Examples with PasswordToken org.apache.accumulo.core.client.security.tokens.PasswordToken used on opensource projects

Example 81 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class AccumuloMiniClusterConfiguration method getAdminToken.

@Override
public AuthenticationToken getAdminToken() {
    if (saslEnabled) {
        // Turn on Kerberos authentication so UGI acts properly
        final Configuration conf = new Configuration(false);
        conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(conf);
        ClusterUser rootUser = AccumuloClusterHarness.getKdc().getRootUser();
        try {
            UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath());
            return new KerberosToken();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    } else {
        String password = conf.get(ACCUMULO_MINI_PASSWORD_KEY);
        if (null == password) {
            password = ACCUMULO_MINI_PASSWORD_DEFAULT;
        }
        return new PasswordToken(password);
    }
}

Example 82 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class ArbitraryTablePropertiesIT method userSetGetTablePropertyWithoutPermission.

// Tests set and get of user added arbitrary properties using a non-root account without permissions to alter tables
@Test
public void userSetGetTablePropertyWithoutPermission() throws Exception {
    log.debug("Starting userSetGetTablePropertyWithoutPermission test ------------------------");
    // Make a test username and password
    ClusterUser user = getUser(1);
    String testUser = user.getPrincipal();
    AuthenticationToken testToken = user.getToken();
    // Create a root user and create the table
    // Create a test user and grant that user permission to alter the table
    final String tableName = getUniqueNames(1)[0];
    final Connector c = getConnector();
    c.securityOperations().createLocalUser(testUser, (testToken instanceof PasswordToken ? (PasswordToken) testToken : null));
    c.tableOperations().create(tableName);
    // Set variables for the property name to use and the initial value
    String propertyName = "table.custom.description";
    String description1 = "Description";
    // Make sure the property name is valid
    Assert.assertTrue(Property.isValidPropertyKey(propertyName));
    // Getting a fresh token will ensure we're logged in as this user (if necessary)
    Connector testConn = c.getInstance().getConnector(testUser, user.getToken());
    // If able to set it, the test fails, since permission was never granted
    try {
        testConn.tableOperations().setProperty(tableName, propertyName, description1);
        Assert.fail("Was able to set property without permissions");
    } catch (AccumuloSecurityException e) {
    }
    // Loop through properties to make sure the new property is not added to the list
    int count = 0;
    for (Entry<String, String> property : testConn.tableOperations().getProperties(tableName)) {
        if (property.getKey().equals(propertyName))
            count++;
    }
    Assert.assertEquals(count, 0);
}

Example 83 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class ArbitraryTablePropertiesIT method userSetGetRemoveTablePropertyWithPermission.

// Tests set, get, and remove of user added arbitrary properties using a non-root account with permissions to alter tables
@Test
public void userSetGetRemoveTablePropertyWithPermission() throws Exception {
    log.debug("Starting userSetGetRemoveTablePropertyWithPermission test ------------------------");
    // Make a test username and password
    ClusterUser user = getUser(0);
    String testUser = user.getPrincipal();
    AuthenticationToken testToken = user.getToken();
    // Create a root user and create the table
    // Create a test user and grant that user permission to alter the table
    final String tableName = getUniqueNames(1)[0];
    final Connector c = getConnector();
    c.securityOperations().createLocalUser(testUser, (testToken instanceof PasswordToken ? (PasswordToken) testToken : null));
    c.tableOperations().create(tableName);
    c.securityOperations().grantTablePermission(testUser, tableName, TablePermission.ALTER_TABLE);
    // Set variables for the property name to use and the initial value
    String propertyName = "table.custom.description";
    String description1 = "Description";
    // Make sure the property name is valid
    Assert.assertTrue(Property.isValidPropertyKey(propertyName));
    // Getting a fresh token will ensure we're logged in as this user (if necessary)
    Connector testConn = c.getInstance().getConnector(testUser, user.getToken());
    // Set the property to the desired value
    testConn.tableOperations().setProperty(tableName, propertyName, description1);
    // Loop through properties to make sure the new property is added to the list
    int count = 0;
    for (Entry<String, String> property : testConn.tableOperations().getProperties(tableName)) {
        if (property.getKey().equals(propertyName) && property.getValue().equals(description1))
            count++;
    }
    Assert.assertEquals(count, 1);
    // Set the property as something different
    String description2 = "set second";
    testConn.tableOperations().setProperty(tableName, propertyName, description2);
    // / Loop through properties to make sure the new property is added to the list
    count = 0;
    for (Entry<String, String> property : testConn.tableOperations().getProperties(tableName)) {
        if (property.getKey().equals(propertyName) && property.getValue().equals(description2))
            count++;
    }
    Assert.assertEquals(count, 1);
    // Remove the property and make sure there is no longer a value associated with it
    testConn.tableOperations().removeProperty(tableName, propertyName);
    // / Loop through properties to make sure the new property is added to the list
    count = 0;
    for (Entry<String, String> property : testConn.tableOperations().getProperties(tableName)) {
        if (property.getKey().equals(propertyName))
            count++;
    }
    Assert.assertEquals(count, 0);
}

Example 84 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class AuditMessageIT method testDataOperationsAudits.

