@Override public synchronized void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof KerberosToken)) { throw new UnsupportedOperationException( "Expected a KerberosToken but got a " + token.getClass().getSimpleName()); } try { createUserNodeInZk(Base64.getEncoder().encodeToString(principal.getBytes(UTF_8))); } catch (KeeperException e) { if (e.code().equals(KeeperException.Code.NODEEXISTS)) { throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_EXISTS, e); } log.error("Failed to create user in ZooKeeper", e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("Interrupted trying to create node for user", e); throw new RuntimeException(e); } }
e.setTableInfo(getTableInfo()); log.debug("AccumuloSecurityException thrown", e); fatalException = e; } catch (AccumuloSecurityException e) { e.setTableInfo(getTableInfo()); log.debug("{}", e.getMessage(), e); fatalException = e; } catch (Throwable t) {
@Override public List<String> bulkImportFiles(TInfo tinfo, final TCredentials credentials, final long tid, final String tableId, final List<String> files, final String errorDir, final boolean setTime) throws ThriftSecurityException, ThriftTableOperationException, TException { try { if (!security.canPerformSystemActions(credentials)) throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); bulkImportStatus.updateBulkImportStatus(files, BulkImportState.INITIAL); log.debug("Got request to bulk import files to table({}): {}", tableId, files); bulkImportStatus.updateBulkImportStatus(files, BulkImportState.PROCESSING); try { return BulkImporter.bulkLoad(context, tid, tableId, files, setTime); } finally { bulkImportStatus.removeBulkImportStatus(files); } } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (Exception ex) { throw new TException(ex); } }
@Override public synchronized void dropUser(String user) throws AccumuloSecurityException { final String encodedUser = Base64.getEncoder().encodeToString(user.getBytes(UTF_8)); try { zkAuthenticator.dropUser(encodedUser); } catch (AccumuloSecurityException e) { throw new AccumuloSecurityException(user, e.asThriftException().getCode(), e.getCause()); } }
/** * If this method throws an exception, then its possible the mutation is still being actively * processed. Therefore if code chooses to continue after seeing an exception it should take * this into consideration. * * @return status of a conditional mutation */ public Status getStatus() throws AccumuloException, AccumuloSecurityException { if (status == null) { if (exception instanceof AccumuloException) throw new AccumuloException(exception); if (exception instanceof AccumuloSecurityException) { AccumuloSecurityException ase = (AccumuloSecurityException) exception; throw new AccumuloSecurityException(ase.getUser(), SecurityErrorCode.valueOf(ase.getSecurityErrorCode().name()), ase.getTableInfo(), ase); } else throw new AccumuloException(exception); } return status; }
@Override public void grantTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { executeVoid(client -> client.grantTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId())); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
System.exit(1); } catch (AccumuloSecurityException e) { log.error("{}", e.getMessage(), e); System.exit(2); } catch (Exception e) {
throw new AccumuloSecurityException(base.getUser(), base.asThriftException().getCode(), base.getTableInfo(), excep); } else if (excep instanceof AccumuloServerException) { throw new AccumuloServerException((AccumuloServerException) excep);
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException { if (!canGrantSystem(credentials, user, permissionById)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.grantSystemPermission(user, permissionById); log.info("Granted system permission {} for user {} at the request of user {}", permissionById, user, credentials.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
@Test public void testCreateExistingUser() throws Exception { ClusterUser user0 = getUser(0); Connector conn = getConnector(); Set<String> currentUsers = conn.securityOperations().listLocalUsers(); // Ensure that the user exists if (!currentUsers.contains(user0.getPrincipal())) { PasswordToken token = null; if (!getCluster().getClientConfig().hasSasl()) { token = new PasswordToken(user0.getPassword()); } conn.securityOperations().createLocalUser(user0.getPrincipal(), token); } try { conn.securityOperations().createLocalUser(user0.getPrincipal(), new PasswordToken("better_fail")); fail("Creating a user that already exists should throw an exception"); } catch (AccumuloSecurityException e) { assertTrue("Expected USER_EXISTS error", SecurityErrorCode.USER_EXISTS == e.getSecurityErrorCode()); String msg = e.getMessage(); assertTrue("Error message didn't contain principal: '" + msg + "'", msg.contains(user0.getPrincipal())); } }
