This is an automated email from the ASF dual-hosted git repository.

namelchev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git


The following commit(s) were added to refs/heads/master by this push:
     new 56a33decd41 IGNITE-21015 Added the security subject ID to the cluster 
state change event (#11075)
56a33decd41 is described below

commit 56a33decd41a88980af070c9c9429dde0b08c3f7
Author: Nikita Amelchev <[email protected]>
AuthorDate: Tue Dec 5 17:53:26 2023 +0300

    IGNITE-21015 Added the security subject ID to the cluster state change 
event (#11075)
---
 .../common/AbstractEventSecurityContextTest.java   |  3 +
 ...ClusterStateChangeEventSecurityContextTest.java | 68 ++++++++++++++++++++++
 .../client/suite/IgniteClientTestSuite.java        |  2 +
 .../events/ClusterStateChangeStartedEvent.java     | 21 ++++++-
 .../java/org/apache/ignite/events/EventType.java   |  2 +-
 .../cluster/GridClusterStateProcessor.java         |  4 +-
 6 files changed, 97 insertions(+), 3 deletions(-)

diff --git 
a/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
 
b/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
index 603169b8ef6..de0b11b7ead 100644
--- 
a/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
+++ 
b/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
@@ -37,6 +37,7 @@ import org.apache.ignite.configuration.IgniteConfiguration;
 import org.apache.ignite.events.CacheEvent;
 import org.apache.ignite.events.CacheQueryExecutedEvent;
 import org.apache.ignite.events.CacheQueryReadEvent;
+import org.apache.ignite.events.ClusterStateChangeStartedEvent;
 import org.apache.ignite.events.Event;
 import org.apache.ignite.events.JobEvent;
 import org.apache.ignite.events.TaskEvent;
@@ -184,6 +185,8 @@ public abstract class AbstractEventSecurityContextTest 
extends AbstractSecurityT
                     return ((TaskEvent)evt).subjectId();
                 else if (evt instanceof JobEvent)
                     return ((JobEvent)evt).taskSubjectId();
+                else if (evt instanceof ClusterStateChangeStartedEvent)
+                    return ((ClusterStateChangeStartedEvent)evt).subjectId();
                 else
                     throw new IgniteException();
             })
diff --git 
a/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
 
b/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
new file mode 100644
index 00000000000..401e45cb31f
--- /dev/null
+++ 
b/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.common;
+
+import java.util.function.Consumer;
+import org.apache.ignite.Ignite;
+import org.apache.ignite.Ignition;
+import org.apache.ignite.client.Config;
+import org.apache.ignite.client.IgniteClient;
+import org.apache.ignite.cluster.ClusterState;
+import org.apache.ignite.configuration.ClientConfiguration;
+import org.apache.ignite.internal.util.typedef.G;
+import org.junit.Test;
+
+import static java.util.Collections.singletonList;
+import static org.apache.ignite.cluster.ClusterState.ACTIVE;
+import static org.apache.ignite.cluster.ClusterState.ACTIVE_READ_ONLY;
+import static org.apache.ignite.cluster.ClusterState.INACTIVE;
+import static 
org.apache.ignite.events.EventType.EVT_CLUSTER_STATE_CHANGE_STARTED;
+
+/** Tests that security information specified in cluster state change event 
belongs to the operation initiator. */
+public class ClusterStateChangeEventSecurityContextTest extends 
AbstractEventSecurityContextTest {
+    /** {@inheritDoc} */
+    @Override protected int[] eventTypes() {
+        return new int[] {EVT_CLUSTER_STATE_CHANGE_STARTED};
+    }
+
+    /** */
+    @Test
+    public void testClusterStateChangeStartedEvent() throws Exception {
+        startGridAllowAll("crd");
+        startGridAllowAll("srv");
+        startClientAllowAll("cli");
+
+        for (Ignite grid : G.allGrids())
+            checkEvent(state -> grid.cluster().state(state), grid.name());
+
+        ClientConfiguration cfg = new ClientConfiguration()
+            .setAddresses(Config.SERVER)
+            .setUserName(THIN_CLIENT_LOGIN)
+            .setUserPassword("");
+
+        try (IgniteClient cli = Ignition.startClient(cfg)) {
+            checkEvent(state -> cli.cluster().state(state), THIN_CLIENT_LOGIN);
+        }
+    }
+
+    /** */
+    private void checkEvent(Consumer<ClusterState> call, String initiator) 
throws Exception {
+        for (ClusterState state : new ClusterState[]{INACTIVE, 
ACTIVE_READ_ONLY, ACTIVE})
+            checkEvents(() -> call.accept(state), 
singletonList(EVT_CLUSTER_STATE_CHANGE_STARTED), initiator);
+    }
+}
diff --git 
a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
 
