http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/config/Config.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/Config.java b/src/java/org/apache/cassandra/config/Config.java index 15e7203..33d2bb2 100644 --- a/src/java/org/apache/cassandra/config/Config.java +++ b/src/java/org/apache/cassandra/config/Config.java @@ -19,20 +19,19 @@ package org.apache.cassandra.config; import java.io.IOException; import java.io.StringReader; -import java.sql.Time; import java.util.List; import java.util.Set; import java.util.concurrent.TimeUnit; import com.google.common.collect.Sets; -import org.supercsv.io.CsvListReader; -import org.supercsv.prefs.CsvPreference; import org.apache.cassandra.config.EncryptionOptions.ClientEncryptionOptions; import org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions; import org.apache.cassandra.exceptions.ConfigurationException; import org.apache.cassandra.io.util.NativeAllocator; import org.apache.cassandra.utils.FBUtilities; +import org.supercsv.io.CsvListReader; +import org.supercsv.prefs.CsvPreference; /** * A class that contains configuration properties for the cassandra node it runs within. @@ -44,9 +43,11 @@ public class Config public String cluster_name = "Test Cluster"; public String authenticator; public String authorizer; + public String role_manager; public int permissions_validity_in_ms = 2000; public int permissions_cache_max_entries = 1000; public int permissions_update_interval_in_ms = -1; + public int roles_validity_in_ms = 2000; /* Hashing strategy Random or OPHF */ public String partitioner;
http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/config/DatabaseDescriptor.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java index 9780db7..6d626da 100644 --- a/src/java/org/apache/cassandra/config/DatabaseDescriptor.java +++ b/src/java/org/apache/cassandra/config/DatabaseDescriptor.java @@ -81,6 +81,7 @@ public class DatabaseDescriptor private static IAuthenticator authenticator = new AllowAllAuthenticator(); private static IAuthorizer authorizer = new AllowAllAuthorizer(); + private static IRoleManager roleManager = new CassandraRoleManager(); private static IRequestScheduler requestScheduler; private static RequestSchedulerId requestSchedulerId; @@ -184,7 +185,7 @@ public class DatabaseDescriptor } } - /* Authentication and authorization backend, implementing IAuthenticator and IAuthorizer */ + /* Authentication, authorization and role management backend, implementing IAuthenticator, IAuthorizer & IRoleMapper*/ if (conf.authenticator != null) authenticator = FBUtilities.newAuthenticator(conf.authenticator); @@ -194,6 +195,12 @@ public class DatabaseDescriptor if (authenticator instanceof AllowAllAuthenticator && !(authorizer instanceof AllowAllAuthorizer)) throw new ConfigurationException("AllowAllAuthenticator can't be used with " + conf.authorizer); + if (conf.role_manager != null) + roleManager = FBUtilities.newRoleManager(conf.role_manager); + + if (authenticator instanceof PasswordAuthenticator && !(roleManager instanceof CassandraRoleManager)) + throw new ConfigurationException("CassandraRoleManager must be used with PasswordAuthenticator"); + if (conf.internode_authenticator != null) internodeAuthenticator = FBUtilities.construct(conf.internode_authenticator, "internode_authenticator"); else @@ -201,6 +208,7 @@ public class DatabaseDescriptor authenticator.validateConfiguration(); authorizer.validateConfiguration(); + roleManager.validateConfiguration(); internodeAuthenticator.validateConfiguration(); /* Hashing strategy */ @@ -604,6 +612,11 @@ public class DatabaseDescriptor return authorizer; } + public static IRoleManager getRoleManager() + { + return roleManager; + } + public static int getPermissionsValidity() { return conf.permissions_validity_in_ms; @@ -621,6 +634,11 @@ public class DatabaseDescriptor : conf.permissions_update_interval_in_ms; } + public static int getRolesValidity() + { + return conf.roles_validity_in_ms; + } + public static int getThriftFramedTransportSize() { return conf.thrift_framed_transport_size_in_mb * 1024 * 1024; http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/Cql.g ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/Cql.g b/src/java/org/apache/cassandra/cql3/Cql.g index d73dc28..c39da63 100644 --- a/src/java/org/apache/cassandra/cql3/Cql.g +++ b/src/java/org/apache/cassandra/cql3/Cql.g @@ -40,6 +40,7 @@ options { import org.apache.cassandra.auth.Permission; import org.apache.cassandra.auth.DataResource; import org.apache.cassandra.auth.IResource; + import org.apache.cassandra.auth.IRoleManager; import org.apache.cassandra.cql3.*; import org.apache.cassandra.cql3.statements.*; import org.apache.cassandra.cql3.selection.*; @@ -247,6 +248,12 @@ cqlStatement returns [ParsedStatement stmt] | st29=dropFunctionStatement { $stmt = st29; } | st30=createAggregateStatement { $stmt = st30; } | st31=dropAggregateStatement { $stmt = st31; } + | st32=createRoleStatement { $stmt = st32; } + | st33=alterRoleStatement { $stmt = st33; } + | st34=dropRoleStatement { $stmt = st34; } + | st35=listRolesStatement { $stmt = st35; } + | st36=grantRoleStatement { $stmt = st36; } + | st37=revokeRoleStatement { $stmt = st37; } ; /* @@ -802,7 +809,7 @@ truncateStatement returns [TruncateStatement stmt] ; /** - * GRANT <permission> ON <resource> TO <username> + * GRANT <permission> ON <resource> TO <rolename> */ grantStatement returns [GrantStatement stmt] : K_GRANT @@ -810,12 +817,12 @@ grantStatement returns [GrantStatement stmt] K_ON resource K_TO - username - { $stmt = new GrantStatement($permissionOrAll.perms, (DataResource) $resource.res, $username.text); } + grantee=userOrRoleName + { $stmt = new GrantStatement($permissionOrAll.perms, (DataResource) $resource.res, grantee); } ; /** - * REVOKE <permission> ON <resource> FROM <username> + * REVOKE <permission> ON <resource> FROM <rolename> */ revokeStatement returns [RevokeStatement stmt] : K_REVOKE @@ -823,22 +830,44 @@ revokeStatement returns [RevokeStatement stmt] K_ON resource K_FROM - username - { $stmt = new RevokeStatement($permissionOrAll.perms, (DataResource) $resource.res, $username.text); } + revokee=userOrRoleName + { $stmt = new RevokeStatement($permissionOrAll.perms, (DataResource) $resource.res, revokee); } + ; + +/** + * GRANT ROLE <rolename> TO <grantee> + */ +grantRoleStatement returns [GrantRoleStatement stmt] + : K_GRANT + role=userOrRoleName + K_TO + grantee=userOrRoleName + { $stmt = new GrantRoleStatement(role, grantee); } + ; + +/** + * REVOKE ROLE <rolename> FROM <revokee> + */ +revokeRoleStatement returns [RevokeRoleStatement stmt] + : K_REVOKE + role=userOrRoleName + K_FROM + revokee=userOrRoleName + { $stmt = new RevokeRoleStatement(role, revokee); } ; listPermissionsStatement returns [ListPermissionsStatement stmt] @init { IResource resource = null; - String username = null; boolean recursive = true; + RoleName grantee = new RoleName(); } : K_LIST permissionOrAll ( K_ON resource { resource = $resource.res; } )? - ( K_OF username { username = $username.text; } )? + ( K_OF roleName[grantee] )? ( K_NORECURSIVE { recursive = false; } )? - { $stmt = new ListPermissionsStatement($permissionOrAll.perms, (DataResource) resource, username, recursive); } + { $stmt = new ListPermissionsStatement($permissionOrAll.perms, (DataResource) resource, grantee, recursive); } ; permission returns [Permission perm] @@ -859,59 +888,127 @@ dataResource returns [DataResource res] : K_ALL K_KEYSPACES { $res = DataResource.root(); } | K_KEYSPACE ks = keyspaceName { $res = DataResource.keyspace($ks.id); } | ( K_COLUMNFAMILY )? cf = columnFamilyName - { $res = DataResource.columnFamily($cf.name.getKeyspace(), $cf.name.getColumnFamily()); } + { $res = DataResource.table($cf.name.getKeyspace(), $cf.name.getColumnFamily()); } ; /** * CREATE USER [IF NOT EXISTS] <username> [WITH PASSWORD <password>] [SUPERUSER|NOSUPERUSER] */ -createUserStatement returns [CreateUserStatement stmt] +createUserStatement returns [CreateRoleStatement stmt] @init { - UserOptions opts = new UserOptions(); + RoleOptions opts = new RoleOptions(); + opts.put(IRoleManager.Option.LOGIN.name(), true); boolean superuser = false; boolean ifNotExists = false; + RoleName name = new RoleName(); } - : K_CREATE K_USER (K_IF K_NOT K_EXISTS { ifNotExists = true; })? username - ( K_WITH userOptions[opts] )? + : K_CREATE K_USER (K_IF K_NOT K_EXISTS { ifNotExists = true; })? u=username { name.setName($u.text, false); } + ( K_WITH roleOptions[opts] )? ( K_SUPERUSER { superuser = true; } | K_NOSUPERUSER { superuser = false; } )? - { $stmt = new CreateUserStatement($username.text, opts, superuser, ifNotExists); } + { opts.put(IRoleManager.Option.SUPERUSER.name(), superuser); + $stmt = new CreateRoleStatement(name, opts, ifNotExists); } ; /** * ALTER USER <username> [WITH PASSWORD <password>] [SUPERUSER|NOSUPERUSER] */ -alterUserStatement returns [AlterUserStatement stmt] +alterUserStatement returns [AlterRoleStatement stmt] @init { - UserOptions opts = new UserOptions(); - Boolean superuser = null; + RoleOptions opts = new RoleOptions(); + RoleName name = new RoleName(); } - : K_ALTER K_USER username - ( K_WITH userOptions[opts] )? - ( K_SUPERUSER { superuser = true; } | K_NOSUPERUSER { superuser = false; } )? - { $stmt = new AlterUserStatement($username.text, opts, superuser); } + : K_ALTER K_USER u=username { name.setName($u.text, false); } + ( K_WITH roleOptions[opts] )? + ( K_SUPERUSER { opts.put(IRoleManager.Option.SUPERUSER.name(), true); } + | K_NOSUPERUSER { opts.put(IRoleManager.Option.SUPERUSER.name(), false); } ) ? + { $stmt = new AlterRoleStatement(name, opts); } ; /** * DROP USER [IF EXISTS] <username> */ -dropUserStatement returns [DropUserStatement stmt] - @init { boolean ifExists = false; } - : K_DROP K_USER (K_IF K_EXISTS { ifExists = true; })? username { $stmt = new DropUserStatement($username.text, ifExists); } +dropUserStatement returns [DropRoleStatement stmt] + @init { + boolean ifExists = false; + RoleName name = new RoleName(); + } + : K_DROP K_USER (K_IF K_EXISTS { ifExists = true; })? u=username { name.setName($u.text, false); $stmt = new DropRoleStatement(name, ifExists); } ; /** * LIST USERS */ -listUsersStatement returns [ListUsersStatement stmt] +listUsersStatement returns [ListRolesStatement stmt] : K_LIST K_USERS { $stmt = new ListUsersStatement(); } ; -userOptions[UserOptions opts] - : userOption[opts] +/** + * CREATE ROLE [IF NOT EXISTS] <rolename> [WITH PASSWORD <password>] [SUPERUSER|NOSUPERUSER] [LOGIN|NOLOGIN] + */ +createRoleStatement returns [CreateRoleStatement stmt] + @init { + RoleOptions opts = new RoleOptions(); + boolean superuser = false; + boolean login = false; + boolean ifNotExists = false; + } + : K_CREATE K_ROLE (K_IF K_NOT K_EXISTS { ifNotExists = true; })? name=userOrRoleName + ( K_WITH roleOptions[opts] )? + ( K_SUPERUSER { superuser = true; } | K_NOSUPERUSER { superuser = false; } )? + ( K_LOGIN { login = true; } | K_NOLOGIN { login = false; } )? + { opts.put(IRoleManager.Option.SUPERUSER.name(), superuser); + opts.put(IRoleManager.Option.LOGIN.name(), login); + $stmt = new CreateRoleStatement(name, opts, ifNotExists); } ; -userOption[UserOptions opts] - : k=K_PASSWORD v=STRING_LITERAL { opts.put($k.text, $v.text); } +/** + * ALTER ROLE <rolename> [WITH PASSWORD <password>] [SUPERUSER|NOSUPERUSER] + */ +alterRoleStatement returns [AlterRoleStatement stmt] + @init { + RoleOptions opts = new RoleOptions(); + } + : K_ALTER K_ROLE name=userOrRoleName + ( K_WITH roleOptions[opts] )? + ( K_SUPERUSER { opts.put(IRoleManager.Option.SUPERUSER.name(), true); } + | K_NOSUPERUSER { opts.put(IRoleManager.Option.SUPERUSER.name(), false); } ) ? + ( K_LOGIN { opts.put(IRoleManager.Option.LOGIN.name(), true); } + | K_NOLOGIN { opts.put(IRoleManager.Option.LOGIN.name(), false); } )? + { $stmt = new AlterRoleStatement(name, opts); } + ; + +/** + * DROP ROLE [IF EXISTS] <rolename> + */ +dropRoleStatement returns [DropRoleStatement stmt] + @init { + boolean ifExists = false; + } + : K_DROP K_ROLE (K_IF K_EXISTS { ifExists = true; })? name=userOrRoleName + { $stmt = new DropRoleStatement(name, ifExists); } + ; + +/** + * LIST ROLES [OF <rolename>] [NORECURSIVE] + */ +listRolesStatement returns [ListRolesStatement stmt] + @init { + boolean recursive = true; + RoleName grantee = new RoleName(); + } + : K_LIST K_ROLES + ( K_OF roleName[grantee])? + ( K_NORECURSIVE { recursive = false; } )? + { $stmt = new ListRolesStatement(grantee, recursive); } + ; + +roleOptions[RoleOptions opts] + : roleOption[opts] (K_AND roleOption[opts])* + ; + +roleOption[RoleOptions opts] + : k=K_PASSWORD v=STRING_LITERAL { opts.put($k.text, $v.text); } + | k=K_OPTIONS m=mapLiteral { opts.put(IRoleManager.Option.OPTIONS.name(), convertPropertyMap(m)); } ; /** DEFINITIONS **/ @@ -952,6 +1049,11 @@ userTypeName returns [UTName name] : (ks=ident '.')? ut=non_type_ident { return new UTName(ks, ut); } ; +userOrRoleName returns [RoleName name] + @init { $name = new RoleName(); } + : roleName[name] {return $name;} + ; + ksName[KeyspaceElementName name] : t=IDENT { $name.setKeyspace($t.text, false);} | t=QUOTED_NAME { $name.setKeyspace($t.text, true);} @@ -973,6 +1075,13 @@ idxName[IndexName name] | QMARK {addRecognitionError("Bind variables cannot be used for index names");} ; +roleName[RoleName name] + : t=IDENT { $name.setName($t.text, false); } + | t=QUOTED_NAME { $name.setName($t.text, true); } + | k=unreserved_keyword { $name.setName(k, false); } + | QMARK {addRecognitionError("Bind variables cannot be used for role names");} + ; + constant returns [Constants.Literal constant] : t=STRING_LITERAL { $constant = Constants.Literal.string($t.text); } | t=INTEGER { $constant = Constants.Literal.integer($t.text); } @@ -1326,8 +1435,13 @@ basic_unreserved_keyword returns [String str] | K_ALL | K_USER | K_USERS + | K_ROLE + | K_ROLES | K_SUPERUSER | K_NOSUPERUSER + | K_LOGIN + | K_NOLOGIN + | K_OPTIONS | K_PASSWORD | K_EXISTS | K_CUSTOM @@ -1417,9 +1531,14 @@ K_NORECURSIVE: N O R E C U R S I V E; K_USER: U S E R; K_USERS: U S E R S; +K_ROLE: R O L E; +K_ROLES: R O L E S; K_SUPERUSER: S U P E R U S E R; K_NOSUPERUSER: N O S U P E R U S E R; K_PASSWORD: P A S S W O R D; +K_LOGIN: L O G I N; +K_NOLOGIN: N O L O G I N; +K_OPTIONS: O P T I O N S; K_CLUSTERING: C L U S T E R I N G; K_ASCII: A S C I I; http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/RoleName.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/RoleName.java b/src/java/org/apache/cassandra/cql3/RoleName.java new file mode 100644 index 0000000..9aa3419 --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/RoleName.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3; + +import java.util.Locale; + +public class RoleName +{ + private String name; + + public void setName(String name, boolean keepCase) + { + this.name = keepCase ? name : name.toLowerCase(Locale.US); + } + + public String getName() + { + return name; + } + + @Override + public String toString() + { + return name; + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/RoleOptions.