Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1391603&r1=1391602&r2=1391603&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Fri Sep 28 19:11:31 2012 @@ -17,7 +17,6 @@ package org.apache.accumulo.server.test.randomwalk.security; import java.net.InetAddress; -import java.util.HashMap; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.Instance; @@ -47,28 +46,22 @@ public class SecurityFixture extends Fix conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations()); sysConn = instance.getConnector(systemUserName, sysUserPass); - SecurityHelper.setSystemConnector(state, sysConn); - SecurityHelper.setSysUserName(state, systemUserName); - SecurityHelper.setSysUserPass(state, sysUserPass); + WalkingSecurity.get(state).createUser(systemUserName, sysUserPass); - SecurityHelper.setTableExists(state, false); - SecurityHelper.setTableExists(state, false); + WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]); - SecurityHelper.setTabUserPass(state, new byte[0]); - - SecurityHelper.setTableName(state, secTableName); - SecurityHelper.setTabUserName(state, tableUserName); + WalkingSecurity.get(state).setTableName(secTableName); + WalkingSecurity.get(state).setTabUserName(tableUserName); for (TablePermission tp : TablePermission.values()) { - SecurityHelper.setTabPerm(state, systemUserName, tp, false); - SecurityHelper.setTabPerm(state, tableUserName, tp, false); + WalkingSecurity.get(state).revokeTablePermission(systemUserName, secTableName, tp); + WalkingSecurity.get(state).revokeTablePermission(tableUserName, secTableName, tp); } for (SystemPermission sp : SystemPermission.values()) { - SecurityHelper.setSysPerm(state, systemUserName, sp, false); - SecurityHelper.setSysPerm(state, tableUserName, sp, false); + WalkingSecurity.get(state).revokeSystemPermission(systemUserName, sp); + WalkingSecurity.get(state).revokeSystemPermission(tableUserName, sp); } - SecurityHelper.setUserAuths(state, tableUserName, new Authorizations()); - SecurityHelper.setAuthsMap(state, new HashMap<String,Integer>()); + WalkingSecurity.get(state).changeAuthorizations(tableUserName, new Authorizations()); } @Override @@ -77,20 +70,20 @@ public class SecurityFixture extends Fix Validate.validate(state, log); Connector conn = state.getConnector(); - if (SecurityHelper.getTableExists(state)) { - String secTableName = SecurityHelper.getTableName(state); + if (WalkingSecurity.get(state).getTableExists()) { + String secTableName = WalkingSecurity.get(state).getTableName(); log.debug("Dropping tables: " + secTableName); conn.tableOperations().delete(secTableName); } - if (SecurityHelper.getTabUserExists(state)) { - String tableUserName = SecurityHelper.getTabUserName(state); + if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) { + String tableUserName = WalkingSecurity.get(state).getTabUserName(); log.debug("Dropping user: " + tableUserName); conn.securityOperations().dropUser(tableUserName); } - String systemUserName = SecurityHelper.getSysUserName(state); + String systemUserName = WalkingSecurity.get(state).getSysUserName(); log.debug("Dropping user: " + systemUserName); conn.securityOperations().dropUser(systemUserName);
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java?rev=1391603&r1=1391602&r2=1391603&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SetAuths.java Fri Sep 28 19:11:31 2012 @@ -23,7 +23,6 @@ import org.apache.accumulo.core.client.A import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.security.Authorizations; -import org.apache.accumulo.core.security.SystemPermission; import org.apache.accumulo.server.test.randomwalk.State; import org.apache.accumulo.server.test.randomwalk.Test; @@ -37,22 +36,20 @@ public class SetAuths extends Test { String targetUser = props.getProperty("system"); String target; - boolean exists; - boolean hasPermission; if ("table".equals(targetUser)) { - target = SecurityHelper.getTabUserName(state); - exists = SecurityHelper.getTabUserExists(state); - conn = SecurityHelper.getSystemConnector(state); - hasPermission = SecurityHelper.getSysPerm(state, SecurityHelper.getSysUserName(state), SystemPermission.ALTER_USER); + target = WalkingSecurity.get(state).getTabUserName(); + conn = WalkingSecurity.get(state).getSystemConnector(); } else { - target = SecurityHelper.getSysUserName(state); - exists = true; + target = WalkingSecurity.get(state).getSysUserName(); conn = state.getConnector(); - hasPermission = true; } + + boolean exists = WalkingSecurity.get(state).userExists(target); + boolean hasPermission = WalkingSecurity.get(state).canChangeAuthorizations(WalkingSecurity.get(state).getSysAuthInfo(), target); + Authorizations auths; if (authsString.equals("_random")) { - String[] possibleAuths = SecurityHelper.getAuthsArray(); + String[] possibleAuths = WalkingSecurity.get(state).getAuthsArray(); Random r = new Random(); int i = r.nextInt(possibleAuths.length); @@ -88,7 +85,7 @@ public class SetAuths extends Test { throw new AccumuloException("Got unexpected exception", ae); } } - SecurityHelper.setUserAuths(state, target, auths); + WalkingSecurity.get(state).changeAuthorizations(target, auths); if (!hasPermission) throw new AccumuloException("Didn't get Security Exception when we should have"); } Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1391603&r1=1391602&r2=1391603&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java Fri Sep 28 19:11:31 2012 @@ -52,19 +52,8 @@ public class TableOp extends Test { @Override public void visit(State state, Properties props) throws Exception { - boolean userExists = SecurityHelper.getTabUserExists(state); - Connector conn; - try { - conn = state.getInstance().getConnector(SecurityHelper.getTabUserName(state), SecurityHelper.getTabUserPass(state)); - } catch (AccumuloSecurityException ae) { - if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) { - if (userExists) - throw new AccumuloException("User didn't exist when they should (or worse- password mismatch)", ae); - else - return; - } - throw new AccumuloException("Unexpected exception!", ae); - } + Connector conn = WalkingSecurity.get(state).getTableConnector(); + String action = props.getProperty("action", "_random"); TablePermission tp; if ("_random".equalsIgnoreCase(action)) { @@ -74,19 +63,17 @@ public class TableOp extends Test { tp = TablePermission.valueOf(action); } - boolean tableExists = SecurityHelper.getTableExists(state); - boolean hasPerm = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), tp); - - String tableName = state.getString("secTableName"); - boolean ambiguousZone; + boolean tableExists = WalkingSecurity.get(state).getTableExists(); + String tableName = WalkingSecurity.get(state).getTableName(); switch (tp) { - case READ: - Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state)); - boolean canRead = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.READ); - ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp); + case READ: { + boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(), tableName); + Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo()); + boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp); + try { - Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state))); + Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami())); int seen = 0; Iterator<Entry<Key,Value>> iter = scan.iterator(); while (iter.hasNext()) { @@ -98,7 +85,7 @@ public class TableOp extends Test { } if (!canRead && !ambiguousZone) throw new AccumuloException("Was able to read when I shouldn't have had the perm with connection user " + conn.whoami() + " table " + tableName); - for (Entry<String,Integer> entry : SecurityHelper.getAuthsMap(state).entrySet()) { + for (Entry<String,Integer> entry : WalkingSecurity.get(state).getAuthsMap().entrySet()) { if (auths.contains(entry.getKey().getBytes())) seen = seen - entry.getValue(); } @@ -128,13 +115,14 @@ public class TableOp extends Test { } break; + } case WRITE: - // boolean canWrite = SecurityHelper.getTabPerm(state, SecurityHelper.getTabUserName(state), TablePermission.WRITE); - ambiguousZone = SecurityHelper.inAmbiguousZone(state, SecurityHelper.getTabUserName(state), tp); + // boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName); + boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp); - String key = SecurityHelper.getLastKey(state) + "1"; + String key = WalkingSecurity.get(state).getLastKey() + "1"; Mutation m = new Mutation(new Text(key)); - for (String s : SecurityHelper.getAuthsArray()) { + for (String s : WalkingSecurity.get(state).getAuthsArray()) { m.put(new Text(), new Text(), new ColumnVisibility(s), new Value("value".getBytes())); } BatchWriter writer; @@ -156,6 +144,7 @@ public class TableOp extends Test { if (ambiguousZone) { Thread.sleep(1000); try { + writer = conn.createBatchWriter(tableName, 9000l, 0l, 1); writer.addMutation(m); writer.close(); } catch (MutationsRejectedException mre2) { @@ -164,19 +153,19 @@ public class TableOp extends Test { } } if (works) - for (String s : SecurityHelper.getAuthsArray()) - SecurityHelper.increaseAuthMap(state, s, 1); + for (String s : WalkingSecurity.get(state).getAuthsArray()) + WalkingSecurity.get(state).increaseAuthMap(s, 