Example 91 with ColumnVisibility
use of org.apache.accumulo.core.security.ColumnVisibility in project accumulo by apache.
the class InsertCommand method execute.
@Override
public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException, TableNotFoundException, IOException, ConstraintViolationException {
shellState.checkTableState();
final Mutation m = new Mutation(new Text(cl.getArgs()[0].getBytes(Shell.CHARSET)));
final Text colf = new Text(cl.getArgs()[1].getBytes(Shell.CHARSET));
final Text colq = new Text(cl.getArgs()[2].getBytes(Shell.CHARSET));
final Value val = new Value(cl.getArgs()[3].getBytes(Shell.CHARSET));
if (cl.hasOption(insertOptAuths.getOpt())) {
final ColumnVisibility le = new ColumnVisibility(cl.getOptionValue(insertOptAuths.getOpt()));
Shell.log.debug("Authorization label will be set to: " + le.toString());
if (cl.hasOption(timestampOpt.getOpt()))
m.put(colf, colq, le, Long.parseLong(cl.getOptionValue(timestampOpt.getOpt())), val);
else
m.put(colf, colq, le, val);
} else if (cl.hasOption(timestampOpt.getOpt()))
m.put(colf, colq, Long.parseLong(cl.getOptionValue(timestampOpt.getOpt())), val);
else
m.put(colf, colq, val);
final BatchWriterConfig cfg = new BatchWriterConfig().setMaxMemory(Math.max(m.estimatedMemoryUsed(), 1024)).setMaxWriteThreads(1).setTimeout(getTimeout(cl), TimeUnit.MILLISECONDS);
if (cl.hasOption(durabilityOption.getOpt())) {
String userDurability = cl.getOptionValue(durabilityOption.getOpt());
switch(userDurability) {
case "sync":
cfg.setDurability(Durability.SYNC);
break;
case "flush":
cfg.setDurability(Durability.FLUSH);
break;
case "none":
cfg.setDurability(Durability.NONE);
break;
case "log":
cfg.setDurability(Durability.NONE);
break;
default:
throw new IllegalArgumentException("Unknown durability: " + userDurability);
}
}
final BatchWriter bw = shellState.getConnector().createBatchWriter(shellState.getTableName(), cfg);
bw.addMutation(m);
try {
bw.close();
} catch (MutationsRejectedException e) {
final ArrayList<String> lines = new ArrayList<>();
if (!e.getSecurityErrorCodes().isEmpty()) {
lines.add("\tAuthorization Failures:");
}
for (Entry<TabletId, Set<SecurityErrorCode>> entry : e.getSecurityErrorCodes().entrySet()) {
lines.add("\t\t" + entry);
}
if (!e.getConstraintViolationSummaries().isEmpty()) {
lines.add("\tConstraint Failures:");
}
for (ConstraintViolationSummary cvs : e.getConstraintViolationSummaries()) {
lines.add("\t\t" + cvs.toString());
}
if (lines.size() == 0 || e.getUnknownExceptions() > 0) {
// must always print something
lines.add(" " + e.getClass().getName() + " : " + e.getMessage());
if (e.getCause() != null)
lines.add(" Caused by : " + e.getCause().getClass().getName() + " : " + e.getCause().getMessage());
}
shellState.printLines(lines.iterator(), false);
return 1;
}
return 0;
}
Also used :
SecurityErrorCode(org.apache.accumulo.core.client.security.SecurityErrorCode)
ArrayList(java.util.ArrayList)
Text(org.apache.hadoop.io.Text)
Entry(java.util.Map.Entry)
Value(org.apache.accumulo.core.data.Value)
BatchWriterConfig(org.apache.accumulo.core.client.BatchWriterConfig)
ConstraintViolationSummary(org.apache.accumulo.core.data.ConstraintViolationSummary)
Mutation(org.apache.accumulo.core.data.Mutation)
ColumnVisibility(org.apache.accumulo.core.security.ColumnVisibility)
BatchWriter(org.apache.accumulo.core.client.BatchWriter)
MutationsRejectedException(org.apache.accumulo.core.client.MutationsRejectedException)
Example 92 with ColumnVisibility
use of org.apache.accumulo.core.security.ColumnVisibility in project accumulo by apache.
the class ConditionalWriterIT method testBadColVis.
