You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2014/01/30 22:57:21 UTC
[6/9] git commit: ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096
refactoring namespace translation out of security operations to fix security
randomwalk
ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096 refactoring namespace translation out of security operations to fix security randomwalk
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/90e1f22a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/90e1f22a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/90e1f22a
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 90e1f22a1833baad0f986f2100c6ecb5662a8a8f
Parents: f0448ff
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 16:00:23 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 16:00:23 2014 -0500
----------------------------------------------------------------------
.../server/client/ClientServiceHandler.java | 11 +-
.../security/AuditedSecurityOperation.java | 52 +++----
.../server/security/SecurityOperation.java | 139 ++++++++-----------
.../accumulo/master/FateServiceHandler.java | 61 +++++---
.../java/org/apache/accumulo/master/Master.java | 2 +-
.../master/MasterClientServiceHandler.java | 12 +-
.../accumulo/master/tableOps/CloneTable.java | 4 +-
.../accumulo/master/tableOps/CreateTable.java | 4 +-
.../accumulo/master/tableOps/DeleteTable.java | 2 +-
.../accumulo/master/tableOps/ImportTable.java | 10 +-
.../apache/accumulo/tserver/TabletServer.java | 24 ++--
.../test/randomwalk/security/AlterTable.java | 3 +-
.../randomwalk/security/AlterTablePerm.java | 2 +-
.../test/randomwalk/security/DropTable.java | 3 +-
.../randomwalk/security/SecurityFixture.java | 4 +-
.../test/randomwalk/security/TableOp.java | 11 +-
.../randomwalk/security/WalkingSecurity.java | 9 ++
.../accumulo/test/ConditionalWriterIT.java | 2 +-
18 files changed, 195 insertions(+), 160 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
index ed8cbc6..9b39582 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
@@ -183,7 +183,9 @@ public class ClientServiceHandler implements ClientService.Iface {
public void grantTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@Override
@@ -202,7 +204,9 @@ public class ClientServiceHandler implements ClientService.Iface {
public void revokeTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@Override
@@ -401,7 +405,8 @@ public class ClientServiceHandler implements ClientService.Iface {
// ensure that table table exists
String tableId = checkTableId(instance, table, null);
tableIds.add(tableId);
- if (!security.canScan(credentials, tableId))
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ if (!security.canScan(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index 07492c6..d1fbdef 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -140,7 +140,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
}
@Override
- public boolean canScan(TCredentials credentials, String tableId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
if (shouldAudit(credentials, tableId)) {
Range convertedRange = new Range(range);
@@ -148,7 +148,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
String tableName = getTableName(tableId);
try {
- boolean canScan = super.canScan(credentials, tableId);
+ boolean canScan = super.canScan(credentials, tableId, namespaceId);
audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
return canScan;
@@ -157,14 +157,14 @@ public class AuditedSecurityOperation extends SecurityOperation {
throw ex;
}
} else {
- return super.canScan(credentials, tableId);
+ return super.canScan(credentials, tableId, namespaceId);
}
}
public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
@Override
- public boolean canScan(TCredentials credentials, String tableId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
if (shouldAudit(credentials, tableId)) {
@SuppressWarnings({"unchecked", "rawtypes"})
@@ -178,7 +178,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
String tableName = getTableName(tableId);
try {
- boolean canScan = super.canScan(credentials, tableId);
+ boolean canScan = super.canScan(credentials, tableId, namespaceId);
audit(credentials, canScan, CAN_SCAN_BATCH_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), truncated, convertedColumns, ssiList, ssio);
return canScan;
@@ -187,7 +187,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
throw ex;
}
} else {
- return super.canScan(credentials, tableId);
+ return super.canScan(credentials, tableId, namespaceId);
}
}
@@ -247,10 +247,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
@Override
- public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- boolean result = super.canDeleteTable(c, tableId);
+ boolean result = super.canDeleteTable(c, tableId, namespaceId);
audit(c, result, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
return result;
} catch (ThriftSecurityException ex) {
@@ -262,9 +262,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
@Override
- public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName);
+ boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId);
audit(c, result, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
return result;
} catch (ThriftSecurityException ex) {
@@ -276,10 +276,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
@Override
- public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String sourceNamespaceId) throws ThriftSecurityException {
String oldTableName = getTableName(tableId);
try {
- boolean result = super.canCloneTable(c, tableId, tableName);
+ boolean result = super.canCloneTable(c, tableId, tableName, destinationNamespaceId, sourceNamespaceId);
