shellState.getAccumuloClient().securityOperations().createLocalUser(user, passwordToken); Shell.log.debug("Created user " + user); return 0;
@Override public Connector getConnector(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException { Connector conn = new MockConnector(new Credentials(principal, token), acu, this); if (!acu.users.containsKey(principal)) conn.securityOperations().createLocalUser(principal, (PasswordToken) token); else if (!acu.users.get(principal).token.equals(token)) throw new AccumuloSecurityException(principal, SecurityErrorCode.BAD_CREDENTIALS); return conn; } }
@Override public void visit(State state, Environment env, Properties props) throws Exception { Connector conn = env.getConnector(); Random rand = (Random) state.get("rand"); @SuppressWarnings("unchecked") List<String> userNames = (List<String>) state.get("users"); String userName = userNames.get(rand.nextInt(userNames.size())); try { log.debug("Creating user " + userName); conn.securityOperations().createLocalUser(userName, new PasswordToken(userName + "pass")); } catch (AccumuloSecurityException ex) { log.debug("Create user failed " + ex.getCause()); } } }
@Override public void createLocalUser(ByteBuffer login, String user, ByteBuffer password) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { getConnector(login).securityOperations().createLocalUser(user, new PasswordToken(password)); } catch (Exception e) { handleException(e); } }
@Test public void testFailedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException { // Start testing activities // Test that we get a few "failed" audit messages come through when we tell it to do dumb stuff // We don't want the thrown exceptions to stop our tests, and we are not testing that the // Exceptions are thrown. try { conn.securityOperations().dropLocalUser(AUDIT_USER_2); } catch (AccumuloSecurityException ex) {} try { conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE); } catch (AccumuloSecurityException ex) {} try { conn.securityOperations().createLocalUser("root", new PasswordToken("super secret")); } catch (AccumuloSecurityException ex) {} ArrayList<String> auditMessages = getAuditMessages("testFailedAudits"); // ... that will do for now. // End of testing activities // We're permitted to drop this user, but it fails because the user doesn't actually exist. assertEquals(2, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.DROP_USER_AUDIT_TEMPLATE, AUDIT_USER_2)).size()); assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, SystemPermission.ALTER_TABLE, AUDIT_USER_2)).size()); assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CREATE_USER_AUDIT_TEMPLATE, "root", "")).size()); }
@Override public Void run() throws Exception { ZooKeeperInstance inst = new ZooKeeperInstance(mac.getClientConfig()); Connector conn = inst.getConnector(rootUgi.getUserName(), new KerberosToken()); conn.tableOperations().create(tableName); conn.securityOperations().createLocalUser(userWithoutCredentials1, new PasswordToken("ignored")); conn.securityOperations().grantTablePermission(userWithoutCredentials1, tableName, TablePermission.READ); conn.securityOperations().createLocalUser(userWithoutCredentials3, new PasswordToken("ignored")); conn.securityOperations().grantTablePermission(userWithoutCredentials3, tableName, TablePermission.READ); return null; } });
shellState.getConnector().securityOperations().createLocalUser(user, passwordToken); Shell.log.debug("Created user " + user); return 0;
@Before public void createLocalUser() throws AccumuloException, AccumuloSecurityException { Connector conn = getConnector(); inst = conn.getInstance(); ClientConfiguration clientConf = cluster.getClientConfig(); ClusterUser user = getUser(0); username = user.getPrincipal(); saslEnabled = clientConf.hasSasl(); // Create the user if it doesn't exist Set<String> users = conn.securityOperations().listLocalUsers(); if (!users.contains(username)) { PasswordToken passwdToken = null; if (!saslEnabled) { password = user.getPassword(); passwdToken = new PasswordToken(password); } conn.securityOperations().createLocalUser(username, passwdToken); } }
@Test public void testCreateExistingUser() throws Exception { ClusterUser user0 = getUser(0); Connector conn = getConnector(); Set<String> currentUsers = conn.securityOperations().listLocalUsers(); // Ensure that the user exists if (!currentUsers.contains(user0.getPrincipal())) { PasswordToken token = null; if (!getCluster().getClientConfig().hasSasl()) { token = new PasswordToken(user0.getPassword()); } conn.securityOperations().createLocalUser(user0.getPrincipal(), token); } try { conn.securityOperations().createLocalUser(user0.getPrincipal(), new PasswordToken("better_fail")); fail("Creating a user that already exists should throw an exception"); } catch (AccumuloSecurityException e) { assertTrue("Expected USER_EXISTS error", SecurityErrorCode.USER_EXISTS == e.getSecurityErrorCode()); String msg = e.getMessage(); assertTrue("Error message didn't contain principal: '" + msg + "'", msg.contains(user0.getPrincipal())); } }
