Examples with SecurityOperations org.apache.accumulo.core.client.admin.SecurityOperations used on opensource projects

Example 6 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class RowRuleMapper method flush.

private void flush(final Context context) throws IOException, InterruptedException {
    try {
        childDao.flush();
    } catch (final RyaDAOException e) {
        throw new IOException("Error writing to in-memory table", e);
    }
    final TableOperations ops = childConnector.tableOperations();
    final SecurityOperations secOps = childConnector.securityOperations();
    Authorizations childAuths;
    try {
        childAuths = secOps.getUserAuthorizations(childUser);
    } catch (AccumuloException | AccumuloSecurityException e) {
        throw new IOException("Error connecting to mock instance", e);
    }
    for (final String table : ops.list()) {
        // Only copy Rya tables (skip system tables)
        if (!table.startsWith(childTablePrefix)) {
            continue;
        }
        compositeKey.setGroup(table);
        try {
            // Output every row in this mock table
            int rows = 0;
            final Scanner scanner = childDao.getConnector().createScanner(table, childAuths);
            for (final Map.Entry<Key, Value> row : scanner) {
                compositeKey.setKey(row.getKey());
                compositeVal.setKey(row.getKey());
                compositeVal.setValue(row.getValue());
                context.write(compositeKey, compositeVal);
                rows++;
            }
            log.info("Flushed " + rows + " in-memory rows to output (" + table + ").");
            // Then clear the table
            if (rows > 0) {
                ops.deleteRows(table, null, null);
            }
        } catch (TableNotFoundException | AccumuloException | AccumuloSecurityException e) {
            throw new IOException("Error flushing in-memory table", e);
        }
    }
    // All tables should be empty
    cachedStatements = 0;
}

Example 7 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method userAddedCanInsert.

/**
 * Ensure a user that has been added to the Rya instance can interact with it.
 */
@Test
public void userAddedCanInsert() throws Exception {
    final String user = testInstance.createUniqueUser();
    final SecurityOperations secOps = super.getConnector().securityOperations();
    final RyaClient userAClient = AccumuloRyaClientFactory.build(new AccumuloConnectionDetails(ADMIN_USER, ADMIN_USER.toCharArray(), getInstanceName(), getZookeepers()), super.getClusterInstance().getCluster().getConnector(ADMIN_USER, ADMIN_USER));
    // Create the user that will not be added to the instance of Rya, but will try to scan it.
    secOps.createLocalUser(user, new PasswordToken(user));
    // Install the instance of Rya.
    userAClient.getInstall().install(getRyaInstanceName(), InstallConfiguration.builder().build());
    // Add the user.
    userAClient.getAddUser().get().addUser(getRyaInstanceName(), user);
    // Try to add a statement to the Rya instance. This should succeed.
    Sail sail = null;
    SailConnection sailConn = null;
    try {
        final AccumuloRdfConfiguration userDConf = makeRyaConfig(getRyaInstanceName(), user, user, getInstanceName(), getZookeepers());
        sail = RyaSailFactory.getInstance(userDConf);
        sailConn = sail.getConnection();
        final ValueFactory vf = sail.getValueFactory();
        sailConn.begin();
        sailConn.addStatement(vf.createURI("urn:Alice"), vf.createURI("urn:talksTo"), vf.createURI("urn:Bob"));
        sailConn.close();
    } finally {
        if (sailConn != null) {
            sailConn.close();
        }
        if (sail != null) {
            sail.shutDown();
        }
    }
}

Example 8 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method userNotAddedCanNotInsert.

/**
 * Ensure a user that has not been added to the Rya instance can not interact with it.
 */
@Test
public void userNotAddedCanNotInsert() throws Exception {
    final String user = testInstance.createUniqueUser();
    final SecurityOperations secOps = super.getConnector().securityOperations();
    final RyaClient userAClient = AccumuloRyaClientFactory.build(new AccumuloConnectionDetails(ADMIN_USER, ADMIN_USER.toCharArray(), getInstanceName(), getZookeepers()), super.getClusterInstance().getCluster().getConnector(ADMIN_USER, ADMIN_USER));
    // Install the instance of Rya.
    userAClient.getInstall().install(getRyaInstanceName(), InstallConfiguration.builder().build());
    // Create the user that will not be added to the instance of Rya, but will try to scan it.
    secOps.createLocalUser(user, new PasswordToken(user));
    // Try to add a statement the Rya instance with the unauthorized user. This should fail.
    boolean securityExceptionThrown = false;
    Sail sail = null;
    SailConnection sailConn = null;
    try {
        final AccumuloRdfConfiguration userCConf = makeRyaConfig(getRyaInstanceName(), user, user, getInstanceName(), getZookeepers());
        sail = RyaSailFactory.getInstance(userCConf);
        sailConn = sail.getConnection();
        final ValueFactory vf = sail.getValueFactory();
        sailConn.addStatement(vf.createURI("urn:Alice"), vf.createURI("urn:talksTo"), vf.createURI("urn:Bob"));
    } catch (final RuntimeException e) {
        final Throwable cause = e.getCause();
        if (cause instanceof AccumuloSecurityException) {
            securityExceptionThrown = true;
        }
    } finally {
        if (sailConn != null) {
            sailConn.close();
        }
        if (sail != null) {
            sail.shutDown();
        }
    }
    assertTrue(securityExceptionThrown);
}

Example 9 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method addUserTwice.

/**
 * Ensure nothing happens if you try to add a user that is already there.
 */
@Test
public void addUserTwice() throws Exception {
    final String user = testInstance.createUniqueUser();
    final SecurityOperations secOps = super.getConnector().securityOperations();
    final RyaClient userAClient = AccumuloRyaClientFactory.build(new AccumuloConnectionDetails(ADMIN_USER, ADMIN_USER.toCharArray(), getInstanceName(), getZookeepers()), super.getClusterInstance().getCluster().getConnector(ADMIN_USER, ADMIN_USER));
    // Create the user that will not be added to the instance of Rya, but will try to scan it.
    secOps.createLocalUser(user, new PasswordToken(user));
    // Install the instance of Rya.
    userAClient.getInstall().install(getRyaInstanceName(), InstallConfiguration.builder().build());
    // Add the user.
    userAClient.getAddUser().get().addUser(getRyaInstanceName(), user);
    userAClient.getAddUser().get().addUser(getRyaInstanceName(), user);
    // Ensure the Rya instance's details only contain the username of the user who installed the instance.
    final ImmutableList<String> expectedUsers = ImmutableList.<String>builder().add(ADMIN_USER).add(user).build();
    final RyaDetails details = userAClient.getGetInstanceDetails().getDetails(getRyaInstanceName()).get();
    assertEquals(expectedUsers, details.getUsers());
}

Example 10 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloStorageTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    connector = new MockInstance(instance).getConnector(user, new PasswordToken(pwd.getBytes()));
    connector.tableOperations().create(table);
    SecurityOperations secOps = connector.securityOperations();
    secOps.createLocalUser(user, new PasswordToken(pwd.getBytes()));
    secOps.grantTablePermission(user, table, TablePermission.READ);
    secOps.grantTablePermission(user, table, TablePermission.WRITE);
}