accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ctubb...@apache.org
Subject [03/50] [abbrv] Merge branch '1.5' into 1.6
Date Sat, 01 Nov 2014 04:56:57 GMT
http://git-wip-us.apache.org/repos/asf/accumulo/blob/9b20a9d4/test/src/test/java/org/apache/accumulo/test/AuditMessageIT.java
----------------------------------------------------------------------
diff --cc test/src/test/java/org/apache/accumulo/test/AuditMessageIT.java
index e44d8df,0000000..49b5d70
mode 100644,000000..100644
--- a/test/src/test/java/org/apache/accumulo/test/AuditMessageIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/AuditMessageIT.java
@@@ -1,496 -1,0 +1,496 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
 + * this work for additional information regarding copyright ownership.
 + * The ASF licenses this file to You under the Apache License, Version 2.0
 + * (the "License"); you may not use this file except in compliance with
 + * the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.accumulo.test;
 +
++import static com.google.common.base.Charsets.UTF_8;
 +import static org.junit.Assert.assertEquals;
 +import static org.junit.Assert.assertTrue;
 +
 +import java.io.File;
 +import java.io.IOException;
 +import java.util.ArrayList;
 +import java.util.Arrays;
 +import java.util.Collections;
 +import java.util.Map;
 +import java.util.Set;
 +
- import org.apache.accumulo.core.Constants;
 +import org.apache.accumulo.core.client.AccumuloException;
 +import org.apache.accumulo.core.client.AccumuloSecurityException;
 +import org.apache.accumulo.core.client.BatchScanner;
 +import org.apache.accumulo.core.client.BatchWriter;
 +import org.apache.accumulo.core.client.BatchWriterConfig;
 +import org.apache.accumulo.core.client.Connector;
 +import org.apache.accumulo.core.client.Scanner;
 +import org.apache.accumulo.core.client.TableExistsException;
 +import org.apache.accumulo.core.client.TableNotFoundException;
 +import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 +import org.apache.accumulo.core.data.Key;
 +import org.apache.accumulo.core.data.Mutation;
 +import org.apache.accumulo.core.data.Range;
 +import org.apache.accumulo.core.data.Value;
 +import org.apache.accumulo.core.security.Authorizations;
 +import org.apache.accumulo.core.security.SystemPermission;
 +import org.apache.accumulo.core.security.TablePermission;
 +import org.apache.accumulo.minicluster.impl.MiniAccumuloClusterImpl;
 +import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
 +import org.apache.accumulo.server.security.AuditedSecurityOperation;
 +import org.apache.accumulo.test.functional.ConfigurableMacIT;
 +import org.apache.commons.io.FileUtils;
 +import org.apache.commons.io.LineIterator;
 +import org.apache.hadoop.io.Text;
 +import org.junit.Before;
 +import org.junit.Test;
 +
 +/**
 + * Tests that Accumulo is outputting audit messages as expected. Since this is using MiniAccumuloCluster, it could take a while if we test everything in
 + * isolation. We test blocks of related operations, run the whole test in one MiniAccumulo instance, trying to clean up objects between each test. The
 + * MiniAccumuloClusterTest sets up the log4j stuff differently to an installed instance, instead piping everything through stdout and writing to a set location
 + * so we have to find the logs and grep the bits we need out.
 + */
 +public class AuditMessageIT extends ConfigurableMacIT {
 +
 +  private static final String AUDIT_USER_1 = "AuditUser1";
 +  private static final String AUDIT_USER_2 = "AuditUser2";
 +  private static final String PASSWORD = "password";
 +  private static final String OLD_TEST_TABLE_NAME = "apples";
 +  private static final String NEW_TEST_TABLE_NAME = "oranges";
 +  private static final String THIRD_TEST_TABLE_NAME = "pears";
 +  private static final Authorizations auths = new Authorizations("private", "public");
 +
 +  @Override
 +  public int defaultTimeoutSeconds() {
 +    return 60;
 +  }
 +
 +  @Override
 +  public void beforeClusterStart(MiniAccumuloConfigImpl cfg) throws Exception {
 +    new File(cfg.getConfDir(), "auditLog.xml").delete();
 +  }
 +
 +  // Must be static to survive Junit re-initialising the class every time.
 +  private static String lastAuditTimestamp;
 +  private Connector auditConnector;
 +  private Connector conn;
 +
 +  private static ArrayList<String> findAuditMessage(ArrayList<String> input, String pattern) {
 +    ArrayList<String> result = new ArrayList<String>();
 +    for (String s : input) {
 +      if (s.matches(".*" + pattern + ".*"))
 +        result.add(s);
 +    }
 +    return result;
 +  }
 +
 +  /**
 +   * Returns a List of Audit messages that have been grep'd out of the MiniAccumuloCluster output.
 +   *
 +   * @param stepName
 +   *          A unique name for the test being executed, to identify the System.out messages.
 +   * @return A List of the Audit messages, sorted (so in chronological order).
 +   */
 +  private ArrayList<String> getAuditMessages(String stepName) throws IOException {
 +    // ACCUMULO-3144 Make sure we give the processes enough time to flush the write buffer
 +    try {
 +      Thread.sleep(2000);
 +    } catch (InterruptedException e) {
 +      Thread.currentThread().interrupt();
 +      throw new IOException("Interrupted waiting for data to be flushed to output streams");
 +    }
 +
 +    for (MiniAccumuloClusterImpl.LogWriter lw : getCluster().getLogWriters()) {
 +      lw.flush();
 +    }
 +
 +    // Grab the audit messages
 +    System.out.println("Start of captured audit messages for step " + stepName);
 +
 +    ArrayList<String> result = new ArrayList<String>();
 +    for (File file : getCluster().getConfig().getLogDir().listFiles()) {
 +      // We want to grab the files called .out
 +      if (file.getName().contains(".out") && file.isFile() && file.canRead()) {
-         LineIterator it = FileUtils.lineIterator(file, Constants.UTF8.name());
++        LineIterator it = FileUtils.lineIterator(file, UTF_8.name());
 +        try {
 +          while (it.hasNext()) {
 +            String line = it.nextLine();
 +            if (line.matches(".* \\[" + AuditedSecurityOperation.AUDITLOG + "\\s*\\].*")) {
 +              // Only include the message if startTimestamp is null. or the message occurred after the startTimestamp value
 +              if ((lastAuditTimestamp == null) || (line.substring(0, 23).compareTo(lastAuditTimestamp) > 0))
 +                result.add(line);
 +            }
 +          }
 +        } finally {
 +          LineIterator.closeQuietly(it);
 +        }
 +      }
 +    }
 +    Collections.sort(result);
 +
 +    for (String s : result) {
 +      System.out.println(s);
 +    }
 +    System.out.println("End of captured audit messages for step " + stepName);
 +    if (result.size() > 0)
 +      lastAuditTimestamp = (result.get(result.size() - 1)).substring(0, 23);
 +
 +    return result;
 +  }
 +
 +  private void grantEverySystemPriv(Connector conn, String user) throws AccumuloSecurityException, AccumuloException {
 +    SystemPermission[] arrayOfP = new SystemPermission[] {SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE, SystemPermission.ALTER_USER,
 +        SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE, SystemPermission.DROP_USER};
 +    for (SystemPermission p : arrayOfP) {
 +      conn.securityOperations().grantSystemPermission(user, p);
 +    }
 +  }
 +
 +  @Before
 +  public void resetInstance() throws AccumuloException, AccumuloSecurityException, TableNotFoundException, IOException {
 +    conn = getConnector();
 +
 +    // I don't want to recreate the instance for every test since it will take ages.
 +    // If we run every test as non-root users, I can drop these users every test which should effectively
 +    // reset the environment.
 +
 +    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_1))
 +      conn.securityOperations().dropLocalUser(AUDIT_USER_1);
 +    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_2))
 +      conn.securityOperations().dropLocalUser(AUDIT_USER_2);
 +    if (conn.securityOperations().listLocalUsers().contains(AUDIT_USER_2))
 +      conn.securityOperations().dropLocalUser(THIRD_TEST_TABLE_NAME);
 +    if (conn.tableOperations().exists(NEW_TEST_TABLE_NAME))
 +      conn.tableOperations().delete(NEW_TEST_TABLE_NAME);
 +    if (conn.tableOperations().exists(OLD_TEST_TABLE_NAME))
 +      conn.tableOperations().delete(OLD_TEST_TABLE_NAME);
 +
 +    // This will set the lastAuditTimestamp for the first test
 +    getAuditMessages("setup");
 +
 +  }
 +
 +  @Test
 +  public void testTableOperationsAudits() throws AccumuloException, AccumuloSecurityException, TableExistsException, TableNotFoundException, IOException,
 +      InterruptedException {
 +
 +    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
 +
 +    // Connect as Audit User and do a bunch of stuff.
