accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject accumulo git commit: ACCUMULO-1680 Added deleteauths shell command to reciprocate the addauths command
Date Thu, 09 Jul 2015 21:36:19 GMT
Repository: accumulo
Updated Branches:
  refs/heads/master 8dfcbc266 -> 064f22272


ACCUMULO-1680 Added deleteauths shell command to reciprocate the addauths command

The ticket leaves an option for two commands.  The addauths commands was already added.
The ticket also suggests a transaction add/remove command using an atomic operation.
This was not done.  Not sure it is necessary.  It involves adjusting the API for the security
operations and adding
more complex code in the zookeeper interaction.

Signed-off-by: Josh Elser <elserj@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/064f2227
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/064f2227
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/064f2227

Branch: refs/heads/master
Commit: 064f2227243f0a851b9013e67d76ccb9b3918a97
Parents: 8dfcbc2
Author: Eric Robertson <rwgdrummer@gmail.com>
Authored: Tue Apr 28 20:41:23 2015 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Wed Jul 8 15:26:54 2015 -0400

----------------------------------------------------------------------
 .../java/org/apache/accumulo/shell/Shell.java   |   3 +-
 .../shell/commands/DeleteAuthsCommand.java      |  99 ++++++++++++++
 .../shell/commands/DeleteAuthsCommandTest.java  | 129 +++++++++++++++++++
 3 files changed, 230 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/064f2227/shell/src/main/java/org/apache/accumulo/shell/Shell.java
----------------------------------------------------------------------
diff --git a/shell/src/main/java/org/apache/accumulo/shell/Shell.java b/shell/src/main/java/org/apache/accumulo/shell/Shell.java
index 37856ad..90ca08e 100644
--- a/shell/src/main/java/org/apache/accumulo/shell/Shell.java
+++ b/shell/src/main/java/org/apache/accumulo/shell/Shell.java
@@ -94,6 +94,7 @@ import org.apache.accumulo.shell.commands.CreateTableCommand;
 import org.apache.accumulo.shell.commands.CreateUserCommand;
 import org.apache.accumulo.shell.commands.DUCommand;
 import org.apache.accumulo.shell.commands.DebugCommand;
+import org.apache.accumulo.shell.commands.DeleteAuthsCommand;
 import org.apache.accumulo.shell.commands.DeleteCommand;
 import org.apache.accumulo.shell.commands.DeleteIterCommand;
 import org.apache.accumulo.shell.commands.DeleteManyCommand;
@@ -402,7 +403,7 @@ public class Shell extends ShellOptions implements KeywordExecutable {
     Command[] tableControlCommands = {new AddSplitsCommand(), new CompactCommand(), new ConstraintCommand(),
new FlushCommand(), new GetGroupsCommand(),
         new GetSplitsCommand(), new MergeCommand(), new SetGroupsCommand()};
     Command[] userCommands = {new AddAuthsCommand(), new CreateUserCommand(), new DeleteUserCommand(),
new DropUserCommand(), new GetAuthsCommand(),
-        new PasswdCommand(), new SetAuthsCommand(), new UsersCommand()};
+        new PasswdCommand(), new SetAuthsCommand(), new UsersCommand(), new DeleteAuthsCommand()};
     commandGrouping.put("-- Writing, Reading, and Removing Data --", dataCommands);
     commandGrouping.put("-- Debugging Commands -------------------", debuggingCommands);
     commandGrouping.put("-- Shell Execution Commands -------------", execCommands);