audit(c, result, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
return result;
} catch (ThriftSecurityException ex) {
@@ -291,9 +291,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
@Override
- public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow);
+ boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow,namespaceId);
audit(c, result, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
return result;
} catch (ThriftSecurityException ex) {
@@ -305,9 +305,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
@Override
- public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canBulkImport(c, tableId);
+ boolean result = super.canBulkImport(c, tableId, namespaceId);
audit(c, result, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -319,10 +319,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
@Override
- public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canImport(credentials, tableName, importDir);
+ boolean result = super.canImport(credentials, tableName, importDir, namespaceId);
audit(credentials, result, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -334,10 +334,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
@Override
- public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canExport(credentials, tableId, tableName, exportDir);
+ boolean result = super.canExport(credentials, tableId, tableName, exportDir, namespaceId);
audit(credentials, result, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -375,10 +375,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
@Override
- public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- super.grantTablePermission(credentials, user, tableId, permission);
+ super.grantTablePermission(credentials, user, tableId, permission, namespaceId);
audit(credentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -403,10 +403,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
@Override
- public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- super.revokeTablePermission(credentials, user, tableId, permission);
+ super.revokeTablePermission(credentials, user, tableId, permission, namespaceId);
audit(credentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -417,7 +417,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
@Override
- public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op) throws ThriftSecurityException {
+ public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
String operation = null;
if (op == FateOperation.TABLE_ONLINE)
@@ -425,7 +425,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
if (op == FateOperation.TABLE_OFFLINE)
operation = "offlineTable";
try {
- boolean result = super.canOnlineOfflineTable(credentials, tableId, op);
+ boolean result = super.canOnlineOfflineTable(credentials, tableId, op, namespaceId);
audit(credentials, result, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
return result;
} catch (ThriftSecurityException ex) {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index ad1fbc0..d44d3da 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -27,7 +27,6 @@ import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.SecurityOperationsImpl;
import org.apache.accumulo.core.client.impl.Namespaces;
-import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
@@ -246,20 +245,6 @@ public class SecurityOperation {
return hasSystemPermissionWithNamespaceId(credentials, permission, null, useCached);
}
- private boolean hasSystemPermissionWithTableId(TCredentials credentials, SystemPermission permission, String tableId, boolean useCached)
- throws ThriftSecurityException {
- if (isSystemUser(credentials))
- return true;
- String namespaceId = null;
- try {
- namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.getNamespace(HdfsZooInstance.getInstance(), tableId));
- } catch (NamespaceNotFoundException nnfe) {
- // Don't care, we won't pay any attention to namespace permissions
- }
-
- return hasSystemPermissionWithNamespaceId(credentials, permission, namespaceId, useCached);
- }
-
/**
* Checks if a user has a system permission
*
@@ -305,12 +290,11 @@ public class SecurityOperation {
*
* @return true if a user exists and has permission; false otherwise
*/
- protected boolean hasTablePermission(TCredentials credentials, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
+ protected boolean hasTablePermission(TCredentials credentials, String tableId, String namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException {
if (isSystemUser(credentials))
return true;
- return _hasTablePermission(credentials.getPrincipal(), table, permission, useCached)
- || _hasNamespacePermission(credentials.getPrincipal(), Tables.getNamespace(HdfsZooInstance.getInstance(), table),
- NamespacePermission.getEquivalent(permission), useCached);
+ return _hasTablePermission(credentials.getPrincipal(), tableId, permission, useCached)
+ || _hasNamespacePermission(credentials.getPrincipal(), namespaceId, NamespacePermission.getEquivalent(permission), useCached);
}
/**
@@ -381,38 +365,38 @@ public class SecurityOperation {
}
}
- public boolean canScan(TCredentials credentials, String table) throws ThriftSecurityException {
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.READ, true);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, true);
}
- public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
- return canScan(credentials, table);
+ return canScan(credentials, tableId, namespaceId);
}
- public boolean canScan(TCredentials credentials, String table, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String table, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
- return canScan(credentials, table);
