From commits-return-25385-archive-asf-public=cust-asf.ponee.io@geode.apache.org Tue Jan 23 18:19:31 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id 32F48180621 for ; Tue, 23 Jan 2018 18:19:31 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 226C1160C39; Tue, 23 Jan 2018 17:19:31 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 708DE160C17 for ; Tue, 23 Jan 2018 18:19:28 +0100 (CET) Received: (qmail 36384 invoked by uid 500); 23 Jan 2018 17:19:27 -0000 Mailing-List: contact commits-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list commits@geode.apache.org Received: (qmail 36368 invoked by uid 99); 23 Jan 2018 17:19:27 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jan 2018 17:19:27 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id E7568820E5; Tue, 23 Jan 2018 17:19:25 +0000 (UTC) Date: Tue, 23 Jan 2018 17:19:25 +0000 To: "commits@geode.apache.org" Subject: [geode] branch develop updated: GEODE-3974: Core function security improvement (#1310) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <151672796553.26736.5521233039536742451@gitbox.apache.org> From: jinmeiliao@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: geode X-Git-Refname: refs/heads/develop X-Git-Reftype: branch X-Git-Oldrev: 6501fb55edc11291e06d285227d5714a416916b0 X-Git-Newrev: 6df14c8b1e3c644f9f810149e80bba0c2f073dab X-Git-Rev: 6df14c8b1e3c644f9f810149e80bba0c2f073dab X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. jinmeiliao pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/geode.git The following commit(s) were added to refs/heads/develop by this push: new 6df14c8 GEODE-3974: Core function security improvement (#1310) 6df14c8 is described below commit 6df14c8b1e3c644f9f810149e80bba0c2f073dab Author: jinmeiliao AuthorDate: Tue Jan 23 09:19:22 2018 -0800 GEODE-3974: Core function security improvement (#1310) --- .../cli/JDBCConnectorFunctionsSecurityTest.java | 4 +- .../util/FindRestEnabledServersFunction.java | 7 +- .../cli/functions/AlterRuntimeConfigFunction.java | 13 +- .../cli/functions/ChangeLogLevelFunction.java | 11 +- .../cli/functions/CloseDurableClientFunction.java | 17 +- .../cli/functions/CloseDurableCqFunction.java | 17 +- .../cli/functions/ContinuousQueryFunction.java | 8 + .../functions/CreateAsyncEventQueueFunction.java | 11 +- .../functions/CreateDefinedIndexesFunction.java | 13 +- .../cli/functions/CreateDiskStoreFunction.java | 14 +- .../cli/functions/CreateIndexFunction.java | 14 +- .../cli/functions/DataCommandFunction.java | 7 + .../internal/cli/functions/DeployFunction.java | 9 ++ .../cli/functions/DescribeDiskStoreFunction.java | 13 +- .../functions/DestroyAsyncEventQueueFunction.java | 10 ++ .../cli/functions/DestroyDiskStoreFunction.java | 10 ++ .../cli/functions/DestroyIndexFunction.java | 9 ++ .../cli/functions/ExportConfigFunction.java | 9 ++ .../internal/cli/functions/ExportDataFunction.java | 9 ++ .../internal/cli/functions/ExportLogsFunction.java | 10 +- .../functions/FetchRegionAttributesFunction.java | 10 ++ .../FetchSharedConfigurationStatusFunction.java | 13 +- .../cli/functions/GarbageCollectionFunction.java | 10 ++ .../functions/GatewayReceiverCreateFunction.java | 9 ++ .../cli/functions/GatewaySenderCreateFunction.java | 10 ++ .../functions/GatewaySenderDestroyFunction.java | 10 ++ .../GetMemberConfigInformationFunction.java | 32 ++-- .../functions/GetMemberInformationFunction.java | 13 +- .../functions/GetRegionDescriptionFunction.java | 11 +- .../internal/cli/functions/GetRegionsFunction.java | 14 +- .../cli/functions/GetStackTracesFunction.java | 14 +- .../GetSubscriptionQueueSizeFunction.java | 16 +- .../internal/cli/functions/ImportDataFunction.java | 9 ++ .../functions/ListAsyncEventQueuesFunction.java | 13 +- .../cli/functions/ListDeployedFunction.java | 9 ++ .../cli/functions/ListDiskStoresFunction.java | 12 +- .../cli/functions/ListDurableCqNamesFunction.java | 13 +- .../cli/functions/ListFunctionFunction.java | 9 ++ .../internal/cli/functions/ListIndexFunction.java | 12 +- .../cli/functions/MemberRegionFunction.java | 82 ---------- .../cli/functions/MembersForRegionFunction.java | 91 ----------- .../internal/cli/functions/NetstatFunction.java | 16 +- .../internal/cli/functions/RebalanceFunction.java | 10 +- .../cli/functions/RegionAlterFunction.java | 13 +- .../cli/functions/RegionDestroyFunction.java | 10 ++ .../functions/ShowMissingDiskStoresFunction.java | 13 +- .../internal/cli/functions/ShutDownFunction.java | 9 ++ .../cli/functions/SizeExportLogsFunction.java | 10 +- .../internal/cli/functions/UndeployFunction.java | 9 ++ .../internal/cli/functions/UnregisterFunction.java | 18 +-- .../cli/functions/UserFunctionExecution.java | 8 + .../functions/DownloadJarFunction.java | 10 +- .../functions/GetClusterConfigurationFunction.java | 19 +-- .../functions/GetRegionNamesFunction.java | 9 ++ .../functions/RecreateCacheFunction.java | 12 +- .../internal/security/ResourcePermissions.java | 14 ++ .../apache/geode/security/ResourcePermission.java | 25 ++- .../sanctioned-geode-core-serializables.txt | 2 - .../cache/execute/CoreFunctionSecurityTest.java | 180 +++++++++++++++++++++ .../GetClusterConfigurationFunctionTest.java | 48 ------ .../internal/security/ResourcePermissionTest.java | 17 +- .../lucene/test/LuceneFunctionSecurityTest.java | 21 ++- 62 files changed, 764 insertions(+), 336 deletions(-) diff --git a/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java b/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java index 188c255..a0abef0 100644 --- a/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java +++ b/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java @@ -77,7 +77,6 @@ public class JDBCConnectorFunctionsSecurityTest { functionStringMap.keySet().forEach(FunctionService::registerFunction); } - @Test @ConnectionConfiguration(user = "user", password = "user") public void functionRequireExpectedPermission() throws Exception { @@ -86,7 +85,8 @@ public class JDBCConnectorFunctionsSecurityTest { String permission = entry.getValue(); gfsh.executeAndAssertThat("execute function --id=" + function.getId()) .tableHasRowCount("Function Execution Result", 1) - .tableHasColumnWithValuesContaining("Function Execution Result", permission) + .tableHasRowWithValues("Function Execution Result", + "Exception: user not authorized for " + permission) .statusIsError(); }); } diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/execute/util/FindRestEnabledServersFunction.java b/geode-core/src/main/java/org/apache/geode/internal/cache/execute/util/FindRestEnabledServersFunction.java index f78de18..1977920 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/execute/util/FindRestEnabledServersFunction.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/execute/util/FindRestEnabledServersFunction.java @@ -15,8 +15,7 @@ package org.apache.geode.internal.cache.execute.util; import org.apache.geode.cache.CacheClosedException; -import org.apache.geode.cache.CacheFactory; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.InternalDistributedSystem; @@ -30,7 +29,7 @@ import org.apache.geode.management.internal.RestAgent; * * @since GemFire 8.1 */ -public class FindRestEnabledServersFunction extends FunctionAdapter implements InternalEntity { +public class FindRestEnabledServersFunction implements Function, InternalEntity { private static final long serialVersionUID = 7851518767859544678L; /** @@ -42,7 +41,7 @@ public class FindRestEnabledServersFunction extends FunctionAdapter implements I public void execute(FunctionContext context) { try { - InternalCache cache = (InternalCache) CacheFactory.getAnyInstance(); + InternalCache cache = (InternalCache) context.getCache(); DistributionConfig config = InternalDistributedSystem.getAnyInstance().getConfig(); String bindAddress = RestAgent.getBindAddressForHttpService(config); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/AlterRuntimeConfigFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/AlterRuntimeConfigFunction.java index 46d89ef..1a3aa24 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/AlterRuntimeConfigFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/AlterRuntimeConfigFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.Map; import java.util.Map.Entry; import java.util.Set; @@ -21,7 +23,7 @@ import java.util.Set; import org.apache.logging.log4j.Logger; import org.apache.geode.cache.CacheClosedException; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.internal.ConfigSource; @@ -30,8 +32,10 @@ import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; -public class AlterRuntimeConfigFunction extends FunctionAdapter implements InternalEntity { +public class AlterRuntimeConfigFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @@ -86,6 +90,11 @@ public class AlterRuntimeConfigFunction extends FunctionAdapter implements Inter } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_WRITE); + } + + @Override public String getId() { return AlterRuntimeConfigFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ChangeLogLevelFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ChangeLogLevelFunction.java index 7220413..16b3ea1 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ChangeLogLevelFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ChangeLogLevelFunction.java @@ -14,8 +14,10 @@ */ package org.apache.geode.management.internal.cli.functions; -import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -31,6 +33,8 @@ import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.logging.log4j.LogLevel; import org.apache.geode.internal.logging.log4j.LogMarker; import org.apache.geode.internal.logging.log4j.LogWriterLogger; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** @@ -73,6 +77,11 @@ public class ChangeLogLevelFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_WRITE); + } + + @Override public String getId() { return ChangeLogLevelFunction.ID; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableClientFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableClientFunction.java index 73761c4..f4ece32 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableClientFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableClientFunction.java @@ -14,29 +14,33 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; -import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier; import org.apache.geode.internal.cache.tier.sockets.CacheClientProxy; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.domain.MemberResult; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * Function to close a durable client * */ -public class CloseDurableClientFunction extends FunctionAdapter implements InternalEntity { +public class CloseDurableClientFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @Override public void execute(FunctionContext context) { String durableClientId = (String) context.getArguments(); - final Cache cache = CliUtil.getCacheIfExists(); + final Cache cache = context.getCache(); final String memberNameOrId = CliUtil.getMemberNameOrId(cache.getDistributedSystem().getDistributedMember()); MemberResult memberResult = new MemberResult(memberNameOrId); @@ -70,6 +74,11 @@ public class CloseDurableClientFunction extends FunctionAdapter implements Inter } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_QUERY); + } + + @Override public String getId() { return CloseDurableClientFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableCqFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableCqFunction.java index e526409..d196d9e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableCqFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CloseDurableCqFunction.java @@ -14,29 +14,33 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier; import org.apache.geode.internal.cache.tier.sockets.CacheClientProxy; -import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.domain.MemberResult; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * Function to close a durable cq * */ -public class CloseDurableCqFunction extends FunctionAdapter implements InternalEntity { +public class CloseDurableCqFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @Override public void execute(FunctionContext context) { - final Cache cache = CliUtil.getCacheIfExists(); + final Cache cache = context.getCache(); final String memberNameOrId = CliUtil.getMemberNameOrId(cache.getDistributedSystem().getDistributedMember()); CacheClientNotifier cacheClientNotifier = CacheClientNotifier.getInstance(); @@ -72,6 +76,11 @@ public class CloseDurableCqFunction extends FunctionAdapter implements InternalE } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_QUERY); + } + + @Override public String getId() { return CloseDurableCqFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction.java index f4e931f..d9d389b 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ContinuousQueryFunction.java @@ -16,6 +16,7 @@ package org.apache.geode.management.internal.cli.functions; import java.io.Serializable; import java.util.Collection; +import java.util.Collections; import java.util.Iterator; import org.apache.geode.cache.execute.Function; @@ -28,6 +29,8 @@ import org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier; import org.apache.geode.internal.cache.tier.sockets.CacheClientProxy; import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * @since GemFire 8.0 @@ -104,6 +107,11 @@ public class ContinuousQueryFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return ContinuousQueryFunction.ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateAsyncEventQueueFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateAsyncEventQueueFunction.java index b31d97c..a56efc2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateAsyncEventQueueFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateAsyncEventQueueFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Properties; @@ -38,6 +40,8 @@ import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Function used by the 'create async-event-queue' gfsh command to create an asynchronous event @@ -128,6 +132,11 @@ public class CreateAsyncEventQueueFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DEPLOY); + } + private Object newInstance(String className) throws ClassNotFoundException, IllegalAccessException, InstantiationException { if (Strings.isNullOrEmpty(className)) { @@ -139,6 +148,6 @@ public class CreateAsyncEventQueueFunction implements Function, InternalEntity { @Override public String getId() { - return CreateDiskStoreFunction.class.getName(); + return CreateAsyncEventQueueFunction.class.getName(); } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDefinedIndexesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDefinedIndexesFunction.java index 5d9a294..3d10421 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDefinedIndexesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDefinedIndexesFunction.java @@ -15,13 +15,15 @@ package org.apache.geode.management.internal.cli.functions; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.execute.ResultSender; import org.apache.geode.cache.query.Index; @@ -33,8 +35,10 @@ import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.cli.domain.IndexInfo; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; -public class CreateDefinedIndexesFunction extends FunctionAdapter implements InternalEntity { +public class CreateDefinedIndexesFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @Override @@ -122,4 +126,9 @@ public class CreateDefinedIndexesFunction extends FunctionAdapter implements Int .lastResult(new CliFunctionResult(memberId, exception, exceptionMessage)); } } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_QUERY); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDiskStoreFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDiskStoreFunction.java index 41fd042..d013a8e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDiskStoreFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateDiskStoreFunction.java @@ -20,12 +20,15 @@ package org.apache.geode.management.internal.cli.functions; * @since GemFire 8.0 */ +import java.util.Collection; +import java.util.Collections; + import org.apache.logging.log4j.Logger; import org.apache.geode.SystemFailure; import org.apache.geode.cache.CacheClosedException; import org.apache.geode.cache.DiskStoreFactory; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; @@ -34,8 +37,10 @@ import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; -public class CreateDiskStoreFunction extends FunctionAdapter implements InternalEntity { +public class CreateDiskStoreFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); private static final long serialVersionUID = 1L; @@ -80,6 +85,11 @@ public class CreateDiskStoreFunction extends FunctionAdapter implements Internal } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DISK); + } + + @Override public String getId() { return CreateDiskStoreFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateIndexFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateIndexFunction.java index e02b192..1e103f2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateIndexFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/CreateIndexFunction.java @@ -14,8 +14,11 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.query.IndexExistsException; import org.apache.geode.cache.query.IndexInvalidException; @@ -27,12 +30,14 @@ import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.cli.domain.IndexInfo; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * Function to create index in a member, based on different arguments passed to it * */ -public class CreateIndexFunction extends FunctionAdapter implements InternalEntity { +public class CreateIndexFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @@ -104,6 +109,11 @@ public class CreateIndexFunction extends FunctionAdapter implements InternalEnti } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_QUERY); + } + private String getValidRegionName(Cache cache, String regionPath) { while (regionPath != null && cache.getRegion(regionPath) == null) { int dotPosition; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java index 9e51ec8..63c60de 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java @@ -15,6 +15,7 @@ package org.apache.geode.management.internal.cli.functions; import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; import java.util.Iterator; import java.util.List; @@ -60,7 +61,9 @@ import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.cli.json.GfJsonException; import org.apache.geode.management.internal.cli.json.GfJsonObject; import org.apache.geode.management.internal.cli.util.JsonUtil; +import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.pdx.PdxInstance; +import org.apache.geode.security.ResourcePermission; /** * @since GemFire 7.0 @@ -133,6 +136,10 @@ public class DataCommandFunction implements Function, InternalEntity { } } + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_ALL); + } + public DataCommandResult remove(DataCommandRequest request, InternalCache cache) { String key = request.getKey(); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DeployFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DeployFunction.java index dd82a8f..6652955 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DeployFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DeployFunction.java @@ -24,6 +24,8 @@ import java.nio.file.Paths; import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermissions; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -46,6 +48,8 @@ import org.apache.geode.internal.DeployedJar; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class DeployFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -119,6 +123,11 @@ public class DeployFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DEPLOY); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DescribeDiskStoreFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DescribeDiskStoreFunction.java index f8668c0..976a975 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DescribeDiskStoreFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DescribeDiskStoreFunction.java @@ -16,6 +16,8 @@ package org.apache.geode.management.internal.cli.functions; import java.io.File; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.Properties; import java.util.Set; @@ -29,7 +31,7 @@ import org.apache.geode.cache.DiskStore; import org.apache.geode.cache.EvictionAction; import org.apache.geode.cache.Region; import org.apache.geode.cache.asyncqueue.AsyncEventQueue; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.server.CacheServer; import org.apache.geode.cache.wan.GatewaySender; @@ -41,6 +43,8 @@ import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.util.ArrayUtils; import org.apache.geode.management.internal.cli.domain.DiskStoreDetails; import org.apache.geode.management.internal.cli.exceptions.EntityNotFoundException; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * The DescribeDiskStoreFunction class is an implementation of a GemFire Function used to collect @@ -55,7 +59,7 @@ import org.apache.geode.management.internal.cli.exceptions.EntityNotFoundExcepti * @see org.apache.geode.management.internal.cli.domain.DiskStoreDetails * @since GemFire 7.0 */ -public class DescribeDiskStoreFunction extends FunctionAdapter implements InternalEntity { +public class DescribeDiskStoreFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -131,6 +135,11 @@ public class DescribeDiskStoreFunction extends FunctionAdapter implements Intern } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + private void setDiskDirDetails(final DiskStore diskStore, final DiskStoreDetails diskStoreDetails) { File[] diskDirs = diskStore.getDiskDirs(); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyAsyncEventQueueFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyAsyncEventQueueFunction.java index 54b3000..51fd394 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyAsyncEventQueueFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyAsyncEventQueueFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.asyncqueue.internal.AsyncEventQueueImpl; import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; @@ -21,6 +24,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.cli.commands.DestroyAsyncEventQueueCommand; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Function used by the 'destroy async-event-queue' gfsh command to destroy an asynchronous event @@ -68,6 +73,11 @@ public class DestroyAsyncEventQueueFunction implements Function, InternalEntity } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE); + } + XmlEntity getAEQXmlEntity(String key, String value) { XmlEntity