 +    // Testing activity begins here
 +    auditConnector = getCluster().getConnector(AUDIT_USER_1, PASSWORD);
 +    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
 +    auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
 +    Map<String,String> emptyMap = Collections.emptyMap();
 +    Set<String> emptySet = Collections.emptySet();
 +    auditConnector.tableOperations().clone(NEW_TEST_TABLE_NAME, OLD_TEST_TABLE_NAME, true, emptyMap, emptySet);
 +    auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
 +    auditConnector.tableOperations().offline(NEW_TEST_TABLE_NAME);
 +    auditConnector.tableOperations().delete(NEW_TEST_TABLE_NAME);
 +    // Testing activity ends here
 +
 +    ArrayList<String> auditMessages = getAuditMessages("testTableOperationsAudits");
 +
 +    assertEquals(1, findAuditMessage(auditMessages, "action: createTable; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: renameTable; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: cloneTable; targetTable: " + NEW_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: deleteTable; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: offlineTable; targetTable: " + NEW_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: deleteTable; targetTable: " + NEW_TEST_TABLE_NAME).size());
 +
 +  }
 +
 +  @Test
 +  public void testUserOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, InterruptedException, IOException {
 +
 +    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER);
 +    grantEverySystemPriv(conn, AUDIT_USER_1);
 +
 +    // Connect as Audit User and do a bunch of stuff.
 +    // Start testing activities here
 +    auditConnector = getCluster().getConnector(AUDIT_USER_1, PASSWORD);
 +    auditConnector.securityOperations().createLocalUser(AUDIT_USER_2, new PasswordToken(PASSWORD));
 +
 +    // It seems only root can grant stuff.
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
 +    conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
 +    auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
 +    conn.securityOperations().grantTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
 +    conn.securityOperations().revokeTablePermission(AUDIT_USER_2, NEW_TEST_TABLE_NAME, TablePermission.READ);
 +    auditConnector.securityOperations().changeLocalUserPassword(AUDIT_USER_2, new PasswordToken("anything"));
 +    auditConnector.securityOperations().changeUserAuthorizations(AUDIT_USER_2, auths);
 +    auditConnector.securityOperations().dropLocalUser(AUDIT_USER_2);
 +    // Stop testing activities here
 +
 +    ArrayList<String> auditMessages = getAuditMessages("testUserOperationsAudits");
 +
 +    assertEquals(1, findAuditMessage(auditMessages, "action: createUser; targetUser: " + AUDIT_USER_2).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "action: grantSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString() + "; targetUser: " + AUDIT_USER_2).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "action: revokeSystemPermission; permission: " + SystemPermission.ALTER_TABLE.toString() + "; targetUser: " + AUDIT_USER_2).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "action: grantTablePermission; permission: " + TablePermission.READ.toString() + "; targetTable: " + NEW_TEST_TABLE_NAME).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "action: revokeTablePermission; permission: " + TablePermission.READ.toString() + "; targetTable: " + NEW_TEST_TABLE_NAME).size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: changePassword; targetUser: " + AUDIT_USER_2 + "").size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: changeAuthorizations; targetUser: " + AUDIT_USER_2 + "; authorizations: " + auths.toString())
 +        .size());
 +    assertEquals(1, findAuditMessage(auditMessages, "action: dropUser; targetUser: " + AUDIT_USER_2).size());
 +  }
 +
 +  @Test
 +  public void testImportExportOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException,
 +      IOException, InterruptedException {
 +
 +    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
 +    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
 +    grantEverySystemPriv(conn, AUDIT_USER_1);
 +
 +    // Connect as Audit User and do a bunch of stuff.
 +    // Start testing activities here
 +    auditConnector = getCluster().getConnector(AUDIT_USER_1, PASSWORD);
 +    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
 +
 +    // Insert some play data
 +    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
 +    Mutation m = new Mutation("myRow");
 +    m.put("cf1", "cq1", "v1");
 +    m.put("cf1", "cq2", "v3");
 +    bw.addMutation(m);
 +    bw.close();
 +
 +    // Prepare to export the table
 +    File exportDir = new File(getCluster().getConfig().getDir().toString() + "/export");
 +
 +    auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
 +    auditConnector.tableOperations().exportTable(OLD_TEST_TABLE_NAME, exportDir.toString());
 +
 +    // We've exported the table metadata to the MiniAccumuloCluster root dir. Grab the .rf file path to re-import it
 +    File distCpTxt = new File(exportDir.toString() + "/distcp.txt");
 +    File importFile = null;
-     LineIterator it = FileUtils.lineIterator(distCpTxt, Constants.UTF8.name());
++    LineIterator it = FileUtils.lineIterator(distCpTxt, UTF_8.name());
 +
 +    // Just grab the first rf file, it will do for now.
 +    String filePrefix = "file:";
 +    try {
 +      while (it.hasNext() && importFile == null) {
 +        String line = it.nextLine();
 +        if (line.matches(".*\\.rf")) {
 +          importFile = new File(line.replaceFirst(filePrefix, ""));
 +        }
 +      }
 +    } finally {
 +      LineIterator.closeQuietly(it);
 +    }
 +    FileUtils.copyFileToDirectory(importFile, exportDir);
 +    auditConnector.tableOperations().importTable(NEW_TEST_TABLE_NAME, exportDir.toString());
 +
 +    // Now do a Directory (bulk) import of the same data.
 +    auditConnector.tableOperations().create(THIRD_TEST_TABLE_NAME);
 +    File failDir = new File(exportDir + "/tmp");
 +    failDir.mkdirs();
 +    auditConnector.tableOperations().importDirectory(THIRD_TEST_TABLE_NAME, exportDir.toString(), failDir.toString(), false);
 +    auditConnector.tableOperations().online(OLD_TEST_TABLE_NAME);
 +
 +    // Stop testing activities here
 +
 +    ArrayList<String> auditMessages = getAuditMessages("testImportExportOperationsAudits");
 +
 +    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME)).size());
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, "offlineTable", OLD_TEST_TABLE_NAME))
 +            .size());
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_EXPORT_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, exportDir.toString())).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            String.format(AuditedSecurityOperation.CAN_IMPORT_AUDIT_TEMPLATE, NEW_TEST_TABLE_NAME, filePrefix + exportDir.toString())).size());
 +    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE, THIRD_TEST_TABLE_NAME)).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(
 +            auditMessages,
 +            String.format(AuditedSecurityOperation.CAN_BULK_IMPORT_AUDIT_TEMPLATE, THIRD_TEST_TABLE_NAME, filePrefix + exportDir.toString(), filePrefix
 +                + failDir.toString())).size());
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, "onlineTable", OLD_TEST_TABLE_NAME))
 +            .size());
 +
 +  }
 +
 +  @Test
 +  public void testDataOperationsAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException,
 +      InterruptedException {
 +
 +    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
 +    conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM);
 +    conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths);
 +    grantEverySystemPriv(conn, AUDIT_USER_1);
 +
 +    // Connect as Audit User and do a bunch of stuff.
 +    // Start testing activities here
 +    auditConnector = getCluster().getConnector(AUDIT_USER_1, PASSWORD);
 +    auditConnector.tableOperations().create(OLD_TEST_TABLE_NAME);
 +
 +    // Insert some play data
 +    BatchWriter bw = auditConnector.createBatchWriter(OLD_TEST_TABLE_NAME, new BatchWriterConfig());
 +    Mutation m = new Mutation("myRow");
 +    m.put("cf1", "cq1", "v1");
 +    m.put("cf1", "cq2", "v3");
 +    bw.addMutation(m);
 +    bw.close();
 +
 +    // Start testing activities here
 +    // A regular scan
 +    Scanner scanner = auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths);
 +    for (Map.Entry<Key,Value> entry : scanner) {
 +      System.out.println("Scanner row: " + entry.getKey() + " " + entry.getValue());
 +    }
 +    scanner.close();
 +
 +    // A batch scan
 +    BatchScanner bs = auditConnector.createBatchScanner(OLD_TEST_TABLE_NAME, auths, 1);
 +    bs.fetchColumn(new Text("cf1"), new Text("cq1"));
 +    bs.setRanges(Arrays.asList(new Range("myRow", "myRow~")));
 +
 +    for (Map.Entry<Key,Value> entry : bs) {
 +      System.out.println("BatchScanner row: " + entry.getKey() + " " + entry.getValue());
 +    }
 +    bs.close();
 +
 +    // Delete some data.
 +    auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
 +
 +    // End of testing activities
 +
 +    ArrayList<String> auditMessages = getAuditMessages("testDataOperationsAudits");
 +    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertTrue(1 <= findAuditMessage(auditMessages, "action: scan; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CAN_DELETE_RANGE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
 +
 +  }
 +
 +  @Test
 +  public void testDeniedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException,
 +      InterruptedException {
 +
 +    // Create our user with no privs
 +    conn.securityOperations().createLocalUser(AUDIT_USER_1, new PasswordToken(PASSWORD));
 +    conn.tableOperations().create(OLD_TEST_TABLE_NAME);
 +    auditConnector = getCluster().getConnector(AUDIT_USER_1, PASSWORD);
 +
 +    // Start testing activities
 +    // We should get denied or / failed audit messages here.
