@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException { final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getAccumuloClient().whoami()); final String scanOpts = cl.hasOption(clearOptAuths.getOpt()) ? null : cl.getOptionValue(scanOptAuths.getOpt()); shellState.getAccumuloClient().securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(scanOpts)); Shell.log.debug("Changed record-level authorizations for user " + user); return 0; }
@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException { final AccumuloClient accumuloClient = shellState.getAccumuloClient(); final String user = cl.getOptionValue(userOpt.getOpt(), accumuloClient.whoami()); final String scanOpts = cl.getOptionValue(scanOptAuths.getOpt()); final Authorizations auths = accumuloClient.securityOperations().getUserAuthorizations(user); final StringBuilder userAuths = new StringBuilder(); final String[] toBeRemovedAuths = scanOpts.split(","); final Set<String> toBeRemovedSet = new HashSet<>(); for (String auth : toBeRemovedAuths) { toBeRemovedSet.add(auth); } final String[] existingAuths = auths.toString().split(","); for (String auth : existingAuths) { if (!toBeRemovedSet.contains(auth)) { userAuths.append(auth); userAuths.append(","); } } if (userAuths.length() > 0) { accumuloClient.securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(userAuths.substring(0, userAuths.length() - 1))); } else { accumuloClient.securityOperations().changeUserAuthorizations(user, new Authorizations()); } Shell.log.debug("Changed record-level authorizations for user " + user); return 0; }
@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException { final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getAccumuloClient().whoami()); final String scanOpts = cl.getOptionValue(scanOptAuths.getOpt()); Authorizations auths = shellState.getAccumuloClient().securityOperations() .getUserAuthorizations(user); StringBuilder userAuths = new StringBuilder(); if (!auths.isEmpty()) { userAuths.append(auths); userAuths.append(","); } userAuths.append(scanOpts); shellState.getAccumuloClient().securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(userAuths.toString())); Shell.log.debug("Changed record-level authorizations for user " + user); return 0; }
/** * Adds authorizations to the {@link SecurityOperations} of this instance's user. * @param auths the list of authorizations to add. * @throws AccumuloException * @throws AccumuloSecurityException */ public void addAuths(final String... auths) throws AccumuloException, AccumuloSecurityException { final Authorizations newAuths = AccumuloRyaUtils.addUserAuths(user, secOps, auths); secOps.changeUserAuthorizations(user, newAuths); }
/** * Adds authorizations to the {@link SecurityOperations} of this instance's user. * @param auths the list of authorizations to add. * @throws AccumuloException * @throws AccumuloSecurityException */ public void addAuths(final String... auths) throws AccumuloException, AccumuloSecurityException { final Authorizations newAuths = AccumuloRyaUtils.addUserAuths(user, secOps, auths); secOps.changeUserAuthorizations(user, newAuths); }
/** * Adds authorizations to the {@link SecurityOperations} of this instance's user. * @param auths the list of authorizations to add. * @throws AccumuloException * @throws AccumuloSecurityException */ public void addAuths(final String... auths) throws AccumuloException, AccumuloSecurityException { final Authorizations newAuths = AccumuloRyaUtils.addUserAuths(user, secOps, auths); secOps.changeUserAuthorizations(user, newAuths); }
public void setRootAuths(Authorizations auths) throws AccumuloSecurityException, AccumuloException { connector.securityOperations().changeUserAuthorizations("root",auths); }
@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException { final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getConnector().whoami()); final String scanOpts = cl.hasOption(clearOptAuths.getOpt()) ? null : cl.getOptionValue(scanOptAuths.getOpt()); shellState.getConnector().securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(scanOpts)); Shell.log.debug("Changed record-level authorizations for user " + user); return 0; }
@Override public void changeUserAuthorizations(ByteBuffer login, String user, Set<ByteBuffer> authorizations) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { Set<String> auths = new HashSet<>(); for (ByteBuffer auth : authorizations) { auths.add(ByteBufferUtil.toString(auth)); } getConnector(login).securityOperations().changeUserAuthorizations(user, new Authorizations(auths.toArray(new String[0]))); } catch (Exception e) { handleException(e); } }
@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException { final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getConnector().whoami()); final String scanOpts = cl.getOptionValue(scanOptAuths.getOpt()); Authorizations auths = shellState.getConnector().securityOperations() .getUserAuthorizations(user); StringBuilder userAuths = new StringBuilder(); if (!auths.isEmpty()) { userAuths.append(auths.toString()); userAuths.append(","); } userAuths.append(scanOpts); shellState.getConnector().securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(userAuths.toString())); Shell.log.debug("Changed record-level authorizations for user " + user); return 0; }