xmlEntity = new XmlEntity(CacheXml.ASYNC_EVENT_QUEUE, key, value); return xmlEntity; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyDiskStoreFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyDiskStoreFunction.java index 6f15301..8b38e6a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyDiskStoreFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyDiskStoreFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.DiskStore; import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; @@ -22,6 +25,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Function used by the 'destroy disk-store' gfsh command to destroy a disk store on each member. @@ -70,4 +75,9 @@ public class DestroyDiskStoreFunction implements Function, InternalEntity { context.getResultSender().lastResult(result); } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DISK); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyIndexFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyIndexFunction.java index e7488e7..d3b445e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyIndexFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DestroyIndexFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.List; import org.apache.geode.cache.Cache; @@ -28,6 +30,8 @@ import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.cli.domain.IndexInfo; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class DestroyIndexFunction implements Function, InternalEntity { private static final long serialVersionUID = -868082551095130315L; @@ -101,6 +105,11 @@ public class DestroyIndexFunction implements Function, InternalEntity { context.getResultSender().lastResult(result); } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_QUERY); + } + /*** * * @param name diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportConfigFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportConfigFunction.java index 61278a5..fe210f2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportConfigFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportConfigFunction.java @@ -16,6 +16,8 @@ package org.apache.geode.management.internal.cli.functions; import java.io.PrintWriter; import java.io.StringWriter; +import java.util.Collection; +import java.util.Collections; import java.util.Map; import org.apache.logging.log4j.Logger; @@ -32,6 +34,8 @@ import org.apache.geode.internal.ConfigSource; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.xmlcache.CacheXmlGenerator; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class ExportConfigFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -115,6 +119,11 @@ public class ExportConfigFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportDataFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportDataFunction.java index d12be4b..cc25452 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportDataFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportDataFunction.java @@ -15,6 +15,8 @@ package org.apache.geode.management.internal.cli.functions; import java.io.File; +import java.util.Collection; +import java.util.Collections; import org.apache.geode.cache.Cache; import org.apache.geode.cache.Region; @@ -26,6 +28,8 @@ import org.apache.geode.cache.snapshot.SnapshotOptions.SnapshotFormat; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.snapshot.SnapshotOptionsImpl; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * Function which carries out the export of a region to a file on a member. Uses the @@ -72,6 +76,11 @@ public class ExportDataFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_READ); + } + public String getId() { return ExportDataFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportLogsFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportLogsFunction.java index b2a7e7e..ab9c95b 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportLogsFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ExportLogsFunction.java @@ -25,6 +25,8 @@ import java.text.SimpleDateFormat; import java.time.LocalDateTime; import java.time.ZoneId; import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import org.apache.commons.lang.StringUtils; import org.apache.logging.log4j.Level; @@ -38,7 +40,6 @@ import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.internal.InternalEntity; -import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.InternalRegionArguments; import org.apache.geode.internal.logging.LogService; @@ -48,6 +49,8 @@ import org.apache.geode.management.internal.cli.util.ExportLogsCacheWriter; import org.apache.geode.management.internal.cli.util.LogExporter; import org.apache.geode.management.internal.cli.util.LogFilter; import org.apache.geode.management.internal.configuration.domain.Configuration; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * this function extracts the logs using a LogExporter which creates a zip file, and then writes the @@ -120,6 +123,11 @@ public class ExportLogsFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + public static Region createOrGetExistingExportLogsRegion(boolean isInitiatingMember, InternalCache cache) throws IOException, ClassNotFoundException { diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchRegionAttributesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchRegionAttributesFunction.java index 0927427..4fd7bb9 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchRegionAttributesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchRegionAttributesFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.logging.log4j.Logger; import org.apache.geode.cache.AttributesFactory; @@ -25,6 +28,8 @@ import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * @@ -80,6 +85,11 @@ public class FetchRegionAttributesFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchSharedConfigurationStatusFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchSharedConfigurationStatusFunction.java index 09814c1..3bad85e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchSharedConfigurationStatusFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/FetchSharedConfigurationStatusFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.commons.lang.StringUtils; import org.apache.geode.cache.execute.FunctionAdapter; @@ -21,9 +24,10 @@ import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.InternalEntity; -import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.internal.configuration.domain.SharedConfigurationStatus; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class FetchSharedConfigurationStatusFunction extends FunctionAdapter implements InternalEntity { @@ -33,7 +37,7 @@ public class FetchSharedConfigurationStatusFunction extends FunctionAdapter @Override public void execute(FunctionContext context) { InternalLocator locator = InternalLocator.getLocator(); - InternalCache cache = GemFireCacheImpl.getInstance(); + InternalCache cache = (InternalCache) context.getCache(); DistributedMember member = cache.getDistributedSystem().getDistributedMember(); SharedConfigurationStatus status = locator.getSharedConfigurationStatus().getStatus(); @@ -47,6 +51,11 @@ public class FetchSharedConfigurationStatusFunction extends FunctionAdapter } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return FetchSharedConfigurationStatusFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GarbageCollectionFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GarbageCollectionFunction.java index b7b1bc5..48a8153 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GarbageCollectionFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GarbageCollectionFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -24,6 +26,8 @@ import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.util.BytesToString; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * @@ -67,6 +71,12 @@ public class GarbageCollectionFunction implements Function, InternalEntity { context.getResultSender().lastResult(resultMap); } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE); + } + @Override public String getId() { return GarbageCollectionFunction.ID; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewayReceiverCreateFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewayReceiverCreateFunction.java index 408176d..dd01f28 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewayReceiverCreateFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewayReceiverCreateFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -33,6 +35,8 @@ import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * The function to a create GatewayReceiver using given configuration parameters. @@ -87,6 +91,11 @@ public class GatewayReceiverCreateFunction implements Function, InternalEntity { } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_GATEWAY); + } + /** * GatewayReceiver creation happens here. * diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderCreateFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderCreateFunction.java index 4a12048..8c2a5ea 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderCreateFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderCreateFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.logging.log4j.Logger; import org.apache.geode.cache.Cache; @@ -31,6 +34,8 @@ import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class GatewaySenderCreateFunction implements Function, InternalEntity { @@ -66,6 +71,11 @@ public class GatewaySenderCreateFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_GATEWAY); + } + /** * Creates the GatewaySender with given configuration. * diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderDestroyFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderDestroyFunction.java index edba972..99a134e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderDestroyFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GatewaySenderDestroyFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; @@ -23,6 +26,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class GatewaySenderDestroyFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @@ -66,6 +71,11 @@ public class GatewaySenderDestroyFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_GATEWAY); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberConfigInformationFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberConfigInformationFunction.java index 1c898b4..a7d40fe 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberConfigInformationFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberConfigInformationFunction.java @@ -14,14 +14,21 @@ */ package org.apache.geode.management.internal.cli.functions; -import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.apache.geode.distributed.ConfigurationProperties.SOCKET_BUFFER_SIZE; import java.lang.management.ManagementFactory; import java.lang.management.RuntimeMXBean; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.server.CacheServer; import org.apache.geode.distributed.internal.DistributionConfig; @@ -33,16 +40,14 @@ import org.apache.geode.internal.cache.CacheConfig; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.ha.HARegionQueue; import org.apache.geode.management.internal.cli.domain.MemberConfigurationInfo; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /**** * * */ -public class GetMemberConfigInformationFunction extends FunctionAdapter implements InternalEntity { - - /** - * - */ +public class GetMemberConfigInformationFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @@ -133,6 +138,11 @@ public class GetMemberConfigInformationFunction extends FunctionAdapter implemen context.getResultSender().lastResult(memberConfigInfo); } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + /**** * Gets the default values for the cache attributes * @@ -220,12 +230,6 @@ public class GetMemberConfigInformationFunction extends FunctionAdapter implemen } } - @Override - public String getId() { - // TODO Auto-generated method stub - return GetMemberConfigInformationFunction.class.toString(); - } - private List getJvmInputArguments() { RuntimeMXBean runtimeBean = ManagementFactory.getRuntimeMXBean(); return runtimeBean.getInputArguments(); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberInformationFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberInformationFunction.java index c1a95d4..b0bffe7 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberInformationFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetMemberInformationFunction.java @@ -17,13 +17,15 @@ package org.apache.geode.management.internal.cli.functions; import java.lang.management.ManagementFactory; import java.lang.management.MemoryMXBean; import java.lang.management.MemoryUsage; +import java.util.Collection; +import java.util.Collections; import java.util.Iterator; import java.util.List; import java.util.Map; import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheClosedException; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.server.CacheServer; import org.apache.geode.distributed.internal.DistributionConfig; @@ -35,13 +37,15 @@ import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.domain.CacheServerInfo; import org.apache.geode.management.internal.cli.domain.MemberInformation; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * * since 7.0 */ -public class GetMemberInformationFunction extends FunctionAdapter implements InternalEntity { +public class GetMemberInformationFunction implements Function, InternalEntity { /** * */ @@ -139,6 +143,11 @@ public class GetMemberInformationFunction extends FunctionAdapter implements Int } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + private long bytesToMeg(long bytes) { return bytes / (1024L * 1024L); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionDescriptionFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionDescriptionFunction.java index d13446c..e3250be 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionDescriptionFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionDescriptionFunction.java @@ -15,12 +15,17 @@ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; import org.apache.geode.cache.Region; import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.internal.InternalEntity; import org.apache.geode.management.internal.cli.domain.RegionDescriptionPerMember; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class GetRegionDescriptionFunction implements Function, InternalEntity { @@ -48,9 +53,7 @@ public class GetRegionDescriptionFunction implements Function, InternalEntity { } @Override - public String getId() { - // TODO Auto-generated method stub - return GetRegionDescriptionFunction.class.toString(); + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); } - } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionsFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionsFunction.java index 6571dca..110d4ff 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionsFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetRegionsFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -23,6 +25,8 @@ import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.internal.InternalEntity; import org.apache.geode.management.internal.cli.domain.RegionInformation; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Function that retrieves regions hosted on every member @@ -32,12 +36,6 @@ public class GetRegionsFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @Override - public String getId() { - // TODO Auto-generated method stub - return GetRegionsFunction.class.toString(); - } - - @Override public void execute(FunctionContext functionContext) { try { Cache cache = functionContext.getCache(); @@ -59,4 +57,8 @@ public class GetRegionsFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetStackTracesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetStackTracesFunction.java index 6f148dd..c2ae7d6 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetStackTracesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetStackTracesFunction.java @@ -15,14 +15,19 @@ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.OSProcess; import org.apache.geode.management.internal.cli.domain.StackTracesPerMember; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; -public class GetStackTracesFunction extends FunctionAdapter implements InternalEntity { +public class GetStackTracesFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @@ -44,6 +49,11 @@ public class GetStackTracesFunction extends FunctionAdapter implements InternalE } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { // TODO Auto-generated method stub return GetStackTracesFunction.class.getName(); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetSubscriptionQueueSizeFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetSubscriptionQueueSizeFunction.java index 70b649c..2a3670a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetSubscriptionQueueSizeFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/GetSubscriptionQueueSizeFunction.java @@ -14,8 +14,11 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.query.CqQuery; import org.apache.geode.cache.query.internal.CqQueryVsdStats; @@ -27,18 +30,20 @@ import org.apache.geode.internal.cache.tier.sockets.CacheClientProxy; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.domain.SubscriptionQueueSizeResult; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /*** * Function to get subscription-queue-size * */ -public class GetSubscriptionQueueSizeFunction extends FunctionAdapter implements InternalEntity { +public class GetSubscriptionQueueSizeFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; @Override public void execute(FunctionContext context) { - final Cache cache = CliUtil.getCacheIfExists(); + final Cache cache = context.getCache(); final String memberNameOrId = CliUtil.getMemberNameOrId(cache.getDistributedSystem().getDistributedMember()); String args[] = (String[]) context.getArguments(); @@ -98,6 +103,11 @@ public class GetSubscriptionQueueSizeFunction extends FunctionAdapter implements } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return GetSubscriptionQueueSizeFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ImportDataFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ImportDataFunction.java index afc6bde..600d530 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ImportDataFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ImportDataFunction.java @@ -15,6 +15,8 @@ package org.apache.geode.management.internal.cli.functions; import java.io.File; +import java.util.Collection; +import java.util.Collections; import org.apache.geode.cache.Cache; import org.apache.geode.cache.Region; @@ -25,6 +27,8 @@ import org.apache.geode.cache.snapshot.SnapshotOptions; import org.apache.geode.cache.snapshot.SnapshotOptions.SnapshotFormat; import org.apache.geode.internal.InternalEntity; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /**** * Function which carries out the import of a region to a file on a member. Uses the @@ -70,6 +74,11 @@ public class ImportDataFunction implements Function, InternalEntity { } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_WRITE); + } + public String getId() { return ImportDataFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListAsyncEventQueuesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListAsyncEventQueuesFunction.java index d7277ee..00715e4 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListAsyncEventQueuesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListAsyncEventQueuesFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.Properties; import java.util.Set; @@ -24,13 +26,15 @@ import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheClosedException; import org.apache.geode.cache.asyncqueue.AsyncEventListener; import org.apache.geode.cache.asyncqueue.AsyncEventQueue; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.xmlcache.Declarable2; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.cli.domain.AsyncEventQueueDetails; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * An implementation of GemFire Function interface used to determine all the async event queues that @@ -39,7 +43,7 @@ import org.apache.geode.management.internal.cli.domain.AsyncEventQueueDetails; * * @since GemFire 8.0 */ -public class ListAsyncEventQueuesFunction extends FunctionAdapter implements InternalEntity { +public class ListAsyncEventQueuesFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); private static final long serialVersionUID = 1L; @@ -99,4 +103,9 @@ public class ListAsyncEventQueuesFunction extends FunctionAdapter implements Int context.getResultSender().lastResult(result); } } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDeployedFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDeployedFunction.java index 7ed83db..3ae31c4 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDeployedFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDeployedFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.List; import org.apache.logging.log4j.Logger; @@ -29,6 +31,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.JarDeployer; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class ListDeployedFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -82,6 +86,11 @@ public class ListDeployedFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDiskStoresFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDiskStoresFunction.java index 11072ff..b38219f 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDiskStoresFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDiskStoresFunction.java @@ -15,18 +15,22 @@ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.Properties; import java.util.Set; import org.apache.geode.cache.Cache; import org.apache.geode.cache.DiskStore; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.internal.cli.domain.DiskStoreDetails; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * The ListDiskStoresFunction class is an implementation of GemFire Function interface used to @@ -42,7 +46,7 @@ import org.apache.geode.management.internal.cli.domain.DiskStoreDetails; * @see org.apache.geode.management.internal.cli.domain.DiskStoreDetails * @since GemFire 7.0 */ -public class ListDiskStoresFunction extends FunctionAdapter implements InternalEntity { +public class ListDiskStoresFunction implements Function, InternalEntity { @SuppressWarnings("unused") public void init(final Properties props) {} @@ -74,4 +78,8 @@ public class ListDiskStoresFunction extends FunctionAdapter implements InternalE } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDurableCqNamesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDurableCqNamesFunction.java index e5d1c63..6952c5f 