View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase;
19  
20  import java.util.ArrayList;
21  import java.util.Arrays;
22  import java.util.List;
23  
24  import org.apache.commons.cli.CommandLine;
25  import org.apache.commons.lang.StringUtils;
26  import org.apache.hadoop.conf.Configuration;
27  import org.apache.hadoop.hbase.io.hfile.HFile;
28  import org.apache.hadoop.hbase.security.User;
29  import org.apache.hadoop.hbase.security.access.AccessController;
30  import org.apache.hadoop.hbase.testclassification.IntegrationTests;
31  import org.apache.hadoop.hbase.util.LoadTestTool;
32  import org.apache.hadoop.hbase.util.test.LoadTestDataGeneratorWithACL;
33  import org.apache.hadoop.util.ToolRunner;
34  import org.junit.experimental.categories.Category;
35  /**
36   * /**
37   * An Integration class for tests that does something with the cluster while running
38   * {@link LoadTestTool} to write and verify some data.
39   * Verifies whether cells for users with only WRITE permissions are not read back
40   * and cells with READ permissions are read back. 
41   * Every operation happens in the user's specific context
42   */
43  @Category(IntegrationTests.class)
44  public class IntegrationTestIngestWithACL extends IntegrationTestIngest {
45  
46    private static final char COLON = ':';
47    public static final char HYPHEN = '-';
48    private static final int SPECIAL_PERM_CELL_INSERTION_FACTOR = 100;
49    public static final String OPT_SUPERUSER = "superuser";
50    public static final String OPT_USERS = "userlist";
51    public static final String OPT_AUTHN = "authinfo";
52    private String superUser = "owner";
53    private String userNames = "user1,user2,user3,user4"; 
54    private String authnFileName;
55    @Override
56    public void setUpCluster() throws Exception {
57      util = getTestingUtil(null);
58      Configuration conf = util.getConfiguration();
59      conf.setInt(HFile.FORMAT_VERSION_KEY, 3);
60      conf.set("hbase.coprocessor.master.classes", AccessController.class.getName());
61      conf.set("hbase.coprocessor.region.classes", AccessController.class.getName());
62      conf.setBoolean("hbase.security.access.early_out", false);
63      // conf.set("hbase.superuser", "admin");
64      super.setUpCluster();
65    }
66  
67    @Override
68    protected String[] getArgsForLoadTestTool(String mode, String modeSpecificArg, long startKey,
69        long numKeys) {
70      String[] args = super.getArgsForLoadTestTool(mode, modeSpecificArg, startKey, numKeys);
71      List<String> tmp = new ArrayList<String>(Arrays.asList(args));
72      tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR);
73      StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName());
74      sb.append(COLON);
75      if (User.isHBaseSecurityEnabled(getConf())) {
76        sb.append(authnFileName);
77        sb.append(COLON);
78      }
79      sb.append(superUser);
80      sb.append(COLON);
81      sb.append(userNames);
82      sb.append(COLON);
83      sb.append(Integer.toString(SPECIAL_PERM_CELL_INSERTION_FACTOR));
84      tmp.add(sb.toString());
85      return tmp.toArray(new String[tmp.size()]);
86    }
87    @Override
88    protected void addOptions() {
89      super.addOptions();
90      super.addOptWithArg(OPT_SUPERUSER,
91          "Super user name used to add the ACL permissions");
92      super.addOptWithArg(OPT_USERS,
93        "List of users to be added with the ACLs.  Should be comma seperated.");
94      super
95          .addOptWithArg(
96            OPT_AUTHN,
97            "The name of the properties file that contains kerberos key tab file and principal definitions. " +
98            "The principal key in the file should be of the form hbase.<username>.kerberos.principal." +
99            " The keytab key in the file should be of the form hbase.<username>.keytab.file. Example:  " +
100           "hbase.user1.kerberos.principal=user1/fully.qualified.domain.name@YOUR-REALM.COM, " +
101           "hbase.user1.keytab.file=<filelocation>.");
102   }
103 
104   @Override
105   protected void processOptions(CommandLine cmd) {
106     super.processOptions(cmd);
107     if (cmd.hasOption(OPT_SUPERUSER)) {
108       superUser = cmd.getOptionValue(OPT_SUPERUSER);
109     }
110     if (cmd.hasOption(OPT_USERS)) {
111       userNames = cmd.getOptionValue(OPT_USERS);
112     }
113     if (User.isHBaseSecurityEnabled(getConf())) {
114       boolean authFileNotFound = false;
115       if (cmd.hasOption(OPT_AUTHN)) {
116         authnFileName = cmd.getOptionValue(OPT_AUTHN);
117         if (StringUtils.isEmpty(authnFileName)) {
118           authFileNotFound = true;
119         }
120       } else {
121         authFileNotFound = true;
122       }
123       if (authFileNotFound) {
124         super.printUsage();
125         System.exit(EXIT_FAILURE);
126       }
127     }
128   }
129 
130   public static void main(String[] args) throws Exception {
131     Configuration conf = HBaseConfiguration.create();
132     IntegrationTestingUtility.setUseDistributedCluster(conf);
133     int ret = ToolRunner.run(conf, new IntegrationTestIngestWithACL(), args);
134     System.exit(ret);
135   }
136 }