geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zho...@apache.org
Subject [1/2] geode git commit: GEODE-2919: fix lucene security tests [Forced Update!]
Date Tue, 27 Jun 2017 16:18:58 GMT
Repository: geode
Updated Branches:
  refs/heads/feature/GEM-1483 1ef7d2b6a -> 1ceb97c7a (forced update)


GEODE-2919: fix lucene security tests


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/e5204ce1
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/e5204ce1
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/e5204ce1

Branch: refs/heads/feature/GEM-1483
Commit: e5204ce1224581425a2ebdc98515dae0044421ee
Parents: 137ced6
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Mon Jun 26 17:34:20 2017 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Mon Jun 26 17:44:11 2017 -0700

----------------------------------------------------------------------
 .../lucene/LuceneClientSecurityDUnitTest.java   |  14 +-
 .../lucene/LuceneCommandsSecurityDUnitTest.java | 291 -------------------
 .../lucene/LuceneCommandsSecurityTest.java      | 269 +++++++++++++++++
 3 files changed, 277 insertions(+), 297 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/e5204ce1/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneClientSecurityDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneClientSecurityDUnitTest.java
b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneClientSecurityDUnitTest.java
index f78e19f..f71caec 100644
--- a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneClientSecurityDUnitTest.java
+++ b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneClientSecurityDUnitTest.java
@@ -50,7 +50,7 @@ public class LuceneClientSecurityDUnitTest extends LuceneQueriesAccessorBase
{
   @Test
   @Parameters(method = "getSearchIndexUserNameAndExpectedResponses")
   public void verifySearchIndexPermissions(
-      LuceneCommandsSecurityDUnitTest.UserNameAndExpectedResponse user) {
+      LuceneCommandsSecurityTest.UserNameAndExpectedResponse user) {
     // Start server
     int serverPort = dataStore1.invoke(() -> startCacheServer());
 
@@ -97,14 +97,16 @@ public class LuceneClientSecurityDUnitTest extends LuceneQueriesAccessorBase
{
     } catch (ServerOperationException e) {
       assertTrue(e.getCause() != null && e.getCause() instanceof NotAuthorizedException);
       assertTrue(expectAuthorizationError);
-      assertTrue(e.getLocalizedMessage().contains(expectedResponse));
+      if (expectedResponse != null) {
+        assertTrue(e.getLocalizedMessage().contains(expectedResponse));
+      }
     }
   }
 
-  protected LuceneCommandsSecurityDUnitTest.UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses()
{
-    return new LuceneCommandsSecurityDUnitTest.UserNameAndExpectedResponse[] {
-        new LuceneCommandsSecurityDUnitTest.UserNameAndExpectedResponse("nopermissions",
true,
+  protected LuceneCommandsSecurityTest.UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses()
{
+    return new LuceneCommandsSecurityTest.UserNameAndExpectedResponse[] {
+        new LuceneCommandsSecurityTest.UserNameAndExpectedResponse("nopermissions", true,
             "nopermissions not authorized for DATA:WRITE"),
-        new LuceneCommandsSecurityDUnitTest.UserNameAndExpectedResponse("datawrite", false,
null)};
+        new LuceneCommandsSecurityTest.UserNameAndExpectedResponse("datawrite", false)};
   }
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/e5204ce1/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
deleted file mode 100644
index 7cc6709..0000000
--- a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityDUnitTest.java
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information
regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain
a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
- * or implied. See the License for the specific language governing permissions and limitations
under
- * the License.
