Examples with ThriftSecurityException org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException used on opensource projects

Example 51 with ThriftSecurityException

use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.

the class SecurityOperation method revokeTablePermission.

public void revokeTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException {
    if (!canRevokeTable(c, user, tableId, namespaceId))
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    targetUserExists(user);
    try {
        permHandle.revokeTablePermission(user, tableId.canonical(), permission);
        log.info("Revoked table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal());
    } catch (AccumuloSecurityException e) {
        throw e.asThriftException();
    } catch (TableNotFoundException e) {
        throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
    }
}

Example 52 with ThriftSecurityException

use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.

the class ThriftClientHandler method loadFiles.

@Override
public void loadFiles(TInfo tinfo, TCredentials credentials, long tid, String dir, Map<TKeyExtent, Map<String, MapFileInfo>> tabletImports, boolean setTime) throws ThriftSecurityException {
    if (!security.canPerformSystemActions(credentials)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }
    transactionWatcher.runQuietly(Constants.BULK_ARBITRATOR_TYPE, tid, () -> {
        tabletImports.forEach((tke, fileMap) -> {
            Map<TabletFile, MapFileInfo> newFileMap = new HashMap<>();
            for (Entry<String, MapFileInfo> mapping : fileMap.entrySet()) {
                Path path = new Path(dir, mapping.getKey());
                FileSystem ns = context.getVolumeManager().getFileSystemByPath(path);
                path = ns.makeQualified(path);
                newFileMap.put(new TabletFile(path), mapping.getValue());
            }
            var files = newFileMap.keySet().stream().map(TabletFile::getPathStr).collect(toList());
            server.updateBulkImportState(files, BulkImportState.INITIAL);
            Tablet importTablet = server.getOnlineTablet(KeyExtent.fromThrift(tke));
            if (importTablet != null) {
                try {
                    server.updateBulkImportState(files, BulkImportState.PROCESSING);
                    importTablet.importMapFiles(tid, newFileMap, setTime);
                } catch (IOException ioe) {
                    log.debug("files {} not imported to {}: {}", fileMap.keySet(), KeyExtent.fromThrift(tke), ioe.getMessage());
                } finally {
                    server.removeBulkImportState(files);
                }
            }
        });
    });
}

Example 53 with ThriftSecurityException

use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.

the class ThriftClientHandler method startScan.

@Override
public InitialScan startScan(TInfo tinfo, TCredentials credentials, TKeyExtent textent, TRange range, List<TColumn> columns, int batchSize, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, boolean isolated, long readaheadThreshold, TSamplerConfiguration tSamplerConfig, long batchTimeOut, String contextArg, Map<String, String> executionHints) throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException, TSampleNotPresentException {
    TableId tableId = TableId.of(new String(textent.getTable(), UTF_8));
    NamespaceId namespaceId;
    try {
        namespaceId = server.getContext().getNamespaceId(tableId);
    } catch (TableNotFoundException e1) {
        throw new NotServingTabletException(textent);
    }
    if (!security.canScan(credentials, tableId, namespaceId, range, columns, ssiList, ssio, authorizations)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }
    if (!security.authenticatedUserHasAuthorizations(credentials, authorizations)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
    }
    final KeyExtent extent = KeyExtent.fromThrift(textent);
    // metadata
    if (waitForWrites) {
        writeTracker.waitForWrites(TabletType.type(extent));
    }
    Tablet tablet = server.getOnlineTablet(extent);
    if (tablet == null) {
        throw new NotServingTabletException(textent);
    }
    HashSet<Column> columnSet = new HashSet<>();
    for (TColumn tcolumn : columns) {
        columnSet.add(new Column(tcolumn));
    }
    ScanParameters scanParams = new ScanParameters(batchSize, new Authorizations(authorizations), columnSet, ssiList, ssio, isolated, SamplerConfigurationImpl.fromThrift(tSamplerConfig), batchTimeOut, contextArg);
    final SingleScanSession scanSession = new SingleScanSession(credentials, extent, scanParams, readaheadThreshold, executionHints);
    scanSession.scanner = tablet.createScanner(new Range(range), scanParams, scanSession.interruptFlag);
    long sid = server.sessionManager.createSession(scanSession, true);
    ScanResult scanResult;
    try {
        scanResult = continueScan(tinfo, sid, scanSession);
    } catch (NoSuchScanIDException e) {
        log.error("The impossible happened", e);
        throw new RuntimeException();
    } finally {
        server.sessionManager.unreserveSession(sid);
    }
    return new InitialScan(sid, scanResult);
}

Example 54 with ThriftSecurityException

use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.

the class ThriftClientHandler method startMultiScan.

