accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ctubb...@apache.org
Subject [13/50] [abbrv] git commit: ACCUMULO-1479 implemented most of Table Namespace Permissions, doesnt entirely work, not well tested
Date Wed, 04 Dec 2013 23:58:05 GMT
ACCUMULO-1479 implemented most of Table Namespace Permissions, doesnt entirely work, not well
tested


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/dfdf5113
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/dfdf5113
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/dfdf5113

Branch: refs/heads/1.6.0-SNAPSHOT
Commit: dfdf5113837d79ef9f21a5a64de0a3750611b5c8
Parents: 45f59ca
Author: Sean Hickey <tallirishllama@gmail.com>
Authored: Thu Aug 1 14:16:19 2013 -0400
Committer: Christopher Tubbs <ctubbsii@apache.org>
Committed: Wed Dec 4 18:46:10 2013 -0500

----------------------------------------------------------------------
 .../core/client/admin/SecurityOperations.java   |   50 +
 .../client/admin/SecurityOperationsImpl.java    |   36 +
 .../core/client/impl/thrift/ClientService.java  | 5009 ++++++++++++++++--
 .../client/impl/thrift/SecurityErrorCode.java   |    5 +-
 .../accumulo/core/client/mock/MockAccumulo.java |    3 +-
 .../client/mock/MockSecurityOperations.java     |   39 +
 .../core/client/mock/MockTableNamespace.java    |    4 +-
 .../core/client/security/SecurityErrorCode.java |    3 +-
 .../core/security/SystemPermission.java         |    5 +-
 .../core/security/TableNamespacePermission.java |   67 +
 .../core/util/shell/commands/GrantCommand.java  |   19 +-
 .../core/util/shell/commands/RevokeCommand.java |   19 +-
 .../shell/commands/UserPermissionsCommand.java  |   20 +-
 core/src/main/thrift/client.thrift              |   12 +-
 .../server/client/ClientServiceHandler.java     |   22 +
 .../server/security/SecurityOperation.java      |  191 +-
 .../security/handler/InsecurePermHandler.java   |   31 +
 .../security/handler/PermissionHandler.java     |   28 +
 .../server/security/handler/ZKPermHandler.java  |  127 +
 .../server/security/handler/ZKSecurityTool.java |   21 +
 .../randomwalk/security/WalkingSecurity.java    |   51 +
 .../apache/accumulo/test/TableNamespacesIT.java |   37 +-
 22 files changed, 5301 insertions(+), 498 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/dfdf5113/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
index 86a3ff2..8a93efa 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperations.java
@@ -24,6 +24,7 @@ import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TableNamespacePermission;
 import org.apache.accumulo.core.security.TablePermission;
 
 /**
@@ -216,6 +217,23 @@ public interface SecurityOperations {
   public boolean hasTablePermission(String principal, String table, TablePermission perm)
throws AccumuloException, AccumuloSecurityException;
   
   /**
+   * Verify the user has a particular table namespace permission
+   * 
+   * @param principal
+   *          the name of the user to query
+   * @param tableNamespace
+   *          the name of the table namespace to query about
+   * @param perm
+   *          the table namespace permission to check for
+   * @return true if user has that permission; false otherwise
+   * @throws AccumuloException
+   *           if a general error occurs
+   * @throws AccumuloSecurityException
+   *           if the user does not have permission to query a user
+   */
+  public boolean hasTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission
perm) throws AccumuloException, AccumuloSecurityException;
+  
+  /**
    * Grant a user a system permission
    * 
    * @param principal
@@ -246,6 +264,22 @@ public interface SecurityOperations {
   public void grantTablePermission(String principal, String table, TablePermission permission)
throws AccumuloException, AccumuloSecurityException;
   
   /**
+   * Grant a user a specific permission for a specific table namespace
+   * 
+   * @param principal
+   *          the name of the user to modify
+   * @param tableNamespace
+   *          the name of the table namespace to modify for the user
+   * @param permission
+   *          the table namespace permission to grant to the user
+   * @throws AccumuloException
+   *           if a general error occurs
+   * @throws AccumuloSecurityException
+   *           if the user does not have permission to grant a user permissions
+   */
+  public void grantTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission
permission) throws AccumuloException, AccumuloSecurityException;
+  
+  /**
    * Revoke a system permission from a user
    * 
    * @param principal
@@ -276,6 +310,22 @@ public interface SecurityOperations {
   public void revokeTablePermission(String principal, String table, TablePermission permission)
throws AccumuloException, AccumuloSecurityException;
   
