Example 21 with ThriftSecurityException
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class ThriftClientHandler method bulkImport.
@Override
public List<TKeyExtent> bulkImport(TInfo tinfo, TCredentials credentials, final long tid, final Map<TKeyExtent, Map<String, MapFileInfo>> files, final boolean setTime) throws ThriftSecurityException {
if (!security.canPerformSystemActions(credentials)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
try {
return transactionWatcher.run(Constants.BULK_ARBITRATOR_TYPE, tid, () -> {
List<TKeyExtent> failures = new ArrayList<>();
for (Entry<TKeyExtent, Map<String, MapFileInfo>> entry : files.entrySet()) {
TKeyExtent tke = entry.getKey();
Map<String, MapFileInfo> fileMap = entry.getValue();
Map<TabletFile, MapFileInfo> fileRefMap = new HashMap<>();
for (Entry<String, MapFileInfo> mapping : fileMap.entrySet()) {
Path path = new Path(mapping.getKey());
FileSystem ns = context.getVolumeManager().getFileSystemByPath(path);
path = ns.makeQualified(path);
fileRefMap.put(new TabletFile(path), mapping.getValue());
}
Tablet importTablet = server.getOnlineTablet(KeyExtent.fromThrift(tke));
if (importTablet == null) {
failures.add(tke);
} else {
try {
importTablet.importMapFiles(tid, fileRefMap, setTime);
} catch (IOException ioe) {
log.info("files {} not imported to {}: {}", fileMap.keySet(), KeyExtent.fromThrift(tke), ioe.getMessage());
failures.add(tke);
}
}
}
return failures;
});
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
Path(org.apache.hadoop.fs.Path)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
MapFileInfo(org.apache.accumulo.core.dataImpl.thrift.MapFileInfo)
TKeyExtent(org.apache.accumulo.core.dataImpl.thrift.TKeyExtent)
IOException(java.io.IOException)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
TooManyFilesException(org.apache.accumulo.server.fs.TooManyFilesException)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
NoSuchScanIDException(org.apache.accumulo.core.tabletserver.thrift.NoSuchScanIDException)
CancellationException(java.util.concurrent.CancellationException)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
TSampleNotPresentException(org.apache.accumulo.core.tabletserver.thrift.TSampleNotPresentException)
ConstraintViolationException(org.apache.accumulo.core.tabletserver.thrift.ConstraintViolationException)
TException(org.apache.thrift.TException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)
TimeoutException(java.util.concurrent.TimeoutException)
TabletClosedException(org.apache.accumulo.tserver.tablet.TabletClosedException)
IterationInterruptedException(org.apache.accumulo.core.iteratorsImpl.system.IterationInterruptedException)
NotServingTabletException(org.apache.accumulo.core.tabletserver.thrift.NotServingTabletException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
SampleNotPresentException(org.apache.accumulo.core.client.SampleNotPresentException)
ThriftTableOperationException(org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)
FileSystem(org.apache.hadoop.fs.FileSystem)
TabletFile(org.apache.accumulo.core.metadata.TabletFile)
Tablet(org.apache.accumulo.tserver.tablet.Tablet)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 22 with ThriftSecurityException
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class ThriftClientHandler method unloadTablet.
@Override
public void unloadTablet(TInfo tinfo, TCredentials credentials, String lock, TKeyExtent textent, TUnloadTabletGoal goal, long requestTime) {
try {
checkPermission(credentials, lock, "unloadTablet");
} catch (ThriftSecurityException e) {
log.error("Caller doesn't have permission to unload a tablet", e);
throw new RuntimeException(e);
}
KeyExtent extent = KeyExtent.fromThrift(textent);
server.resourceManager.addMigration(extent, new UnloadTabletHandler(server, extent, goal, requestTime));
}
Also used :
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
TKeyExtent(org.apache.accumulo.core.dataImpl.thrift.TKeyExtent)
KeyExtent(org.apache.accumulo.core.dataImpl.KeyExtent)
Example 23 with ThriftSecurityException
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class AuditedSecurityOperation method canScan.
