This is an automated email from the ASF dual-hosted git repository.
mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo-testing.git
The following commit(s) were added to refs/heads/master by this push:
new 03453ac ACCUMULO-4717 Refactor WalkingSecurity to use API (#9)
03453ac is described below
commit 03453aceeed5559e07ccf1ee82f39115004d6313
Author: Mike Miller <mmil...@apache.org>
AuthorDate: Wed Oct 25 15:40:10 2017 -0400
ACCUMULO-4717 Refactor WalkingSecurity to use API (#9)
Simplified WalkingSecurity by removing the inheritance from server
classes and removing unused code. Now it is simply a helper class and
the other classes in the randomwalk framework call the API directly.
Also added try catch blocks where exceptions are now thrown.
---
.../core/randomwalk/security/AlterTable.java | 20 +-
.../core/randomwalk/security/AlterTablePerm.java | 17 +-
.../core/randomwalk/security/Authenticate.java | 2 +-
.../core/randomwalk/security/ChangePass.java | 2 +-
.../core/randomwalk/security/CreateTable.java | 3 +-
.../core/randomwalk/security/CreateUser.java | 6 +-
.../core/randomwalk/security/DropTable.java | 12 +-
.../testing/core/randomwalk/security/DropUser.java | 6 +-
.../testing/core/randomwalk/security/TableOp.java | 35 +++-
.../testing/core/randomwalk/security/Validate.java | 6 -
.../core/randomwalk/security/WalkingSecurity.java | 208 +--------------------
11 files changed, 88 insertions(+), 229 deletions(-)
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
index ee26003..1283fd7 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTable.java
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -34,13 +35,26 @@ public class AlterTable extends Test {
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws
Exception {
- Connector conn =
env.getAccumuloInstance().getConnector(WalkingSecurity.get(state,
env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String systemUser = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(systemUser,
WalkingSecurity.get(state, env).getSysToken());
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission =
conn.securityOperations().hasTablePermission(WalkingSecurity.get(state,
env).getSysUserName(), tableName,
- TablePermission.ALTER_TABLE);
+ boolean hasPermission;
+ try {
+ hasPermission = conn.securityOperations().hasTablePermission(systemUser,
tableName, TablePermission.ALTER_TABLE)
+ || conn.securityOperations().hasSystemPermission(systemUser,
SystemPermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ae) {
+ if
(ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a
TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ }
+ }
String newTableName = String.format("security_%s_%s_%d",
InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), env.getPid(),
System.currentTimeMillis());
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
index 30f727f..8d1d4a6 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/AlterTablePerm.java
@@ -22,7 +22,9 @@ import java.util.Random;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;;
+import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.admin.SecurityOperations;
+import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
@@ -78,8 +80,19 @@ public class AlterTablePerm extends Test {
Connector conn = env.getAccumuloInstance().getConnector(sourceUser,
sourceToken);
SecurityOperations secOps = conn.securityOperations();
- canGive = secOps.hasSystemPermission(sourceUser,
SystemPermission.ALTER_TABLE)
- || secOps.hasTablePermission(sourceUser, tableName,
TablePermission.GRANT);
+ try {
+ canGive = secOps.hasSystemPermission(sourceUser,
SystemPermission.ALTER_TABLE)
+ || secOps.hasTablePermission(sourceUser, tableName,
TablePermission.GRANT);
+ } catch (AccumuloSecurityException ae) {
+ if
(ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a
TableNotFoundException but it should exist", ae);
+ else
+ return;
+ } else {
+ throw new AccumuloException("Got unexpected ae error code", ae);
+ }
+ }
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
index e524d07..63105f4 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Authenticate.java
@@ -52,7 +52,7 @@ public class Authenticate extends Test {
boolean exists = WalkingSecurity.get(state, env).userExists(target);
// Copy so if failed it doesn't mess with the password stored in state
byte[] password = Arrays.copyOf(WalkingSecurity.get(state,
env).getUserPassword(target), WalkingSecurity.get(state,
env).getUserPassword(target).length);
- boolean hasPermission =
conn.securityOperations().hasSystemPermission(principal,