public void deleteTable(TCredentials credentials, Table.ID tableId, Namespace.ID namespaceId) throws ThriftSecurityException { if (!canDeleteTable(credentials, tableId, namespaceId)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { permHandle.cleanTablePermissions(tableId.canonicalID()); } catch (AccumuloSecurityException e) { e.setUser(credentials.getPrincipal()); throw e.asThriftException(); } catch (TableNotFoundException e) { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST); } }
} catch (AccumuloSecurityException e) { updateAuthorizationFailures(Collections.singletonMap(new KeyExtent(tableId, null, null), SecurityErrorCode.valueOf(e.getSecurityErrorCode().name()))); } catch (TableDeletedException | TableNotFoundException | TableOfflineException e) { updateUnknownErrors(e.getMessage(), e);
public void setLocalityGroups() { HashMap<String, Set<Text>> localityGroups = new HashMap<String, Set<Text>>(); Iterator<String> groups = getPredicates(); int i = 1; while(groups.hasNext()) { HashSet<Text> tempColumn = new HashSet<Text>(); String temp = groups.next(); tempColumn.add(new Text(temp)); String groupName = "predicate" + i; localityGroups.put(groupName, tempColumn); i++; } try { conn.tableOperations().setLocalityGroups(tablePrefix + "doc_partitioned_index", localityGroups); //conn.tableOperations().compact(tablePrefix + "doc_partitioned_index", null, null, true, true); } catch (AccumuloException e) { e.printStackTrace(); } catch (AccumuloSecurityException e) { e.printStackTrace(); } catch (TableNotFoundException e) { e.printStackTrace(); } }
private void handleAccumuloSecurityException(AccumuloSecurityException e) throws org.apache.accumulo.proxy.thrift.TableNotFoundException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException { if (e.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) throw new org.apache.accumulo.proxy.thrift.TableNotFoundException(e.toString()); throw new org.apache.accumulo.proxy.thrift.AccumuloSecurityException(e.toString()); }
@Override public void visit(State state, Environment env, Properties props) throws Exception { Connector conn = env.getConnector(); Random rand = (Random) state.get("rand"); @SuppressWarnings("unchecked") List<String> userNames = (List<String>) state.get("users"); String userName = userNames.get(rand.nextInt(userNames.size())); try { log.debug("Dropping user " + userName); conn.securityOperations().dropLocalUser(userName); } catch (AccumuloSecurityException ex) { log.debug("Unable to drop " + ex.getCause()); } } }
@Override public void run() { HashSet<Path> uniqMapFiles = new HashSet<Path>(); for (List<PathSize> mapFiles : assignmentsPerTablet.values()) for (PathSize ps : mapFiles) uniqMapFiles.add(ps.path); log.debug("Assigning " + uniqMapFiles.size() + " map files to " + assignmentsPerTablet.size() + " tablets at " + location); try { List<KeyExtent> failures = assignMapFiles(credentials, location, assignmentsPerTablet); handleFailures(failures, "Not Serving Tablet"); } catch (AccumuloException e) { handleFailures(assignmentsPerTablet.keySet(), e.getMessage()); } catch (AccumuloSecurityException e) { handleFailures(assignmentsPerTablet.keySet(), e.getMessage()); } }
@Override public void revokeTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(table != null, "table is null"); checkArgument(permission != null, "permission is null"); try { executeVoid(client -> client.revokeTablePermission(Tracer.traceInfo(), context.rpcCreds(), principal, table, permission.getId())); } catch (AccumuloSecurityException e) { if (e.getSecurityErrorCode() == NAMESPACE_DOESNT_EXIST) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); else throw e; } }
@Override public synchronized void dropUser(String user) throws AccumuloSecurityException { final String encodedUser = Base64.encodeBase64String(user.getBytes(UTF_8)); try { zkAuthenticator.dropUser(encodedUser); } catch (AccumuloSecurityException e) { throw new AccumuloSecurityException(user, e.asThriftException().getCode(), e.getCause()); } }
/** * If this method throws an exception, then its possible the mutation is still being actively * processed. Therefore if code chooses to continue after seeing an exception it should take * this into consideration. * * @return status of a conditional mutation */ public Status getStatus() throws AccumuloException, AccumuloSecurityException { if (status == null) { if (exception instanceof AccumuloException) throw new AccumuloException(exception); if (exception instanceof AccumuloSecurityException) { AccumuloSecurityException ase = (AccumuloSecurityException) exception; throw new AccumuloSecurityException(ase.getUser(), SecurityErrorCode.valueOf(ase.getSecurityErrorCode().name()), ase.getTableInfo(), ase); } else throw new AccumuloException(exception); } return status; }
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException { if (!canChangeAuthorizations(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { authorizor.changeAuthorizations(user, authorizations); log.info("Changed authorizations for user {} at the request of user {}", user, credentials.getPrincipal()); } catch (AccumuloSecurityException ase) { throw ase.asThriftException(); } }