Examples with SystemPermission org.apache.accumulo.core.security.SystemPermission used on opensource projects

Search in sources :

Example 6 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKAuthorizor method initializeSecurity.

@Override
public void initializeSecurity(TCredentials itw, String rootuser) throws AccumuloSecurityException {
    IZooReaderWriter zoo = ZooReaderWriter.getInstance();
    // create the root user with all system privileges, no table privileges, and no record-level authorizations
    Set<SystemPermission> rootPerms = new TreeSet<>();
    for (SystemPermission p : SystemPermission.values()) rootPerms.add(p);
    Map<Table.ID, Set<TablePermission>> tablePerms = new HashMap<>();
    // Allow the root user to flush the metadata tables
    tablePerms.put(MetadataTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
    tablePerms.put(RootTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
    try {
        // prep parent node of users with root username
        if (!zoo.exists(ZKUserPath))
            zoo.putPersistentData(ZKUserPath, rootuser.getBytes(UTF_8), NodeExistsPolicy.FAIL);
        initUser(rootuser);
        zoo.putPersistentData(ZKUserPath + "/" + rootuser + ZKUserAuths, ZKSecurityTool.convertAuthorizations(Authorizations.EMPTY), NodeExistsPolicy.FAIL);
    } catch (KeeperException | InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) TreeSet(java.util.TreeSet) Set(java.util.Set) HashMap(java.util.HashMap) IZooReaderWriter(org.apache.accumulo.fate.zookeeper.IZooReaderWriter) TreeSet(java.util.TreeSet) KeeperException(org.apache.zookeeper.KeeperException)

Example 7 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKPermHandler method revokeSystemPermission.

@Override
public void revokeSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
    byte[] sysPermBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
    // User had no system permission, nothing to revoke.
    if (sysPermBytes == null)
        return;
    Set<SystemPermission> sysPerms = ZKSecurityTool.convertSystemPermissions(sysPermBytes);
    try {
        if (sysPerms.remove(permission)) {
            synchronized (zooCache) {
                zooCache.clear();
                ZooReaderWriter.getInstance().putPersistentData(ZKUserPath + "/" + user + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(sysPerms), NodeExistsPolicy.OVERWRITE);
            }
        }
    } catch (KeeperException e) {
        log.error("{}", e.getMessage(), e);
        throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
    } catch (InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) KeeperException(org.apache.zookeeper.KeeperException)

Example 8 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKPermHandler method initializeSecurity.

@Override
public void initializeSecurity(TCredentials itw, String rootuser) throws AccumuloSecurityException {
    IZooReaderWriter zoo = ZooReaderWriter.getInstance();
    // create the root user with all system privileges, no table privileges, and no record-level authorizations
    Set<SystemPermission> rootPerms = new TreeSet<>();
    for (SystemPermission p : SystemPermission.values()) rootPerms.add(p);
    Map<Table.ID, Set<TablePermission>> tablePerms = new HashMap<>();
    // Allow the root user to flush the system tables
    tablePerms.put(RootTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
    tablePerms.put(MetadataTable.ID, Collections.singleton(TablePermission.ALTER_TABLE));
    // essentially the same but on the system namespace, the ALTER_TABLE permission is now redundant
    Map<Namespace.ID, Set<NamespacePermission>> namespacePerms = new HashMap<>();
    namespacePerms.put(Namespace.ID.ACCUMULO, Collections.singleton(NamespacePermission.ALTER_NAMESPACE));
    namespacePerms.put(Namespace.ID.ACCUMULO, Collections.singleton(NamespacePermission.ALTER_TABLE));
    try {
        // prep parent node of users with root username
        if (!zoo.exists(ZKUserPath))
            zoo.putPersistentData(ZKUserPath, rootuser.getBytes(UTF_8), NodeExistsPolicy.FAIL);
        initUser(rootuser);
        zoo.putPersistentData(ZKUserPath + "/" + rootuser + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(rootPerms), NodeExistsPolicy.FAIL);
        for (Entry<Table.ID, Set<TablePermission>> entry : tablePerms.entrySet()) createTablePerm(rootuser, entry.getKey(), entry.getValue());
        for (Entry<Namespace.ID, Set<NamespacePermission>> entry : namespacePerms.entrySet()) createNamespacePerm(rootuser, entry.getKey(), entry.getValue());
    } catch (KeeperException | InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : TreeSet(java.util.TreeSet) Set(java.util.Set) HashMap(java.util.HashMap) SystemPermission(org.apache.accumulo.core.security.SystemPermission) IZooReaderWriter(org.apache.accumulo.fate.zookeeper.IZooReaderWriter) TreeSet(java.util.TreeSet) KeeperException(org.apache.zookeeper.KeeperException)