SystemPermission.SYSTEM);
+ boolean hasPermission =
conn.securityOperations().hasSystemPermission(principal,
SystemPermission.SYSTEM) || principal.equals(target);
if (!success)
for (int i = 0; i < password.length; i++)
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
index 589edff..585a2c1 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/ChangePass.java
@@ -56,7 +56,7 @@ public class ChangePass extends Test {
targetExists = WalkingSecurity.get(state, env).userExists(target);
- hasPerm = conn.securityOperations().hasSystemPermission(target,
SystemPermission.ALTER_USER);
+ hasPerm = conn.securityOperations().hasSystemPermission(principal,
SystemPermission.ALTER_USER) || principal.equals(target);
Random r = new Random();
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
index 5e71410..de11d62 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateTable.java
@@ -23,6 +23,7 @@ import
org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -37,7 +38,7 @@ public class CreateTable extends Test {
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state,
env).canCreateTable(WalkingSecurity.get(state, env).getSysCredentials(), null,
null);
+ boolean hasPermission =
conn.securityOperations().hasSystemPermission(WalkingSecurity.get(state,
env).getSysUserName(), SystemPermission.CREATE_TABLE);
try {
conn.tableOperations().create(tableName);
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
index 91e8f8b..ca9afbe 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/CreateUser.java
@@ -22,6 +22,7 @@ import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -30,12 +31,13 @@ public class CreateUser extends Test {
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws
Exception {
- Connector conn =
env.getAccumuloInstance().getConnector(WalkingSecurity.get(state,
env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal,
WalkingSecurity.get(state, env).getSysToken());
String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state,
env).canCreateUser(WalkingSecurity.get(state, env).getSysCredentials(),
tableUserName);
+ boolean hasPermission =
conn.securityOperations().hasSystemPermission(sysPrincipal,
SystemPermission.CREATE_USER);
PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User
Password");
try {
conn.securityOperations().createLocalUser(tableUserName, tabUserPass);
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
index db6b7a3..66fc0e2 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropTable.java
@@ -25,6 +25,7 @@ import org.apache.accumulo.core.client.TableExistsException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
@@ -41,6 +42,7 @@ public class DropTable extends Test {
String sourceUser = props.getProperty("source", "system");
String principal;
AuthenticationToken token;
+ boolean hasPermission = false;
if (sourceUser.equals("table")) {
principal = WalkingSecurity.get(state, env).getTabUserName();
token = WalkingSecurity.get(state, env).getTabToken();
@@ -53,12 +55,18 @@ public class DropTable extends Test {
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean exists = WalkingSecurity.get(state, env).getTableExists();
- boolean hasPermission =
conn.securityOperations().hasTablePermission(principal, tableName,
TablePermission.DROP_TABLE);
try {
+ hasPermission = conn.securityOperations().hasTablePermission(principal,
tableName, TablePermission.DROP_TABLE)
+ || conn.securityOperations().hasSystemPermission(principal,
SystemPermission.DROP_TABLE);
conn.tableOperations().delete(tableName);
} catch (AccumuloSecurityException ae) {
- if
(ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
+ if
(ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
+ if (exists)
+ throw new TableExistsException(null, tableName, "Got a
TableNotFoundException but it should have existed", ae);
+ else
+ return;
+ } else if
(ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
if (hasPermission)
throw new AccumuloException("Got a security exception when I should
have had permission.", ae);
else {
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
index 7d1a9b6..933c26d 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/DropUser.java
@@ -21,6 +21,7 @@ import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
import org.apache.accumulo.testing.core.randomwalk.Test;
@@ -29,12 +30,13 @@ public class DropUser extends Test {
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws
Exception {
- Connector conn =
env.getAccumuloInstance().getConnector(WalkingSecurity.get(state,
env).getSysUserName(), WalkingSecurity.get(state, env).getSysToken());
