From commits-return-22481-archive-asf-public=cust-asf.ponee.io@accumulo.apache.org Tue Jan 8 01:13:10 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 125FF180647 for ; Tue, 8 Jan 2019 01:13:09 +0100 (CET) Received: (qmail 72146 invoked by uid 500); 8 Jan 2019 00:13:09 -0000 Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list commits@accumulo.apache.org Received: (qmail 72137 invoked by uid 99); 8 Jan 2019 00:13:09 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Jan 2019 00:13:09 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 9640385BAF; Tue, 8 Jan 2019 00:13:08 +0000 (UTC) Date: Tue, 08 Jan 2019 00:13:08 +0000 To: "commits@accumulo.apache.org" Subject: [accumulo] branch master updated: Cleanup params in PermissionHandler (#878) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <154690638848.16355.2700128513876730196@gitbox.apache.org> From: mmiller@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: accumulo X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: d351abff8198ea12fd9a9bb055fe003bf6cdf8ca X-Git-Newrev: 71fc7e77edbd73f21599a9d8b9b9254eb0dc74b9 X-Git-Rev: 71fc7e77edbd73f21599a9d8b9b9254eb0dc74b9 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. mmiller pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/accumulo.git The following commit(s) were added to refs/heads/master by this push: new 71fc7e7 Cleanup params in PermissionHandler (#878) 71fc7e7 is described below commit 71fc7e77edbd73f21599a9d8b9b9254eb0dc74b9 Author: Mike Miller AuthorDate: Mon Jan 7 19:13:04 2019 -0500 Cleanup params in PermissionHandler (#878) * Also remove unused initTable method --- .../server/security/SecurityOperation.java | 10 ++++---- .../handler/KerberosPermissionHandler.java | 28 ++++++++-------------- .../server/security/handler/PermissionHandler.java | 23 ++++++------------ .../server/security/handler/ZKPermHandler.java | 18 +++++--------- .../java/org/apache/accumulo/master/Master.java | 5 ++-- 5 files changed, 31 insertions(+), 53 deletions(-) diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java index cc6cc1f..86f60c9 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java @@ -398,8 +398,8 @@ public class SecurityOperation { try { if (useCached) - return permHandle.hasCachedNamespacePermission(user, namespace, permission); - return permHandle.hasNamespacePermission(user, namespace, permission); + return permHandle.hasCachedNamespacePermission(user, namespace.canonicalID(), permission); + return permHandle.hasNamespacePermission(user, namespace.canonicalID(), permission); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(user, SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } @@ -754,7 +754,7 @@ public class SecurityOperation { targetUserExists(user); try { - permHandle.grantNamespacePermission(user, namespace, permission); + permHandle.grantNamespacePermission(user, namespace.canonicalID(), permission); log.info("Granted namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); } catch (AccumuloSecurityException e) { @@ -809,7 +809,7 @@ public class SecurityOperation { targetUserExists(user); try { - permHandle.revokeNamespacePermission(user, namespace, permission); + permHandle.revokeNamespacePermission(user, namespace.canonicalID(), permission); log.info("Revoked namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); @@ -871,7 +871,7 @@ public class SecurityOperation { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { - permHandle.cleanNamespacePermissions(namespace); + permHandle.cleanNamespacePermissions(namespace.canonicalID()); } catch (AccumuloSecurityException e) { e.setUser(credentials.getPrincipal()); throw e.asThriftException(); diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java b/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java index 288f743..72d7d1d 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/KerberosPermissionHandler.java @@ -23,7 +23,6 @@ import java.util.Base64; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.NamespaceNotFoundException; import org.apache.accumulo.core.client.TableNotFoundException; -import org.apache.accumulo.core.clientImpl.Namespace; import org.apache.accumulo.core.security.NamespacePermission; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; @@ -85,14 +84,14 @@ public class KerberosPermissionHandler implements PermissionHandler { } @Override - public boolean hasNamespacePermission(String user, Namespace.ID namespace, + public boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) throws NamespaceNotFoundException { return