Example 9 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class Admin method printUserConfiguration.

private static void printUserConfiguration(Connector connector, String user, File outputDirectory) throws IOException, AccumuloException, AccumuloSecurityException {
    File userScript = new File(outputDirectory, user + USER_FILE_SUFFIX);
    FileWriter userWriter = new FileWriter(userScript);
    userWriter.write(createUserFormat.format(new String[] { user }));
    Authorizations auths = connector.securityOperations().getUserAuthorizations(user);
    userWriter.write(userAuthsFormat.format(new String[] { user, auths.toString() }));
    for (SystemPermission sp : SystemPermission.values()) {
        if (connector.securityOperations().hasSystemPermission(user, sp)) {
            userWriter.write(sysPermFormat.format(new String[] { sp.name(), user }));
        }
    }
    for (String namespace : connector.namespaceOperations().list()) {
        for (NamespacePermission np : NamespacePermission.values()) {
            if (connector.securityOperations().hasNamespacePermission(user, namespace, np)) {
                userWriter.write(nsPermFormat.format(new String[] { np.name(), namespace, user }));
            }
        }
    }
    for (String tableName : connector.tableOperations().list()) {
        for (TablePermission perm : TablePermission.values()) {
            if (connector.securityOperations().hasTablePermission(user, tableName, perm)) {
                userWriter.write(tablePermFormat.format(new String[] { perm.name(), tableName, user }));
            }
        }
    }
    userWriter.close();
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) Authorizations(org.apache.accumulo.core.security.Authorizations) FileWriter(java.io.FileWriter) TablePermission(org.apache.accumulo.core.security.TablePermission) File(java.io.File) NamespacePermission(org.apache.accumulo.core.security.NamespacePermission)

Example 10 with SystemPermission

use of org.apache.accumulo.core.security.SystemPermission in project accumulo by apache.

the class ZKPermHandler method grantSystemPermission.

@Override
public void grantSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
    try {
        byte[] permBytes = zooCache.get(ZKUserPath + "/" + user + ZKUserSysPerms);
        Set<SystemPermission> perms;
        if (permBytes == null) {
            perms = new TreeSet<>();
        } else {
            perms = ZKSecurityTool.convertSystemPermissions(permBytes);
        }
        if (perms.add(permission)) {
            synchronized (zooCache) {
                zooCache.clear();
                ZooReaderWriter.getInstance().putPersistentData(ZKUserPath + "/" + user + ZKUserSysPerms, ZKSecurityTool.convertSystemPermissions(perms), NodeExistsPolicy.OVERWRITE);
            }
        }
    } catch (KeeperException e) {
        log.error("{}", e.getMessage(), e);
        throw new AccumuloSecurityException(user, SecurityErrorCode.CONNECTION_ERROR, e);
    } catch (InterruptedException e) {
        log.error("{}", e.getMessage(), e);
        throw new RuntimeException(e);
    }
}
Also used : SystemPermission(org.apache.accumulo.core.security.SystemPermission) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) KeeperException(org.apache.zookeeper.KeeperException)

Aggregations

SystemPermission (org.apache.accumulo.core.security.SystemPermission)14 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 Connector (org.apache.accumulo.core.client.Connector)5 Test (org.junit.Test)5 File (java.io.File)4 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)4 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 TableExistsException (org.apache.accumulo.core.client.TableExistsException)4 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)4 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)4 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)4 KeeperException (org.apache.zookeeper.KeeperException)4 TreeSet (java.util.TreeSet)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 Set (java.util.Set)2 BatchWriter (org.apache.accumulo.core.client.BatchWriter)2 BatchWriterConfig (org.apache.accumulo.core.client.BatchWriterConfig)2 CompactionConfig (org.apache.accumulo.core.client.admin.CompactionConfig)2 Mutation (org.apache.accumulo.core.data.Mutation)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial