@Override public Map<String,String> namespaceIdMap() { return Namespaces.getNameToIdMap(context).entrySet().stream() .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().canonicalID(), (v1, v2) -> { throw new RuntimeException(String.format("Duplicate key for values %s and %s", v1, v2)); }, TreeMap::new)); }
@Override public void delete(String namespace) throws AccumuloException, AccumuloSecurityException, NamespaceNotFoundException, NamespaceNotEmptyException { checkArgument(namespace != null, "namespace is null"); Namespace.ID namespaceId = Namespaces.getNamespaceId(context, namespace); if (namespaceId.equals(Namespace.ID.ACCUMULO) || namespaceId.equals(Namespace.ID.DEFAULT)) { Credentials credentials = context.getCredentials(); log.debug("{} attempted to delete the {} namespace", credentials.getPrincipal(), namespaceId); throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.UNSUPPORTED_OPERATION); } if (Namespaces.getTableIds(context, namespaceId).size() > 0) { throw new NamespaceNotEmptyException(namespaceId.canonicalID(), namespace, null); } List<ByteBuffer> args = Arrays.asList(ByteBuffer.wrap(namespace.getBytes(UTF_8))); Map<String,String> opts = new HashMap<>(); try { doNamespaceFateOperation(FateOperation.NAMESPACE_DELETE, args, opts, namespace); } catch (NamespaceExistsException e) { // should not happen throw new AssertionError(e); } }
public static long reserveNamespace(Master env, Namespace.ID namespaceId, long id, boolean writeLock, boolean mustExist, TableOperation op) throws Exception { if (getLock(env.getContext(), namespaceId, id, writeLock).tryLock()) { if (mustExist) { IZooReaderWriter zk = env.getContext().getZooReaderWriter(); if (!zk.exists( env.getContext().getZooKeeperRoot() + Constants.ZNAMESPACES + "/" + namespaceId)) throw new AcceptableThriftTableOperationException(namespaceId.canonicalID(), "", op, TableOperationExceptionType.NAMESPACE_NOTFOUND, "Namespace does not exist"); } log.info("namespace {} ({}) locked for {} operation: {}", namespaceId, Long.toHexString(id), (writeLock ? "write" : "read"), op); return 0; } else return 100; }
zoo.putPersistentData(users + "/" + user + "/Namespaces", new byte[0], NodeExistsPolicy.SKIP); perm.grantNamespacePermission(user, Namespace.ID.ACCUMULO.canonicalID(), NamespacePermission.READ); perm.grantNamespacePermission("root", Namespace.ID.ACCUMULO.canonicalID(), NamespacePermission.ALTER_TABLE);
private void alterNamespaceProperty(TCredentials c, String namespace, String property, String value, TableOperation op) throws ThriftSecurityException, ThriftTableOperationException { Namespace.ID namespaceId = null; namespaceId = ClientServiceHandler.checkNamespaceId(master.getContext(), namespace, op); if (!master.security.canAlterNamespace(c, namespaceId)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { if (value == null) { NamespacePropUtil.removeNamespaceProperty(master.getContext(), namespaceId, property); } else { NamespacePropUtil.setNamespaceProperty(master.getContext(), namespaceId, property, value); } } catch (KeeperException.NoNodeException e) { // race condition... namespace no longer exists? This call will throw an exception if the // namespace was deleted: ClientServiceHandler.checkNamespaceId(master.getContext(), namespace, op); log.info("Error altering namespace property", e); throw new ThriftTableOperationException(namespaceId.canonicalID(), namespace, op, TableOperationExceptionType.OTHER, "Problem altering namespaceproperty"); } catch (Exception e) { log.error("Problem altering namespace property", e); throw new ThriftTableOperationException(namespaceId.canonicalID(), namespace, op, TableOperationExceptionType.OTHER, "Problem altering namespace property"); } }
/** * Checks if a user has a namespace permission<br> * This cannot check if a system user has permission. * * @return true if a user exists and has permission; false otherwise */ protected boolean _hasNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission, boolean useCached) throws ThriftSecurityException { if (permission == null) return false; targetUserExists(user); if (namespace.equals(Namespace.ID.ACCUMULO) && permission.equals(NamespacePermission.READ)) return true; try { if (useCached) return permHandle.hasCachedNamespacePermission(user, namespace.canonicalID(), permission); return permHandle.hasNamespacePermission(user, namespace.canonicalID(), permission); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(user, SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
public void deleteNamespace(TCredentials credentials, Namespace.ID namespace) throws ThriftSecurityException { if (!canDeleteNamespace(credentials, namespace)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { permHandle.cleanNamespacePermissions(namespace.canonicalID()); } catch (AccumuloSecurityException e) { e.setUser(credentials.getPrincipal()); throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
public void revokeNamespacePermission(TCredentials c, String user, Namespace.ID namespace, NamespacePermission permission) throws ThriftSecurityException { if (!canRevokeNamespace(c, namespace)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.revokeNamespacePermission(user, namespace.canonicalID(), permission); log.info("Revoked namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
public void grantNamespacePermission(TCredentials c, String user, Namespace.ID namespace, NamespacePermission permission) throws ThriftSecurityException { if (!canGrantNamespace(c, namespace)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.grantNamespacePermission(user, namespace.canonicalID(), permission); log.info("Granted namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
private synchronized ZooCachePropertyAccessor getPropCacheAccessor() { if (propCacheAccessor == null) { synchronized (propCaches) { PropCacheKey key = new PropCacheKey(context.getInstanceID(), namespaceId.canonicalID()); ZooCache propCache = propCaches.get(key); if (propCache == null) { propCache = zcf.getZooCache(context.getZooKeepers(), context.getZooKeepersSessionTimeOut(), new NamespaceConfWatcher(context)); propCaches.put(key, propCache); } propCacheAccessor = new ZooCachePropertyAccessor(propCache); } } return propCacheAccessor; }
/** * Look for namespace name in ZK. Throw NamespaceNotFoundException if not found. */ public static String getNamespaceName(ClientContext context, Namespace.ID namespaceId) throws NamespaceNotFoundException { String name; ZooCache zc = context.getZooCache(); byte[] path = zc.get(context.getZooKeeperRoot() + Constants.ZNAMESPACES + "/" + namespaceId.canonicalID() + Constants.ZNAMESPACE_NAME); if (path != null) name = new String(path, UTF_8); else throw new NamespaceNotFoundException(namespaceId.canonicalID(), null, "getNamespaceName() failed to find namespace"); return name; }
@Override public String getReturn() { return namespaceInfo.namespaceId.canonicalID(); }
public static boolean exists(ClientContext context, Namespace.ID namespaceId) { ZooCache zc = context.getZooCache(); List<String> namespaceIds = zc.getChildren(context.getZooKeeperRoot() + Constants.ZNAMESPACES); return namespaceIds.contains(namespaceId.canonicalID()); }