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/RoleOptions.java b/src/java/org/apache/cassandra/cql3/RoleOptions.java new file mode 100644 index 0000000..89f37dd --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/RoleOptions.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.cassandra.auth.IRoleManager; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.exceptions.InvalidRequestException; +import org.apache.cassandra.utils.FBUtilities; + +public class RoleOptions +{ + private final Map<IRoleManager.Option, Object> options = new HashMap<>(); + + public void put(String name, Object value) + { + options.put(IRoleManager.Option.valueOf(name.toUpperCase()), value); + } + + public boolean isEmpty() + { + return options.isEmpty(); + } + + public Map<IRoleManager.Option, Object> getOptions() + { + return options; + } + + public void validate() throws InvalidRequestException + { + for (IRoleManager.Option option : options.keySet()) + { + if (!DatabaseDescriptor.getRoleManager().supportedOptions().contains(option)) + throw new InvalidRequestException(String.format("%s doesn't support %s", + DatabaseDescriptor.getRoleManager().getClass().getName(), + option)); + } + } + + public String toString() + { + return FBUtilities.toString(options); + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/UserOptions.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/UserOptions.java b/src/java/org/apache/cassandra/cql3/UserOptions.java deleted file mode 100644 index 701debd..0000000 --- a/src/java/org/apache/cassandra/cql3/UserOptions.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.cassandra.cql3; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.utils.FBUtilities; - -public class UserOptions -{ - private final Map<IAuthenticator.Option, Object> options = new HashMap<IAuthenticator.Option, Object>(); - - public void put(String name, Object value) - { - options.put(IAuthenticator.Option.valueOf(name.toUpperCase()), value); - } - - public boolean isEmpty() - { - return options.isEmpty(); - } - - public Map<IAuthenticator.Option, Object> getOptions() - { - return options; - } - - public void validate() throws InvalidRequestException - { - for (IAuthenticator.Option option : options.keySet()) - { - if (!DatabaseDescriptor.getAuthenticator().supportedOptions().contains(option)) - throw new InvalidRequestException(String.format("%s doesn't support %s option", - DatabaseDescriptor.getAuthenticator().getClass().getName(), - option)); - } - } - - public String toString() - { - return FBUtilities.toString(options); - } -} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/AlterRoleStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/AlterRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/AlterRoleStatement.java new file mode 100644 index 0000000..8542138 --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/AlterRoleStatement.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.auth.IRoleManager.Option; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.cql3.RoleOptions; +import org.apache.cassandra.exceptions.*; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class AlterRoleStatement extends AuthenticationStatement +{ + private final String role; + private final RoleOptions opts; + + public AlterRoleStatement(RoleName name, RoleOptions opts) + { + this.role = name.getName(); + this.opts = opts; + } + + public void validate(ClientState state) throws RequestValidationException + { + opts.validate(); + + if (opts.isEmpty()) + throw new InvalidRequestException("ALTER [ROLE|USER] can't be empty"); + + // validate login here before checkAccess to avoid leaking user existence to anonymous users. + state.ensureNotAnonymous(); + if (!DatabaseDescriptor.getRoleManager().isExistingRole(role)) + throw new InvalidRequestException(String.format("%s doesn't exist", role)); + } + + public void checkAccess(ClientState state) throws UnauthorizedException + { + AuthenticatedUser user = state.getUser(); + boolean isSuper = user.isSuper(); + + if (opts.getOptions().containsKey(Option.SUPERUSER) && user.getRoles().contains(role)) + throw new UnauthorizedException("You aren't allowed to alter your own superuser " + + "status or that of a role granted to you"); + + if (opts.getOptions().containsKey(Option.SUPERUSER) && !isSuper) + throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); + + if (!user.isSuper() && !user.getName().equals(role)) + throw new UnauthorizedException("You aren't allowed to alter this role"); + + if (!isSuper) + { + for (Option option : opts.getOptions().keySet()) + { + if (!DatabaseDescriptor.getRoleManager().alterableOptions().contains(option)) + throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option)); + } + } + } + + public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + { + if (!opts.isEmpty()) + DatabaseDescriptor.getRoleManager().alterRole(state.getUser(), role, opts.getOptions()); + return null; + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/AlterUserStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/AlterUserStatement.java b/src/java/org/apache/cassandra/cql3/statements/AlterUserStatement.java deleted file mode 100644 index 7a6e96b..0000000 --- a/src/java/org/apache/cassandra/cql3/statements/AlterUserStatement.java +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.cassandra.cql3.statements; - -import org.apache.cassandra.auth.Auth; -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.cql3.UserOptions; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; -import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.service.ClientState; -import org.apache.cassandra.transport.messages.ResultMessage; - -public class AlterUserStatement extends AuthenticationStatement -{ - private final String username; - private final UserOptions opts; - private final Boolean superuser; - - public AlterUserStatement(String username, UserOptions opts, Boolean superuser) - { - this.username = username; - this.opts = opts; - this.superuser = superuser; - } - - public void validate(ClientState state) throws RequestValidationException - { - opts.validate(); - - if (superuser == null && opts.isEmpty()) - throw new InvalidRequestException("ALTER USER can't be empty"); - - // validate login here before checkAccess to avoid leaking user existence to anonymous users. - state.ensureNotAnonymous(); - - if (!Auth.isExistingUser(username)) - throw new InvalidRequestException(String.format("User %s doesn't exist", username)); - } - - public void checkAccess(ClientState state) throws UnauthorizedException - { - AuthenticatedUser user = state.getUser(); - - boolean isSuper = user.isSuper(); - - if (superuser != null && user.getName().equals(username)) - throw new UnauthorizedException("You aren't allowed to alter your own superuser status"); - - if (superuser != null && !isSuper) - throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); - - if (!user.isSuper() && !user.getName().equals(username)) - throw new UnauthorizedException("You aren't allowed to alter this user"); - - if (!isSuper) - { - for (IAuthenticator.Option option : opts.getOptions().keySet()) - { - if (!DatabaseDescriptor.getAuthenticator().alterableOptions().contains(option)) - throw new UnauthorizedException(String.format("You aren't allowed to alter %s option", option)); - } - } - } - - public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException - { - if (!opts.isEmpty()) - DatabaseDescriptor.getAuthenticator().alter(username, opts.getOptions()); - if (superuser != null) - Auth.insertUser(username, superuser.booleanValue()); - return null; - } -} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/AuthorizationStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/AuthorizationStatement.java