You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by GitBox <gi...@apache.org> on 2018/11/30 15:37:31 UTC
[GitHub] mikewalch closed pull request #46: Closed clients that weren't
being closed
mikewalch closed pull request #46: Closed clients that weren't being closed
URL: https://github.com/apache/accumulo-testing/pull/46
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/src/main/java/org/apache/accumulo/testing/TestEnv.java b/src/main/java/org/apache/accumulo/testing/TestEnv.java
index 9b0afaa..19e4891 100644
--- a/src/main/java/org/apache/accumulo/testing/TestEnv.java
+++ b/src/main/java/org/apache/accumulo/testing/TestEnv.java
@@ -14,7 +14,7 @@
import org.apache.accumulo.core.conf.ClientProperty;
import org.apache.hadoop.conf.Configuration;
-public class TestEnv {
+public class TestEnv implements AutoCloseable {
protected final Properties testProps;
private String clientPropsPath;
@@ -115,10 +115,22 @@ public String getYarnResourceManager() {
/**
* Gets an Accumulo client. The same client is reused after the first call.
*/
- public AccumuloClient getAccumuloClient() throws AccumuloException, AccumuloSecurityException {
+ public synchronized AccumuloClient getAccumuloClient() throws AccumuloException, AccumuloSecurityException {
if (client == null) {
client = Accumulo.newClient().from(info).build();
}
return client;
}
+
+ public AccumuloClient createClient(String principal, AuthenticationToken token)
+ throws AccumuloSecurityException, AccumuloException {
+ return Accumulo.newClient().from(getInfo()).as(principal, token).build();
+ }
+
+ @Override
+ public void close() throws Exception {
+ if (client != null) {
+ client.close();
+ }
+ }
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/Framework.java b/src/main/java/org/apache/accumulo/testing/randomwalk/Framework.java
index 25732da..b48cfae 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/Framework.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/Framework.java
@@ -88,9 +88,9 @@ public static void main(String[] args) throws Exception {
log.info("Running random walk test with module: " + args[2]);
State state = new State();
- RandWalkEnv env = new RandWalkEnv(args[0], args[1]);
- getInstance().run(args[2], state, env);
-
- log.info("Test finished");
+ try (RandWalkEnv env = new RandWalkEnv(args[0], args[1])) {
+ getInstance().run(args[2], state, env);
+ log.info("Test finished");
+ }
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTable.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTable.java
index 97c2b8d..ea30ee3 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTable.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTable.java
@@ -36,29 +36,31 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
String systemUser = WalkingSecurity.get(state, env).getSysUserName();
- AccumuloClient client = env.getAccumuloClient().changeUser(systemUser, WalkingSecurity.get(state, env).getSysToken());
+ try (AccumuloClient client = env.createClient(systemUser,
+ WalkingSecurity.get(state, env).getSysToken())) {
- String tableName = WalkingSecurity.get(state, env).getTableName();
+ String tableName = WalkingSecurity.get(state, env).getTableName();
- boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission;
- try {
- hasPermission = client.securityOperations().hasTablePermission(systemUser, tableName, TablePermission.ALTER_TABLE)
- || client.securityOperations().hasSystemPermission(systemUser, SystemPermission.ALTER_TABLE);
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
- if (exists)
- throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
- else
- return;
- } else {
- throw new AccumuloException("Got unexpected ae error code", ae);
+ boolean exists = WalkingSecurity.get(state, env).getTableExists();
+ boolean hasPermission;
+ try {
+ hasPermission = client.securityOperations().hasTablePermission(systemUser, tableName, TablePermission.ALTER_TABLE)
+ || client.securityOperations().hasSystemPermission(systemUser, SystemPermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ }
}
- }
- String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), env.getPid(),
- System.currentTimeMillis());
+ String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), env.getPid(),
+ System.currentTimeMillis());
- renameTable(client, state, env, tableName, newTableName, hasPermission, exists);
+ renameTable(client, state, env, tableName, newTableName, hasPermission, exists);
+ }
}
public static void renameTable(AccumuloClient client, State state, RandWalkEnv env, String oldName, String newName, boolean hasPermission, boolean tableExists)
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTablePerm.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTablePerm.java
index 2d2509f..491452e 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTablePerm.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTablePerm.java
@@ -76,118 +76,118 @@ public static void alter(State state, RandWalkEnv env, Properties props) throws
sourceUser = env.getAccumuloUserName();
sourceToken = env.getToken();
}
- AccumuloClient client = env.getAccumuloClient().changeUser(sourceUser, sourceToken);
- SecurityOperations secOps = client.securityOperations();
+ try (AccumuloClient client = env.createClient(sourceUser, sourceToken)) {
+ SecurityOperations secOps = client.securityOperations();
- try {
- canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE) || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
- if (tableExists)
- throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
- else
- return;
- } else {
- throw new AccumuloException("Got unexpected ae error code", ae);
- }
- }
-
- // toggle
- if (!"take".equals(action) && !"give".equals(action)) {
try {
- boolean res;
- if (hasPerm != (res = env.getAccumuloClient().securityOperations().hasTablePermission(target, tableName, tabPerm)))
- throw new AccumuloException("Test framework and accumulo are out of sync for user " + client.whoami() + " for perm " + tabPerm.name()
- + " with local vs. accumulo being " + hasPerm + " " + res);
