use of org.apache.accumulo.core.client.admin.SecurityOperations in project accumulo by apache.
the class ManagerApiIT method testPermissions_initiateFlush.
@Test
public void testPermissions_initiateFlush() throws Exception {
// To initiateFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
String[] uniqNames = getUniqueNames(3);
String tableName = uniqNames[0];
Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
String tableId;
try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
SecurityOperations rootSecOps = client.securityOperations();
rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
client.tableOperations().create(tableName);
rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
tableId = client.tableOperations().tableIdMap().get(tableName);
}
op = user -> client -> client.initiateFlush(null, user, tableId);
expectPermissionDenied(op, regularUser);
// privileged users can grant themselves permission, but it's not default
expectPermissionDenied(op, privilegedUser);
expectPermissionSuccess(op, regUserWithWrite);
expectPermissionSuccess(op, regUserWithAlter);
// root user can because they created the table
expectPermissionSuccess(op, rootUser);
}
Aggregations