@Override
public InitialMultiScan startMultiScan(TInfo tinfo, TCredentials credentials, Map<TKeyExtent, List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, TSamplerConfiguration tSamplerConfig, long batchTimeOut, String contextArg, Map<String, String> executionHints) throws ThriftSecurityException, TSampleNotPresentException {
    // find all of the tables that need to be scanned
    final HashSet<TableId> tables = new HashSet<>();
    for (TKeyExtent keyExtent : tbatch.keySet()) {
        tables.add(TableId.of(new String(keyExtent.getTable(), UTF_8)));
    }
    if (tables.size() != 1) {
        throw new IllegalArgumentException("Cannot batch scan over multiple tables");
    }
    // check if user has permission to the tables
    for (TableId tableId : tables) {
        NamespaceId namespaceId = getNamespaceId(credentials, tableId);
        if (!security.canScan(credentials, tableId, namespaceId, tbatch, tcolumns, ssiList, ssio, authorizations)) {
            throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
        }
    }
    try {
        if (!security.authenticatedUserHasAuthorizations(credentials, authorizations)) {
            throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
        }
    } catch (ThriftSecurityException tse) {
        log.error("{} is not authorized", credentials.getPrincipal(), tse);
        throw tse;
    }
    // @formatter:off
    Map<KeyExtent, List<Range>> batch = tbatch.entrySet().stream().collect(Collectors.toMap(entry -> KeyExtent.fromThrift(entry.getKey()), entry -> entry.getValue().stream().map(Range::new).collect(Collectors.toList())));
    // @formatter:on
    // This is used to determine which thread pool to use
    KeyExtent threadPoolExtent = batch.keySet().iterator().next();
    if (waitForWrites) {
        writeTracker.waitForWrites(TabletType.type(batch.keySet()));
    }
    Set<Column> columnSet = tcolumns.isEmpty() ? Collections.emptySet() : new HashSet<>(Collections2.transform(tcolumns, Column::new));
    ScanParameters scanParams = new ScanParameters(-1, new Authorizations(authorizations), columnSet, ssiList, ssio, false, SamplerConfigurationImpl.fromThrift(tSamplerConfig), batchTimeOut, contextArg);
    final MultiScanSession mss = new MultiScanSession(credentials, threadPoolExtent, batch, scanParams, executionHints);
    mss.numTablets = batch.size();
    for (List<Range> ranges : batch.values()) {
        mss.numRanges += ranges.size();
    }
    long sid = server.sessionManager.createSession(mss, true);
    MultiScanResult result;
    try {
        result = continueMultiScan(sid, mss);
    } finally {
        server.sessionManager.unreserveSession(sid);
    }
    return new InitialMultiScan(sid, result);
}

Example 55 with ThriftSecurityException

use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.

the class ThriftClientHandler method getActiveCompactions.

@Override
public List<ActiveCompaction> getActiveCompactions(TInfo tinfo, TCredentials credentials) throws ThriftSecurityException, TException {
    try {
        checkPermission(credentials, null, "getActiveCompactions");
    } catch (ThriftSecurityException e) {
        log.error("Caller doesn't have permission to get active compactions", e);
        throw e;
    }
    List<CompactionInfo> compactions = FileCompactor.getRunningCompactions();
    List<ActiveCompaction> ret = new ArrayList<>(compactions.size());
    for (CompactionInfo compactionInfo : compactions) {
        ret.add(compactionInfo.toThrift());
    }
    return ret;
}