Search in sources :

Example 31 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class PropertyChainTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
    SecurityOperations secOps = connector.securityOperations();
    secOps.createUser(user, pwd.getBytes(), auths);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
    conf = new AccumuloRdfConfiguration();
    ryaDAO = new AccumuloRyaDAO();
    ryaDAO.setConnector(connector);
    conf.setTablePrefix(tablePrefix);
    ryaDAO.setConf(conf);
    ryaDAO.init();
}
Also used : AccumuloRyaDAO(org.apache.rya.accumulo.AccumuloRyaDAO) MockInstance(org.apache.accumulo.core.client.mock.MockInstance) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) AccumuloRdfConfiguration(org.apache.rya.accumulo.AccumuloRdfConfiguration)

Example 32 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class SameAsTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    connector = new MockInstance(instance).getConnector(user, pwd.getBytes());
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX);
    connector.tableOperations().create(tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX);
    SecurityOperations secOps = connector.securityOperations();
    secOps.createUser(user, pwd.getBytes(), auths);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_SPO_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_PO_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_OSP_SUFFIX, TablePermission.READ);
    secOps.grantTablePermission(user, tablePrefix + RdfCloudTripleStoreConstants.TBL_NS_SUFFIX, TablePermission.READ);
    conf = new AccumuloRdfConfiguration();
    ryaDAO = new AccumuloRyaDAO();
    ryaDAO.setConnector(connector);
    conf.setTablePrefix(tablePrefix);
    ryaDAO.setConf(conf);
    ryaDAO.init();
}
Also used : AccumuloRyaDAO(org.apache.rya.accumulo.AccumuloRyaDAO) MockInstance(org.apache.accumulo.core.client.mock.MockInstance) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) AccumuloRdfConfiguration(org.apache.rya.accumulo.AccumuloRdfConfiguration)

Example 33 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project incubator-rya by apache.

the class TablePermissions method revokeAllPermissions.

/**
 * Revokes the following Table Permissions for an Accumulo user from an Accumulo table.
 * <ul>
 *   <li>ALTER_TABLE</li>
 *   <li>BULK_IMPORT</li>
 *   <li>DROP_TABLE</li>
 *   <li>GRANT</li>
 *   <li>READ</li>
 *   <li>WRITE</li>
 * </ul>
 *
 * @param user - The user whose permissions will be revoked. (not null)
 * @param table - The Accumulo table the permissions are revoked from. (not null)
 * @param conn - The connector that is used to access the Accumulo instance
 *   that hosts the the {@code user} and {@code table}. (not null)
 * @throws AccumuloException If a general error occurs.
 * @throws AccumuloSecurityException If the user does not have permission to revoke a user's permissions.
 */
public void revokeAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
    requireNonNull(user);
    requireNonNull(table);
    requireNonNull(conn);
    final SecurityOperations secOps = conn.securityOperations();
    secOps.revokeTablePermission(user, table, TablePermission.ALTER_TABLE);
    secOps.revokeTablePermission(user, table, TablePermission.BULK_IMPORT);
    secOps.revokeTablePermission(user, table, TablePermission.DROP_TABLE);
    secOps.revokeTablePermission(user, table, TablePermission.GRANT);
    secOps.revokeTablePermission(user, table, TablePermission.READ);
    secOps.revokeTablePermission(user, table, TablePermission.WRITE);
}
Also used : SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations)

Example 34 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.

the class AccumuloClusterHarness method cleanupUsers.

public void cleanupUsers() throws Exception {
    final String userPrefix = this.getClass().getSimpleName();
    try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
        final SecurityOperations secOps = client.securityOperations();
        for (String user : secOps.listLocalUsers()) {
            if (user.startsWith(userPrefix)) {
                log.info("Dropping local user {}", user);
                secOps.dropLocalUser(user);
            }
        }
    }
}
Also used : AccumuloClient(org.apache.accumulo.core.client.AccumuloClient) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations)

Example 35 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.

the class ManagerApiIT method testPermissions_waitForFlush.

@Test
public void testPermissions_waitForFlush() throws Exception {
    // To waitForFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
    String[] uniqNames = getUniqueNames(3);
    String tableName = uniqNames[0];
    Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
    Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
    String tableId;
    try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
        SecurityOperations rootSecOps = client.securityOperations();
        rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
        rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
        client.tableOperations().create(tableName);
        rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
        rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
        tableId = client.tableOperations().tableIdMap().get(tableName);
    }
    AtomicLong flushId = new AtomicLong();
    // initiateFlush as the root user to get the flushId, then test waitForFlush with other users
    op = user -> client -> flushId.set(client.initiateFlush(null, user, tableId));
    expectPermissionSuccess(op, rootUser);
    op = user -> client -> client.waitForFlush(null, user, tableId, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), flushId.get(), 1);
    expectPermissionDenied(op, regularUser);
    // privileged users can grant themselves permission, but it's not default
    expectPermissionDenied(op, privilegedUser);
    expectPermissionSuccess(op, regUserWithWrite);
    expectPermissionSuccess(op, regUserWithAlter);
    // root user can because they created the table
    expectPermissionSuccess(op, rootUser);
}
Also used : AccumuloClient(org.apache.accumulo.core.client.AccumuloClient) PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) AtomicLong(java.util.concurrent.atomic.AtomicLong) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) Text(org.apache.hadoop.io.Text) TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) Credentials(org.apache.accumulo.core.clientImpl.Credentials) Test(org.junit.Test)

Aggregations

SecurityOperations (org.apache.accumulo.core.client.admin.SecurityOperations)36 Test (org.junit.Test)15 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)14 Authorizations (org.apache.accumulo.core.security.Authorizations)10 AccumuloClient (org.apache.accumulo.core.client.AccumuloClient)9 AccumuloRdfConfiguration (org.apache.rya.accumulo.AccumuloRdfConfiguration)8 MockInstance (org.apache.accumulo.core.client.mock.MockInstance)7 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 RyaClient (org.apache.rya.api.client.RyaClient)6 Connector (org.apache.accumulo.core.client.Connector)5 IOException (java.io.IOException)4 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 Scanner (org.apache.accumulo.core.client.Scanner)4 Shell (org.apache.accumulo.shell.Shell)4 CommandLine (org.apache.commons.cli.CommandLine)4 AccumuloRyaDAO (org.apache.rya.accumulo.AccumuloRyaDAO)4 LineReader (org.jline.reader.LineReader)4 Entry (java.util.Map.Entry)3 Credentials (org.apache.accumulo.core.clientImpl.Credentials)3 TCredentials (org.apache.accumulo.core.securityImpl.thrift.TCredentials)3