[
https://issues.apache.org/jira/browse/GEODE-3974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16322977#comment-16322977
]
ASF GitHub Bot commented on GEODE-3974:
---------------------------------------
sboorlagadda closed pull request #1265: GEODE-3974: Improve permissions for
geode-connectors functions
URL: https://github.com/apache/geode/pull/1265
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterConnectionFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterConnectionFunction.java
index 7ac8240753..68a3cb7a22 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterConnectionFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterConnectionFunction.java
@@ -14,6 +14,8 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Map;
import org.apache.geode.annotations.Experimental;
@@ -23,6 +25,8 @@
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class AlterConnectionFunction
@@ -86,4 +90,9 @@ private CliFunctionResult createSuccessResult(String
connectionName, String memb
String message = "Altered JDBC connection " + connectionName + " on " +
member;
return new CliFunctionResult(member, xmlEntity, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterMappingFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterMappingFunction.java
index f7f0045007..9d44c46c06 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterMappingFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterMappingFunction.java
@@ -14,6 +14,8 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Map;
import org.apache.geode.annotations.Experimental;
@@ -23,6 +25,8 @@
import
org.apache.geode.connectors.jdbc.internal.RegionMappingNotFoundException;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class AlterMappingFunction extends JdbcCliFunction<RegionMapping,
CliFunctionResult> {
@@ -84,4 +88,9 @@ private CliFunctionResult createSuccessResult(String
connectionName, String memb
String message = "Altered JDBC connection " + connectionName + " on " +
member;
return new CliFunctionResult(member, xmlEntity, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateConnectionFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateConnectionFunction.java
index 55b435844d..65c5301814 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateConnectionFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateConnectionFunction.java
@@ -14,6 +14,9 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import
org.apache.geode.connectors.jdbc.internal.ConnectionConfigExistsException;
@@ -21,6 +24,8 @@
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class CreateConnectionFunction
@@ -53,4 +58,9 @@ private CliFunctionResult createSuccessResult(String
connectionName, String memb
String message = "Created JDBC connection " + connectionName + " on " +
member;
return new CliFunctionResult(member, xmlEntity, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateMappingFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateMappingFunction.java
index a7fb1a5d74..2b5f0467ec 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateMappingFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateMappingFunction.java
@@ -14,6 +14,9 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
@@ -21,6 +24,8 @@
import org.apache.geode.connectors.jdbc.internal.RegionMappingExistsException;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class CreateMappingFunction extends JdbcCliFunction<RegionMapping,
CliFunctionResult> {
@@ -57,4 +62,9 @@ private CliFunctionResult createSuccessResult(String
regionName, String member,
String message = "Created JDBC mapping for region " + regionName + " on "
+ member;
return new CliFunctionResult(member, xmlEntity, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeConnectionFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeConnectionFunction.java
index 73c1cb8983..9f3feca749 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeConnectionFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeConnectionFunction.java
@@ -14,10 +14,15 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class DescribeConnectionFunction extends JdbcCliFunction<String,
ConnectionConfiguration> {
@@ -31,4 +36,9 @@ ConnectionConfiguration
getFunctionResult(JdbcConnectorService service,
FunctionContext<String> context) {
return service.getConnectionConfig(context.getArguments());
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeMappingFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeMappingFunction.java
index 49c56a3188..d8b54a03df 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeMappingFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeMappingFunction.java
@@ -14,10 +14,15 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.connectors.jdbc.internal.RegionMapping;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class DescribeMappingFunction extends JdbcCliFunction<String,
RegionMapping> {
@@ -30,4 +35,9 @@
RegionMapping getFunctionResult(JdbcConnectorService service,
FunctionContext<String> context) {
return service.getMappingForRegion(context.getArguments());
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyConnectionFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyConnectionFunction.java
index e69710db8e..de8135300d 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyConnectionFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyConnectionFunction.java
@@ -14,12 +14,17 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class DestroyConnectionFunction extends JdbcCliFunction<String,
CliFunctionResult> {
@@ -76,4 +81,9 @@ private CliFunctionResult createNotFoundResult(String member,
String connectionN
String message = "Connection named \"" + connectionName + "\" not found";
return new CliFunctionResult(member, false, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyMappingFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyMappingFunction.java
index 643aea6bcc..9f739ed760 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyMappingFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyMappingFunction.java
@@ -14,12 +14,17 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.connectors.jdbc.internal.RegionMapping;
import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class DestroyMappingFunction extends JdbcCliFunction<String,
CliFunctionResult> {
@@ -76,4 +81,9 @@ private CliFunctionResult createNotFoundResult(String member,
String regionName)
String message = "Region mapping for region \"" + regionName + "\" not
found";
return new CliFunctionResult(member, false, message);
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/JdbcCliFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/JdbcCliFunction.java
index 3cc583d597..fc39da0840 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/JdbcCliFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/JdbcCliFunction.java
@@ -14,12 +14,17 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
+
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.Function;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.internal.InternalEntity;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public abstract class JdbcCliFunction<T1, T2> implements Function<T1>,
InternalEntity {
@@ -54,6 +59,11 @@ public void execute(FunctionContext<T1> context) {
}
}
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+ }
+
String getMember(FunctionContext<T1> context) {
return argumentProvider.getMember(context);
