You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by GitBox <gi...@apache.org> on 2017/10/25 19:40:15 UTC
[GitHub] milleruntime closed pull request #9: ACCUMULO-4717 Refactor WalkingSecurity to use API
milleruntime closed pull request #9: ACCUMULO-4717 Refactor WalkingSecurity to use API
URL: https://github.com/apache/accumulo-testing/pull/9
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
index ee26003..1283fd7 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
@@ -25,6 +25,7 @@
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -34,13 +35,26 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
- Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String systemUser = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(systemUser, WalkingSecurity.get(state, env).getSysToken());
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission = conn.securityOperations().hasTablePermission(WalkingSecurity.get(state, env).getSysUserName(), tableName,
- TablePermission.ALTER_TABLE);
+ boolean hasPermission;
+ try {
+ hasPermission = conn.securityOperations().hasTablePermission(systemUser, tableName, TablePermission.ALTER_TABLE)
+ || conn.securityOperations().hasSystemPermission(systemUser, SystemPermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ }
+ }
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), env.getPid(),
System.currentTimeMillis());
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
index 30f727f..8d1d4a6 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
@@ -22,7 +22,9 @@
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;;
+import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.admin.SecurityOperations;
+import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
@@ -78,8 +80,19 @@ public static void alter(State state, RandWalkEnv env, Properties props) throws
Connector conn = env.getAccumuloInstance().getConnector(sourceUser, sourceToken);
SecurityOperations secOps = conn.securityOperations();
- canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
- || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
+ try {
+ canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
+ || secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
+ } catch (AccumuloSecurityException ae) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ }
+ }
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
index e524d07..63105f4 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
@@ -52,7 +52,7 @@ public static void authenticate(String principal, AuthenticationToken token, Sta
boolean exists = WalkingSecurity.get(state, env).userExists(target);
// Copy so if failed it doesn't mess with the password stored in state
byte[] password = Arrays.copyOf(WalkingSecurity.get(state, env).getUserPassword(target), WalkingSecurity.get(state, env).getUserPassword(target).length);
- boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM);
+ boolean hasPermission = conn.securityOperations().hasSystemPermission(principal, SystemPermission.SYSTEM) || principal.equals(target);
if (!success)
for (int i = 0; i < password.length; i++)
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
index 589edff..585a2c1 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
@@ -56,7 +56,7 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
targetExists = WalkingSecurity.get(state, env).userExists(target);
- hasPerm = conn.securityOperations().hasSystemPermission(target, SystemPermission.ALTER_USER);
+ hasPerm = conn.securityOperations().hasSystemPermission(principal, SystemPermission.ALTER_USER) || principal.equals(target);
Random r = new Random();
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
index 5e71410..de11d62 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
@@ -23,6 +23,7 @@
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -37,7 +38,7 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state, env).canCreateTable(WalkingSecurity.get(state, env).getSysCredentials(), null, null);
+ boolean hasPermission = conn.securityOperations().hasSystemPermission(WalkingSecurity.get(state, env).getSysUserName(), SystemPermission.CREATE_TABLE);
try {
conn.tableOperations().create(tableName);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
index 91e8f8b..ca9afbe 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
@@ -22,6 +22,7 @@
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -30,12 +31,13 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
- Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state, env).getSysToken());
String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state, env).canCreateUser(WalkingSecurity.get(state, env).getSysCredentials(), tableUserName);
+ boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.CREATE_USER);
PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password");
try {
conn.securityOperations().createLocalUser(tableUserName, tabUserPass);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
index db6b7a3..66fc0e2 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
@@ -25,6 +25,7 @@
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -41,6 +42,7 @@ public static void dropTable(State state, RandWalkEnv env, Properties props) thr
String sourceUser = props.getProperty("source", "system");
String principal;
AuthenticationToken token;
+ boolean hasPermission = false;
if (sourceUser.equals("table")) {
principal = WalkingSecurity.get(state, env).getTabUserName();
token = WalkingSecurity.get(state, env).getTabToken();
@@ -53,12 +55,18 @@ public static void dropTable(State state, RandWalkEnv env, Properties props) thr