-
- if (hasPerm)
- action = "take";
- else
- action = "give";
+ canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
+ || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
} catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case USER_DOESNT_EXIST:
- if (userExists)
- throw new AccumuloException("Framework and Accumulo are out of sync, we think user exists", ae);
- else
- return;
- case TABLE_DOESNT_EXIST:
- if (tableExists)
- throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
- else
- return;
- default:
- throw ae;
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (tableExists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
}
}
- }
- boolean trans = WalkingSecurity.get(state, env).userPassTransient(client.whoami());
- if ("take".equals(action)) {
- try {
- client.securityOperations().revokeTablePermission(target, tableName, tabPerm);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case GRANT_INVALID:
- throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
- case PERMISSION_DENIED:
- if (canGive)
- throw new AccumuloException(client.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
- return;
- case USER_DOESNT_EXIST:
- if (userExists)
- throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
- return;
- case TABLE_DOESNT_EXIST:
- if (tableExists)
- throw new AccumuloException("Table doesn't exist but it should", ae);
- return;
- case BAD_CREDENTIALS:
- if (!trans)
- throw new AccumuloException("Bad credentials for user " + client.whoami());
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+ // toggle
+ if (!"take".equals(action) && !"give".equals(action)) {
+ try {
+ boolean res;
+ if (hasPerm != (res = env.getAccumuloClient().securityOperations().hasTablePermission(target, tableName, tabPerm)))
+ throw new AccumuloException("Test framework and accumulo are out of sync for user " + client.whoami() + " for perm " + tabPerm.name()
+ + " with local vs. accumulo being " + hasPerm + " " + res);
+
+ if (hasPerm)
+ action = "take";
+ else
+ action = "give";
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case USER_DOESNT_EXIST:
+ if (userExists)
+ throw new AccumuloException("Framework and Accumulo are out of sync, we think user exists", ae);
+ else
+ return;
+ case TABLE_DOESNT_EXIST:
+ if (tableExists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
+ else
+ return;
+ default:
+ throw ae;
+ }
}
}
- WalkingSecurity.get(state, env).revokeTablePermission(target, tableName, tabPerm);
- } else if ("give".equals(action)) {
- try {
- client.securityOperations().grantTablePermission(target, tableName, tabPerm);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case GRANT_INVALID:
- throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
- case PERMISSION_DENIED:
- if (canGive)
- throw new AccumuloException(client.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
- return;
- case USER_DOESNT_EXIST:
- if (userExists)
- throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
- return;
- case TABLE_DOESNT_EXIST:
- if (tableExists)
- throw new AccumuloException("Table doesn't exist but it should", ae);
- return;
- case BAD_CREDENTIALS:
- if (!trans)
- throw new AccumuloException("Bad credentials for user " + client.whoami());
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+
+ boolean trans = WalkingSecurity.get(state, env).userPassTransient(client.whoami());
+ if ("take".equals(action)) {
+ try {
+ client.securityOperations().revokeTablePermission(target, tableName, tabPerm);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case GRANT_INVALID:
+ throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
+ case PERMISSION_DENIED:
+ if (canGive)
+ throw new AccumuloException(client.whoami() + " failed to revoke permission to " + target + " when it should have worked", ae);
+ return;
+ case USER_DOESNT_EXIST:
+ if (userExists)
+ throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
+ return;
+ case TABLE_DOESNT_EXIST:
+ if (tableExists)
+ throw new AccumuloException("Table doesn't exist but it should", ae);
+ return;
+ case BAD_CREDENTIALS:
+ if (!trans)
+ throw new AccumuloException("Bad credentials for user " + client.whoami());
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
}
+ WalkingSecurity.get(state, env).revokeTablePermission(target, tableName, tabPerm);
+ } else if ("give".equals(action)) {
+ try {
+ client.securityOperations().grantTablePermission(target, tableName, tabPerm);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case GRANT_INVALID:
+ throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
+ case PERMISSION_DENIED:
+ if (canGive)
+ throw new AccumuloException(client.whoami() + " failed to give permission to " + target + " when it should have worked", ae);
+ return;
+ case USER_DOESNT_EXIST:
+ if (userExists)
+ throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
+ return;
+ case TABLE_DOESNT_EXIST:
+ if (tableExists)
+ throw new AccumuloException("Table doesn't exist but it should", ae);
+ return;
+ case BAD_CREDENTIALS:
+ if (!trans)
+ throw new AccumuloException("Bad credentials for user " + client.whoami());
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
+ }
+ WalkingSecurity.get(state, env).grantTablePermission(target, tableName, tabPerm);
}
- WalkingSecurity.get(state, env).grantTablePermission(target, tableName, tabPerm);
- }
-
- if (!userExists)
- throw new AccumuloException("User shouldn't have existed, but apparently does");
- if (!tableExists)
- throw new AccumuloException("Table shouldn't have existed, but apparently does");
- if (!canGive)
- throw new AccumuloException(client.whoami() + " shouldn't have been able to grant privilege");
+ if (!userExists)
+ throw new AccumuloException("User shouldn't have existed, but apparently does");
+ if (!tableExists)
+ throw new AccumuloException("Table shouldn't have existed, but apparently does");
+ if (!canGive)
+ throw new AccumuloException(client.whoami() + " shouldn't have been able to grant privilege");
+ }
}
-