@Test
public void testBadColVis() throws Exception {
// test when a user sets a col vis in a condition that can never be seen
Connector conn = getConnector();
String tableName = getUniqueNames(1)[0];
conn.tableOperations().create(tableName);
Authorizations auths = new Authorizations("A", "B");
conn.securityOperations().changeUserAuthorizations(getAdminPrincipal(), auths);
Authorizations filteredAuths = new Authorizations("A");
ColumnVisibility cva = new ColumnVisibility("A");
ColumnVisibility cvb = new ColumnVisibility("B");
ColumnVisibility cvc = new ColumnVisibility("C");
try (ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig().setAuthorizations(filteredAuths))) {
// User has authorization, but didn't include it in the writer
ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb));
cm0.put("name", "last", cva, "doe");
cm0.put("name", "first", cva, "john");
cm0.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm0).getStatus());
ConditionalMutation cm1 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb).setValue("1"));
cm1.put("name", "last", cva, "doe");
cm1.put("name", "first", cva, "john");
cm1.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm1).getStatus());
// User does not have the authorization
ConditionalMutation cm2 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvc));
cm2.put("name", "last", cva, "doe");
cm2.put("name", "first", cva, "john");
cm2.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm2).getStatus());
ConditionalMutation cm3 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvc).setValue("1"));
cm3.put("name", "last", cva, "doe");
cm3.put("name", "first", cva, "john");
cm3.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm3).getStatus());
// if any visibility is bad, good visibilities don't override
ConditionalMutation cm4 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb), new Condition("tx", "seq").setVisibility(cva));
cm4.put("name", "last", cva, "doe");
cm4.put("name", "first", cva, "john");
cm4.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm4).getStatus());
ConditionalMutation cm5 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb).setValue("1"), new Condition("tx", "seq").setVisibility(cva).setValue("1"));
cm5.put("name", "last", cva, "doe");
cm5.put("name", "first", cva, "john");
cm5.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm5).getStatus());
ConditionalMutation cm6 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb).setValue("1"), new Condition("tx", "seq").setVisibility(cva));
cm6.put("name", "last", cva, "doe");
cm6.put("name", "first", cva, "john");
cm6.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm6).getStatus());
ConditionalMutation cm7 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb), new Condition("tx", "seq").setVisibility(cva).setValue("1"));
cm7.put("name", "last", cva, "doe");
cm7.put("name", "first", cva, "john");
cm7.put("tx", "seq", cva, "1");
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, cw.write(cm7).getStatus());
}
// test passing auths that exceed users configured auths
Authorizations exceedingAuths = new Authorizations("A", "B", "D");
try (ConditionalWriter cw2 = conn.createConditionalWriter(tableName, new ConditionalWriterConfig().setAuthorizations(exceedingAuths))) {
ConditionalMutation cm8 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvb), new Condition("tx", "seq").setVisibility(cva).setValue("1"));
cm8.put("name", "last", cva, "doe");
cm8.put("name", "first", cva, "john");
cm8.put("tx", "seq", cva, "1");
try {
Status status = cw2.write(cm8).getStatus();
Assert.fail("Writing mutation with Authorizations the user doesn't have should fail. Got status: " + status);
} catch (AccumuloSecurityException ase) {
// expected, check specific failure?
}
}
}
Also used :
Condition(org.apache.accumulo.core.data.Condition)
Status(org.apache.accumulo.core.client.ConditionalWriter.Status)
Connector(org.apache.accumulo.core.client.Connector)
ConditionalWriter(org.apache.accumulo.core.client.ConditionalWriter)
Authorizations(org.apache.accumulo.core.security.Authorizations)
ConditionalMutation(org.apache.accumulo.core.data.ConditionalMutation)
ConditionalWriterConfig(org.apache.accumulo.core.client.ConditionalWriterConfig)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
ColumnVisibility(org.apache.accumulo.core.security.ColumnVisibility)
Test(org.junit.Test)
Example 93 with ColumnVisibility
use of org.apache.accumulo.core.security.ColumnVisibility in project accumulo by apache.
the class ConditionalWriterIT method testBatchErrors.