+ return canScan(credentials, table, namespaceId);
}
- public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
+ public boolean canWrite(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.WRITE, true);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.WRITE, true);
}
- public boolean canConditionallyUpdate(TCredentials credentials, String tableID, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ public boolean canConditionallyUpdate(TCredentials credentials, String tableID, String namespaceId, List<ByteBuffer> authorizations) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, tableID, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, TablePermission.READ, true);
+ return hasTablePermission(credentials, tableID, namespaceId, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, namespaceId, TablePermission.READ, true);
}
- public boolean canSplitTablet(TCredentials credentials, String tableId) throws ThriftSecurityException {
+ public boolean canSplitTablet(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermissionWithTableId(credentials, SystemPermission.ALTER_TABLE, tableId, false)
- || hasSystemPermissionWithTableId(credentials, SystemPermission.SYSTEM, tableId, false)
- || hasTablePermission(credentials, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(credentials, SystemPermission.SYSTEM, namespaceId, false)
+ || hasTablePermission(credentials, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
/**
@@ -423,15 +407,15 @@ public class SecurityOperation {
return hasSystemPermission(credentials, SystemPermission.SYSTEM, false);
}
- public boolean canFlush(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canFlush(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canAlterTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canAlterTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false);
}
public boolean canCreateTable(TCredentials c, String table, String namespaceId) throws ThriftSecurityException {
@@ -439,54 +423,54 @@ public class SecurityOperation {
return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, namespaceId, false);
}
- public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String srcNamespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.CREATE_TABLE, tableId, false) && hasTablePermission(c, tableId, TablePermission.READ, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, destinationNamespaceId, false) && hasTablePermission(c, tableId, srcNamespaceId, TablePermission.READ, false);
}
- public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.DROP_TABLE, tableId, false) || hasTablePermission(c, tableId, TablePermission.DROP_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.DROP_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.DROP_TABLE, false);
}
- public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op) throws ThriftSecurityException {
+ public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canMerge(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canMerge(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
}
- public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
- return canBulkImport(c, tableId);
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
+ return canBulkImport(c, tableId, namespaceId);
}
- public boolean canBulkImport(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canBulkImport(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.BULK_IMPORT, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.BULK_IMPORT, false);
}
- public boolean canCompact(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canCompact(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
}
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException {
@@ -519,9 +503,9 @@ public class SecurityOperation {
return hasSystemPermission(c, SystemPermission.GRANT, false);
}
- public boolean canGrantTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+ public boolean canGrantTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
}
public boolean canGrantNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -551,9 +535,9 @@ public class SecurityOperation {
return hasSystemPermission(c, SystemPermission.GRANT, false);
}
- public boolean canRevokeTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+ public boolean canRevokeTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
}
public boolean canRevokeNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -629,8 +613,8 @@ public class SecurityOperation {
}
}
- public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
- if (!canGrantTable(c, user, tableId))
+ public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+ if (!canGrantTable(c, user, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
@@ -677,8 +661,8 @@ public class SecurityOperation {
}
}
- public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
- if (!canRevokeTable(c, user, tableId))
+ public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+ if (!canRevokeTable(c, user, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
@@ -740,8 +724,8 @@ public class SecurityOperation {
}
}
- public void deleteTable(TCredentials credentials, String tableId) throws ThriftSecurityException {
- if (!canDeleteTable(credentials, tableId))
+ public void deleteTable(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
+ if (!canDeleteTable(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
permHandle.cleanTablePermissions(tableId);
@@ -766,14 +750,14 @@ public class SecurityOperation {
}
}
- public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, tableId, TablePermission.READ, false);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, false);
}
