use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.
the class PropertyChainTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createUser(user, pwd.getBytes(), auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
conf = new AccumuloRdfConfiguration();
ryaDAO = new AccumuloRyaDAO();
ryaDAO.setConnector(connector);
conf.setTablePrefix(tablePrefix);
ryaDAO.setConf(conf);
ryaDAO.init();
}
use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.
the class SameAsTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
SecurityOperations secOps = connector.securityOperations();
secOps.createUser(user, pwd.getBytes(), auths);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
conf = new AccumuloRdfConfiguration();
ryaDAO = new AccumuloRyaDAO();
ryaDAO.setConnector(connector);
conf.setTablePrefix(tablePrefix);
ryaDAO.setConf(conf);
ryaDAO.init();
}
use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.
the class TablePermissions method revokeAllPermissions.
/**
* Revokes the following Table Permissions for an Accumulo user from an Accumulo table.
* <ul>
* <li>ALTER_TABLE</li>
* <li>BULK_IMPORT</li>
* <li>DROP_TABLE</li>
* <li>GRANT</li>
* <li>READ</li>
* <li>WRITE</li>
* </ul>
*
* @param user - The user whose permissions will be revoked. (not null)
* @param table - The Accumulo table the permissions are revoked from. (not null)
* @param conn - The connector that is used to access the Accumulo instance
* that hosts the the {@code user} and {@code table}. (not null)
* @throws AccumuloException If a general error occurs.
* @throws AccumuloSecurityException If the user does not have permission to revoke a user's permissions.
*/
public void revokeAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
requireNonNull(user);
requireNonNull(table);
requireNonNull(conn);
final SecurityOperations secOps = conn.securityOperations();
secOps.revokeTablePermission(user, table, TablePermission.ALTER_TABLE);
secOps.revokeTablePermission(user, table, TablePermission.BULK_IMPORT);
secOps.revokeTablePermission(user, table, TablePermission.DROP_TABLE);
secOps.revokeTablePermission(user, table, TablePermission.GRANT);
secOps.revokeTablePermission(user, table, TablePermission.READ);
secOps.revokeTablePermission(user, table, TablePermission.WRITE);
}
use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.
the class AccumuloClusterHarness method cleanupUsers.
public void cleanupUsers() throws Exception {
final String userPrefix = this.getClass().getSimpleName();
try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
final SecurityOperations secOps = client.securityOperations();
for (String user : secOps.listLocalUsers()) {
if (user.startsWith(userPrefix)) {
log.info("Dropping local user {}", user);
secOps.dropLocalUser(user);
}
}
}
}
use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.
the class ManagerApiIT method testPermissions_waitForFlush.
@Test
public void testPermissions_waitForFlush() throws Exception {
// To waitForFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
String[] uniqNames = getUniqueNames(3);
String tableName = uniqNames[0];
Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
String tableId;
try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
SecurityOperations rootSecOps = client.securityOperations();
rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
client.tableOperations().create(tableName);
rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
tableId = client.tableOperations().tableIdMap().get(tableName);
}
AtomicLong flushId = new AtomicLong();
// initiateFlush as the root user to get the flushId, then test waitForFlush with other users
op = user -> client -> flushId.set(client.initiateFlush(null, user, tableId));
expectPermissionSuccess(op, rootUser);
op = user -> client -> client.waitForFlush(null, user, tableId, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), flushId.get(), 1);
expectPermissionDenied(op, regularUser);
// privileged users can grant themselves permission, but it's not default
expectPermissionDenied(op, privilegedUser);
expectPermissionSuccess(op, regUserWithWrite);
expectPermissionSuccess(op, regUserWithAlter);
// root user can because they created the table
expectPermissionSuccess(op, rootUser);
}
Aggregations