- */
-package org.apache.geode.cache.lucene;
-
-import static org.apache.geode.cache.lucene.test.LuceneTestUtilities.INDEX_NAME;
-import static org.apache.geode.cache.lucene.test.LuceneTestUtilities.REGION_NAME;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.Serializable;
-import java.util.Properties;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.lucene.internal.cli.LuceneCliStrings;
-import org.apache.geode.management.cli.Result;
-import org.apache.geode.management.internal.cli.i18n.CliStrings;
-import org.apache.geode.management.internal.cli.result.CommandResult;
-import org.apache.geode.management.internal.cli.result.ErrorResultData;
-import org.apache.geode.management.internal.cli.result.ResultBuilder;
-import org.apache.geode.management.internal.cli.util.CommandStringBuilder;
-import org.apache.geode.security.SimpleTestSecurityManager;
-import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
-import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
-import org.apache.geode.test.dunit.rules.MemberVM;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class LuceneCommandsSecurityDUnitTest {
-
-  @Rule
-  public LocatorServerStartupRule locatorServer = new LocatorServerStartupRule();
-
-  @Rule
-  public GfshShellConnectionRule gfshShell = new GfshShellConnectionRule();
-
-  private MemberVM locator;
-
-  @Before
-  public void before() throws Exception {
-    // start the locator
-    Properties props = new Properties();
-    props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName());
-    this.locator = this.locatorServer.startLocatorVM(0, props);
-
-    // start the server
-    props = new Properties();
-    props.setProperty("security-username", "clusterManage");
-    props.setProperty("security-password", "clusterManage");
-    this.locatorServer.startServerVM(1, props, this.locator.getPort());
-  }
-
-  protected UserNameAndExpectedResponse[] getCreateIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("noPermissions", true,
-            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
-        new UserNameAndExpectedResponse("clusterManageQuery", false,
-            "Successfully created lucene index")};
-  }
-
-  @Test
-  @Parameters(method = "getCreateIndexUserNameAndExpectedResponses")
-  public void verifyCreateIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
-    // Connect gfsh
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, user.getUserName(), user.getUserName());
-
-    // Attempt to create lucene index
-    CommandResult result = this.gfshShell.executeCommand(getCreateIndexCommand());
-
-    // Verify result
-    verifyResult(user, result);
-  }
-
-  protected UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("noPermissions", true,
-            "Unauthorized. Reason : noPermissions not authorized for DATA:READ:region"),
-        new UserNameAndExpectedResponse("dataRead", false, "No results")};
-  }
-
-  @Test
-  @Parameters(method = "getSearchIndexUserNameAndExpectedResponses")
-  public void verifySearchIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
-    // Create index and region
-    createIndexAndRegion();
-
-    // Connect gfsh
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, user.getUserName(), user.getUserName());
-
-    // Attempt to search lucene index
-    CommandResult result = this.gfshShell.executeCommand(getSearchIndexCommand());
-
-    // Verify result
-    verifyResult(user, result);
-  }
-
-  protected UserNameAndExpectedResponse[] getListIndexesUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("noPermissions", true,
-            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
-        new UserNameAndExpectedResponse("clusterReadQuery", false, "Index Name")};
-  }
-
-  @Test
-  @Parameters(method = "getListIndexesUserNameAndExpectedResponses")
-  public void verifyListIndexesPermissions(UserNameAndExpectedResponse user) throws Exception
{
-    // Create index and region
-    createIndexAndRegion();
-
-    // Connect gfsh
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, user.getUserName(), user.getUserName());
-
-    // Attempt to search lucene index
-    CommandResult result = this.gfshShell.executeCommand(getListIndexesCommand());
-
-    // Verify result
-    verifyResult(user, result);
-  }
-
-  protected UserNameAndExpectedResponse[] getDescribeIndexUserNameAndExpectedResponses()
{
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("noPermissions", true,
-            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
-        new UserNameAndExpectedResponse("clusterReadQuery", false, "Index Name")};