 +    // We don't want the thrown exceptions to stop our tests, and we are not testing that the Exceptions are thrown.
 +
 +    try {
 +      auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      auditConnector.tableOperations().rename(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      auditConnector.tableOperations().clone(OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME, true, Collections.<String,String> emptyMap(),
 +          Collections.<String> emptySet());
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      auditConnector.tableOperations().delete(OLD_TEST_TABLE_NAME);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      auditConnector.tableOperations().offline(OLD_TEST_TABLE_NAME);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      Scanner scanner = auditConnector.createScanner(OLD_TEST_TABLE_NAME, auths);
 +      scanner.iterator().next().getKey();
 +    } catch (RuntimeException ex) {}
 +    try {
 +      auditConnector.tableOperations().deleteRows(OLD_TEST_TABLE_NAME, new Text("myRow"), new Text("myRow~"));
 +    } catch (AccumuloSecurityException ex) {}
 +
 +    // ... that will do for now.
 +    // End of testing activities
 +
 +    ArrayList<String> auditMessages = getAuditMessages("testDeniedAudits");
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_CREATE_TABLE_AUDIT_TEMPLATE, NEW_TEST_TABLE_NAME))
 +            .size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_RENAME_TABLE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_CLONE_TABLE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, NEW_TEST_TABLE_NAME)).size());
 +    assertEquals(1,
 +        findAuditMessage(auditMessages, "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_DELETE_TABLE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME))
 +            .size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, "offlineTable", OLD_TEST_TABLE_NAME))
 +            .size());
 +    assertEquals(1, findAuditMessage(auditMessages, "operation: denied;.*" + "action: scan; targetTable: " + OLD_TEST_TABLE_NAME).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            "operation: denied;.*" + String.format(AuditedSecurityOperation.CAN_DELETE_RANGE_AUDIT_TEMPLATE, OLD_TEST_TABLE_NAME, "myRow", "myRow~")).size());
 +  }
 +
 +  @Test
 +  public void testFailedAudits() throws AccumuloSecurityException, AccumuloException, TableExistsException, TableNotFoundException, IOException,
 +      InterruptedException {
 +
 +    // Start testing activities
 +    // Test that we get a few "failed" audit messages come through when we tell it to do dumb stuff
 +    // We don't want the thrown exceptions to stop our tests, and we are not testing that the Exceptions are thrown.
 +    try {
 +      conn.securityOperations().dropLocalUser(AUDIT_USER_2);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE);
 +    } catch (AccumuloSecurityException ex) {}
 +    try {
 +      conn.securityOperations().createLocalUser("root", new PasswordToken("super secret"));
 +    } catch (AccumuloSecurityException ex) {}
 +    ArrayList<String> auditMessages = getAuditMessages("testFailedAudits");
 +    // ... that will do for now.
 +    // End of testing activities
 +
 +    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.DROP_USER_AUDIT_TEMPLATE, AUDIT_USER_2)).size());
 +    assertEquals(
 +        1,
 +        findAuditMessage(auditMessages,
 +            String.format(AuditedSecurityOperation.REVOKE_SYSTEM_PERMISSION_AUDIT_TEMPLATE, SystemPermission.ALTER_TABLE, AUDIT_USER_2)).size());
 +    assertEquals(1, findAuditMessage(auditMessages, String.format(AuditedSecurityOperation.CREATE_USER_AUDIT_TEMPLATE, "root", "")).size());
 +
 +  }
 +
 +}

http://git-wip-us.apache.org/repos/asf/accumulo/blob/9b20a9d4/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
----------------------------------------------------------------------
diff --cc test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
index c1e779e,0000000..8188deb
mode 100644,000000..100644
--- a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
@@@ -1,1248 -1,0 +1,1248 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
 + * this work for additional information regarding copyright ownership.
 + * The ASF licenses this file to You under the Apache License, Version 2.0
 + * (the "License"); you may not use this file except in compliance with
 + * the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.accumulo.test;
 +
++import static com.google.common.base.Charsets.UTF_8;
 +import static org.junit.Assert.assertEquals;
 +import static org.junit.Assert.assertFalse;
 +import static org.junit.Assert.assertNotNull;
 +import static org.junit.Assert.assertNull;
 +import static org.junit.Assert.assertTrue;
 +import static org.junit.Assert.fail;
 +
 +import java.util.Arrays;
 +import java.util.Collections;
 +import java.util.EnumSet;
 +import java.util.Iterator;
 +import java.util.Map;
 +import java.util.Map.Entry;
 +import java.util.Set;
 +import java.util.SortedSet;
 +import java.util.TreeSet;
 +
- import org.apache.accumulo.core.Constants;
 +import org.apache.accumulo.core.client.AccumuloException;
 +import org.apache.accumulo.core.client.AccumuloSecurityException;
 +import org.apache.accumulo.core.client.BatchWriter;
 +import org.apache.accumulo.core.client.BatchWriterConfig;
 +import org.apache.accumulo.core.client.Connector;
 +import org.apache.accumulo.core.client.IteratorSetting;
 +import org.apache.accumulo.core.client.MutationsRejectedException;
 +import org.apache.accumulo.core.client.NamespaceExistsException;
 +import org.apache.accumulo.core.client.NamespaceNotEmptyException;
 +import org.apache.accumulo.core.client.NamespaceNotFoundException;
 +import org.apache.accumulo.core.client.Scanner;
 +import org.apache.accumulo.core.client.TableExistsException;
 +import org.apache.accumulo.core.client.TableNotFoundException;
 +import org.apache.accumulo.core.client.admin.NamespaceOperations;
 +import org.apache.accumulo.core.client.admin.TableOperations;
 +import org.apache.accumulo.core.client.impl.Namespaces;
 +import org.apache.accumulo.core.client.impl.Tables;
 +import org.apache.accumulo.core.client.impl.thrift.TableOperation;
 +import org.apache.accumulo.core.client.impl.thrift.TableOperationExceptionType;
 +import org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException;
 +import org.apache.accumulo.core.client.security.SecurityErrorCode;
 +import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 +import org.apache.accumulo.core.conf.Property;
 +import org.apache.accumulo.core.data.Key;
 +import org.apache.accumulo.core.data.Mutation;
 +import org.apache.accumulo.core.data.Range;
 +import org.apache.accumulo.core.data.Value;
 +import org.apache.accumulo.core.iterators.Filter;
 +import org.apache.accumulo.core.iterators.IteratorUtil.IteratorScope;
 +import org.apache.accumulo.core.iterators.SortedKeyValueIterator;
 +import org.apache.accumulo.core.iterators.user.VersioningIterator;
 +import org.apache.accumulo.core.metadata.MetadataTable;
 +import org.apache.accumulo.core.metadata.RootTable;
 +import org.apache.accumulo.core.security.Authorizations;
 +import org.apache.accumulo.core.security.NamespacePermission;
 +import org.apache.accumulo.core.security.SystemPermission;
 +import org.apache.accumulo.core.security.TablePermission;
 +import org.apache.accumulo.core.util.UtilWaitThread;
 +import org.apache.accumulo.examples.simple.constraints.NumericValueConstraint;
 +import org.apache.accumulo.test.functional.SimpleMacIT;
 +import org.apache.hadoop.io.Text;
 +import org.junit.After;
 +import org.junit.Before;
 +import org.junit.Test;
 +
 +public class NamespacesIT extends SimpleMacIT {
 +
 +  private Connector c;
 +  private String namespace;
 +
 +  @Override
 +  public int defaultTimeoutSeconds() {
 +    return 60;
 +  }
 +
 +  @Before
 +  public void setUpConnectorAndNamespace() throws Exception {
 +    // prepare a unique namespace and get a new root connector for each test
 +    c = getConnector();
 +    namespace = "ns_" + getUniqueNames(1)[0];
 +  }
 +
 +  @After
 +  public void swingMj├Âlnir() throws Exception {
 +    // clean up any added tables, namespaces, and users, after each test
 +    for (String t : c.tableOperations().list())
 +      if (!Tables.qualify(t).getFirst().equals(Namespaces.ACCUMULO_NAMESPACE))
 +        c.tableOperations().delete(t);
 +    assertEquals(2, c.tableOperations().list().size());
 +    for (String n : c.namespaceOperations().list())
 +      if (!n.equals(Namespaces.ACCUMULO_NAMESPACE) && !n.equals(Namespaces.DEFAULT_NAMESPACE))
 +        c.namespaceOperations().delete(n);
 +    assertEquals(2, c.namespaceOperations().list().size());
 +    for (String u : c.securityOperations().listLocalUsers())
 +      if (!"root".equals(u))
 +        c.securityOperations().dropLocalUser(u);
 +    assertEquals(1, c.securityOperations().listLocalUsers().size());
 +  }
 +
 +  @Test
 +  public void checkReservedNamespaces() throws Exception {
 +    assertEquals(c.namespaceOperations().defaultNamespace(), Namespaces.DEFAULT_NAMESPACE);
 +    assertEquals(c.namespaceOperations().systemNamespace(), Namespaces.ACCUMULO_NAMESPACE);
