accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1451763 - in /accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security: ChangePass.java TableOp.java WalkingSecurity.java
Date Fri, 01 Mar 2013 23:16:41 GMT
Author: vines
Date: Fri Mar  1 23:16:41 2013
New Revision: 1451763

URL: http://svn.apache.org/r1451763
Log:
ACCUMULO-1123 - Had compensation for propogation times for uncached permissions. Authorizations
and passwords didn't have the luxury. Added in transient state for authorizations and a pause
for ChangePass to help compensate. Ideally, there would be compensation throughout the code
for the password, but the code has already become a bit of a rats nest. WalkingSecurity helped
clean it up tremendously, I should rewrite a lot of the states now that that exists to make
it simpler.


Modified:
    accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
    accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
    accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java

Modified: accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java?rev=1451763&r1=1451762&r2=1451763&view=diff
==============================================================================
--- accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
(original)
+++ accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
Fri Mar  1 23:16:41 2013
@@ -81,6 +81,8 @@ public class ChangePass extends Test {
       }
     }
     WalkingSecurity.get(state).changePassword(target, newPass);
+    // Waiting 1 second for password to propogate through Zk
+    Thread.sleep(1000);
     if (!hasPerm)
       throw new AccumuloException("Password change succeeded when it should have failed for
" + source + " changing the password for " + target + ".");
   }

Modified: accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java?rev=1451763&r1=1451762&r2=1451763&view=diff
==============================================================================
--- accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
(original)
+++ accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
Fri Mar  1 23:16:41 2013
@@ -72,6 +72,7 @@ public class TableOp extends Test {
         boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(),
tableName);
         Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
         boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(),
tp);
+        boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations();
         
         try {
           Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
@@ -81,7 +82,7 @@ public class TableOp extends Test {
             Entry<Key,Value> entry = iter.next();
             Key k = entry.getKey();
             seen++;
-            if (!auths.contains(k.getColumnVisibilityData()))
+            if (!auths.contains(k.getColumnVisibilityData()) && !ambiguousAuths)
               throw new AccumuloException("Got data I should not be capable of seeing: "
+ k + " table " + tableName);
           }
           if (!canRead && !ambiguousZone)
@@ -90,7 +91,7 @@ public class TableOp extends Test {
             if (auths.contains(entry.getKey().getBytes()))
               seen = seen - entry.getValue();
           }
-          if (seen != 0)
+          if (seen != 0 && !ambiguousAuths)
             throw new AccumuloException("Got mismatched amounts of data");
         } catch (TableNotFoundException tnfe) {
           if (tableExists)
@@ -103,6 +104,12 @@ public class TableOp extends Test {
             else
               return;
           }
+          if (ae.getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS)) {
+            if (ambiguousAuths)
+              return;
+            else
+              throw new AccumuloException("Mismatched authorizations! ", ae);
+          }
           throw new AccumuloException("Unexpected exception!", ae);
         } catch (RuntimeException re) {
           if (re.getCause() instanceof AccumuloSecurityException
@@ -112,6 +119,14 @@ public class TableOp extends Test {
             else
               return;
           }
+          if (re.getCause() instanceof AccumuloSecurityException
+              && ((AccumuloSecurityException) re.getCause()).getErrorCode().equals(SecurityErrorCode.BAD_AUTHORIZATIONS))
{
+            if (ambiguousAuths)
+              return;
+            else
+              throw new AccumuloException("Mismatched authorizations! ", re.getCause());
+          }
+          
           throw new AccumuloException("Unexpected exception!", re);
         }
         

Modified: accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java?rev=1451763&r1=1451762&r2=1451763&view=diff
==============================================================================
--- accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
(original)
+++ accumulo/branches/1.5/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
Fri Mar  1 23:16:41 2013
@@ -122,6 +122,15 @@ public class WalkingSecurity extends Sec
     return (Authorizations) state.get(user + "_auths");
   }
   
+  public boolean ambiguousAuthorizations() {
+    Long setTime = state.getLong("Auths-" + userName + '-' + "time");
+    if (setTime == null)
+      throw new RuntimeException("WTF? Auths-" + userName + '-' + "time is null");
+    if (System.currentTimeMillis() < (setTime + 1000))
+      return true;
+    return false;
+  }
+  
   @Override
   public void initUser(String user) throws AccumuloSecurityException {
     changeAuthorizations(user, new Authorizations());



Mime
View raw message