[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r375219542 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCreateDestroyCheckTest.java ## @@ -48,96 +48,177 @@ /** Forbidden cache. */ protected static final String FORBIDDEN_CACHE = "FORBIDDEN_CACHE"; -/** */ +/** Cache permissions. */ +private Map cachePerms = new HashMap<>(); + +/** Security permission set. */ +private Set secPermSet = new HashSet<>(); Review comment: I think 'sys' should be a part of name. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r375226971 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/rest/handlers/cache/CacheOperationPermissionRestCommandHandlerCheckTest.java ## @@ -0,0 +1,442 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.rest.handlers.cache; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.processors.rest.GridRestCommand; +import org.apache.ignite.internal.processors.rest.GridRestResponse; +import org.apache.ignite.internal.processors.rest.handlers.GridRestCommandHandler; +import org.apache.ignite.internal.processors.rest.handlers.cache.GridCacheCommandHandler; +import org.apache.ignite.internal.processors.rest.request.GridRestCacheRequest; +import org.apache.ignite.internal.processors.rest.request.GridRestRequest; +import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; +import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import org.apache.ignite.plugin.security.SecurityException; +import org.junit.Test; + +import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.*; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; + +/** + * Test CRUD, create and destroy cache permissions with rest commands handler. + */ +public class CacheOperationPermissionRestCommandHandlerCheckTest extends GridCommonAbstractTest { +/** Empty permission. */ +private static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + +/** Cache name for tests. */ +private static final String CACHE_NAME = "TEST_CACHE"; + +/** Forbidden cache. */ +private static final String FORBIDDEN_CACHE_NAME = "FORBIDDEN_TEST_CACHE"; + +/** New cache. */ +private static final String NEW_TEST_CACHE = "NEW_TEST_CACHE"; + +/** Key. */ +private String key = "key"; + +/** Value. */ +private String val = "value"; + +/** New value. */ +private String newVal = "newValue"; + +/** Cache permissions. */ +private Map cachePerms = new HashMap<>(); + +/** Security permission set. */ +private Set secPermSet = new HashSet<>(); + +/** Default allow all. */ +private boolean dfltAllowAll; + +/** Handler. */ +private GridRestCommandHandler hnd; + +/** {@inheritDoc} */ +@Override protected IgniteConfiguration getConfiguration() throws Exception { +TcpDiscoverySpi disco = new TcpDiscoverySpi(); + +disco.setIpFinder(new TcpDiscoveryVmIpFinder(true)); + +IgniteConfiguration cfg = super.getConfiguration(); + +cfg.setDiscoverySpi(disco); + +SecurityPermissionSetBuilder builder = SecurityPermissionSetBuilder.create(); + +builder.defaultAllowAll(dfltAllowAll); + +cachePerms.forEach((builder::appendCachePermissions)); +secPermSet.forEach(builder::appendSystemPermissions); + +cfg.setDataStorageConfiguration( +new DataStorageConfiguration() +.setDefaultDataRegionConfiguration( +new DataRegionConfiguration() +.setPersistenceEnabled(true) +) +) +.setAuthenticationEnabled(true) +.setPluginProviders( +new
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r375222496 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/rest/handlers/cache/CacheOperationPermissionRestCommandHandlerCheckTest.java ## @@ -42,48 +40,45 @@ import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.apache.ignite.plugin.security.SecurityException; -import org.junit.FixMethodOrder; import org.junit.Test; -import org.junit.runners.MethodSorters; import static java.util.Collections.singletonMap; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; -import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; +import static org.apache.ignite.plugin.security.SecurityPermission.*; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD, create and destroy cache permissions with rest commands handler. */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) public class CacheOperationPermissionRestCommandHandlerCheckTest extends GridCommonAbstractTest { /** Empty permission. */ private static final SecurityPermission[] EMPTY_PERM = new SecurityPermission[0]; /** Cache name for tests. */ private static final String CACHE_NAME = "TEST_CACHE"; -/** Create cache name. */ -private static final String CREATE_CACHE_NAME = "CREATE_TEST_CACHE"; - /** Forbidden cache. */ private static final String FORBIDDEN_CACHE_NAME = "FORBIDDEN_TEST_CACHE"; /** New cache. */ private static final String NEW_TEST_CACHE = "NEW_TEST_CACHE"; +/** Key. */ private String key = "key"; + +/** Value. */ private String val = "value"; +/** New value. */ +private String newVal = "newValue"; + /** Cache perms. */ private Map cachePerms = new HashMap<>(); + /** Security permission set. */ -private Set securityPermissionSet = new HashSet<>(); +private Set secPermSet = new HashSet<>(); Review comment: I think 'sys' should be a part of name. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r346425878 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCreateDestroyCheckTest.java ## @@ -0,0 +1,163 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache; + +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.function.Consumer; + +import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.*; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; + +/** + * Test create and destroy cache permissions. + */ +@RunWith(JUnit4.class) +public class CacheOperationPermissionCreateDestroyCheckTest extends AbstractSecurityTest { +/** New test cache. */ +protected static final String NEW_TEST_CACHE = "NEW_CACHE"; +/** Cache name. */ +protected static final String TEST_CACHE = "TEST_CACHE"; +/** Forbidden cache. */ Review comment: newline This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r346425769 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCreateDestroyCheckTest.java ## @@ -0,0 +1,163 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache; + +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.function.Consumer; + +import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.*; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; + +/** + * Test create and destroy cache permissions. + */ +@RunWith(JUnit4.class) +public class CacheOperationPermissionCreateDestroyCheckTest extends AbstractSecurityTest { +/** New test cache. */ +protected static final String NEW_TEST_CACHE = "NEW_CACHE"; +/** Cache name. */ Review comment: newline This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331553546 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; Review comment: Please add separate comments: the difference is not obvious. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331589905 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(true); +} + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { -Ignite node = startGrid(loginPrefix(isClient) + "_test_node", -SecurityPermissionSetBuilder.create() -.appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) -.appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); +String login = isClient ? "client" : "server"; +Ignite node = startGrid(login + "_test_node", +getSecurityPermissionSet(JOIN_AS_SERVER), +isClient); -for (Consumer> c : operations()) { -c.accept(node.cache(CACHE_NAME)); +node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption +node.createCache(ALL_PERM_TEST_CACHE); +node.createCache(CREATE_TEST_CACHE); -assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class); -} +assertThrowsWithCause(() -> node.createCache(EMPTY_PERM_TEST_CACHE), SecurityException.class); + +checkOperations(node); + +assertThrowsWithCause(() -> node.cache(CREATE_TEST_CACHE).destroy(), SecurityException.class); Review comment: What about other caches? We should also check here wheter their destruction succeeds/fails. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331589093 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -82,12 +137,50 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { c -> c.containsKey("key"), c -> c.remove("key"), c -> c.removeAll(Collections.singleton("key")), -IgniteCache::clear, c -> c.replace("key", "value"), c -> c.putIfAbsent("key", "value"), c -> c.getAndPut("key", "value"), c -> c.getAndRemove("key"), -c -> c.getAndReplace("key", "value") +c -> c.getAndReplace("key", "value"), +IgniteCache::clear ); } + +protected void checkOperations(Ignite node) { +for (Consumer> c : operations()) { +c.accept(node.cache(ALL_PERM_TEST_CACHE)); +c.accept(node.cache(NEW_CACHE)); // if defaultAllowAll == false, there will be exeption + +assertThrowsWithCause(() -> c.accept(node.cache(CREATE_TEST_CACHE)), SecurityException.class); +} +} + +protected SecurityPermissionSet getSecurityPermissionSet(SecurityPermission... systemPerms) { Review comment: It's better to inline this method. Then we'll get some code duplication, but test method will be more understandable. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331573583 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(true); +} + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { -Ignite node = startGrid(loginPrefix(isClient) + "_test_node", -SecurityPermissionSetBuilder.create() -.appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) -.appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); +String login = isClient ? "client" : "server"; +Ignite node = startGrid(login + "_test_node", +getSecurityPermissionSet(JOIN_AS_SERVER), +isClient); -for (Consumer> c : operations()) { -c.accept(node.cache(CACHE_NAME)); +node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption +node.createCache(ALL_PERM_TEST_CACHE); +node.createCache(CREATE_TEST_CACHE); -assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class); -} +assertThrowsWithCause(() -> node.createCache(EMPTY_PERM_TEST_CACHE), SecurityException.class); + +checkOperations(node); + +assertThrowsWithCause(() -> node.cache(CREATE_TEST_CACHE).destroy(), SecurityException.class); +} + +private void testCrudCacheSystemPermissions(boolean isClient) throws Exception { +String login = isClient ? "client" : "server"; +Ignite node = startGrid(login + "_test_node", +getSecurityPermissionSet(JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY), +isClient); + +node.createCache(NEW_CACHE); +node.createCache(ALL_PERM_TEST_CACHE); +node.createCache(CREATE_TEST_CACHE); +node.createCache(EMPTY_PERM_TEST_CACHE); + +checkOperations(node); + +node.cache(CREATE_TEST_CACHE).destroy(); Review comment: This check makes sense for other caches, too.
