Search in sources :

Example 36 with SecurityOperations

use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.

the class ManagerApiIT method testPermissions_initiateFlush.

@Test
public void testPermissions_initiateFlush() throws Exception {
    // To initiateFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
    String[] uniqNames = getUniqueNames(3);
    String tableName = uniqNames[0];
    Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
    Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
    String tableId;
    try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
        SecurityOperations rootSecOps = client.securityOperations();
        rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
        rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
        client.tableOperations().create(tableName);
        rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
        rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
        tableId = client.tableOperations().tableIdMap().get(tableName);
    }
    op = user -> client -> client.initiateFlush(null, user, tableId);
    expectPermissionDenied(op, regularUser);
    // privileged users can grant themselves permission, but it's not default
    expectPermissionDenied(op, privilegedUser);
    expectPermissionSuccess(op, regUserWithWrite);
    expectPermissionSuccess(op, regUserWithAlter);
    // root user can because they created the table
    expectPermissionSuccess(op, rootUser);
}
Also used : AccumuloClient(org.apache.accumulo.core.client.AccumuloClient) PasswordToken(org.apache.accumulo.core.client.security.tokens.PasswordToken) SecurityOperations(org.apache.accumulo.core.client.admin.SecurityOperations) TCredentials(org.apache.accumulo.core.securityImpl.thrift.TCredentials) Credentials(org.apache.accumulo.core.clientImpl.Credentials) Test(org.junit.Test)

Aggregations

SecurityOperations (org.apache.accumulo.core.client.admin.SecurityOperations)36 Test (org.junit.Test)15 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)14 Authorizations (org.apache.accumulo.core.security.Authorizations)10 AccumuloClient (org.apache.accumulo.core.client.AccumuloClient)9 AccumuloRdfConfiguration (org.apache.rya.accumulo.AccumuloRdfConfiguration)8 MockInstance (org.apache.accumulo.core.client.mock.MockInstance)7 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 RyaClient (org.apache.rya.api.client.RyaClient)6 Connector (org.apache.accumulo.core.client.Connector)5 IOException (java.io.IOException)4 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 Scanner (org.apache.accumulo.core.client.Scanner)4 Shell (org.apache.accumulo.shell.Shell)4 CommandLine (org.apache.commons.cli.CommandLine)4 AccumuloRyaDAO (org.apache.rya.accumulo.AccumuloRyaDAO)4 LineReader (org.jline.reader.LineReader)4 Entry (java.util.Map.Entry)3 Credentials (org.apache.accumulo.core.clientImpl.Credentials)3 TCredentials (org.apache.accumulo.core.securityImpl.thrift.TCredentials)3