@Override
public boolean canScan(TCredentials credentials, TableId tableId, NamespaceId namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
if (shouldAudit(credentials, tableId)) {
Range convertedRange = new Range(range);
List<String> convertedColumns = truncate(columns.stream().map(Column::new).collect(Collectors.toList()));
String tableName = getTableName(tableId);
try {
boolean canScan = super.canScan(credentials, tableId, namespaceId);
audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
return canScan;
} catch (ThriftSecurityException ex) {
audit(credentials, ex, CAN_SCAN_AUDIT_TEMPLATE, getAuthString(authorizations), tableId, convertedRange, convertedColumns, ssiList, ssio);
throw ex;
}
} else {
return super.canScan(credentials, tableId, namespaceId);
}
}
Also used :
Column(org.apache.accumulo.core.data.Column)
TColumn(org.apache.accumulo.core.dataImpl.thrift.TColumn)
Range(org.apache.accumulo.core.data.Range)
TRange(org.apache.accumulo.core.dataImpl.thrift.TRange)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
Example 24 with ThriftSecurityException
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class SecurityOperation method grantTablePermission.
public void grantTablePermission(TCredentials c, String user, TableId tableId, TablePermission permission, NamespaceId namespaceId) throws ThriftSecurityException {
if (!canGrantTable(c, user, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
try {
permHandle.grantTablePermission(user, tableId.canonical(), permission);
log.info("Granted table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal());
} catch (AccumuloSecurityException e) {
throw e.asThriftException();
} catch (TableNotFoundException e) {
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST);
}
}
Also used :
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
Example 25 with ThriftSecurityException
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class SecurityOperation method _hasTablePermission.
/**
* Checks if a user has a table permission<br>
* This cannot check if a system user has permission.
*
* @return true if a user exists and has permission; false otherwise
*/
protected boolean _hasTablePermission(String user, TableId table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
targetUserExists(user);
@SuppressWarnings("deprecation") TableId replicationTableId = org.apache.accumulo.core.replication.ReplicationTable.ID;
if ((table.equals(MetadataTable.ID) || table.equals(RootTable.ID) || table.equals(replicationTableId)) && permission.equals(TablePermission.READ))
return true;
try {
if (useCached)
return permHandle.hasCachedTablePermission(user, table.canonical(), permission);
return permHandle.hasTablePermission(user, table.canonical(), permission);
} catch (TableNotFoundException e) {
throw new ThriftSecurityException(user, SecurityErrorCode.TABLE_DOESNT_EXIST);
}
}
Also used :
TableId(org.apache.accumulo.core.data.TableId)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
ThriftSecurityException(org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)
Aggregations
ThriftSecurityException (org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException)61
AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)33
TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)28
TException (org.apache.thrift.TException)25
ThriftTableOperationException (org.apache.accumulo.core.clientImpl.thrift.ThriftTableOperationException)20
IOException (java.io.IOException)19
ArrayList (java.util.ArrayList)14
AccumuloException (org.apache.accumulo.core.client.AccumuloException)14
TableId (org.apache.accumulo.core.data.TableId)14
TKeyExtent (org.apache.accumulo.core.dataImpl.thrift.TKeyExtent)14
NamespaceNotFoundException (org.apache.accumulo.core.client.NamespaceNotFoundException)13
KeyExtent (org.apache.accumulo.core.dataImpl.KeyExtent)13
NamespaceId (org.apache.accumulo.core.data.NamespaceId)11
Tablet (org.apache.accumulo.tserver.tablet.Tablet)10
NoNodeException (org.apache.zookeeper.KeeperException.NoNodeException)10
HashSet (java.util.HashSet)9
NotServingTabletException (org.apache.accumulo.core.tabletserver.thrift.NotServingTabletException)9
TabletClientService (org.apache.accumulo.core.tabletserver.thrift.TabletClientService)9
HashMap (java.util.HashMap)8
Map (java.util.Map)8
