You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/12/06 16:13:00 UTC
[jira] [Commented] (GEODE-7351) Verify constraints when changing
the MethodInvocationAuthorizer
[ https://issues.apache.org/jira/browse/GEODE-7351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989921#comment-16989921 ]
ASF subversion and git services commented on GEODE-7351:
--------------------------------------------------------
Commit a4e45142b5026b84849fe286a90aa5b45f5b16b6 in geode's branch refs/heads/develop from Juan José Ramos
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=a4e4514 ]
GEODE-7351: OQL Method Authorizer Constraints (#4416)
Added distributed tests to verify the required constraints are met
whenever the MethodInvocationAuthorizer is changed in runtime.
- Once the authorizer is changed, all queries executed afterwards
should use the newly configured authorizer.
- Once a query execution starts, the authorizer used can not be
changed for that particular query.
- Continuous queries already running should pick up the new authorizer
the next time the query is internally executed to detect whether an
event matches or not. If the CQ has methods not allowed by the newly
configured authorizer, any matching events from that moment on should
invoke 'onError' instead of 'onEvent' on the associated 'CqListener'.
- Indexes should pick up the newly configured authorizer the next time
an entry is added or removed from the index, and the index itself
should be marked as invalid if it uses method invocations not allowed
by the newly configured authorizer.
> Verify constraints when changing the MethodInvocationAuthorizer
> ---------------------------------------------------------------
>
> Key: GEODE-7351
> URL: https://issues.apache.org/jira/browse/GEODE-7351
> Project: Geode
> Issue Type: Improvement
> Components: querying, tests
> Reporter: Juan Ramos
> Assignee: Juan Ramos
> Priority: Major
> Labels: GeodeCommons
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> Add concurrent distributed tests to make sure the following conditions are met once there is an API implemented to change the {{MethodInvocationAuthorizer}} in runtime:
> * Once a query execution starts, the {{MethodInvocationAuthorizer}} used *can not be changed* for that particular query.
> * Once the {{MethodInvocationAuthorizer}} is changed through the API or the {{alter-query-service}} command, *all queries executed afterwards* use the newly configured {{MethodInvocationAuthorizer}}.
> * Any _continuous query_ already running should pick up the new {{MethodInvocationAuthorizer}} the *next time the query is internally executed* to detect whether a cache event matches or not. If the _continuous query_ has methods that are not authorized by the newly configured {{MethodInvocationAuthorizer}}, then any matching events from that moment on should invoke {{CqListener.onError}} instead of {{CqListener.onEvent}}.
> * Any configured _index_ should pick up the newly configured {{MethodInvocationAuthorizer}} the *next time an entry is added or removed from the index (regular region operations)*, and the index should be marked as invalid if it uses method invocations not authorized by the newly configured {{MethodInvocationAuthorizer}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)