Author: vines
Date: Thu Jun 14 22:25:04 2012
New Revision: 1350414
URL: http://svn.apache.org/viewvc?rev=1350414&view=rev
Log:
Resolved some tests for ACCUMULO-259
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKAuthorizor.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKSecurityTool.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/VerifyIngest.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/functional/PermissionsTest.java
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/master/Master.java
Thu Jun 14 22:25:04 2012
@@ -713,7 +713,8 @@ public class Master implements LiveTServ
private void alterTableProperty(AuthInfo c, String tableName, String
property, String value, TableOperation op) throws ThriftSecurityException,
ThriftTableOperationException {
final String tableId = checkTableId(tableName, op);
- security.canAlterTable(c, tableId);
+ if (!security.canAlterTable(c, tableId))
+ throw new ThriftSecurityException(c.user,
SecurityErrorCode.PERMISSION_DENIED);
try {
if (value == null) {
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
Thu Jun 14 22:25:04 2012
@@ -42,7 +42,7 @@ public class AuditedSecurityOperation im
}
private void audit(AuthInfo credentials, ThriftSecurityException ex, String
template, Object... args) {
- log.log(AuditLevel.AUDIT, "Error: authentication operation failed: " +
credentials.user + ": " + String.format(template, args));
+ log.log(AuditLevel.AUDIT, "Error: authenticated operation failed: " +
credentials.user + ": " + String.format(template, args));
}
private void audit(AuthInfo credentials, String template, Object... args) {
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperationImpl.java
Thu Jun 14 22:25:04 2012
@@ -100,6 +100,12 @@ public class SecurityOperationImpl imple
authenticator.initializeSecurity(credentials, rootuser, rootpass);
authorizor.initializeSecurity(rootuser);
+ try {
+ authorizor.grantTablePermission(rootuser, Constants.METADATA_TABLE_ID,
TablePermission.ALTER_TABLE);
+ } catch (TableNotFoundException e) {
+ // Shouldn't happen
+ throw new RuntimeException(e);
+ }
}
public synchronized String getRootUsername() {
@@ -207,7 +213,7 @@ public class SecurityOperationImpl imple
* @throws ThriftTableOperationException
*/
private boolean hasTablePermission(String user, String table,
TablePermission permission) throws ThriftSecurityException {
- if (user.equals(getRootUsername()) ||
user.equals(SecurityConstants.SYSTEM_USERNAME))
+ if (user.equals(SecurityConstants.SYSTEM_USERNAME))
return true;
targetUserExists(user);
@@ -433,7 +439,7 @@ public class SecurityOperationImpl imple
authenticate(c);
if (user.equals(SecurityConstants.SYSTEM_USERNAME))
throw new ThriftSecurityException(c.user,
SecurityErrorCode.PERMISSION_DENIED);
- return hasSystemPermission(c.user, SystemPermission.ALTER_TABLE);
+ return hasSystemPermission(c.user, SystemPermission.ALTER_USER);
}
/**
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKAuthorizor.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKAuthorizor.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKAuthorizor.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKAuthorizor.java
Thu Jun 14 22:25:04 2012
@@ -227,7 +227,6 @@ public class ZKAuthorizor implements Aut
initUser(rootuser);
zoo.putPersistentData(ZKUserPath + "/" + rootuser + ZKUserAuths,
ZKSecurityTool.convertAuthorizations(Constants.NO_AUTHS),
NodeExistsPolicy.FAIL);
zoo.putPersistentData(ZKUserPath + "/" + rootuser + ZKUserSysPerms,
ZKSecurityTool.convertSystemPermissions(rootPerms), NodeExistsPolicy.FAIL);
- zoo.putPersistentData(ZKUserPath + "/" + rootuser + ZKUserTablePerms,
new byte[0], NodeExistsPolicy.FAIL);
for (Entry<String,Set<TablePermission>> entry : tablePerms.entrySet())
createTablePerm(rootuser, entry.getKey(), entry.getValue());
} catch (KeeperException e) {
@@ -258,7 +257,7 @@ public class ZKAuthorizor implements Aut
}
/**
- * Sets up a new table configuration for the provided user/table. No
checking for existance is done here, it should be done before calling.
+ * Sets up a new table configuration for the provided user/table. No
checking for existence is done here, it should be done before calling.