@Test
public void testBatchErrors() throws Exception {
Connector conn = getConnector();
String tableName = getUniqueNames(1)[0];
conn.tableOperations().create(tableName);
conn.tableOperations().addConstraint(tableName, AlphaNumKeyConstraint.class.getName());
conn.tableOperations().clone(tableName, tableName + "_clone", true, new HashMap<>(), new HashSet<>());
conn.securityOperations().changeUserAuthorizations(getAdminPrincipal(), new Authorizations("A", "B"));
ColumnVisibility cvaob = new ColumnVisibility("A|B");
ColumnVisibility cvaab = new ColumnVisibility("A&B");
switch((new Random()).nextInt(3)) {
case 1:
conn.tableOperations().addSplits(tableName, nss("6"));
break;
case 2:
conn.tableOperations().addSplits(tableName, nss("2", "95"));
break;
}
ArrayList<ConditionalMutation> mutations = new ArrayList<>();
ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq").setVisibility(cvaob));
cm0.put("name+", "last", cvaob, "doe");
cm0.put("name", "first", cvaob, "john");
cm0.put("tx", "seq", cvaob, "1");
mutations.add(cm0);
ConditionalMutation cm1 = new ConditionalMutation("59056", new Condition("tx", "seq").setVisibility(cvaab));
cm1.put("name", "last", cvaab, "doe");
cm1.put("name", "first", cvaab, "jane");
cm1.put("tx", "seq", cvaab, "1");
mutations.add(cm1);
ConditionalMutation cm2 = new ConditionalMutation("19059", new Condition("tx", "seq").setVisibility(cvaob));
cm2.put("name", "last", cvaob, "doe");
cm2.put("name", "first", cvaob, "jack");
cm2.put("tx", "seq", cvaob, "1");
mutations.add(cm2);
ConditionalMutation cm3 = new ConditionalMutation("90909", new Condition("tx", "seq").setVisibility(cvaob).setValue("1"));
cm3.put("name", "last", cvaob, "doe");
cm3.put("name", "first", cvaob, "john");
cm3.put("tx", "seq", cvaob, "2");
mutations.add(cm3);
try (ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig().setAuthorizations(new Authorizations("A")));
Scanner scanner = conn.createScanner(tableName, new Authorizations("A"))) {
Iterator<Result> results = cw.write(mutations.iterator());
HashSet<String> rows = new HashSet<>();
while (results.hasNext()) {
Result result = results.next();
String row = new String(result.getMutation().getRow());
if (row.equals("19059")) {
Assert.assertEquals(Status.ACCEPTED, result.getStatus());
} else if (row.equals("59056")) {
Assert.assertEquals(Status.INVISIBLE_VISIBILITY, result.getStatus());
} else if (row.equals("99006")) {
Assert.assertEquals(Status.VIOLATED, result.getStatus());
} else if (row.equals("90909")) {
Assert.assertEquals(Status.REJECTED, result.getStatus());
}
rows.add(row);
}
Assert.assertEquals(4, rows.size());
scanner.fetchColumn(new Text("tx"), new Text("seq"));
Entry<Key, Value> entry = Iterables.getOnlyElement(scanner);
Assert.assertEquals("1", entry.getValue().toString());
}
}
Also used :
Condition(org.apache.accumulo.core.data.Condition)
Connector(org.apache.accumulo.core.client.Connector)
IsolatedScanner(org.apache.accumulo.core.client.IsolatedScanner)
Scanner(org.apache.accumulo.core.client.Scanner)
Authorizations(org.apache.accumulo.core.security.Authorizations)
ArrayList(java.util.ArrayList)
Text(org.apache.hadoop.io.Text)
AlphaNumKeyConstraint(org.apache.accumulo.test.constraints.AlphaNumKeyConstraint)
Result(org.apache.accumulo.core.client.ConditionalWriter.Result)
ConditionalWriter(org.apache.accumulo.core.client.ConditionalWriter)
ConditionalMutation(org.apache.accumulo.core.data.ConditionalMutation)
Random(java.util.Random)
Value(org.apache.accumulo.core.data.Value)
ConditionalWriterConfig(org.apache.accumulo.core.client.ConditionalWriterConfig)
ColumnVisibility(org.apache.accumulo.core.security.ColumnVisibility)
Key(org.apache.accumulo.core.data.Key)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 94 with ColumnVisibility
use of org.apache.accumulo.core.security.ColumnVisibility in project accumulo by apache.
