This is an automated email from the ASF dual-hosted git repository.
namelchev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 56a33decd41 IGNITE-21015 Added the security subject ID to the cluster
state change event (#11075)
56a33decd41 is described below
commit 56a33decd41a88980af070c9c9429dde0b08c3f7
Author: Nikita Amelchev <[email protected]>
AuthorDate: Tue Dec 5 17:53:26 2023 +0300
IGNITE-21015 Added the security subject ID to the cluster state change
event (#11075)
---
.../common/AbstractEventSecurityContextTest.java | 3 +
...ClusterStateChangeEventSecurityContextTest.java | 68 ++++++++++++++++++++++
.../client/suite/IgniteClientTestSuite.java | 2 +
.../events/ClusterStateChangeStartedEvent.java | 21 ++++++-
.../java/org/apache/ignite/events/EventType.java | 2 +-
.../cluster/GridClusterStateProcessor.java | 4 +-
6 files changed, 97 insertions(+), 3 deletions(-)
diff --git
a/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
b/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
index 603169b8ef6..de0b11b7ead 100644
---
a/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/common/AbstractEventSecurityContextTest.java
@@ -37,6 +37,7 @@ import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.events.CacheEvent;
import org.apache.ignite.events.CacheQueryExecutedEvent;
import org.apache.ignite.events.CacheQueryReadEvent;
+import org.apache.ignite.events.ClusterStateChangeStartedEvent;
import org.apache.ignite.events.Event;
import org.apache.ignite.events.JobEvent;
import org.apache.ignite.events.TaskEvent;
@@ -184,6 +185,8 @@ public abstract class AbstractEventSecurityContextTest
extends AbstractSecurityT
return ((TaskEvent)evt).subjectId();
else if (evt instanceof JobEvent)
return ((JobEvent)evt).taskSubjectId();
+ else if (evt instanceof ClusterStateChangeStartedEvent)
+ return ((ClusterStateChangeStartedEvent)evt).subjectId();
else
throw new IgniteException();
})
diff --git
a/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
b/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
new file mode 100644
index 00000000000..401e45cb31f
--- /dev/null
+++
b/modules/clients/src/test/java/org/apache/ignite/common/ClusterStateChangeEventSecurityContextTest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.common;
+
+import java.util.function.Consumer;
+import org.apache.ignite.Ignite;
+import org.apache.ignite.Ignition;
+import org.apache.ignite.client.Config;
+import org.apache.ignite.client.IgniteClient;
+import org.apache.ignite.cluster.ClusterState;
+import org.apache.ignite.configuration.ClientConfiguration;
+import org.apache.ignite.internal.util.typedef.G;
+import org.junit.Test;
+
+import static java.util.Collections.singletonList;
+import static org.apache.ignite.cluster.ClusterState.ACTIVE;
+import static org.apache.ignite.cluster.ClusterState.ACTIVE_READ_ONLY;
+import static org.apache.ignite.cluster.ClusterState.INACTIVE;
+import static
org.apache.ignite.events.EventType.EVT_CLUSTER_STATE_CHANGE_STARTED;
+
+/** Tests that security information specified in cluster state change event
belongs to the operation initiator. */
+public class ClusterStateChangeEventSecurityContextTest extends
AbstractEventSecurityContextTest {
+ /** {@inheritDoc} */
+ @Override protected int[] eventTypes() {
+ return new int[] {EVT_CLUSTER_STATE_CHANGE_STARTED};
+ }
+
+ /** */
+ @Test
+ public void testClusterStateChangeStartedEvent() throws Exception {
+ startGridAllowAll("crd");
+ startGridAllowAll("srv");
+ startClientAllowAll("cli");
+
+ for (Ignite grid : G.allGrids())
+ checkEvent(state -> grid.cluster().state(state), grid.name());
+
+ ClientConfiguration cfg = new ClientConfiguration()
+ .setAddresses(Config.SERVER)
+ .setUserName(THIN_CLIENT_LOGIN)
+ .setUserPassword("");
+
+ try (IgniteClient cli = Ignition.startClient(cfg)) {
+ checkEvent(state -> cli.cluster().state(state), THIN_CLIENT_LOGIN);
+ }
+ }
+
+ /** */
+ private void checkEvent(Consumer<ClusterState> call, String initiator)
throws Exception {
+ for (ClusterState state : new ClusterState[]{INACTIVE,
ACTIVE_READ_ONLY, ACTIVE})
+ checkEvents(() -> call.accept(state),
singletonList(EVT_CLUSTER_STATE_CHANGE_STARTED), initiator);
+ }
+}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
index 5f751e1601e..5637b65d83c 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java
@@ -21,6 +21,7 @@ import
org.apache.ignite.common.CacheCreateDestroyEventSecurityContextTest;
