ignite-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
Date Fri, 04 Oct 2019 15:58:44 GMT
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
URL: https://github.com/apache/ignite/pull/6904#discussion_r331573583
 
 

 ##########
 File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java
 ##########
 @@ -23,51 +23,106 @@
 import java.util.function.Consumer;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.IgniteCache;
-import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest;
+import org.apache.ignite.internal.processors.security.AbstractSecurityTest;
 import org.apache.ignite.plugin.security.SecurityException;
+import org.apache.ignite.plugin.security.SecurityPermission;
+import org.apache.ignite.plugin.security.SecurityPermissionSet;
 import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 import static java.util.Collections.singletonMap;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE;
+import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER;
 import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause;
 
 /**
  * Test CRUD cache permissions.
  */
 @RunWith(JUnit4.class)
-public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest
{
-    /** */
+public class CacheOperationPermissionCheckTest extends AbstractSecurityTest {
+    /** New cache for tests. */
+    protected static final String NEW_CACHE = "NEW_CACHE";
+
+    /** Cache name for tests. */
+    protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE";
+
+    /** Forbidden caches. */
+    protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE";
+    protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE";
+
+    /**
+     *
+     */
     @Test
-    public void testServerNode() throws Exception {
+    public void testServerCrudCacheNode() throws Exception {
         testCrudCachePermissions(false);
     }
 
-    /** */
+    /**
+     *
+     */
     @Test
-    public void testClientNode() throws Exception {
+    public void testClientCrudCacheNode() throws Exception {
         testCrudCachePermissions(true);
     }
 
+    /**
+     *
+     */
+    @Test
+    public void testServerCrudCacheSystemNode() throws Exception {
+        testCrudCacheSystemPermissions(false);
+    }
+
+    /**
+     *
+     */
+    @Test
+    public void testClientCrudCacheSystemNode() throws Exception {
+        testCrudCacheSystemPermissions(true);
+    }
+
     /**
      * @param isClient True if is client mode.
      * @throws Exception If failed.
      */
     private void testCrudCachePermissions(boolean isClient) throws Exception {
-        Ignite node = startGrid(loginPrefix(isClient) + "_test_node",
-            SecurityPermissionSetBuilder.create()
-                .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE)
-                .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient);
+        String login = isClient ? "client" : "server";
+        Ignite node = startGrid(login + "_test_node",
+            getSecurityPermissionSet(JOIN_AS_SERVER),
+            isClient);
 
-        for (Consumer<IgniteCache<String, String>> c : operations()) {
-            c.accept(node.cache(CACHE_NAME));
+        node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption
+        node.createCache(ALL_PERM_TEST_CACHE);
+        node.createCache(CREATE_TEST_CACHE);
 
-            assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class);
-        }
+        assertThrowsWithCause(() -> node.createCache(EMPTY_PERM_TEST_CACHE), SecurityException.class);
+
+        checkOperations(node);
+
+        assertThrowsWithCause(() -> node.cache(CREATE_TEST_CACHE).destroy(), SecurityException.class);
+    }
+
+    private void testCrudCacheSystemPermissions(boolean isClient) throws Exception {
+        String login = isClient ? "client" : "server";
+        Ignite node = startGrid(login + "_test_node",
+            getSecurityPermissionSet(JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY),
+            isClient);
+
+        node.createCache(NEW_CACHE);
+        node.createCache(ALL_PERM_TEST_CACHE);
+        node.createCache(CREATE_TEST_CACHE);
+        node.createCache(EMPTY_PERM_TEST_CACHE);
+
+        checkOperations(node);
+
+        node.cache(CREATE_TEST_CACHE).destroy();
 
 Review comment:
   This check makes sense for other caches, too.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message