use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.
the class UserPermissionsCommand method execute.
@Override
public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException, IOException {
final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getConnector().whoami());
String delim = "";
shellState.getReader().print("System permissions: ");
for (SystemPermission p : SystemPermission.values()) {
if (p != null && shellState.getConnector().securityOperations().hasSystemPermission(user, p)) {
shellState.getReader().print(delim + "System." + p.name());
delim = ", ";
}
}
shellState.getReader().println();
boolean runOnce = true;
for (String n : shellState.getConnector().namespaceOperations().list()) {
delim = "";
for (NamespacePermission p : NamespacePermission.values()) {
if (p != null && shellState.getConnector().securityOperations().hasNamespacePermission(user, n, p)) {
if (runOnce) {
shellState.getReader().print("\nNamespace permissions (" + n + "): ");
runOnce = false;
}
shellState.getReader().print(delim + "Namespace." + p.name());
delim = ", ";
}
}
runOnce = true;
}
shellState.getReader().println();
runOnce = true;
for (String t : shellState.getConnector().tableOperations().list()) {
delim = "";
for (TablePermission p : TablePermission.values()) {
if (shellState.getConnector().securityOperations().hasTablePermission(user, t, p) && p != null) {
if (runOnce) {
shellState.getReader().print("\nTable permissions (" + t + "): ");
runOnce = false;
}
shellState.getReader().print(delim + "Table." + p.name());
delim = ", ";
}
}
runOnce = true;
}
shellState.getReader().println();
return 0;
}
use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.
the class MockSecurityOperations method grantNamespacePermission.
@Override
public void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException {
if (acu.users.get(principal) == null)
throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST);
MockNamespace mockNamespace = acu.namespaces.get(namespace);
if (mockNamespace == null)
throw new AccumuloSecurityException(namespace, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
EnumSet<NamespacePermission> perms = mockNamespace.userPermissions.get(principal);
if (perms == null)
mockNamespace.userPermissions.put(principal, EnumSet.of(permission));
else
perms.add(permission);
}
use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.
the class MockSecurityOperations method revokeNamespacePermission.
@Override
public void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException {
if (acu.users.get(principal) == null)
throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST);
MockNamespace mockNamespace = acu.namespaces.get(namespace);
if (mockNamespace == null)
throw new AccumuloSecurityException(namespace, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
EnumSet<NamespacePermission> perms = mockNamespace.userPermissions.get(principal);
if (perms != null)
perms.remove(permission);
}
use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.
the class ZKPermHandler method revokeNamespacePermission.
@Override
public void revokeNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException {
byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
// User had no namespace permission, nothing to revoke.
if (serializedPerms == null)
return;
Set<NamespacePermission> namespacePerms = ZKSecurityTool.convertNamespacePermissions(serializedPerms);
try {
if (namespacePerms.remove(permission)) {
zooCache.clear();
IZooReaderWriter zoo = ZooReaderWriter.getInstance();
if (namespacePerms.size() == 0)
zoo.recursiveDelete(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, NodeMissingPolicy.SKIP);
else
zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, ZKSecurityTool.convertNamespacePermissions(namespacePerms), NodeExistsPolicy.OVERWRITE);
}
} catch (KeeperException e) {
log.error("{}", e.getMessage(), e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
} catch (InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
}
}
use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.
the class ZKPermHandler method grantNamespacePermission.
@Override
public void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException {
Set<NamespacePermission> namespacePerms;
byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
if (serializedPerms != null)
namespacePerms = ZKSecurityTool.convertNamespacePermissions(serializedPerms);
else
namespacePerms = new TreeSet<>();
try {
if (namespacePerms.add(permission)) {
synchronized (zooCache) {
zooCache.clear(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
ZooReaderWriter.getInstance().putPersistentData(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, ZKSecurityTool.convertNamespacePermissions(namespacePerms), NodeExistsPolicy.OVERWRITE);
}
}
} catch (KeeperException e) {
log.error("{}", e.getMessage(), e);
throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
} catch (InterruptedException e) {
log.error("{}", e.getMessage(), e);
throw new RuntimeException(e);
}
}
Aggregations