/** * Removes the specified authorizations from the user. * @param userName the name of the user to change authorizations for. * @param secOps the {@link SecurityOperations} to change. * @param authsToRemove the comma-separated string of authorizations to remove. * @throws AccumuloSecurityException * @throws AccumuloException */ public static void removeUserAuths(final String userName, final SecurityOperations secOps, final String authsToRemove) throws AccumuloException, AccumuloSecurityException { final Authorizations currentUserAuths = secOps.getUserAuthorizations(userName); final List<String> authList = convertAuthStringToList(currentUserAuths.toString()); final List<String> authsToRemoveList = convertAuthStringToList(authsToRemove); authList.removeAll(authsToRemoveList); final String authString = Joiner.on(",").join(authList); final Authorizations newAuths = new Authorizations(authString); secOps.changeUserAuthorizations(userName, newAuths); }
/** * Removes the specified authorizations from the user. * @param userName the name of the user to change authorizations for. * @param secOps the {@link SecurityOperations} to change. * @param authsToRemove the comma-separated string of authorizations to remove. * @throws AccumuloSecurityException * @throws AccumuloException */ public static void removeUserAuths(final String userName, final SecurityOperations secOps, final String authsToRemove) throws AccumuloException, AccumuloSecurityException { final Authorizations currentUserAuths = secOps.getUserAuthorizations(userName); final List<String> authList = convertAuthStringToList(currentUserAuths.toString()); final List<String> authsToRemoveList = convertAuthStringToList(authsToRemove); authList.removeAll(authsToRemoveList); final String authString = Joiner.on(",").join(authList); final Authorizations newAuths = new Authorizations(authString); secOps.changeUserAuthorizations(userName, newAuths); }
@After public void resetAuths() throws Exception { Connector c = getConnector(); if (null != origAuths) { c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), origAuths); } }
@After public void resetAuths() throws Exception { if (null != origAuths) { getConnector().securityOperations().changeUserAuthorizations(getAdminPrincipal(), origAuths); } }
protected void copyAuthorizations() throws IOException { try { final SecurityOperations parentSecOps = parentConnector.securityOperations(); final SecurityOperations childSecOps = childConnector.securityOperations(); final Authorizations parentAuths = parentSecOps.getUserAuthorizations(parentUser); final Authorizations childAuths = childSecOps.getUserAuthorizations(childUser); // Add any parent authorizations that the child doesn't have. if (!childAuths.equals(parentAuths)) { log.info("Adding the authorization, \"" + parentAuths.toString() + "\", to the child user, \"" + childUser + "\""); final Authorizations newChildAuths = AccumuloRyaUtils.addUserAuths(childUser, childSecOps, parentAuths); childSecOps.changeUserAuthorizations(childUser, newChildAuths); } } catch (AccumuloException | AccumuloSecurityException e) { throw new IOException(e); } }
@Before public void setupInstance() throws Exception { conn = getConnector(); tableName = getUniqueNames(1)[0]; conn.securityOperations().changeUserAuthorizations(conn.whoami(), AUTHS); }
@Before public void setupInstance() throws Exception { conn = getConnector(); tableName = getUniqueNames(1)[0]; conn.securityOperations().changeUserAuthorizations(conn.whoami(), AUTHS); }
@Before public void setup() throws AccumuloException, AccumuloSecurityException, TableExistsException, TableNotFoundException { // set hadoop.home.dir so we don't get an IOException about it. Doesn't appear to be used though System.setProperty("hadoop.home.dir", "/tmp"); // May need to replace InMemoryInstance with MiniCluster. Apparently InMemoryInstance isn't kept up as well. mockInstance = new InMemoryInstance(); conn = mockInstance.getConnector(userName, password); conn.securityOperations().changeUserAuthorizations(userName, auths); conn.tableOperations().create(tableName); }
private void queryDefaultData(Connector c, String tableName) throws Exception { Scanner scanner; // should return no records c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations("BASE", "DEFLABEL")); scanner = getConnector().createScanner(tableName, new Authorizations()); verifyDefault(scanner, 0); // should return one record scanner = getConnector().createScanner(tableName, new Authorizations("BASE")); verifyDefault(scanner, 1); // should return all three records scanner = getConnector().createScanner(tableName, new Authorizations("BASE", "DEFLABEL")); verifyDefault(scanner, 3); }
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); conn.tableOperations().create(table); // Give our unprivileged user permission on the table we made for them conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.READ); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.WRITE); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.ALTER_TABLE); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.DROP_TABLE); conn.securityOperations().changeUserAuthorizations(qualifiedUser1, new Authorizations(viz)); return null; } });