search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HBASE-23723 Ensure MOB compaction works in optimized mode after snapshot clone (...
[hbase.git] / hbase-server / src / test / java / org / apache / hadoop / hbase / client / SnapshotWithAclTestBase.java
blob98c84d54247d749126dcd8e57d14d24ada7999c8
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18 package org.apache.hadoop.hbase.client;
19
20 import java.io.IOException;
21 import org.apache.hadoop.conf.Configuration;
22 import org.apache.hadoop.hbase.Coprocessor;
23 import org.apache.hadoop.hbase.HBaseTestingUtility;
24 import org.apache.hadoop.hbase.TableName;
25 import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
26 import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
27 import org.apache.hadoop.hbase.security.User;
28 import org.apache.hadoop.hbase.security.access.AccessControlConstants;
29 import org.apache.hadoop.hbase.security.access.AccessController;
30 import org.apache.hadoop.hbase.security.access.Permission;
31 import org.apache.hadoop.hbase.security.access.PermissionStorage;
32 import org.apache.hadoop.hbase.security.access.SecureTestUtil;
33 import org.apache.hadoop.hbase.util.Bytes;
34 import org.junit.AfterClass;
35 import org.junit.Assert;
36 import org.junit.Before;
37 import org.junit.BeforeClass;
38 import org.junit.Test;
39
40 public abstract class SnapshotWithAclTestBase extends SecureTestUtil {
41
42 private TableName TEST_TABLE = TableName.valueOf(TEST_UTIL.getRandomUUID().toString());
43
44 private static final int ROW_COUNT = 30000;
45
46 private static byte[] TEST_FAMILY = Bytes.toBytes("f1");
47 private static byte[] TEST_QUALIFIER = Bytes.toBytes("cq");
48 private static byte[] TEST_ROW = Bytes.toBytes(0);
49
50 protected static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
51
52 // user is table owner. will have all permissions on table
53 private static User USER_OWNER;
54 // user with rw permissions on column family.
55 private static User USER_RW;
56 // user with read-only permissions
57 private static User USER_RO;
58 // user with none permissions
59 private static User USER_NONE;
60
61 static class AccessReadAction implements AccessTestAction {
62
63 private TableName tableName;
64
65 public AccessReadAction(TableName tableName) {
66 this.tableName = tableName;
67 }
68
69 @Override
70 public Object run() throws Exception {
71 Get g = new Get(TEST_ROW);
72 g.addFamily(TEST_FAMILY);
73 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
74 Table t = conn.getTable(tableName)) {
75 t.get(g);
76 }
77 return null;
78 }
79 }
80
81 static class AccessWriteAction implements AccessTestAction {
82 private TableName tableName;
83
84 public AccessWriteAction(TableName tableName) {
85 this.tableName = tableName;
86 }
87
88 @Override
89 public Object run() throws Exception {
90 Put p = new Put(TEST_ROW);
91 p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(0));
92 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
93 Table t = conn.getTable(tableName)) {
94 t.put(p);
95 }
96 return null;
97 }
98 }
99
100 @BeforeClass
101 public static void setupBeforeClass() throws Exception {
102 Configuration conf = TEST_UTIL.getConfiguration();
103 // Enable security
104 enableSecurity(conf);
105 conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());
106 // Verify enableSecurity sets up what we require
107 verifyConfiguration(conf);
108 // Enable EXEC permission checking
109 conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);
110 TEST_UTIL.startMiniCluster();
111 TEST_UTIL.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);
112 MasterCoprocessorHost cpHost =
113 TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost();
114 cpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf);
115
116 USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
117 USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
118 USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
119 USER_NONE = User.createUserForTesting(conf, "usernone", new String[0]);
120 }
121
122 @Before
123 public void setUp() throws Exception {
124 TEST_UTIL.createTable(TableDescriptorBuilder.newBuilder(TEST_TABLE)
125 .setColumnFamily(
126 ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY).setMaxVersions(100).build())
127 .setOwner(USER_OWNER).build(), new byte[][] { Bytes.toBytes("s") });
128 TEST_UTIL.waitTableEnabled(TEST_TABLE);
