Examples with ClusterUser org.apache.accumulo.cluster.ClusterUser used on opensource projects

Example 11 with ClusterUser

use of org.apache.accumulo.cluster.ClusterUser in project accumulo by apache.

the class ScanIteratorIT method tearDown.

@After
public void tearDown() throws Exception {
    if (null != user) {
        if (saslEnabled) {
            ClusterUser rootUser = getAdminUser();
            UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
        }
        connector.securityOperations().dropLocalUser(user);
    }
}

Example 12 with ClusterUser

use of org.apache.accumulo.cluster.ClusterUser in project accumulo by apache.

the class ConditionalWriterIT method testFields.

@Test
public void testFields() throws Exception {
    Connector conn = getConnector();
    String tableName = getUniqueNames(1)[0];
    String user = null;
    ClientConfiguration clientConf = cluster.getClientConfig();
    final boolean saslEnabled = clientConf.hasSasl();
    ClusterUser user1 = getUser(0);
    user = user1.getPrincipal();
    if (saslEnabled) {
        // The token is pointless for kerberos
        conn.securityOperations().createLocalUser(user, null);
    } else {
        conn.securityOperations().createLocalUser(user, new PasswordToken(user1.getPassword()));
    }
    Authorizations auths = new Authorizations("A", "B");
    conn.securityOperations().changeUserAuthorizations(user, auths);
    conn.securityOperations().grantSystemPermission(user, SystemPermission.CREATE_TABLE);
    conn = conn.getInstance().getConnector(user, user1.getToken());
    conn.tableOperations().create(tableName);
    try (ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig().setAuthorizations(auths));
        Scanner scanner = conn.createScanner(tableName, auths)) {
        ColumnVisibility cva = new ColumnVisibility("A");
        ColumnVisibility cvb = new ColumnVisibility("B");
        ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cva));
        cm0.put("name", "last", cva, "doe");
        cm0.put("name", "first", cva, "john");
        cm0.put("tx", "seq", cva, "1");
        Assert.assertEquals(Status.ACCEPTED, cw.write(cm0).getStatus());
        scanner.setRange(new Range("99006"));
        // TODO verify all columns
        scanner.fetchColumn(new Text("tx"), new Text("seq"));
        Entry<Key, Value> entry = Iterables.getOnlyElement(scanner);
        Assert.assertEquals("1", entry.getValue().toString());
        long ts = entry.getKey().getTimestamp();
        // test wrong colf
        ConditionalMutation cm1 = new ConditionalMutation("99006", new Condition("txA", "seq").setVisibility(cva).setValue("1"));
        cm1.put("name", "last", cva, "Doe");
        cm1.put("name", "first", cva, "John");
        cm1.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.REJECTED, cw.write(cm1).getStatus());
        // test wrong colq
        ConditionalMutation cm2 = new ConditionalMutation("99006", new Condition("tx", "seqA").setVisibility(cva).setValue("1"));
        cm2.put("name", "last", cva, "Doe");
        cm2.put("name", "first", cva, "John");
        cm2.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.REJECTED, cw.write(cm2).getStatus());
        // test wrong colv
        ConditionalMutation cm3 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb).setValue("1"));
        cm3.put("name", "last", cva, "Doe");
        cm3.put("name", "first", cva, "John");
        cm3.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.REJECTED, cw.write(cm3).getStatus());
        // test wrong timestamp
        ConditionalMutation cm4 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cva).setTimestamp(ts + 1).setValue("1"));
        cm4.put("name", "last", cva, "Doe");
        cm4.put("name", "first", cva, "John");
        cm4.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.REJECTED, cw.write(cm4).getStatus());
        // test wrong timestamp
        ConditionalMutation cm5 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cva).setTimestamp(ts - 1).setValue("1"));
        cm5.put("name", "last", cva, "Doe");
        cm5.put("name", "first", cva, "John");
        cm5.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.REJECTED, cw.write(cm5).getStatus());
        // ensure no updates were made
        entry = Iterables.getOnlyElement(scanner);
        Assert.assertEquals("1", entry.getValue().toString());
        // set all columns correctly
        ConditionalMutation cm6 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cva).setTimestamp(ts).setValue("1"));
        cm6.put("name", "last", cva, "Doe");
        cm6.put("name", "first", cva, "John");
        cm6.put("tx", "seq", cva, "2");
        Assert.assertEquals(Status.ACCEPTED, cw.write(cm6).getStatus());
        entry = Iterables.getOnlyElement(scanner);
        Assert.assertEquals("2", entry.getValue().toString());
    }
}

Example 13 with ClusterUser

use of org.apache.accumulo.cluster.ClusterUser in project accumulo by apache.

the class TestingKdc method start.