-  }
-
-  @Test
-  @Parameters(method = "getDescribeIndexUserNameAndExpectedResponses")
-  public void verifyDescribeIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
-    // Create index and region
-    createIndexAndRegion();
-
-    // Connect gfsh
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, user.getUserName(), user.getUserName());
-
-    // Attempt to search lucene index
-    CommandResult result = this.gfshShell.executeCommand(getDescribeIndexCommand());
-
-    // Verify result
-    verifyResult(user, result);
-  }
-
-  protected UserNameAndExpectedResponse[] getDestroyIndexUserNameAndExpectedResponses() {
-    return new UserNameAndExpectedResponse[] {
-        new UserNameAndExpectedResponse("noPermissions", true,
-            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
-        new UserNameAndExpectedResponse("clusterManageQuery", false,
-            "Successfully destroyed lucene index")};
-  }
-
-  @Test
-  @Parameters(method = "getDestroyIndexUserNameAndExpectedResponses")
-  public void verifyDestroyIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
-    // Create index and region
-    createIndexAndRegion();
-
-    // Connect gfsh
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, user.getUserName(), user.getUserName());
-
-    // Attempt to search lucene index
-    CommandResult result = this.gfshShell.executeCommand(getDestroyIndexCommand());
-
-    // Verify result
-    verifyResult(user, result);
-  }
-
-  private void createIndexAndRegion() throws Exception {
-    // Connect gfsh to locator with permissions necessary to create an index and region
-    this.gfshShell.secureConnectAndVerify(this.locator.getPort(),
-        GfshShellConnectionRule.PortType.locator, "cluster,data", "cluster,data");
-
-    // Create lucene index
-    this.gfshShell.executeAndVerifyCommand(getCreateIndexCommand());
-
-    // Create region
-    this.gfshShell.executeAndVerifyCommand(getCreateRegionCommand());
-
-    // Disconnect gfsh
-    this.gfshShell.disconnect();
-  }
-
-  private void verifyResult(UserNameAndExpectedResponse user, CommandResult result) {
-    if (user.getExpectAuthorizationError()) {
-      assertTrue(result.getResultData() instanceof ErrorResultData);
-      assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED,
-          ((ErrorResultData) result.getResultData()).getErrorCode());
-    } else {
-      assertEquals(Result.Status.OK, result.getStatus());
-    }
-    assertTrue(this.gfshShell.getGfshOutput().contains(user.getExpectedResponse()));
-  }
-
-  private String getCreateIndexCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_CREATE_INDEX);
-    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE_CREATE_INDEX__FIELD, "field1");
-    return csb.toString();
-  }
-
-  private String getCreateRegionCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(CliStrings.CREATE_REGION);
-    csb.addOption(CliStrings.CREATE_REGION__REGION, REGION_NAME);
-    csb.addOption(CliStrings.CREATE_REGION__REGIONSHORTCUT,
-        RegionShortcut.PARTITION_REDUNDANT.name());
-    return csb.toString();
-  }
-
-  private String getSearchIndexCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_SEARCH_INDEX);
-    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE_SEARCH_INDEX__QUERY_STRING, "field1:value1");
-    csb.addOption(LuceneCliStrings.LUCENE_SEARCH_INDEX__DEFAULT_FIELD, "field1");
-    return csb.toString();
-  }
-
-  private String getListIndexesCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_LIST_INDEX);
-    return csb.toString();
-  }
-
-  private String getDescribeIndexCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESCRIBE_INDEX);
-    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
-    return csb.toString();
-  }
-
-  private String getDestroyIndexCommand() {
-    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESTROY_INDEX);
-    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
-    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
-    return csb.toString();
-  }
-
-  public static class UserNameAndExpectedResponse implements Serializable {
-
-    private final String userName;
-
-    private final boolean expectAuthorizationError;
-
-    private final String expectedResponse;
-
-    public UserNameAndExpectedResponse(String userName, boolean expectAuthorizationError,
-        String expectedResponse) {
-      this.userName = userName;
-      this.expectAuthorizationError = expectAuthorizationError;
-      this.expectedResponse = expectedResponse;
-    }
-
-    public String getUserName() {
-      return this.userName;