b/src/java/org/apache/cassandra/cql3/statements/AuthorizationStatement.java index 2c7f2cb..3dc4510 100644 --- a/src/java/org/apache/cassandra/cql3/statements/AuthorizationStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/AuthorizationStatement.java @@ -55,8 +55,8 @@ public abstract class AuthorizationStatement extends ParsedStatement implements public static DataResource maybeCorrectResource(DataResource resource, ClientState state) throws InvalidRequestException { - if (resource.isColumnFamilyLevel() && resource.getKeyspace() == null) - return DataResource.columnFamily(state.getKeyspace(), resource.getColumnFamily()); + if (resource.isTableLevel() && resource.getKeyspace() == null) + return DataResource.table(state.getKeyspace(), resource.getTable()); return resource; } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/CreateRoleStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/CreateRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/CreateRoleStatement.java new file mode 100644 index 0000000..64dd9bb --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/CreateRoleStatement.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.auth.IRoleManager.Option; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.cql3.RoleOptions; +import org.apache.cassandra.exceptions.*; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class CreateRoleStatement extends AuthorizationStatement +{ + private final String role; + private final RoleOptions opts; + private final boolean ifNotExists; + + public CreateRoleStatement(RoleName name, RoleOptions options, boolean ifNotExists) + { + this.role = name.getName(); + this.opts = options; + this.ifNotExists = ifNotExists; + } + + public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException + { + if (!state.getUser().isSuper()) + throw new UnauthorizedException("Only superusers are allowed to perform CREATE [ROLE|USER] queries"); + } + + public void validate(ClientState state) throws RequestValidationException + { + opts.validate(); + + if (role.isEmpty()) + throw new InvalidRequestException("Role name can't be an empty string"); + + // validate login here before checkAccess to avoid leaking role existence to anonymous users. + state.ensureNotAnonymous(); + + if (!ifNotExists && DatabaseDescriptor.getRoleManager().isExistingRole(role)) + throw new InvalidRequestException(String.format("%s already exists", role)); + + for (Option option : opts.getOptions().keySet()) + { + if (!DatabaseDescriptor.getRoleManager().supportedOptions().contains(option)) + throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option)); + } + } + + public ResultMessage execute(ClientState state) throws RequestExecutionException, RequestValidationException + { + // not rejected in validate() + if (ifNotExists && DatabaseDescriptor.getRoleManager().isExistingRole(role)) + return null; + + DatabaseDescriptor.getRoleManager().createRole(state.getUser(), role, opts.getOptions()); + return null; + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/CreateUserStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/CreateUserStatement.java b/src/java/org/apache/cassandra/cql3/statements/CreateUserStatement.java deleted file mode 100644 index 0903659..0000000 --- a/src/java/org/apache/cassandra/cql3/statements/CreateUserStatement.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.cassandra.cql3.statements; - -import org.apache.cassandra.auth.Auth; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.cql3.UserOptions; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; -import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.service.ClientState; -import org.apache.cassandra.transport.messages.ResultMessage; - -public class CreateUserStatement extends AuthenticationStatement -{ - private final String username; - private final UserOptions opts; - private final boolean superuser; - private final boolean ifNotExists; - - public CreateUserStatement(String username, UserOptions opts, boolean superuser, boolean ifNotExists) - { - this.username = username; - this.opts = opts; - this.superuser = superuser; - this.ifNotExists = ifNotExists; - } - - public void validate(ClientState state) throws RequestValidationException - { - if (username.isEmpty()) - throw new InvalidRequestException("Username can't be an empty string"); - - opts.validate(); - - // validate login here before checkAccess to avoid leaking user existence to anonymous users. - state.ensureNotAnonymous(); - - if (!ifNotExists && Auth.isExistingUser(username)) - throw new InvalidRequestException(String.format("User %s already exists", username)); - } - - public void checkAccess(ClientState state) throws UnauthorizedException - { - if (!state.getUser().isSuper()) - throw new UnauthorizedException("Only superusers are allowed to perform CREATE USER queries"); - } - - public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException - { - // not rejected in validate() - if (ifNotExists && Auth.isExistingUser(username)) - return null; - - DatabaseDescriptor.getAuthenticator().create(username, opts.getOptions()); - Auth.insertUser(username, superuser); - return null; - } -} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java new file mode 100644 index 0000000..c4beab6 --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/DropRoleStatement.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.exceptions.*; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class DropRoleStatement extends AuthenticationStatement +{ + private final String role; + private final boolean ifExists; + + public DropRoleStatement(RoleName name, boolean ifExists) + { + this.role = name.getName(); + this.ifExists = ifExists; + } + + public void validate(ClientState state) throws RequestValidationException + { + // validate login here before checkAccess to avoid leaking user existence to anonymous users. + state.ensureNotAnonymous(); + + if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) + throw new InvalidRequestException(String.format("%s doesn't exist", role)); + + AuthenticatedUser user = state.getUser(); + if (user != null && user.getName().equals(role)) + throw new InvalidRequestException("Cannot DROP primary role for current login"); + } + + public void checkAccess(ClientState state) throws UnauthorizedException + { + if (!state.getUser().isSuper()) + throw new UnauthorizedException("Only superusers are allowed to perform DROP [ROLE|USER] queries" ); + } + + public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + { + // not rejected in validate() + if (ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) + return null; + + // clean up grants and permissions of the dropped role. + DatabaseDescriptor.getRoleManager().dropRole(state.getUser(), role); + DatabaseDescriptor.getAuthorizer().revokeAll(role); + return null; + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/DropUserStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/DropUserStatement.java b/src/java/org/apache/cassandra/cql3/statements/DropUserStatement.java deleted file mode 100644 index 9e92b26..0000000 --- a/src/java/org/apache/cassandra/cql3/statements/DropUserStatement.