List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testWriteRowAsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "IT"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put);/*from ww w . j a v a 2 s . c o m*/ conn.close(); return null; } }); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testWriteRowAsGroupPublic() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "public"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "public" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row try { Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put);// w w w . java 2 s. c om Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testWriteRowInColFam2AsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); String user = "IT"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row try { Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam2"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put);//from www.jav a 2 s .c o m Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testReadRowInAnotherTable() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/*from w ww . j a va 2 s. c o m*/ // Create a new table as process owner HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp4")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); admin.createTable(tableDescriptor); // Write a value Put put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val1")); Table table = conn.getTable(TableName.valueOf("temp4")); table.put(put); // Read a row Get get = new Get(Bytes.toBytes("row1")); Result result = table.get(get); byte[] valResult = result.getValue(Bytes.toBytes("colfam2"), Bytes.toBytes("col1")); Assert.assertNull(valResult); conn.close(); // Now try to read the row as group "IT" - it should fail as "IT" can only read from table "temp" String user = "IT"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp4")); // Read a row try { Get get = new Get(Bytes.toBytes("row1")); table.get(get); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Now disable and delete as process owner conn = ConnectionFactory.createConnection(conf); admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp4")); admin.deleteTable(TableName.valueOf("temp4")); conn.close(); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testDeleteRowAsGroupIT() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); // Add a new row (as process owner) Put put = new Put(Bytes.toBytes("row5")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put);/*from w w w . j a v a 2 s .c o m*/ String user = "IT"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp")); try { // Delete the new row Delete delete = new Delete(Bytes.toBytes("row5")); table.delete(delete); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Delete the new row (as process owner) Delete delete = new Delete(Bytes.toBytes("row5")); table.delete(delete); conn.close(); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testCloneSnapshotAsGroupQA() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/*w w w .ja v a 2s . co m*/ List<HBaseProtos.SnapshotDescription> snapshots = admin.listSnapshots("test_snapshot"); if (CollectionUtils.isNotEmpty(snapshots)) { admin.deleteSnapshot("test_snapshot"); } String user = "QA"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "QA" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); Table table = conn.getTable(TableName.valueOf("test_namespace", "temp")); TableName tableName = table.getName(); admin.disableTable(tableName); // Create a snapshot admin.snapshot("test_snapshot", tableName); // Clone snapshot HTableDescriptor tableDescriptor = new HTableDescriptor( TableName.valueOf("test_namespace", "temp_cloned")); TableName newTableName = tableDescriptor.getTableName(); admin.cloneSnapshot("test_snapshot", newTableName); admin.disableTable(newTableName); admin.deleteTable(newTableName); admin.enableTable(tableName); conn.close(); return null; } }); snapshots = admin.listSnapshots("test_snapshot"); if (CollectionUtils.isNotEmpty(snapshots)) { admin.deleteSnapshot("test_snapshot"); } }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testCloneSnapshotAsNonQAGroup() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/*from w w w .j a v a 2 s .c o m*/ TableName tableName = conn.getTable(TableName.valueOf("test_namespace", "temp")).getName(); admin.disableTable(tableName); // Create a snapshot List<HBaseProtos.SnapshotDescription> snapshots = admin.listSnapshots("test_snapshot"); if (CollectionUtils.isEmpty(snapshots)) { admin.snapshot("test_snapshot", tableName); } admin.enableTable(tableName); String user = "public"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "public" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); try { TableName clone = TableName.valueOf("test_namespace", "temp_cloned_public"); if (admin.tableExists(clone)) { // Delete it admin.deleteTable(clone); } // Clone snapshot admin.cloneSnapshot("test_snapshot", clone); Assert.fail("Failure expected on an unauthorized group public"); } catch (Exception e) { // Expected } conn.close(); return null; } }); TableName clone = TableName.valueOf("test_namespace", "temp_cloned_public"); if (admin.tableExists(clone)) { admin.deleteTable(clone); } admin.deleteSnapshot("test_snapshot"); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testTagBasedTablePolicy() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); final HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp3")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); // Try to create a "temp3" table as the "IT" group - this should fail String user = "IT"; // Try to create the table as the "IT" group - this should fail UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); try { admin.createTable(tableDescriptor); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected }// ww w .j a v a2 s. c om conn.close(); return null; } }); // Now try to create the table as the "dev" group - this should work ugi = UserGroupInformation.createUserForTesting("dev", new String[] { "dev" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); admin.createTable(tableDescriptor); conn.close(); return null; } }); // Drop the table Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp3")); admin.deleteTable(TableName.valueOf("temp3")); conn.close(); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testTagBasedColumnFamilyPolicy() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); // Create a new table as process owner final HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp3")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/* ww w . ja v a2s . com*/ admin.createTable(tableDescriptor); // Add a new row Put put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val1")); Table table = conn.getTable(TableName.valueOf("temp3")); table.put(put); put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam2"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); conn.close(); String user = "dev"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "dev" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp3")); // Try to read the "colfam1" of the "temp3" table as the "dev" group - this should work Get get = new Get(Bytes.toBytes("row1")); Result result = table.get(get); byte[] valResult = result.getValue(Bytes.toBytes("colfam1"), Bytes.toBytes("col1")); Assert.assertTrue(Arrays.equals(valResult, Bytes.toBytes("val1"))); // Now try to read the "colfam2" column family of the temp3 table - this should fail get = new Get(Bytes.toBytes("row1")); result = table.get(get); valResult = result.getValue(Bytes.toBytes("colfam2"), Bytes.toBytes("col1")); Assert.assertNull(valResult); conn.close(); return null; } }); // Now try to read colfam1 as the "IT" group - this should fail ugi = UserGroupInformation.createUserForTesting("IT", new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp3")); Get get = new Get(Bytes.toBytes("row1")); try { table.get(get); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } return null; } }); // Drop the table conn = ConnectionFactory.createConnection(conf); admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp3")); admin.deleteTable(TableName.valueOf("temp3")); conn.close(); }
From source file:org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.java
License:Apache License
@Test public void testTagBasedColumnPolicy() throws Exception { final Configuration conf = HBaseConfiguration.create(); conf.set("hbase.zookeeper.quorum", "localhost"); conf.set("hbase.zookeeper.property.clientPort", "" + port); conf.set("zookeeper.znode.parent", "/hbase-unsecure"); // Create a new table as process owner final HTableDescriptor tableDescriptor = new HTableDescriptor(TableName.valueOf("temp3")); // Adding column families to table descriptor tableDescriptor.addFamily(new HColumnDescriptor("colfam1")); tableDescriptor.addFamily(new HColumnDescriptor("colfam2")); Connection conn = ConnectionFactory.createConnection(conf); Admin admin = conn.getAdmin();/* w ww. ja va2 s.c o m*/ admin.createTable(tableDescriptor); // Add a new row Put put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val1")); Table table = conn.getTable(TableName.valueOf("temp3")); table.put(put); put = new Put(Bytes.toBytes("row1")); put.addColumn(Bytes.toBytes("colfam2"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); conn.close(); String user = "dev"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "dev" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp3")); // Try to write something to the "col1" column of the "colfam1" of the "temp3" table as the "dev" group // - this should work Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); table.put(put); // Try to write something to the "col2" column of the "colfam1" of the "temp3" table as the "dev" group // - this should fail put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col2"), Bytes.toBytes("val2")); try { table.put(put); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); ugi = UserGroupInformation.createUserForTesting("IT", new String[] { "IT" }); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Connection conn = ConnectionFactory.createConnection(conf); Table table = conn.getTable(TableName.valueOf("temp3")); // Try to write something to the "col1" column of the "colfam1" of the "temp3" table as the "IT" group // - this should fail Put put = new Put(Bytes.toBytes("row3")); put.addColumn(Bytes.toBytes("colfam1"), Bytes.toBytes("col1"), Bytes.toBytes("val2")); try { table.put(put); Assert.fail("Failure expected on an unauthorized user"); } catch (IOException ex) { // expected } conn.close(); return null; } }); // Drop the table conn = ConnectionFactory.createConnection(conf); admin = conn.getAdmin(); admin.disableTable(TableName.valueOf("temp3")); admin.deleteTable(TableName.valueOf("temp3")); conn.close(); }