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDurableCqNamesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListDurableCqNamesFunction.java @@ -16,10 +16,12 @@ package org.apache.geode.management.internal.cli.functions; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.List; import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.query.internal.cq.CqService; import org.apache.geode.distributed.DistributedMember; @@ -29,6 +31,8 @@ import org.apache.geode.internal.cache.tier.sockets.CacheClientProxy; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.domain.DurableCqNamesResult; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * The ListDurableCqs class is a GemFire function used to collect all the durable client names on @@ -44,7 +48,7 @@ import org.apache.geode.management.internal.cli.i18n.CliStrings; * @since GemFire 7.0.1 */ @SuppressWarnings("unused") -public class ListDurableCqNamesFunction extends FunctionAdapter implements InternalEntity { +public class ListDurableCqNamesFunction implements Function, InternalEntity { private static final long serialVersionUID = 1L; public String getId() { @@ -89,4 +93,9 @@ public class ListDurableCqNamesFunction extends FunctionAdapter implements Inter context.getResultSender().lastResult(result); } } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListFunctionFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListFunctionFunction.java index e4d56a1..87f22c8 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListFunctionFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListFunctionFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -31,6 +33,8 @@ import org.apache.geode.cache.execute.FunctionService; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class ListFunctionFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -91,6 +95,11 @@ public class ListFunctionFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListIndexFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListIndexFunction.java index da7bc69..d1a96e2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListIndexFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ListIndexFunction.java @@ -15,16 +15,20 @@ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.Set; import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.query.Index; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; import org.apache.geode.management.internal.cli.domain.IndexDetails; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * The ListIndexFunction class is a GemFire function used to collect all the index information on @@ -40,7 +44,7 @@ import org.apache.geode.management.internal.cli.domain.IndexDetails; * @since GemFire 7.0 */ @SuppressWarnings("unused") -public class ListIndexFunction extends FunctionAdapter implements InternalEntity { +public class ListIndexFunction implements Function, InternalEntity { public String getId() { return ListIndexFunction.class.getName(); @@ -63,4 +67,8 @@ public class ListIndexFunction extends FunctionAdapter implements InternalEntity } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ_QUERY); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MemberRegionFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MemberRegionFunction.java deleted file mode 100644 index d20edc7..0000000 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MemberRegionFunction.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.management.internal.cli.functions; - -import org.apache.geode.cache.Cache; -import org.apache.geode.cache.execute.Execution; -import org.apache.geode.cache.execute.Function; -import org.apache.geode.cache.execute.FunctionContext; -import org.apache.geode.cache.execute.FunctionException; -import org.apache.geode.cache.execute.FunctionService; -import org.apache.geode.internal.InternalEntity; - - -public class MemberRegionFunction implements Function, InternalEntity { - public static final String ID = MemberRegionFunction.class.getName(); - private static final long serialVersionUID = 1L; - - @Override - public void execute(FunctionContext context) { - Object[] args = (Object[]) context.getArguments(); - String region = (String) args[0]; - String functionId = (String) args[1]; - Cache cache = context.getCache(); - - try { - Function function = FunctionService.getFunction(functionId); - if (function == null) { - context.getResultSender() - .lastResult("For region on a member did not get function " + functionId); - } - Execution execution = FunctionService.onRegion(cache.getRegion(region)); - if (execution == null) { - context.getResultSender().lastResult("For region on a member could not execute"); - } else { - execution.execute(function); - context.getResultSender().lastResult("succeeded in executing on region " + region); - } - - } catch (FunctionException e) { - context.getResultSender() - .lastResult("FunctionException in MemberRegionFunction =" + e.getMessage()); - } catch (Exception e) { - context.getResultSender().lastResult("Exception in MemberRegionFunction =" + e.getMessage()); - } - - } - - @Override - public String getId() { - return MemberRegionFunction.ID; - - } - - @Override - public boolean hasResult() { - return true; - } - - @Override - public boolean optimizeForWrite() { - // no need of optimization since read-only. - return false; - } - - @Override - public boolean isHA() { - return false; - } - -} diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MembersForRegionFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MembersForRegionFunction.java deleted file mode 100644 index 6ed1e17..0000000 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/MembersForRegionFunction.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ - -package org.apache.geode.management.internal.cli.functions; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.logging.log4j.Logger; - -import org.apache.geode.cache.Cache; -import org.apache.geode.cache.Region; -import org.apache.geode.cache.execute.Function; -import org.apache.geode.cache.execute.FunctionContext; -import org.apache.geode.internal.InternalEntity; -import org.apache.geode.internal.logging.LogService; - -/** - * - * @since GemFire 8.0 - */ - -public class MembersForRegionFunction implements Function, InternalEntity { - private static final Logger logger = LogService.getLogger(); - - private static final long serialVersionUID = 8746830191680509335L; - - private static final String ID = MembersForRegionFunction.class.getName(); - - @Override - public void execute(FunctionContext context) { - Map resultMap = new HashMap(); - try { - Cache cache = context.getCache(); - String memberNameOrId = cache.getDistributedSystem().getDistributedMember().getId(); - Object args = (Object) context.getArguments(); - String regionName = ((String) args); - Region region = cache.getRegion(regionName); - - if (region != null) { - resultMap.put(memberNameOrId, "" + region.getAttributes().getScope().isLocal()); - } else { - String regionWithPrefix = Region.SEPARATOR + regionName; - region = cache.getRegion(regionWithPrefix); - if (region != null) { - resultMap.put(memberNameOrId, "" + region.getAttributes().getScope().isLocal()); - } else { - resultMap.put("", ""); - } - } - context.getResultSender().lastResult(resultMap); - } catch (Exception ex) { - logger.info("MembersForRegionFunction exception {}", ex.getMessage(), ex); - resultMap.put("", ""); - context.getResultSender().lastResult(resultMap); - } - } - - @Override - public String getId() { - return MembersForRegionFunction.ID; - } - - @Override - public boolean isHA() { - return false; - } - - @Override - public boolean hasResult() { - return true; - } - - @Override - public boolean optimizeForWrite() { - return false; - } - -} diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/NetstatFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/NetstatFunction.java index c934427..7b59b98 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/NetstatFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/NetstatFunction.java @@ -14,7 +14,12 @@ */ package org.apache.geode.management.internal.cli.functions; -import static org.apache.geode.internal.lang.SystemUtils.*; +import static org.apache.geode.internal.lang.SystemUtils.getOsArchitecture; +import static org.apache.geode.internal.lang.SystemUtils.getOsName; +import static org.apache.geode.internal.lang.SystemUtils.getOsVersion; +import static org.apache.geode.internal.lang.SystemUtils.isLinux; +import static org.apache.geode.internal.lang.SystemUtils.isMacOSX; +import static org.apache.geode.internal.lang.SystemUtils.isSolaris; import java.io.BufferedReader; import java.io.IOException; @@ -22,6 +27,8 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.Serializable; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.List; import org.apache.logging.log4j.Logger; @@ -36,6 +43,8 @@ import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.CliUtil.DeflaterInflaterData; import org.apache.geode.management.internal.cli.GfshParser; import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Executes 'netstat' OS command & returns the result as compressed bytes. @@ -84,6 +93,11 @@ public class NetstatFunction implements Function, InternalEntity { context.getResultSender().lastResult(result); } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + private static void addMemberHostHeader(final StringBuilder netstatInfo, final String id, final String host, final String lineSeparator) { diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RebalanceFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RebalanceFunction.java index c77d848..dfdd9d2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RebalanceFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RebalanceFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.Iterator; import java.util.Set; import java.util.concurrent.CancellationException; @@ -30,7 +32,8 @@ import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.partition.PartitionRebalanceInfo; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; - +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class RebalanceFunction implements Function, InternalEntity { @@ -92,6 +95,11 @@ public class RebalanceFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_MANAGE); + } + + @Override public String getId() { return RebalanceFunction.ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionAlterFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionAlterFunction.java index 8876035..47c2897 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionAlterFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionAlterFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.Set; import org.apache.logging.log4j.Logger; @@ -27,7 +29,7 @@ import org.apache.geode.cache.CacheWriter; import org.apache.geode.cache.ExpirationAction; import org.apache.geode.cache.ExpirationAttributes; import org.apache.geode.cache.Region; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.execute.ResultSender; import org.apache.geode.internal.ClassPathLoader; @@ -39,13 +41,15 @@ import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.cli.util.RegionPath; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * Function used by the 'alter region' gfsh command to alter a region on each member. * * @since GemFire 8.0 */ -public class RegionAlterFunction extends FunctionAdapter implements InternalEntity { +public class RegionAlterFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); private static final long serialVersionUID = -4846425364943216425L; @@ -95,6 +99,11 @@ public class RegionAlterFunction extends FunctionAdapter implements InternalEnti } } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_MANAGE); + } + private Region alterRegion(Cache cache, RegionFunctionArgs regionAlterArgs) { final String regionPathString = regionAlterArgs.getRegionPath(); diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionDestroyFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionDestroyFunction.java index ef23522..06e2ff6 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionDestroyFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionDestroyFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.Cache; import org.apache.geode.cache.Region; import org.apache.geode.cache.RegionDestroyedException; @@ -23,6 +26,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.xmlcache.CacheXml; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.configuration.domain.XmlEntity; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * @@ -87,6 +92,11 @@ public class RegionDestroyFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.DATA_MANAGE); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShowMissingDiskStoresFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShowMissingDiskStoresFunction.java index 656c0fd..c5dd3b5 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShowMissingDiskStoresFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShowMissingDiskStoresFunction.java @@ -14,12 +14,14 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import org.apache.geode.cache.execute.FunctionAdapter; +import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.InternalEntity; @@ -29,8 +31,10 @@ import org.apache.geode.internal.cache.partitioned.ColocatedRegionDetails; import org.apache.geode.internal.cache.persistence.PersistentMemberID; import org.apache.geode.internal.cache.persistence.PersistentMemberManager; import org.apache.geode.internal.cache.persistence.PersistentMemberPattern; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; -public class ShowMissingDiskStoresFunction extends FunctionAdapter implements InternalEntity { +public class ShowMissingDiskStoresFunction implements Function, InternalEntity { @Override public void execute(FunctionContext context) { @@ -85,6 +89,11 @@ public class ShowMissingDiskStoresFunction extends FunctionAdapter implements In } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return getClass().getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShutDownFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShutDownFunction.java index 27c317c..4fb8605 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShutDownFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/ShutDownFunction.java @@ -14,6 +14,8 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -27,6 +29,8 @@ import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.tcp.ConnectionTable; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; /** * @@ -87,6 +91,11 @@ public class ShutDownFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE); + } + + @Override public boolean hasResult() { return true; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SizeExportLogsFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SizeExportLogsFunction.java index ba6ab15..edae35d 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SizeExportLogsFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SizeExportLogsFunction.java @@ -16,6 +16,8 @@ package org.apache.geode.management.internal.cli.functions; import java.io.File; import java.io.IOException; +import java.util.Collection; +import java.util.Collections; import org.apache.logging.log4j.Logger; @@ -24,13 +26,14 @@ import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.internal.InternalEntity; -import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.ManagementException; import org.apache.geode.management.internal.cli.util.BytesToString; import org.apache.geode.management.internal.cli.util.LogExporter; import org.apache.geode.management.internal.cli.util.LogFilter; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class SizeExportLogsFunction extends ExportLogsFunction implements Function, InternalEntity { private static final Logger LOGGER = LogService.getLogger(); @@ -94,4 +97,9 @@ public class SizeExportLogsFunction extends ExportLogsFunction implements Functi return estimatedSize; } + + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UndeployFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UndeployFunction.java index 98b3cd5..73c92dc 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UndeployFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UndeployFunction.java @@ -15,6 +15,8 @@ package org.apache.geode.management.internal.cli.functions; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.List; import org.apache.commons.lang.ArrayUtils; @@ -31,6 +33,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.JarDeployer; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class UndeployFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -108,6 +112,11 @@ public class UndeployFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DEPLOY); + } + + @Override public String getId() { return ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UnregisterFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UnregisterFunction.java index 506d7a8..6bbdc1a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UnregisterFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UnregisterFunction.java @@ -14,19 +14,15 @@ */ package org.apache.geode.management.internal.cli.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.cache.execute.FunctionService; import org.apache.geode.internal.InternalEntity; - -/** - * - * Class for Unregister function - * - * - * - */ - +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class UnregisterFunction implements Function, InternalEntity { public static final String ID = UnregisterFunction.class.getName(); @@ -47,7 +43,11 @@ public class UnregisterFunction implements Function, InternalEntity { @Override public String getId() { return UnregisterFunction.ID; + } + @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE_DEPLOY); } @Override diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UserFunctionExecution.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UserFunctionExecution.java index da74dff..a2f4d55 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UserFunctionExecution.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UserFunctionExecution.java @@ -15,6 +15,8 @@ package org.apache.geode.management.internal.cli.functions; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Properties; @@ -38,6 +40,7 @@ import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.security.AuthenticationRequiredException; +import org.apache.geode.security.ResourcePermission; /** * @since GemFire 7.0 @@ -183,6 +186,11 @@ public class UserFunctionExecution implements Function, InternalEntity } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.emptySet(); + } + + @Override public String getId() { return UserFunctionExecution.ID; } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/DownloadJarFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/DownloadJarFunction.java index fd93ecb..046c883 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/DownloadJarFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/DownloadJarFunction.java @@ -20,8 +20,9 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.rmi.RemoteException; +import java.util.Collection; +import java.util.Collections; -import com.healthmarketscience.rmiio.GZIPRemoteInputStream; import com.healthmarketscience.rmiio.RemoteInputStream; import com.healthmarketscience.rmiio.RemoteInputStreamServer; import com.healthmarketscience.rmiio.SimpleRemoteInputStream; @@ -35,6 +36,8 @@ import org.apache.geode.distributed.internal.ClusterConfigurationService; import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class DownloadJarFunction implements Function, InternalEntity { private static final Logger logger = LogService.getLogger(); @@ -81,6 +84,11 @@ public class DownloadJarFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return DownloadJarFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunction.java index b8c6ff9..9184a3f 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunction.java @@ -15,18 +15,10 @@ package org.apache.geode.management.internal.configuration.functions; -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_MANAGE; -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_READ; -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_WRITE; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_MANAGE; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_READ; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_WRITE; - import java.io.IOException; import java.util.Collection; +import java.util.Collections; import java.util.Set; -import java.util.stream.Collectors; -import java.util.stream.Stream; import org.apache.logging.log4j.Logger; @@ -37,6 +29,7 @@ import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.internal.configuration.messages.ConfigurationResponse; +import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.security.ResourcePermission; public class GetClusterConfigurationFunction implements Function, InternalEntity { @@ -61,9 +54,11 @@ public class GetClusterConfigurationFunction implements Function, InternalEntity } } + /** + * this function will return all cluster config which will potentially leak security information. + * Thus we require all permissions to execute this function + **/ public Collection getRequiredPermissions(String regionName) { - return Stream - .of(DATA_READ, DATA_WRITE, DATA_MANAGE, CLUSTER_READ, CLUSTER_WRITE, CLUSTER_MANAGE) - .collect(Collectors.toSet()); + return Collections.singleton(ResourcePermissions.ALL); } } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetRegionNamesFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetRegionNamesFunction.java index 9cde755..00979b1 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetRegionNamesFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/GetRegionNamesFunction.java @@ -16,6 +16,8 @@ package org.apache.geode.management.internal.configuration.functions; import static java.util.stream.Collectors.toSet; +import java.util.Collection; +import java.util.Collections; import java.util.Set; import org.apache.geode.cache.execute.Function; @@ -24,6 +26,8 @@ import org.apache.geode.internal.InternalEntity; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.LocalRegion; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class GetRegionNamesFunction implements Function, InternalEntity { @Override @@ -37,6 +41,11 @@ public class GetRegionNamesFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_READ); + } + + @Override public String getId() { return GetRegionNamesFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/RecreateCacheFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/RecreateCacheFunction.java index f25d1af..075d76f 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/RecreateCacheFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/functions/RecreateCacheFunction.java @@ -14,6 +14,9 @@ */ package org.apache.geode.management.internal.configuration.functions; +import java.util.Collection; +import java.util.Collections; + import org.apache.geode.cache.execute.Function; import org.apache.geode.cache.execute.FunctionContext; import org.apache.geode.distributed.internal.InternalDistributedSystem; @@ -22,12 +25,14 @@ import org.apache.geode.internal.cache.CacheConfig; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.internal.cli.functions.CliFunctionResult; +import org.apache.geode.management.internal.security.ResourcePermissions; +import org.apache.geode.security.ResourcePermission; public class RecreateCacheFunction implements Function, InternalEntity { @Override public void execute(FunctionContext context) { CliFunctionResult result = null; - InternalCache cache = GemFireCacheImpl.getInstance(); + InternalCache cache = (InternalCache) context.getCache(); InternalDistributedSystem ds = cache.getInternalDistributedSystem(); CacheConfig cacheConfig = cache.getCacheConfig(); try { @@ -43,6 +48,11 @@ public class RecreateCacheFunction implements Function, InternalEntity { } @Override + public Collection getRequiredPermissions(String regionName) { + return Collections.singleton(ResourcePermissions.CLUSTER_MANAGE); + } + + @Override public String getId() { return RecreateCacheFunction.class.getName(); } diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/ResourcePermissions.