geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zho...@apache.org
Subject [28/50] [abbrv] geode git commit: GEODE-2920: added security tests for create diskstore and create persistent region.
Date Fri, 21 Jul 2017 06:41:40 GMT
GEODE-2920: added security tests for create diskstore and create persistent region.


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/20c6e3d4
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/20c6e3d4
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/20c6e3d4

Branch: refs/heads/feature/GEM-1483
Commit: 20c6e3d40797cb97ca1ee3d4b0365e28cda95e2a
Parents: c5520f9
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Mon Jul 17 10:41:19 2017 -0700
Committer: Ken Howe <khowe@pivotal.io>
Committed: Tue Jul 18 07:11:33 2017 -0700

----------------------------------------------------------------------
 .../security/GfshCommandsSecurityTest.java      | 93 +++++++++++++-------
 1 file changed, 59 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/20c6e3d4/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
index c2be173..8635306 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
@@ -14,15 +14,11 @@
  */
 package org.apache.geode.management.internal.security;
 
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
+import static org.assertj.core.api.Assertions.assertThat;
 
 import java.util.List;
 
 import org.apache.shiro.authz.permission.WildcardPermission;
-import org.assertj.core.api.SoftAssertions;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -35,7 +31,7 @@ import org.apache.geode.management.cli.Result;
 import org.apache.geode.management.internal.cli.result.CommandResult;
 import org.apache.geode.management.internal.cli.result.ErrorResultData;
 import org.apache.geode.management.internal.cli.result.ResultBuilder;
-import org.apache.geode.security.TestSecurityManager;
+import org.apache.geode.security.SimpleTestSecurityManager;
 import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
 import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
 import org.apache.geode.test.dunit.rules.ServerStarterRule;
@@ -45,11 +41,9 @@ import org.apache.geode.test.junit.categories.SecurityTest;
 @Category({IntegrationTest.class, SecurityTest.class})
 public class GfshCommandsSecurityTest {
   @ClassRule
-  public static ServerStarterRule serverStarter = new ServerStarterRule().withJMXManager()
-      .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
-      .withProperty("security-json",
-          "org/apache/geode/management/internal/security/cacheServer.json")
-      .withRegion(RegionShortcut.REPLICATE_PERSISTENT, "persistentRegion");
+  public static ServerStarterRule serverStarter =
+      new ServerStarterRule().withJMXManager().withSecurityManager(SimpleTestSecurityManager.class)
+          .withRegion(RegionShortcut.REPLICATE_PERSISTENT, "persistentRegion");
 
   @Rule
   public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(
@@ -61,73 +55,73 @@ public class GfshCommandsSecurityTest {
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "wrongPwd")
+  @ConnectionConfiguration(user = "data", password = "wrongPwd")
   public void testInvalidCredentials() throws Exception {
-    assertFalse(gfshConnection.isConnected());
+    assertThat(gfshConnection.isConnected()).isFalse();
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-admin", password = "1234567")
+  @ConnectionConfiguration(user = "data", password = "data")
   public void testValidCredentials() throws Exception {
-    assertTrue(gfshConnection.isConnected());
+    assertThat(gfshConnection.isConnected()).isTrue();
   }
 
   @Test
-  @ConnectionConfiguration(user = "cluster-reader", password = "1234567")
+  @ConnectionConfiguration(user = "clusterRead", password = "clusterRead")
   public void testClusterReader() throws Exception {
     runCommandsPermittedAndForbiddenBy("CLUSTER:READ");
   }
 
   @Test
-  @ConnectionConfiguration(user = "cluster-writer", password = "1234567")
+  @ConnectionConfiguration(user = "clusterWrite", password = "clusterWrite")
   public void testClusterWriter() throws Exception {
     runCommandsPermittedAndForbiddenBy("CLUSTER:WRITE");
   }
 
   @Test
-  @ConnectionConfiguration(user = "cluster-manager", password = "1234567")
+  @ConnectionConfiguration(user = "clusterManage", password = "clusterManage")
   public void testClusterManager() throws Exception {
     runCommandsPermittedAndForbiddenBy("CLUSTER:MANAGE");
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-reader", password = "1234567")
+  @ConnectionConfiguration(user = "dataRead", password = "dataRead")
   public void testDataReader() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:READ");
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-writer", password = "1234567")
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
   public void testDataWriter() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:WRITE");
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-manager", password = "1234567")
+  @ConnectionConfiguration(user = "dataManage", password = "dataManage")
   public void testDataManager() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:MANAGE");
   }
 