zkPermissionHandler.hasNamespacePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission); } @Override - public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, + public boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission) { return zkPermissionHandler.hasCachedNamespacePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission); @@ -114,41 +113,39 @@ public class KerberosPermissionHandler implements PermissionHandler { @Override public void grantTablePermission(String user, String table, TablePermission permission) - throws AccumuloSecurityException, TableNotFoundException { + throws AccumuloSecurityException { zkPermissionHandler.grantTablePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission); } @Override public void revokeTablePermission(String user, String table, TablePermission permission) - throws AccumuloSecurityException, TableNotFoundException { + throws AccumuloSecurityException { zkPermissionHandler.revokeTablePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), table, permission); } @Override - public void grantNamespacePermission(String user, Namespace.ID namespace, - NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException { + public void grantNamespacePermission(String user, String namespace, + NamespacePermission permission) throws AccumuloSecurityException { zkPermissionHandler.grantNamespacePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission); } @Override - public void revokeNamespacePermission(String user, Namespace.ID namespace, - NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException { + public void revokeNamespacePermission(String user, String namespace, + NamespacePermission permission) throws AccumuloSecurityException { zkPermissionHandler.revokeNamespacePermission( Base64.getEncoder().encodeToString(user.getBytes(UTF_8)), namespace, permission); } @Override - public void cleanTablePermissions(String table) - throws AccumuloSecurityException, TableNotFoundException { + public void cleanTablePermissions(String table) throws AccumuloSecurityException { zkPermissionHandler.cleanTablePermissions(table); } @Override - public void cleanNamespacePermissions(Namespace.ID namespace) - throws AccumuloSecurityException, NamespaceNotFoundException { + public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException { zkPermissionHandler.cleanNamespacePermissions(namespace); } @@ -158,11 +155,6 @@ public class KerberosPermissionHandler implements PermissionHandler { } @Override - public void initTable(String table) { - zkPermissionHandler.initTable(table); - } - - @Override public void cleanUser(String user) throws AccumuloSecurityException { zkPermissionHandler.cleanUser(Base64.getEncoder().encodeToString(user.getBytes(UTF_8))); } diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java b/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java index 63acd8e..7e1c745 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/PermissionHandler.java @@ -19,7 +19,6 @@ package org.apache.accumulo.server.security.handler; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.NamespaceNotFoundException; import org.apache.accumulo.core.client.TableNotFoundException; -import org.apache.accumulo.core.clientImpl.Namespace; import org.apache.accumulo.core.security.NamespacePermission; import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.core.security.TablePermission; @@ -76,14 +75,14 @@ public interface PermissionHandler { /** * Used to get the namespace permission of a user for a namespace */ - boolean hasNamespacePermission(String user, Namespace.ID namespace, - NamespacePermission permission) throws NamespaceNotFoundException; + boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) + throws NamespaceNotFoundException; /** * Used to get the namespace permission of a user for a namespace, with caching. This method is * for high frequency operations */ - boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, + boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission); /** @@ -113,14 +112,14 @@ public interface PermissionHandler { /** * Gives the user the given namespace permission */ - void grantNamespacePermission(String user, Namespace.ID namespace, NamespacePermission permission) + void grantNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException; /** * Denies the user the given namespace permission. */ - void revokeNamespacePermission(String user, Namespace.ID namespace, - NamespacePermission permission) throws AccumuloSecurityException, NamespaceNotFoundException; + void revokeNamespacePermission(String