Bump to accumulo-access 1.0.0-beta3

build/dependencies.txt

@@ -111,7 +111,7 @@ net.sf.geographiclib:GeographicLib-Java:1.49:compile
 net.sf.saxon:Saxon-HE:12.4:compile
 org.antlr:antlr4-runtime:4.7.2:compile
 org.antlr:antlr4-runtime:4.9.3:compile
-org.apache.accumulo:accumulo-access:1.0.0-beta:compile
+org.apache.accumulo:accumulo-access-core:1.0.0-beta3:compile
 org.apache.accumulo:accumulo-core:2.1.4:compile
 org.apache.accumulo:accumulo-hadoop-mapreduce:2.1.4:compile
 org.apache.arrow:arrow-format:19.0.0:compile

docs/user/upgrade/6.0.0.rst

@@ -37,6 +37,7 @@ Dependency Version Upgrades
 
 The following dependencies have been upgraded:
 
+* accumulo-access ``1.0.0-beta`` -> ``1.0.0-beta3``
 * arrow ``18.3.0`` -> ``19.0.0``
 * commons-codec ``1.17.1`` -> ``1.18.0``
 * commons-lang ``3.15.0`` -> ``3.20.0``

geomesa-fs/geomesa-fs-storage/geomesa-fs-storage-core/src/main/scala/org/locationtech/geomesa/fs/storage/core/observer/s3/S3VisibilityObserver.scala

@@ -10,7 +10,6 @@ package org.locationtech.geomesa.fs.storage.core
 package observer
 package s3
 
-import org.apache.accumulo.access.AccessExpression
 import org.geotools.api.feature.simple.SimpleFeature
 import org.locationtech.geomesa.fs.storage.core.fs.S3ObjectStore
 import org.locationtech.geomesa.security.SecurityUtils
@@ -52,10 +51,9 @@ class S3VisibilityObserver(path: URI, s3: S3AsyncClient, tag: String) extends Fi
 
   private def makeTagRequest(bucket: String, key: String): Unit = {
     if (visibilities.nonEmpty) {
-      val vis = visibilities.mkString("(", ")&(", ")")
-      // this call simplifies and de-duplicates the expression
-      val expression = AccessExpression.of(vis, /*normalize = */true).getExpression
-      val visibility = Base64.getEncoder.encodeToString(expression.getBytes(StandardCharsets.UTF_8))
+      val vis = visibilities.toList.sorted.mkString("(", ")&(", ")")
+      // TODO simplify and de-duplicates the expression
+      val visibility = Base64.getEncoder.encodeToString(vis.getBytes(StandardCharsets.UTF_8))
       val tagging = Tagging.builder().tagSet(Tag.builder.key(tag).value(visibility).build()).build()
       val request = PutObjectTaggingRequest.builder.bucket(bucket).key(key).tagging(tagging).build()
       s3.putObjectTagging(request).join()

geomesa-security/pom.xml

@@ -17,7 +17,7 @@
         </dependency>
         <dependency>
             <groupId>org.apache.accumulo</groupId>
-            <artifactId>accumulo-access</artifactId>
+            <artifactId>accumulo-access-core</artifactId>
         </dependency>
 
         <!-- provided dependencies -->

geomesa-security/src/main/scala/org/locationtech/geomesa/security/VisibilityUtils.scala

@@ -8,7 +8,7 @@
 
 package org.locationtech.geomesa.security
 
-import org.apache.accumulo.access.{AccessEvaluator, Authorizations}
+import org.apache.accumulo.access.Access
 import org.geotools.api.feature.simple.SimpleFeature
 
 import scala.util.control.NonFatal
@@ -24,16 +24,17 @@ object VisibilityUtils {
    * @param provider auth provider
    * @return
    */
-  def visible(provider: AuthorizationsProvider): IsVisible = new AuthVisibilityCheck(provider.getAuthorizations)
+  def visible(provider: AuthorizationsProvider): IsVisible =
+    new AuthVisibilityCheck(new java.util.HashSet[String](provider.getAuthorizations))
 
   /**
    * Parses any visibilities in the feature and compares with the user's authorizations
    *
    * @param auths authorizations for the current user
    */
-  private class AuthVisibilityCheck(auths: java.util.List[String]) extends (SimpleFeature => Boolean) {
+  private class AuthVisibilityCheck(auths: java.util.Set[String]) extends (SimpleFeature => Boolean) {
 
-    private val access = AccessEvaluator.of(Authorizations.of(auths))
+    private val access = Access.builder().build().newEvaluator(auths)
     private val cache = scala.collection.mutable.Map.empty[String, Boolean]
 
     /**

geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/IsVisibleFilterFunction.scala