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.cassandra.cql3.statements; - -import org.apache.cassandra.auth.Auth; -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; -import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.service.ClientState; -import org.apache.cassandra.transport.messages.ResultMessage; - -public class DropUserStatement extends AuthenticationStatement -{ - private final String username; - private final boolean ifExists; - - public DropUserStatement(String username, boolean ifExists) - { - this.username = username; - this.ifExists = ifExists; - } - - public void validate(ClientState state) throws RequestValidationException - { - // validate login here before checkAccess to avoid leaking user existence to anonymous users. - state.ensureNotAnonymous(); - - if (!ifExists && !Auth.isExistingUser(username)) - throw new InvalidRequestException(String.format("User %s doesn't exist", username)); - - AuthenticatedUser user = state.getUser(); - if (user != null && user.getName().equals(username)) - throw new InvalidRequestException("Users aren't allowed to DROP themselves"); - } - - public void checkAccess(ClientState state) throws UnauthorizedException - { - if (!state.getUser().isSuper()) - throw new UnauthorizedException("Only superusers are allowed to perform DROP USER queries"); - } - - public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException - { - // not rejected in validate() - if (ifExists && !Auth.isExistingUser(username)) - return null; - - // clean up permissions after the dropped user. - DatabaseDescriptor.getAuthorizer().revokeAll(username); - Auth.deleteUser(username); - DatabaseDescriptor.getAuthenticator().drop(username); - return null; - } -} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/GrantRoleStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/GrantRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/GrantRoleStatement.java new file mode 100644 index 0000000..a22a99a --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/GrantRoleStatement.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.exceptions.RequestExecutionException; +import org.apache.cassandra.exceptions.RequestValidationException; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class GrantRoleStatement extends RoleManagementStatement +{ + public GrantRoleStatement(RoleName name, RoleName grantee) + { + super(name, grantee); + } + + public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + { + DatabaseDescriptor.getRoleManager().grantRole(state.getUser(), role, grantee); + return null; + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/GrantStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/GrantStatement.java b/src/java/org/apache/cassandra/cql3/statements/GrantStatement.java index aabde5d..561fee6 100644 --- a/src/java/org/apache/cassandra/cql3/statements/GrantStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/GrantStatement.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -7,14 +7,13 @@ * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.apache.cassandra.cql3.statements; @@ -23,6 +22,7 @@ import java.util.Set; import org.apache.cassandra.auth.DataResource; import org.apache.cassandra.auth.Permission; import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; import org.apache.cassandra.exceptions.RequestExecutionException; import org.apache.cassandra.exceptions.RequestValidationException; import org.apache.cassandra.service.ClientState; @@ -30,14 +30,14 @@ import org.apache.cassandra.transport.messages.ResultMessage; public class GrantStatement extends PermissionAlteringStatement { - public GrantStatement(Set<Permission> permissions, DataResource resource, String username) + public GrantStatement(Set<Permission> permissions, DataResource resource, RoleName grantee) { - super(permissions, resource, username); + super(permissions, resource, grantee); } public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { - DatabaseDescriptor.getAuthorizer().grant(state.getUser(), permissions, resource, username); + DatabaseDescriptor.getAuthorizer().grant(state.getUser(), permissions, resource, grantee); return null; } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/ListPermissionsStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/ListPermissionsStatement.java b/src/java/org/apache/cassandra/cql3/statements/ListPermissionsStatement.java index eaae2c6..d5b7e13 100644 --- a/src/java/org/apache/cassandra/cql3/statements/ListPermissionsStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/ListPermissionsStatement.java @@ -21,9 +21,7 @@ import java.util.*; import org.apache.cassandra.auth.*; import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.cql3.ColumnIdentifier; -import org.apache.cassandra.cql3.ColumnSpecification; -import org.apache.cassandra.cql3.ResultSet; +import org.apache.cassandra.cql3.*; import org.apache.cassandra.db.marshal.UTF8Type; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.exceptions.RequestExecutionException; @@ -33,7 +31,7 @@ import org.apache.cassandra.transport.messages.ResultMessage; public class ListPermissionsStatement extends AuthorizationStatement { - private static final String KS = Auth.AUTH_KS; + private static final String KS = AuthKeyspace.NAME; private static final String CF = "permissions"; // virtual cf to use for now. private static final List<ColumnSpecification> metadata; @@ -41,23 +39,24 @@ public class ListPermissionsStatement extends AuthorizationStatement static { List<ColumnSpecification> columns = new ArrayList<ColumnSpecification>(4); + columns.add(new ColumnSpecification(KS, CF, new ColumnIdentifier("role", true), UTF8Type.instance)); columns.add(new ColumnSpecification(KS, CF, new ColumnIdentifier("username", true), UTF8Type.instance)); columns.add(new ColumnSpecification(KS, CF, new ColumnIdentifier("resource", true), UTF8Type.instance)); columns.add(new ColumnSpecification(KS, CF, new ColumnIdentifier("permission", true), UTF8Type.instance)); metadata = Collections.unmodifiableList(columns); } - private final Set<Permission> permissions; - private DataResource resource; - private final String username; - private final boolean recursive; + protected final Set<Permission> permissions; + protected DataResource resource; + protected final boolean recursive; + private final String grantee; - public ListPermissionsStatement(Set<Permission> permissions, DataResource resource, String username, boolean recursive) + public ListPermissionsStatement(Set<Permission> permissions, DataResource resource, RoleName grantee, boolean recursive) { this.permissions = permissions; this.resource = resource; - this.username = username; this.recursive = recursive; + this.grantee = grantee.getName(); } public void validate(ClientState state) throws RequestValidationException @@ -65,16 +64,16 @@ public class ListPermissionsStatement extends AuthorizationStatement // a check to ensure the existence of the user isn't being leaked by user existence check. state.ensureNotAnonymous(); - if (username != null && !Auth.isExistingUser(username)) - throw new InvalidRequestException(String.format("User %s doesn't exist", username)); - if (resource != null) { resource = maybeCorrectResource(resource, state); if (!resource.exists()) throw new InvalidRequestException(String.format("%s doesn't exist", resource)); } - } + + if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) + throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); + } public void checkAccess(ClientState state) { @@ -100,6 +99,12 @@ public class ListPermissionsStatement extends AuthorizationStatement return resultMessage(details); } + private Set<PermissionDetails> list(ClientState state, IResource resource) + throws RequestValidationException, RequestExecutionException + { + return DatabaseDescriptor.getAuthorizer().list(state.getUser(), permissions, resource, grantee); + } + private ResultMessage resultMessage(List<PermissionDetails> details) { if (details.isEmpty()) @@ -108,16 +113,11 @@ public class ListPermissionsStatement extends AuthorizationStatement ResultSet result = new ResultSet(metadata); for (PermissionDetails pd : details) { - result.addColumnValue(UTF8Type.instance.decompose(pd.username)); + result.addColumnValue(UTF8Type.instance.decompose(pd.grantee)); + result.addColumnValue(UTF8Type.instance.decompose(pd.grantee)); result.addColumnValue(UTF8Type.instance.decompose(pd.resource.toString())); result.addColumnValue(UTF8Type.instance.decompose(pd.permission.toString())); } return new ResultMessage.Rows(result); } - - private Set<PermissionDetails> list(ClientState state, IResource resource) - throws RequestValidationException, RequestExecutionException - { - return DatabaseDescriptor.getAuthorizer().list(state.getUser(), permissions, resource, username); - } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/ListRolesStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/ListRolesStatement.java b/src/java/org/apache/cassandra/cql3/statements/ListRolesStatement.java new file mode 100644 index 0000000..4ca9aeb --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/ListRolesStatement.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import java.util.Collections; +import java.util.List; +import java.util.Set; + +import com.google.common.collect.ImmutableList; +import com.google.common.collect.Lists; + +import org.apache.cassandra.auth.AuthKeyspace; +import org.apache.cassandra.auth.IRoleManager; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.*; +import org.apache.cassandra.db.marshal.BooleanType; +import org.apache.cassandra.db.marshal.UTF8Type; +import org.apache.cassandra.exceptions.*; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class ListRolesStatement extends AuthorizationStatement +{ + // pseudo-virtual cf as the actual datasource is dependent on the IRoleManager impl + private static final String KS = AuthKeyspace.NAME; + private static final String CF = AuthKeyspace.ROLES; + + private static final List<ColumnSpecification> metadata = + ImmutableList.of(new ColumnSpecification(KS, CF, new ColumnIdentifier("role", true), UTF8Type.instance), + new ColumnSpecification(KS, CF, new ColumnIdentifier("super", true), BooleanType.instance), + new ColumnSpecification(KS, CF, new ColumnIdentifier("login", true), BooleanType.instance)); + + private final String grantee; + private final boolean recursive; + + public ListRolesStatement() + { + this(new RoleName(), false); + } + + public ListRolesStatement(RoleName grantee, boolean recursive) + { + this.grantee = grantee.getName(); + this.recursive = recursive; + } + + public void validate(ClientState state) throws UnauthorizedException, InvalidRequestException + { + state.ensureNotAnonymous(); + + if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) + throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); + } + + public void checkAccess(ClientState state) throws InvalidRequestException + { + } + + public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + { + if (state.getUser().isSuper()) + { + if (grantee == null) + return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); + else + return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); + } + else + { + if (grantee == null) + return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(state.getUser().getName(), recursive)); + if (DatabaseDescriptor.getRoleManager().getRoles(state.getUser().getName(), true).contains(grantee)) + return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); + else + throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee)); + } + } + + private ResultMessage resultMessage(Set<String> roles) + { + if (roles.isEmpty()) + return new ResultMessage.Void(); + + List<String> sorted = Lists.newArrayList(roles); + Collections.sort(sorted); + return formatResults(sorted); + } + + // overridden in ListUsersStatement to include legacy metadata + protected ResultMessage formatResults(List<String> sortedRoles) + { + ResultSet result = new ResultSet(metadata); + + IRoleManager roleManager = DatabaseDescriptor.getRoleManager(); + for (String role : sortedRoles) + { + result.addColumnValue(UTF8Type.instance.decompose(role)); + result.addColumnValue(BooleanType.instance.decompose(roleManager.isSuper(role))); + result.addColumnValue(BooleanType.instance.decompose(roleManager.canLogin(role))); + } + return new ResultMessage.Rows(result); + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/ListUsersStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/ListUsersStatement.java b/src/java/org/apache/cassandra/cql3/statements/ListUsersStatement.java index 8acbcab..0854166 100644 --- a/src/java/org/apache/cassandra/cql3/statements/ListUsersStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/ListUsersStatement.java @@ -17,31 +17,43 @@ */ package org.apache.cassandra.cql3.statements; -import org.apache.cassandra.auth.Auth; -import org.apache.cassandra.cql3.QueryProcessor; -import org.apache.cassandra.db.ConsistencyLevel; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; -import org.apache.cassandra.exceptions.UnauthorizedException; -import org.apache.cassandra.service.ClientState; -import org.apache.cassandra.service.QueryState; +import java.util.List; + +import com.google.common.collect.ImmutableList; + +import org.apache.cassandra.auth.AuthKeyspace; +import org.apache.cassandra.auth.IRoleManager; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.ColumnIdentifier; +import org.apache.cassandra.cql3.ColumnSpecification; +import org.apache.cassandra.cql3.ResultSet; +import org.apache.cassandra.db.marshal.BooleanType; +import org.apache.cassandra.db.marshal.UTF8Type; import org.apache.cassandra.transport.messages.ResultMessage; -public class ListUsersStatement extends AuthenticationStatement +public class ListUsersStatement extends ListRolesStatement { - public void validate(ClientState state) - { - } + // pseudo-virtual cf as the actual datasource is dependent on the IRoleManager impl + private static final String KS = AuthKeyspace.NAME; + private static final String CF = "users"; - public void checkAccess(ClientState state) throws UnauthorizedException - { - state.ensureNotAnonymous(); - } + private static final List<ColumnSpecification> metadata = + ImmutableList.of(new ColumnSpecification(KS, CF, new ColumnIdentifier("name", true), UTF8Type.instance), + new ColumnSpecification(KS, CF, new ColumnIdentifier("super", true), BooleanType.instance)); - public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + @Override + protected ResultMessage formatResults(List<String> sortedRoles) { - return QueryProcessor.process(String.format("SELECT * FROM %s.