From notifications-return-7225-archive-asf-public=cust-asf.ponee.io@ignite.apache.org Fri Oct 4 15:58:45 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8C940180674 for ; Fri, 4 Oct 2019 17:58:45 +0200 (CEST) Received: (qmail 5361 invoked by uid 500); 4 Oct 2019 15:58:45 -0000 Mailing-List: contact notifications-help@ignite.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ignite.apache.org Delivered-To: mailing list notifications@ignite.apache.org Received: (qmail 5347 invoked by uid 99); 4 Oct 2019 15:58:44 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Oct 2019 15:58:44 +0000 From: GitBox To: notifications@ignite.apache.org Subject: [GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 Message-ID: <157020472489.4399.17894247538101711537.gitbox@gitbox.apache.org> Date: Fri, 04 Oct 2019 15:58:44 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331573583 ########## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ########## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { + /** New cache for tests. */ + protected static final String NEW_CACHE = "NEW_CACHE"; + + /** Cache name for tests. */ + protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + + /** Forbidden caches. */ + protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; + protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + + /** + * + */ @Test - public void testServerNode() throws Exception { + public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } - /** */ + /** + * + */ @Test - public void testClientNode() throws Exception { + public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } + /** + * + */ + @Test + public void testServerCrudCacheSystemNode() throws Exception { + testCrudCacheSystemPermissions(false); + } + + /** + * + */ + @Test + public void testClientCrudCacheSystemNode() throws Exception { + testCrudCacheSystemPermissions(true); + } + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - SecurityPermissionSetBuilder.create() - .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); + String login = isClient ? "client" : "server"; + Ignite node = startGrid(login + "_test_node", + getSecurityPermissionSet(JOIN_AS_SERVER), + isClient); - for (Consumer> c : operations()) { - c.accept(node.cache(CACHE_NAME)); + node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption + node.createCache(ALL_PERM_TEST_CACHE); + node.createCache(CREATE_TEST_CACHE); - assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class); - } + assertThrowsWithCause(() -> node.createCache(EMPTY_PERM_TEST_CACHE), SecurityException.class); + + checkOperations(node); + + assertThrowsWithCause(() -> node.cache(CREATE_TEST_CACHE).destroy(), SecurityException.class); + } + + private void testCrudCacheSystemPermissions(boolean isClient) throws Exception { + String login = isClient ? "client" : "server"; + Ignite node = startGrid(login + "_test_node", + getSecurityPermissionSet(JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY), + isClient); + + node.createCache(NEW_CACHE); + node.createCache(ALL_PERM_TEST_CACHE); + node.createCache(CREATE_TEST_CACHE); + node.createCache(EMPTY_PERM_TEST_CACHE); + + checkOperations(node); + + node.cache(CREATE_TEST_CACHE).destroy(); Review comment: This check makes sense for other caches, too. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org With regards, Apache Git Services