 +  }
 +
 +  @Test
 +  public void checkBuiltInNamespaces() throws Exception {
 +    assertTrue(c.namespaceOperations().exists(Namespaces.DEFAULT_NAMESPACE));
 +    assertTrue(c.namespaceOperations().exists(Namespaces.ACCUMULO_NAMESPACE));
 +  }
 +
 +  @Test
 +  public void createTableInDefaultNamespace() throws Exception {
 +    String tableName = "1";
 +    c.tableOperations().create(tableName);
 +    assertTrue(c.tableOperations().exists(tableName));
 +  }
 +
 +  @Test(expected = AccumuloException.class)
 +  public void createTableInAccumuloNamespace() throws Exception {
 +    String tableName = Namespaces.ACCUMULO_NAMESPACE + ".1";
 +    assertFalse(c.tableOperations().exists(tableName));
 +    c.tableOperations().create(tableName); // should fail
 +  }
 +
 +  @Test(expected = AccumuloSecurityException.class)
 +  public void deleteDefaultNamespace() throws Exception {
 +    c.namespaceOperations().delete(Namespaces.DEFAULT_NAMESPACE); // should fail
 +  }
 +
 +  @Test(expected = AccumuloSecurityException.class)
 +  public void deleteAccumuloNamespace() throws Exception {
 +    c.namespaceOperations().delete(Namespaces.ACCUMULO_NAMESPACE); // should fail
 +  }
 +
 +  @Test
 +  public void createTableInMissingNamespace() throws Exception {
 +    String t = namespace + ".1";
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t));
 +    try {
 +      c.tableOperations().create(t);
 +      fail();
 +    } catch (AccumuloException e) {
 +      assertEquals(NamespaceNotFoundException.class.getName(), e.getCause().getClass().getName());
 +      assertFalse(c.namespaceOperations().exists(namespace));
 +      assertFalse(c.tableOperations().exists(t));
 +    }
 +  }
 +
 +  @Test
 +  public void createAndDeleteNamespace() throws Exception {
 +    String t1 = namespace + ".1";
 +    String t2 = namespace + ".2";
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    try {
 +      c.namespaceOperations().delete(namespace);
 +    } catch (NamespaceNotFoundException e) {}
 +    try {
 +      c.tableOperations().delete(t1);
 +    } catch (TableNotFoundException e) {
 +      assertEquals(NamespaceNotFoundException.class.getName(), e.getCause().getClass().getName());
 +    }
 +    c.namespaceOperations().create(namespace);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    c.tableOperations().create(t1);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    c.tableOperations().create(t2);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertTrue(c.tableOperations().exists(t2));
 +    c.tableOperations().delete(t1);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertTrue(c.tableOperations().exists(t2));
 +    c.tableOperations().delete(t2);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    c.namespaceOperations().delete(namespace);
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +  }
 +
 +  @Test(expected = NamespaceNotEmptyException.class)
 +  public void deleteNonEmptyNamespace() throws Exception {
 +    String tableName1 = namespace + ".1";
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(tableName1));
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(tableName1);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.tableOperations().exists(tableName1));
 +    c.namespaceOperations().delete(namespace); // should fail
 +  }
 +
 +  @Test
 +  public void verifyPropertyInheritance() throws Exception {
 +    String t0 = "0";
 +    String t1 = namespace + ".1";
 +    String t2 = namespace + ".2";
 +
 +    String k = Property.TABLE_SCAN_MAXMEM.getKey();
 +    String v = "42K";
 +
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t1);
 +    c.tableOperations().create(t0);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertTrue(c.tableOperations().exists(t0));
 +
 +    // verify no property
 +    assertFalse(checkNamespaceHasProp(namespace, k, v));
 +    assertFalse(checkTableHasProp(t1, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(t0, k, v));
 +
 +    // set property and verify
 +    c.namespaceOperations().setProperty(namespace, k, v);
 +    assertTrue(checkNamespaceHasProp(namespace, k, v));
 +    assertTrue(checkTableHasProp(t1, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(t0, k, v));
 +
 +    // add a new table to namespace and verify
 +    assertFalse(c.tableOperations().exists(t2));
 +    c.tableOperations().create(t2);
 +    assertTrue(c.tableOperations().exists(t2));
 +    assertTrue(checkNamespaceHasProp(namespace, k, v));
 +    assertTrue(checkTableHasProp(t1, k, v));
 +    assertTrue(checkTableHasProp(t2, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(t0, k, v));
 +
 +    // remove property and verify
 +    c.namespaceOperations().removeProperty(namespace, k);
 +    assertFalse(checkNamespaceHasProp(namespace, k, v));
 +    assertFalse(checkTableHasProp(t1, k, v));
 +    assertFalse(checkTableHasProp(t2, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(t0, k, v));
 +
 +    // set property on default namespace and verify
 +    c.namespaceOperations().setProperty(Namespaces.DEFAULT_NAMESPACE, k, v);
 +    assertFalse(checkNamespaceHasProp(namespace, k, v));
 +    assertFalse(checkTableHasProp(t1, k, v));
 +    assertFalse(checkTableHasProp(t2, k, v));
 +    assertTrue(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertTrue(checkTableHasProp(t0, k, v));
 +
 +    // test that table properties override namespace properties
 +    String k2 = Property.TABLE_FILE_MAX.getKey();
 +    String v2 = "42";
 +    String table_v2 = "13";
 +
 +    // set new property on some
 +    c.namespaceOperations().setProperty(namespace, k2, v2);
 +    c.tableOperations().setProperty(t2, k2, table_v2);
 +    assertTrue(checkNamespaceHasProp(namespace, k2, v2));
 +    assertTrue(checkTableHasProp(t1, k2, v2));
 +    assertTrue(checkTableHasProp(t2, k2, table_v2));
 +
 +    c.tableOperations().delete(t1);
 +    c.tableOperations().delete(t2);
 +    c.tableOperations().delete(t0);
 +    c.namespaceOperations().delete(namespace);
 +  }
 +
 +  @Test
 +  public void verifyIteratorInheritance() throws Exception {
 +    String t1 = namespace + ".1";
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t1);
 +    String iterName = namespace + "_iter";
 +
 +    BatchWriter bw = c.createBatchWriter(t1, new BatchWriterConfig());
 +    Mutation m = new Mutation("r");
 +    m.put("a", "b", new Value("abcde".getBytes()));
 +    bw.addMutation(m);
 +    bw.flush();
 +    bw.close();
 +
 +    IteratorSetting setting = new IteratorSetting(250, iterName, SimpleFilter.class.getName());
 +
 +    // verify can see inserted entry
 +    Scanner s = c.createScanner(t1, Authorizations.EMPTY);
 +    assertTrue(s.iterator().hasNext());
 +    assertFalse(c.namespaceOperations().listIterators(namespace).containsKey(iterName));
 +    assertFalse(c.tableOperations().listIterators(t1).containsKey(iterName));
 +
 +    // verify entry is filtered out (also, verify conflict checking API)
 +    c.namespaceOperations().checkIteratorConflicts(namespace, setting, EnumSet.allOf(IteratorScope.class));
 +    c.namespaceOperations().attachIterator(namespace, setting);
 +    UtilWaitThread.sleep(2*1000);
 +    try {
 +      c.namespaceOperations().checkIteratorConflicts(namespace, setting, EnumSet.allOf(IteratorScope.class));
 +      fail();
 +    } catch (AccumuloException e) {
 +      assertEquals(IllegalArgumentException.class.getName(), e.getCause().getClass().getName());
 +    }
 +    IteratorSetting setting2 = c.namespaceOperations().getIteratorSetting(namespace, setting.getName(), IteratorScope.scan);
 +    assertEquals(setting, setting2);
 +    assertTrue(c.namespaceOperations().listIterators(namespace).containsKey(iterName));
 +    assertTrue(c.tableOperations().listIterators(t1).containsKey(iterName));
 +    s = c.createScanner(t1, Authorizations.EMPTY);
 +    assertFalse(s.iterator().hasNext());
 +
 +    // verify can see inserted entry again
 +    c.namespaceOperations().removeIterator(namespace, setting.getName(), EnumSet.allOf(IteratorScope.class));
 +    UtilWaitThread.sleep(2*1000);
 +    assertFalse(c.namespaceOperations().listIterators(namespace).containsKey(iterName));
 +    assertFalse(c.tableOperations().listIterators(t1).containsKey(iterName));
 +    s = c.createScanner(t1, Authorizations.EMPTY);
 +    assertTrue(s.iterator().hasNext());
 +  }
 +
 +  @Test
 +  public void cloneTable() throws Exception {
 +    String namespace2 = namespace + "_clone";
 +    String t1 = namespace + ".1";
 +    String t2 = namespace + ".2";
 +    String t3 = namespace2 + ".2";
 +    String k1 = Property.TABLE_FILE_MAX.getKey();
 +    String k2 = Property.TABLE_FILE_REPLICATION.getKey();
 +    String k1v1 = "55";
 +    String k1v2 = "66";
 +    String k2v1 = "5";
 +    String k2v2 = "6";
 +
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t1);
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertFalse(c.namespaceOperations().exists(namespace2));
 +    assertFalse(c.tableOperations().exists(t2));
 +    assertFalse(c.tableOperations().exists(t3));
 +
 +    try {
 +      // try to clone before namespace exists
 +      c.tableOperations().clone(t1, t3, false, null, null); // should fail
 +      fail();