   /**
+   * Revoke a table namespace permission for a specific user on a specific table namespace
+   * 
+   * @param principal
+   *          the name of the user to modify
+   * @param tableNamespace
+   *          the name of the table namespace to modify for the user
+   * @param permission
+   *          the table namespace permission to revoke for the user
+   * @throws AccumuloException
+   *           if a general error occurs
+   * @throws AccumuloSecurityException
+   *           if the user does not have permission to revoke a user's permissions
+   */
+  public void revokeTableNamespacePermission(String principal, String tableNamespace, TableNamespacePermission
permission) throws AccumuloException, AccumuloSecurityException;
+  
+  /**
    * Return a list of users in accumulo
    * 
    * @return a set of user names

http://git-wip-us.apache.org/repos/asf/accumulo/blob/dfdf5113/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
index 0f0e998..107ba74 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java
@@ -35,6 +35,7 @@ import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.apache.accumulo.core.security.Authorizations;
 import org.apache.accumulo.core.security.Credentials;
 import org.apache.accumulo.core.security.SystemPermission;
+import org.apache.accumulo.core.security.TableNamespacePermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.util.ArgumentChecker;
 import org.apache.accumulo.core.util.ByteBufferUtil;
@@ -207,6 +208,17 @@ public class SecurityOperationsImpl implements SecurityOperations {
   }
   
   @Override
+  public boolean hasTableNamespacePermission(final String principal, final String tableNamespace,
final TableNamespacePermission perm) throws AccumuloException, AccumuloSecurityException {
+    ArgumentChecker.notNull(principal, tableNamespace, perm);
+    return execute(new ClientExecReturn<Boolean,ClientService.Client>() {
+      @Override
+      public Boolean execute(ClientService.Client client) throws Exception {
+        return client.hasTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance),
principal, tableNamespace, perm.getId());
+      }
+    });
+  }
+  
+  @Override
   public void grantSystemPermission(final String principal, final SystemPermission permission)
throws AccumuloException, AccumuloSecurityException {
     ArgumentChecker.notNull(principal, permission);
     execute(new ClientExec<ClientService.Client>() {
@@ -230,6 +242,18 @@ public class SecurityOperationsImpl implements SecurityOperations {
   }
   
   @Override
+  public void grantTableNamespacePermission(final String principal, final String tableNamespace,
final TableNamespacePermission permission) throws AccumuloException,
+      AccumuloSecurityException {
+    ArgumentChecker.notNull(principal, tableNamespace, permission);
+    execute(new ClientExec<ClientService.Client>() {
+      @Override
+      public void execute(ClientService.Client client) throws Exception {
+        client.grantTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance),
principal, tableNamespace, permission.getId());
+      }
+    });
+  }
+  
+  @Override
   public void revokeSystemPermission(final String principal, final SystemPermission permission)
throws AccumuloException, AccumuloSecurityException {
     ArgumentChecker.notNull(principal, permission);
     execute(new ClientExec<ClientService.Client>() {
@@ -252,6 +276,18 @@ public class SecurityOperationsImpl implements SecurityOperations {
     });
   }
   
+  @Override
+  public void revokeTableNamespacePermission(final String principal, final String tableNamespace,
final TableNamespacePermission permission) throws AccumuloException,
+      AccumuloSecurityException {
+    ArgumentChecker.notNull(principal, tableNamespace, permission);
+    execute(new ClientExec<ClientService.Client>() {
+      @Override
+      public void execute(ClientService.Client client) throws Exception {
+        client.revokeTableNamespacePermission(Tracer.traceInfo(), credentials.toThrift(instance),
principal, tableNamespace, permission.getId());
+      }
+    });
+  }
+  
   @Deprecated
   @Override
   public Set<String> listUsers() throws AccumuloException, AccumuloSecurityException
{


Mime
View raw message