This is an automated email from the ASF dual-hosted git repository. samt pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git
commit 0ef8be46f8f729c80662a03fd515b6fe108531c8 Author: Sam Tunnicliffe <[email protected]> AuthorDate: Tue Aug 17 14:26:45 2021 +0100 Extend network auth test to check deprecated mbean name Patch by Sam Tunnicliffe; reviewed by Aleksei Zotov for CASSANDRA-16404 --- auth_test.py | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/auth_test.py b/auth_test.py index df57fb0..ca2056c 100644 --- a/auth_test.py +++ b/auth_test.py @@ -3079,8 +3079,8 @@ class TestNetworkAuth(Tester): with JolokiaAgent(node) as jmx: jmx.execute_method(mbean, 'invalidate') - def clear_network_auth_cache(self, node): - mbean = make_mbean('auth', type='NetworkAuthCache') + def clear_network_auth_cache(self, node, cache_name='NetworkPermissionsCache'): + mbean = make_mbean('auth', type=cache_name) with JolokiaAgent(node) as jmx: jmx.execute_method(mbean, 'invalidate') @@ -3101,16 +3101,25 @@ class TestNetworkAuth(Tester): if a user's access to a dc is revoked while they're connected, all of their requests should fail once the cache is cleared """ - username = self.username() - self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username) - self.assertConnectsTo(username, self.dc1_node) - self.assertConnectsTo(username, self.dc2_node) - - # connect to the dc2 node, then remove permission for it - session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password') - self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username) - self.clear_network_auth_cache(self.dc2_node) - self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl")) + def test_revoked_access(cache_name): + logger.debug('Testing with cache name: %s' % cache_name) + username = self.username() + self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username) + self.assertConnectsTo(username, self.dc1_node) + self.assertConnectsTo(username, self.dc2_node) + + # connect to the dc2 node, then remove permission for it + session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password') + self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username) + self.clear_network_auth_cache(self.dc2_node, cache_name) + self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl")) + + if self.dtest_config.cassandra_version_from_build > '4.0': + test_revoked_access("NetworkPermissionsCache") + + # deprecated cache name, scheduled for removal in 5.0 + if self.dtest_config.cassandra_version_from_build < '5.0': + test_revoked_access("NetworkAuthCache") def test_create_dc_validation(self): """ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
