Permission Denied when running Rwalk scripts #132
Description
With the recent changes in accumulo #1828, some of the modules for RWalk now throw permission exceptions.
The specific one I ran into while running ./bin./rwalk All.xml and specifically./bin/rwalk Security.xml is below:
ThriftSecurityException(user:system_flash_superheroes_local, code:PERMISSION_DENIED)
at org.apache.accumulo.server.security.SecurityOperation.authenticateUser(SecurityOperation.java:238)
at org.apache.accumulo.server.client.ClientServiceHandler.authenticateUser(ClientServiceHandler.java:150)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.accumulo.core.trace.TraceUtil.lambda$wrapService$6(TraceUtil.java:235)
at com.sun.proxy.$Proxy38.authenticateUser(Unknown Source)
at org.apache.accumulo.core.clientImpl.thrift.ClientService$Processor$authenticateUser.getResult(ClientService.java:2608)
at org.apache.accumulo.core.clientImpl.thrift.ClientService$Processor$authenticateUser.getResult(ClientService.java:2587)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:38)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.accumulo.server.rpc.TimedProcessor.process(TimedProcessor.java:63)
at org.apache.thrift.server.AbstractNonblockingServer$FrameBuffer.invoke(AbstractNonblockingServer.java:518)
at org.apache.accumulo.server.rpc.CustomNonBlockingServer$CustomFrameBuffer.invoke(CustomNonBlockingServer.java:114)
at org.apache.thrift.server.Invocation.run(Invocation.java:18)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
There are also several warnings thrown now for each permission in our auditing. Some examples below:
operation: failed; user: system_flash_superheroes_local;
action: changeAuthorizations; targetUser: system_flash_superheroes_local;
authorizations: Towels,Paper,Brush,Asparagus,Fishsticks,PotatoSkins,Ribs,Celery;
exception: ThriftSecurityException(user:system_flash_superheroes_local,
code:PERMISSION
operation: failed; user: root; checking permission DROP_USER on table_flash_superheroes_local denied;
exception: ThriftSecurityException(user:table_flash_superheroes_local,
code:USER_DOESNT_EXIST)
operation: failed; user: table_flash_superheroes_local;
action: revokeTablePermission;
permission: BULK_IMPORT; targetTable: security_flash_superheroes_local; targetUser: system_flash_superheroes_local;;
exception: ThriftSecurityException(user:table_flash_superheroes_local,
code:PERMISSION_DENIED)
This seems to happen for each permission type, either with Permission_Denied or for User_Doesn't_Exist.
New one below:
ERROR Framework Error during random walk
java.lang.Exception: Error running node Security.xml
at org.apache.accumulo.testing.randomwalk.Module.visit(Module.java:370)
at org.apache.accumulo.testing.randomwalk.Framework.run(Framework.java:48)
at org.apache.accumulo.testing.randomwalk.Framework.main(Framework.java:92)
Caused by: org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user system_flash_superheroes_local - Username or Password is Invalid