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission = conn.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE);
try {
+ hasPermission = conn.securityOperations().hasTablePermission(principal, tableName, TablePermission.DROP_TABLE)
+ || conn.securityOperations().hasSystemPermission(principal, SystemPermission.DROP_TABLE);
conn.tableOperations().delete(tableName);
} catch (AccumuloSecurityException ae) {
- if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a TableNotFoundException but it should have existed", ae);
+ else
+ return;
+ } else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
if (hasPermission)
throw new AccumuloException("Got a security exception when I should have had permission.", ae);
else {
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
index 7d1a9b6..933c26d 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
@@ -21,6 +21,7 @@
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -29,12 +30,13 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
- Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal, WalkingSecurity.get(state, env).getSysToken());
String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state, env).canDropUser(WalkingSecurity.get(state, env).getSysCredentials(), tableUserName);
+ boolean hasPermission = conn.securityOperations().hasSystemPermission(sysPrincipal, SystemPermission.DROP_USER);
try {
conn.securityOperations().dropLocalUser(tableUserName);
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
index f44511c..7513b23 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
@@ -56,10 +56,10 @@
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws Exception {
- Connector conn = env.getAccumuloInstance().getConnector(WalkingSecurity.get(state, env).getTabUserName(), WalkingSecurity.get(state, env).getTabToken());
+ String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(tablePrincipal, WalkingSecurity.get(state, env).getTabToken());
TableOperations tableOps = conn.tableOperations();
SecurityOperations secOps = conn.securityOperations();
- String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
String action = props.getProperty("action", "_random");
TablePermission tp;
@@ -75,8 +75,15 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
switch (tp) {
case READ: {
- boolean canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
- Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials());
+ boolean canRead;
+ try {
+ canRead = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.READ);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
+ return;
+ }
+ Authorizations auths = secOps.getUserAuthorizations(tablePrincipal);
boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state, env).ambiguousAuthorizations(conn.whoami());
@@ -146,7 +153,14 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
break;
}
case WRITE:
- boolean canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
+ boolean canWrite;
+ try {
+ canWrite = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.WRITE);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
+ return;
+ }
boolean ambiguousZone = WalkingSecurity.get(state, env).inAmbiguousZone(conn.whoami(), tp);
String key = WalkingSecurity.get(state, env).getLastKey() + "1";
@@ -239,8 +253,15 @@ public void visit(State state, RandWalkEnv env, Properties props) throws Excepti
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
- AlterTable.renameTable(conn, state, env, tableName, tableName + "plus",
- secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE), tableExists);
+ boolean tablePerm;
+ try {
+ tablePerm = secOps.hasTablePermission(tablePrincipal, tableName, TablePermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should have: " + tableName, ase);
+ return;
+ }
+ AlterTable.renameTable(conn, state, env, tableName, tableName + "plus", tablePerm, tableExists);
break;
case GRANT:
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
index edf9e4d..9e36c86 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
@@ -101,12 +101,6 @@ public static void validate(State state, RandWalkEnv env, Logger log) throws Exc
}
}
-
- Authorizations accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state, env).getTabUserName());
- Authorizations auths = WalkingSecurity.get(state, env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials());
-
- if (!auths.equals(accuAuths))
- throw new AccumuloException("Table User authorizations out of sync");
}
}
diff --git a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
index 071e5ca..4a0c6f2 100644
--- a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
+++ b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
@@ -17,39 +17,19 @@
package org.apache.accumulo.testing.core.randomwalk.security;
import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.util.Collection;
import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.client.impl.Credentials;
-import org.apache.accumulo.core.client.impl.Namespace;
-import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
-import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.NamespacePermission;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.TCredentials;
-import org.apache.accumulo.core.util.CachedConfiguration;
-import org.apache.accumulo.server.AccumuloServerContext;
-import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.conf.ServerConfigurationFactory;
-import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.handler.Authenticator;
-import org.apache.accumulo.server.security.handler.Authorizor;
-import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -57,7 +37,7 @@
/**
*
*/