the class InMemoryMapMemoryUsageTest method init.
@Override
void init() {
try {
imm = new InMemoryMap(DefaultConfiguration.getInstance());
} catch (LocalityGroupConfigurationError e) {
throw new RuntimeException(e);
}
key = new Text();
colf = new Text(String.format("%0" + colFamLen + "d", 0));
colq = new Text(String.format("%0" + colQualLen + "d", 0));
colv = new ColumnVisibility(String.format("%0" + colVisLen + "d", 0));
}
Also used :
LocalityGroupConfigurationError(org.apache.accumulo.core.util.LocalityGroupUtil.LocalityGroupConfigurationError)
InMemoryMap(org.apache.accumulo.tserver.InMemoryMap)
Text(org.apache.hadoop.io.Text)
ColumnVisibility(org.apache.accumulo.core.security.ColumnVisibility)
Example 95 with ColumnVisibility
use of org.apache.accumulo.core.security.ColumnVisibility in project accumulo by apache.
the class ContinuousIngest method initVisibilities.
private static void initVisibilities(ContinuousOpts opts) throws Exception {
if (opts.visFile == null) {
visibilities = Collections.singletonList(new ColumnVisibility());
return;
}
visibilities = new ArrayList<>();
FileSystem fs = FileSystem.get(new Configuration());
BufferedReader in = new BufferedReader(new InputStreamReader(fs.open(new Path(opts.visFile)), UTF_8));
String line;
while ((line = in.readLine()) != null) {
visibilities.add(new ColumnVisibility(line));
}
in.close();
}
Also used :
Path(org.apache.hadoop.fs.Path)
Configuration(org.apache.hadoop.conf.Configuration)
InputStreamReader(java.io.InputStreamReader)
FileSystem(org.apache.hadoop.fs.FileSystem)
BufferedReader(java.io.BufferedReader)
ColumnVisibility(org.apache.accumulo.core.security.ColumnVisibility)
Aggregations
ColumnVisibility (org.apache.accumulo.core.security.ColumnVisibility)131
Mutation (org.apache.accumulo.core.data.Mutation)57
Text (org.apache.hadoop.io.Text)57
Value (org.apache.accumulo.core.data.Value)52
Key (org.apache.accumulo.core.data.Key)39
Test (org.junit.Test)37
BatchWriter (org.apache.accumulo.core.client.BatchWriter)28
BatchWriterConfig (org.apache.accumulo.core.client.BatchWriterConfig)20
Authorizations (org.apache.accumulo.core.security.Authorizations)17
ArrayList (java.util.ArrayList)16
Entry (java.util.Map.Entry)16
TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)16
Scanner (org.apache.accumulo.core.client.Scanner)14
AccumuloException (org.apache.accumulo.core.client.AccumuloException)12
MutationsRejectedException (org.apache.accumulo.core.client.MutationsRejectedException)12
Configuration (org.apache.hadoop.conf.Configuration)12
Connector (org.apache.accumulo.core.client.Connector)10
IteratorSetting (org.apache.accumulo.core.client.IteratorSetting)10
TMutation (org.apache.accumulo.core.data.thrift.TMutation)10
Element (uk.gov.gchq.gaffer.data.element.Element)9
