Search in sources :

Example 26 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class CopyToolTest method testCopyTool.

@Test
public void testCopyTool() throws Exception {
    final RyaStatement ryaStatementOutOfTimeRange = createRyaStatement("coach", "called", "timeout", LAST_MONTH);
    final RyaStatement ryaStatementShouldCopy1 = createRyaStatement("bob", "catches", "ball", YESTERDAY);
    final RyaStatement ryaStatementShouldCopy2 = createRyaStatement("bill", "talks to", "john", YESTERDAY);
    final RyaStatement ryaStatementShouldCopy3 = createRyaStatement("susan", "eats", "burgers", TODAY);
    final RyaStatement ryaStatementShouldCopy4 = createRyaStatement("ronnie", "plays", "guitar", TODAY);
    final RyaStatement ryaStatementDoesNotExist1 = createRyaStatement("nobody", "was", "here", LAST_MONTH);
    final RyaStatement ryaStatementDoesNotExist2 = createRyaStatement("statement", "not", "found", YESTERDAY);
    final RyaStatement ryaStatementDoesNotExist3 = createRyaStatement("key", "does not", "exist", TODAY);
    // This statement was modified by the child to change the column visibility.
    // The parent should combine the child's visibility with its visibility.
    final RyaStatement ryaStatementVisibilityDifferent = createRyaStatement("I", "see", "you", YESTERDAY);
    ryaStatementVisibilityDifferent.setColumnVisibility(PARENT_COLUMN_VISIBILITY.getExpression());
    // Setup initial parent instance with 7 rows
    // This is the state of the parent data (as it is today) before merging occurs which will use the specified start time of yesterday.
    // Process should NOT copy statement
    parentDao.add(ryaStatementOutOfTimeRange);
    // Process should copy statement
    parentDao.add(ryaStatementShouldCopy1);
    // Process should copy statement
    parentDao.add(ryaStatementShouldCopy2);
    // Process should copy statement
    parentDao.add(ryaStatementShouldCopy3);
    // Process should copy statement
    parentDao.add(ryaStatementShouldCopy4);
    // Process should copy and update statement
    parentDao.add(ryaStatementVisibilityDifferent);
    AccumuloRyaUtils.printTable(PARENT_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, parentConfig);
    // AccumuloRyaUtils.printTable(CHILD_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, childConfig);
    log.info("Starting copy tool. Copying all data after the specified start time: " + YESTERDAY);
    isImporting = false;
    copyToolRun(YESTERDAY);
    // Copy Tool made child instance so hook the tables and dao into the driver.
    final String childUser = accumuloDualInstanceDriver.getChildUser();
    final Connector childConnector = ConfigUtils.getConnector(childConfig);
    accumuloDualInstanceDriver.getChildAccumuloInstanceDriver().setConnector(childConnector);
    accumuloDualInstanceDriver.getChildAccumuloInstanceDriver().setUpTables();
    accumuloDualInstanceDriver.getChildAccumuloInstanceDriver().setUpDao();
    childDao = accumuloDualInstanceDriver.getChildDao();
    // Update child config to include changes made from copy process
    final SecurityOperations childSecOps = accumuloDualInstanceDriver.getChildSecOps();
    Authorizations newChildAuths = AccumuloRyaUtils.addUserAuths(childUser, childSecOps, PARENT_AUTH);
    childSecOps.changeUserAuthorizations(childUser, newChildAuths);
    final String childAuthString = newChildAuths.toString();
    final List<String> duplicateKeys = MergeTool.DUPLICATE_KEY_MAP.get(MRUtils.AC_AUTH_PROP);
    childConfig.set(MRUtils.AC_AUTH_PROP, childAuthString);
    for (final String key : duplicateKeys) {
        childConfig.set(key, childAuthString);
    }