-public class WalkingSecurity extends SecurityOperation implements Authorizor, Authenticator, PermissionHandler {
+public class WalkingSecurity {
State state = null;
RandWalkEnv env = null;
private static final Logger log = LoggerFactory.getLogger(WalkingSecurity.class);
@@ -79,17 +59,9 @@
private static WalkingSecurity instance = null;
- public WalkingSecurity(AccumuloServerContext context, Authorizor author, Authenticator authent, PermissionHandler pm) {
- super(context, author, authent, pm);
- }
-
public WalkingSecurity(State state2, RandWalkEnv env2) {
- super(new AccumuloServerContext(HdfsZooInstance.getInstance(), new ServerConfigurationFactory(HdfsZooInstance.getInstance())));
this.state = state2;
this.env = env2;
- authorizor = this;
- authenticator = this;
- permHandle = this;
}
public static WalkingSecurity get(State state, RandWalkEnv env) {
@@ -103,81 +75,26 @@ public static WalkingSecurity get(State state, RandWalkEnv env) {
return instance;
}
- @Override
- public void initialize(String instanceId, boolean initialize) {
- throw new UnsupportedOperationException("nope");
- }
-
- @Override
- public boolean validSecurityHandlers(Authenticator one, PermissionHandler two) {
- return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
- }
-
- @Override
- public boolean validSecurityHandlers(Authenticator one, Authorizor two) {
- return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
- }
-
- @Override
- public boolean validSecurityHandlers(Authorizor one, PermissionHandler two) {
- return this.getClass().equals(one.getClass()) && this.getClass().equals(two.getClass());
- }
-
- @Override
- public void initializeSecurity(TCredentials rootuser, String token) throws ThriftSecurityException {
- throw new UnsupportedOperationException("nope");
- }
-
- @Override
public void changeAuthorizations(String user, Authorizations authorizations) throws AccumuloSecurityException {
state.set(user + "_auths", authorizations);
state.set("Auths-" + user + '-' + "time", System.currentTimeMillis());
}
- @Override
- public Authorizations getCachedUserAuthorizations(String user) throws AccumuloSecurityException {
- return (Authorizations) state.get(user + "_auths");
- }
-
public boolean ambiguousAuthorizations(String userName) {
Long setTime = state.getLong("Auths-" + userName + '-' + "time");
if (setTime == null)
- throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is null");
+ throw new RuntimeException("Auths-" + userName + '-' + "time is null");
if (System.currentTimeMillis() < (setTime + 1000))
return true;
return false;
}
- @Override
- public void initUser(String user) throws AccumuloSecurityException {
- changeAuthorizations(user, new Authorizations());
- }
-
- @Override
- public Set<String> listUsers() throws AccumuloSecurityException {
- Set<String> userList = new TreeSet<>();
- for (String user : new String[] {getSysUserName(), getTabUserName()}) {
- if (userExists(user))
- userList.add(user);
- }
- return userList;
- }
-
- @Override
- public boolean authenticateUser(String principal, AuthenticationToken token) {
- PasswordToken pass = (PasswordToken) state.get(principal + userPass);
- boolean ret = pass.equals(token);
- return ret;
- }
-
- @Override
public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException {
state.set(principal + userExists, Boolean.toString(true));
changePassword(principal, token);
cleanUser(principal);
}
- @Override
public void dropUser(String user) throws AccumuloSecurityException {
state.set(user + userExists, Boolean.toString(false));
cleanUser(user);
@@ -185,61 +102,32 @@ public void dropUser(String user) throws AccumuloSecurityException {
state.set("table" + connector, null);
}
- @Override
public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException {
state.set(principal + userPass, token);
state.set(principal + userPass + "time", System.currentTimeMillis());
}
- @Override
public boolean userExists(String user) {
return Boolean.parseBoolean(state.getString(user + userExists));
}
- @Override
public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
boolean res = Boolean.parseBoolean(state.getString("Sys-" + user + '-' + permission.name()));
return res;
}
- @Override
- public boolean hasCachedSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
- return hasSystemPermission(user, permission);
- }
-
- @Override
public boolean hasTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
return Boolean.parseBoolean(state.getString("Tab-" + user + '-' + permission.name()));
}
- @Override
- public boolean hasCachedTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
- return hasTablePermission(user, table, permission);
- }
-
- @Override
- public boolean hasNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- return Boolean.parseBoolean(state.getString("Nsp-" + user + '-' + permission.name()));
- }
-
- @Override
- public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- return hasNamespacePermission(user, namespace, permission);
- }
-
- @Override
public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
setSysPerm(state, user, permission, true);
}
- @Override
public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
setSysPerm(state, user, permission, false);
}
- @Override
public void grantTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
setTabPerm(state, user, permission, table, true);
}
@@ -251,40 +139,17 @@ private static void setSysPerm(State state, String userName, SystemPermission tp
private void setTabPerm(State state, String userName, TablePermission tp, String table, boolean value) {
if (table.equals(userName))
- throw new RuntimeException("This is also fucked up");