   @Test
-  @ConnectionConfiguration(user = "regionA-reader", password = "1234567")
+  @ConnectionConfiguration(user = "dataReadRegionA", password = "dataReadRegionA")
   public void testRegionAReader() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:READ:RegionA");
   }
 
   @Test
-  @ConnectionConfiguration(user = "regionA-writer", password = "1234567")
+  @ConnectionConfiguration(user = "dataWriteRegionA", password = "dataWriteRegionA")
   public void testRegionAWriter() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:WRITE:RegionA");
   }
 
   @Test
-  @ConnectionConfiguration(user = "regionA-manager", password = "1234567")
+  @ConnectionConfiguration(user = "dataManageRegionA", password = "dataManageRegionA")
   public void testRegionAManager() throws Exception {
     runCommandsPermittedAndForbiddenBy("DATA:MANAGE:RegionA");
   }
 
   @Test
-  @ConnectionConfiguration(user = "super-user", password = "1234567")
+  @ConnectionConfiguration(user = "data,cluster", password = "data,cluster")
   public void testRegionSuperUser() throws Exception {
     runCommandsPermittedAndForbiddenBy("*");
   }
@@ -135,18 +129,17 @@ public class GfshCommandsSecurityTest {
   private void runCommandsPermittedAndForbiddenBy(String permission) throws Exception {
     List<TestCommand> allPermitted =
         TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
-    SoftAssertions softly = new SoftAssertions();
 
     for (TestCommand permitted : allPermitted) {
       System.out.println("Processing authorized command: " + permitted.getCommand());
       CommandResult result = gfshConnection.executeCommand(permitted.getCommand());
-      assertNotNull(result);
+      assertThat(result).isNotNull();
 
       if (result.getResultData() instanceof ErrorResultData) {
-        softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(permitted.getCommand())
+        assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(permitted.getCommand())
             .isNotEqualTo(((ErrorResultData) result.getResultData()).getErrorCode());
       } else {
-        softly.assertThat(Result.Status.OK).describedAs(permitted.toString())
+        assertThat(Result.Status.OK).describedAs(permitted.toString())
             .isEqualTo(result.getStatus());
       }
     }
@@ -167,16 +160,13 @@ public class GfshCommandsSecurityTest {
         continue;
       }
 
-      softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(other.getCommand())
+      assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(other.getCommand())
           .isEqualTo(((ErrorResultData) result.getResultData()).getErrorCode());
     }
-
-    softly.assertAll();
-
   }
 
   @Test
-  @ConnectionConfiguration(user = "data-user", password = "1234567")
+  @ConnectionConfiguration(user = "data", password = "data")
   public void testGetPostProcess() throws Exception {
     gfshConnection.executeCommand("put --region=region1 --key=key2 --value=value2");
     gfshConnection.executeCommand("put --region=region1 --key=key2 --value=value2");
@@ -186,4 +176,39 @@ public class GfshCommandsSecurityTest {
     gfshConnection.executeCommand("query --query=\"select * from /region1\"");
   }
 
+  @Test
+  @ConnectionConfiguration(user = "data", password = "data")
+  public void createDiskStore() throws Exception {
+    CommandResult result =
+        gfshConnection.executeCommand("create disk-store --name=disk1 --dir=disk1");
+
+    assertThat(result.getContent().toString()).contains("not authorized for CLUSTER:MANAGE:DISK");
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataManage,clusterWriteDisk",
+      password = "dataManage,clusterWriteDisk")
+  public void createPartitionedPersistentRegionWithCorrectPermissions() throws Exception
{
+    gfshConnection
+        .executeAndVerifyCommand("create region --name=region2 --type=PARTITION_PERSISTENT");
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataManage", password = "dataManage")
+  public void createPartitionedPersistentRegionWithoutClusterWriteDisk() throws Exception
{
+    CommandResult result =
+        gfshConnection.executeCommand("create region --name=region2 --type=PARTITION_PERSISTENT");
+
+    assertThat(result.getContent().toString()).contains("not authorized for CLUSTER:WRITE:DISK");
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "clusterWriteDisk", password = "clusterWriteDisk")
+  public void createPartitionedPersistentRegionWithoutDataManage() throws Exception {
+    CommandResult result =
+        gfshConnection.executeCommand("create region --name=region2 --type=PARTITION_PERSISTENT");
+
+    assertThat(result.getContent().toString()).contains("not authorized for DATA:MANAGE");
+  }
+
 }


Mime
View raw message