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/Authenticate.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/Authenticate.java
index bcc4b05..1e3453b 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/Authenticate.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/Authenticate.java
@@ -40,43 +40,44 @@ public static void authenticate(String principal, AuthenticationToken token, Sta
String targetProp = props.getProperty("target");
boolean success = Boolean.parseBoolean(props.getProperty("valid"));
- AccumuloClient client = env.getAccumuloClient().changeUser(principal, token);
+ try (AccumuloClient client = env.createClient(principal, token)) {
- String target;
+ String target;
- if (targetProp.equals("table")) {
- target = WalkingSecurity.get(state, env).getTabUserName();
- } else {
- target = WalkingSecurity.get(state, env).getSysUserName();
- }
- boolean exists = WalkingSecurity.get(state, env).userExists(target);
- // Copy so if failed it doesn't mess with the password stored in state
- byte[] password = Arrays.copyOf(WalkingSecurity.get(state, env).getUserPassword(target), WalkingSecurity.get(state, env).getUserPassword(target).length);
- boolean hasPermission = client.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM) || principal.equals(target);
+ if (targetProp.equals("table")) {
+ target = WalkingSecurity.get(state, env).getTabUserName();
+ } else {
+ target = WalkingSecurity.get(state, env).getSysUserName();
+ }
+ boolean exists = WalkingSecurity.get(state, env).userExists(target);
+ // Copy so if failed it doesn't mess with the password stored in state
+ byte[] password = Arrays.copyOf(WalkingSecurity.get(state, env).getUserPassword(target), WalkingSecurity.get(state, env).getUserPassword(target).length);
+ boolean hasPermission = client.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM) || principal.equals(target);
- if (!success)
- for (int i = 0; i < password.length; i++)
- password[i]++;
+ if (!success)
+ for (int i = 0; i < password.length; i++)
+ password[i]++;
- boolean result;
+ boolean result;
- try {
- result = client.securityOperations().authenticateUser(target, new PasswordToken(password));
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case PERMISSION_DENIED:
- if (exists && hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else
- return;
- default:
- throw new AccumuloException("Unexpected exception!", ae);
+ try {
+ result = client.securityOperations().authenticateUser(target, new PasswordToken(password));
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case PERMISSION_DENIED:
+ if (exists && hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else
+ return;
+ default:
+ throw new AccumuloException("Unexpected exception!", ae);
+ }
}
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
+ if (result != (success && exists))
+ throw new AccumuloException("Authentication " + (result ? "succeeded" : "failed") + " when it should have "
+ + ((success && exists) ? "succeeded" : "failed") + " while the user exists? " + exists);
}
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
- if (result != (success && exists))
- throw new AccumuloException("Authentication " + (result ? "succeeded" : "failed") + " when it should have "
- + ((success && exists) ? "succeeded" : "failed") + " while the user exists? " + exists);
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/ChangePass.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/ChangePass.java
index b8d653f..01f5715 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/ChangePass.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/ChangePass.java
@@ -45,50 +45,51 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
principal = WalkingSecurity.get(state, env).getTabUserName();
token = WalkingSecurity.get(state, env).getTabToken();
}
- AccumuloClient client = env.getAccumuloClient().changeUser(principal, token);
+ try (AccumuloClient client = env.createClient(principal, token)) {
- boolean hasPerm;
- boolean targetExists;
- if (target.equals("table")) {
- target = WalkingSecurity.get(state, env).getTabUserName();
- } else
- target = WalkingSecurity.get(state, env).getSysUserName();
+ boolean hasPerm;
+ boolean targetExists;
+ if (target.equals("table")) {
+ target = WalkingSecurity.get(state, env).getTabUserName();
+ } else
+ target = WalkingSecurity.get(state, env).getSysUserName();
- targetExists = WalkingSecurity.get(state, env).userExists(target);
+ targetExists = WalkingSecurity.get(state, env).userExists(target);
- hasPerm = client.securityOperations().hasSystemPermission(principal, SystemPermission.ALTER_USER) || principal.equals(target);
+ hasPerm = client.securityOperations().hasSystemPermission(principal, SystemPermission.ALTER_USER) || principal.equals(target);
- Random r = new Random();
+ Random r = new Random();
- byte[] newPassw = new byte[r.nextInt(50) + 1];
- for (int i = 0; i < newPassw.length; i++)
- newPassw[i] = (byte) ((r.nextInt(26) + 65) & 0xFF);
+ byte[] newPassw = new byte[r.nextInt(50) + 1];
+ for (int i = 0; i < newPassw.length; i++)
+ newPassw[i] = (byte) ((r.nextInt(26) + 65) & 0xFF);
- PasswordToken newPass = new PasswordToken(newPassw);
- try {
- client.securityOperations().changeLocalUserPassword(target, newPass);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case PERMISSION_DENIED:
- if (hasPerm)
- throw new AccumuloException("Change failed when it should have succeeded to change " + target + "'s password", ae);
- return;
- case USER_DOESNT_EXIST:
- if (targetExists)
- throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
- return;
- case BAD_CREDENTIALS:
- if (!WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
- throw new AccumuloException("Bad credentials for user " + client.whoami());
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+ PasswordToken newPass = new PasswordToken(newPassw);
+ try {
+ client.securityOperations().changeLocalUserPassword(target, newPass);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case PERMISSION_DENIED:
+ if (hasPerm)
+ throw new AccumuloException("Change failed when it should have succeeded to change " + target + "'s password", ae);