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/ResourcePermissions.java index 5565a46..0db67f0 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/security/ResourcePermissions.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/ResourcePermissions.java @@ -20,6 +20,10 @@ import static org.apache.geode.security.ResourcePermission.Operation.READ; import static org.apache.geode.security.ResourcePermission.Operation.WRITE; import static org.apache.geode.security.ResourcePermission.Resource.CLUSTER; import static org.apache.geode.security.ResourcePermission.Resource.DATA; +import static org.apache.geode.security.ResourcePermission.Target.DEPLOY; +import static org.apache.geode.security.ResourcePermission.Target.DISK; +import static org.apache.geode.security.ResourcePermission.Target.GATEWAY; +import static org.apache.geode.security.ResourcePermission.Target.QUERY; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.ResourcePermission.Operation; @@ -36,6 +40,16 @@ public final class ResourcePermissions { public static final ResourcePermission CLUSTER_READ = new ResourcePermission(CLUSTER, READ); public static final ResourcePermission CLUSTER_WRITE = new ResourcePermission(CLUSTER, WRITE); public static final ResourcePermission CLUSTER_MANAGE = new ResourcePermission(CLUSTER, MANAGE); + public static final ResourcePermission CLUSTER_READ_QUERY = + new ResourcePermission(CLUSTER, READ, QUERY); + public static final ResourcePermission CLUSTER_MANAGE_QUERY = + new ResourcePermission(CLUSTER, MANAGE, QUERY); + public static final ResourcePermission CLUSTER_MANAGE_DEPLOY = + new ResourcePermission(CLUSTER, MANAGE, DEPLOY); + public static final ResourcePermission CLUSTER_MANAGE_DISK = + new ResourcePermission(CLUSTER, MANAGE, DISK); + public static final ResourcePermission CLUSTER_MANAGE_GATEWAY = + new ResourcePermission(CLUSTER, MANAGE, GATEWAY); private ResourcePermissions() {} } diff --git a/geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java b/geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java index 3d8dd1e..33db0e4 100644 --- a/geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java +++ b/geode-core/src/main/java/org/apache/geode/security/ResourcePermission.java @@ -14,7 +14,11 @@ */ package org.apache.geode.security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; import java.util.function.UnaryOperator; +import java.util.stream.Collectors; import org.apache.commons.lang.StringUtils; import org.apache.shiro.authz.permission.WildcardPermission; @@ -79,7 +83,9 @@ public class ResourcePermission extends WildcardPermission { private String target = ALL; private String key = ALL; - public ResourcePermission() {} + public ResourcePermission() { + setParts(this.resource + ":" + this.operation + ":" + this.target + ":" + this.key, true); + } public ResourcePermission(Resource resource, Operation operation) { this(resource, operation, ALL, ALL); @@ -196,13 +202,18 @@ public class ResourcePermission extends WildcardPermission { @Override public String toString() { - if (ALL.equals(target)) { - return resource + ":" + operation; - } else if (ALL.equals(key)) { - return resource + ":" + operation + ":" + target; - } else { - return resource + ":" + operation + ":" + target + ":" + key; + List parts = new ArrayList<>(Arrays.asList(resource, operation, target, key)); + if (ALL.equals(key)) { + parts.remove(3); + if (ALL.equals(target)) { + parts.remove(2); + if (ALL.equals(operation)) { + parts.remove(1); + } + } } + + return parts.stream().collect(Collectors.joining(":")); } } diff --git a/geode-core/src/main/resources/org/apache/geode/internal/sanctioned-geode-core-serializables.txt b/geode-core/src/main/resources/org/apache/geode/internal/sanctioned-geode-core-serializables.txt index c7d832a..c037b0c 100644 --- a/geode-core/src/main/resources/org/apache/geode/internal/sanctioned-geode-core-serializables.txt +++ b/geode-core/src/main/resources/org/apache/geode/internal/sanctioned-geode-core-serializables.txt @@ -548,8 +548,6 @@ org/apache/geode/management/internal/cli/functions/ListDiskStoresFunction,false org/apache/geode/management/internal/cli/functions/ListDurableCqNamesFunction,true,1 org/apache/geode/management/internal/cli/functions/ListFunctionFunction,true,1 org/apache/geode/management/internal/cli/functions/ListIndexFunction,false -org/apache/geode/management/internal/cli/functions/MemberRegionFunction,true,1 -org/apache/geode/management/internal/cli/functions/MembersForRegionFunction,true,8746830191680509335 org/apache/geode/management/internal/cli/functions/NetstatFunction,true,1 org/apache/geode/management/internal/cli/functions/NetstatFunction$NetstatFunctionArgument,true,1,lineSeparator:java/lang/String,withlsof:boolean org/apache/geode/management/internal/cli/functions/NetstatFunction$NetstatFunctionResult,true,1,compressedBytes:org/apache/geode/management/internal/cli/CliUtil$DeflaterInflaterData,headerInfo:java/lang/String,host:java/lang/String diff --git a/geode-core/src/test/java/org/apache/geode/cache/execute/CoreFunctionSecurityTest.java b/geode-core/src/test/java/org/apache/geode/cache/execute/CoreFunctionSecurityTest.java new file mode 100644 index 0000000..729abf9 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/cache/execute/CoreFunctionSecurityTest.java @@ -0,0 +1,180 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.cache.execute; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.util.HashMap; +import java.util.Map; + +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.examples.SimpleSecurityManager; +import org.apache.geode.management.internal.cli.functions.AlterRuntimeConfigFunction; +import org.apache.geode.management.internal.cli.functions.ChangeLogLevelFunction; +import org.apache.geode.management.internal.cli.functions.CloseDurableClientFunction; +import org.apache.geode.management.internal.cli.functions.CloseDurableCqFunction; +import org.apache.geode.management.internal.cli.functions.ContinuousQueryFunction; +import org.apache.geode.management.internal.cli.functions.CreateAsyncEventQueueFunction; +import org.apache.geode.management.internal.cli.functions.CreateDefinedIndexesFunction; +import org.apache.geode.management.internal.cli.functions.CreateDiskStoreFunction; +import org.apache.geode.management.internal.cli.functions.CreateIndexFunction; +import org.apache.geode.management.internal.cli.functions.DataCommandFunction; +import org.apache.geode.management.internal.cli.functions.DeployFunction; +import org.apache.geode.management.internal.cli.functions.DescribeDiskStoreFunction; +import org.apache.geode.management.internal.cli.functions.DestroyAsyncEventQueueFunction; +import org.apache.geode.management.internal.cli.functions.DestroyDiskStoreFunction; +import org.apache.geode.management.internal.cli.functions.DestroyIndexFunction; +import org.apache.geode.management.internal.cli.functions.ExportConfigFunction; +import org.apache.geode.management.internal.cli.functions.ExportDataFunction; +import org.apache.geode.management.internal.cli.functions.ExportLogsFunction; +import org.apache.geode.management.internal.cli.functions.FetchRegionAttributesFunction; +import org.apache.geode.management.internal.cli.functions.FetchSharedConfigurationStatusFunction; +import org.apache.geode.management.internal.cli.functions.GarbageCollectionFunction; +import org.apache.geode.management.internal.cli.functions.GatewayReceiverCreateFunction; +import org.apache.geode.management.internal.cli.functions.GatewaySenderCreateFunction; +import org.apache.geode.management.internal.cli.functions.GatewaySenderDestroyFunction; +import org.apache.geode.management.internal.cli.functions.GetMemberConfigInformationFunction; +import org.apache.geode.management.internal.cli.functions.GetMemberInformationFunction; +import org.apache.geode.management.internal.cli.functions.GetRegionDescriptionFunction; +import org.apache.geode.management.internal.cli.functions.GetRegionsFunction; +import org.apache.geode.management.internal.cli.functions.GetStackTracesFunction; +import org.apache.geode.management.internal.cli.functions.GetSubscriptionQueueSizeFunction; +import org.apache.geode.management.internal.cli.functions.ImportDataFunction; +import org.apache.geode.management.internal.cli.functions.ListAsyncEventQueuesFunction; +import org.apache.geode.management.internal.cli.functions.ListDeployedFunction; +import org.apache.geode.management.internal.cli.functions.ListDiskStoresFunction; +import org.apache.geode.management.internal.cli.functions.ListDurableCqNamesFunction; +import org.apache.geode.management.internal.cli.functions.ListFunctionFunction; +import org.apache.geode.management.internal.cli.functions.ListIndexFunction; +import org.apache.geode.management.internal.cli.functions.NetstatFunction; +import org.apache.geode.management.internal.cli.functions.RebalanceFunction; +import org.apache.geode.management.internal.cli.functions.RegionAlterFunction; +import org.apache.geode.management.internal.cli.functions.RegionCreateFunction; +import org.apache.geode.management.internal.cli.functions.RegionDestroyFunction; +import org.apache.geode.management.internal.cli.functions.ShowMissingDiskStoresFunction; +import org.apache.geode.management.internal.cli.functions.ShutDownFunction; +import org.apache.geode.management.internal.cli.functions.SizeExportLogsFunction; +import org.apache.geode.management.internal.cli.functions.UndeployFunction; +import org.apache.geode.management.internal.cli.functions.UnregisterFunction; +import org.apache.geode.management.internal.cli.functions.UserFunctionExecution; +import org.apache.geode.management.internal.configuration.functions.DownloadJarFunction; +import org.apache.geode.management.internal.configuration.functions.GetClusterConfigurationFunction; +import org.apache.geode.management.internal.configuration.functions.GetRegionNamesFunction; +import