+ String sysPrincipal = WalkingSecurity.get(state, env).getSysUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(sysPrincipal,
WalkingSecurity.get(state, env).getSysToken());
String tableUserName = WalkingSecurity.get(state, env).getTabUserName();
boolean exists = WalkingSecurity.get(state, env).userExists(tableUserName);
- boolean hasPermission = WalkingSecurity.get(state,
env).canDropUser(WalkingSecurity.get(state, env).getSysCredentials(),
tableUserName);
+ boolean hasPermission =
conn.securityOperations().hasSystemPermission(sysPrincipal,
SystemPermission.DROP_USER);
try {
conn.securityOperations().dropLocalUser(tableUserName);
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
index f44511c..7513b23 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/TableOp.java
@@ -56,10 +56,10 @@ public class TableOp extends Test {
@Override
public void visit(State state, RandWalkEnv env, Properties props) throws
Exception {
- Connector conn =
env.getAccumuloInstance().getConnector(WalkingSecurity.get(state,
env).getTabUserName(), WalkingSecurity.get(state, env).getTabToken());
+ String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
+ Connector conn = env.getAccumuloInstance().getConnector(tablePrincipal,
WalkingSecurity.get(state, env).getTabToken());
TableOperations tableOps = conn.tableOperations();
SecurityOperations secOps = conn.securityOperations();
- String tablePrincipal = WalkingSecurity.get(state, env).getTabUserName();
String action = props.getProperty("action", "_random");
TablePermission tp;
@@ -75,8 +75,15 @@ public class TableOp extends Test {
switch (tp) {
case READ: {
- boolean canRead = secOps.hasTablePermission(tablePrincipal, tableName,
TablePermission.READ);
- Authorizations auths = WalkingSecurity.get(state,
env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials());
+ boolean canRead;
+ try {
+ canRead = secOps.hasTablePermission(tablePrincipal, tableName,
TablePermission.READ);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should
have: " + tableName, ase);
+ return;
+ }
+ Authorizations auths = secOps.getUserAuthorizations(tablePrincipal);
boolean ambiguousZone = WalkingSecurity.get(state,
env).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state,
env).ambiguousAuthorizations(conn.whoami());
@@ -146,7 +153,14 @@ public class TableOp extends Test {
break;
}
case WRITE:
- boolean canWrite = secOps.hasTablePermission(tablePrincipal,
tableName, TablePermission.WRITE);
+ boolean canWrite;
+ try {
+ canWrite = secOps.hasTablePermission(tablePrincipal, tableName,
TablePermission.WRITE);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should
have: " + tableName, ase);
+ return;
+ }
boolean ambiguousZone = WalkingSecurity.get(state,
env).inAmbiguousZone(conn.whoami(), tp);
String key = WalkingSecurity.get(state, env).getLastKey() + "1";
@@ -239,8 +253,15 @@ public class TableOp extends Test {
throw new AccumuloException("Bulk Import succeeded when it should
have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
- AlterTable.renameTable(conn, state, env, tableName, tableName + "plus",
- secOps.hasTablePermission(tablePrincipal, tableName,
TablePermission.ALTER_TABLE), tableExists);
+ boolean tablePerm;
+ try {
+ tablePerm = secOps.hasTablePermission(tablePrincipal, tableName,
TablePermission.ALTER_TABLE);
+ } catch (AccumuloSecurityException ase) {
+ if (tableExists)
+ throw new AccumuloException("Table didn't exist when it should
have: " + tableName, ase);
+ return;
+ }
+ AlterTable.renameTable(conn, state, env, tableName, tableName +
"plus", tablePerm, tableExists);
break;
case GRANT:
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
index edf9e4d..9e36c86 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/Validate.java
@@ -101,12 +101,6 @@ public class Validate extends Test {
}
}
-
- Authorizations accuAuths =
conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state,
env).getTabUserName());
- Authorizations auths = WalkingSecurity.get(state,
env).getUserAuthorizations(WalkingSecurity.get(state, env).getTabCredentials());
-
- if (!auths.equals(accuAuths))
- throw new AccumuloException("Table User authorizations out of sync");
}
}
diff --git
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
index 071e5ca..4a0c6f2 100644
---
a/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
+++
b/core/src/main/java/org/apache/accumulo/testing/core/randomwalk/security/WalkingSecurity.java
@@ -17,39 +17,19 @@
package org.apache.accumulo.testing.core.randomwalk.security;