+ return;
+ case USER_DOESNT_EXIST:
+ if (targetExists)
+ throw new AccumuloException("User " + target + " doesn't exist and they SHOULD.", ae);
+ return;
+ case BAD_CREDENTIALS:
+ if (!WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
+ throw new AccumuloException("Bad credentials for user " + client.whoami());
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
}
+ WalkingSecurity.get(state, env).changePassword(target, newPass);
+ // Waiting 1 second for password to propogate through Zk
+ Thread.sleep(1000);
+ if (!hasPerm)
+ throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
}
- WalkingSecurity.get(state, env).changePassword(target, newPass);
- // Waiting 1 second for password to propogate through Zk
- Thread.sleep(1000);
- if (!hasPerm)
- throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateTable.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateTable.java
index f4e10fc..51db1eb 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateTable.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateTable.java
@@ -33,44 +33,46 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
- AccumuloClient client = env.getAccumuloClient().changeUser(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ try (AccumuloClient client = env.createClient(WalkingSecurity.get(state, env).getSysUserName(),
+ WalkingSecurity.get(state, env).getSysToken())) {
- String tableName = WalkingSecurity.get(state, env).getTableName();
+ String tableName = WalkingSecurity.get(state, env).getTableName();
- boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission = client.securityOperations().hasSystemPermission(WalkingSecurity.get(state, env).getSysUserName(), SystemPermission.CREATE_TABLE);
+ boolean exists = WalkingSecurity.get(state, env).getTableExists();
+ boolean hasPermission = client.securityOperations().hasSystemPermission(WalkingSecurity.get(state, env).getSysUserName(), SystemPermission.CREATE_TABLE);
- try {
- client.tableOperations().create(tableName);
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else {
- // create table anyway for sake of state
- try {
- env.getAccumuloClient().tableOperations().create(tableName);
- WalkingSecurity.get(state, env).initTable(tableName);
- } catch (TableExistsException tee) {
- if (exists)
- return;
- else
- throw new AccumuloException("Test and Accumulo are out of sync");
+ try {
+ client.tableOperations().create(tableName);
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else {
+ // create table anyway for sake of state
+ try {
+ env.getAccumuloClient().tableOperations().create(tableName);
+ WalkingSecurity.get(state, env).initTable(tableName);
+ } catch (TableExistsException tee) {
+ if (exists)
+ return;
+ else
+ throw new AccumuloException("Test and Accumulo are out of sync");
+ }
+ return;
}
+ } else
+ throw new AccumuloException("Got unexpected error", ae);
+ } catch (TableExistsException tee) {
+ if (!exists)
+ throw new TableExistsException(null, tableName, "Got a TableExistsException but it shouldn't have existed", tee);
+ else
return;
- }
- } else
- throw new AccumuloException("Got unexpected error", ae);
- } catch (TableExistsException tee) {
- if (!exists)
- throw new TableExistsException(null, tableName, "Got a TableExistsException but it shouldn't have existed", tee);
- else
- return;
+ }
+ WalkingSecurity.get(state, env).initTable(tableName);
+ for (TablePermission tp : TablePermission.values())
+ WalkingSecurity.get(state, env).grantTablePermission(client.whoami(), tableName, tp);
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
}
- WalkingSecurity.get(state, env).initTable(tableName);
- for (TablePermission tp : TablePermission.values())
- WalkingSecurity.get(state, env).grantTablePermission(client.whoami(), tableName, tp);
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateUser.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateUser.java
index c84e6d6..bae37c6 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateUser.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/CreateUser.java
@@ -32,41 +32,42 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
- AccumuloClient client = env.getAccumuloClient().changeUser(sysPrincipal, WalkingSecurity.get(state, env).getSysToken());
+ try (AccumuloClient client = env.createClient(sysPrincipal, WalkingSecurity.get(state, env).getSysToken())) {
- String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
+ String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
- boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = client.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.CREATE_USER);
- PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password");
- try {
- client.securityOperations().createLocalUser(tableUserName, tabUserPass);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case PERMISSION_DENIED:
- if (hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else {
- // create user anyway for sake of state
- if (!exists) {
- env.getAccumuloClient().securityOperations().createLocalUser(tableUserName, tabUserPass);
- WalkingSecurity.get(state, env).createUser(tableUserName, tabUserPass);
- Thread.sleep(1000);
+ boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
+ boolean hasPermission = client.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.CREATE_USER);
+ PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password");
+ try {
+ client.securityOperations().createLocalUser(tableUserName, tabUserPass);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case PERMISSION_DENIED:
+ if (hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else {
+ // create user anyway for sake of state
+ if (!exists) {
+ env.getAccumuloClient().securityOperations().createLocalUser(tableUserName, tabUserPass);
+ WalkingSecurity.get(state, env).createUser(tableUserName, tabUserPass);
+ Thread.sleep(1000);
+ }
+ return;
}
- return;
- }
- case USER_EXISTS:
- if (!exists)
- throw new AccumuloException("Got security exception when the user shouldn't have existed", ae);
