geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-2920) secure disk-store as a resource
Date Wed, 21 Jun 2017 21:33:00 GMT

    [ https://issues.apache.org/jira/browse/GEODE-2920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16058293#comment-16058293
] 

ASF GitHub Bot commented on GEODE-2920:
---------------------------------------

GitHub user PurelyApplied opened a pull request:

    https://github.com/apache/geode/pull/596

    GEODE-2920 - GEODE-2925: Finer Grained Security

    Due to the size of this commit and for your convenience of review, I have not yet squashed
my commits.  Do note that I have not individually tested each individual commit for stability
and each internal commit is meant only for ease of review.
    
    The commit message to be included in the final, squashed version of this PR is present
in the `8fe19ca`... commit, and reproduced below.
    
    TODO: 
    [ ] Is your initial contribution a single, squashed commit?
    
    -----
    
    This commit represents the actual Finer Grained Security changes.
    GEODE-2920 - GEODE-2925: Migration of security from DATA:MANAGE
    * DATA:MANAGE -> CLUSTER:MANAGE
    *
    * configure pdx
    * import cluster-configuration
    * LockServiceMXBean.becomeLockGrantor
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:DISK
    *
    * compact disk-store
    * create disk-store
    * destroy disk-store
    * revoke missing-disk-store
    * DiskStoreMXBean.forceRoll
    * DiskStoreMXBean.forceCompaction
    * DiskStoreMXBean.flush
    * DiskStoreMXBean.setDiskUsageWarningPercentage
    * DiskStoreMXBean.setDiskUsageCriticalPercentage
    * DistributedSystemMXBean.revokeMissingDiskStores
    * MemberMXBean.compactAllDistStores
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:GATEWAY
    *
    * create gateway-receiver
    * create gateway-sender
    * destroy gateway-sender
    * load-balance gateway-sender
    * pause gateway-sender
    * resume gateway-sender
    * start gateway-receiver
    * start gateway-sender
    * stop gateway-receiver
    * stop gateway-sender
    * GatewayReceiverMXBean.start
    * GatewayReceiverMXBean.stop
    * GatewaySenderMXBean.start
    * GatewaySenderMXBean.stop
    * GatewaySenderMXBean.pause
    * GatewaySenderMXBean.resume
    * GatewaySenderMXBean.rebalance
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:JAR
    *
    * create async-event-queue (Requires CLUSTER:WRITE:DISK if persistent)
    * destroy function
    * undeploy
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:QUERY
    *
    * clear defined indexes
    * close durable-client
    * close durable-cq
    * create defined indexes
    * stop continuous-query
    * CacheServerMXBean.closeAllContinuousQuery
    * CacheServerMXBean.closeContinuousQuery
    * DistributedSystemMXBean.setQueryResultSetLimit
    * DistributedSystemMXBean.setQueryCollectionsDepth
    *
    * DATA:READ -> CLUSTER:READ
    *
    * list region
    *
    * DATA:MANAGE -> [None]
    *
    * pdx rename
    *
    * DATA:READ -> DATA:READ and CLUSTER:WRITE:DISK
    *
    * backup disk-store
    * DistributedSystemMXBean.backupAllMembers
    *
    * DATA:MANAGE:RegionName -> CLUSTER:MANAGE:QUERY
    *
    * create index
    * create lucene index (also requires CLUSTER:WRITE:DISK)
    * define index
    * destroy lucene index
    *
    * DATA:MANAGE, DATA:WRITE, CLUSTER:MANAGE, and CLUSTER:WRITE -> CLUSTER:MANAGE:JAR
    *
    * deploy
    *
    * DATA:MANAGE or DATA:MANAGE:RegionName -> CLUSTER:MANAGE:QUERY
    *
    * destroy index
    *
    * CLUSTER:READ -> CLUSTER:READ:QUERY
    *
    * describe lucene index
    * list index
    * list lucene indexes
    *
    * DATA:WRITE -> DATA:READ:Region
    *
    * search lucene index
    *
    * DATA:MANAGE -> DATA:MANAGE and CLUSTER:WRITE:DISK if persistent
    *
    * create region

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/PurelyApplied/geode geode-2924

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/geode/pull/596.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #596
    
----
commit 8b14112094fd49bfc7638cc952f8d322d5bd50e7
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T17:51:32Z

    For ease of viewing, this commit covers all necessary imports.

commit 8fe19ca6ff3e51aed601537afb8e23c3e85569a1
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T18:59:13Z

    This commit represents the actual Finer Grained Security changes.
    
