@Inject public AccumuloClient( Connector connector, AccumuloConfig config, ZooKeeperMetadataManager metaManager, AccumuloTableManager tableManager, IndexLookup indexLookup) throws AccumuloException, AccumuloSecurityException { this.connector = requireNonNull(connector, "connector is null"); this.username = requireNonNull(config, "config is null").getUsername(); this.metaManager = requireNonNull(metaManager, "metaManager is null"); this.tableManager = requireNonNull(tableManager, "tableManager is null"); this.indexLookup = requireNonNull(indexLookup, "indexLookup is null"); this.auths = connector.securityOperations().getUserAuthorizations(username); }
Authorizations scanAuths = connector.securityOperations().getUserAuthorizations(sessionScanUser); LOG.debug("Using session scanner auths for user %s: %s", sessionScanUser, scanAuths); return scanAuths; Authorizations auths = connector.securityOperations().getUserAuthorizations(username); LOG.debug("scan_auths table property not set, using user auths: %s", auths); return auths;
private Optional<String> getDefaultTabletLocation(String fulltable) { try { String tableId = connector.tableOperations().tableIdMap().get(fulltable); // Create a scanner over the metadata table, fetching the 'loc' column of the default tablet row Scanner scan = connector.createScanner("accumulo.metadata", connector.securityOperations().getUserAuthorizations(username)); scan.fetchColumnFamily(new Text("loc")); scan.setRange(new Range(tableId + '<')); // scan the entry Optional<String> location = Optional.empty(); for (Entry<Key, Value> entry : scan) { if (location.isPresent()) { throw new PrestoException(FUNCTION_IMPLEMENTATION_ERROR, "Scan for default tablet returned more than one entry"); } location = Optional.of(entry.getValue().toString()); } scan.close(); return location; } catch (Exception e) { // Swallow this exception so the query does not fail due to being unable to locate the tablet server for the default tablet. // This is purely an optimization, but we will want to log the error. LOG.error("Failed to get tablet location, returning dummy location", e); return Optional.empty(); } }
new Indexer( connector, connector.securityOperations().getUserAuthorizations(username), table, conf));
Authorizations scanAuths = connector.securityOperations().getUserAuthorizations(sessionScanUser); LOG.debug("Using session scan auths for user %s: %s", sessionScanUser, scanAuths); return scanAuths;
private boolean checkAccess(final Connector connector, final String user, final String table) { try { if (!connector.securityOperations().hasTablePermission(user, table, TablePermission.READ) && !connector.securityOperations().hasNamespacePermission(user, table, NamespacePermission.READ)) { return false; } } catch (final AccumuloException | AccumuloSecurityException e) { return false; } return true; }
private void verifyHasNoTablePermissions(Connector root_conn, String user, String table, TablePermission... perms) throws AccumuloException, AccumuloSecurityException { for (TablePermission p : perms) if (root_conn.securityOperations().hasTablePermission(user, table, p)) throw new IllegalStateException( user + " SHOULD NOT have table permission " + p + " for table " + table); } }
private void grantEverySystemPriv(Connector conn, String user) throws AccumuloSecurityException, AccumuloException { SystemPermission[] arrayOfP = new SystemPermission[] {SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE, SystemPermission.ALTER_USER, SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE, SystemPermission.DROP_USER}; for (SystemPermission p : arrayOfP) { conn.securityOperations().grantSystemPermission(user, p); } }
@Override public void dropLocalUser(ByteBuffer login, String user) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { getConnector(login).securityOperations().dropLocalUser(user); } catch (Exception e) { handleException(e); } }
@Override public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException, IOException { final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getConnector().whoami()); // Sort authorizations Authorizations auths = shellState.getConnector().securityOperations() .getUserAuthorizations(user); List<String> set = sortAuthorizations(auths); shellState.getReader().println(StringUtils.join(set, ',')); return 0; }
@Before public void setupInstance() throws Exception { conn = getConnector(); ReplicationTable.setOnline(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); fs = EasyMock.mock(VolumeManager.class); }
@After public void resetAuths() throws Exception { Connector c = getConnector(); if (null != origAuths) { c.securityOperations().changeUserAuthorizations(getAdminPrincipal(), origAuths); } }
@Before public void initialize() throws Exception { conn = getConnector(); rcrr = new MockRemoveCompleteReplicationRecords(conn); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.READ); conn.securityOperations().grantTablePermission(conn.whoami(), ReplicationTable.NAME, TablePermission.WRITE); ReplicationTable.setOnline(conn); }
@Override public void createLocalUser(ByteBuffer login, String user, ByteBuffer password) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { getConnector(login).securityOperations().createLocalUser(user, new PasswordToken(password)); } catch (Exception e) { handleException(e); } }
@Override public List<ByteBuffer> getUserAuthorizations(ByteBuffer login, String user) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { return getConnector(login).securityOperations().getUserAuthorizations(user) .getAuthorizationsBB(); } catch (Exception e) { handleException(e); return null; } }
@Override public Void run() throws Exception { // As the "root" user, open up the connection and get a delegation token Connector conn = mac.getConnector(qualifiedNewUser, new KerberosToken()); log.info("Created connector as {}", qualifiedNewUser); assertEquals(qualifiedNewUser, conn.whoami()); conn.securityOperations().getDelegationToken(new DelegationTokenConfig()); return null; } });
@Before public void setupInstance() throws Exception { conn = getConnector(); tableName = getUniqueNames(1)[0]; conn.securityOperations().changeUserAuthorizations(conn.whoami(), AUTHS); }
@Override public void grantSystemPermission(ByteBuffer login, String user, org.apache.accumulo.proxy.thrift.SystemPermission perm) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { getConnector(login).securityOperations().grantSystemPermission(user, SystemPermission.getPermissionById((byte) perm.getValue())); } catch (Exception e) { handleException(e); } }
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); // Should fail return conn.securityOperations().getDelegationToken( new DelegationTokenConfig().setTokenLifetime(Long.MAX_VALUE, TimeUnit.MILLISECONDS)); } });
@Override public AuthenticationToken run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); log.info("Created connector as {}", rootUser.getPrincipal()); assertEquals(rootUser.getPrincipal(), conn.whoami()); AuthenticationToken token = conn.securityOperations() .getDelegationToken(new DelegationTokenConfig()); assertTrue("Could not get tables with delegation token", mac .getConnector(rootUser.getPrincipal(), token).tableOperations().list().size() > 0); return token; } });