-    }
-
-    public boolean getExpectAuthorizationError() {
-      return this.expectAuthorizationError;
-    }
-
-    public String getExpectedResponse() {
-      return this.expectedResponse;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/geode/blob/e5204ce1/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityTest.java
b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityTest.java
new file mode 100644
index 0000000..271bd08
--- /dev/null
+++ b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/LuceneCommandsSecurityTest.java
@@ -0,0 +1,269 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.geode.cache.lucene;
+
+import static org.apache.geode.cache.lucene.test.LuceneTestUtilities.INDEX_NAME;
+import static org.apache.geode.cache.lucene.test.LuceneTestUtilities.REGION_NAME;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.Serializable;
+
+import junitparams.JUnitParamsRunner;
+import junitparams.Parameters;
+import org.junit.After;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.lucene.internal.cli.LuceneCliStrings;
+import org.apache.geode.management.cli.Result;
+import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.management.internal.cli.result.CommandResult;
+import org.apache.geode.management.internal.cli.result.ErrorResultData;
+import org.apache.geode.management.internal.cli.result.ResultBuilder;
+import org.apache.geode.management.internal.cli.util.CommandStringBuilder;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({IntegrationTest.class, SecurityTest.class})
+@RunWith(JUnitParamsRunner.class)
+public class LuceneCommandsSecurityTest {
+
+  @ClassRule
+  public static ServerStarterRule server = new ServerStarterRule()
+      .withSecurityManager(SimpleTestSecurityManager.class).withJMXManager().withAutoStart();
+
+  @ClassRule
+  public static GfshShellConnectionRule gfshShell = new GfshShellConnectionRule();
+
+  @After
+  public void after() throws Exception {
+    gfshShell.disconnect();
+  }
+
+
+  protected UserNameAndExpectedResponse[] getCreateIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
+        new UserNameAndExpectedResponse("clusterManageQuery", false)};
+  }
+
+  @Test
+  @Parameters(method = "getCreateIndexUserNameAndExpectedResponses")
+  public void verifyCreateIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
+    // Connect gfsh
+    this.gfshShell.secureConnectAndVerify(this.server.getJmxPort(),
+        GfshShellConnectionRule.PortType.jmxManger, user.getUserName(), user.getUserName());
+
+    // Attempt to create lucene index
+    CommandResult result = this.gfshShell.executeCommand(getCreateIndexCommand());
+
+    // Verify result
+    verifyResult(user, result);
+  }
+
+  protected UserNameAndExpectedResponse[] getSearchIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for DATA:READ:region"),
+        new UserNameAndExpectedResponse("dataRead", false)};
+  }
+
+  @Test
+  @Parameters(method = "getSearchIndexUserNameAndExpectedResponses")
+  public void verifySearchIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
+    // Create index and region
+    // createIndexAndRegion();
+
+    // Connect gfsh
+    this.gfshShell.secureConnectAndVerify(this.server.getJmxPort(),
+        GfshShellConnectionRule.PortType.jmxManger, user.getUserName(), user.getUserName());
+
+    // Attempt to search lucene index
+    CommandResult result = this.gfshShell.executeCommand(getSearchIndexCommand());
+
+    // Verify result
+    verifyResult(user, result);
+  }
+
+  protected UserNameAndExpectedResponse[] getListIndexesUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
+        new UserNameAndExpectedResponse("clusterReadQuery", false)};
+  }
+
+  @Test
+  @Parameters(method = "getListIndexesUserNameAndExpectedResponses")
+  public void verifyListIndexesPermissions(UserNameAndExpectedResponse user) throws Exception
{
+    // Create index and region
+    // createIndexAndRegion();
+
+    // Connect gfsh
+    this.gfshShell.secureConnectAndVerify(this.server.getJmxPort(),
+        GfshShellConnectionRule.PortType.jmxManger, user.getUserName(), user.getUserName());
+
+    // Attempt to search lucene index
+    CommandResult result = this.gfshShell.executeCommand(getListIndexesCommand());
+
+    // Verify result
+    verifyResult(user, result);
+  }
+
+  protected UserNameAndExpectedResponse[] getDescribeIndexUserNameAndExpectedResponses()
{
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:READ:QUERY"),
+        new UserNameAndExpectedResponse("clusterReadQuery", false)};
+  }
+
+  @Test
+  @Parameters(method = "getDescribeIndexUserNameAndExpectedResponses")
