@Override protected void doTableOp(final Shell shellState, final String tableName) throws Exception { try { shellState.getAccumuloClient().securityOperations().grantTablePermission(user, tableName, TablePermission.valueOf(permission[1])); Shell.log .debug("Granted " + user + " the " + permission[1] + " permission on table " + tableName); } catch (IllegalArgumentException e) { throw new IllegalArgumentException("No such table permission", e); } }
@Override protected void doTableOp(final Shell shellState, final String tableName) throws Exception { try { shellState.getConnector().securityOperations().grantTablePermission(user, tableName, TablePermission.valueOf(permission[1])); Shell.log .debug("Granted " + user + " the " + permission[1] + " permission on table " + tableName); } catch (IllegalArgumentException e) { throw new IllegalArgumentException("No such table permission", e); } }
private void changeTablePermission(Connector conn, Random rand, String userName, String tableName) throws AccumuloException, AccumuloSecurityException { EnumSet<TablePermission> perms = EnumSet.noneOf(TablePermission.class); for (TablePermission p : TablePermission.values()) { if (conn.securityOperations().hasTablePermission(userName, tableName, p)) perms.add(p); } EnumSet<TablePermission> more = EnumSet.allOf(TablePermission.class); more.removeAll(perms); if (rand.nextBoolean() && more.size() > 0) { List<TablePermission> moreList = new ArrayList<>(more); TablePermission choice = moreList.get(rand.nextInt(moreList.size())); log.debug("adding permission " + choice); conn.securityOperations().grantTablePermission(userName, tableName, choice); } else { if (perms.size() > 0) { List<TablePermission> permList = new ArrayList<>(perms); TablePermission choice = permList.get(rand.nextInt(permList.size())); log.debug("removing permission " + choice); conn.securityOperations().revokeTablePermission(userName, tableName, choice); } } }
private void createTableIfNeeded() throws IOException { try { if (!childConnector.tableOperations().exists(childTableName)) { log.info("Creating table: " + childTableName); childConnector.tableOperations().create(childTableName); log.info("Created table: " + childTableName); log.info("Granting authorizations to table: " + childTableName); childConnector.securityOperations().grantTablePermission(childUser, childTableName, TablePermission.WRITE); log.info("Granted authorizations to table: " + childTableName); } } catch (TableExistsException | AccumuloException | AccumuloSecurityException e) { throw new IOException(e); } }
@Before public void configureInstance() throws Exception { conn = getConnector(); inst = conn.getInstance(); ReplicationTable.setOnline(conn); conn.securityOperations().grantTablePermission(conn.whoami(), MetadataTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); }
private void createTableIfNeeded() throws MergerException { try { if (!doesMetadataTableExist()) { log.debug("Creating table: " + mergeParentMetadataTableName); connector.tableOperations().create(mergeParentMetadataTableName); log.debug("Created table: " + mergeParentMetadataTableName); log.debug("Granting authorizations to table: " + mergeParentMetadataTableName); final String username = accumuloRyaDao.getConf().get(MRUtils.AC_USERNAME_PROP); connector.securityOperations().grantTablePermission(username, mergeParentMetadataTableName, TablePermission.WRITE); log.debug("Granted authorizations to table: " + mergeParentMetadataTableName); } } catch (final TableExistsException | AccumuloException | AccumuloSecurityException e) { throw new MergerException("Could not create a new MergeParentMetadata table named: " + mergeParentMetadataTableName, e); } }
private void createTableIfNeeded() throws MergerException { try { if (!doesMetadataTableExist()) { log.debug("Creating table: " + mergeParentMetadataTableName); connector.tableOperations().create(mergeParentMetadataTableName); log.debug("Created table: " + mergeParentMetadataTableName); log.debug("Granting authorizations to table: " + mergeParentMetadataTableName); final String username = accumuloRyaDao.getConf().get(MRUtils.AC_USERNAME_PROP); connector.securityOperations().grantTablePermission(username, mergeParentMetadataTableName, TablePermission.WRITE); log.debug("Granted authorizations to table: " + mergeParentMetadataTableName); } } catch (final TableExistsException | AccumuloException | AccumuloSecurityException e) { throw new MergerException("Could not create a new MergeParentMetadata table named: " + mergeParentMetadataTableName, e); } }
@Before public void setupInstance() throws Exception { conn = getConnector(); ReplicationTable.setOnline(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); }
@Before public void setupInstance() throws Exception { conn = getConnector(); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), MetadataTable.NAME, TablePermission.WRITE); ReplicationTable.setOnline(conn); }