 +    } catch (AccumuloException e) {
 +      assertEquals(NamespaceNotFoundException.class.getName(), e.getCause().getClass().getName());
 +    }
 +
 +    // try to clone before when target tables exist
 +    c.namespaceOperations().create(namespace2);
 +    c.tableOperations().create(t2);
 +    c.tableOperations().create(t3);
 +    for (String t : Arrays.asList(t2, t3)) {
 +      try {
 +        c.tableOperations().clone(t1, t, false, null, null); // should fail
 +        fail();
 +      } catch (TableExistsException e) {
 +        c.tableOperations().delete(t);
 +      }
 +    }
 +
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertTrue(c.namespaceOperations().exists(namespace2));
 +    assertFalse(c.tableOperations().exists(t2));
 +    assertFalse(c.tableOperations().exists(t3));
 +
 +    // set property with different values in two namespaces and a separate property with different values on the table and both namespaces
 +    assertFalse(checkNamespaceHasProp(namespace, k1, k1v1));
 +    assertFalse(checkNamespaceHasProp(namespace2, k1, k1v2));
 +    assertFalse(checkTableHasProp(t1, k1, k1v1));
 +    assertFalse(checkTableHasProp(t1, k1, k1v2));
 +    assertFalse(checkNamespaceHasProp(namespace, k2, k2v1));
 +    assertFalse(checkNamespaceHasProp(namespace2, k2, k2v1));
 +    assertFalse(checkTableHasProp(t1, k2, k2v1));
 +    assertFalse(checkTableHasProp(t1, k2, k2v2));
 +    c.namespaceOperations().setProperty(namespace, k1, k1v1);
 +    c.namespaceOperations().setProperty(namespace2, k1, k1v2);
 +    c.namespaceOperations().setProperty(namespace, k2, k2v1);
 +    c.namespaceOperations().setProperty(namespace2, k2, k2v1);
 +    c.tableOperations().setProperty(t1, k2, k2v2);
 +    assertTrue(checkNamespaceHasProp(namespace, k1, k1v1));
 +    assertTrue(checkNamespaceHasProp(namespace2, k1, k1v2));
 +    assertTrue(checkTableHasProp(t1, k1, k1v1));
 +    assertFalse(checkTableHasProp(t1, k1, k1v2));
 +    assertTrue(checkNamespaceHasProp(namespace, k2, k2v1));
 +    assertTrue(checkNamespaceHasProp(namespace2, k2, k2v1));
 +    assertFalse(checkTableHasProp(t1, k2, k2v1));
 +    assertTrue(checkTableHasProp(t1, k2, k2v2));
 +
 +    // clone twice, once in same namespace, once in another
 +    for (String t : Arrays.asList(t2, t3))
 +      c.tableOperations().clone(t1, t, false, null, null);
 +
 +    assertTrue(c.namespaceOperations().exists(namespace2));
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertTrue(c.tableOperations().exists(t2));
 +    assertTrue(c.tableOperations().exists(t3));
 +
 +    // verify the properties got transferred
 +    assertTrue(checkTableHasProp(t1, k1, k1v1));
 +    assertTrue(checkTableHasProp(t2, k1, k1v1));
 +    assertTrue(checkTableHasProp(t3, k1, k1v2));
 +    assertTrue(checkTableHasProp(t1, k2, k2v2));
 +    assertTrue(checkTableHasProp(t2, k2, k2v2));
 +    assertTrue(checkTableHasProp(t3, k2, k2v2));
 +  }
 +
 +  @Test
 +  public void renameNamespaceWithTable() throws Exception {
 +    String namespace2 = namespace + "_renamed";
 +    String t1 = namespace + ".t";
 +    String t2 = namespace2 + ".t";
 +
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t1);
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertFalse(c.namespaceOperations().exists(namespace2));
 +    assertFalse(c.tableOperations().exists(t2));
 +
 +    String namespaceId = c.namespaceOperations().namespaceIdMap().get(namespace);
 +    String tableId = c.tableOperations().tableIdMap().get(t1);
 +
 +    c.namespaceOperations().rename(namespace, namespace2);
 +    assertFalse(c.namespaceOperations().exists(namespace));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertTrue(c.namespaceOperations().exists(namespace2));
 +    assertTrue(c.tableOperations().exists(t2));
 +
 +    // verify id's didn't change
 +    String namespaceId2 = c.namespaceOperations().namespaceIdMap().get(namespace2);
 +    String tableId2 = c.tableOperations().tableIdMap().get(t2);
 +
 +    assertEquals(namespaceId, namespaceId2);
 +    assertEquals(tableId, tableId2);
 +  }
 +
 +  @Test
 +  public void verifyConstraintInheritance() throws Exception {
 +    String t1 = namespace + ".1";
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t1, false);
 +    String constraintClassName = NumericValueConstraint.class.getName();
 +
 +    assertFalse(c.namespaceOperations().listConstraints(namespace).containsKey(constraintClassName));
 +    assertFalse(c.tableOperations().listConstraints(t1).containsKey(constraintClassName));
 +
 +    c.namespaceOperations().addConstraint(namespace, constraintClassName);
 +    assertTrue(c.namespaceOperations().listConstraints(namespace).containsKey(constraintClassName));
 +    assertTrue(c.tableOperations().listConstraints(t1).containsKey(constraintClassName));
 +    int num = c.namespaceOperations().listConstraints(namespace).get(constraintClassName);
 +    assertEquals(num, (int) c.tableOperations().listConstraints(t1).get(constraintClassName));
 +    // doesn't take effect immediately, needs time to propagate to tserver's ZooKeeper cache
 +    UtilWaitThread.sleep(250);
 +
 +    Mutation m1 = new Mutation("r1");
 +    Mutation m2 = new Mutation("r2");
 +    Mutation m3 = new Mutation("r3");
-     m1.put("a", "b", new Value("abcde".getBytes(Constants.UTF8)));
-     m2.put("e", "f", new Value("123".getBytes(Constants.UTF8)));
-     m3.put("c", "d", new Value("zyxwv".getBytes(Constants.UTF8)));
++    m1.put("a", "b", new Value("abcde".getBytes(UTF_8)));
++    m2.put("e", "f", new Value("123".getBytes(UTF_8)));
++    m3.put("c", "d", new Value("zyxwv".getBytes(UTF_8)));
 +    BatchWriter bw = c.createBatchWriter(t1, new BatchWriterConfig());
 +    bw.addMutations(Arrays.asList(m1, m2, m3));
 +    try {
 +      bw.close();
 +      fail();
 +    } catch (MutationsRejectedException e) {
 +      assertEquals(1, e.getConstraintViolationSummaries().size());
 +      assertEquals(2, e.getConstraintViolationSummaries().get(0).getNumberOfViolatingMutations());
 +    }
 +    c.namespaceOperations().removeConstraint(namespace, num);
 +    assertFalse(c.namespaceOperations().listConstraints(namespace).containsKey(constraintClassName));
 +    assertFalse(c.tableOperations().listConstraints(t1).containsKey(constraintClassName));
 +    // doesn't take effect immediately, needs time to propagate to tserver's ZooKeeper cache
 +    UtilWaitThread.sleep(250);
 +
 +    bw = c.createBatchWriter(t1, new BatchWriterConfig());
 +    bw.addMutations(Arrays.asList(m1, m2, m3));
 +    bw.close();
 +  }
 +
 +  @Test
 +  public void renameTable() throws Exception {
 +    String namespace2 = namespace + "_renamed";
 +    String t1 = namespace + ".1";
 +    String t2 = namespace2 + ".2";
 +    String t3 = namespace + ".3";
 +    String t4 = namespace + ".4";
 +    String t5 = "5";
 +
 +    c.namespaceOperations().create(namespace);
 +    c.namespaceOperations().create(namespace2);
 +
 +    assertTrue(c.namespaceOperations().exists(namespace));
 +    assertTrue(c.namespaceOperations().exists(namespace2));
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    assertFalse(c.tableOperations().exists(t3));
 +    assertFalse(c.tableOperations().exists(t4));
 +    assertFalse(c.tableOperations().exists(t5));
 +
 +    c.tableOperations().create(t1);
 +
 +    try {
 +      c.tableOperations().rename(t1, t2);
 +      fail();
 +    } catch (AccumuloException e) {
 +      // this is expected, because we don't allow renames across namespaces
 +      assertEquals(ThriftTableOperationException.class.getName(), e.getCause().getClass().getName());
 +      assertEquals(TableOperation.RENAME, ((ThriftTableOperationException) e.getCause()).getOp());
 +      assertEquals(TableOperationExceptionType.INVALID_NAME, ((ThriftTableOperationException) e.getCause()).getType());
 +    }
 +
 +    try {
 +      c.tableOperations().rename(t1, t5);
 +      fail();
 +    } catch (AccumuloException e) {
 +      // this is expected, because we don't allow renames across namespaces
 +      assertEquals(ThriftTableOperationException.class.getName(), e.getCause().getClass().getName());
 +      assertEquals(TableOperation.RENAME, ((ThriftTableOperationException) e.getCause()).getOp());
 +      assertEquals(TableOperationExceptionType.INVALID_NAME, ((ThriftTableOperationException) e.getCause()).getType());
 +    }
 +
 +    assertTrue(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    assertFalse(c.tableOperations().exists(t3));
 +    assertFalse(c.tableOperations().exists(t4));
 +    assertFalse(c.tableOperations().exists(t5));
 +
 +    // fully qualified rename
 +    c.tableOperations().rename(t1, t3);
 +    assertFalse(c.tableOperations().exists(t1));
 +    assertFalse(c.tableOperations().exists(t2));
 +    assertTrue(c.tableOperations().exists(t3));
 +    assertFalse(c.tableOperations().exists(t4));
 +    assertFalse(c.tableOperations().exists(t5));
 +  }
 +
 +  /**
 +   * Tests new Namespace permissions as well as modifications to Table permissions because of namespaces. Checks each permission to first make sure the user
 +   * doesn't have permission to perform the action, then root grants them the permission and we check to make sure they could perform the action.