- public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, Tables.qualify(tableName).getFirst(), false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, namespaceId, false);
}
public boolean canAlterNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException {
@@ -782,11 +766,10 @@ public class SecurityOperation {
}
public boolean canCreateNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException {
- authenticate(credentials);
return canCreateNamespace(credentials);
}
- public boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
+ private boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
authenticate(credentials);
return hasSystemPermission(credentials, SystemPermission.CREATE_NAMESPACE, false);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
index 21a35de..6f2c39a 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
@@ -58,7 +58,6 @@ import org.apache.accumulo.master.tableOps.RenameTable;
import org.apache.accumulo.master.tableOps.TableRangeOp;
import org.apache.accumulo.master.tableOps.TraceRepo;
import org.apache.accumulo.server.client.ClientServiceHandler;
-import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.master.state.MergeInfo;
import org.apache.accumulo.server.util.TablePropUtil;
import org.apache.accumulo.trace.thrift.TInfo;
@@ -130,7 +129,7 @@ class FateServiceHandler implements FateService.Iface {
String namespaceId;
try {
- namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.qualify(tableName).getFirst());
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
} catch (NamespaceNotFoundException e) {
throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
}
@@ -162,8 +161,9 @@ class FateServiceHandler implements FateService.Iface {
});
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), oldTableName, tableOp);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName))
+ if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
@@ -178,8 +178,15 @@ class FateServiceHandler implements FateService.Iface {
TableOperation tableOp = TableOperation.CLONE;
String srcTableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
String tableName = validateTableNameArgument(arguments.get(1), tableOp, Tables.NOT_SYSTEM);
-
- if (!master.security.canCloneTable(c, srcTableId, tableName))
+ String namespaceId;
+ try {
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
+ } catch (NamespaceNotFoundException e) {
+ // shouldn't happen, but possible once cloning between namespaces is supported
+ throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
+ }
+
+ if (!master.security.canCloneTable(c, srcTableId, tableName, namespaceId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
Map<String,String> propertiesToSet = new HashMap<String,String>();
@@ -209,7 +216,9 @@ class FateServiceHandler implements FateService.Iface {
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canDeleteTable(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canDeleteTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new DeleteTable(tableId)), autoCleanup);
break;
@@ -217,8 +226,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_ONLINE: {
TableOperation tableOp = TableOperation.ONLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canOnlineOfflineTable(c, tableId, op))
+ if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -227,8 +237,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_OFFLINE: {
TableOperation tableOp = TableOperation.OFFLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canOnlineOfflineTable(c, tableId, op))
+ if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -241,7 +252,9 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canMerge(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canMerge(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
Master.log.debug("Creating merge op: " + tableId + " " + startRow + " " + endRow);
@@ -255,7 +268,9 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup);
@@ -269,7 +284,9 @@ class FateServiceHandler implements FateService.Iface {
boolean setTime = Boolean.parseBoolean(ByteBufferUtil.toString(arguments.get(3)));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup);
@@ -281,8 +298,9 @@ class FateServiceHandler implements FateService.Iface {
byte[] startRow = ByteBufferUtil.toBytes(arguments.get(1));
byte[] endRow = ByteBufferUtil.toBytes(arguments.get(2));
List<IteratorSetting> iterators = IteratorUtil.decodeIteratorSettings(ByteBufferUtil.toBytes(arguments.get(3)));
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canCompact(c, tableId))
+ if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new CompactRange(tableId, startRow, endRow, iterators)), autoCleanup);
@@ -291,8 +309,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_CANCEL_COMPACT: {
TableOperation tableOp = TableOperation.COMPACT_CANCEL;
String tableId = validateTableIdArgument(arguments.get(0), tableOp, null);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canCompact(c, tableId))
+ if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new CancelCompactions(tableId)), autoCleanup);
@@ -302,15 +321,17 @@ class FateServiceHandler implements FateService.Iface {
TableOperation tableOp = TableOperation.IMPORT;
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
String exportDir = ByteBufferUtil.toString(arguments.get(1));
-
- if (!master.security.canImport(c, tableName, exportDir))
- throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
-
+ String namespaceId;
try {
- master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir)), autoCleanup);
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
} catch (NamespaceNotFoundException e) {
throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
}
+
+ if (!master.security.canImport(c, tableName, exportDir, namespaceId))
+ throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+
+ master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir, namespaceId)), autoCleanup);
break;
}
case TABLE_EXPORT: {
@@ -319,7 +340,9 @@ class FateServiceHandler implements FateService.Iface {
String exportDir = ByteBufferUtil.toString(arguments.get(1));
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canExport(c, tableId, tableName, exportDir))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canExport(c, tableId, tableName, exportDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ExportTable(tableName, tableId, exportDir)), autoCleanup);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/Master.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/Master.java b/server/master/src/main/java/org/apache/accumulo/master/Master.java
index 86a35cd..60881a5 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/Master.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/Master.java
@@ -289,7 +289,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
NodeExistsPolicy.SKIP);
Initialize.initMetadataConfig(RootTable.ID);
// ensure root user can flush root table
- security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE);
+ security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE, Namespaces.ACCUMULO_NAMESPACE_ID);
// put existing tables in the correct namespaces
String tables = ZooUtil.getRoot(instance) + Constants.ZTABLES;
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
index 3a39f5c..e9914ab 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
@@ -28,6 +28,7 @@ import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.IsolatedScanner;
import org.apache.accumulo.core.client.RowIterator;
import org.apache.accumulo.core.client.Scanner;
@@ -90,14 +91,17 @@ import org.apache.zookeeper.KeeperException.NoNodeException;
class MasterClientServiceHandler extends FateServiceHandler implements MasterClientService.Iface {
private static final Logger log = Master.log;
+ private Instance instance;
MasterClientServiceHandler(Master master) {
super(master);
+ this.instance = master.getInstance();
}
@Override
public long initiateFlush(TInfo tinfo, TCredentials c, String tableId) throws ThriftSecurityException, ThriftTableOperationException {
- master.security.canFlush(c, tableId);
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ master.security.canFlush(c, tableId, namespaceId);
String zTablePath = Constants.ZROOT + "/" + master.getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
+ Constants.ZTABLE_FLUSH_ID;
@@ -125,7 +129,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
@Override
public void waitForFlush(TInfo tinfo, TCredentials c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
throws ThriftSecurityException, ThriftTableOperationException {
- master.security.canFlush(c, tableId);
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ master.security.canFlush(c, tableId, namespaceId);
if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0)
throw new ThriftTableOperationException(tableId, null, TableOperation.FLUSH, TableOperationExceptionType.BAD_RANGE, "start row must be less than end row");
@@ -430,7 +435,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
private void alterTableProperty(TCredentials c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
ThriftTableOperationException {
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, op);
- if (!master.security.canAlterTable(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ if (!master.security.canAlterTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
index cba1492..bfaab82 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
@@ -202,7 +202,7 @@ class ClonePermissions extends MasterRepo {
for (TablePermission permission : TablePermission.values()) {
try {
AuditedSecurityOperation.getInstance().grantTablePermission(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.user,
- cloneInfo.tableId, permission);
+ cloneInfo.tableId, permission, cloneInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
throw e;
@@ -222,7 +222,7 @@ class ClonePermissions extends MasterRepo {
@Override
public void undo(long tid, Master environment) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId, cloneInfo.namespaceId);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
index 33ee878..5b64053 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
@@ -251,7 +251,7 @@ class SetupPermissions extends MasterRepo {
SecurityOperation security = AuditedSecurityOperation.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
- security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+ security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCreateTable.class).error(e.getMessage(), e);
throw e;
@@ -266,7 +266,7 @@ class SetupPermissions extends MasterRepo {
@Override
public void undo(long tid, Master env) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
index 166ec89..64c1d99 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
@@ -204,7 +204,7 @@ class CleanUp extends MasterRepo {
// remove any permissions associated with this table
try {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId, namespaceId);
} catch (ThriftSecurityException e) {
log.error(e.getMessage(), e);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
index 9f35628..ddf1598 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
@@ -34,7 +34,6 @@ import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.BatchWriterConfig;
import org.apache.accumulo.core.client.Instance;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.admin.TableOperationsImpl;