+  public void verifyDescribeIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
+    // Create index and region
+    // createIndexAndRegion();
+
+    // Connect gfsh
+    this.gfshShell.secureConnectAndVerify(this.server.getJmxPort(),
+        GfshShellConnectionRule.PortType.jmxManger, user.getUserName(), user.getUserName());
+
+    // Attempt to search lucene index
+    CommandResult result = this.gfshShell.executeCommand(getDescribeIndexCommand());
+
+    // Verify result
+    verifyResult(user, result);
+  }
+
+  protected UserNameAndExpectedResponse[] getDestroyIndexUserNameAndExpectedResponses() {
+    return new UserNameAndExpectedResponse[] {
+        new UserNameAndExpectedResponse("noPermissions", true,
+            "Unauthorized. Reason : noPermissions not authorized for CLUSTER:MANAGE:QUERY"),
+        new UserNameAndExpectedResponse("clusterManageQuery", false)};
+  }
+
+  @Test
+  @Parameters(method = "getDestroyIndexUserNameAndExpectedResponses")
+  public void verifyDestroyIndexPermissions(UserNameAndExpectedResponse user) throws Exception
{
+    // Create index and region
+    // createIndexAndRegion();
+
+    // Connect gfsh
+    this.gfshShell.secureConnectAndVerify(this.server.getJmxPort(),
+        GfshShellConnectionRule.PortType.jmxManger, user.getUserName(), user.getUserName());
+
+    // Attempt to search lucene index
+    CommandResult result = this.gfshShell.executeCommand(getDestroyIndexCommand());
+
+    // Verify result
+    verifyResult(user, result);
+  }
+
+  private void verifyResult(UserNameAndExpectedResponse user, CommandResult result) {
+    if (user.getExpectAuthorizationError()) {
+      assertTrue(result.getResultData() instanceof ErrorResultData);
+      assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED,
+          ((ErrorResultData) result.getResultData()).getErrorCode());
+    } else {
+      assertEquals(Result.Status.OK, result.getStatus());
+    }
+
+    if (user.getExpectedResponse() != null) {
+      assertTrue(this.gfshShell.getGfshOutput().contains(user.getExpectedResponse()));
+    }
+  }
+
+  private String getCreateIndexCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_CREATE_INDEX);
+    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE_CREATE_INDEX__FIELD, "field1");
+    return csb.toString();
+  }
+
+  private String getCreateRegionCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(CliStrings.CREATE_REGION);
+    csb.addOption(CliStrings.CREATE_REGION__REGION, REGION_NAME);
+    csb.addOption(CliStrings.CREATE_REGION__REGIONSHORTCUT,
+        RegionShortcut.PARTITION_REDUNDANT.name());
+    return csb.toString();
+  }
+
+  private String getSearchIndexCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_SEARCH_INDEX);
+    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE_SEARCH_INDEX__QUERY_STRING, "field1:value1");
+    csb.addOption(LuceneCliStrings.LUCENE_SEARCH_INDEX__DEFAULT_FIELD, "field1");
+    return csb.toString();
+  }
+
+  private String getListIndexesCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_LIST_INDEX);
+    return csb.toString();
+  }
+
+  private String getDescribeIndexCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESCRIBE_INDEX);
+    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
+    return csb.toString();
+  }
+
+  private String getDestroyIndexCommand() {
+    CommandStringBuilder csb = new CommandStringBuilder(LuceneCliStrings.LUCENE_DESTROY_INDEX);
+    csb.addOption(LuceneCliStrings.LUCENE__INDEX_NAME, INDEX_NAME);
+    csb.addOption(LuceneCliStrings.LUCENE__REGION_PATH, REGION_NAME);
+    return csb.toString();
+  }
+
+  public static class UserNameAndExpectedResponse implements Serializable {
+
+    private final String userName;
+
+    private final boolean expectAuthorizationError;
+
+    private final String expectedResponse;
+
+    public UserNameAndExpectedResponse(String userName, boolean expectAuthorizationError)
{
+      this(userName, expectAuthorizationError, null);
+    }
+
+    public UserNameAndExpectedResponse(String userName, boolean expectAuthorizationError,
+        String expectedResponse) {
+      this.userName = userName;
+      this.expectAuthorizationError = expectAuthorizationError;
+      this.expectedResponse = expectedResponse;
+    }
+
+    public String getUserName() {
+      return this.userName;
+    }
+
+    public boolean getExpectAuthorizationError() {
+      return this.expectAuthorizationError;
+    }
+
+    public String getExpectedResponse() {
+      return this.expectedResponse;
+    }
+  }
+}


Mime
View raw message