accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmil...@apache.org
Subject [accumulo] branch master updated: Cleanup params in PermissionHandler (#878)
Date Tue, 08 Jan 2019 00:13:08 GMT
This is an automated email from the ASF dual-hosted git repository.

mmiller pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git


The following commit(s) were added to refs/heads/master by this push:
     new 71fc7e7  Cleanup params in PermissionHandler (#878)
71fc7e7 is described below

commit 71fc7e77edbd73f21599a9d8b9b9254eb0dc74b9
Author: Mike Miller <mmiller@apache.org>
AuthorDate: Mon Jan 7 19:13:04 2019 -0500

    Cleanup params in PermissionHandler (#878)
    
    * Also remove unused initTable method
---
 .../server/security/SecurityOperation.java         | 10 ++++----
 .../handler/KerberosPermissionHandler.java         | 28 ++++++++--------------
 .../server/security/handler/PermissionHandler.java | 23 ++++++------------
 .../server/security/handler/ZKPermHandler.java     | 18 +++++---------
 .../java/org/apache/accumulo/master/Master.java    |  5 ++--
 5 files changed, 31 insertions(+), 53 deletions(-)

diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index cc6cc1f..86f60c9 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -398,8 +398,8 @@ public class SecurityOperation {
 
     try {
       if (useCached)
-        return permHandle.hasCachedNamespacePermission(user, namespace, permission);
-      return permHandle.hasNamespacePermission(user, namespace, permission);
+        return permHandle.hasCachedNamespacePermission(user, namespace.canonicalID(), permission);
+      return permHandle.hasNamespacePermission(user, namespace.canonicalID(), permission);
     } catch (NamespaceNotFoundException e) {
       throw new ThriftSecurityException(user, SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
     }
@@ -754,7 +754,7 @@ public class SecurityOperation {
     targetUserExists(user);
 
     try {
-      permHandle.grantNamespacePermission(user, namespace, permission);
+      permHandle.grantNamespacePermission(user, namespace.canonicalID(), permission);
       log.info("Granted namespace permission {} for user {} on the namespace {}"
           + " at the request of user {}", permission, user, namespace, c.getPrincipal());
     } catch (AccumuloSecurityException e) {
@@ -809,7 +809,7 @@ public class SecurityOperation {
     targetUserExists(user);
 
     try {
-      permHandle.revokeNamespacePermission(user, namespace, permission);
+      permHandle.revokeNamespacePermission(user, namespace.canonicalID(), permission);
       log.info("Revoked namespace permission {} for user {} on the namespace {}"
           + " at the request of user {}", permission, user, namespace, c.getPrincipal());
 
@@ -871,7 +871,7 @@ public class SecurityOperation {
       throw new ThriftSecurityException(credentials.getPrincipal(),
           SecurityErrorCode.PERMISSION_DENIED);
     try {
-      permHandle.cleanNamespacePermissions(namespace);
+      permHandle.cleanNamespacePermissions(namespace.canonicalID());
     } catch (AccumuloSecurityException e) {
       e.setUser(credentials.getPrincipal());
       throw e.asThriftException();
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java
b/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java
index 288f743..72d7d1d 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java
@@ -23,7 +23,6 @@ import java.util.Base64;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.clientImpl.Namespace;
 import org.apache.accumulo.core.security.NamespacePermission;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
@@ -85,14 +84,14 @@ public class KerberosPermissionHandler implements PermissionHandler {
   }
 
   @Override
-  public boolean hasNamespacePermission(String user, Namespace.ID namespace,
+  public boolean hasNamespacePermission(String user, String namespace,
       NamespacePermission permission) throws NamespaceNotFoundException {
     return zkPermissionHandler.hasNamespacePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }
 
   @Override
-  public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace,
+  public boolean hasCachedNamespacePermission(String user, String namespace,
       NamespacePermission permission) {
     return zkPermissionHandler.hasCachedNamespacePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
@@ -114,41 +113,39 @@ public class KerberosPermissionHandler implements PermissionHandler
{
 
