Java Code Examples for org.apache.accumulo.core.client.Connector#securityOperations()

The following examples show how to use org.apache.accumulo.core.client.Connector#securityOperations() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: StatsJob.java    From datawave with Apache License 2.0 6 votes vote down vote up
@Override
protected void configureInputFormat(Job job, AccumuloHelper cbHelper, Configuration conf) throws Exception {
    BulkInputFormat.setZooKeeperInstance(conf, cbHelper.getInstanceName(), cbHelper.getZooKeepers());
    
    // add the versioning iterator
    IteratorSetting cfg = new IteratorSetting(100, VersioningIterator.class);
    BulkInputFormat.addIterator(conf, cfg);
    
    // get authorizations
    Connector conn = cbHelper.getConnector();
    SecurityOperations secOps = conn.securityOperations();
    Authorizations auths = secOps.getUserAuthorizations(cbHelper.getUsername());
    
    BulkInputFormat.setInputInfo(job, cbHelper.getUsername(), cbHelper.getPassword(), this.inputTableName, auths);
    final Set<Range> scanShards = calculateRanges(conf);
    BulkInputFormat.setRanges(job, scanShards);
    
    super.configureInputFormat(job, cbHelper, conf);
}
 
Example 2
Source File: PcjVisibilityIT.java    From rya with Apache License 2.0 5 votes vote down vote up
private void setupTestUsers(final Connector accumuloConn, final String ryaInstanceName, final String pcjId) throws AccumuloException, AccumuloSecurityException {
    final PasswordToken pass = new PasswordToken("password");
    final SecurityOperations secOps = accumuloConn.securityOperations();

    // We need the table name so that we can update security for the users.
    final String pcjTableName = new PcjTableNameFactory().makeTableName(ryaInstanceName, pcjId);

    // Give the 'roor' user authorizations to see everything.
    secOps.changeUserAuthorizations("root", new Authorizations("A", "B", "C", "D", "E"));

    // Create a user that can see things with A and B.
    secOps.createLocalUser("abUser", pass);
    secOps.changeUserAuthorizations("abUser", new Authorizations("A", "B"));
    secOps.grantTablePermission("abUser", pcjTableName, TablePermission.READ);

    // Create a user that can see things with A, B, and C.
    secOps.createLocalUser("abcUser", pass);
    secOps.changeUserAuthorizations("abcUser", new Authorizations("A", "B", "C"));
    secOps.grantTablePermission("abcUser", pcjTableName, TablePermission.READ);

    // Create a user that can see things with A, D, and E.
    secOps.createLocalUser("adeUser", pass);
    secOps.changeUserAuthorizations("adeUser", new Authorizations("A", "D", "E"));
    secOps.grantTablePermission("adeUser", pcjTableName, TablePermission.READ);

    // Create a user that can't see anything.
    secOps.createLocalUser("noAuth", pass);
    secOps.changeUserAuthorizations("noAuth", new Authorizations());
    secOps.grantTablePermission("noAuth", pcjTableName, TablePermission.READ);
}
 
Example 3
Source File: MergeTool.java    From rya with Apache License 2.0 5 votes vote down vote up
/**
 * Creates the temp child table if it doesn't already exist in the parent.
 * @param childTableName the name of the child table.
 * @throws IOException
 */
public void createTempTableIfNeeded(final String childTableName) throws IOException {
    try {
        final AccumuloRdfConfiguration accumuloRdfConfiguration = new AccumuloRdfConfiguration(conf);
        accumuloRdfConfiguration.setTablePrefix(childTablePrefix);
        final Connector connector = AccumuloRyaUtils.setupConnector(accumuloRdfConfiguration);
        if (!connector.tableOperations().exists(childTableName)) {
            log.info("Creating table: " + childTableName);
            connector.tableOperations().create(childTableName);
            log.info("Created table: " + childTableName);
            log.info("Granting authorizations to table: " + childTableName);
            final SecurityOperations secOps = connector.securityOperations();
            secOps.grantTablePermission(userName, childTableName, TablePermission.WRITE);
            log.info("Granted authorizations to table: " + childTableName);

            final Authorizations parentAuths = secOps.getUserAuthorizations(userName);
            // Add child authorizations so the temp parent table can be accessed.
            if (!parentAuths.equals(childAuthorizations)) {
                final List<String> childAuthList = findUniqueAuthsFromChild(parentAuths.toString(), childAuthorizations.toString());
                tempChildAuths = Joiner.on(",").join(childAuthList);
                log.info("Adding the authorization, \"" + tempChildAuths + "\", to the parent user, \"" + userName + "\"");
                final Authorizations newAuths = AccumuloRyaUtils.addUserAuths(userName, secOps, new Authorizations(tempChildAuths));
                secOps.changeUserAuthorizations(userName, newAuths);
            }
        }
    } catch (TableExistsException | AccumuloException | AccumuloSecurityException e) {
        throw new IOException(e);
    }
}
 
