public JVMClusterUtil.MasterThread addMaster(final Configuration c, final int index, User user)
     throws IOException, InterruptedException {
   return user.runAs(
       new PrivilegedExceptionAction<JVMClusterUtil.MasterThread>() {
         public JVMClusterUtil.MasterThread run() throws Exception {
           return addMaster(c, index);
         }
       });
 }
  @BeforeClass
  public static void setUpBeforeClass() throws Exception {
    conf = TEST_UTIL.getConfiguration();

    // Set up superuser
    SecureTestUtil.configureSuperuser(conf);

    // Install the VisibilityController as a system processor
    VisibilityTestUtil.enableVisiblityLabels(conf);

    // Now, DISABLE active authorization
    conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, false);

    TEST_UTIL.startMiniCluster();

    // Wait for the labels table to become available
    TEST_UTIL.waitUntilAllRegionsAssigned(LABELS_TABLE_NAME);

    // create a set of test users
    SUPERUSER = User.createUserForTesting(conf, "admin", new String[] {"supergroup"});
    USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);

    // Define test labels
    SUPERUSER.runAs(
        new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
              VisibilityClient.addLabels(conn, new String[] {SECRET, CONFIDENTIAL, PRIVATE});
              VisibilityClient.setAuths(
                  conn, new String[] {SECRET, CONFIDENTIAL}, USER_RW.getShortName());
            } catch (Throwable t) {
              fail("Should not have failed");
            }
            return null;
          }
        });
  }
  @Test
  public void testManageUserAuths() throws Throwable {
    // Even though authorization is disabled, we should be able to manage user auths

    SUPERUSER.runAs(
        new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
              VisibilityClient.setAuths(
                  conn, new String[] {SECRET, CONFIDENTIAL}, USER_RW.getShortName());
            } catch (Throwable t) {
              fail("Should not have failed");
            }
            return null;
          }
        });

    PrivilegedExceptionAction<List<String>> getAuths =
        new PrivilegedExceptionAction<List<String>>() {
          public List<String> run() throws Exception {
            GetAuthsResponse authsResponse = null;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
              authsResponse = VisibilityClient.getAuths(conn, USER_RW.getShortName());
            } catch (Throwable t) {
              fail("Should not have failed");
            }
            List<String> authsList = new ArrayList<String>();
            for (ByteString authBS : authsResponse.getAuthList()) {
              authsList.add(Bytes.toString(authBS.toByteArray()));
            }
            return authsList;
          }
        };

    List<String> authsList = SUPERUSER.runAs(getAuths);
    assertEquals(2, authsList.size());
    assertTrue(authsList.contains(SECRET));
    assertTrue(authsList.contains(CONFIDENTIAL));

    SUPERUSER.runAs(
        new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
              VisibilityClient.clearAuths(conn, new String[] {SECRET}, USER_RW.getShortName());
            } catch (Throwable t) {
              fail("Should not have failed");
            }
            return null;
          }
        });

    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(1, authsList.size());
    assertTrue(authsList.contains(CONFIDENTIAL));

    SUPERUSER.runAs(
        new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
              VisibilityClient.clearAuths(
                  conn, new String[] {CONFIDENTIAL}, USER_RW.getShortName());
            } catch (Throwable t) {
              fail("Should not have failed");
            }
            return null;
          }
        });

    authsList = SUPERUSER.runAs(getAuths);
    assertEquals(0, authsList.size());
  }
  @Test
  public void testListNamespaces() throws Exception {
    AccessTestAction listAction =
        new AccessTestAction() {
          @Override
          public Object run() throws Exception {
            Connection unmanagedConnection =
                ConnectionFactory.createConnection(UTIL.getConfiguration());
            Admin admin = unmanagedConnection.getAdmin();
            try {
              return Arrays.asList(admin.listNamespaceDescriptors());
            } finally {
              admin.close();
              unmanagedConnection.close();
            }
          }
        };

    // listNamespaces         : All access*
    // * Returned list will only show what you can call getNamespaceDescriptor()

    verifyAllowed(listAction, SUPERUSER, USER_GLOBAL_ADMIN, USER_NS_ADMIN, USER_GROUP_ADMIN);

    // we have 3 namespaces: [default, hbase, TEST_NAMESPACE, TEST_NAMESPACE2]
    assertEquals(4, ((List) SUPERUSER.runAs(listAction)).size());
    assertEquals(4, ((List) USER_GLOBAL_ADMIN.runAs(listAction)).size());
    assertEquals(4, ((List) USER_GROUP_ADMIN.runAs(listAction)).size());

    assertEquals(2, ((List) USER_NS_ADMIN.runAs(listAction)).size());

    assertEquals(0, ((List) USER_GLOBAL_CREATE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GLOBAL_WRITE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GLOBAL_READ.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GLOBAL_EXEC.runAs(listAction)).size());
    assertEquals(0, ((List) USER_NS_CREATE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_NS_WRITE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_NS_READ.runAs(listAction)).size());
    assertEquals(0, ((List) USER_NS_EXEC.runAs(listAction)).size());
    assertEquals(0, ((List) USER_TABLE_CREATE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_TABLE_WRITE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GROUP_CREATE.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GROUP_READ.runAs(listAction)).size());
    assertEquals(0, ((List) USER_GROUP_WRITE.runAs(listAction)).size());
  }