Author: vines
Date: Fri Mar 1 23:26:02 2013
New Revision: 1451770
URL: http://svn.apache.org/r1451770
Log:
ACCUMULO-1123 - Had compensation for propogation times for uncached
permissions. Authorizations and passwords didn't have the luxury. Added in
transient state for authorizations and a pause for ChangePass to help
compensate. Ideally, there would be compensation throughout the code for the
password, but the code has already become a bit of a rats nest. WalkingSecurity
helped clean it up tremendously, I should rewrite a lot of the states now that
that exists to make it simpler.
Modified:
accumulo/trunk/ (props changed)
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
Propchange: accumulo/trunk/
------------------------------------------------------------------------------
Merged /accumulo/branches/1.5:r1451718-1451761,1451763-1451768
Modified:
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
URL:
http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java?rev=1451770&r1=1451769&r2=1451770&view=diff
==============================================================================
---
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
(original)
+++
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
Fri Mar 1 23:26:02 2013
@@ -81,6 +81,8 @@ public class ChangePass extends Test {
}
}
WalkingSecurity.get(state).changePassword(target, newPass);
+ // Waiting 1 second for password to propogate through Zk
+ Thread.sleep(1000);
if (!hasPerm)
throw new AccumuloException("Password change succeeded when it should
have failed for " + source + " changing the password for " + target + ".");
}
Modified:
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
URL:
http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java?rev=1451770&r1=1451769&r2=1451770&view=diff
==============================================================================
---
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
(original)
+++
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
Fri Mar 1 23:26:02 2013
@@ -72,6 +72,7 @@ public class TableOp extends Test {
boolean canRead =
WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(),
tableName);
Authorizations auths =
WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone =
WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
+ boolean ambiguousAuths =
WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
try {
Scanner scan = conn.createScanner(tableName,
conn.securityOperations().getUserAuthorizations(conn.whoami()));
@@ -81,7 +82,7 @@ public class TableOp extends Test {
Entry<Key,Value> entry = iter.next();
Key k = entry.getKey();
seen++;
- if (!auths.contains(k.getColumnVisibilityData()))
+ if (!auths.contains(k.getColumnVisibilityData()) &&
!ambiguousAuths)
throw new AccumuloException("Got data I should not be capable of
seeing: " + k + " table " + tableName);
}
if (!canRead && !ambiguousZone)
@@ -90,7 +91,7 @@ public class TableOp extends Test {
if (auths.contains(entry.getKey().getBytes()))
seen = seen - entry.getValue();
}
- if (seen != 0)
+ if (seen != 0 && !ambiguousAuths)
throw new AccumuloException("Got mismatched amounts of data");
} catch (TableNotFoundException tnfe) {
if (tableExists)
@@ -103,6 +104,12 @@ public class TableOp extends Test {
else
return;
}
+ if (ae.getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
+ if (ambiguousAuths)
+ return;
+ else
+ throw new AccumuloException("Mismatched authorizations! ", ae);
+ }
throw new AccumuloException("Unexpected exception!", ae);
} catch (RuntimeException re) {
if (re.getCause() instanceof AccumuloSecurityException
@@ -112,6 +119,14 @@ public class TableOp extends Test {
else
return;
}
+ if (re.getCause() instanceof AccumuloSecurityException
+ && ((AccumuloSecurityException)
re.getCause()).getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
+ if (ambiguousAuths)
+ return;
+ else
+ throw new AccumuloException("Mismatched authorizations! ",
re.getCause());
+ }
+
throw new AccumuloException("Unexpected exception!", re);
}
Modified:
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
URL:
http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java?rev=1451770&r1=1451769&r2=1451770&view=diff
==============================================================================
---
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
(original)
+++
accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
Fri Mar 1 23:26:02 2013
@@ -122,6 +122,15 @@ public class WalkingSecurity extends Sec
return (Authorizations) state.get(user + "_auths");
}
+ public boolean ambiguousAuthorizations(String userName) {
+ Long setTime = state.getLong("Auths-" + userName + '-' + "time");
+ if (setTime == null)
+ throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is
null");
+ if (System.currentTimeMillis() < (setTime + 1000))
+ return true;
+ return false;
+ }
+
@Override
public void initUser(String user) throws AccumuloSecurityException {
changeAuthorizations(user, new Authorizations());
