ACCUMULO-2316 a simpler approach for property security exceptions
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/68afb1ef Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/68afb1ef Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/68afb1ef Branch: refs/heads/ACCUMULO-2061 Commit: 68afb1efb85b80068bbe67b30a4b9aba41c502c1 Parents: 5c0ca2c Author: John Vines <vi...@apache.org> Authored: Thu Mar 6 14:02:59 2014 -0500 Committer: John Vines <vi...@apache.org> Committed: Thu Mar 6 14:02:59 2014 -0500 ---------------------------------------------------------------------- .../client/admin/SecurityOperationsImpl.java | 61 +++++++++---- .../org/apache/accumulo/test/NamespacesIT.java | 95 ++++++++++++++++++++ 2 files changed, 138 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/68afb1ef/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java index ebd79ad..9d662f4 100644 --- a/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java +++ b/core/src/main/java/org/apache/accumulo/core/client/admin/SecurityOperationsImpl.java @@ -53,6 +53,8 @@ public class SecurityOperationsImpl implements SecurityOperations { // recast missing table if (ttoe.getType() == TableOperationExceptionType.NOTFOUND) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST); + else if (ttoe.getType() == TableOperationExceptionType.NAMESPACE_NOTFOUND) + throw new AccumuloSecurityException(null, SecurityErrorCode.NAMESPACE_DOESNT_EXIST); else throw new AccumuloException(ttoe); } catch (ThriftSecurityException e) { @@ -71,6 +73,8 @@ public class SecurityOperationsImpl implements SecurityOperations { // recast missing table if (ttoe.getType() == TableOperationExceptionType.NOTFOUND) throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST); + else if (ttoe.getType() == TableOperationExceptionType.NAMESPACE_NOTFOUND) + throw new AccumuloSecurityException(null, SecurityErrorCode.NAMESPACE_DOESNT_EXIST); else throw new AccumuloException(ttoe); } catch (ThriftSecurityException e) { @@ -199,12 +203,19 @@ public class SecurityOperationsImpl implements SecurityOperations { @Override public boolean hasTablePermission(final String principal, final String table, final TablePermission perm) throws AccumuloException, AccumuloSecurityException { ArgumentChecker.notNull(principal, table, perm); - return execute(new ClientExecReturn<Boolean,ClientService.Client>() { - @Override - public Boolean execute(ClientService.Client client) throws Exception { - return client.hasTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, perm.getId()); - } - }); + try { + return execute(new ClientExecReturn<Boolean,ClientService.Client>() { + @Override + public Boolean execute(ClientService.Client client) throws Exception { + return client.hasTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, perm.getId()); + } + }); + } catch (AccumuloSecurityException e) { + if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST) + throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); + else + throw e; + } } @Override @@ -234,12 +245,19 @@ public class SecurityOperationsImpl implements SecurityOperations { public void grantTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { ArgumentChecker.notNull(principal, table, permission); - execute(new ClientExec<ClientService.Client>() { - @Override - public void execute(ClientService.Client client) throws Exception { - client.grantTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId()); - } - }); + try { + execute(new ClientExec<ClientService.Client>() { + @Override + public void execute(ClientService.Client client) throws Exception { + client.grantTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId()); + } + }); + } catch (AccumuloSecurityException e) { + if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST) + throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); + else + throw e; + } } @Override @@ -269,12 +287,19 @@ public class SecurityOperationsImpl implements SecurityOperations { public void revokeTablePermission(final String principal, final String table, final TablePermission permission) throws AccumuloException, AccumuloSecurityException { ArgumentChecker.notNull(principal, table, permission); - execute(new ClientExec<ClientService.Client>() { - @Override - public void execute(ClientService.Client client) throws Exception { - client.revokeTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId()); - } - }); + try { + execute(new ClientExec<ClientService.Client>() { + @Override + public void execute(ClientService.Client client) throws Exception { + client.revokeTablePermission(Tracer.traceInfo(), credentials.toThrift(instance), principal, table, permission.getId()); + } + }); + } catch (AccumuloSecurityException e) { + if (e.getSecurityErrorCode() == org.apache.accumulo.core.client.security.SecurityErrorCode.NAMESPACE_DOESNT_EXIST) + throw new AccumuloSecurityException(null, SecurityErrorCode.TABLE_DOESNT_EXIST, e); + else + throw e; + } } @Override http://git-wip-us.apache.org/repos/asf/accumulo/blob/68afb1ef/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java index cd9ec2a..a8d5f7f 100644 --- a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java +++ b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java @@ -70,6 +70,7 @@ import org.apache.accumulo.core.metadata.RootTable; import org.apache.accumulo.core.security.Authorizations; import org.apache.accumulo.core.security.NamespacePermission; import org.apache.accumulo.core.security.SystemPermission; +import org.apache.accumulo.core.security.TablePermission; import org.apache.accumulo.core.util.UtilWaitThread; import org.apache.accumulo.examples.simple.constraints.NumericValueConstraint; import org.apache.accumulo.test.functional.SimpleMacIT; @@ -825,6 +826,100 @@ public class NamespacesIT extends SimpleMacIT { } @Test + public void testModifyingPermissions() throws Exception { + String tableName = namespace + ".modify"; + c.namespaceOperations().create(namespace); + c.tableOperations().create(tableName); + assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ)); + c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ); + assertFalse(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ)); + c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ); + assertTrue(c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ)); + c.tableOperations().delete(tableName); + + try { + c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); + c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); + assertFalse(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); + c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); + assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); + + c.namespaceOperations().delete(namespace); + + try { + c.securityOperations().hasTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().grantTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().revokeTablePermission(c.whoami(), tableName, TablePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + try { + c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); + fail(); + } catch (Exception e) { + if (!(e instanceof AccumuloSecurityException) || !((AccumuloSecurityException) e).getSecurityErrorCode().equals(SecurityErrorCode.NAMESPACE_DOESNT_EXIST)) + throw new Exception("Has permission resulted in " + e.getClass().getName(), e); + } + + } + + @Test public void verifyTableOperationsExceptions() throws Exception { String tableName = namespace + ".1"; IteratorSetting setting = new IteratorSetting(200, VersioningIterator.class);