/**
 * Starts the KDC and creates the principals and their keytabs
 */
public synchronized void start() throws Exception {
    checkArgument(!started, "KDC was already started");
    kdc.start();
    Thread.sleep(1000);
    // Create the identity for accumulo servers
    File accumuloKeytab = new File(keytabDir, "accumulo.keytab");
    String accumuloPrincipal = String.format("accumulo/%s", hostname);
    log.info("Creating Kerberos principal {} with keytab {}", accumuloPrincipal, accumuloKeytab);
    kdc.createPrincipal(accumuloKeytab, accumuloPrincipal);
    accumuloServerUser = new ClusterUser(qualifyUser(accumuloPrincipal), accumuloKeytab);
    // Create the identity for the "root" user
    String rootPrincipal = "root";
    File rootKeytab = new File(keytabDir, rootPrincipal + ".keytab");
    log.info("Creating Kerberos principal {} with keytab {}", rootPrincipal, rootKeytab);
    kdc.createPrincipal(rootKeytab, rootPrincipal);
    accumuloAdmin = new ClusterUser(qualifyUser(rootPrincipal), rootKeytab);
    clientPrincipals = new ArrayList<>(NUM_USERS);
    // Create a number of unprivileged users for tests to use
    for (int i = 1; i <= NUM_USERS; i++) {
        String clientPrincipal = "client" + i;
        File clientKeytab = new File(keytabDir, clientPrincipal + ".keytab");
        log.info("Creating Kerberos principal {} with keytab {}", clientPrincipal, clientKeytab);
        kdc.createPrincipal(clientKeytab, clientPrincipal);
        clientPrincipals.add(new ClusterUser(qualifyUser(clientPrincipal), clientKeytab));
    }
    started = true;
}

Example 14 with ClusterUser

use of org.apache.accumulo.cluster.ClusterUser in project accumulo by apache.

the class AccumuloMiniClusterConfiguration method getAdminToken.

@Override
public AuthenticationToken getAdminToken() {
    if (saslEnabled) {
        // Turn on Kerberos authentication so UGI acts properly
        final Configuration conf = new Configuration(false);
        conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(conf);
        ClusterUser rootUser = AccumuloClusterHarness.getKdc().getRootUser();
        try {
            UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
            return new KerberosToken();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    } else {
        String password = conf.get(ACCUMULO_MINI_PASSWORD_KEY);
        if (null == password) {
            password = ACCUMULO_MINI_PASSWORD_DEFAULT;
        }
        return new PasswordToken(password);
    }
}

Example 15 with ClusterUser

use of org.apache.accumulo.cluster.ClusterUser in project accumulo by apache.

the class ArbitraryTablePropertiesIT method userSetGetTablePropertyWithoutPermission.

// Tests set and get of user added arbitrary properties using a non-root account without permissions to alter tables
@Test
public void userSetGetTablePropertyWithoutPermission() throws Exception {
    log.debug("Starting userSetGetTablePropertyWithoutPermission test ------------------------");
    // Make a test username and password
    ClusterUser user = getUser(1);
    String testUser = user.getPrincipal();
    AuthenticationToken testToken = user.getToken();
    // Create a root user and create the table
    // Create a test user and grant that user permission to alter the table
    final String tableName = getUniqueNames(1)[0];
    final Connector c = getConnector();
    c.securityOperations().createLocalUser(testUser, (testToken instanceof PasswordToken ? (PasswordToken) testToken : null));
    c.tableOperations().create(tableName);
    // Set variables for the property name to use and the initial value
    String propertyName = "table.custom.description";
    String description1 = "Description";
    // Make sure the property name is valid
    Assert.assertTrue(Property.isValidPropertyKey(propertyName));
    // Getting a fresh token will ensure we're logged in as this user (if necessary)
    Connector testConn = c.getInstance().getConnector(testUser, user.getToken());
    // If able to set it, the test fails, since permission was never granted
    try {
        testConn.tableOperations().setProperty(tableName, propertyName, description1);
        Assert.fail("Was able to set property without permissions");
    } catch (AccumuloSecurityException e) {
    }
    // Loop through properties to make sure the new property is not added to the list
    int count = 0;
    for (Entry<String, String> property : testConn.tableOperations().getProperties(tableName)) {
        if (property.getKey().equals(propertyName))
            count++;
    }
    Assert.assertEquals(count, 0);
}