You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sa...@apache.org on 2021/09/03 07:27:58 UTC

[cassandra-dtest] 01/02: Extend network auth test to check deprecated mbean name

This is an automated email from the ASF dual-hosted git repository.

samt pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git

commit 0ef8be46f8f729c80662a03fd515b6fe108531c8
Author: Sam Tunnicliffe <sa...@beobal.com>
AuthorDate: Tue Aug 17 14:26:45 2021 +0100

    Extend network auth test to check deprecated mbean name
    
    Patch by Sam Tunnicliffe; reviewed by Aleksei Zotov for
    CASSANDRA-16404
---
 auth_test.py | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/auth_test.py b/auth_test.py
index df57fb0..ca2056c 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -3079,8 +3079,8 @@ class TestNetworkAuth(Tester):
         with JolokiaAgent(node) as jmx:
             jmx.execute_method(mbean, 'invalidate')
 
-    def clear_network_auth_cache(self, node):
-        mbean = make_mbean('auth', type='NetworkAuthCache')
+    def clear_network_auth_cache(self, node, cache_name='NetworkPermissionsCache'):
+        mbean = make_mbean('auth', type=cache_name)
         with JolokiaAgent(node) as jmx:
             jmx.execute_method(mbean, 'invalidate')
 
@@ -3101,16 +3101,25 @@ class TestNetworkAuth(Tester):
         if a user's access to a dc is revoked while they're connected,
         all of their requests should fail once the cache is cleared
         """
-        username = self.username()
-        self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username)
-        self.assertConnectsTo(username, self.dc1_node)
-        self.assertConnectsTo(username, self.dc2_node)
-
-        # connect to the dc2 node, then remove permission for it
-        session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password')
-        self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username)
-        self.clear_network_auth_cache(self.dc2_node)
-        self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl"))
+        def test_revoked_access(cache_name):
+            logger.debug('Testing with cache name: %s' % cache_name)
+            username = self.username()
+            self.create_user("CREATE ROLE %s WITH password = 'password' AND LOGIN = true", username)
+            self.assertConnectsTo(username, self.dc1_node)
+            self.assertConnectsTo(username, self.dc2_node)
+
+            # connect to the dc2 node, then remove permission for it
+            session = self.exclusive_cql_connection(self.dc2_node, user=username, password='password')
+            self.superuser.execute("ALTER ROLE %s WITH ACCESS TO DATACENTERS {'dc1'}" % username)
+            self.clear_network_auth_cache(self.dc2_node, cache_name)
+            self.assertUnauthorized(lambda: session.execute("SELECT * FROM ks.tbl"))
+
+        if self.dtest_config.cassandra_version_from_build > '4.0':
+            test_revoked_access("NetworkPermissionsCache")
+
+        # deprecated cache name, scheduled for removal in 5.0
+        if self.dtest_config.cassandra_version_from_build < '5.0':
+            test_revoked_access("NetworkAuthCache")
 
     def test_create_dc_validation(self):
         """

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org