@@ -9,7 +9,7 @@
 package org.locationtech.geomesa.security.filter
 
 import com.github.benmanes.caffeine.cache.{CacheLoader, Caffeine}
-import org.apache.accumulo.access.AccessEvaluator
+import org.apache.accumulo.access.{Access, AccessEvaluator}
 import org.geotools.api.filter.Filter
 import org.geotools.api.filter.capability.FunctionName
 import org.geotools.api.filter.expression.Expression
@@ -70,7 +70,8 @@ object IsVisibleFilterFunction {
 
   private val evaluatorCache = Caffeine.newBuilder().expireAfterAccess(Duration.ofMinutes(5)).build(
     new CacheLoader[String, AccessEvaluator]() {
-      override def load(auths: String): AccessEvaluator = AccessEvaluator.of(auths.split(','): _*)
+      override def load(auths: String): AccessEvaluator =
+        Access.builder().build().newEvaluator(new java.util.HashSet[String](java.util.Arrays.asList(auths.split(','): _*)))
     }
   )
 

geomesa-security/src/main/scala/org/locationtech/geomesa/security/filter/VisibilityFilterFunction.scala

@@ -8,7 +8,7 @@
 
 package org.locationtech.geomesa.security.filter
 
-import org.apache.accumulo.access.{AccessEvaluator, Authorizations}
+import org.apache.accumulo.access.Access
 import org.geotools.api.feature.simple.SimpleFeature
 import org.geotools.api.filter.capability.FunctionName
 import org.geotools.api.filter.expression.Expression
@@ -24,8 +24,8 @@ class VisibilityFilterFunction extends FunctionExpressionImpl(VisibilityFilterFu
 
   private val cache = scala.collection.mutable.Map.empty[String, java.lang.Boolean]
 
-  private val auths = Authorizations.of(VisibilityFilterFunction.provider.getAuthorizations)
-  private val access = AccessEvaluator.of(auths)
+  private val access =
+    Access.builder().build().newEvaluator(new java.util.HashSet[String](VisibilityFilterFunction.provider.getAuthorizations))
 
   private var expression: Expression = _
 

geomesa-tools/src/main/scala/org/locationtech/geomesa/tools/ingest/UpdateFeaturesCommand.scala

@@ -9,7 +9,7 @@
 package org.locationtech.geomesa.tools.ingest
 
 import com.beust.jcommander.{IParameterValidator, IStringConverter, Parameter, ParameterException}
-import org.apache.accumulo.access.{AccessExpression, IllegalAccessExpressionException}
+import org.apache.accumulo.access.Access
 import org.geotools.api.data.{DataStore, Transaction}
 import org.geotools.api.filter.Filter
 import org.geotools.filter.text.ecql.ECQL
@@ -101,15 +101,15 @@ object UpdateFeaturesCommand {
     var visibility: String = _
   }
 
-  class TupleConverter extends IStringConverter[(String, String)] {
+  private class TupleConverter extends IStringConverter[(String, String)] {
     override def convert(value: String): (String, String) = {
       value.split("=", 2) match {
         case Array(one, two) => (one, two)
       }
     }
   }
 
-  class TupleValidator extends IParameterValidator {
+  private class TupleValidator extends IParameterValidator {
     @throws[ParameterException]
     override def validate(name: String, value: String): Unit = {
       if (value == null || value.isEmpty || value.indexOf('=') == -1) {
@@ -118,11 +118,11 @@ object UpdateFeaturesCommand {
     }
   }
 
-  class VisibilityValidator extends IParameterValidator {
+  private class VisibilityValidator extends IParameterValidator {
     @throws[ParameterException]
     override def validate(name: String, value: String): Unit = {
-      try { AccessExpression.validate(value) } catch {
-        case e: IllegalAccessExpressionException =>
+      try { Access.builder().build().validateExpression(value) } catch {
+        case e: IllegalArgumentException =>
           throw new ParameterException(s"Parameter $name $value is not a valid visibility: ${e.getMessage}", e)
       }
     }

pom.xml

@@ -65,7 +65,7 @@
         <ejml.version>0.41</ejml.version> <!-- needs to track with gt/gs version -->
 
         <!-- direct dependencies -->
-        <accumulo.access.version>1.0.0-beta</accumulo.access.version>
+        <accumulo.access.version>1.0.0-beta3</accumulo.access.version>
         <arrow.version>19.0.0</arrow.version>
         <avro.version>1.11.4</avro.version>
         <aws.analyticsaccelerator.version>1.3.1</aws.analyticsaccelerator.version>
@@ -1139,7 +1139,7 @@
 
             <dependency>
                 <groupId>org.apache.accumulo</groupId>
-                <artifactId>accumulo-access</artifactId>
+                <artifactId>accumulo-access-core</artifactId>
                 <version>${accumulo.access.version}</version>
             </dependency>
             <dependency>