import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.util.Collection;
import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
import org.apache.accumulo.core.client.AccumuloSecurityException;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.client.impl.Credentials;
-import org.apache.accumulo.core.client.impl.Namespace;
-import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
-import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.security.Authorizations;
-import org.apache.accumulo.core.security.NamespacePermission;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
-import org.apache.accumulo.core.security.thrift.TCredentials;
-import org.apache.accumulo.core.util.CachedConfiguration;
-import org.apache.accumulo.server.AccumuloServerContext;
-import org.apache.accumulo.server.client.HdfsZooInstance;
-import org.apache.accumulo.server.conf.ServerConfigurationFactory;
-import org.apache.accumulo.server.security.SecurityOperation;
-import org.apache.accumulo.server.security.handler.Authenticator;
-import org.apache.accumulo.server.security.handler.Authorizor;
-import org.apache.accumulo.server.security.handler.PermissionHandler;
import org.apache.accumulo.testing.core.randomwalk.RandWalkEnv;
import org.apache.accumulo.testing.core.randomwalk.State;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -57,7 +37,7 @@ import org.slf4j.LoggerFactory;
/**
*
*/
-public class WalkingSecurity extends SecurityOperation implements Authorizor,
Authenticator, PermissionHandler {
+public class WalkingSecurity {
State state = null;
RandWalkEnv env = null;
private static final Logger log =
LoggerFactory.getLogger(WalkingSecurity.class);
@@ -79,17 +59,9 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
private static WalkingSecurity instance = null;
- public WalkingSecurity(AccumuloServerContext context, Authorizor author,
Authenticator authent, PermissionHandler pm) {
- super(context, author, authent, pm);
- }
-
public WalkingSecurity(State state2, RandWalkEnv env2) {
- super(new AccumuloServerContext(HdfsZooInstance.getInstance(), new
ServerConfigurationFactory(HdfsZooInstance.getInstance())));
this.state = state2;
this.env = env2;
- authorizor = this;
- authenticator = this;
- permHandle = this;
}
public static WalkingSecurity get(State state, RandWalkEnv env) {
@@ -103,81 +75,26 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
return instance;
}
- @Override
- public void initialize(String instanceId, boolean initialize) {
- throw new UnsupportedOperationException("nope");
- }
-
- @Override
- public boolean validSecurityHandlers(Authenticator one, PermissionHandler
two) {
- return this.getClass().equals(one.getClass()) &&
this.getClass().equals(two.getClass());
- }
-
- @Override
- public boolean validSecurityHandlers(Authenticator one, Authorizor two) {
- return this.getClass().equals(one.getClass()) &&
this.getClass().equals(two.getClass());
- }
-
- @Override
- public boolean validSecurityHandlers(Authorizor one, PermissionHandler two) {
- return this.getClass().equals(one.getClass()) &&
this.getClass().equals(two.getClass());
- }
-
- @Override
- public void initializeSecurity(TCredentials rootuser, String token) throws
ThriftSecurityException {
- throw new UnsupportedOperationException("nope");
- }
-
- @Override
public void changeAuthorizations(String user, Authorizations authorizations)
throws AccumuloSecurityException {
state.set(user + "_auths", authorizations);
state.set("Auths-" + user + '-' + "time", System.currentTimeMillis());
}
- @Override
- public Authorizations getCachedUserAuthorizations(String user) throws
AccumuloSecurityException {
- return (Authorizations) state.get(user + "_auths");
- }
-
public boolean ambiguousAuthorizations(String userName) {
Long setTime = state.getLong("Auths-" + userName + '-' + "time");
if (setTime == null)
- throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is
null");
+ throw new RuntimeException("Auths-" + userName + '-' + "time is null");
if (System.currentTimeMillis() < (setTime + 1000))
return true;
return false;
}
- @Override
- public void initUser(String user) throws AccumuloSecurityException {
- changeAuthorizations(user, new Authorizations());
- }
-
- @Override
- public Set<String> listUsers() throws AccumuloSecurityException {
- Set<String> userList = new TreeSet<>();
- for (String user : new String[] {getSysUserName(), getTabUserName()}) {
- if (userExists(user))
- userList.add(user);
- }
- return userList;
- }
-
- @Override
- public boolean authenticateUser(String principal, AuthenticationToken token)
{