@Test
public void testDataOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
    grantEverySystemPriv(conn, AUDIT_USER_1);
    // Connect as Audit User and do a bunch of stuff.
    // Start testing activities here
    auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
    // Insert some play data
    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
    Mutation m = new Mutation("myRow");
    m.put("cf1", "cq1", "v1");
    m.put("cf1", "cq2", "v3");
    bw.addMutation(m);
    bw.close();
    // A regular scan
    try (Scanner scanner = auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths)) {
        for (Map.Entry<Key, Value> entry : scanner) {
            System.out.println("Scanner row: " + entry.getKey() + " " + entry.getValue());
        }
    }
    // A batch scan
    try (BatchScanner bs = auditConnector.createBatchScanner(OLD_TEST_TABLE_NAME, auths, 1)) {
        bs.fetchColumn(new Text("cf1"), new Text("cq1"));
        bs.setRanges(Arrays.asList(new Range("myRow", "myRow~")));
        for (Map.Entry<Key, Value> entry : bs) {
            System.out.println("BatchScanner row: " + entry.getKey() + " " + entry.getValue());
        }
    }
    // Delete some data.
    auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
    // End of testing activities
    ArrayList<String> auditMessages = getAuditMessages("testDataOperationsAudits");
    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME));
    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_DELETE_RANGE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, "myRow", "myRow~")));
}

Example 85 with PasswordToken

use of org.apache.accumulo.core.client.security.tokens.PasswordToken in project accumulo by apache.

the class AuditMessageIT method testImportExportOperationsAudits.

@Test
public void testImportExportOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException, InterruptedException {
    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
    grantEverySystemPriv(conn, AUDIT_USER_1);
    // Connect as Audit User and do a bunch of stuff.
    // Start testing activities here
    auditConnector = getCluster().getConnector(AUDIT_USER_1, new PasswordToken(PASSWORD));
    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
    // Insert some play data
    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
    Mutation m = new Mutation("myRow");
    m.put("cf1", "cq1", "v1");
    m.put("cf1", "cq2", "v3");
    bw.addMutation(m);
    bw.close();
    // Prepare to export the table
    File exportDir = new File(getCluster().getConfig().getDir().toString() + "/export");
    auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
    auditConnector.tableOperations().exportTable(OLD_TEST_TABLE_NAME, exportDir.toString());
    // We've exported the table metadata to the MiniAccumuloCluster root dir. Grab the .rf file path to re-import it
    File distCpTxt = new File(exportDir.toString() + "/distcp.txt");
    File importFile = null;
    // Just grab the first rf file, it will do for now.
    String filePrefix = "file:";
    try (java.util.Scanner it = new java.util.Scanner(distCpTxt, UTF_8.name())) {
        while (it.hasNext() && importFile == null) {
            String line = it.nextLine();
            if (line.matches(".*\\.rf")) {
                importFile = new File(line.replaceFirst(filePrefix, ""));
            }
        }
    }
    FileUtils.copyFileToDirectory(importFile, exportDir);
    auditConnector.tableOperations().importTable(NEW_TEST_TABLE_NAME, exportDir.toString());
    // Now do a Directory (bulk) import of the same data.
    auditConnector.tableOperations().create(THIRD_TEST_TABLE_NAME);
    File failDir = new File(exportDir + "/tmp");
    assertTrue(failDir.mkdirs() || failDir.isDirectory());
    auditConnector.tableOperations().importDirectory(THIRD_TEST_TABLE_NAME, exportDir.toString(), failDir.toString(), false);
    auditConnector.tableOperations().online(OLD_TEST_TABLE_NAME);
    // Stop testing activities here
    ArrayList<String> auditMessages = getAuditMessages("testImportExportOperationsAudits");
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME)));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, "offlineTable", OLD_TEST_TABLE_NAME)));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_EXPORT_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, exportDir.toString())));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_IMPORT_AUDIT_TEMPLATE, NEW_TEST_TABLE_NAME, filePrefix + exportDir.toString())));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE, THIRD_TEST_TABLE_NAME)));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_BULK_IMPORT_AUDIT_TEMPLATE, THIRD_TEST_TABLE_NAME, filePrefix + exportDir.toString(), filePrefix + failDir.toString())));
    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, "onlineTable", OLD_TEST_TABLE_NAME)));
}