Author: vines Date: Fri Mar 1 23:26:02 2013 New Revision: 1451770 URL: http://svn.apache.org/r1451770 Log: ACCUMULO-1123 - Had compensation for propogation times for uncached permissions. Authorizations and passwords didn't have the luxury. Added in transient state for authorizations and a pause for ChangePass to help compensate. Ideally, there would be compensation throughout the code for the password, but the code has already become a bit of a rats nest. WalkingSecurity helped clean it up tremendously, I should rewrite a lot of the states now that that exists to make it simpler.
Modified: accumulo/trunk/ (props changed) accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java Propchange: accumulo/trunk/ ------------------------------------------------------------------------------ Merged /accumulo/branches/1.5:r1451718-1451761,1451763-1451768 Modified: accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java?rev=1451770&r1=1451769&r2=1451770&view=diff ============================================================================== --- accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java (original) +++ accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java Fri Mar 1 23:26:02 2013 @@ -81,6 +81,8 @@ public class ChangePass extends Test { } } WalkingSecurity.get(state).changePassword(target, newPass); + // Waiting 1 second for password to propogate through Zk + Thread.sleep(1000); if (!hasPerm) throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + "."); } Modified: accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java?rev=1451770&r1=1451769&r2=1451770&view=diff ============================================================================== --- accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java (original) +++ accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java Fri Mar 1 23:26:02 2013 @@ -72,6 +72,7 @@ public class TableOp extends Test { boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName); Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials()); boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp); + boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami()); try { Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami())); @@ -81,7 +82,7 @@ public class TableOp extends Test { Entry<Key,Value> entry = iter.next(); Key k = entry.getKey(); seen++; - if (!auths.contains(k.getColumnVisibilityData())) + if (!auths.contains(k.getColumnVisibilityData()) && !ambiguousAuths) throw new AccumuloException("Got data I should not be capable of seeing: " + k + " table " + tableName); } if (!canRead && !ambiguousZone) @@ -90,7 +91,7 @@ public class TableOp extends Test { if (auths.contains(entry.getKey().getBytes())) seen = seen - entry.getValue(); } - if (seen != 0) + if (seen != 0 && !ambiguousAuths) throw new AccumuloException("Got mismatched amounts of data"); } catch (TableNotFoundException tnfe) { if (tableExists) @@ -103,6 +104,12 @@ public class TableOp extends Test { else return; } + if (ae.getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) { + if (ambiguousAuths) + return; + else + throw new AccumuloException("Mismatched authorizations! ", ae); + } throw new AccumuloException("Unexpected exception!", ae); } catch (RuntimeException re) { if (re.getCause() instanceof AccumuloSecurityException @@ -112,6 +119,14 @@ public class TableOp extends Test { else return; } + if (re.getCause() instanceof AccumuloSecurityException + && ((AccumuloSecurityException) re.getCause()).getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) { + if (ambiguousAuths) + return; + else + throw new AccumuloException("Mismatched authorizations! ", re.getCause()); + } + throw new AccumuloException("Unexpected exception!", re); } Modified: accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java URL: http://svn.apache.org/viewvc/accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java?rev=1451770&r1=1451769&r2=1451770&view=diff ============================================================================== --- accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java (original) +++ accumulo/trunk/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java Fri Mar 1 23:26:02 2013 @@ -122,6 +122,15 @@ public class WalkingSecurity extends Sec return (Authorizations) state.get(user + "_auths"); } + public boolean ambiguousAuthorizations(String userName) { + Long setTime = state.getLong("Auths-" + userName + '-' + "time"); + if (setTime == null) + throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is null"); + if (System.currentTimeMillis() < (setTime + 1000)) + return true; + return false; + } + @Override public void initUser(String user) throws AccumuloSecurityException { changeAuthorizations(user, new Authorizations());