http://git-wip-us.apache.org/repos/asf/accumulo/blob/064f2227/shell/src/main/java/org/apache/accumulo/shell/commands/DeleteAuthsCommand.java
----------------------------------------------------------------------
diff --git a/shell/src/main/java/org/apache/accumulo/shell/commands/DeleteAuthsCommand.java
b/shell/src/main/java/org/apache/accumulo/shell/commands/DeleteAuthsCommand.java
new file mode 100644
index 0000000..859dd57
--- /dev/null
+++ b/shell/src/main/java/org/apache/accumulo/shell/commands/DeleteAuthsCommand.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.shell.commands;
+
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.accumulo.core.client.AccumuloException;
+import org.apache.accumulo.core.client.AccumuloSecurityException;
+import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.shell.Shell;
+import org.apache.accumulo.shell.Shell.Command;
+import org.apache.accumulo.shell.ShellOptions;
+import org.apache.accumulo.shell.Token;
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.OptionGroup;
+import org.apache.commons.cli.Options;
+
+public class DeleteAuthsCommand extends Command {
+  private Option userOpt;
+  private Option scanOptAuths;
+
+  @Override
+  public int execute(final String fullCommand, final CommandLine cl, final Shell shellState)
throws AccumuloException, AccumuloSecurityException {
+    final Connector connector = shellState.getConnector();
+    final String user = cl.getOptionValue(userOpt.getOpt(), connector.whoami());
+    final String scanOpts = cl.getOptionValue(scanOptAuths.getOpt());
+
+    final Authorizations auths = connector.securityOperations().getUserAuthorizations(user);
+    final StringBuilder userAuths = new StringBuilder();
+    final String[] toBeRemovedAuths = scanOpts.split(",");
+    final Set<String> toBeRemovedSet = new HashSet<String>();
+    for (String auth : toBeRemovedAuths) {
+      toBeRemovedSet.add(auth);
+    }
+    final String[] existingAuths = auths.toString().split(",");
+    for (String auth : existingAuths) {
+      if (!toBeRemovedSet.contains(auth)) {
+        userAuths.append(auth);
+        userAuths.append(",");
+      }
+    }
+    if (userAuths.length() > 0) {
+      connector.securityOperations().changeUserAuthorizations(user, ScanCommand.parseAuthorizations(userAuths.substring(0,
userAuths.length() - 1)));
+    } else {
+      connector.securityOperations().changeUserAuthorizations(user, new Authorizations());
+    }
+
+    Shell.log.debug("Changed record-level authorizations for user " + user);
+    return 0;
+  }
+
+  @Override
+  public String description() {
+    return "remove authorizations from the maximum scan authorizations for a user";
+  }
+
+  @Override
+  public void registerCompletion(final Token root, final Map<Command.CompletionSet,Set<String>>
completionSet) {
+    registerCompletionForUsers(root, completionSet);
+  }
+
+  @Override
+  public Options getOptions() {
+    final Options o = new Options();
+    final OptionGroup setOrClear = new OptionGroup();
+    scanOptAuths = new Option("s", "scan-authorizations", true, "scan authorizations to remove");
+    scanOptAuths.setArgName("comma-separated-authorizations");
+    setOrClear.addOption(scanOptAuths);
+    setOrClear.setRequired(true);
+    o.addOptionGroup(setOrClear);
+    userOpt = new Option(ShellOptions.userOption, "user", true, "user to operate on");
+    userOpt.setArgName("user");
+    o.addOption(userOpt);
+    return o;
+  }
+
+  @Override
+  public int numArgs() {
+    return 0;
+  }
+}