TableExistsException, TableNotFoundException, IOException, InterruptedException { conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD)); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
Set<String> users = security.listLocalUsers(); if (!users.contains(conf.getUsername())) { security.createLocalUser(conf.getUsername(), new PasswordToken(conf.getPassword())); security.changeUserAuthorizations(conf.getUsername(), c.securityOperations().getUserAuthorizations(conf.getUsername())); } else {
conn.securityOperations().createLocalUser(systemUserName, sysUserPass);
c.securityOperations().createLocalUser(testUser, (testToken instanceof PasswordToken ? (PasswordToken) testToken : null)); c.tableOperations().create(tableName);
private void setupTestUsers(final Connector accumuloConn, final String ryaInstanceName, final String pcjId) throws AccumuloException, AccumuloSecurityException { final PasswordToken pass = new PasswordToken("password"); final SecurityOperations secOps = accumuloConn.securityOperations(); // We need the table name so that we can update security for the users. final String pcjTableName = new PcjTableNameFactory().makeTableName(ryaInstanceName, pcjId); // Give the 'roor' user authorizations to see everything. secOps.changeUserAuthorizations("root", new Authorizations("A", "B", "C", "D", "E")); // Create a user that can see things with A and B. secOps.createLocalUser("abUser", pass); secOps.changeUserAuthorizations("abUser", new Authorizations("A", "B")); secOps.grantTablePermission("abUser", pcjTableName, TablePermission.READ); // Create a user that can see things with A, B, and C. secOps.createLocalUser("abcUser", pass); secOps.changeUserAuthorizations("abcUser", new Authorizations("A", "B", "C")); secOps.grantTablePermission("abcUser", pcjTableName, TablePermission.READ); // Create a user that can see things with A, D, and E. secOps.createLocalUser("adeUser", pass); secOps.changeUserAuthorizations("adeUser", new Authorizations("A", "D", "E")); secOps.grantTablePermission("adeUser", pcjTableName, TablePermission.READ); // Create a user that can't see anything. secOps.createLocalUser("noAuth", pass); secOps.changeUserAuthorizations("noAuth", new Authorizations()); secOps.grantTablePermission("noAuth", pcjTableName, TablePermission.READ); }
PasswordToken tabUserPass = new PasswordToken("Super Sekret Table User Password"); try { conn.securityOperations().createLocalUser(tableUserName, tabUserPass); } catch (AccumuloSecurityException ae) { switch (ae.getSecurityErrorCode()) { env.getConnector().securityOperations().createLocalUser(tableUserName, tabUserPass); WalkingSecurity.get(state, env).createUser(tableUserName, tabUserPass); Thread.sleep(1000);
@Before public void setup() throws Exception { connector = getConnector(); tableName = getUniqueNames(1)[0]; connector.tableOperations().create(tableName); ClientConfiguration clientConfig = cluster.getClientConfig(); ClusterUser clusterUser = getUser(0); user = clusterUser.getPrincipal(); PasswordToken userToken; if (clientConfig.hasSasl()) { userToken = null; saslEnabled = true; } else { userToken = new PasswordToken(clusterUser.getPassword()); saslEnabled = false; } if (connector.securityOperations().listLocalUsers().contains(user)) { log.info("Dropping {}", user); connector.securityOperations().dropLocalUser(user); } connector.securityOperations().createLocalUser(user, userToken); connector.securityOperations().grantTablePermission(user, tableName, TablePermission.READ); connector.securityOperations().grantTablePermission(user, tableName, TablePermission.WRITE); connector.securityOperations().changeUserAuthorizations(user, AuthsIterator.AUTHS); }
TableExistsException, InterruptedException, IOException { conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD)); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER); auditConnector.securityOperations().createLocalUser(AUDIT_USER_2, new PasswordToken(PASSWORD));
c.securityOperations().createLocalUser(principal, passwordToken); loginAs(testUser); Connector test_user_conn = c.getInstance().getConnector(principal, token);
c.securityOperations().createLocalUser(principal, passwordToken); loginAs(testUser); Connector test_user_conn = c.getInstance().getConnector(principal, token);
user = user1.getPrincipal(); if (saslEnabled) { conn.securityOperations().createLocalUser(user, null); } else { conn.securityOperations().createLocalUser(user, new PasswordToken(user1.getPassword()));