You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ct...@apache.org on 2013/12/05 00:58:05 UTC
[13/50] [abbrv] git commit: ACCUMULO-1479 implemented most of Table
Namespace Permissions, doesnt entirely work, not well tested
ACCUMULO-1479 implemented most of Table Namespace Permissions, doesnt entirely work, not well tested
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/dfdf5113
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/dfdf5113
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/dfdf5113
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: dfdf5113837d79ef9f21a5a64de0a3750611b5c8
Parents: 45f59ca
Author: Sean Hickey <ta...@gmail.com>
Authored: Thu Aug 1 14:16:19 2013 -0400
Committer: Christopher Tubbs <ct...@apache.org>
Committed: Wed Dec 4 18:46:10 2013 -0500
----------------------------------------------------------------------
.../core/client/admin/SecurityOperations.java | 50 +
.../client/admin/SecurityOperationsImpl.java | 36 +
.../core/client/impl/thrift/ClientService.java | 5009 ++++++++++++++++--
.../client/impl/thrift/SecurityErrorCode.java | 5 +-
.../accumulo/core/client/mock/MockAccumulo.java | 3 +-
.../client/mock/MockSecurityOperations.java | 39 +
.../core/client/mock/MockTableNamespace.java | 4 +-
.../core/client/security/SecurityErrorCode.java | 3 +-
.../core/security/SystemPermission.java | 5 +-
.../core/security/TableNamespacePermission.java | 67 +
.../core/util/shell/commands/GrantCommand.java | 19 +-
.../core/util/shell/commands/RevokeCommand.java | 19 +-
.../shell/commands/UserPermissionsCommand.java | 20 +-
core/src/main/thrift/client.thrift | 12 +-
.../server/client/ClientServiceHandler.java | 22 +
.../server/security/SecurityOperation.java | 191 +-
.../security/handler/InsecurePermHandler.java | 31 +
.../security/handler/PermissionHandler.java | 28 +
.../server/security/handler/ZKPermHandler.java | 127 +
.../server/security/handler/ZKSecurityTool.java | 21 +
.../randomwalk/security/WalkingSecurity.java | 51 +
.../apache/accumulo/test/TableNamespacesIT.java | 37 +-
22 files changed, 5301 insertions(+), 498 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/dfdf5113/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
index 86a3ff2..8a93efa 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
@@ -24,6 +24,7 @@ import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TableNamespacePermission;
import org.apache.accumulo.core.security.TablePermission;
/**
@@ -216,6 +217,23 @@ public interface SecurityOperations {
public boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException;
/**
+ * Verify the user has a particular table namespace permission
+ *
+ * @param principal
+ * the name of the user to query
+ * @param tableNamespace
+ * the name of the table namespace to query about
+ * @param perm
+ * the table namespace permission to check for
+ * @return true if user has that permission; false otherwise
+ * @throws AccumuloException
+ * if a general error occurs
+ * @throws AccumuloSecurityException
+ * if the user does not have permission to query a user
+ */
+ public boolean hasTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission perm) throws AccumuloException, AccumuloSecurityException;
+
+ /**
* Grant a user a system permission
*
* @param principal
@@ -246,6 +264,22 @@ public interface SecurityOperations {
public void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException;
/**
+ * Grant a user a specific permission for a specific table namespace
+ *
+ * @param principal
+ * the name of the user to modify
+ * @param tableNamespace
+ * the name of the table namespace to modify for the user
+ * @param permission
+ * the table namespace permission to grant to the user
+ * @throws AccumuloException
+ * if a general error occurs
+ * @throws AccumuloSecurityException
+ * if the user does not have permission to grant a user permissions
+ */
+ public void grantTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission permission) throws AccumuloException, AccumuloSecurityException;
+
+ /**
* Revoke a system permission from a user
*
* @param principal
@@ -276,6 +310,22 @@ public interface SecurityOperations {
public void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException;
/**
+ * Revoke a table namespace permission for a specific user on a specific table namespace
+ *
+ * @param principal
+ * the name of the user to modify
+ * @param tableNamespace
+ * the name of the table namespace to modify for the user
+ * @param permission
+ * the table namespace permission to revoke for the user
+ * @throws AccumuloException
+ * if a general error occurs
+ * @throws AccumuloSecurityException
+ * if the user does not have permission to revoke a user's permissions
+ */
+ public void revokeTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission permission) throws AccumuloException, AccumuloSecurityException;
+
+ /**
* Return a list of users in accumulo
*
* @return a set of user names
http://git-wip-us.apache.org/repos/asf/accumulo/blob/dfdf5113/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
index 0f0e998..107ba74 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
@@ -35,6 +35,7 @@ import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.Credentials;
import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TableNamespacePermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.util.ArgumentChecker;
import org.apache.accumulo.core.util.ByteBufferUtil;
@@ -207,6 +208,17 @@ public class SecurityOperationsImpl implements SecurityOperations {
}
@Override
+ public boolean hasTableNamespacePermission(final String principal, final String tableNamespace, final TableNamespacePermission perm) throws AccumuloException, AccumuloSecurityException {
+ ArgumentChecker.notNull(principal, tableNamespace, perm);
+ return execute(new ClientExecReturn<Boolean,ClientService.Client>() {
+ @Override
+ public Boolean execute(ClientService.Client client) throws Exception {
+ return client.hasTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, tableNamespace, perm.getId());
+ }
+ });
+ }
+
+ @Override
public void grantSystemPermission(final String principal, final SystemPermission permission) throws AccumuloException, AccumuloSecurityException {
ArgumentChecker.notNull(principal, permission);
execute(new ClientExec<ClientService.Client>() {
@@ -230,6 +242,18 @@ public class SecurityOperationsImpl implements SecurityOperations {
}
@Override
+ public void grantTableNamespacePermission(final String principal, final String tableNamespace, final TableNamespacePermission permission) throws AccumuloException,
+ AccumuloSecurityException {
+ ArgumentChecker.notNull(principal, tableNamespace, permission);
+ execute(new ClientExec<ClientService.Client>() {
+ @Override
+ public void execute(ClientService.Client client) throws Exception {
+ client.grantTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, tableNamespace, permission.getId());
+ }
+ });
+ }
+
+ @Override
public void revokeSystemPermission(final String principal, final SystemPermission permission) throws AccumuloException, AccumuloSecurityException {
ArgumentChecker.notNull(principal, permission);
execute(new ClientExec<ClientService.Client>() {
@@ -252,6 +276,18 @@ public class SecurityOperationsImpl implements SecurityOperations {
});
}
+ @Override
+ public void revokeTableNamespacePermission(final String principal, final String tableNamespace, final TableNamespacePermission permission) throws AccumuloException,
+ AccumuloSecurityException {
+ ArgumentChecker.notNull(principal, tableNamespace, permission);
+ execute(new ClientExec<ClientService.Client>() {
+ @Override
+ public void execute(ClientService.Client client) throws Exception {
+ client.revokeTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, tableNamespace, permission.getId());
+ }
+ });
+ }
+
@Deprecated
@Override
public Set<String> listUsers() throws AccumuloException, AccumuloSecurityException {