http://git-wip-us.apache.org/repos/asf/accumulo/blob/064f2227/shell/src/test/java/org/apache/accumulo/shell/commands/DeleteAuthsCommandTest.java
----------------------------------------------------------------------
diff --git a/shell/src/test/java/org/apache/accumulo/shell/commands/DeleteAuthsCommandTest.java
b/shell/src/test/java/org/apache/accumulo/shell/commands/DeleteAuthsCommandTest.java
new file mode 100644
index 0000000..d19e4d0
--- /dev/null
+++ b/shell/src/test/java/org/apache/accumulo/shell/commands/DeleteAuthsCommandTest.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.shell.commands;
+
+import jline.console.ConsoleReader;
+
+import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.admin.SecurityOperations;
+import org.apache.accumulo.core.security.Authorizations;
+import org.apache.accumulo.shell.Shell;
+import org.apache.commons.cli.CommandLine;
+import org.easymock.EasyMock;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class DeleteAuthsCommandTest {
+
+  private DeleteAuthsCommand cmd;
+
+  @Before
+  public void setup() {
+    cmd = new DeleteAuthsCommand();
+
+    // Initialize that internal state
+    cmd.getOptions();
+  }
+
+  @Test
+  public void deleteExistingAuth() throws Exception {
+    Connector conn = EasyMock.createMock(Connector.class);
+    CommandLine cli = EasyMock.createMock(CommandLine.class);
+    Shell shellState = EasyMock.createMock(Shell.class);
+    ConsoleReader reader = EasyMock.createMock(ConsoleReader.class);
+    SecurityOperations secOps = EasyMock.createMock(SecurityOperations.class);
+
+    EasyMock.expect(shellState.getConnector()).andReturn(conn);
+
+    // We're the root user
+    EasyMock.expect(conn.whoami()).andReturn("root");
+    EasyMock.expect(cli.getOptionValue("u", "root")).andReturn("foo");
+    EasyMock.expect(cli.getOptionValue("s")).andReturn("abc");
+
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(secOps.getUserAuthorizations("foo")).andReturn(new Authorizations("abc",
"123"));
+    secOps.changeUserAuthorizations("foo", new Authorizations("123"));
+    EasyMock.expectLastCall();
+
+    EasyMock.replay(conn, cli, shellState, reader, secOps);
+
+    cmd.execute("deleteauths -u foo -s abc", cli, shellState);
+
+    EasyMock.verify(conn, cli, shellState, reader, secOps);
+  }
+
+  @Test
+  public void deleteNonExistingAuth() throws Exception {
+    Connector conn = EasyMock.createMock(Connector.class);
+    CommandLine cli = EasyMock.createMock(CommandLine.class);
+    Shell shellState = EasyMock.createMock(Shell.class);
+    ConsoleReader reader = EasyMock.createMock(ConsoleReader.class);
+    SecurityOperations secOps = EasyMock.createMock(SecurityOperations.class);
+
+    EasyMock.expect(shellState.getConnector()).andReturn(conn);
+
+    // We're the root user
+    EasyMock.expect(conn.whoami()).andReturn("root");
+    EasyMock.expect(cli.getOptionValue("u", "root")).andReturn("foo");
+    EasyMock.expect(cli.getOptionValue("s")).andReturn("def");
+
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(secOps.getUserAuthorizations("foo")).andReturn(new Authorizations("abc",
"123"));
+    secOps.changeUserAuthorizations("foo", new Authorizations("abc", "123"));
+    EasyMock.expectLastCall();
+
+    EasyMock.replay(conn, cli, shellState, reader, secOps);
+
+    cmd.execute("deleteauths -u foo -s def", cli, shellState);
+
+    EasyMock.verify(conn, cli, shellState, reader, secOps);
+  }
+
+  @Test
+  public void deleteAllAuth() throws Exception {
+    Connector conn = EasyMock.createMock(Connector.class);
+    CommandLine cli = EasyMock.createMock(CommandLine.class);
+    Shell shellState = EasyMock.createMock(Shell.class);
+    ConsoleReader reader = EasyMock.createMock(ConsoleReader.class);
+    SecurityOperations secOps = EasyMock.createMock(SecurityOperations.class);
+
+    EasyMock.expect(shellState.getConnector()).andReturn(conn);
+
+    // We're the root user
+    EasyMock.expect(conn.whoami()).andReturn("root");
+    EasyMock.expect(cli.getOptionValue("u", "root")).andReturn("foo");
+    EasyMock.expect(cli.getOptionValue("s")).andReturn("abc,123");
+
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(conn.securityOperations()).andReturn(secOps);
+    EasyMock.expect(secOps.getUserAuthorizations("foo")).andReturn(new Authorizations("abc",
"123"));
+    secOps.changeUserAuthorizations("foo", new Authorizations());
+    EasyMock.expectLastCall();
+
+    EasyMock.replay(conn, cli, shellState, reader, secOps);
+
+    cmd.execute("deleteauths -u foo -s abc,123", cli, shellState);
+
+    EasyMock.verify(conn, cli, shellState, reader, secOps);
+  }
+
+}


Mime
View raw message