1); break; case BULK_IMPORT: - key = SecurityHelper.getLastKey(state) + "1"; + key = WalkingSecurity.get(state).getLastKey() + "1"; SortedSet<Key> keys = new TreeSet<Key>(); - for (String s : SecurityHelper.getAuthsArray()) { + for (String s : WalkingSecurity.get(state).getAuthsArray()) { Key k = new Key(key, "", "", s); keys.add(k); } Path dir = new Path("/tmp", "bulk_" + UUID.randomUUID().toString()); Path fail = new Path(dir.toString() + "_fail"); - FileSystem fs = SecurityHelper.getFs(state); + FileSystem fs = WalkingSecurity.get(state).getFs(); FileSKVWriter f = FileOperations.getInstance().openWriter(dir + "/securityBulk." + RFile.EXTENSION, fs, fs.getConf(), AccumuloConfiguration.getDefaultConfiguration()); f.startDefaultLocalityGroup(); @@ -192,25 +181,26 @@ public class TableOp extends Test { return; } catch (AccumuloSecurityException ae) { if (ae.getErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) { - if (hasPerm) + if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName)) throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName); return; } else if (ae.getErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) { - if (SecurityHelper.sysUserPassTransient(state)) + if (WalkingSecurity.get(state).userPassTransient(conn.whoami())) return; } throw new AccumuloException("Unexpected exception!", ae); } - for (String s : SecurityHelper.getAuthsArray()) - SecurityHelper.increaseAuthMap(state, s, 1); + for (String s : WalkingSecurity.get(state).getAuthsArray()) + WalkingSecurity.get(state).increaseAuthMap(s, 1); fs.delete(dir, true); fs.delete(fail, true); - if (!hasPerm) + if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName)) throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName); break; case ALTER_TABLE: - AlterTable.renameTable(conn, state, tableName, tableName + "plus", hasPerm, tableExists); + AlterTable.renameTable(conn, state, tableName, tableName + "plus", + WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabAuthInfo(), tableName), tableExists); break; case GRANT: Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java?rev=1391603&r1=1391602&r2=1391603&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/Validate.java Fri Sep 28 19:11:31 2012 @@ -39,13 +39,13 @@ public class Validate extends Test { public static void validate(State state, Logger log) throws Exception { Connector conn = state.getConnector(); - boolean tableExists = SecurityHelper.getTableExists(state); - boolean cloudTableExists = conn.tableOperations().list().contains(SecurityHelper.getTableName(state)); + boolean tableExists = WalkingSecurity.get(state).getTableExists(); + boolean cloudTableExists = conn.tableOperations().list().contains(WalkingSecurity.get(state).getTableName()); if (tableExists != cloudTableExists) throw new AccumuloException("Table existance out of sync"); - boolean tableUserExists = SecurityHelper.getTabUserExists(state); - boolean cloudTableUserExists = conn.securityOperations().listUsers().contains(SecurityHelper.getTabUserName(state)); + boolean tableUserExists = WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName()); + boolean cloudTableUserExists = conn.securityOperations().listUsers().contains(WalkingSecurity.get(state).getTabUserName()); if (tableUserExists != cloudTableUserExists) throw new AccumuloException("Table User existance out of sync"); @@ -55,17 +55,16 @@ public class Validate extends Test { props.setProperty("target", "table"); Authenticate.authenticate(conn, state, props); - boolean tabUserExists = SecurityHelper.getTabUserExists(state); - for (String user : new String[] {SecurityHelper.getSysUserName(state), SecurityHelper.getTabUserName(state)}) { + for (String user : new String[] {WalkingSecurity.get(state).getSysUserName(), WalkingSecurity.get(state).getTabUserName()}) { for (SystemPermission sp : SystemPermission.values()) { - boolean hasSp = SecurityHelper.getSysPerm(state, user, sp); + boolean hasSp = WalkingSecurity.get(state).hasSystemPermission(user, sp); boolean accuHasSp; try { accuHasSp = conn.securityOperations().hasSystemPermission(user, sp); log.debug("Just checked to see if user " + user + " has system perm " + sp.name() + " with answer " + accuHasSp); } catch (AccumuloSecurityException ae) { if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) { - if (tabUserExists) + if (tableUserExists) throw new AccumuloException("Got user DNE error when they should", ae); else continue; @@ -77,14 +76,14 @@ public class Validate extends Test { } for (TablePermission tp : TablePermission.values()) { - boolean hasTp = SecurityHelper.getTabPerm(state, user, tp); + boolean hasTp = WalkingSecurity.get(state).hasTablePermission(user, WalkingSecurity.get(state).getTableName(), tp); boolean accuHasTp; try { - accuHasTp = conn.securityOperations().hasTablePermission(user, SecurityHelper.getTableName(state), tp); + accuHasTp = conn.securityOperations().hasTablePermission(user, WalkingSecurity.get(state).getTableName(), tp); log.debug("Just checked to see if user " + user + " has table perm " + tp.name() + " with answer " + accuHasTp); } catch (AccumuloSecurityException ae) { if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) { - if (tabUserExists) + if (tableUserExists) throw new AccumuloException("Got user DNE error when they should", ae); else continue; @@ -102,13 +101,13 @@ public class Validate extends Test { } - Authorizations auths = SecurityHelper.getUserAuths(state, SecurityHelper.getTabUserName(state)); + Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo()); Authorizations accuAuths; try { - accuAuths = conn.securityOperations().getUserAuthorizations(SecurityHelper.getTabUserName(state)); + accuAuths = conn.securityOperations().getUserAuthorizations(WalkingSecurity.get(state).getTabUserName()); } catch (AccumuloSecurityException ae) { if (ae.getErrorCode().equals(SecurityErrorCode.USER_DOESNT_EXIST)) { - if (tabUserExists) + if (tableUserExists) throw new AccumuloException("Table user didn't exist when they should.", ae); else return; Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java?rev=1391603&r1=1391602&r2=1391603&view=diff ============================================================================== --- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java (original) +++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/util/Initialize.java Fri Sep 28 19:11:31 2012 @@ -50,8 +50,8 @@ import org.apache.accumulo.server.conf.S import org.apache.accumulo.server.constraints.MetadataConstraints; import org.apache.accumulo.server.iterators.MetadataBulkLoadFilter; import org.apache.accumulo.server.master.state.tables.TableManager; +import org.apache.accumulo.server.security.AuditedSecurityOperation; import org.apache.accumulo.server.security.SecurityConstants; -import org.apache.accumulo.server.security.SecurityOperationImpl; import org.apache.accumulo.server.security.SecurityUtil; import org.apache.accumulo.server.tabletserver.TabletTime; import org.apache.accumulo.server.zookeeper.ZooReaderWriter; @@ -412,11 +412,19 @@ public class Initialize { } private static void initSecurity(String iid, byte[] rootpass) throws AccumuloSecurityException, ThriftSecurityException { - SecurityOperationImpl.getInstance(iid).initializeSecurity(SecurityConstants.getSystemCredentials(), ROOT_USER, rootpass); + AuditedSecurityOperation.getInstance(iid).initializeSecurity(SecurityConstants.getSystemCredentials(), ROOT_USER, rootpass); } protected static void initMetadataConfig() throws IOException { try { + Configuration conf = CachedConfiguration.getInstance(); + int max = conf.getInt("dfs.replication.max", 512); + // Hadoop 0.23 switched the min value configuration name + int min = Math.max(conf.getInt("dfs.replication.min", 1), conf.getInt("dfs.namenode.replication.min", 1)); + if (max < 5) + setMetadataReplication(max, "max"); + if (min > 5) + setMetadataReplication(min, "min"); for (Entry<String,String> entry : initialMetadataConf.entrySet()) if (!TablePropUtil.setTableProperty(Constants.METADATA_TABLE_ID, entry.getKey(), entry.getValue())) throw new IOException("Cannot create per-table property " + entry.getKey()); @@ -426,6 +434,18 @@ public class Initialize { } } + private static void setMetadataReplication(int replication, String reason) throws IOException { + String rep = getConsoleReader().readLine( + "Your HDFS replication " + reason + + " is not compatible with our default !METADATA replication of 5. What do you want to set your !METADATA replication to? (" + replication + ") "); + if (rep == null || rep.length() == 0) + rep = Integer.toString(replication); + else + // Lets make sure it's a number + Integer.parseInt(rep); + initialMetadataConf.put(Property.TABLE_FILE_REPLICATION.getKey(), rep); + } + public static boolean isInitialized(FileSystem fs) throws IOException { return (fs.exists(ServerConstants.getInstanceIdLocation()) || fs.exists(ServerConstants.getDataVersionLocation())); } Propchange: accumulo/branches/ACCUMULO-259/src/ ------------------------------------------------------------------------------ Merged /accumulo/trunk/src:r1362561-1363473 Merged /accumulo/branches/1.4/src/src:r1363430