    GEODE-2920 - GEODE-2925: Migration of security from DATA:MANAGE
    * DATA:MANAGE -> CLUSTER:MANAGE
    *
    * configure pdx
    * import cluster-configuration
    * LockServiceMXBean.becomeLockGrantor
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:DISK
    *
    * compact disk-store
    * create disk-store
    * destroy disk-store
    * revoke missing-disk-store
    * DiskStoreMXBean.forceRoll
    * DiskStoreMXBean.forceCompaction
    * DiskStoreMXBean.flush
    * DiskStoreMXBean.setDiskUsageWarningPercentage
    * DiskStoreMXBean.setDiskUsageCriticalPercentage
    * DistributedSystemMXBean.revokeMissingDiskStores
    * MemberMXBean.compactAllDistStores
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:GATEWAY
    *
    * create gateway-receiver
    * create gateway-sender
    * destroy gateway-sender
    * load-balance gateway-sender
    * pause gateway-sender
    * resume gateway-sender
    * start gateway-receiver
    * start gateway-sender
    * stop gateway-receiver
    * stop gateway-sender
    * GatewayReceiverMXBean.start
    * GatewayReceiverMXBean.stop
    * GatewaySenderMXBean.start
    * GatewaySenderMXBean.stop
    * GatewaySenderMXBean.pause
    * GatewaySenderMXBean.resume
    * GatewaySenderMXBean.rebalance
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:JAR
    *
    * create async-event-queue (Requires CLUSTER:WRITE:DISK if persistent)
    * destroy function
    * undeploy
    *
    * DATA:MANAGE -> CLUSTER:MANAGE:QUERY
    *
    * clear defined indexes
    * close durable-client
    * close durable-cq
    * create defined indexes
    * stop continuous-query
    * CacheServerMXBean.closeAllContinuousQuery
    * CacheServerMXBean.closeContinuousQuery
    * DistributedSystemMXBean.setQueryResultSetLimit
    * DistributedSystemMXBean.setQueryCollectionsDepth
    *
    * DATA:READ -> CLUSTER:READ
    *
    * list region
    *
    * DATA:MANAGE -> [None]
    *
    * pdx rename
    *
    * DATA:READ -> DATA:READ and CLUSTER:WRITE:DISK
    *
    * backup disk-store
    * DistributedSystemMXBean.backupAllMembers
    *
    * DATA:MANAGE:RegionName -> CLUSTER:MANAGE:QUERY
    *
    * create index
    * create lucene index (also requires CLUSTER:WRITE:DISK)
    * define index
    * destroy lucene index
    *
    * DATA:MANAGE, DATA:WRITE, CLUSTER:MANAGE, and CLUSTER:WRITE -> CLUSTER:MANAGE:JAR
    *
    * deploy
    *
    * DATA:MANAGE or DATA:MANAGE:RegionName -> CLUSTER:MANAGE:QUERY
    *
    * destroy index
    *
    * CLUSTER:READ -> CLUSTER:READ:QUERY
    *
    * describe lucene index
    * list index
    * list lucene indexes
    *
    * DATA:WRITE -> DATA:READ:Region
    *
    * search lucene index
    *
    * DATA:MANAGE -> DATA:MANAGE and CLUSTER:WRITE:DISK if persistent
    * create region

commit e3e1fd1d415601343614a16abebca357ef1cc858
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T19:06:22Z

    Cleanup: removing redundant public on interface methods
    
    Also minor typos in comments of the associated interfaces.
    Correction of MemberMXBean.getInitialImagesInProgres_s_

commit 8fdc98930172434526bf4d6f12bbfd696332646b
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T19:09:58Z

    Cleanup: Renaming of ContunuousQueryFunction -> ContinuousQueryFunction

commit 2796cece5512976fea8b7c47be9724ea67506ac4
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T19:11:18Z

    Security-related tests updated to reflect new security values.

commit 9e4157ba591578c56f74d9699515eee710ead62f
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Date:   2017-06-21T19:14:32Z

    Cleanup: General refactoring of touched files, paying off some of the acrued technical
debt

----


> secure disk-store as a resource
> -------------------------------
>
>                 Key: GEODE-2920
>                 URL: https://issues.apache.org/jira/browse/GEODE-2920
>             Project: Geode
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Swapnil Bawaskar
>
> Treat DISK as a CLUSTER resource so that administrators can control the ability to manage
diskstores/create regions that will write to disk stores.
> Only a user with CLUSTER:MANAGE:DISK should be able to run the following gfsh commands:
> {noformat}
> create disk-store
> alter disk-store
> compact disk-store
> destroy disk-store
> revoke missing-disk-store
> {noformat}
> And the following JMX bean methods:
> {noformat}
> DiskStoreMXBean.forceCompaction
> DiskStoreMXBean.flush
> DiskStoreMXBean.forceRoll
> DiskStoreMXBean.setDiskUsageCriticalPercentage
> DiskStoreMXBean.setDiskUsageWarningPercentage
> DistributedSystemMXBean.revokeMissingDiskStores
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message