user, String namespace, NamespacePermission permission) + throws AccumuloSecurityException, NamespaceNotFoundException; /** * Cleans up the permissions for a table. Used when a table gets deleted. @@ -130,7 +129,7 @@ public interface PermissionHandler { /** * Cleans up the permissions for a namespace. Used when a namespace gets deleted. */ - void cleanNamespacePermissions(Namespace.ID namespace) + void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException, NamespaceNotFoundException; /** @@ -139,14 +138,6 @@ public interface PermissionHandler { void initUser(String user) throws AccumuloSecurityException; /** - * Initializes a new table - * - * @deprecated since 2.0.0. Method is never called so implementation does nothing. - */ - @Deprecated - void initTable(String table); - - /** * Deletes a user */ void cleanUser(String user) throws AccumuloSecurityException; diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java index 4ae95b2..2183e8e 100644 --- a/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java +++ b/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKPermHandler.java @@ -126,7 +126,7 @@ public class ZKPermHandler implements PermissionHandler { } @Override - public boolean hasNamespacePermission(String user, Namespace.ID namespace, + public boolean hasNamespacePermission(String user, String namespace, NamespacePermission permission) throws NamespaceNotFoundException { byte[] serializedPerms; try { @@ -148,8 +148,7 @@ public class ZKPermHandler implements PermissionHandler { } catch (KeeperException ex) { // not there, throw an informative exception if (e.code() == Code.NONODE) { - throw new NamespaceNotFoundException(namespace.canonicalID(), null, - "while checking permissions"); + throw new NamespaceNotFoundException(namespace, null, "while checking permissions"); } log.warn("Unhandled InterruptedException, failing closed for table permission check", e); } @@ -168,7 +167,7 @@ public class ZKPermHandler implements PermissionHandler { } @Override - public boolean hasCachedNamespacePermission(String user, Namespace.ID namespace, + public boolean hasCachedNamespacePermission(String user, String namespace, NamespacePermission permission) { byte[] serializedPerms = zooCache .get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace); @@ -234,7 +233,7 @@ public class ZKPermHandler implements PermissionHandler { } @Override - public void grantNamespacePermission(String user, Namespace.ID namespace, + public void grantNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException { Set namespacePerms; byte[] serializedPerms = zooCache @@ -320,7 +319,7 @@ public class ZKPermHandler implements PermissionHandler { } @Override - public void revokeNamespacePermission(String user, Namespace.ID namespace, + public void revokeNamespacePermission(String user, String namespace, NamespacePermission permission) throws AccumuloSecurityException { byte[] serializedPerms = zooCache .get(ZKUserPath + "/" + user + ZKUserNamespacePerms + "/" + namespace); @@ -370,7 +369,7 @@ public class ZKPermHandler implements PermissionHandler { } @Override - public void cleanNamespacePermissions(Namespace.ID namespace) throws AccumuloSecurityException { + public void cleanNamespacePermissions(String namespace) throws AccumuloSecurityException { try { synchronized (zooCache) { zooCache.clear(); @@ -525,9 +524,4 @@ public class ZKPermHandler implements PermissionHandler { return true; } - @Override - public void initTable(String table) { - // All proper housekeeping is done on delete and permission granting, no work needs to be done - // here - } } diff --git a/server/master/src/main/java/org/apache/accumulo/master/Master.java b/server/master/src/main/java/org/apache/accumulo/master/Master.java index cc1d800..7e80307 100644 --- a/server/master/src/main/java/org/apache/accumulo/master/Master.java +++ b/server/master/src/main/java/org/apache/accumulo/master/Master.java @@ -458,9 +458,10 @@ public class Master for (String user : zoo.getChildren(users)) { zoo.putPersistentData(users + "/" + user + "/Namespaces", new byte[0], NodeExistsPolicy.SKIP); - perm.grantNamespacePermission(user, Namespace.ID.ACCUMULO, NamespacePermission.READ); + perm.grantNamespacePermission(user, Namespace.ID.ACCUMULO.canonicalID(), + NamespacePermission.READ); } - perm.grantNamespacePermission("root", Namespace.ID.ACCUMULO, + perm.grantNamespacePermission("root", Namespace.ID.ACCUMULO.canonicalID(), NamespacePermission.ALTER_TABLE); // add the currlog location for root tablet current logs