); PrivilegedExceptionAction<GetAuthsResponse> action1 =
/** * Removes given labels from user's globally authorized list of labels. * @param connection * @param auths * @param user * @return VisibilityLabelsResponse * @throws Throwable */ public static VisibilityLabelsResponse clearAuths(Connection connection, final String[] auths, final String user) throws Throwable { return setOrClearAuths(connection, auths, user, false); }
@Override public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { VisibilityClient.addLabels(conn, new String[] { SECRET, CONFIDENTIAL }); VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, }, TESTUSER.getShortName()); } catch (Throwable t) { throw new IOException(t); } return null; } });
/** * Utility method for adding labels to the system. * * @param conf * @param labels * @return VisibilityLabelsResponse * @throws Throwable * @deprecated Use {@link #addLabels(Connection,String[])} instead. */ @Deprecated public static VisibilityLabelsResponse addLabels(Configuration conf, final String[] labels) throws Throwable { try (Connection connection = ConnectionFactory.createConnection(conf)) { return addLabels(connection, labels); } }
@Override public VisibilityLabelsResponse run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { return VisibilityClient.setAuths(conn, new String[] { CONFIDENTIAL, PRIVATE }, "user3"); } catch (Throwable e) { } return null; } };
@Override public GetAuthsResponse run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(conf)) { return VisibilityClient.getAuths(conn, "user3"); } catch (Throwable e) { } return null; } };
@Override public ListLabelsResponse run() throws Exception { ListLabelsResponse response = null; try (Connection conn = ConnectionFactory.createConnection(conf)) { response = VisibilityClient.listLabels(conn, ".*secret"); } catch (Throwable e) { throw new IOException(e); } // Only return the labels that end with 'secret' List<ByteString> labels = response.getLabelList(); assertEquals(2, labels.size()); assertTrue(labels.contains(ByteString.copyFrom(Bytes.toBytes(SECRET)))); assertTrue(labels.contains(ByteString.copyFrom(Bytes.toBytes(TOPSECRET)))); return null; } };