import org.apache.ignite.common.CacheEventSecurityContextTest;
import
org.apache.ignite.common.ClientSideCacheCreationDestructionWileTopologyChangeTest;
import org.apache.ignite.common.ClientSizeCacheCreationDestructionTest;
+import org.apache.ignite.common.ClusterStateChangeEventSecurityContextTest;
import org.apache.ignite.common.ComputeTaskPermissionsTest;
import org.apache.ignite.common.ComputeTaskRemoteSecurityContextTest;
import org.apache.ignite.common.NodeSslConnectionMetricTest;
@@ -196,6 +197,7 @@ import org.junit.runners.Suite;
CacheCreateDestroyEventSecurityContextTest.class,
CacheEventSecurityContextTest.class,
RebalanceCacheEventSecurityContextTest.class,
+ ClusterStateChangeEventSecurityContextTest.class,
ComputeTaskPermissionsTest.class
})
public class IgniteClientTestSuite {
diff --git
a/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
b/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
index 6f22de2d28f..6e698ba246d 100644
---
a/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
+++
b/modules/core/src/main/java/org/apache/ignite/events/ClusterStateChangeStartedEvent.java
@@ -17,12 +17,15 @@
package org.apache.ignite.events;
+import java.util.UUID;
import org.apache.ignite.IgniteEvents;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.util.typedef.internal.A;
import org.apache.ignite.lang.IgnitePredicate;
+import org.jetbrains.annotations.Nullable;
import static
org.apache.ignite.events.EventType.EVT_CLUSTER_STATE_CHANGE_STARTED;
@@ -69,17 +72,22 @@ public class ClusterStateChangeStartedEvent extends
EventAdapter {
/** New cluster state. */
private final ClusterState state;
+ /** Security subject ID. */
+ private final UUID subjId;
+
/**
* @param prevState Previous cluster state.
* @param state New cluster state.
* @param node Node.
* @param msg Optional event message.
+ * @param subjId Subject ID.
*/
public ClusterStateChangeStartedEvent(
ClusterState prevState,
ClusterState state,
ClusterNode node,
- String msg
+ String msg,
+ UUID subjId
) {
super(node, msg, EVT_CLUSTER_STATE_CHANGE_STARTED);
@@ -88,6 +96,7 @@ public class ClusterStateChangeStartedEvent extends
EventAdapter {
this.state = state;
this.prevState = prevState;
+ this.subjId = subjId;
}
/**
@@ -103,4 +112,14 @@ public class ClusterStateChangeStartedEvent extends
EventAdapter {
public ClusterState state() {
return state;
}
+
+ /**
+ * Gets security subject ID initiated state change.
+ *
+ * @return Subject ID if security is enabled, otherwise null.
+ * @see IgniteSecurity#enabled()
+ */
+ @Nullable public UUID subjectId() {
+ return subjId;
+ }
}
diff --git a/modules/core/src/main/java/org/apache/ignite/events/EventType.java
b/modules/core/src/main/java/org/apache/ignite/events/EventType.java
index 69716c3176f..669faab998b 100644
--- a/modules/core/src/main/java/org/apache/ignite/events/EventType.java
+++ b/modules/core/src/main/java/org/apache/ignite/events/EventType.java
@@ -857,7 +857,7 @@ public interface EventType {
/**
* Built-in event type: Cluster state change initiated.
* <p>
- * Fired when cluster deactivation process started.
+ * Fired when cluster state change process started.
* <p>
* NOTE: all types in range <b>from 1 to 1000 are reserved</b> for
* internal Ignite events and should not be used by user-defined events.
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
index 8078bbe1f53..70ffdafeadf 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridClusterStateProcessor.java
@@ -74,6 +74,7 @@ import
org.apache.ignite.internal.processors.cache.persistence.metastorage.ReadW
import
org.apache.ignite.internal.processors.cluster.baseline.autoadjust.BaselineAutoAdjustStatus;
import
org.apache.ignite.internal.processors.cluster.baseline.autoadjust.BaselineTopologyUpdater;
import
org.apache.ignite.internal.processors.configuration.distributed.DistributePropertyListener;
+import org.apache.ignite.internal.processors.security.SecurityUtils;
import org.apache.ignite.internal.util.future.GridFinishedFuture;
import org.apache.ignite.internal.util.future.GridFutureAdapter;
import org.apache.ignite.internal.util.future.IgniteFinishedFutureImpl;
@@ -793,7 +794,8 @@ public class GridClusterStateProcessor extends
GridProcessorAdapter implements I
state.state(),
newState.state(),
ctx.discovery().localNode(),
- "Cluster state change started."
+ "Cluster state change started.",
+ SecurityUtils.securitySubjectId(ctx)
))
);
}