- else
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+ case USER_EXISTS:
+ if (!exists)
+ throw new AccumuloException("Got security exception when the user shouldn't have existed", ae);
+ else
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
}
+ WalkingSecurity.get(state, env).createUser(tableUserName, tabUserPass);
+ Thread.sleep(1000);
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
}
- WalkingSecurity.get(state, env).createUser(tableUserName, tabUserPass);
- Thread.sleep(1000);
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropTable.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropTable.java
index be75a3b..2311967 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropTable.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropTable.java
@@ -50,44 +50,45 @@ public static void dropTable(State state, RandWalkEnv env, Properties props) thr
principal = WalkingSecurity.get(state, env).getSysUserName();
token = WalkingSecurity.get(state, env).getSysToken();
}
- AccumuloClient client = env.getAccumuloClient().changeUser(principal, token);
+ try (AccumuloClient client = env.createClient(principal, token)) {
- String tableName = WalkingSecurity.get(state, env).getTableName();
+ String tableName = WalkingSecurity.get(state, env).getTableName();
- boolean exists = WalkingSecurity.get(state, env).getTableExists();
+ boolean exists = WalkingSecurity.get(state, env).getTableExists();
- try {
- hasPermission = client.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE)
- || client.securityOperations().hasSystemPermission(principal, SystemPermission.DROP_TABLE);
- client.tableOperations().delete(tableName);
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ try {
+ hasPermission = client.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE)
+ || client.securityOperations().hasSystemPermission(principal, SystemPermission.DROP_TABLE);
+ client.tableOperations().delete(tableName);
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", ae);
+ else
+ return;
+ } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else {
+ // Drop anyway for sake of state
+ env.getAccumuloClient().tableOperations().delete(tableName);
+ WalkingSecurity.get(state, env).cleanTablePermissions(tableName);
+ return;
+ }
+ } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+ if (WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
+ return;
+ }
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ } catch (TableNotFoundException tnfe) {
if (exists)
- throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", ae);
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", tnfe);
else
return;
- } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else {
- // Drop anyway for sake of state
- env.getAccumuloClient().tableOperations().delete(tableName);
- WalkingSecurity.get(state, env).cleanTablePermissions(tableName);
- return;
- }
- } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
- return;
}
- throw new AccumuloException("Got unexpected ae error code", ae);
- } catch (TableNotFoundException tnfe) {
- if (exists)
- throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", tnfe);
- else
- return;
+ WalkingSecurity.get(state, env).cleanTablePermissions(tableName);
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
}
- WalkingSecurity.get(state, env).cleanTablePermissions(tableName);
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropUser.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropUser.java
index fb0190f..92cb9c1 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropUser.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/DropUser.java
@@ -31,40 +31,41 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
- AccumuloClient client = env.getAccumuloClient().changeUser(sysPrincipal, WalkingSecurity.get(state, env).getSysToken());
+ try (AccumuloClient client = env.createClient(sysPrincipal, WalkingSecurity.get(state, env).getSysToken())) {
- String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
+ String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
- boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = client.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.DROP_USER);
+ boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
+ boolean hasPermission = client.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.DROP_USER);
- try {
- client.securityOperations().dropLocalUser(tableUserName);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case PERMISSION_DENIED:
- if (hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else {
- if (exists) {
- env.getAccumuloClient().securityOperations().dropLocalUser(tableUserName);
- WalkingSecurity.get(state, env).dropUser(tableUserName);
+ try {
+ client.securityOperations().dropLocalUser(tableUserName);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case PERMISSION_DENIED:
+ if (hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else {
+ if (exists) {
+ env.getAccumuloClient().securityOperations().dropLocalUser(tableUserName);
+ WalkingSecurity.get(state, env).dropUser(tableUserName);
+ }
+ return;
}
- return;
- }
- case USER_DOESNT_EXIST:
- if (exists)
- throw new AccumuloException("Got user DNE exception when user should exists.", ae);
- else
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+ case USER_DOESNT_EXIST:
+ if (exists)
+ throw new AccumuloException("Got user DNE exception when user should exists.", ae);
+ else
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
}
+ WalkingSecurity.get(state, env).dropUser(tableUserName);
+ Thread.sleep(1000);
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
}
- WalkingSecurity.get(state, env).dropUser(tableUserName);
- Thread.sleep(1000);
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/SetAuths.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/SetAuths.java
index 6193192..ced6a00 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/SetAuths.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/SetAuths.java