129
130 grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null,
131 Permission.Action.READ, Permission.Action.WRITE);
132
133 grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
134 Permission.Action.READ);
135 }
136
137 private void loadData() throws IOException {
138 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
139 try (Table t = conn.getTable(TEST_TABLE)) {
140 for (int i = 0; i < ROW_COUNT; i++) {
141 Put put = new Put(Bytes.toBytes(i));
142 put.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(i));
143 t.put(put);
144 }
145 }
146 }
147 }
148
149 @AfterClass
150 public static void tearDownAfterClass() throws Exception {
151 TEST_UTIL.shutdownMiniCluster();
152 }
153
154 private void verifyRows(TableName tableName) throws IOException {
155 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
156 Table t = conn.getTable(tableName); ResultScanner scanner = t.getScanner(new Scan())) {
157 Result result;
158 int rowCount = 0;
159 while ((result = scanner.next()) != null) {
160 byte[] value = result.getValue(TEST_FAMILY, TEST_QUALIFIER);
161 Assert.assertArrayEquals(value, Bytes.toBytes(rowCount++));
162 }
163 Assert.assertEquals(ROW_COUNT, rowCount);
164 }
165 }
166
167 protected abstract void snapshot(String snapshotName, TableName tableName) throws Exception;
168
169 protected abstract void cloneSnapshot(String snapshotName, TableName tableName,
170 boolean restoreAcl) throws Exception;
171
172 protected abstract void restoreSnapshot(String snapshotName, boolean restoreAcl) throws Exception;
173
174 @Test
175 public void testRestoreSnapshot() throws Exception {
176 verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RO, USER_RW);
177 verifyDenied(new AccessReadAction(TEST_TABLE), USER_NONE);
178 verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
179 verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
180
181 loadData();
182 verifyRows(TEST_TABLE);
183
184 String snapshotName1 = TEST_UTIL.getRandomUUID().toString();
185 snapshot(snapshotName1, TEST_TABLE);
186
187 // clone snapshot with restoreAcl true.
188 TableName tableName1 = TableName.valueOf(TEST_UTIL.getRandomUUID().toString());
189 cloneSnapshot(snapshotName1, tableName1, true);
190 verifyRows(tableName1);
191 verifyAllowed(new AccessReadAction(tableName1), USER_OWNER, USER_RO, USER_RW);
192 verifyDenied(new AccessReadAction(tableName1), USER_NONE);
193 verifyAllowed(new AccessWriteAction(tableName1), USER_OWNER, USER_RW);
194 verifyDenied(new AccessWriteAction(tableName1), USER_RO, USER_NONE);
195
196 // clone snapshot with restoreAcl false.
197 TableName tableName2 = TableName.valueOf(TEST_UTIL.getRandomUUID().toString());
198 cloneSnapshot(snapshotName1, tableName2, false);
199 verifyRows(tableName2);
200 verifyAllowed(new AccessReadAction(tableName2), USER_OWNER);
201 verifyDenied(new AccessReadAction(tableName2), USER_NONE, USER_RO, USER_RW);
202 verifyAllowed(new AccessWriteAction(tableName2), USER_OWNER);
203 verifyDenied(new AccessWriteAction(tableName2), USER_RO, USER_RW, USER_NONE);
204
205 // remove read permission for USER_RO.
206 revokeFromTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
207 Permission.Action.READ);
208 verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RW);
209 verifyDenied(new AccessReadAction(TEST_TABLE), USER_RO, USER_NONE);
210 verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
211 verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
212
213 // restore snapshot with restoreAcl false.
214 TEST_UTIL.getAdmin().disableTable(TEST_TABLE);
215 restoreSnapshot(snapshotName1, false);
216 TEST_UTIL.getAdmin().enableTable(TEST_TABLE);
217 verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RW);
218 verifyDenied(new AccessReadAction(TEST_TABLE), USER_RO, USER_NONE);
219 verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
220 verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
221
222 // restore snapshot with restoreAcl true.
223 TEST_UTIL.getAdmin().disableTable(TEST_TABLE);
224 restoreSnapshot(snapshotName1, true);
225 TEST_UTIL.getAdmin().enableTable(TEST_TABLE);
226 verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RO, USER_RW);
227 verifyDenied(new AccessReadAction(TEST_TABLE), USER_NONE);
228 verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
229 verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
230 }
231 }
HBase