    AccumuloRyaUtils.printTablePretty(CHILD_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, childConfig);
    AccumuloRyaUtils.printTablePretty(CHILD_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, childConfig);
    AccumuloRyaUtils.printTablePretty(CHILD_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, childConfig);
    final Scanner scanner = AccumuloRyaUtils.getScanner(CHILD_TABLE_PREFIX + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, childConfig);
    final Iterator<Entry<Key, Value>> iterator = scanner.iterator();
    int count = 0;
    while (iterator.hasNext()) {
        iterator.next();
        count++;
    }
    // Make sure we have all of them in the parent.
    assertEquals(5, count);
    assertStatementInChild("Child included statement that was out of time range", 0, ryaStatementOutOfTimeRange);
    assertStatementInChild("Child missing statement 1 that was in parent", 1, ryaStatementShouldCopy1);
    assertStatementInChild("Child missing statement 2 that was in parent", 1, ryaStatementShouldCopy2);
    assertStatementInChild("Child missing statement 3 that was in parent", 1, ryaStatementShouldCopy3);
    assertStatementInChild("Child missing statement 4 that was in parent", 1, ryaStatementShouldCopy4);
    assertStatementInChild("Child included statement 1 that was not in parent", 0, ryaStatementDoesNotExist1);
    assertStatementInChild("Child included statement 2 that was not in parent", 0, ryaStatementDoesNotExist2);
    assertStatementInChild("Child included statement 3 that was not in parent", 0, ryaStatementDoesNotExist3);
    // Check that it can be queried with child's visibility
    assertStatementInChild("Child missing statement with child visibility", 1, ryaStatementVisibilityDifferent);
    // Check that it can be queried with parent's visibility
    childConfig.set(RdfCloudTripleStoreConfiguration.CONF_QUERY_AUTH, PARENT_AUTH);
    final SecurityOperations secOps = IS_MOCK ? accumuloDualInstanceDriver.getChildSecOps() : childSecOps;
    newChildAuths = AccumuloRyaUtils.addUserAuths(accumuloDualInstanceDriver.getChildUser(), secOps, PARENT_AUTH);
    secOps.changeUserAuthorizations(accumuloDualInstanceDriver.getChildUser(), newChildAuths);
    assertStatementInChild("Child missing statement with parent visibility", 1, ryaStatementVisibilityDifferent);
    // Check that it can NOT be queried with some other visibility
    childConfig.set(RdfCloudTripleStoreConfiguration.CONF_QUERY_AUTH, "bad_auth");
    final CloseableIteration<RyaStatement, RyaDAOException> iter = childDao.getQueryEngine().query(ryaStatementVisibilityDifferent, childConfig);
    count = 0;
    try {
        while (iter.hasNext()) {
            iter.next();
            count++;
        }
    } catch (final Exception e) {
        // Expected
        if (!(e.getCause() instanceof AccumuloSecurityException)) {
            fail();
        }
    }
    iter.close();
    assertEquals(0, count);
    // reset auth
    childConfig.set(RdfCloudTripleStoreConfiguration.CONF_QUERY_AUTH, childAuthString);
    log.info("DONE");
}
Also used : Connector(org.apache.accumulo.core.client.Connector) Scanner(org.apache.accumulo.core.client.Scanner) Authorizations(org.apache.accumulo.core.security.Authorizations) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) RyaStatement(org.apache.rya.api.domain.RyaStatement) TestUtils.createRyaStatement(org.apache.rya.accumulo.mr.merge.util.TestUtils.createRyaStatement) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) RyaDAOException(org.apache.rya.api.persist.RyaDAOException) Entry(java.util.Map.Entry) RyaDAOException(org.apache.rya.api.persist.RyaDAOException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) Test(org.junit.Test)