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListConnectionFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListConnectionFunction.java
index 58866a6f5c..23926bc118 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListConnectionFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListConnectionFunction.java
@@ -14,12 +14,16 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Set;
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class ListConnectionFunction extends JdbcCliFunction<Void,
ConnectionConfiguration[]> {
@@ -42,4 +46,9 @@
private Set<ConnectionConfiguration>
getConnectionConfigs(JdbcConnectorService service) {
return service.getConnectionConfigs();
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+ }
}
diff --git
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListMappingFunction.java
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListMappingFunction.java
index 7b472e191d..15497a0105 100644
---
a/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListMappingFunction.java
+++
b/geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListMappingFunction.java
@@ -14,12 +14,16 @@
*/
package org.apache.geode.connectors.jdbc.internal.cli;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Set;
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.execute.FunctionContext;
import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
import org.apache.geode.connectors.jdbc.internal.RegionMapping;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
@Experimental
public class ListMappingFunction extends JdbcCliFunction<Void,
RegionMapping[]> {
@@ -41,4 +45,9 @@
private Set<RegionMapping> getRegionMappings(JdbcConnectorService service) {
return service.getRegionMappings();
}
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String
regionName) {
+ return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+ }
}
diff --git
a/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java
b/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java
new file mode 100644
index 0000000000..050bfc833a
--- /dev/null
+++
b/geode-connectors/src/test/java/org/apache/geode/connectors/jdbc/internal/cli/JDBCConnectorFunctionsSecurityTest.java
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.connectors.jdbc.internal.cli;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.execute.Function;
+import org.apache.geode.cache.execute.FunctionContext;
+import org.apache.geode.cache.execute.FunctionService;
+import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
+import org.apache.geode.examples.SimpleSecurityManager;
+import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.rules.ConnectionConfiguration;
+import org.apache.geode.test.junit.rules.GfshCommandRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
+
+class InheritsDefaultPermissionsJDBCFunction extends JdbcCliFunction<String,
CliFunctionResult> {
+
+ InheritsDefaultPermissionsJDBCFunction() {
+ super(new FunctionContextArgumentProvider(), new ExceptionHandler());
+ }
+
+ @Override
+ CliFunctionResult getFunctionResult(JdbcConnectorService service,
+ FunctionContext<String> context) {
+ return new CliFunctionResult();
+ }
+}
+
+
+@Category({IntegrationTest.class, SecurityException.class})
+public class JDBCConnectorFunctionsSecurityTest {
+
+ private static Function alterConnectionFunction = new
AlterConnectionFunction();
+ private static Function alterMappingFunction = new AlterMappingFunction();
+ private static Function createConnectionFunction = new
CreateConnectionFunction();
+ private static Function createMappingFunction = new CreateMappingFunction();
+ private static Function describeConnectionFunction = new
DescribeConnectionFunction();
+ private static Function describeMappingFunction = new
DescribeMappingFunction();
+ private static Function destroyConnectionFunction = new
DestroyConnectionFunction();
+ private static Function destroyMappingFunction = new
DestroyMappingFunction();
+ private static Function listConnectionFunction = new
ListConnectionFunction();
+ private static Function listMappingFunction = new ListMappingFunction();
+ private static Function inheritsDefaultPermissionsFunction =
+ new InheritsDefaultPermissionsJDBCFunction();
+
+ @ClassRule
+ public static ServerStarterRule server = new
ServerStarterRule().withJMXManager()
+ .withSecurityManager(SimpleSecurityManager.class).withAutoStart();
+
+ @Rule
+ public GfshCommandRule gfsh =
+ new GfshCommandRule(server::getJmxPort,
GfshCommandRule.PortType.jmxManager);
+
+ @BeforeClass
+ public static void setupClass() {
+ FunctionService.registerFunction(alterConnectionFunction);
+ FunctionService.registerFunction(alterMappingFunction);
+ FunctionService.registerFunction(createConnectionFunction);
+ FunctionService.registerFunction(createMappingFunction);
+ FunctionService.registerFunction(describeConnectionFunction);
+ FunctionService.registerFunction(describeMappingFunction);
+ FunctionService.registerFunction(destroyConnectionFunction);
+ FunctionService.registerFunction(destroyMappingFunction);
+ FunctionService.registerFunction(listConnectionFunction);
+ FunctionService.registerFunction(listMappingFunction);
+ FunctionService.registerFunction(inheritsDefaultPermissionsFunction);
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForAlterConnectionFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
alterConnectionFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForAlterMappingFunction() throws Exception
{
+ gfsh.executeAndAssertThat("execute function --id=" +
alterMappingFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForCreateConnectionFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
createConnectionFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForCreateMappingFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
createMappingFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForDescribeConnectionFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
describeConnectionFunction.getId())
+ .containsOutput("not authorized for CLUSTER:READ").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForDescribeMappingFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
describeMappingFunction.getId())
+ .containsOutput("not authorized for CLUSTER:READ").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForDestroyConnectionFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
destroyConnectionFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForDestroyMappingFunction() throws
Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
destroyMappingFunction.getId())
+ .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+ }
+
+ @Test
+ @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+ public void testInvalidPermissionsForFunctionInheritingDefaultPermissions()
throws Exception {
+ gfsh.executeAndAssertThat("execute function --id=" +
inheritsDefaultPermissionsFunction.getId())
+ .containsOutput("not authorized for CLUSTER:READ").statusIsSuccess();
+ }
+}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> improve permission for Internal functions
> -----------------------------------------
>
> Key: GEODE-3974
> URL: https://issues.apache.org/jira/browse/GEODE-3974
> Project: Geode
> Issue Type: Bug
> Components: docs, management
> Reporter: Jinmei Liao
> Fix For: 1.5.0
>
>
> Internal functions needs to be updated to require appropriate permissions
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