%s", Auth.AUTH_KS, Auth.USERS_CF), - ConsistencyLevel.QUORUM, - QueryState.forInternalCalls()); + ResultSet result = new ResultSet(metadata); + + IRoleManager roleManager = DatabaseDescriptor.getRoleManager(); + for (String role : sortedRoles) + { + if (!roleManager.canLogin(role)) + continue; + result.addColumnValue(UTF8Type.instance.decompose(role)); + result.addColumnValue(BooleanType.instance.decompose(roleManager.isSuper(role))); + } + return new ResultMessage.Rows(result); } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/PermissionAlteringStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/PermissionAlteringStatement.java b/src/java/org/apache/cassandra/cql3/statements/PermissionAlteringStatement.java index 8784930..44c9ea1 100644 --- a/src/java/org/apache/cassandra/cql3/statements/PermissionAlteringStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/PermissionAlteringStatement.java @@ -19,10 +19,10 @@ package org.apache.cassandra.cql3.statements; import java.util.Set; -import org.apache.cassandra.auth.Auth; import org.apache.cassandra.auth.DataResource; -import org.apache.cassandra.auth.IResource; import org.apache.cassandra.auth.Permission; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; import org.apache.cassandra.exceptions.InvalidRequestException; import org.apache.cassandra.exceptions.RequestValidationException; import org.apache.cassandra.exceptions.UnauthorizedException; @@ -32,13 +32,13 @@ public abstract class PermissionAlteringStatement extends AuthorizationStatement { protected final Set<Permission> permissions; protected DataResource resource; - protected final String username; + protected final String grantee; - protected PermissionAlteringStatement(Set<Permission> permissions, DataResource resource, String username) + protected PermissionAlteringStatement(Set<Permission> permissions, DataResource resource, RoleName grantee) { this.permissions = permissions; this.resource = resource; - this.username = username; + this.grantee = grantee.getName(); } public void validate(ClientState state) throws RequestValidationException @@ -46,13 +46,13 @@ public abstract class PermissionAlteringStatement extends AuthorizationStatement // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); - if (!Auth.isExistingUser(username)) - throw new InvalidRequestException(String.format("User %s doesn't exist", username)); + if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) + throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee)); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. resource = maybeCorrectResource(resource, state); if (!resource.exists()) - throw new InvalidRequestException(String.format("%s doesn't exist", resource)); + throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); } public void checkAccess(ClientState state) throws UnauthorizedException http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/RevokeRoleStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/RevokeRoleStatement.java b/src/java/org/apache/cassandra/cql3/statements/RevokeRoleStatement.java new file mode 100644 index 0000000..98c2b4e --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/RevokeRoleStatement.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.exceptions.RequestExecutionException; +import org.apache.cassandra.exceptions.RequestValidationException; +import org.apache.cassandra.service.ClientState; +import org.apache.cassandra.transport.messages.ResultMessage; + +public class RevokeRoleStatement extends RoleManagementStatement +{ + public RevokeRoleStatement(RoleName name, RoleName grantee) + { + super(name, grantee); + } + + public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException + { + DatabaseDescriptor.getRoleManager().revokeRole(state.getUser(), role, grantee); + return null; + } + +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/RevokeStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/RevokeStatement.java b/src/java/org/apache/cassandra/cql3/statements/RevokeStatement.java index 6f8ccd1..7ce5259 100644 --- a/src/java/org/apache/cassandra/cql3/statements/RevokeStatement.java +++ b/src/java/org/apache/cassandra/cql3/statements/RevokeStatement.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -7,14 +7,13 @@ * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.apache.cassandra.cql3.statements; @@ -23,6 +22,7 @@ import java.util.Set; import org.apache.cassandra.auth.DataResource; import org.apache.cassandra.auth.Permission; import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; import org.apache.cassandra.exceptions.RequestExecutionException; import org.apache.cassandra.exceptions.RequestValidationException; import org.apache.cassandra.service.ClientState; @@ -30,14 +30,14 @@ import org.apache.cassandra.transport.messages.ResultMessage; public class RevokeStatement extends PermissionAlteringStatement { - public RevokeStatement(Set<Permission> permissions, DataResource resource, String username) + public RevokeStatement(Set<Permission> permissions, DataResource resource, RoleName grantee) { - super(permissions, resource, username); + super(permissions, resource, grantee); } public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { - DatabaseDescriptor.getAuthorizer().revoke(state.getUser(), permissions, resource, username); + DatabaseDescriptor.getAuthorizer().revoke(state.getUser(), permissions, resource, grantee); return null; } } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/cql3/statements/RoleManagementStatement.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/cql3/statements/RoleManagementStatement.java b/src/java/org/apache/cassandra/cql3/statements/RoleManagementStatement.java new file mode 100644 index 0000000..d67b42c --- /dev/null +++ b/src/java/org/apache/cassandra/cql3/statements/RoleManagementStatement.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.cassandra.cql3.statements; + +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.cql3.RoleName; +import org.apache.cassandra.exceptions.InvalidRequestException; +import org.apache.cassandra.exceptions.RequestValidationException; +import org.apache.cassandra.exceptions.UnauthorizedException; +import org.apache.cassandra.service.ClientState; + +public abstract class RoleManagementStatement extends AuthorizationStatement +{ + protected final String role; + protected final String grantee; + + public RoleManagementStatement(RoleName name, RoleName grantee) + { + this.role = name.getName(); + this.grantee = grantee.getName(); + } + + public void checkAccess(ClientState state) throws UnauthorizedException, InvalidRequestException + { + if (!state.getUser().isSuper()) + throw new UnauthorizedException("Only superusers are allowed to perform role management queries"); + } + + public void validate(ClientState state) throws RequestValidationException + { + state.ensureNotAnonymous(); + + if (!DatabaseDescriptor.getRoleManager().isExistingRole(role)) + throw new InvalidRequestException(String.format("%s doesn't exist", role)); + + if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) + throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); + } +} http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/hadoop/AbstractBulkRecordWriter.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/hadoop/AbstractBulkRecordWriter.java b/src/java/org/apache/cassandra/hadoop/AbstractBulkRecordWriter.java index 136c8dc..5ba0a96 100644 --- a/src/java/org/apache/cassandra/hadoop/AbstractBulkRecordWriter.java +++ b/src/java/org/apache/cassandra/hadoop/AbstractBulkRecordWriter.java @@ -21,18 +21,13 @@ import java.io.Closeable; import java.io.IOException; import java.net.InetAddress; import java.net.UnknownHostException; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.Future; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.TimeoutException; - -import org.apache.cassandra.auth.IAuthenticator; +import java.util.*; +import java.util.concurrent.*; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import org.apache.cassandra.auth.PasswordAuthenticator; import org.apache.cassandra.config.CFMetaData; import org.apache.cassandra.config.Config; import org.apache.cassandra.config.DatabaseDescriptor; @@ -46,8 +41,6 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.mapreduce.RecordWriter; import org.apache.hadoop.mapreduce.TaskAttemptContext; import org.apache.hadoop.util.Progressable; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public abstract class AbstractBulkRecordWriter<K, V> extends RecordWriter<K, V> implements org.apache.hadoop.mapred.RecordWriter<K, V> @@ -191,8 +184,8 @@ implements org.apache.hadoop.mapred.RecordWriter<K, V> if (username != null) { Map<String, String> creds = new HashMap<String, String>(); - creds.put(IAuthenticator.USERNAME_KEY, username); - creds.put(IAuthenticator.PASSWORD_KEY, password); + creds.put(PasswordAuthenticator.USERNAME_KEY, username); + creds.put(PasswordAuthenticator.PASSWORD_KEY, password); AuthenticationRequest authRequest = new AuthenticationRequest(creds); client.login(authRequest); } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyInputFormat.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyInputFormat.java b/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyInputFormat.java index f4ad40f..6fe2239 100644 --- a/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyInputFormat.java +++ b/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyInputFormat.java @@ -20,36 +20,22 @@ package org.apache.cassandra.hadoop; import java.io.IOException; import java.net.InetAddress; import java.util.*; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Future; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.ThreadPoolExecutor; -import java.util.concurrent.TimeUnit; +import java.util.concurrent.*; import com.google.common.collect.ImmutableList; import com.google.common.collect.Lists; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.apache.cassandra.auth.IAuthenticator; +import org.apache.cassandra.auth.PasswordAuthenticator; import org.apache.cassandra.dht.IPartitioner; import org.apache.cassandra.dht.Range; import org.apache.cassandra.dht.Token; -import org.apache.cassandra.thrift.AuthenticationRequest; -import org.apache.cassandra.thrift.Cassandra; -import org.apache.cassandra.thrift.CfSplit; -import org.apache.cassandra.thrift.InvalidRequestException; -import org.apache.cassandra.thrift.KeyRange; -import org.apache.cassandra.thrift.TokenRange; -import org.apache.commons.lang3.StringUtils; +import org.apache.cassandra.thrift.*; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.mapred.JobConf; -import org.apache.hadoop.mapreduce.InputFormat; -import org.apache.hadoop.mapreduce.InputSplit; -import org.apache.hadoop.mapreduce.JobContext; -import org.apache.hadoop.mapreduce.TaskAttemptContext; -import org.apache.hadoop.mapreduce.TaskAttemptID; +import org.apache.hadoop.mapreduce.*; import org.apache.thrift.TApplicationException; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; @@ -106,8 +92,8 @@ public abstract class AbstractColumnFamilyInputFormat<K, Y> extends InputFormat< if ((ConfigHelper.getInputKeyspaceUserName(conf) != null) && (ConfigHelper.getInputKeyspacePassword(conf) != null)) { Map<String, String> creds = new HashMap<String, String>(); - creds.put(IAuthenticator.USERNAME_KEY, ConfigHelper.getInputKeyspaceUserName(conf)); - creds.put(IAuthenticator.PASSWORD_KEY, ConfigHelper.getInputKeyspacePassword(conf)); + creds.put(PasswordAuthenticator.USERNAME_KEY, ConfigHelper.getInputKeyspaceUserName(conf)); + creds.put(PasswordAuthenticator.PASSWORD_KEY, ConfigHelper.getInputKeyspacePassword(conf)); AuthenticationRequest authRequest = new AuthenticationRequest(creds); client.login(authRequest); } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyOutputFormat.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyOutputFormat.java b/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyOutputFormat.java index f574641..03d0045 100644 --- a/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyOutputFormat.java +++ b/src/java/org/apache/cassandra/hadoop/AbstractColumnFamilyOutputFormat.java @@ -25,8 +25,9 @@ import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.thrift.*; +import org.apache.cassandra.auth.PasswordAuthenticator; +import org.apache.cassandra.thrift.AuthenticationRequest; +import org.apache.cassandra.thrift.Cassandra; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.mapreduce.*; import org.apache.thrift.protocol.TBinaryProtocol; @@ -134,8 +135,8 @@ public abstract class AbstractColumnFamilyOutputFormat<K, Y> extends OutputForma public static void login(String user, String password, Cassandra.Client client) throws Exception { Map<String, String> creds = new HashMap<String, String>(); - creds.put(IAuthenticator.USERNAME_KEY, user); - creds.put(IAuthenticator.PASSWORD_KEY, password); + creds.put(PasswordAuthenticator.USERNAME_KEY, user); + creds.put(PasswordAuthenticator.PASSWORD_KEY, password); AuthenticationRequest authRequest = new AuthenticationRequest(creds); client.login(authRequest); } http://git-wip-us.apache.org/repos/asf/cassandra/blob/879b694d/src/java/org/apache/cassandra/hadoop/pig/AbstractCassandraStorage.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/hadoop/pig/AbstractCassandraStorage.java b/src/java/org/apache/cassandra/hadoop/pig/AbstractCassandraStorage.java index 0ffd442..447c8ce 100644 --- a/src/java/org/apache/cassandra/hadoop/pig/AbstractCassandraStorage.java +++ b/src/java/org/apache/cassandra/hadoop/pig/AbstractCassandraStorage.java @@ -25,27 +25,28 @@ import java.nio.ByteBuffer; import java.nio.charset.CharacterCodingException; import java.util.*; -import org.apache.cassandra.db.Cell; -import org.apache.cassandra.schema.LegacySchemaTables; -import org.apache.cassandra.db.SystemKeyspace; -import org.apache.cassandra.exceptions.ConfigurationException; -import org.apache.cassandra.exceptions.SyntaxException; -import org.apache.cassandra.auth.IAuthenticator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import org.apache.cassandra.auth.PasswordAuthenticator; import org.apache.cassandra.config.CFMetaData; import org.apache.cassandra.config.ColumnDefinition; +import org.apache.cassandra.db.Cell; +import org.apache.cassandra.db.SystemKeyspace; import org.apache.cassandra.db.marshal.*; import org.apache.cassandra.db.marshal.AbstractCompositeType.CompositeComponent; +import org.apache.cassandra.exceptions.ConfigurationException; +import org.apache.cassandra.exceptions.SyntaxException; +import org.apache.cassandra.hadoop.ConfigHelper; +import org.apache.cassandra.schema.LegacySchemaTables; import org.apache.cassandra.serializers.CollectionSerializer; -import org.apache.cassandra.hadoop.*; import org.apache.cassandra.thrift.*; -import org.apache.cassandra.utils.ByteBufferUtil; -import org.apache.cassandra.utils.FBUtilities; -import org.apache.cassandra.utils.Hex; -import org.apache.cassandra.utils.UUIDGen; - +import org.apache.cassandra.utils.*; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; -import org.apache.hadoop.mapreduce.*; +import org.apache.hadoop.mapreduce.InputFormat; +import org.apache.hadoop.mapreduce.Job; +import org.apache.hadoop.mapreduce.OutputFormat; import org.apache.pig.*; import org.apache.pig.backend.executionengine.ExecException; import org.apache.pig.data.*; @@ -54,8 +55,6 @@ import org.apache.thrift.TDeserializer; import org.apache.thrift.TException; import org.apache.thrift.TSerializer; import org.apache.thrift.protocol.TBinaryProtocol; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * A LoadStoreFunc for retrieving data from and storing data to Cassandra @@ -505,8 +504,8 @@ public abstract class AbstractCassandraStorage extends LoadFunc implements Store if (username != null && password != null) { Map<String, String> credentials = new HashMap<String, String>(2); - credentials.put(IAuthenticator.USERNAME_KEY, username); - credentials.put(IAuthenticator.PASSWORD_KEY, password); + credentials.put(PasswordAuthenticator.USERNAME_KEY, username); + credentials.put(PasswordAuthenticator.PASSWORD_KEY, password); try {