   @Override
   public void grantTablePermission(String user, String table, TablePermission permission)
-      throws AccumuloSecurityException, TableNotFoundException {
+      throws AccumuloSecurityException {
     zkPermissionHandler.grantTablePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }
 
   @Override
   public void revokeTablePermission(String user, String table, TablePermission permission)
-      throws AccumuloSecurityException, TableNotFoundException {
+      throws AccumuloSecurityException {
     zkPermissionHandler.revokeTablePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission);
   }
 
   @Override
-  public void grantNamespacePermission(String user, Namespace.ID namespace,
-      NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException
{
+  public void grantNamespacePermission(String user, String namespace,
+      NamespacePermission permission) throws AccumuloSecurityException {
     zkPermissionHandler.grantNamespacePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }
 
   @Override
-  public void revokeNamespacePermission(String user, Namespace.ID namespace,
-      NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException
{
+  public void revokeNamespacePermission(String user, String namespace,
+      NamespacePermission permission) throws AccumuloSecurityException {
     zkPermissionHandler.revokeNamespacePermission(
         Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission);
   }
 
   @Override
-  public void cleanTablePermissions(String table)
-      throws AccumuloSecurityException, TableNotFoundException {
+  public void cleanTablePermissions(String table) throws AccumuloSecurityException {
     zkPermissionHandler.cleanTablePermissions(table);
   }
 
   @Override
-  public void cleanNamespacePermissions(Namespace.ID namespace)
-      throws AccumuloSecurityException, NamespaceNotFoundException {
+  public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException
{
     zkPermissionHandler.cleanNamespacePermissions(namespace);
   }
 
@@ -158,11 +155,6 @@ public class KerberosPermissionHandler implements PermissionHandler {
   }
 
   @Override
-  public void initTable(String table) {
-    zkPermissionHandler.initTable(table);
-  }
-
-  @Override
   public void cleanUser(String user) throws AccumuloSecurityException {
     zkPermissionHandler.cleanUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8)));
   }
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
b/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
index 63acd8e..7e1c745 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java
@@ -19,7 +19,6 @@ package org.apache.accumulo.server.security.handler;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.NamespaceNotFoundException;
 import org.apache.accumulo.core.client.TableNotFoundException;
-import org.apache.accumulo.core.clientImpl.Namespace;
 import org.apache.accumulo.core.security.NamespacePermission;
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
@@ -76,14 +75,14 @@ public interface PermissionHandler {
   /**
    * Used to get the namespace permission of a user for a namespace
    */
-  boolean hasNamespacePermission(String user, Namespace.ID namespace,
-      NamespacePermission permission) throws NamespaceNotFoundException;
+  boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission)
+      throws NamespaceNotFoundException;
 
   /**
    * Used to get the namespace permission of a user for a namespace, with caching. This method
is
    * for high frequency operations
    */
-  boolean hasCachedNamespacePermission(String user, Namespace.ID namespace,
+  boolean hasCachedNamespacePermission(String user, String namespace,
       NamespacePermission permission);
 
   /**
@@ -113,14 +112,14 @@ public interface PermissionHandler {
   /**
    * Gives the user the given namespace permission
    */
-  void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission
permission)
+  void grantNamespacePermission(String user, String namespace, NamespacePermission permission)
       throws AccumuloSecurityException, NamespaceNotFoundException;
 
   /**
    * Denies the user the given namespace permission.
    */
-  void revokeNamespacePermission(String user, Namespace.ID namespace,
-      NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException;
+  void revokeNamespacePermission(String user, String namespace, NamespacePermission permission)
+      throws AccumuloSecurityException, NamespaceNotFoundException;
 
   /**
    * Cleans up the permissions for a table. Used when a table gets deleted.
@@ -130,7 +129,7 @@ public interface PermissionHandler {
   /**
    * Cleans up the permissions for a namespace. Used when a namespace gets deleted.
    */
-  void cleanNamespacePermissions(Namespace.ID namespace)
+  void cleanNamespacePermissions(String namespace)
       throws AccumuloSecurityException, NamespaceNotFoundException;
 