*/
private void createTablePerm(String user, String table, Set<TablePermission>
perms) throws KeeperException, InterruptedException {
synchronized (zooCache) {
@@ -330,10 +329,11 @@ public class ZKAuthorizor implements Aut
public void dropUser(String user) throws AccumuloSecurityException {
try {
synchronized (zooCache) {
+ IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance();
+ zoo.recursiveDelete(ZKUserPath + "/" + user + ZKUserAuths,
NodeMissingPolicy.SKIP);
+ zoo.recursiveDelete(ZKUserPath + "/" + user + ZKUserSysPerms,
NodeMissingPolicy.SKIP);
+ zoo.recursiveDelete(ZKUserPath + "/" + user + ZKUserTablePerms,
NodeMissingPolicy.SKIP);
zooCache.clear(ZKUserPath + "/" + user);
- ZooReaderWriter.getRetryingInstance().recursiveDelete(ZKUserPath + "/"
+ user + ZKUserAuths, NodeMissingPolicy.FAIL);
- ZooReaderWriter.getRetryingInstance().recursiveDelete(ZKUserPath + "/"
+ user + ZKUserSysPerms, NodeMissingPolicy.FAIL);
- ZooReaderWriter.getRetryingInstance().recursiveDelete(ZKUserPath + "/"
+ user + ZKUserTablePerms, NodeMissingPolicy.FAIL);
}
} catch (InterruptedException e) {
log.error(e, e);
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKSecurityTool.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKSecurityTool.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKSecurityTool.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/ZKSecurityTool.java
Thu Jun 14 22:25:04 2012
@@ -32,6 +32,7 @@ import org.apache.accumulo.core.client.A
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
+import org.apache.log4j.Logger;
/**
* All the static too methods used for this class, so that we can separate out
stuff that isn't using ZooKeeper. That way, we can check the synchronization
@@ -39,6 +40,7 @@ import org.apache.accumulo.core.security
* won't, and so don't need to be checked.
*/
class ZKSecurityTool {
+ private static final Logger log = Logger.getLogger(ZKSecurityTool.class);
private static final int SALT_LENGTH = 8;
// Generates a byte array salt of length SALT_LENGTH
@@ -65,7 +67,7 @@ class ZKSecurityTool {
try {
passwordToCheck = convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
- ZKAuthenticator.log.error("Count not create hashed password", e);
+ log.error("Count not create hashed password", e);
return false;
}
return java.util.Arrays.equals(passwordToCheck, zkData);
@@ -76,7 +78,7 @@ class ZKSecurityTool {
try {
return convertPass(password, salt);
} catch (NoSuchAlgorithmException e) {
- ZKAuthenticator.log.error("Count not create hashed password", e);
+ log.error("Count not create hashed password", e);
throw new AccumuloException("Count not create hashed password", e);
}
}
@@ -107,7 +109,7 @@ class ZKSecurityTool {
for (SystemPermission sp : systempermissions)
out.writeByte(sp.getId());
} catch (IOException e) {
- ZKAuthenticator.log.error(e, e);
+ log.error(e, e);
throw new RuntimeException(e); // this is impossible with
ByteArrayOutputStream; crash hard if this happens
}
return bytes.toByteArray();
@@ -121,7 +123,7 @@ class ZKSecurityTool {
while (in.available() > 0)
toReturn.add(SystemPermission.getPermissionById(in.readByte()));
} catch (IOException e) {
- ZKAuthenticator.log.error("User database is corrupt; error converting
system permissions", e);
+ log.error("User database is corrupt; error converting system
permissions", e);
toReturn.clear();
}
return toReturn;
@@ -134,7 +136,7 @@ class ZKSecurityTool {
for (TablePermission tp : tablepermissions)
out.writeByte(tp.getId());
} catch (IOException e) {
- ZKAuthenticator.log.error(e, e);
+ log.error(e, e);
throw new RuntimeException(e); // this is impossible with
ByteArrayOutputStream; crash hard if this happens
}
return bytes.toByteArray();
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/VerifyIngest.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/VerifyIngest.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/VerifyIngest.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/VerifyIngest.java
Thu Jun 14 22:25:04 2012
@@ -93,6 +93,8 @@ public class VerifyIngest {
int errors = 0;
+ connector.securityOperations().changeUserAuthorizations(username,
labelAuths);
+
while (expectedRow < (ingestArgs.rows + ingestArgs.startRow)) {
if (ingestArgs.useGet) {
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/functional/PermissionsTest.java
URL:
http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/functional/PermissionsTest.java?rev=1350414&r1=1350413&r2=1350414&view=diff
==============================================================================
---
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/functional/PermissionsTest.java
(original)
+++
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/functional/PermissionsTest.java
Thu Jun 14 22:25:04 2012
@@ -234,6 +234,13 @@ public class PermissionsTest {
if (!ServerConfiguration.getTableConfiguration(instance,
tableId).get(Property.TABLE_BLOOM_ERRORRATE).equals("003.14159%"))
throw new IllegalStateException("Should be able to set a table
property");
test_user_conn.tableOperations().removeProperty(tableName,
Property.TABLE_BLOOM_ERRORRATE.getKey());
+ // Surprised we got away without pausing before.
+ try {
+ Thread.sleep(100);
+ } catch (InterruptedException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
if (ServerConfiguration.getTableConfiguration(instance,
tableId).get(Property.TABLE_BLOOM_ERRORRATE).equals("003.14159%"))
throw new IllegalStateException("Should be able to remove a table
property");
test_user_conn.tableOperations().rename(tableName, table2);
@@ -296,6 +303,12 @@ public class PermissionsTest {
private static final Logger log =
Logger.getLogger(SystemPermissionsTest.class);
private static final String TEST_TABLE = "__TABLE_PERMISSION_TEST__";
+ public static void main(String args[]) throws Exception
+ {
+ FunctionalTest.main(args);
+ new TablePermissionsTest().run();
+ }
+
@Override
public void cleanup() throws Exception {}