use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class ManagerClientServiceHandler method initiateFlush.
@Override
public long initiateFlush(TInfo tinfo, TCredentials c, String tableIdStr) throws ThriftSecurityException, ThriftTableOperationException {
TableId tableId = TableId.of(tableIdStr);
NamespaceId namespaceId = getNamespaceIdFromTableId(TableOperation.FLUSH, tableId);
if (!manager.security.canFlush(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
String zTablePath = Constants.ZROOT + "/" + manager.getInstanceID() + Constants.ZTABLES + "/" + tableId + Constants.ZTABLE_FLUSH_ID;
ZooReaderWriter zoo = manager.getContext().getZooReaderWriter();
byte[] fid;
try {
fid = zoo.mutateExisting(zTablePath, currentValue -> {
long flushID = Long.parseLong(new String(currentValue, UTF_8));
return Long.toString(flushID + 1).getBytes(UTF_8);
});
} catch (NoNodeException nne) {
throw new ThriftTableOperationException(tableId.canonical(), null, TableOperation.FLUSH, TableOperationExceptionType.NOTFOUND, null);
} catch (Exception e) {
Manager.log.warn("{}", e.getMessage(), e);
throw new ThriftTableOperationException(tableId.canonical(), null, TableOperation.FLUSH, TableOperationExceptionType.OTHER, null);
}
return Long.parseLong(new String(fid));
}
use of org.apache.accumulo.core.securityImpl.thrift.TCredentials in project accumulo by apache.
the class ThriftClientHandler method startMultiScan.
@Override
public InitialMultiScan startMultiScan(TInfo tinfo, TCredentials credentials, Map<TKeyExtent, List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList, Map<String, Map<String, String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, TSamplerConfiguration tSamplerConfig, long batchTimeOut, String contextArg, Map<String, String> executionHints) throws ThriftSecurityException, TSampleNotPresentException {
// find all of the tables that need to be scanned
final HashSet<TableId> tables = new HashSet<>();
for (TKeyExtent keyExtent : tbatch.keySet()) {
tables.add(TableId.of(new String(keyExtent.getTable(), UTF_8)));
}
if (tables.size() != 1) {
throw new IllegalArgumentException("Cannot batch scan over multiple tables");
}
// check if user has permission to the tables
for (TableId tableId : tables) {
NamespaceId namespaceId = getNamespaceId(credentials, tableId);
if (!security.canScan(credentials, tableId, namespaceId, tbatch, tcolumns, ssiList, ssio, authorizations)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
}
try {
if (!security.authenticatedUserHasAuthorizations(credentials, authorizations)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.BAD_AUTHORIZATIONS);
}
} catch (ThriftSecurityException tse) {
log.error("{} is not authorized", credentials.getPrincipal(), tse);
throw tse;
}
// @formatter:off
Map<KeyExtent, List<Range>> batch = tbatch.entrySet().stream().collect(Collectors.toMap(entry -> KeyExtent.fromThrift(entry.getKey()), entry -> entry.getValue().stream().map(Range::new).collect(Collectors.toList())));
// @formatter:on
// This is used to determine which thread pool to use
KeyExtent threadPoolExtent = batch.keySet().iterator().next();
if (waitForWrites) {
writeTracker.waitForWrites(TabletType.type(batch.keySet()));
}
Set<Column> columnSet = tcolumns.isEmpty() ? Collections.emptySet() : new HashSet<>(Collections2.transform(tcolumns, Column::new));
ScanParameters scanParams = new ScanParameters(-1, new Authorizations(authorizations), columnSet, ssiList, ssio, false, SamplerConfigurationImpl.fromThrift(tSamplerConfig), batchTimeOut, contextArg);
final MultiScanSession mss = new MultiScanSession(credentials, threadPoolExtent, batch, scanParams, executionHints);
mss.numTablets = batch.size();
for (List<Range> ranges : batch.values()) {
mss.numRanges += ranges.size();
}
long sid = server.sessionManager.createSession(mss, true);
MultiScanResult result;
try {
result = continueMultiScan(sid, mss);
} finally {
server.sessionManager.unreserveSession(sid);
}
return new InitialMultiScan(sid, result);
}
Aggregations