   /**
@@ -139,14 +138,6 @@ public interface PermissionHandler {
   void initUser(String user) throws AccumuloSecurityException;
 
   /**
-   * Initializes a new table
-   *
-   * @deprecated since 2.0.0. Method is never called so implementation does nothing.
-   */
-  @Deprecated
-  void initTable(String table);
-
-  /**
    * Deletes a user
    */
   void cleanUser(String user) throws AccumuloSecurityException;
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java
b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java
index 4ae95b2..2183e8e 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java
@@ -126,7 +126,7 @@ public class ZKPermHandler implements PermissionHandler {
   }
 
   @Override
-  public boolean hasNamespacePermission(String user, Namespace.ID namespace,
+  public boolean hasNamespacePermission(String user, String namespace,
       NamespacePermission permission) throws NamespaceNotFoundException {
     byte[] serializedPerms;
     try {
@@ -148,8 +148,7 @@ public class ZKPermHandler implements PermissionHandler {
         } catch (KeeperException ex) {
           // not there, throw an informative exception
           if (e.code() == Code.NONODE) {
-            throw new NamespaceNotFoundException(namespace.canonicalID(), null,
-                "while checking permissions");
+            throw new NamespaceNotFoundException(namespace, null, "while checking permissions");
           }
           log.warn("Unhandled InterruptedException, failing closed for table permission check",
e);
         }
@@ -168,7 +167,7 @@ public class ZKPermHandler implements PermissionHandler {
   }
 
   @Override
-  public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace,
+  public boolean hasCachedNamespacePermission(String user, String namespace,
       NamespacePermission permission) {
     byte[] serializedPerms = zooCache
         .get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
@@ -234,7 +233,7 @@ public class ZKPermHandler implements PermissionHandler {
   }
 
   @Override
-  public void grantNamespacePermission(String user, Namespace.ID namespace,
+  public void grantNamespacePermission(String user, String namespace,
       NamespacePermission permission) throws AccumuloSecurityException {
     Set<NamespacePermission> namespacePerms;
     byte[] serializedPerms = zooCache
@@ -320,7 +319,7 @@ public class ZKPermHandler implements PermissionHandler {
   }
 
   @Override
-  public void revokeNamespacePermission(String user, Namespace.ID namespace,
+  public void revokeNamespacePermission(String user, String namespace,
       NamespacePermission permission) throws AccumuloSecurityException {
     byte[] serializedPerms = zooCache
         .get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace);
@@ -370,7 +369,7 @@ public class ZKPermHandler implements PermissionHandler {
   }
 
   @Override
-  public void cleanNamespacePermissions(Namespace.ID namespace) throws AccumuloSecurityException
{
+  public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException
{
     try {
       synchronized (zooCache) {
         zooCache.clear();
@@ -525,9 +524,4 @@ public class ZKPermHandler implements PermissionHandler {
     return true;
   }
 
-  @Override
-  public void initTable(String table) {
-    // All proper housekeeping is done on delete and permission granting, no work needs to
be done
-    // here
-  }
 }
diff --git a/server/master/src/main/java/org/apache/accumulo/master/Master.java b/server/master/src/main/java/org/apache/accumulo/master/Master.java
index cc1d800..7e80307 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/Master.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/Master.java
@@ -458,9 +458,10 @@ public class Master
         for (String user : zoo.getChildren(users)) {
           zoo.putPersistentData(users + "/" + user + "/Namespaces", new byte[0],
               NodeExistsPolicy.SKIP);
-          perm.grantNamespacePermission(user, Namespace.ID.ACCUMULO, NamespacePermission.READ);
+          perm.grantNamespacePermission(user, Namespace.ID.ACCUMULO.canonicalID(),
+              NamespacePermission.READ);
         }
-        perm.grantNamespacePermission("root", Namespace.ID.ACCUMULO,
+        perm.grantNamespacePermission("root", Namespace.ID.ACCUMULO.canonicalID(),
             NamespacePermission.ALTER_TABLE);
 
         // add the currlog location for root tablet current logs


Mime
View raw message