@@ -48,52 +48,53 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
authPrincipal = env.getAccumuloUserName();
authToken = env.getToken();
}
- AccumuloClient client = env.getAccumuloClient().changeUser(authPrincipal, authToken);
+ try (AccumuloClient client = env.createClient(authPrincipal, authToken)) {
- boolean exists = WalkingSecurity.get(state, env).userExists(target);
- boolean hasPermission = client.securityOperations().hasSystemPermission(authPrincipal, SystemPermission.ALTER_USER);
+ boolean exists = WalkingSecurity.get(state, env).userExists(target);
+ boolean hasPermission = client.securityOperations().hasSystemPermission(authPrincipal, SystemPermission.ALTER_USER);
- Authorizations auths;
- if (authsString.equals("_random")) {
- String[] possibleAuths = WalkingSecurity.get(state, env).getAuthsArray();
+ Authorizations auths;
+ if (authsString.equals("_random")) {
+ String[] possibleAuths = WalkingSecurity.get(state, env).getAuthsArray();
- Random r = new Random();
- int i = r.nextInt(possibleAuths.length);
- String[] authSet = new String[i];
- int length = possibleAuths.length;
- for (int j = 0; j < i; j++) {
- int nextRand = r.nextInt(length);
- authSet[j] = possibleAuths[nextRand];
- length--;
- possibleAuths[nextRand] = possibleAuths[length];
- possibleAuths[length] = authSet[j];
+ Random r = new Random();
+ int i = r.nextInt(possibleAuths.length);
+ String[] authSet = new String[i];
+ int length = possibleAuths.length;
+ for (int j = 0; j < i; j++) {
+ int nextRand = r.nextInt(length);
+ authSet[j] = possibleAuths[nextRand];
+ length--;
+ possibleAuths[nextRand] = possibleAuths[length];
+ possibleAuths[length] = authSet[j];
+ }
+ auths = new Authorizations(authSet);
+ } else {
+ auths = new Authorizations(authsString.split(","));
}
- auths = new Authorizations(authSet);
- } else {
- auths = new Authorizations(authsString.split(","));
- }
- try {
- client.securityOperations().changeUserAuthorizations(target, auths);
- } catch (AccumuloSecurityException ae) {
- switch (ae.getSecurityErrorCode()) {
- case PERMISSION_DENIED:
- if (hasPermission)
- throw new AccumuloException("Got a security exception when I should have had permission.", ae);
- else
- return;
- case USER_DOESNT_EXIST:
- if (exists)
- throw new AccumuloException("Got security exception when the user should have existed", ae);
- else
- return;
- default:
- throw new AccumuloException("Got unexpected exception", ae);
+ try {
+ client.securityOperations().changeUserAuthorizations(target, auths);
+ } catch (AccumuloSecurityException ae) {
+ switch (ae.getSecurityErrorCode()) {
+ case PERMISSION_DENIED:
+ if (hasPermission)
+ throw new AccumuloException("Got a security exception when I should have had permission.", ae);
+ else
+ return;
+ case USER_DOESNT_EXIST:
+ if (exists)
+ throw new AccumuloException("Got security exception when the user should have existed", ae);
+ else
+ return;
+ default:
+ throw new AccumuloException("Got unexpected exception", ae);
+ }
}
+ WalkingSecurity.get(state, env).changeAuthorizations(target, auths);
+ if (!hasPermission)
+ throw new AccumuloException("Didn't get Security Exception when we should have");
}
- WalkingSecurity.get(state, env).changeAuthorizations(target, auths);
- if (!hasPermission)
- throw new AccumuloException("Didn't get Security Exception when we should have");
}
}
diff --git a/src/main/java/org/apache/accumulo/testing/randomwalk/security/TableOp.java b/src/main/java/org/apache/accumulo/testing/randomwalk/security/TableOp.java
index b2b6504..0b539c0 100644
--- a/src/main/java/org/apache/accumulo/testing/randomwalk/security/TableOp.java
+++ b/src/main/java/org/apache/accumulo/testing/randomwalk/security/TableOp.java
@@ -57,215 +57,216 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
- AccumuloClient client = env.getAccumuloClient().changeUser(tablePrincipal, WalkingSecurity.get(state, env).getTabToken());
- TableOperations tableOps = client.tableOperations();
- SecurityOperations secOps = client.securityOperations();
+ try (AccumuloClient client = env.createClient(tablePrincipal, WalkingSecurity.get(state, env).getTabToken())) {
+ TableOperations tableOps = client.tableOperations();
+ SecurityOperations secOps = client.securityOperations();
- String action = props.getProperty("action", "_random");
- TablePermission tp;
- if ("_random".equalsIgnoreCase(action)) {
- Random r = new Random();
- tp = TablePermission.values()[r.nextInt(TablePermission.values().length)];
- } else {
- tp = TablePermission.valueOf(action);
- }
-
- boolean tableExists = WalkingSecurity.get(state, env).getTableExists();
- String tableName = WalkingSecurity.get(state, env).getTableName();
+ String action = props.getProperty("action", "_random");
+ TablePermission tp;
+ if ("_random".equalsIgnoreCase(action)) {
+ Random r = new Random();
+ tp = TablePermission.values()[r.nextInt(TablePermission.values().length)];
+ } else {
+ tp = TablePermission.valueOf(action);
+ }
- switch (tp) {
- case READ: {
- boolean canRead;
- try {
- canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
- } catch (AccumuloSecurityException ase) {
- if (tableExists)
- throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
- return;
- }
- Authorizations auths = secOps.getUserAuthorizations(tablePrincipal);
- boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(client.whoami(), tp);
- boolean ambiguousAuths = WalkingSecurity.get(state, env).ambiguousAuthorizations(client.whoami());
+ boolean tableExists = WalkingSecurity.get(state, env).getTableExists();
+ String tableName = WalkingSecurity.get(state, env).getTableName();
- Scanner scan = null;
- try {
- scan = client.createScanner(tableName, secOps.getUserAuthorizations(client.whoami()));
- int seen = 0;
- Iterator<Entry<Key,Value>> iter = scan.iterator();
- while (iter.hasNext()) {
- Entry<Key,Value> entry = iter.next();
- Key k = entry.getKey();
- seen++;
- if (!auths.contains(k.getColumnVisibilityData()) && !ambiguousAuths)
- throw new AccumuloException("Got data I should not be capable of seeing: " + k + " table " + tableName);
- }
- if (!canRead && !ambiguousZone)
- throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + client.whoami() + " table " + tableName);
- for (Entry<String,Integer> entry : WalkingSecurity.get(state, env).getAuthsMap().entrySet()) {
- if (auths.contains(entry.getKey().getBytes(UTF_8)))
- seen = seen - entry.getValue();
- }
- if (seen != 0 && !ambiguousAuths)
- throw new AccumuloException("Got mismatched amounts of data");
- } catch (TableNotFoundException tnfe) {
- if (tableExists)
- throw new AccumuloException("Accumulo and test suite out of sync: table " + tableName, tnfe);
- return;
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (canRead && !ambiguousZone)
- throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, ae);
- else
- return;
- }
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
- if (ambiguousAuths)
- return;
- else
- throw new AccumuloException("Mismatched authorizations! ", ae);
- }
- throw new AccumuloException("Unexpected exception!", ae);
- } catch (RuntimeException re) {
- if (re.getCause() instanceof AccumuloSecurityException
- && ((AccumuloSecurityException) re.getCause()).getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (canRead && !ambiguousZone)
- throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, re.getCause());
- else
- return;
- }
- if (re.getCause() instanceof AccumuloSecurityException
- && ((AccumuloSecurityException) re.getCause()).getSecurityErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
- if (ambiguousAuths)
- return;
- else
- throw new AccumuloException("Mismatched authorizations! ", re.getCause());
+ switch (tp) {
+ case READ: {
+ boolean canRead;
+ try {
+ canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
+ return;
}
+ Authorizations auths = secOps.getUserAuthorizations(tablePrincipal);
+ boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(client.whoami(), tp);
+ boolean ambiguousAuths = WalkingSecurity.get(state, env).ambiguousAuthorizations(client.whoami());
- throw new AccumuloException("Unexpected exception!", re);
- } finally {
- if (scan != null) {
- scan.close();
- scan = null;
- }
+ Scanner scan = null;
+ try {
+ scan = client.createScanner(tableName, secOps.getUserAuthorizations(client.whoami()));
+ int seen = 0;
+ Iterator<Entry<Key,Value>> iter = scan.iterator();
+ while (iter.hasNext()) {
+ Entry<Key,Value> entry = iter.next();
+ Key k = entry.getKey();
+ seen++;
+ if (!auths.contains(k.getColumnVisibilityData()) && !ambiguousAuths)
+ throw new AccumuloException("Got data I should not be capable of seeing: " + k + " table " + tableName);
+ }
+ if (!canRead && !ambiguousZone)
+ throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + client.whoami() + " table " + tableName);
+ for (Entry<String,Integer> entry : WalkingSecurity.get(state, env).getAuthsMap().entrySet()) {
+ if (auths.contains(entry.getKey().getBytes(UTF_8)))
+ seen = seen - entry.getValue();
+ }
+ if (seen != 0 && !ambiguousAuths)
+ throw new AccumuloException("Got mismatched amounts of data");
+ } catch (TableNotFoundException tnfe) {
+ if (tableExists)
+ throw new AccumuloException("Accumulo and test suite out of sync: table " + tableName, tnfe);
+ return;
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (canRead && !ambiguousZone)
+ throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, ae);
+ else
+ return;
+ }
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
+ if (ambiguousAuths)
+ return;
+ else
+ throw new AccumuloException("Mismatched authorizations! ", ae);
+ }
+ throw new AccumuloException("Unexpected exception!", ae);
+ } catch (RuntimeException re) {
+ if (re.getCause() instanceof AccumuloSecurityException
+ && ((AccumuloSecurityException) re.getCause()).getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (canRead && !ambiguousZone)
+ throw new AccumuloException("Table read permission out of sync with Accumulo: table " + tableName, re.getCause());
+ else
+ return;
+ }
+ if (re.getCause() instanceof AccumuloSecurityException
+ && ((AccumuloSecurityException) re.getCause()).getSecurityErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
+ if (ambiguousAuths)
+ return;
+ else
+ throw new AccumuloException("Mismatched authorizations! ", re.getCause());
+ }
- }
+ throw new AccumuloException("Unexpected exception!", re);
+ } finally {
+ if (scan != null) {
+ scan.close();
+ scan = null;
+ }
- break;
- }
- case WRITE:
- boolean canWrite;
- try {
- canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
- } catch (AccumuloSecurityException ase) {
- if (tableExists)
- throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
- return;
- }
+ }
- String key = WalkingSecurity.get(state, env).getLastKey() + "1";
- Mutation m = new Mutation(new Text(key));
- for (String s : WalkingSecurity.get(state, env).getAuthsArray()) {
- m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes(UTF_8)));
+ break;
}
- BatchWriter writer = null;
- try {
+ case WRITE:
+ boolean canWrite;
try {
- writer = client.createBatchWriter(tableName, new BatchWriterConfig().setMaxMemory(9000l).setMaxWriteThreads(1));
- } catch (TableNotFoundException tnfe) {
+ canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
+ } catch (AccumuloSecurityException ase) {
if (tableExists)
- throw new AccumuloException("Table didn't exist when it should have: " + tableName);
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
return;
}
- boolean works = true;
+
+ String key = WalkingSecurity.get(state, env).getLastKey() + "1";
+ Mutation m = new Mutation(new Text(key));
+ for (String s : WalkingSecurity.get(state, env).getAuthsArray()) {
+ m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes(UTF_8)));
+ }
+ BatchWriter writer = null;
try {
- writer.addMutation(m);
- writer.close();
- } catch (MutationsRejectedException mre) {
- if (mre.getSecurityErrorCodes().size() == 1) {
- // TabletServerBatchWriter will log the error automatically so make sure its the error we expect
- SecurityErrorCode errorCode = mre.getSecurityErrorCodes().entrySet().iterator().next().getValue().iterator().next();
- if (errorCode.equals(SecurityErrorCode.PERMISSION_DENIED) && !canWrite) {
- log.info("Caught MutationsRejectedException({}) in TableOp.WRITE as expected.", errorCode);
- return;
+ try {
+ writer = client.createBatchWriter(tableName, new BatchWriterConfig().setMaxMemory(9000l).setMaxWriteThreads(1));
+ } catch (TableNotFoundException tnfe) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName);
+ return;
+ }
+ boolean works = true;
+ try {
+ writer.addMutation(m);
+ writer.close();
+ } catch (MutationsRejectedException mre) {
+ if (mre.getSecurityErrorCodes().size() == 1) {
+ // TabletServerBatchWriter will log the error automatically so make sure its the error we expect
+ SecurityErrorCode errorCode = mre.getSecurityErrorCodes().entrySet().iterator().next().getValue().iterator().next();
+ if (errorCode.equals(SecurityErrorCode.PERMISSION_DENIED) && !canWrite) {
+ log.info("Caught MutationsRejectedException({}) in TableOp.WRITE as expected.", errorCode);
+ return;
+ }
}
+ throw new AccumuloException("Unexpected MutationsRejectedException in TableOp.WRITE", mre);
+ }
+ if (works)
+ for (String s : WalkingSecurity.get(state, env).getAuthsArray())
+ WalkingSecurity.get(state, env).increaseAuthMap(s, 1);
+ } finally {
+ if (writer != null) {
+ writer.close();
+ writer = null;
}
- throw new AccumuloException("Unexpected MutationsRejectedException in TableOp.WRITE", mre);
}
- if (works)
- for (String s : WalkingSecurity.get(state, env).getAuthsArray())
- WalkingSecurity.get(state, env).increaseAuthMap(s, 1);
- } finally {
- if (writer != null) {
- writer.close();
- writer = null;
+ break;
+ case BULK_IMPORT:
+ key = WalkingSecurity.get(state, env).getLastKey() + "1";
+ SortedSet<Key> keys = new TreeSet<>();
+ for (String s : WalkingSecurity.get(state, env).getAuthsArray()) {
+ Key k = new Key(key, "", "", s);
+ keys.add(k);
}
- }
- break;
- case BULK_IMPORT:
- key = WalkingSecurity.get(state, env).getLastKey() + "1";
- SortedSet<Key> keys = new TreeSet<>();
- for (String s : WalkingSecurity.get(state, env).getAuthsArray()) {
- Key k = new Key(key, "", "", s);
- keys.add(k);
- }
- Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString());
- Path fail = new Path(dir.toString() + "_fail");
- FileSystem fs = WalkingSecurity.get(state, env).getFs();
- RFileWriter rFileWriter = RFile.newWriter().to(dir + "/securityBulk.rf").withFileSystem(fs).build();
- rFileWriter.startDefaultLocalityGroup();
- fs.mkdirs(fail);
- for (Key k : keys)
- rFileWriter.append(k, new Value("Value".getBytes(UTF_8)));
- rFileWriter.close();
- try {
- tableOps.importDirectory(tableName, dir.toString(), fail.toString(), true);
- } catch (TableNotFoundException tnfe) {
- if (tableExists)
- throw new AccumuloException("Table didn't exist when it should have: " + tableName);
- return;
- } catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.BULK_IMPORT))
- throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
+ Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString());
+ Path fail = new Path(dir.toString() + "_fail");
+ FileSystem fs = WalkingSecurity.get(state, env).getFs();
+ RFileWriter rFileWriter = RFile.newWriter().to(dir + "/securityBulk.rf").withFileSystem(fs).build();
+ rFileWriter.startDefaultLocalityGroup();
+ fs.mkdirs(fail);
+ for (Key k : keys)
+ rFileWriter.append(k, new Value("Value".getBytes(UTF_8)));
+ rFileWriter.close();
+ try {
+ tableOps.importDirectory(tableName, dir.toString(), fail.toString(), true);
+ } catch (TableNotFoundException tnfe) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName);
return;
- } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
- if (WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.BULK_IMPORT))
+ throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
return;
+ } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
+ if (WalkingSecurity.get(state, env).userPassTransient(client.whoami()))
+ return;
+ }
+ throw new AccumuloException("Unexpected exception!", ae);
}
- throw new AccumuloException("Unexpected exception!", ae);
- }
- for (String s : WalkingSecurity.get(state, env).getAuthsArray())
- WalkingSecurity.get(state, env).increaseAuthMap(s, 1);
- fs.delete(dir, true);
- fs.delete(fail, true);
+ for (String s : WalkingSecurity.get(state, env).getAuthsArray())
+ WalkingSecurity.get(state, env).increaseAuthMap(s, 1);
+ fs.delete(dir, true);
+ fs.delete(fail, true);
- if (!secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.BULK_IMPORT))
- throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
- break;
- case ALTER_TABLE:
- boolean tablePerm;
- try {
- tablePerm = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE);
- } catch (AccumuloSecurityException ase) {
- if (tableExists)
- throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
- return;
- }
- AlterTable.renameTable(client, state, env, tableName, tableName + "plus", tablePerm, tableExists);
- break;
+ if (!secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.BULK_IMPORT))
+ throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
+ break;
+ case ALTER_TABLE:
+ boolean tablePerm;
+ try {
+ tablePerm = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
+ return;
+ }
+ AlterTable.renameTable(client, state, env, tableName, tableName + "plus", tablePerm, tableExists);
+ break;
- case GRANT:
- props.setProperty("task", "grant");
- props.setProperty("perm", "random");
- props.setProperty("source", "table");
- props.setProperty("target", "system");
- AlterTablePerm.alter(state, env, props);
- break;
+ case GRANT:
+ props.setProperty("task", "grant");
+ props.setProperty("perm", "random");
+ props.setProperty("source", "table");
+ props.setProperty("target", "system");
+ AlterTablePerm.alter(state, env, props);
+ break;
- case DROP_TABLE:
- props.setProperty("source", "table");
- DropTable.dropTable(state, env, props);
- break;
+ case DROP_TABLE:
+ props.setProperty("source", "table");
+ DropTable.dropTable(state, env, props);
+ break;
+ }
}
}
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services