org.apache.geode.management.internal.configuration.functions.RecreateCacheFunction; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.rules.ConnectionConfiguration; +import org.apache.geode.test.junit.rules.GfshCommandRule; +import org.apache.geode.test.junit.rules.ServerStarterRule; + + +@Category(IntegrationTest.class) +public class CoreFunctionSecurityTest { + private static final String RESULT_HEADER = "Function Execution Result"; + + @ClassRule + public static ServerStarterRule server = + new ServerStarterRule().withJMXManager().withSecurityManager(SimpleSecurityManager.class) + .withRegion(RegionShortcut.PARTITION, "testRegion").withAutoStart(); + + @Rule + public GfshCommandRule gfsh = + new GfshCommandRule(server::getJmxPort, GfshCommandRule.PortType.jmxManager); + + private static Map functionStringMap = new HashMap<>(); + + @BeforeClass + public static void setupClass() { + functionStringMap.put(new AlterRuntimeConfigFunction(), "CLUSTER:WRITE"); + functionStringMap.put(new ChangeLogLevelFunction(), "CLUSTER:WRITE"); + functionStringMap.put(new CloseDurableClientFunction(), "CLUSTER:MANAGE:QUERY"); + functionStringMap.put(new CloseDurableCqFunction(), "CLUSTER:MANAGE:QUERY"); + functionStringMap.put(new ContinuousQueryFunction(), "CLUSTER:READ"); + functionStringMap.put(new CreateAsyncEventQueueFunction(), "CLUSTER:MANAGE:DEPLOY"); + functionStringMap.put(new CreateDefinedIndexesFunction(), "CLUSTER:MANAGE:QUERY"); + functionStringMap.put(new CreateDiskStoreFunction(), "CLUSTER:MANAGE:DISK"); + functionStringMap.put(new CreateIndexFunction(), "CLUSTER:MANAGE:QUERY"); + functionStringMap.put(new DataCommandFunction(), "DATA"); + functionStringMap.put(new DeployFunction(), "CLUSTER:MANAGE:DEPLOY"); + functionStringMap.put(new DescribeDiskStoreFunction(), "CLUSTER:READ"); + functionStringMap.put(new DestroyAsyncEventQueueFunction(), "CLUSTER:MANAGE"); + functionStringMap.put(new DestroyDiskStoreFunction(), "CLUSTER:MANAGE:DISK"); + functionStringMap.put(new DestroyIndexFunction(), "CLUSTER:MANAGE:QUERY"); + functionStringMap.put(new ExportConfigFunction(), "CLUSTER:READ"); + functionStringMap.put(new ExportDataFunction(), "DATA:READ"); + functionStringMap.put(new ExportLogsFunction(), "CLUSTER:READ"); + functionStringMap.put(new FetchRegionAttributesFunction(), "CLUSTER:READ"); + functionStringMap.put(new FetchSharedConfigurationStatusFunction(), "CLUSTER:READ"); + functionStringMap.put(new GarbageCollectionFunction(), "CLUSTER:MANAGE"); + functionStringMap.put(new GatewayReceiverCreateFunction(), "CLUSTER:MANAGE:GATEWAY"); + functionStringMap.put(new GatewaySenderCreateFunction(), "CLUSTER:MANAGE:GATEWAY"); + functionStringMap.put(new GatewaySenderDestroyFunction(), "CLUSTER:MANAGE:GATEWAY"); + functionStringMap.put(new GetClusterConfigurationFunction(), "*"); + functionStringMap.put(new GetMemberConfigInformationFunction(), "CLUSTER:READ"); + functionStringMap.put(new GetMemberInformationFunction(), "CLUSTER:READ"); + functionStringMap.put(new GetRegionDescriptionFunction(), "CLUSTER:READ"); + functionStringMap.put(new GetRegionsFunction(), "CLUSTER:READ"); + functionStringMap.put(new GetStackTracesFunction(), "CLUSTER:READ"); + functionStringMap.put(new GetSubscriptionQueueSizeFunction(), "CLUSTER:READ"); + functionStringMap.put(new ImportDataFunction(), "DATA:WRITE"); + functionStringMap.put(new ListAsyncEventQueuesFunction(), "CLUSTER:READ"); + functionStringMap.put(new ListDeployedFunction(), "CLUSTER:READ"); + functionStringMap.put(new ListDiskStoresFunction(), "CLUSTER:READ"); + functionStringMap.put(new ListDurableCqNamesFunction(), "CLUSTER:READ"); + functionStringMap.put(new ListFunctionFunction(), "CLUSTER:READ"); + functionStringMap.put(new ListIndexFunction(), "CLUSTER:READ:QUERY"); + functionStringMap.put(new NetstatFunction(), "CLUSTER:READ"); + functionStringMap.put(new RebalanceFunction(), "DATA:MANAGE"); + functionStringMap.put(new RegionAlterFunction(), "DATA:MANAGE"); + functionStringMap.put(new RegionCreateFunction(), "DATA:MANAGE"); + functionStringMap.put(new RegionDestroyFunction(), "DATA:MANAGE"); + functionStringMap.put(new ShowMissingDiskStoresFunction(), "CLUSTER:READ"); + functionStringMap.put(new ShutDownFunction(), "CLUSTER:MANAGE"); + functionStringMap.put(new SizeExportLogsFunction(), "CLUSTER:READ"); + functionStringMap.put(new UndeployFunction(), "CLUSTER:MANAGE:DEPLOY"); + functionStringMap.put(new UnregisterFunction(), "CLUSTER:MANAGE:DEPLOY"); + functionStringMap.put(new GetRegionNamesFunction(), "CLUSTER:READ"); + functionStringMap.put(new RecreateCacheFunction(), "CLUSTER:MANAGE"); + functionStringMap.put(new DownloadJarFunction(), "CLUSTER:READ"); + + functionStringMap.keySet().forEach(FunctionService::registerFunction); + } + + @Test + @ConnectionConfiguration(user = "user", password = "user") + public void functionRequireExpectedPermission() throws Exception { + functionStringMap.entrySet().stream().forEach(entry -> { + Function function = entry.getKey(); + String permission = entry.getValue(); + System.out.println("function: " + function.getId() + ", permission: " + permission); + gfsh.executeAndAssertThat("execute function --id=" + function.getId()) + .tableHasRowCount(RESULT_HEADER, 1) + .tableHasRowWithValues(RESULT_HEADER, "Exception: user not authorized for " + permission) + .statusIsError(); + }); + } + + @Test + public void userFunctionExecutionRequiresNoSecurity() { + Function function = new UserFunctionExecution(); + assertThat(function.getRequiredPermissions("testRegion")).isEmpty(); + } +} diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunctionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunctionTest.java deleted file mode 100644 index f756b5c..0000000 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/functions/GetClusterConfigurationFunctionTest.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ - -package org.apache.geode.management.internal.configuration.functions; - -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_MANAGE; -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_READ; -import static org.apache.geode.management.internal.security.ResourcePermissions.CLUSTER_WRITE; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_MANAGE; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_READ; -import static org.apache.geode.management.internal.security.ResourcePermissions.DATA_WRITE; -import static org.assertj.core.api.Assertions.assertThat; - -import org.junit.Before; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import org.apache.geode.test.junit.categories.UnitTest; - - -@Category(UnitTest.class) -public class GetClusterConfigurationFunctionTest { - - private GetClusterConfigurationFunction function; - - @Before - public void before() { - function = new GetClusterConfigurationFunction(); - } - - @Test - public void functionRequireAllPermissions() throws Exception { - assertThat(function.getRequiredPermissions("")).containsExactlyInAnyOrder(DATA_READ, DATA_WRITE, - DATA_MANAGE, CLUSTER_READ, CLUSTER_WRITE, CLUSTER_MANAGE); - } -} diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java index 4b15407..fa4048c 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java @@ -186,14 +186,29 @@ public class ResourcePermissionTest { ResourcePermission context = new ResourcePermission(); assertThat("NULL:NULL").isEqualTo(context.toString()); - context = new ResourcePermission(Resource.DATA, Operation.MANAGE); + context = new ResourcePermission("data", "manage"); assertThat("DATA:MANAGE").isEqualTo(context.toString()); + context = new ResourcePermission("data", "read", "regionA"); + assertThat("DATA:READ:regionA").isEqualTo(context.toString()); + + context = new ResourcePermission("DATA", "READ", "/regionA", "key"); + assertThat("DATA:READ:regionA:key").isEqualTo(context.toString()); + context = new ResourcePermission(Resource.DATA, Operation.MANAGE, "REGIONA"); assertThat("DATA:MANAGE:REGIONA").isEqualTo(context.toString()); context = new ResourcePermission(Resource.DATA, Operation.MANAGE); assertThat("DATA:MANAGE").isEqualTo(context.toString()); + + context = new ResourcePermission("ALL", "READ"); + assertThat(context.toString()).isEqualTo("*:READ"); + + context = new ResourcePermission("DATA", "ALL"); + assertThat(context.toString()).isEqualTo("DATA"); + + context = new ResourcePermission("ALL", "ALL", "regionA", "*"); + assertThat(context.toString()).isEqualTo("*:*:regionA"); } @Test diff --git a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java index 2deb244..fd4aa30 100644 --- a/geode-lucene/src/test/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java +++ b/geode-lucene/src/test/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java @@ -81,7 +81,8 @@ public class LuceneFunctionSecurityTest { String permission = entry.getValue(); gfsh.executeAndAssertThat("execute function --region=testRegion --id=" + function.getId()) .tableHasRowCount(RESULT_HEADER, 1) - .tableHasColumnWithValuesContaining(RESULT_HEADER, permission).statusIsError(); + .tableHasRowWithValues(RESULT_HEADER, "Exception: user not authorized for " + permission) + .statusIsError(); }); } @@ -91,16 +92,18 @@ public class LuceneFunctionSecurityTest { @ConnectionConfiguration(user = "clusterManage", password = "clusterManage") public void dumpDirectoryFileRequiresBoth_AsClusterManage() { gfsh.executeAndAssertThat("execute function --region=testRegion --id=" + DumpDirectoryFiles.ID) - .tableHasRowCount(RESULT_HEADER, 1) - .tableHasColumnWithValuesContaining(RESULT_HEADER, "DATA:READ:testRegion").statusIsError(); + .tableHasRowCount(RESULT_HEADER, 1).tableHasRowWithValues(RESULT_HEADER, + "Exception: clusterManage not authorized for DATA:READ:testRegion") + .statusIsError(); } @Test @ConnectionConfiguration(user = "dataRead", password = "dataRead") public void dumpDirectoryFileRequiresBoth_AsDataRead() { gfsh.executeAndAssertThat("execute function --region=testRegion --id=" + DumpDirectoryFiles.ID) - .tableHasRowCount(RESULT_HEADER, 1) - .tableHasColumnWithValuesContaining(RESULT_HEADER, "CLUSTER:MANAGE").statusIsError(); + .tableHasRowCount(RESULT_HEADER, 1).tableHasRowWithValues(RESULT_HEADER, + "Exception: dataRead not authorized for CLUSTER:MANAGE") + .statusIsError(); } @Test @@ -109,7 +112,9 @@ public class LuceneFunctionSecurityTest { public void dumpDirectoryFileRequiresBoth_dataReadAnotherRegion() { gfsh.executeAndAssertThat("execute function --region=testRegion --id=" + DumpDirectoryFiles.ID) .tableHasRowCount(RESULT_HEADER, 1) - .tableHasColumnWithValuesContaining(RESULT_HEADER, "DATA:READ:testRegion").statusIsError(); + .tableHasRowWithValues(RESULT_HEADER, + "Exception: clusterManage,dataReadRegionB not authorized for DATA:READ:testRegion") + .statusIsError(); } @Test @@ -118,7 +123,9 @@ public class LuceneFunctionSecurityTest { public void dumpDirectoryFileRequiresBoth_dataReadInsufficient() { gfsh.executeAndAssertThat("execute function --region=testRegion --id=" + DumpDirectoryFiles.ID) .tableHasRowCount(RESULT_HEADER, 1) - .tableHasColumnWithValuesContaining(RESULT_HEADER, "DATA:READ:testRegion").statusIsError(); + .tableHasRowWithValues(RESULT_HEADER, + "Exception: clusterManage,dataReadTestRegionA not authorized for DATA:READ:testRegion") + .statusIsError(); } @Test -- To stop receiving notification emails like this one, please contact jinmeiliao@apache.org.