in src/main/java/org/apache/accumulo/testing/randomwalk/security/AlterTablePerm.java [43:201]
public static void alter(State state, RandWalkEnv env, Properties props) throws Exception {
String action = props.getProperty("task", "toggle");
String perm = props.getProperty("perm", "random");
String sourceUserProp = props.getProperty("source", "system");
String targetUser = props.getProperty("target", "table");
String target;
if ("table".equals(targetUser))
target = WalkingSecurity.get(state, env).getTabUserName();
else
target = WalkingSecurity.get(state, env).getSysUserName();
boolean userExists = WalkingSecurity.get(state, env).userExists(target);
boolean tableExists = WalkingSecurity.get(state, env).getTableExists();
TablePermission tabPerm;
if (perm.equals("random")) {
int i = env.getRandom().nextInt(TablePermission.values().length);
tabPerm = TablePermission.values()[i];
} else
tabPerm = TablePermission.valueOf(perm);
String tableName = WalkingSecurity.get(state, env).getTableName();
boolean hasPerm =
WalkingSecurity.get(state, env).hasTablePermission(target, tableName, tabPerm);
boolean canGive;
String sourceUser;
AuthenticationToken sourceToken;
if ("system".equals(sourceUserProp)) {
sourceUser = WalkingSecurity.get(state, env).getSysUserName();
sourceToken = WalkingSecurity.get(state, env).getSysToken();
} else if ("table".equals(sourceUserProp)) {
sourceUser = WalkingSecurity.get(state, env).getTabUserName();
sourceToken = WalkingSecurity.get(state, env).getTabToken();
} else {
sourceUser = env.getAccumuloUserName();
sourceToken = env.getToken();
}
try (AccumuloClient client = env.createClient(sourceUser, sourceToken)) {
SecurityOperations secOps = client.securityOperations();
try {
canGive = secOps.hasSystemPermission(sourceUser, SystemPermission.ALTER_TABLE)
|| secOps.hasTablePermission(sourceUser, tableName, TablePermission.GRANT);
} catch (AccumuloSecurityException ae) {
if (ae.getSecurityErrorCode().equals(SecurityErrorCode.TABLE_DOESNT_EXIST)) {
if (tableExists)
throw new TableExistsException(null, tableName,
"Got a TableNotFoundException but it should exist", ae);
else
return;
} else {
throw new AccumuloException("Got unexpected ae error code", ae);
}
}
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
try {
boolean res;
if (hasPerm != (res = env.getAccumuloClient().securityOperations()
.hasTablePermission(target, tableName, tabPerm)))
throw new AccumuloException("Test framework and accumulo are out of sync for user "
+ client.whoami() + " for perm " + tabPerm.name()
+ " with local vs. accumulo being " + hasPerm + " " + res);
if (hasPerm)
action = "take";
else
action = "give";
} catch (AccumuloSecurityException ae) {
switch (ae.getSecurityErrorCode()) {
case USER_DOESNT_EXIST:
if (userExists)
throw new AccumuloException(
"Framework and Accumulo are out of sync, we think user exists", ae);
else
return;
case TABLE_DOESNT_EXIST:
if (tableExists)
throw new TableExistsException(null, tableName,
"Got a TableNotFoundException but it should exist", ae);
else
return;
default:
throw ae;
}
}
}
boolean trans = WalkingSecurity.get(state, env).userPassTransient(client.whoami());
if ("take".equals(action)) {
try {
client.securityOperations().revokeTablePermission(target, tableName, tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getSecurityErrorCode()) {
case GRANT_INVALID:
throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
case PERMISSION_DENIED:
if (canGive)
throw new AccumuloException(client.whoami() + " failed to revoke permission to "
+ target + " when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (userExists)
throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
return;
case TABLE_DOESNT_EXIST:
if (tableExists)
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
if (!trans)
throw new AccumuloException("Bad credentials for user " + client.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
WalkingSecurity.get(state, env).revokeTablePermission(target, tableName, tabPerm);
} else if ("give".equals(action)) {
try {
client.securityOperations().grantTablePermission(target, tableName, tabPerm);
} catch (AccumuloSecurityException ae) {
switch (ae.getSecurityErrorCode()) {
case GRANT_INVALID:
throw new AccumuloException("Got a grant invalid on non-System.GRANT option", ae);
case PERMISSION_DENIED:
if (canGive)
throw new AccumuloException(client.whoami() + " failed to give permission to "
+ target + " when it should have worked", ae);
return;
case USER_DOESNT_EXIST:
if (userExists)
throw new AccumuloException("Table user doesn't exist and they SHOULD.", ae);
return;
case TABLE_DOESNT_EXIST:
if (tableExists)
throw new AccumuloException("Table doesn't exist but it should", ae);
return;
case BAD_CREDENTIALS:
if (!trans)
throw new AccumuloException("Bad credentials for user " + client.whoami());
return;
default:
throw new AccumuloException("Got unexpected exception", ae);
}
}
WalkingSecurity.get(state, env).grantTablePermission(target, tableName, tabPerm);
}
if (!userExists)
throw new AccumuloException("User shouldn't have existed, but apparently does");
if (!tableExists)
throw new AccumuloException("Table shouldn't have existed, but apparently does");
if (!canGive)
throw new AccumuloException(
client.whoami() + " shouldn't have been able to grant privilege");
}
}