Example 27 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class BaseCopyToolMapper method copyAuthorizations.

protected void copyAuthorizations() throws IOException {
    try {
        final SecurityOperations parentSecOps = parentConnector.securityOperations();
        final SecurityOperations childSecOps = childConnector.securityOperations();
        final Authorizations parentAuths = parentSecOps.getUserAuthorizations(parentUser);
        final Authorizations childAuths = childSecOps.getUserAuthorizations(childUser);
        // Add any parent authorizations that the child doesn't have.
        if (!childAuths.equals(parentAuths)) {
            log.info("Adding the authorization, \"" + parentAuths.toString() + "\", to the child user, \"" + childUser + "\"");
            final Authorizations newChildAuths = AccumuloRyaUtils.addUserAuths(childUser, childSecOps, parentAuths);
            childSecOps.changeUserAuthorizations(childUser, newChildAuths);
        }
    } catch (AccumuloException | AccumuloSecurityException e) {
        throw new IOException(e);
    }
}
Also used : AccumuloException(org.apache.accumulo.core.client.AccumuloException) Authorizations(org.apache.accumulo.core.security.Authorizations) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) IOException(java.io.IOException)

Example 28 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method beforeClass.

@Before
public void beforeClass() throws Exception {
    final SecurityOperations secOps = super.getConnector().securityOperations();
    // Create the user that will install the instance of Rya.
    secOps.createLocalUser(ADMIN_USER, new PasswordToken(ADMIN_USER));
    secOps.grantSystemPermission(ADMIN_USER, SystemPermission.CREATE_TABLE);
}
Also used : PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) Before(org.junit.Before)

Example 29 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method userAddedAlsoAddedToRyaDetails.

/**
 * Ensure that when a user is added to a Rya instance that its details are updated to include the new user.
 */
@Test
public void userAddedAlsoAddedToRyaDetails() throws Exception {
    final String user = testInstance.createUniqueUser();
    final SecurityOperations secOps = super.getConnector().securityOperations();
    final RyaClient userAClient = AccumuloRyaClientFactory.build(new AccumuloConnectionDetails(ADMIN_USER, ADMIN_USER.toCharArray(), getInstanceName(), getZookeepers()), super.getClusterInstance().getCluster().getConnector(ADMIN_USER, ADMIN_USER));
    // Create the user that will be added to the instance of Rya.
    secOps.createLocalUser(user, new PasswordToken(user));
    // Install the instance of Rya.
    userAClient.getInstall().install(getRyaInstanceName(), InstallConfiguration.builder().build());
    // Add the user.
    userAClient.getAddUser().get().addUser(getRyaInstanceName(), user);
    // Ensure the Rya instance's details have been updated to include the added user.
    final ImmutableList<String> expectedUsers = ImmutableList.<String>builder().add(ADMIN_USER).add(user).build();
    final RyaDetails details = userAClient.getGetInstanceDetails().getDetails(getRyaInstanceName()).get();
    assertEquals(expectedUsers, details.getUsers());
}
Also used : PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) RyaDetails(org.apache.rya.api.instance.RyaDetails) RyaClient(org.apache.rya.api.client.RyaClient) Test(org.junit.Test)

Example 30 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class AccumuloAddUserIT method afterClass.

@After
public void afterClass() throws Exception {
    final SecurityOperations secOps = super.getConnector().securityOperations();
    secOps.dropLocalUser(ADMIN_USER);
}
Also used : SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) After(org.junit.After)

Aggregations

SecurityOperations (org.apache.accumulo.core.client.admin.SecurityOperations)36 Test (org.junit.Test)15 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)14 Authorizations (org.apache.accumulo.core.security.Authorizations)10 AccumuloClient (org.apache.accumulo.core.client.AccumuloClient)9 AccumuloRdfConfiguration (org.apache.rya.accumulo.AccumuloRdfConfiguration)8 MockInstance (org.apache.accumulo.core.client.mock.MockInstance)7 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 RyaClient (org.apache.rya.api.client.RyaClient)6 Connector (org.apache.accumulo.core.client.Connector)5 IOException (java.io.IOException)4 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 Scanner (org.apache.accumulo.core.client.Scanner)4 Shell (org.apache.accumulo.shell.Shell)4 CommandLine (org.apache.commons.cli.CommandLine)4 AccumuloRyaDAO (org.apache.rya.accumulo.AccumuloRyaDAO)4 LineReader (org.jline.reader.LineReader)4 Entry (java.util.Map.Entry)3 Credentials (org.apache.accumulo.core.clientImpl.Credentials)3 TCredentials (org.apache.accumulo.core.securityImpl.thrift.TCredentials)3