Search in sources :

Example 1 with NamespacePermission

use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.

the class UserPermissionsCommand method execute.

@Override
public int execute(final String fullCommand, final CommandLine cl, final Shell shellState) throws AccumuloException, AccumuloSecurityException, IOException {
    final String user = cl.getOptionValue(userOpt.getOpt(), shellState.getConnector().whoami());
    String delim = "";
    shellState.getReader().print("System permissions: ");
    for (SystemPermission p : SystemPermission.values()) {
        if (p != null && shellState.getConnector().securityOperations().hasSystemPermission(user, p)) {
            shellState.getReader().print(delim + "System." + p.name());
            delim = ", ";
        }
    }
    shellState.getReader().println();
    boolean runOnce = true;
    for (String n : shellState.getConnector().namespaceOperations().list()) {
        delim = "";
        for (NamespacePermission p : NamespacePermission.values()) {
            if (p != null && shellState.getConnector().securityOperations().hasNamespacePermission(user, n, p)) {
                if (runOnce) {
                    shellState.getReader().print("\nNamespace permissions (" + n + "): ");
                    runOnce = false;
                }
                shellState.getReader().print(delim + "Namespace." + p.name());
                delim = ", ";
            }
        }
        runOnce = true;
    }
    shellState.getReader().println();
    runOnce = true;
    for (String t : shellState.getConnector().tableOperations().list()) {
        delim = "";
        for (TablePermission p : TablePermission.values()) {
            if (shellState.getConnector().securityOperations().hasTablePermission(user, t, p) && p != null) {
                if (runOnce) {
                    shellState.getReader().print("\nTable permissions (" + t + "): ");
                    runOnce = false;
                }
                shellState.getReader().print(delim + "Table." + p.name());
                delim = ", ";
            }
        }
        runOnce = true;
    }
    shellState.getReader().println();
    return 0;
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) TablePermission(org.apache.accumulo.core.security.TablePermission) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission)

Example 2 with NamespacePermission

use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.

the class MockSecurityOperations method grantNamespacePermission.

@Override
public void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException {
    if (acu.users.get(principal) == null)
        throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST);
    MockNamespace mockNamespace = acu.namespaces.get(namespace);
    if (mockNamespace == null)
        throw new AccumuloSecurityException(namespace, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
    EnumSet<NamespacePermission> perms = mockNamespace.userPermissions.get(principal);
    if (perms == null)
        mockNamespace.userPermissions.put(principal, EnumSet.of(permission));
    else
        perms.add(permission);
}
Also used : AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission)

Example 3 with NamespacePermission

use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.

the class MockSecurityOperations method revokeNamespacePermission.

@Override
public void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException {
    if (acu.users.get(principal) == null)
        throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST);
    MockNamespace mockNamespace = acu.namespaces.get(namespace);
    if (mockNamespace == null)
        throw new AccumuloSecurityException(namespace, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
    EnumSet<NamespacePermission> perms = mockNamespace.userPermissions.get(principal);
    if (perms != null)
        perms.remove(permission);
}
Also used : AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission)

Example 4 with NamespacePermission

use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.

the class ZKPermHandler method revokeNamespacePermission.

@Override
public void revokeNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException {
    byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
    // User had no namespace permission, nothing to revoke.
    if (serializedPerms == null)
        return;
    Set<NamespacePermission> namespacePerms = ZKSecurityTool.convertNamespacePermissions(serializedPerms);
    try {
        if (namespacePerms.remove(permission)) {
            zooCache.clear();
            IZooReaderWriter zoo = ZooReaderWriter.getInstance();
            if (namespacePerms.size() == 0)
                zoo.recursiveDelete(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, NodeMissingPolicy.SKIP);
            else
                zoo.putPersistentData(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, ZKSecurityTool.convertNamespacePermissions(namespacePerms), NodeExistsPolicy.OVERWRITE);
        }
    } catch (KeeperException e) {
        log.error("{}", e.getMessage(), e);
        throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
    } catch (InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : IZooReaderWriter(org.apache.accumulo.fate.zookeeper.IZooReaderWriter) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission) KeeperException(org.apache.zookeeper.KeeperException)

Example 5 with NamespacePermission

use of org.apache.accumulo.core.security.NamespacePermission in project accumulo by apache.

the class ZKPermHandler method grantNamespacePermission.

@Override
public void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) throws AccumuloSecurityException {
    Set<NamespacePermission> namespacePerms;
    byte[] serializedPerms = zooCache.get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
    if (serializedPerms != null)
        namespacePerms = ZKSecurityTool.convertNamespacePermissions(serializedPerms);
    else
        namespacePerms = new TreeSet<>();
    try {
        if (namespacePerms.add(permission)) {
            synchronized (zooCache) {
                zooCache.clear(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
                ZooReaderWriter.getInstance().putPersistentData(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace, ZKSecurityTool.convertNamespacePermissions(namespacePerms), NodeExistsPolicy.OVERWRITE);
            }
        }
    } catch (KeeperException e) {
        log.error("{}", e.getMessage(), e);
        throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
    } catch (InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : TreeSet(java.util.TreeSet) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission) KeeperException(org.apache.zookeeper.KeeperException)

Aggregations

NamespacePermission (org.apache.accumulo.core.security.NamespacePermission)8 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)5 SystemPermission (org.apache.accumulo.core.security.SystemPermission)2 TablePermission (org.apache.accumulo.core.security.TablePermission)2 KeeperException (org.apache.zookeeper.KeeperException)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 DataOutputStream (java.io.DataOutputStream)1 File (java.io.File)1 FileWriter (java.io.FileWriter)1 IOException (java.io.IOException)1 TreeSet (java.util.TreeSet)1 Authorizations (org.apache.accumulo.core.security.Authorizations)1 IZooReaderWriter (org.apache.accumulo.fate.zookeeper.IZooReaderWriter)1