Examples with Credentials org.apache.accumulo.core.clientImpl.Credentials used on opensource projects

Example 16 with Credentials

use of org.apache.accumulo.core.clientImpl.Credentials in project accumulo by apache.

the class TokenFileIT method testMR.

@SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "path provided by test")
@Test
public void testMR() throws Exception {
    String[] tableNames = getUniqueNames(2);
    String table1 = tableNames[0];
    String table2 = tableNames[1];
    try (AccumuloClient c = Accumulo.newClient().from(getClientProps()).build()) {
        c.tableOperations().create(table1);
        c.tableOperations().create(table2);
        BatchWriter bw = c.createBatchWriter(table1);
        for (int i = 0; i < 100; i++) {
            Mutation m = new Mutation(new Text(String.format("%09x", i + 1)));
            m.put("", "", String.format("%09x", i));
            bw.addMutation(m);
        }
        bw.close();
        File tf = folder.newFile("root_test.pw");
        try (PrintStream out = new PrintStream(tf)) {
            String outString = new Credentials(getAdminPrincipal(), getAdminToken()).serialize();
            out.println(outString);
        }
        Configuration conf = cluster.getServerContext().getHadoopConf();
        conf.set("hadoop.tmp.dir", new File(tf.getAbsolutePath()).getParent());
        conf.set("mapreduce.framework.name", "local");
        conf.set("mapreduce.cluster.local.dir", new File(System.getProperty("user.dir"), "target/mapreduce-tmp").getAbsolutePath());
        assertEquals(0, ToolRunner.run(conf, new MRTokenFileTester(), new String[] { tf.getAbsolutePath(), table1, table2 }));
        if (e1 != null) {
            e1.printStackTrace();
        }
        assertNull(e1);
        try (Scanner scanner = c.createScanner(table2, new Authorizations())) {
            Iterator<Entry<Key, Value>> iter = scanner.iterator();
            assertTrue(iter.hasNext());
            Entry<Key, Value> entry = iter.next();
            assertEquals(Integer.parseInt(new String(entry.getValue().get())), 100);
            assertFalse(iter.hasNext());
        }
    }
}

Example 17 with Credentials

use of org.apache.accumulo.core.clientImpl.Credentials in project accumulo by apache.

the class SystemCredentialsIT method main.

public static void main(final String[] args) throws AccumuloException, TableNotFoundException {
    var siteConfig = SiteConfiguration.auto();
    try (ServerContext context = new ServerContext(siteConfig)) {
        Credentials creds;
        InstanceId badInstanceID = InstanceId.of(SystemCredentials.class.getName());
        if (args.length < 2) {
            throw new RuntimeException("Incorrect usage; expected to be run by test only");
        }
        switch(args[0]) {
            case "bad":
                creds = SystemCredentials.get(badInstanceID, siteConfig);
                break;
            case "good":
                creds = SystemCredentials.get(context.getInstanceID(), siteConfig);
                break;
            case "bad_password":
                creds = new SystemCredentials(badInstanceID, "!SYSTEM", new PasswordToken("fake"));
                break;
            default:
                throw new RuntimeException("Incorrect usage; expected to be run by test only");
        }
        try (AccumuloClient client = Accumulo.newClient().from(context.getProperties()).as(creds.getPrincipal(), creds.getToken()).build()) {
            client.securityOperations().authenticateUser(creds.getPrincipal(), creds.getToken());
            try (Scanner scan = client.createScanner(RootTable.NAME, Authorizations.EMPTY)) {
                for (Entry<Key, Value> e : scan) {
                    e.hashCode();
                }
            } catch (RuntimeException e) {
                e.printStackTrace(System.err);
                System.exit(SCAN_FAILED);
            }
        } catch (AccumuloSecurityException e) {
            e.printStackTrace(System.err);
            System.exit(AUTHENICATION_FAILED);
        }
    }
}

Example 18 with Credentials

use of org.apache.accumulo.core.clientImpl.Credentials in project accumulo by apache.

the class ManagerApiIT method testPermissions_waitForFlush.

@Test
public void testPermissions_waitForFlush() throws Exception {
    // To waitForFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
    String[] uniqNames = getUniqueNames(3);
    String tableName = uniqNames[0];
    Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
    Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
    String tableId;
    try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
        SecurityOperations rootSecOps = client.securityOperations();
        rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
        rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
        client.tableOperations().create(tableName);
        rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
        rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
        tableId = client.tableOperations().tableIdMap().get(tableName);
    }
    AtomicLong flushId = new AtomicLong();
    // initiateFlush as the root user to get the flushId, then test waitForFlush with other users
    op = user -> client -> flushId.set(client.initiateFlush(null, user, tableId));
    expectPermissionSuccess(op, rootUser);
    op = user -> client -> client.waitForFlush(null, user, tableId, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), flushId.get(), 1);
    expectPermissionDenied(op, regularUser);
    // privileged users can grant themselves permission, but it's not default
    expectPermissionDenied(op, privilegedUser);
    expectPermissionSuccess(op, regUserWithWrite);
    expectPermissionSuccess(op, regUserWithAlter);
    // root user can because they created the table
    expectPermissionSuccess(op, rootUser);
}

Example 19 with Credentials

use of org.apache.accumulo.core.clientImpl.Credentials in project accumulo by apache.

the class ManagerApiIT method testPermissions_initiateFlush.

@Test
public void testPermissions_initiateFlush() throws Exception {
    // To initiateFlush, user needs TablePermission.WRITE or TablePermission.ALTER_TABLE
    String[] uniqNames = getUniqueNames(3);
    String tableName = uniqNames[0];
    Credentials regUserWithWrite = new Credentials(uniqNames[1], new PasswordToken(uniqNames[1]));
    Credentials regUserWithAlter = new Credentials(uniqNames[2], new PasswordToken(uniqNames[2]));
    String tableId;
    try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) {
        SecurityOperations rootSecOps = client.securityOperations();
        rootSecOps.createLocalUser(regUserWithWrite.getPrincipal(), (PasswordToken) regUserWithWrite.getToken());
        rootSecOps.createLocalUser(regUserWithAlter.getPrincipal(), (PasswordToken) regUserWithAlter.getToken());
        client.tableOperations().create(tableName);
        rootSecOps.grantTablePermission(regUserWithWrite.getPrincipal(), tableName, TablePermission.WRITE);
        rootSecOps.grantTablePermission(regUserWithAlter.getPrincipal(), tableName, TablePermission.ALTER_TABLE);
        tableId = client.tableOperations().tableIdMap().get(tableName);
    }
    op = user -> client -> client.initiateFlush(null, user, tableId);
    expectPermissionDenied(op, regularUser);
    // privileged users can grant themselves permission, but it's not default
    expectPermissionDenied(op, privilegedUser);
    expectPermissionSuccess(op, regUserWithWrite);
    expectPermissionSuccess(op, regUserWithAlter);
    // root user can because they created the table
    expectPermissionSuccess(op, rootUser);
}