 +   */
 +  @Test
 +  public void testPermissions() throws Exception {
 +    String u1 = "u1";
 +    String u2 = "u2";
 +    PasswordToken pass = new PasswordToken("pass");
 +
 +    String n1 = namespace;
 +    String t1 = n1 + ".1";
 +    String t2 = n1 + ".2";
 +    String t3 = n1 + ".3";
 +
 +    String n2 = namespace + "_2";
 +
 +    c.namespaceOperations().create(n1);
 +    c.tableOperations().create(t1);
 +
 +    c.securityOperations().createLocalUser(u1, pass);
 +
 +    Connector user1Con = c.getInstance().getConnector(u1, pass);
 +
 +    try {
 +      user1Con.tableOperations().create(t2);
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.CREATE_TABLE);
 +    user1Con.tableOperations().create(t2);
 +    assertTrue(c.tableOperations().list().contains(t2));
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.CREATE_TABLE);
 +
 +    try {
 +      user1Con.tableOperations().delete(t1);
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.DROP_TABLE);
 +    user1Con.tableOperations().delete(t1);
 +    assertTrue(!c.tableOperations().list().contains(t1));
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.DROP_TABLE);
 +
 +    c.tableOperations().create(t3);
 +    BatchWriter bw = c.createBatchWriter(t3, null);
 +    Mutation m = new Mutation("row");
 +    m.put("cf", "cq", "value");
 +    bw.addMutation(m);
 +    bw.close();
 +
 +    Iterator<Entry<Key,Value>> i = user1Con.createScanner(t3, new Authorizations()).iterator();
 +    try {
 +      i.next();
 +      fail();
 +    } catch (RuntimeException e) {
 +      assertEquals(AccumuloSecurityException.class.getName(), e.getCause().getClass().getName());
 +      expectPermissionDenied((AccumuloSecurityException) e.getCause());
 +    }
 +
 +    m = new Mutation(u1);
 +    m.put("cf", "cq", "turtles");
 +    bw = user1Con.createBatchWriter(t3, null);
 +    try {
 +      bw.addMutation(m);
 +      bw.close();
 +      fail();
 +    } catch (MutationsRejectedException e) {
 +      assertEquals(1, e.getAuthorizationFailuresMap().size());
 +      assertEquals(1, e.getAuthorizationFailuresMap().entrySet().iterator().next().getValue().size());
 +      switch (e.getAuthorizationFailuresMap().entrySet().iterator().next().getValue().iterator().next()) {
 +        case PERMISSION_DENIED:
 +          break;
 +        default:
 +          fail();
 +      }
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.READ);
 +    i = user1Con.createScanner(t3, new Authorizations()).iterator();
 +    assertTrue(i.hasNext());
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.READ);
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.WRITE);
 +    m = new Mutation(u1);
 +    m.put("cf", "cq", "turtles");
 +    bw = user1Con.createBatchWriter(t3, null);
 +    bw.addMutation(m);
 +    bw.close();
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.WRITE);
 +
 +    try {
 +      user1Con.tableOperations().setProperty(t3, Property.TABLE_FILE_MAX.getKey(), "42");
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.ALTER_TABLE);
 +    user1Con.tableOperations().setProperty(t3, Property.TABLE_FILE_MAX.getKey(), "42");
 +    user1Con.tableOperations().removeProperty(t3, Property.TABLE_FILE_MAX.getKey());
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.ALTER_TABLE);
 +
 +    try {
 +      user1Con.namespaceOperations().setProperty(n1, Property.TABLE_FILE_MAX.getKey(), "55");
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.ALTER_NAMESPACE);
 +    user1Con.namespaceOperations().setProperty(n1, Property.TABLE_FILE_MAX.getKey(), "42");
 +    user1Con.namespaceOperations().removeProperty(n1, Property.TABLE_FILE_MAX.getKey());
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.ALTER_NAMESPACE);
 +
 +    c.securityOperations().createLocalUser(u2, pass);
 +    try {
 +      user1Con.securityOperations().grantNamespacePermission(u2, n1, NamespacePermission.ALTER_NAMESPACE);
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantNamespacePermission(u1, n1, NamespacePermission.GRANT);
 +    user1Con.securityOperations().grantNamespacePermission(u2, n1, NamespacePermission.ALTER_NAMESPACE);
 +    user1Con.securityOperations().revokeNamespacePermission(u2, n1, NamespacePermission.ALTER_NAMESPACE);
 +    c.securityOperations().revokeNamespacePermission(u1, n1, NamespacePermission.GRANT);
 +
 +    try {
 +      user1Con.namespaceOperations().create(n2);
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantSystemPermission(u1, SystemPermission.CREATE_NAMESPACE);
 +    user1Con.namespaceOperations().create(n2);
 +    c.securityOperations().revokeSystemPermission(u1, SystemPermission.CREATE_NAMESPACE);
 +
 +    c.securityOperations().revokeNamespacePermission(u1, n2, NamespacePermission.DROP_NAMESPACE);
 +    try {
 +      user1Con.namespaceOperations().delete(n2);
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantSystemPermission(u1, SystemPermission.DROP_NAMESPACE);
 +    user1Con.namespaceOperations().delete(n2);
 +    c.securityOperations().revokeSystemPermission(u1, SystemPermission.DROP_NAMESPACE);
 +
 +    try {
 +      user1Con.namespaceOperations().setProperty(n1, Property.TABLE_FILE_MAX.getKey(), "33");
 +      fail();
 +    } catch (AccumuloSecurityException e) {
 +      expectPermissionDenied(e);
 +    }
 +
 +    c.securityOperations().grantSystemPermission(u1, SystemPermission.ALTER_NAMESPACE);
 +    user1Con.namespaceOperations().setProperty(n1, Property.TABLE_FILE_MAX.getKey(), "33");
 +    user1Con.namespaceOperations().removeProperty(n1, Property.TABLE_FILE_MAX.getKey());
 +    c.securityOperations().revokeSystemPermission(u1, SystemPermission.ALTER_NAMESPACE);
 +  }
 +
 +  @Test
 +  public void verifySystemPropertyInheritance() throws Exception {
 +    String t1 = "1";
 +    String t2 = namespace + "." + t1;
 +    c.tableOperations().create(t1);
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(t2);
 +
 +    // verify iterator inheritance
 +    _verifySystemPropertyInheritance(t1, t2, Property.TABLE_ITERATOR_PREFIX.getKey() + "scan.sum", "20," + SimpleFilter.class.getName(), false);
 +
 +    // verify constraint inheritance
 +    _verifySystemPropertyInheritance(t1, t2, Property.TABLE_CONSTRAINT_PREFIX.getKey() + "42", NumericValueConstraint.class.getName(), false);
 +
 +    // verify other inheritance
 +    _verifySystemPropertyInheritance(t1, t2, Property.TABLE_LOCALITY_GROUP_PREFIX.getKey() + "dummy", "dummy", true);
 +  }
 +
 +  private void _verifySystemPropertyInheritance(String defaultNamespaceTable, String namespaceTable, String k, String v, boolean systemNamespaceShouldInherit)
 +      throws Exception {
 +    // nobody should have any of these properties yet
 +    assertFalse(c.instanceOperations().getSystemConfiguration().containsValue(v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.ACCUMULO_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(RootTable.NAME, k, v));
 +    assertFalse(checkTableHasProp(MetadataTable.NAME, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(defaultNamespaceTable, k, v));
 +    assertFalse(checkNamespaceHasProp(namespace, k, v));
 +    assertFalse(checkTableHasProp(namespaceTable, k, v));
 +
 +    // set the filter, verify that accumulo namespace is the only one unaffected
 +    c.instanceOperations().setProperty(k, v);
 +    // doesn't take effect immediately, needs time to propagate to tserver's ZooKeeper cache
 +    UtilWaitThread.sleep(250);
 +    assertTrue(c.instanceOperations().getSystemConfiguration().containsValue(v));
 +    assertEquals(systemNamespaceShouldInherit, checkNamespaceHasProp(Namespaces.ACCUMULO_NAMESPACE, k, v));
 +    assertEquals(systemNamespaceShouldInherit, checkTableHasProp(RootTable.NAME, k, v));
 +    assertEquals(systemNamespaceShouldInherit, checkTableHasProp(MetadataTable.NAME, k, v));
 +    assertTrue(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertTrue(checkTableHasProp(defaultNamespaceTable, k, v));
 +    assertTrue(checkNamespaceHasProp(namespace, k, v));
 +    assertTrue(checkTableHasProp(namespaceTable, k, v));
 +
 +    // verify it is no longer inherited
 +    c.instanceOperations().removeProperty(k);
 +    // doesn't take effect immediately, needs time to propagate to tserver's ZooKeeper cache
 +    UtilWaitThread.sleep(250);