+ throw new RuntimeException("Something went wrong: table is equal to userName: " + userName);
log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ? " to" : " from") + " user " + userName);
state.set("Tab-" + userName + '-' + tp.name(), Boolean.toString(value));
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
state.set("Tab-" + userName + '-' + tp.name() + '-' + "time", System.currentTimeMillis());
}
- @Override
public void revokeTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
setTabPerm(state, user, permission, table, false);
}
- @Override
- public void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- setNspPerm(state, user, permission, namespace, true);
- }
-
- private void setNspPerm(State state, String userName, NamespacePermission tnp, Namespace.ID namespace, boolean value) {
- if (namespace.equals(userName))
- throw new RuntimeException("I don't even know");
- log.debug((value ? "Gave" : "Took") + " the table permission " + tnp.name() + (value ? " to" : " from") + " user " + userName);
- state.set("Nsp-" + userName + '-' + tnp.name(), Boolean.toString(value));
- if (tnp.equals(NamespacePermission.READ) || tnp.equals(NamespacePermission.WRITE))
- state.set("Nsp-" + userName + '-' + tnp.name() + '-' + "time", System.currentTimeMillis());
- }
-
- @Override
- public void revokeNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- setNspPerm(state, user, permission, namespace, false);
- }
-
- @Override
public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException {
for (String user : new String[] {getSysUserName(), getTabUserName()}) {
for (TablePermission tp : TablePermission.values()) {
@@ -294,17 +159,6 @@ public void cleanTablePermissions(String table) throws AccumuloSecurityException
state.set(tableExists, Boolean.toString(false));
}
- @Override
- public void cleanNamespacePermissions(Namespace.ID namespace) throws AccumuloSecurityException, NamespaceNotFoundException {
- for (String user : new String[] {getSysUserName(), getNspUserName()}) {
- for (NamespacePermission tnp : NamespacePermission.values()) {
- revokeNamespacePermission(user, namespace, tnp);
- }
- }
- state.set(namespaceExists, Boolean.toString(false));
- }
-
- @Override
public void cleanUser(String user) throws AccumuloSecurityException {
if (getTableExists())
for (TablePermission tp : TablePermission.values())
@@ -325,20 +179,11 @@ public String getSysUserName() {
return state.getString("system" + userName);
}
- public String getNspUserName() {
- return state.getString("namespace" + userName);
- }
-
public void setTabUserName(String name) {
state.set("table" + userName, name);
state.set(name + userExists, Boolean.toString(false));
}
- public void setNspUserName(String name) {
- state.set("namespace" + userName, name);
- state.set(name + userExists, Boolean.toString(false));
- }
-
public void setSysUserName(String name) {
state.set("system" + userName, name);
}
@@ -359,14 +204,6 @@ public boolean getNamespaceExists() {
return Boolean.parseBoolean(state.getString(namespaceExists));
}
- public TCredentials getSysCredentials() {
- return new Credentials(getSysUserName(), getSysToken()).toThrift(this.env.getAccumuloInstance());
- }
-
- public TCredentials getTabCredentials() {
- return new Credentials(getTabUserName(), getTabToken()).toThrift(this.env.getAccumuloInstance());
- }
-
public AuthenticationToken getSysToken() {
return new PasswordToken(getSysPassword());
}
@@ -411,7 +248,6 @@ public void setNamespaceName(String nsName) {
state.set(namespaceName, nsName);
}
- @Override
public void initTable(String table) throws AccumuloSecurityException {
state.set(tableExists, Boolean.toString(true));
state.set(tableName, table);
@@ -425,7 +261,7 @@ public boolean inAmbiguousZone(String userName, TablePermission tp) {
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
Long setTime = state.getLong("Tab-" + userName + '-' + tp.name() + '-' + "time");
if (setTime == null)
- throw new RuntimeException("WTF? Tab-" + userName + '-' + tp.name() + '-' + "time is null");
+ throw new RuntimeException("Tab-" + userName + '-' + tp.name() + '-' + "time is null");
if (System.currentTimeMillis() < (setTime + 1000))
return true;
}
@@ -458,7 +294,7 @@ public FileSystem getFs() {
if (fs == null) {
try {
- fs = FileSystem.get(CachedConfiguration.getInstance());
+ fs = FileSystem.get(new Configuration());
} catch (IOException e) {
throw new RuntimeException(e);
}
@@ -467,40 +303,8 @@ public FileSystem getFs() {
return fs;
}
- @Override
- public boolean canAskAboutUser(TCredentials credentials, String user) throws ThriftSecurityException {
- try {
- return super.canAskAboutUser(credentials, user);
- } catch (ThriftSecurityException tse) {
- if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED))
- return false;
- throw tse;
- }
- }
-
- @Override
- public boolean validTokenClass(String tokenClass) {
- return tokenClass.equals(PasswordToken.class.getName());
- }
-
public static void clearInstance() {
instance = null;
}
- @Override
- public Set<Class<? extends AuthenticationToken>> getSupportedTokenTypes() {
- Set<Class<? extends AuthenticationToken>> cs = new HashSet<>();
- cs.add(PasswordToken.class);
- return cs;
- }
-
- @Override
- public boolean isValidAuthorizations(String user, List<ByteBuffer> auths) throws AccumuloSecurityException {
- Collection<ByteBuffer> userauths = getCachedUserAuthorizations(user).getAuthorizationsBB();
- for (ByteBuffer auth : auths)
- if (!userauths.contains(auth))
- return false;
- return true;
- }
-
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services