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); conn.tableOperations().create(table); // Give our unprivileged user permission on the table we made for them conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.READ); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.WRITE); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.ALTER_TABLE); conn.securityOperations().grantTablePermission(qualifiedUser1, table, TablePermission.DROP_TABLE); conn.securityOperations().changeUserAuthorizations(qualifiedUser1, new Authorizations(viz)); return null; } });
@Before public void setupMetadataPermission() throws Exception { Connector conn = getConnector(); rootHasWritePermission = conn.securityOperations().hasTablePermission("root", MetadataTable.NAME, TablePermission.WRITE); if (!rootHasWritePermission) { conn.securityOperations().grantTablePermission("root", MetadataTable.NAME, TablePermission.WRITE); // Make sure it propagates through ZK Thread.sleep(5000); } }
@Before public void setupInstance() throws Exception { conn = getConnector(); ReplicationTable.setOnline(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); fs = EasyMock.mock(VolumeManager.class); }
@Before public void initialize() throws Exception { conn = getConnector(); rcrr = new MockRemoveCompleteReplicationRecords(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); ReplicationTable.setOnline(conn); }
@Before public void init() throws Exception { conn = getConnector(); assigner = new MockUnorderedWorkAssigner(conn); ReplicationTable.setOnline(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); }
@Before public void init() throws Exception { conn = getConnector(); assigner = new MockSequentialWorkAssigner(conn); // grant ourselves write to the replication table conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); ReplicationTable.setOnline(conn); }
@Override public void grantTablePermission(ByteBuffer login, String user, String table, org.apache.accumulo.proxy.thrift.TablePermission perm) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, org.apache.accumulo.proxy.thrift.TableNotFoundException, TException { try { getConnector(login).securityOperations().grantTablePermission(user, table, TablePermission.getPermissionById((byte) perm.getValue())); } catch (Exception e) { handleExceptionTNF(e); } }
public static void addEntries(Connector conn, BatchWriterOpts bwOpts) throws Exception { conn.securityOperations().grantTablePermission(conn.whoami(), MetadataTable.NAME, TablePermission.WRITE); BatchWriter bw = conn.createBatchWriter(MetadataTable.NAME, bwOpts.getBatchWriterConfig()); for (int i = 0; i < 100000; ++i) { final Text emptyText = new Text(""); Text row = new Text(String.format("%s/%020d/%s", MetadataSchema.DeletesSection.getRowPrefix(), i, "aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeee" + "ffffffffffgggggggggghhhhhhhhhhiiiiiiiiiijjjjjjjjjj")); Mutation delFlag = new Mutation(row); delFlag.put(emptyText, emptyText, new Value(new byte[] {})); bw.addMutation(delFlag); } bw.close(); } }
@Override public Void run() throws Exception { ZooKeeperInstance inst = new ZooKeeperInstance(mac.getClientConfig()); Connector conn = inst.getConnector(rootUgi.getUserName(), new KerberosToken()); conn.tableOperations().create(tableName); conn.securityOperations().createLocalUser(userWithoutCredentials1, new PasswordToken("ignored")); conn.securityOperations().grantTablePermission(userWithoutCredentials1, tableName, TablePermission.READ); conn.securityOperations().createLocalUser(userWithoutCredentials3, new PasswordToken("ignored")); conn.securityOperations().grantTablePermission(userWithoutCredentials3, tableName, TablePermission.READ); return null; } });
@Test(expected = ConstraintViolationException.class) public void test() throws Exception { getConnector().securityOperations().grantTablePermission(getAdminPrincipal(), MetadataTable.NAME, TablePermission.WRITE); Credentials credentials = new Credentials(getAdminPrincipal(), getAdminToken()); ClientContext context = new ClientContext(getConnector().getInstance(), credentials, cluster.getClientConfig()); Writer w = new Writer(context, MetadataTable.ID); KeyExtent extent = new KeyExtent("5", null, null); Mutation m = new Mutation(extent.getMetadataEntry()); // unknown columns should cause contraint violation m.put("badcolfam", "badcolqual", "3"); try { MetadataTableUtil.update(w, null, m); } catch (RuntimeException e) { if (e.getCause().getClass().equals(ConstraintViolationException.class)) { throw (ConstraintViolationException) e.getCause(); } } } }
@After public void resetMetadataPermission() throws Exception { Connector conn = getConnector(); // Final state doesn't match the original if (rootHasWritePermission != conn.securityOperations().hasTablePermission("root", MetadataTable.NAME, TablePermission.WRITE)) { if (rootHasWritePermission) { // root had write permission when starting, ensure root still does conn.securityOperations().grantTablePermission("root", MetadataTable.NAME, TablePermission.WRITE); } else { // root did not have write permission when starting, ensure that it does not conn.securityOperations().revokeTablePermission("root", MetadataTable.NAME, TablePermission.WRITE); } } }