 +    assertFalse(c.instanceOperations().getSystemConfiguration().containsValue(v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.ACCUMULO_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(RootTable.NAME, k, v));
 +    assertFalse(checkTableHasProp(MetadataTable.NAME, k, v));
 +    assertFalse(checkNamespaceHasProp(Namespaces.DEFAULT_NAMESPACE, k, v));
 +    assertFalse(checkTableHasProp(defaultNamespaceTable, k, v));
 +    assertFalse(checkNamespaceHasProp(namespace, k, v));
 +    assertFalse(checkTableHasProp(namespaceTable, k, v));
 +  }
 +
 +  @Test
 +  public void listNamespaces() throws Exception {
 +    SortedSet<String> namespaces = c.namespaceOperations().list();
 +    Map<String,String> map = c.namespaceOperations().namespaceIdMap();
 +    assertEquals(2, namespaces.size());
 +    assertEquals(2, map.size());
 +    assertTrue(namespaces.contains(Namespaces.ACCUMULO_NAMESPACE));
 +    assertTrue(namespaces.contains(Namespaces.DEFAULT_NAMESPACE));
 +    assertFalse(namespaces.contains(namespace));
 +    assertEquals(Namespaces.ACCUMULO_NAMESPACE_ID, map.get(Namespaces.ACCUMULO_NAMESPACE));
 +    assertEquals(Namespaces.DEFAULT_NAMESPACE_ID, map.get(Namespaces.DEFAULT_NAMESPACE));
 +    assertNull(map.get(namespace));
 +
 +    c.namespaceOperations().create(namespace);
 +    namespaces = c.namespaceOperations().list();
 +    map = c.namespaceOperations().namespaceIdMap();
 +    assertEquals(3, namespaces.size());
 +    assertEquals(3, map.size());
 +    assertTrue(namespaces.contains(Namespaces.ACCUMULO_NAMESPACE));
 +    assertTrue(namespaces.contains(Namespaces.DEFAULT_NAMESPACE));
 +    assertTrue(namespaces.contains(namespace));
 +    assertEquals(Namespaces.ACCUMULO_NAMESPACE_ID, map.get(Namespaces.ACCUMULO_NAMESPACE));
 +    assertEquals(Namespaces.DEFAULT_NAMESPACE_ID, map.get(Namespaces.DEFAULT_NAMESPACE));
 +    assertNotNull(map.get(namespace));
 +
 +    c.namespaceOperations().delete(namespace);
 +    namespaces = c.namespaceOperations().list();
 +    map = c.namespaceOperations().namespaceIdMap();
 +    assertEquals(2, namespaces.size());
 +    assertEquals(2, map.size());
 +    assertTrue(namespaces.contains(Namespaces.ACCUMULO_NAMESPACE));
 +    assertTrue(namespaces.contains(Namespaces.DEFAULT_NAMESPACE));
 +    assertFalse(namespaces.contains(namespace));
 +    assertEquals(Namespaces.ACCUMULO_NAMESPACE_ID, map.get(Namespaces.ACCUMULO_NAMESPACE));
 +    assertEquals(Namespaces.DEFAULT_NAMESPACE_ID, map.get(Namespaces.DEFAULT_NAMESPACE));
 +    assertNull(map.get(namespace));
 +  }
 +
 +  @Test
 +  public void loadClass() throws Exception {
 +    assertTrue(c.namespaceOperations().testClassLoad(Namespaces.DEFAULT_NAMESPACE, VersioningIterator.class.getName(), SortedKeyValueIterator.class.getName()));
 +    assertFalse(c.namespaceOperations().testClassLoad(Namespaces.DEFAULT_NAMESPACE, "dummy", SortedKeyValueIterator.class.getName()));
 +    try {
 +      c.namespaceOperations().testClassLoad(namespace, "dummy", "dummy");
 +      fail();
 +    } catch (NamespaceNotFoundException e) {}
 +  }
 +
 +  @Test
 +  public void testModifyingPermissions() throws Exception {
 +    String tableName = namespace + ".modify";
 +    c.namespaceOperations().create(namespace);
 +    c.tableOperations().create(tableName);
 +    assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
 +    c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
 +    assertFalse(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
 +    c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
 +    assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ));
 +    c.tableOperations().delete(tableName);
 +
 +    try {
 +      c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
 +    c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
 +    assertFalse(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
 +    c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
 +    assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ));
 +
 +    c.namespaceOperations().delete(namespace);
 +
 +    try {
 +      c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +    try {
 +      c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ);
 +      fail();
 +    } catch (Exception e) {
 +      if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST))
 +        throw new Exception("Has permission resulted in " + e.getClass().getName(), e);
 +    }
 +
 +  }
 +
 +  @Test
 +  public void verifyTableOperationsExceptions() throws Exception {
 +    String tableName = namespace + ".1";
 +    IteratorSetting setting = new IteratorSetting(200, VersioningIterator.class);
 +    Text a = new Text("a");
 +    Text z = new Text("z");
 +    TableOperations ops = c.tableOperations();
 +
 +    // this one doesn't throw an exception, so don't fail; just check that it works
 +    assertFalse(ops.exists(tableName));
 +
 +    // table operations that should throw an AccumuloException caused by NamespaceNotFoundException
 +    int numRun = 0;
 +    ACCUMULOEXCEPTIONS_NAMESPACENOTFOUND: for (int i = 0;; ++i)
 +      try {
 +        switch (i) {
 +          case 0:
 +            ops.create(tableName);
 +            fail();
 +          case 1:
 +            ops.create("a");
 +            ops.clone("a", tableName, true, Collections.<String,String> emptyMap(), Collections.<String> emptySet());
 +            fail();
 +          case 2:
 +            ops.importTable(tableName, System.getProperty("user.dir") + "/target");
 +            fail();
 +          default:
 +            // break out of infinite loop
 +            assertEquals(3, i); // check test integrity
 +            assertEquals(3, numRun); // check test integrity
 +            break ACCUMULOEXCEPTIONS_NAMESPACENOTFOUND;
 +        }
 +      } catch (Exception e) {
 +        numRun++;
 +        if (!(e instanceof AccumuloException) || !(e.getCause() instanceof NamespaceNotFoundException))
 +          throw new Exception("Case " + i + " resulted in " + e.getClass().getName(), e);
 +      }
 +
 +    // table operations that should throw an AccumuloException caused by a TableNotFoundException caused by a NamespaceNotFoundException
 +    // these are here because we didn't declare TableNotFoundException in the API :(
 +    numRun = 0;
 +    ACCUMULOEXCEPTIONS_TABLENOTFOUND: for (int i = 0;; ++i)
 +      try {
 +        switch (i) {
 +          case 0:
 +            ops.removeConstraint(tableName, 0);
 +            fail();
 +          case 1:
 +            ops.removeProperty(tableName, "a");
 +            fail();
 +          case 2:
 +            ops.setProperty(tableName, "a", "b");
 +            fail();
 +          default:
 +            // break out of infinite loop
 +            assertEquals(3, i); // check test integrity
 +            assertEquals(3, numRun); // check test integrity
 +            break ACCUMULOEXCEPTIONS_TABLENOTFOUND;
 +        }
 +      } catch (Exception e) {
 +        numRun++;
 +        if (!(e instanceof AccumuloException) || !(e.getCause() instanceof TableNotFoundException)
 +            || !(e.getCause().getCause() instanceof NamespaceNotFoundException))
 +          throw new Exception("Case " + i + " resulted in " + e.getClass().getName(), e);
 +      }
 +
 +    // table operations that should throw a TableNotFoundException caused by NamespaceNotFoundException
 +    numRun = 0;
 +    TABLENOTFOUNDEXCEPTIONS: for (int i = 0;; ++i)
 +      try {
 +        switch (i) {
 +          case 0:
 +            ops.addConstraint(tableName, NumericValueConstraint.class.getName());
 +            fail();
 +          case 1:
 +            ops.addSplits(tableName, new TreeSet<Text>());
 +            fail();
 +          case 2:
 +            ops.attachIterator(tableName, setting);
 +            fail();
 +          case 3:
 +            ops.cancelCompaction(tableName);
 +            fail();
 +          case 4:
 +            ops.checkIteratorConflicts(tableName, setting, EnumSet.allOf(IteratorScope.class));
 +            fail();
 +          case 5:
 +            ops.clearLocatorCache(tableName);
 +            fail();
 +          case 6:
 +            ops.clone(tableName, "2", true, Collections.<String,String> emptyMap(), Collections.<String> emptySet());