import org.apache.accumulo.core.client.impl.Namespaces;
import org.apache.accumulo.core.client.impl.Tables;
@@ -495,7 +494,7 @@ class ImportSetupPermissions extends MasterRepo {
SecurityOperation security = AuditedSecurityOperation.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
- security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+ security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(ImportSetupPermissions.class).error(e.getMessage(), e);
throw e;
@@ -510,7 +509,7 @@ class ImportSetupPermissions extends MasterRepo {
@Override
public void undo(long tid, Master env) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
}
}
@@ -519,13 +518,12 @@ public class ImportTable extends MasterRepo {
private ImportedTableInfo tableInfo;
- public ImportTable(String user, String tableName, String exportDir) throws NamespaceNotFoundException {
+ public ImportTable(String user, String tableName, String exportDir, String namespaceId) {
tableInfo = new ImportedTableInfo();
tableInfo.tableName = tableName;
tableInfo.user = user;
tableInfo.exportDir = exportDir;
- Instance inst = HdfsZooInstance.getInstance();
- tableInfo.namespaceId = Namespaces.getNamespaceId(inst, Tables.qualify(tableName).getFirst());
+ tableInfo.namespaceId = namespaceId;
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
----------------------------------------------------------------------
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index 7fdc9b2..b5a8b2a 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -67,6 +67,7 @@ import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.impl.CompressedIterators;
import org.apache.accumulo.core.client.impl.CompressedIterators.IterConfig;
import org.apache.accumulo.core.client.impl.ScannerImpl;
+import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.TabletType;
import org.apache.accumulo.core.client.impl.Translator;
import org.apache.accumulo.core.client.impl.Translator.TKeyExtentTranslator;
@@ -1181,7 +1182,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, boolean isolated,
long readaheadThreshold) throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
- if (!security.canScan(credentials, new String(textent.getTable()), range, columns, ssiList, ssio, authorizations))
+ String tableId = new String(textent.getTable());
+ if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), range, columns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
if (!security.userHasAuthorizations(credentials, authorizations))
@@ -1338,8 +1340,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
throw new IllegalArgumentException("Cannot batch scan over multiple tables");
// check if user has permission to the tables
- for (String table : tables)
- if (!security.canScan(credentials, table, tbatch, tcolumns, ssiList, ssio, authorizations))
+ for (String tableId : tables)
+ if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), tbatch, tcolumns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
@@ -1475,7 +1477,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
// if user has no permission to write to this table, add it to
// the failures list
boolean sameTable = us.currentTablet != null && (us.currentTablet.getExtent().getTableId().equals(keyExtent.getTableId()));
- if (sameTable || security.canWrite(us.credentials, keyExtent.getTableId().toString())) {
+ String tableId = keyExtent.getTableId().toString();
+ if (sameTable || security.canWrite(us.credentials, tableId, Tables.getNamespace(instance, tableId))) {
long t2 = System.currentTimeMillis();
us.authTimes.addStat(t2 - t1);
us.currentTablet = onlineTablets.get(keyExtent);
@@ -1739,7 +1742,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
public void update(TInfo tinfo, TCredentials credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
ConstraintViolationException, ThriftSecurityException {
- if (!security.canWrite(credentials, new String(tkeyExtent.getTable())))
+ String tableId = new String(tkeyExtent.getTable());
+ if (!security.canWrite(credentials, tableId, Tables.getNamespace(instance, tableId)))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
KeyExtent keyExtent = new KeyExtent(tkeyExtent);
Tablet tablet = onlineTablets.get(new KeyExtent(keyExtent));
@@ -1997,11 +2001,11 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
}
@Override
- public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableID)
+ public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableId)
throws ThriftSecurityException, TException {
Authorizations userauths = null;
- if (!security.canConditionallyUpdate(credentials, tableID, authorizations))
+ if (!security.canConditionallyUpdate(credentials, tableId, Tables.getNamespace(instance, tableId), authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
userauths = security.getUserAuthorizations(credentials);
@@ -2012,7 +2016,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ConditionalSession cs = new ConditionalSession();
cs.auths = new Authorizations(authorizations);
cs.credentials = credentials;
- cs.tableId = tableID;
+ cs.tableId = tableId;
cs.interruptFlag = new AtomicBoolean();
long sid = sessionManager.createSession(cs, false);
@@ -2083,7 +2087,9 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ThriftSecurityException {
String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
- if (!security.canSplitTablet(credentials, tableId))
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ if (!security.canSplitTablet(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
KeyExtent keyExtent = new KeyExtent(tkeyExtent);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
index b2c4c87..a879361 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