- PasswordToken pass = (PasswordToken) state.get(principal + userPass);
- boolean ret = pass.equals(token);
- return ret;
- }
-
- @Override
public void createUser(String principal, AuthenticationToken token) throws
AccumuloSecurityException {
state.set(principal + userExists, Boolean.toString(true));
changePassword(principal, token);
cleanUser(principal);
}
- @Override
public void dropUser(String user) throws AccumuloSecurityException {
state.set(user + userExists, Boolean.toString(false));
cleanUser(user);
@@ -185,61 +102,32 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
state.set("table" + connector, null);
}
- @Override
public void changePassword(String principal, AuthenticationToken token)
throws AccumuloSecurityException {
state.set(principal + userPass, token);
state.set(principal + userPass + "time", System.currentTimeMillis());
}
- @Override
public boolean userExists(String user) {
return Boolean.parseBoolean(state.getString(user + userExists));
}
- @Override
public boolean hasSystemPermission(String user, SystemPermission permission)
throws AccumuloSecurityException {
boolean res = Boolean.parseBoolean(state.getString("Sys-" + user + '-' +
permission.name()));
return res;
}
- @Override
- public boolean hasCachedSystemPermission(String user, SystemPermission
permission) throws AccumuloSecurityException {
- return hasSystemPermission(user, permission);
- }
-
- @Override
public boolean hasTablePermission(String user, String table, TablePermission
permission) throws AccumuloSecurityException, TableNotFoundException {
return Boolean.parseBoolean(state.getString("Tab-" + user + '-' +
permission.name()));
}
- @Override
- public boolean hasCachedTablePermission(String user, String table,
TablePermission permission) throws AccumuloSecurityException,
TableNotFoundException {
- return hasTablePermission(user, table, permission);
- }
-
- @Override
- public boolean hasNamespacePermission(String user, Namespace.ID namespace,
NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- return Boolean.parseBoolean(state.getString("Nsp-" + user + '-' +
permission.name()));
- }
-
- @Override
- public boolean hasCachedNamespacePermission(String user, Namespace.ID
namespace, NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- return hasNamespacePermission(user, namespace, permission);
- }
-
- @Override
public void grantSystemPermission(String user, SystemPermission permission)
throws AccumuloSecurityException {
setSysPerm(state, user, permission, true);
}
- @Override
public void revokeSystemPermission(String user, SystemPermission permission)
throws AccumuloSecurityException {
setSysPerm(state, user, permission, false);
}
- @Override
public void grantTablePermission(String user, String table, TablePermission
permission) throws AccumuloSecurityException, TableNotFoundException {
setTabPerm(state, user, permission, table, true);
}
@@ -251,40 +139,17 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
private void setTabPerm(State state, String userName, TablePermission tp,
String table, boolean value) {
if (table.equals(userName))
- throw new RuntimeException("This is also fucked up");
+ throw new RuntimeException("Something went wrong: table is equal to
userName: " + userName);
log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name()
+ (value ? " to" : " from") + " user " + userName);
state.set("Tab-" + userName + '-' + tp.name(), Boolean.toString(value));
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
state.set("Tab-" + userName + '-' + tp.name() + '-' + "time",
System.currentTimeMillis());
}
- @Override
public void revokeTablePermission(String user, String table, TablePermission
permission) throws AccumuloSecurityException, TableNotFoundException {
setTabPerm(state, user, permission, table, false);
}
- @Override
- public void grantNamespacePermission(String user, Namespace.ID namespace,
NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- setNspPerm(state, user, permission, namespace, true);
- }
-
- private void setNspPerm(State state, String userName, NamespacePermission
tnp, Namespace.ID namespace, boolean value) {
- if (namespace.equals(userName))
- throw new RuntimeException("I don't even know");
- log.debug((value ? "Gave" : "Took") + " the table permission " +
tnp.name() + (value ? " to" : " from") + " user " + userName);
- state.set("Nsp-" + userName + '-' + tnp.name(), Boolean.toString(value));
- if (tnp.equals(NamespacePermission.READ) ||
tnp.equals(NamespacePermission.WRITE))
- state.set("Nsp-" + userName + '-' + tnp.name() + '-' + "time",
