@Override public Void run() throws Exception { mac.getConnector("some_other_user", delegationToken); return null; } });
/** * Utility method to get a connector to the MAC. * * @since 1.6.0 */ public Connector getConnector(String user, String passwd) throws AccumuloException, AccumuloSecurityException { return impl.getConnector(user, new PasswordToken(passwd)); }
public static Connector getConnector() { try { return getCluster().getConnector(principal, getToken()); } catch (Exception e) { throw new RuntimeException(e); } }
protected Connector getConnector() throws AccumuloException, AccumuloSecurityException { return getCluster().getConnector("root", new PasswordToken(ROOT_PASSWORD)); }
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), delegationToken1); assertTrue("Could not get tables with delegation token", conn.tableOperations().list().size() > 0); return null; } });
@Override public Integer run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), delegationToken); BatchScanner bs = conn.createBatchScanner(tableName, Authorizations.EMPTY, 2); bs.setRanges(Collections.singleton(new Range())); int recordsSeen = Iterables.size(bs); bs.close(); return recordsSeen; } });
@Override public Void run() throws Exception { // Indirectly creates this user when we use it Connector conn = mac.getConnector(qualifiedUser1, new KerberosToken()); log.info("Created connector as {}", qualifiedUser1); // The new user should have no system permissions for (SystemPermission perm : SystemPermission.values()) { assertFalse(conn.securityOperations().hasSystemPermission(qualifiedUser1, perm)); } return null; }
@Override public Void run() throws Exception { // Indirectly creates this user when we use it Connector conn = mac.getConnector(qualifiedUser1, new KerberosToken()); log.info("Created connector as {}", qualifiedUser1); // The new user should have no system permissions for (SystemPermission perm : SystemPermission.values()) { assertFalse(conn.securityOperations().hasSystemPermission(qualifiedUser1, perm)); } return null; } });
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); conn.securityOperations().grantSystemPermission(qualifiedUser1, SystemPermission.CREATE_TABLE); return null; } });
@Override public Void run() throws Exception { // As the "root" user, open up the connection and get a delegation token Connector conn = mac.getConnector(qualifiedNewUser, new KerberosToken()); log.info("Created connector as {}", qualifiedNewUser); assertEquals(qualifiedNewUser, conn.whoami()); conn.securityOperations().getDelegationToken(new DelegationTokenConfig()); return null; } });
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); AuthenticationToken token = conn.securityOperations() .getDelegationToken(new DelegationTokenConfig()); assertTrue("Could not get tables with delegation token", mac .getConnector(rootUser.getPrincipal(), token).tableOperations().list().size() > 0); return token; } });
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); AuthenticationToken token = conn.securityOperations() .getDelegationToken(new DelegationTokenConfig()); assertTrue("Could not get tables with delegation token", mac .getConnector(rootUser.getPrincipal(), token).tableOperations().list().size() > 0); return token; } });
@BeforeClass public static void setupMiniCluster() throws Exception { SharedMiniClusterBase.startMiniClusterWithConfig(new ShellServerITConfigCallback()); rootPath = getMiniClusterDir().getAbsolutePath(); // history file is updated in $HOME System.setProperty("HOME", rootPath); System.setProperty("hadoop.tmp.dir", System.getProperty("user.dir") + "/target/hadoop-tmp"); traceProcess = getCluster().exec(TraceServer.class); Connector conn = getCluster().getConnector(getPrincipal(), getToken()); TableOperations tops = conn.tableOperations(); // give the tracer some time to start while (!tops.exists("trace")) { sleepUninterruptibly(1, TimeUnit.SECONDS); } }
@Override public Void run() throws Exception { Connector conn = mac.getConnector(newQualifiedUser, new KerberosToken()); log.info("Created connector as {}", newQualifiedUser); assertEquals(newQualifiedUser, conn.whoami()); // The new user should have no system permissions for (SystemPermission perm : SystemPermission.values()) { assertFalse(conn.securityOperations().hasSystemPermission(newQualifiedUser, perm)); } users.add(newQualifiedUser); // Same users as before, plus the new user we just created assertEquals(users, conn.securityOperations().listLocalUsers()); return null; }
@Override public AuthenticationToken run() throws Exception { // As the "root" user, open up the connection and get a delegation token Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); return conn.securityOperations().getDelegationToken(new DelegationTokenConfig()); } });
@Test(expected = AccumuloSecurityException.class) public void testRootUserHasIrrevocablePermissions() throws Exception { // Login as the client (provided to `accumulo init` as the "root" user) UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); final Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); // The server-side implementation should prevent the revocation of the 'root' user's systems // permissions // because once they're gone, it's possible that they could never be restored. conn.securityOperations().revokeSystemPermission(rootUser.getPrincipal(), SystemPermission.GRANT); }
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); // Make sure the system user doesn't exist -- this will force some RPC to happen server-side createTableWithDataAndCompact(conn); assertEquals(users, conn.securityOperations().listLocalUsers()); return null; } });
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); // Should fail return conn.securityOperations().getDelegationToken( new DelegationTokenConfig().setTokenLifetime(Long.MAX_VALUE, TimeUnit.MILLISECONDS)); } });
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); return conn.securityOperations() .getDelegationToken(new DelegationTokenConfig().setTokenLifetime(5, TimeUnit.MINUTES)); } });
@Override public Void run() throws Exception { Connector conn = mac.getConnector(qualifiedUser1, new KerberosToken()); // Shouldn't throw an exception since we granted the create table permission final String table = testName.getMethodName() + "_user_table"; conn.tableOperations().create(table); // Make sure we can actually use the table we made BatchWriter bw = conn.createBatchWriter(table, new BatchWriterConfig()); Mutation m = new Mutation("a"); m.put("b", "c", "d"); bw.addMutation(m); bw.close(); conn.tableOperations().compact(table, new CompactionConfig().setWait(true).setFlush(true)); return null; } });