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331570584 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(true); +} + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { -Ignite node = startGrid(loginPrefix(isClient) + "_test_node", -SecurityPermissionSetBuilder.create() -.appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) -.appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); +String login = isClient ? "client" : "server"; +Ignite node = startGrid(login + "_test_node", +getSecurityPermissionSet(JOIN_AS_SERVER), +isClient); -for (Consumer> c : operations()) { -c.accept(node.cache(CACHE_NAME)); +node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption Review comment: I propose to change a bit: "This won't fail since defaultAllowAll is true." This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331569810 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { Review comment: Superclass can be reverted. Then test methods can reuse loginPrefix(). This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331559395 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(true); +} + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { -Ignite node = startGrid(loginPrefix(isClient) + "_test_node", -SecurityPermissionSetBuilder.create() -.appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) -.appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); +String login = isClient ? "client" : "server"; +Ignite node = startGrid(login + "_test_node", +getSecurityPermissionSet(JOIN_AS_SERVER), +isClient); -for (Consumer> c : operations()) { -c.accept(node.cache(CACHE_NAME)); +node.createCache(NEW_CACHE); // if defaultAllowAll == false, there will be exeption +node.createCache(ALL_PERM_TEST_CACHE); +node.createCache(CREATE_TEST_CACHE); -assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class); -} +assertThrowsWithCause(() -> node.createCache(EMPTY_PERM_TEST_CACHE), SecurityException.class); + +checkOperations(node); + +assertThrowsWithCause(() -> node.cache(CREATE_TEST_CACHE).destroy(), SecurityException.class); +} + +private void testCrudCacheSystemPermissions(boolean isClient) throws Exception { Review comment: testCrudWithSystemPermissions This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331559226 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(true); +} + /** * @param isClient True if is client mode. * @throws Exception If failed. */ private void testCrudCachePermissions(boolean isClient) throws Exception { Review comment: testCrudWithCachePermissions This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331554066 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { Review comment: testCrudWithCachePermissionsOnClientNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331558857 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { Review comment: testCrudWithSystemPermissionsOnServerNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331559011 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { testCrudCachePermissions(true); } +/** + * + */ +@Test +public void testServerCrudCacheSystemNode() throws Exception { +testCrudCacheSystemPermissions(false); +} + +/** + * + */ +@Test +public void testClientCrudCacheSystemNode() throws Exception { Review comment: testCrudWithSystemPermissionsOnClientNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331553960 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { Review comment: testCrudWithCachePermissionsOnServerNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331554066 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { testCrudCachePermissions(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { +public void testClientCrudCacheNode() throws Exception { Review comment: testCacheCrudClientNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331553960 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; + +/** + * + */ @Test -public void testServerNode() throws Exception { +public void testServerCrudCacheNode() throws Exception { Review comment: testCacheCrudServerNode This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r331553546 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -23,51 +23,106 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ +public class CacheOperationPermissionCheckTest extends AbstractSecurityTest { +/** New cache for tests. */ +protected static final String NEW_CACHE = "NEW_CACHE"; + +/** Cache name for tests. */ +protected static final String ALL_PERM_TEST_CACHE = "ALL_PERM_TEST_CACHE"; + +/** Forbidden caches. */ +protected static final String CREATE_TEST_CACHE = "CREATE_TEST_CACHE"; +protected static final String EMPTY_PERM_TEST_CACHE = "EMPTY_PERM_TEST_CACHE"; Review comment: Please add separate comments: the difference is not obvious. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r330672022 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -31,41 +31,58 @@ import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ + +private final String NEW_CACHE="NEW_CACHE"; +/** + * + */ @Test -public void testServerNode() throws Exception { -testCrudCachePermissions(false); +public void testServerNodeAllowAll() throws Exception { +testCrudCachePermissionsAllowAll(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { -testCrudCachePermissions(true); +public void testClientNodeAllowAll() throws Exception { Review comment: No need to rename the method. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r330672080 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -31,41 +31,58 @@ import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ + +private final String NEW_CACHE="NEW_CACHE"; +/** + * + */ @Test -public void testServerNode() throws Exception { -testCrudCachePermissions(false); +public void testServerNodeAllowAll() throws Exception { +testCrudCachePermissionsAllowAll(false); } -/** */ +/** + * + */ @Test -public void testClientNode() throws Exception { -testCrudCachePermissions(true); +public void testClientNodeAllowAll() throws Exception { +testCrudCachePermissionsAllowAll(true); } /** * @param isClient True if is client mode. * @throws Exception If failed. */ -private void testCrudCachePermissions(boolean isClient) throws Exception { +private void testCrudCachePermissionsAllowAll(boolean isClient) throws Exception { Review comment: No need to rename the method. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r330671952 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java ## @@ -31,41 +31,58 @@ import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. */ @RunWith(JUnit4.class) public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { -/** */ + +private final String NEW_CACHE="NEW_CACHE"; +/** + * + */ @Test -public void testServerNode() throws Exception { -testCrudCachePermissions(false); +public void testServerNodeAllowAll() throws Exception { Review comment: No need to rename the method. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ignite] andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220
andrey-kuznetsov commented on a change in pull request #6904: IGNITE-12220 URL: https://github.com/apache/ignite/pull/6904#discussion_r330671047 ## File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityContext.java ## @@ -110,7 +110,7 @@ public boolean operationAllowed(String opName, SecurityPermission perm) { * @param perm Permission. */ private boolean hasPermission(Collection perms, SecurityPermission perm) { -if (perms == null) +if (perms==null) Review comment: It was OK. Roll it back, please. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services