System.currentTimeMillis());
- }
-
- @Override
- public void revokeNamespacePermission(String user, Namespace.ID namespace,
NamespacePermission permission) throws AccumuloSecurityException,
- NamespaceNotFoundException {
- setNspPerm(state, user, permission, namespace, false);
- }
-
- @Override
public void cleanTablePermissions(String table) throws
AccumuloSecurityException, TableNotFoundException {
for (String user : new String[] {getSysUserName(), getTabUserName()}) {
for (TablePermission tp : TablePermission.values()) {
@@ -294,17 +159,6 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
state.set(tableExists, Boolean.toString(false));
}
- @Override
- public void cleanNamespacePermissions(Namespace.ID namespace) throws
AccumuloSecurityException, NamespaceNotFoundException {
- for (String user : new String[] {getSysUserName(), getNspUserName()}) {
- for (NamespacePermission tnp : NamespacePermission.values()) {
- revokeNamespacePermission(user, namespace, tnp);
- }
- }
- state.set(namespaceExists, Boolean.toString(false));
- }
-
- @Override
public void cleanUser(String user) throws AccumuloSecurityException {
if (getTableExists())
for (TablePermission tp : TablePermission.values())
@@ -325,20 +179,11 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
return state.getString("system" + userName);
}
- public String getNspUserName() {
- return state.getString("namespace" + userName);
- }
-
public void setTabUserName(String name) {
state.set("table" + userName, name);
state.set(name + userExists, Boolean.toString(false));
}
- public void setNspUserName(String name) {
- state.set("namespace" + userName, name);
- state.set(name + userExists, Boolean.toString(false));
- }
-
public void setSysUserName(String name) {
state.set("system" + userName, name);
}
@@ -359,14 +204,6 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
return Boolean.parseBoolean(state.getString(namespaceExists));
}
- public TCredentials getSysCredentials() {
- return new Credentials(getSysUserName(),
getSysToken()).toThrift(this.env.getAccumuloInstance());
- }
-
- public TCredentials getTabCredentials() {
- return new Credentials(getTabUserName(),
getTabToken()).toThrift(this.env.getAccumuloInstance());
- }
-
public AuthenticationToken getSysToken() {
return new PasswordToken(getSysPassword());
}
@@ -411,7 +248,6 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
state.set(namespaceName, nsName);
}
- @Override
public void initTable(String table) throws AccumuloSecurityException {
state.set(tableExists, Boolean.toString(true));
state.set(tableName, table);
@@ -425,7 +261,7 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
Long setTime = state.getLong("Tab-" + userName + '-' + tp.name() + '-' +
"time");
if (setTime == null)
- throw new RuntimeException("WTF? Tab-" + userName + '-' + tp.name() +
'-' + "time is null");
+ throw new RuntimeException("Tab-" + userName + '-' + tp.name() + '-' +
"time is null");
if (System.currentTimeMillis() < (setTime + 1000))
return true;
}
@@ -458,7 +294,7 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
if (fs == null) {
try {
- fs = FileSystem.get(CachedConfiguration.getInstance());
+ fs = FileSystem.get(new Configuration());
} catch (IOException e) {
throw new RuntimeException(e);
}
@@ -467,40 +303,8 @@ public class WalkingSecurity extends SecurityOperation
implements Authorizor, Au
return fs;
}
- @Override
- public boolean canAskAboutUser(TCredentials credentials, String user) throws
ThriftSecurityException {
- try {
- return super.canAskAboutUser(credentials, user);
- } catch (ThriftSecurityException tse) {
- if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED))
- return false;
- throw tse;
- }
- }
-
- @Override
- public boolean validTokenClass(String tokenClass) {
- return tokenClass.equals(PasswordToken.class.getName());
- }
-
public static void clearInstance() {
instance = null;
}
- @Override
- public Set<Class<? extends AuthenticationToken>> getSupportedTokenTypes() {
- Set<Class<? extends AuthenticationToken>> cs = new HashSet<>();
- cs.add(PasswordToken.class);
- return cs;
- }
-
- @Override
- public boolean isValidAuthorizations(String user, List<ByteBuffer> auths)
throws AccumuloSecurityException {
- Collection<ByteBuffer> userauths =
getCachedUserAuthorizations(user).getAuthorizationsBB();
- for (ByteBuffer auth : auths)
- if (!userauths.contains(auth))
- return false;
- return true;
- }
-
}
--
To stop receiving notification emails like this one, please contact
['"commits@accumulo.apache.org" <commits@accumulo.apache.org>'].