@@ -35,9 +35,10 @@ public class AlterTable extends Test {
Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysUserName(), WalkingSecurity.get(state).getSysToken());
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName);
+ boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName, namespaceName);
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
System.currentTimeMillis());
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
index bad7b28..335ae31 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
@@ -76,7 +76,7 @@ public class AlterTablePerm extends Test {
Connector conn = state.getInstance().getConnector(sourceUser, sourceToken);
canGive = WalkingSecurity.get(state).canGrantTable(new Credentials(sourceUser, sourceToken).toThrift(state.getInstance()), target,
- WalkingSecurity.get(state).getTableName());
+ WalkingSecurity.get(state).getTableName(), WalkingSecurity.get(state).getNamespaceName());
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
index 52b6e25..cfcc270 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
@@ -50,9 +50,10 @@ public class DropTable extends Test {
Connector conn = state.getInstance().getConnector(principal, token);
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName);
+ boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName, namespaceName);
try {
conn.tableOperations().delete(tableName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
index 4016c12..8841355 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
@@ -31,7 +31,7 @@ public class SecurityFixture extends Fixture {
@Override
public void setUp(State state) throws Exception {
- String secTableName, systemUserName, tableUserName;
+ String secTableName, systemUserName, tableUserName, secNamespaceName;
Connector conn = state.getConnector();
String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
@@ -39,6 +39,7 @@ public class SecurityFixture extends Fixture {
systemUserName = String.format("system_%s", hostname);
tableUserName = String.format("table_%s", hostname);
secTableName = String.format("security_%s", hostname);
+ secNamespaceName = String.format("securityNs_%s", hostname);
if (conn.tableOperations().exists(secTableName))
conn.tableOperations().delete(secTableName);
@@ -52,6 +53,7 @@ public class SecurityFixture extends Fixture {
conn.securityOperations().createLocalUser(systemUserName, sysUserPass);
WalkingSecurity.get(state).setTableName(secTableName);
+ WalkingSecurity.get(state).setNamespaceName(secNamespaceName);
state.set("rootUserPass", state.getCredentials().getToken());
WalkingSecurity.get(state).setSysUserName(systemUserName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index a636355..5c23743 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -66,10 +66,11 @@ public class TableOp extends Test {
boolean tableExists = WalkingSecurity.get(state).getTableExists();
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
switch (tp) {
case READ: {
- boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName);
+ boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
@@ -140,7 +141,7 @@ public class TableOp extends Test {
break;
}
case WRITE:
- boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName);
+ boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
String key = WalkingSecurity.get(state).getLastKey() + "1";
@@ -214,7 +215,7 @@ public class TableOp extends Test {
return;
} catch (AccumuloSecurityException ae) {
if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+ if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
return;
} else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
@@ -228,12 +229,12 @@ public class TableOp extends Test {
fs.delete(dir, true);
fs.delete(fail, true);
- if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+ if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
AlterTable.renameTable(conn, state, tableName, tableName + "plus",
- WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName), tableExists);
+ WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName), tableExists);
break;
case GRANT:
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
index b3e693c..37bb364 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
@@ -56,6 +56,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
protected final static Logger log = Logger.getLogger(WalkingSecurity.class);
private static final String tableName = "SecurityTableName";
+ private static final String namespaceName = "SecurityNamespaceName";
private static final String userName = "UserName";
private static final String userPass = "UserPass";
@@ -335,6 +336,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
return state.getString(tableName);
}
+ public String getNamespaceName() {
+ return state.getString(namespaceName);
+ }
+
public boolean getTableExists() {
return Boolean.parseBoolean(state.getString(tableExists));
}
@@ -387,6 +392,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
state.set(tableName, tName);
}
+ public void setNamespaceName(String nsName) {
+ state.set(namespaceName, nsName);
+ }
+
@Override
public void initTable(String table) throws AccumuloSecurityException {
state.set(tableExists, Boolean.toString(true));
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
index 70b639a..3f98c12 100644
--- a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
@@ -106,7 +106,7 @@ public class ConditionalWriterIT extends SimpleMacIT {
conn.tableOperations().create(tableName);
ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig());
-
+
// mutation conditional on column tx:seq not existing
ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq"));
cm0.put("name", "last", "doe");