 +            fail();
 +          case 7:
 +            ops.compact(tableName, a, z, true, true);
 +            fail();
 +          case 8:
 +            ops.delete(tableName);
 +            fail();
 +          case 9:
 +            ops.deleteRows(tableName, a, z);
 +            fail();
 +          case 10:
 +            ops.splitRangeByTablets(tableName, new Range(), 10);
 +            fail();
 +          case 11:
 +            ops.exportTable(tableName, namespace + "_dir");
 +            fail();
 +          case 12:
 +            ops.flush(tableName, a, z, true);
 +            fail();
 +          case 13:
 +            ops.getDiskUsage(Collections.singleton(tableName));
 +            fail();
 +          case 14:
 +            ops.getIteratorSetting(tableName, "a", IteratorScope.scan);
 +            fail();
 +          case 15:
 +            ops.getLocalityGroups(tableName);
 +            fail();
 +          case 16:
 +            ops.getMaxRow(tableName, Authorizations.EMPTY, a, true, z, true);
 +            fail();
 +          case 17:
 +            ops.getProperties(tableName);
 +            fail();
 +          case 18:
 +            ops.importDirectory(tableName, "", "", false);
 +            fail();
 +          case 19:
 +            ops.testClassLoad(tableName, VersioningIterator.class.getName(), SortedKeyValueIterator.class.getName());
 +            fail();
 +          case 20:
 +            ops.listConstraints(tableName);
 +            fail();
 +          case 21:
 +            ops.listIterators(tableName);
 +            fail();
 +          case 22:
 +            ops.listSplits(tableName);
 +            fail();
 +          case 23:
 +            ops.merge(tableName, a, z);
 +            fail();
 +          case 24:
 +            ops.offline(tableName, true);
 +            fail();
 +          case 25:
 +            ops.online(tableName, true);
 +            fail();
 +          case 26:
 +            ops.removeIterator(tableName, "a", EnumSet.of(IteratorScope.scan));
 +            fail();
 +          case 27:
 +            ops.rename(tableName, tableName + "2");
 +            fail();
 +          case 28:
 +            ops.setLocalityGroups(tableName, Collections.<String,Set<Text>> emptyMap());
 +            fail();
 +          default:
 +            // break out of infinite loop
 +            assertEquals(29, i); // check test integrity
 +            assertEquals(29, numRun); // check test integrity
 +            break TABLENOTFOUNDEXCEPTIONS;
 +        }
 +      } catch (Exception e) {
 +        numRun++;
 +        if (!(e instanceof TableNotFoundException) || !(e.getCause() instanceof NamespaceNotFoundException))
 +          throw new Exception("Case " + i + " resulted in " + e.getClass().getName(), e);
 +      }
 +  }
 +
 +  @Test
 +  public void verifyNamespaceOperationsExceptions() throws Exception {
 +    IteratorSetting setting = new IteratorSetting(200, VersioningIterator.class);
 +    NamespaceOperations ops = c.namespaceOperations();
 +
 +    // this one doesn't throw an exception, so don't fail; just check that it works
 +    assertFalse(ops.exists(namespace));
 +
 +    // namespace operations that should throw a NamespaceNotFoundException
 +    int numRun = 0;
 +    NAMESPACENOTFOUND: for (int i = 0;; ++i)
 +      try {
 +        switch (i) {
 +          case 0:
 +            ops.addConstraint(namespace, NumericValueConstraint.class.getName());
 +            fail();
 +          case 1:
 +            ops.attachIterator(namespace, setting);
 +            fail();
 +          case 2:
 +            ops.checkIteratorConflicts(namespace, setting, EnumSet.of(IteratorScope.scan));
 +            fail();
 +          case 3:
 +            ops.delete(namespace);
 +            fail();
 +          case 4:
 +            ops.getIteratorSetting(namespace, "thing", IteratorScope.scan);
 +            fail();
 +          case 5:
 +            ops.getProperties(namespace);
 +            fail();
 +          case 6:
 +            ops.listConstraints(namespace);
 +            fail();
 +          case 7:
 +            ops.listIterators(namespace);
 +            fail();
 +          case 8:
 +            ops.removeConstraint(namespace, 1);
 +            fail();
 +          case 9:
 +            ops.removeIterator(namespace, "thing", EnumSet.allOf(IteratorScope.class));
 +            fail();
 +          case 10:
 +            ops.removeProperty(namespace, "a");
 +            fail();
 +          case 11:
 +            ops.rename(namespace, namespace + "2");
 +            fail();
 +          case 12:
 +            ops.setProperty(namespace, "k", "v");
 +            fail();
 +          case 13:
 +            ops.testClassLoad(namespace, VersioningIterator.class.getName(), SortedKeyValueIterator.class.getName());
 +            fail();
 +          default:
 +            // break out of infinite loop
 +            assertEquals(14, i); // check test integrity
 +            assertEquals(14, numRun); // check test integrity
 +            break NAMESPACENOTFOUND;
 +        }
 +      } catch (Exception e) {
 +        numRun++;
 +        if (!(e instanceof NamespaceNotFoundException))
 +          throw new Exception("Case " + i + " resulted in " + e.getClass().getName(), e);
 +      }
 +
 +    // namespace operations that should throw a NamespaceExistsException
 +    numRun = 0;
 +    NAMESPACEEXISTS: for (int i = 0;; ++i)
 +      try {
 +        switch (i) {
 +          case 0:
 +            ops.create(namespace + "0");
 +            ops.create(namespace + "0"); // should fail here
 +            fail();
 +          case 1:
 +            ops.create(namespace + i + "_1");
 +            ops.create(namespace + i + "_2");
 +            ops.rename(namespace + i + "_1", namespace + i + "_2"); // should fail here
 +            fail();
 +          case 2:
 +            ops.create(Namespaces.DEFAULT_NAMESPACE);
 +            fail();
 +          case 3:
 +            ops.create(Namespaces.ACCUMULO_NAMESPACE);
 +            fail();
 +          case 4:
 +            ops.create(namespace + i + "_1");
 +            ops.rename(namespace + i + "_1", Namespaces.DEFAULT_NAMESPACE); // should fail here
 +            fail();
 +          case 5:
 +            ops.create(namespace + i + "_1");
 +            ops.rename(namespace + i + "_1", Namespaces.ACCUMULO_NAMESPACE); // should fail here
 +            fail();
 +          default:
 +            // break out of infinite loop
 +            assertEquals(6, i); // check test integrity
 +            assertEquals(6, numRun); // check test integrity
 +            break NAMESPACEEXISTS;
 +        }
 +      } catch (Exception e) {
 +        numRun++;
 +        if (!(e instanceof NamespaceExistsException))
 +          throw new Exception("Case " + i + " resulted in " + e.getClass().getName(), e);
 +      }
 +  }
 +
 +  private boolean checkTableHasProp(String t, String propKey, String propVal) {
 +    return checkHasProperty(t, propKey, propVal, true);
 +  }
 +
 +  private boolean checkNamespaceHasProp(String n, String propKey, String propVal) {
 +    return checkHasProperty(n, propKey, propVal, false);
 +  }
 +
 +  private boolean checkHasProperty(String name, String propKey, String propVal, boolean nameIsTable) {
 +    try {
 +      Iterable<Entry<String,String>> iterable = nameIsTable ? c.tableOperations().getProperties(name) : c.namespaceOperations().getProperties(name);
 +      for (Entry<String,String> e : iterable)
 +        if (propKey.equals(e.getKey()))
 +          return propVal.equals(e.getValue());
 +      return false;
 +    } catch (Exception e) {
 +      fail();
 +      return false;
 +    }
 +  }
 +
 +  public static class SimpleFilter extends Filter {
 +    @Override
 +    public boolean accept(Key k, Value v) {
 +      if (k.getColumnFamily().toString().equals("a"))
 +        return false;
 +      return true;
 +    }
 +  }
 +
 +  private void expectPermissionDenied(AccumuloSecurityException sec) {
 +    assertEquals(sec.getSecurityErrorCode().getClass(), SecurityErrorCode.class);
 +    switch (sec.getSecurityErrorCode()) {
 +      case PERMISSION_DENIED:
 +        break;
 +      default:
 +        fail();
 +    }
 +  }
 +
 +}


Mime
View raw message