b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
index 5f751e1601e..5637b65d83c 100644
--- 
a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
+++ 
b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
@@ -21,6 +21,7 @@ import 
org.apache.ignite.common.CacheCreateDestroyEventSecurityContextTest;
 import org.apache.ignite.common.CacheEventSecurityContextTest;
 import 
org.apache.ignite.common.ClientSideCacheCreationDestructionWileTopologyChangeTest;
 import org.apache.ignite.common.ClientSizeCacheCreationDestructionTest;
+import org.apache.ignite.common.ClusterStateChangeEventSecurityContextTest;
 import org.apache.ignite.common.ComputeTaskPermissionsTest;
 import org.apache.ignite.common.ComputeTaskRemoteSecurityContextTest;
 import org.apache.ignite.common.NodeSslConnectionMetricTest;
@@ -196,6 +197,7 @@ import org.junit.runners.Suite;
     CacheCreateDestroyEventSecurityContextTest.class,
     CacheEventSecurityContextTest.class,
     RebalanceCacheEventSecurityContextTest.class,
+    ClusterStateChangeEventSecurityContextTest.class,
     ComputeTaskPermissionsTest.class
 })
 public class IgniteClientTestSuite {
diff --git 
a/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
 
b/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
index 6f22de2d28f..6e698ba246d 100644
--- 
a/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
+++ 
b/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
@@ -17,12 +17,15 @@
 
 package org.apache.ignite.events;
 
+import java.util.UUID;
 import org.apache.ignite.IgniteEvents;
 import org.apache.ignite.cluster.ClusterNode;
 import org.apache.ignite.cluster.ClusterState;
 import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.internal.processors.security.IgniteSecurity;
 import org.apache.ignite.internal.util.typedef.internal.A;
 import org.apache.ignite.lang.IgnitePredicate;
+import org.jetbrains.annotations.Nullable;
 
 import static 
org.apache.ignite.events.EventType.EVT_CLUSTER_STATE_CHANGE_STARTED;
 
@@ -69,17 +72,22 @@ public class ClusterStateChangeStartedEvent extends 
EventAdapter {
     /** New cluster state. */
     private final ClusterState state;
 
+    /** Security subject ID. */
+    private final UUID subjId;
+
     /**
      * @param prevState Previous cluster state.
      * @param state New cluster state.
      * @param node Node.
      * @param msg Optional event message.
+     * @param subjId Subject ID.
      */
     public ClusterStateChangeStartedEvent(
         ClusterState prevState,
         ClusterState state,
         ClusterNode node,
-        String msg
+        String msg,
+        UUID subjId
     ) {
         super(node, msg, EVT_CLUSTER_STATE_CHANGE_STARTED);
 
@@ -88,6 +96,7 @@ public class ClusterStateChangeStartedEvent extends 
EventAdapter {
 
         this.state = state;
         this.prevState = prevState;
+        this.subjId = subjId;
     }
 
     /**
@@ -103,4 +112,14 @@ public class ClusterStateChangeStartedEvent extends 
EventAdapter {
     public ClusterState state() {
         return state;
     }
+
+    /**
+     * Gets security subject ID initiated state change.
+     *
+     * @return Subject ID if security is enabled, otherwise null.
+     * @see IgniteSecurity#enabled()
+     */
+    @Nullable public UUID subjectId() {
+        return subjId;
+    }
 }
diff --git a/modules/core/src/main/java/org/apache/ignite/events/EventType.java 
b/modules/core/src/main/java/org/apache/ignite/events/EventType.java
index 69716c3176f..669faab998b 100644
--- a/modules/core/src/main/java/org/apache/ignite/events/EventType.java
+++ b/modules/core/src/main/java/org/apache/ignite/events/EventType.java
@@ -857,7 +857,7 @@ public interface EventType {
     /**
      * Built-in event type: Cluster state change initiated.
      * <p>
-     * Fired when cluster deactivation process started.
+     * Fired when cluster state change process started.
      * <p>
      * NOTE: all types in range <b>from 1 to 1000 are reserved</b> for
      * internal Ignite events and should not be used by user-defined events.
diff --git 
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
 
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
index 8078bbe1f53..70ffdafeadf 100644
--- 
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
+++ 
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
@@ -74,6 +74,7 @@ import 
org.apache.ignite.internal.processors.cache.persistence.metastorage.ReadW
 import 
org.apache.ignite.internal.processors.cluster.baseline.autoadjust.BaselineAutoAdjustStatus;
 import 
org.apache.ignite.internal.processors.cluster.baseline.autoadjust.BaselineTopologyUpdater;
 import 
org.apache.ignite.internal.processors.configuration.distributed.DistributePropertyListener;
+import org.apache.ignite.internal.processors.security.SecurityUtils;
 import org.apache.ignite.internal.util.future.GridFinishedFuture;
 import org.apache.ignite.internal.util.future.GridFutureAdapter;
 import org.apache.ignite.internal.util.future.IgniteFinishedFutureImpl;
@@ -793,7 +794,8 @@ public class GridClusterStateProcessor extends 
GridProcessorAdapter implements I
                             state.state(),
                             newState.state(),
                             ctx.discovery().localNode(),
-                            "Cluster state change started."
+                            "Cluster state change started.",
+                            SecurityUtils.securitySubjectId(ctx)
                         ))
                     );
                 }

Reply via email to