You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sa...@apache.org on 2021/09/03 07:27:58 UTC
[cassandra-dtest] 01/02: Extend network auth test to check
deprecated mbean name
This is an automated email from the ASF dual-hosted git repository.
samt pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git
commit 0ef8be46f8f729c80662a03fd515b6fe108531c8
Author: Sam Tunnicliffe <sa...@beobal.com>
AuthorDate: Tue Aug 17 14:26:45 2021 +0100
Extend network auth test to check deprecated mbean name
Patch by Sam Tunnicliffe; reviewed by Aleksei Zotov for
CASSANDRA-16404
---
auth_test.py | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/auth_test.py b/auth_test.py
index df57fb0..ca2056c 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -3079,8 +3079,8 @@ class TestNetworkAuth(Tester):
with JolokiaAgent(node) as jmx:
jmx.execute_method(mbean, 'invalidate')
- def clear_network_auth_cache(self, node):
- mbean = make_mbean('auth', type='NetworkAuthCache')
+ def clear_network_auth_cache(self, node, cache_name='NetworkPermissionsCache'):
+ mbean = make_mbean('auth', type=cache_name)
with JolokiaAgent(node) as jmx:
jmx.execute_method(mbean, 'invalidate')
@@ -3101,16 +3101,25 @@ class TestNetworkAuth(Tester):
if a user's access to a dc is revoked while they're connected,
all of their requests should fail once the cache is cleared
"""
- username = self.username()
- self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username)
- self.assertConnectsTo(username, self.dc1_node)
- self.assertConnectsTo(username, self.dc2_node)
-
- # connect to the dc2 node, then remove permission for it
- session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password')
- self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username)
- self.clear_network_auth_cache(self.dc2_node)
- self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl"))
+ def test_revoked_access(cache_name):
+ logger.debug('Testing with cache name: %s' % cache_name)
+ username = self.username()
+ self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username)
+ self.assertConnectsTo(username, self.dc1_node)
+ self.assertConnectsTo(username, self.dc2_node)
+
+ # connect to the dc2 node, then remove permission for it
+ session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password')
+ self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username)
+ self.clear_network_auth_cache(self.dc2_node, cache_name)
+ self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl"))
+
+ if self.dtest_config.cassandra_version_from_build > '4.0':
+ test_revoked_access("NetworkPermissionsCache")
+
+ # deprecated cache name, scheduled for removal in 5.0
+ if self.dtest_config.cassandra_version_from_build < '5.0':
+ test_revoked_access("NetworkAuthCache")
def test_create_dc_validation(self):
"""
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org