Example 4
Source File: MergeTool.java    From rya with Apache License 2.0 4 votes vote down vote up
@Override
public int run(final String[] strings) throws Exception {
    useMergeFileInput = conf.getBoolean(USE_MERGE_FILE_INPUT, false);

    log.info("Setting up Merge Tool...");
    setup();

    if (useMergeFileInput) {
        // When using file input mode the child instance will use a temporary table in the parent instance to
        // store the child table data.  The two tables will then be merged together.
        copyParentPropertiesToChild(conf);
    }

    for (final String table : tables) {
        final String childTable = table.replaceFirst(tablePrefix, childTablePrefix);
        final String jobName = "Merge Tool, merging Child Table: " + childTable + ", into Parent Table: " + table + ", " + System.currentTimeMillis();
        log.info("Initializing job: " + jobName);
        conf.set(MRUtils.JOB_NAME_PROP, jobName);
        conf.set(TABLE_NAME_PROP, table);

        final Job job = Job.getInstance(conf);
        job.setJarByClass(MergeTool.class);

        if (useMergeFileInput) {
            importChildFilesToTempParentTable(childTable);
        }

        setupAccumuloInput(job);

        InputFormatBase.setInputTableName(job, table);

        // Set input output of the particular job
        job.setMapOutputKeyClass(Text.class);
        job.setMapOutputValueClass(Mutation.class);
        job.setOutputKeyClass(Text.class);
        job.setOutputValueClass(Mutation.class);

        setupAccumuloOutput(job, table);

        // Set mapper and reducer classes
        job.setMapperClass(MergeToolMapper.class);
        job.setReducerClass(Reducer.class);

        // Submit the job
        final Date beginTime = new Date();
        log.info("Job for table \"" + table + "\" started: " + beginTime);
        final int exitCode = job.waitForCompletion(true) ? 0 : 1;

        if (useMergeFileInput && StringUtils.isNotBlank(tempChildAuths)) {
            // Clear any of the temporary child auths given to the parent
            final AccumuloRdfConfiguration parentAccumuloRdfConfiguration = new AccumuloRdfConfiguration(conf);
            parentAccumuloRdfConfiguration.setTablePrefix(tablePrefix);
            final Connector parentConnector = AccumuloRyaUtils.setupConnector(parentAccumuloRdfConfiguration);
            final SecurityOperations secOps = parentConnector.securityOperations();

            AccumuloRyaUtils.removeUserAuths(userName, secOps, tempChildAuths);
        }

        if (exitCode == 0) {
            final Date endTime = new Date();
            log.info("Job for table \"" + table + "\" finished: " + endTime);
            log.info("The job took " + (endTime.getTime() - beginTime.getTime()) / 1000 + " seconds.");
        } else {
            log.error("Job for table \"" + table + "\" Failed!!!");
            return exitCode;
        }
    }

    return 0;
}
 
Example 5
Source File: TablePermissions.java    From rya with Apache License 2.0 3 votes vote down vote up
/**
 * Grants the following Table Permissions for an Accumulo user to an Accumulo table.
 * <ul>
 *   <li>ALTER_TABLE</li>
 *   <li>BULK_IMPORT</li>
 *   <li>DROP_TABLE</li>
 *   <li>GRANT</li>
 *   <li>READ</li>
 *   <li>WRITE</li>
 * </ul>
 *
 * @param user - The user who will be granted the permissions. (not null)
 * @param table - The Accumulo table the permissions are granted to. (not null)
 * @param conn - The connector that is used to access the Accumulo instance
 *   that hosts the the {@code user} and {@code table}. (not null)
 * @throws AccumuloSecurityException If a general error occurs.
 * @throws AccumuloException If the user does not have permission to grant a user permissions.
 */
public void grantAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
    requireNonNull(user);
    requireNonNull(table);
    requireNonNull(conn);

    final SecurityOperations secOps = conn.securityOperations();
    secOps.grantTablePermission(user, table, TablePermission.ALTER_TABLE);
    secOps.grantTablePermission(user, table, TablePermission.BULK_IMPORT);
    secOps.grantTablePermission(user, table, TablePermission.DROP_TABLE);
    secOps.grantTablePermission(user, table, TablePermission.GRANT);
    secOps.grantTablePermission(user, table, TablePermission.READ);
    secOps.grantTablePermission(user, table, TablePermission.WRITE);
}
 
Example 6
Source File: TablePermissions.java    From rya with Apache License 2.0 3 votes vote down vote up
/**
 * Revokes the following Table Permissions for an Accumulo user from an Accumulo table.
 * <ul>
 *   <li>ALTER_TABLE</li>
 *   <li>BULK_IMPORT</li>
 *   <li>DROP_TABLE</li>
 *   <li>GRANT</li>
 *   <li>READ</li>
 *   <li>WRITE</li>
 * </ul>
 *
 * @param user - The user whose permissions will be revoked. (not null)
 * @param table - The Accumulo table the permissions are revoked from. (not null)
 * @param conn - The connector that is used to access the Accumulo instance
 *   that hosts the the {@code user} and {@code table}. (not null)
 * @throws AccumuloException If a general error occurs.
 * @throws AccumuloSecurityException If the user does not have permission to revoke a user's permissions.
 */
public void revokeAllPermissions(final String user, final String table, final Connector conn) throws AccumuloException, AccumuloSecurityException {
    requireNonNull(user);
    requireNonNull(table);
    requireNonNull(conn);

    final SecurityOperations secOps = conn.securityOperations();
    secOps.revokeTablePermission(user, table, TablePermission.ALTER_TABLE);
    secOps.revokeTablePermission(user, table, TablePermission.BULK_IMPORT);
    secOps.revokeTablePermission(user, table, TablePermission.DROP_TABLE);
    secOps.revokeTablePermission(user, table, TablePermission.GRANT);
    secOps.revokeTablePermission(user, table, TablePermission.READ);
    secOps.revokeTablePermission(user, table, TablePermission.WRITE);
}