You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by jb...@apache.org on 2019/07/22 19:31:33 UTC
[geode-benchmarks] branch develop updated: User can run benchmarks
with SecurityManager (#91)
This is an automated email from the ASF dual-hosted git repository.
jbarrett pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-benchmarks.git
The following commit(s) were added to refs/heads/develop by this push:
new 051ec9b User can run benchmarks with SecurityManager (#91)
051ec9b is described below
commit 051ec9bcdcacbcedd441841a61c45a7989c403b2
Author: Murtuza Boxwala <mb...@pivotal.io>
AuthorDate: Mon Jul 22 15:31:28 2019 -0400
User can run benchmarks with SecurityManager (#91)
Co-authored-by: Murtuza Boxwala <mb...@pivotal.io>
Co-authored-by: Kamilla Aslami <ka...@pivotal.io>
---
.gitignore | 2 +
README.md | 19 +++---
geode-benchmarks/build.gradle | 1 +
.../benchmark/parameters/GeodeProperties.java | 43 ++++++++++++-
.../geode/benchmark/security/ExampleAuthInit.java | 66 ++++++++++++++++++++
.../apache/geode/benchmark/tasks/StartClient.java | 5 +-
.../apache/geode/benchmark/tasks/StartLocator.java | 5 +-
.../apache/geode/benchmark/tasks/StartServer.java | 6 +-
.../benchmark/topology/ClientServerTopology.java | 22 ++++---
.../topology/ClientServerTopologyTest.java | 36 +++++++----
.../geode/perftest/jvms/RemoteJVMFactory.java | 17 ++---
harness/src/main/resources/security.json | 72 ++++++++++++++++++++++
infrastructure/scripts/aws/README.md | 2 +-
13 files changed, 243 insertions(+), 53 deletions(-)
diff --git a/.gitignore b/.gitignore
index a60eafb..7ab8bfd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ out
build/
output*/
temp-self-signed.jks
+geode-benchmarks/security.json
+harness/security.json
diff --git a/README.md b/README.md
index 0387b6f..e3f6534 100644
--- a/README.md
+++ b/README.md
@@ -49,15 +49,16 @@ For example:
```
Options:
-
- -Phosts : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
- -PoutputDir : Results output directory (-PoutputDir=/tmp/results)
- -PtestJVM : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
- -PwithSsl : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
- --tests : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
- -d : Debug
- -i : Info
-
+```
+ -Phosts : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
+ -PoutputDir : Results output directory (-PoutputDir=/tmp/results)
+ -PtestJVM : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
+ -PwithSsl : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
+ -PwithSecurityManager : Flag to start Geode with the example implementation of SecurityManager
+ --tests : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
+ -d : Debug
+ -i : Info
+```
### Running in aws
This project includes some scripts to automate running benchmarks in AWS. See the
diff --git a/geode-benchmarks/build.gradle b/geode-benchmarks/build.gradle
index ffd8ab5..715b6b7 100644
--- a/geode-benchmarks/build.gradle
+++ b/geode-benchmarks/build.gradle
@@ -77,6 +77,7 @@ task benchmark(type: Test) {
systemProperty 'TEST_METADATA', project.findProperty('metadata')
systemProperty 'OUTPUT_DIR', outputDir
systemProperty 'withSsl', project.hasProperty('withSsl')
+ systemProperty 'withSecurityManager', project.hasProperty('withSecurityManager')
systemProperty 'benchmark.profiler.argument', project.findProperty('benchmark.profiler.argument')
doFirst {
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
index 0df623e..f3b8231 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java
@@ -26,6 +26,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.LOG_FILE_SIZE
import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL;
import static org.apache.geode.distributed.ConfigurationProperties.MEMBER_TIMEOUT;
import static org.apache.geode.distributed.ConfigurationProperties.REMOVE_UNRESPONSIVE_CLIENT;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
import static org.apache.geode.distributed.ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_SAMPLING_ENABLED;
@@ -34,6 +35,7 @@ import static org.apache.geode.security.SecurableCommunicationChannels.ALL;
import java.util.Properties;
+import org.apache.geode.benchmark.security.ExampleAuthInit;
public class GeodeProperties {
@@ -55,12 +57,12 @@ public class GeodeProperties {
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
properties.setProperty(SERIALIZABLE_OBJECT_FILTER, "benchmark.geode.data.**");
- return properties;
+ return withOptions(properties);
}
public static Properties locatorProperties() {
// Locator properties are the same as the server properties right now
- return serverProperties();
+ return withOptions(serverProperties());
}
public static Properties clientProperties() {
@@ -71,12 +73,47 @@ public class GeodeProperties {
properties.setProperty(STATISTIC_SAMPLING_ENABLED, "true");
properties.setProperty(MEMBER_TIMEOUT, "8000");
- return properties;
+ properties.setProperty("security-username", "superUser");
+ properties.setProperty("security-password", "123");
+ properties.setProperty("security-client-auth-init", ExampleAuthInit.class.getName());
+
+ return withOptions(properties);
}
+ public static Properties withSecurityManager(Properties properties) {
+ properties.setProperty(SECURITY_MANAGER,
+ "org.apache.geode.examples.security.ExampleSecurityManager");
+ properties.setProperty("security-username", "superUser");
+ properties.setProperty("security-password", "123");
+ return properties;
+ }
public static Properties withSsl(Properties properties) {
properties.setProperty(SSL_ENABLED_COMPONENTS, ALL);
return properties;
}
+
+ private static boolean isSecurityManagerEnabled() {
+ return isPropertySet("withSecurityManager");
+ }
+
+ private static boolean isSslEnabled() {
+ return isPropertySet("withSsl");
+ }
+
+ private static boolean isPropertySet(String withSecurityManager) {
+ String withSecurityManagerArg = System.getProperty(withSecurityManager);
+ return withSecurityManagerArg != null && withSecurityManagerArg.equals("true");
+ }
+
+ private static Properties withOptions(Properties properties) {
+ if (isSslEnabled()) {
+ properties = withSsl(properties);
+ }
+
+ if (isSecurityManagerEnabled()) {
+ properties = withSecurityManager(properties);
+ }
+ return properties;
+ }
}
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/security/ExampleAuthInit.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/security/ExampleAuthInit.java
new file mode 100644
index 0000000..42050df
--- /dev/null
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/security/ExampleAuthInit.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geode.benchmark.security;
+
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthInitialize;
+import org.apache.geode.security.AuthenticationFailedException;
+
+public class ExampleAuthInit implements AuthInitialize {
+
+ private static final String USER_NAME = "security-username";
+ private static final String PASSWORD = "security-password";
+
+ private static final String INSECURE_PASSWORD_FOR_EVERY_USER = "123";
+
+ /**
+ * The implementer would use their existing infrastructure (e.g., ldap) here to populate these
+ * properties with the user credentials. These properties will in turn be handled by the
+ * implementer's design of SecurityManager to authenticate users and authorize operations.
+ */
+ @Override
+ public Properties getCredentials(Properties securityProps) throws AuthenticationFailedException {
+ Properties credentials = new Properties();
+ String userName = securityProps.getProperty(USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException(
+ "ExampleAuthInit: user name property [" + USER_NAME + "] not set.");
+ }
+ credentials.setProperty(USER_NAME, userName);
+ credentials.setProperty(PASSWORD, INSECURE_PASSWORD_FOR_EVERY_USER);
+ return credentials;
+ }
+
+ @Override
+ public void close() {}
+
+ @Override
+ @Deprecated
+ public void init(LogWriter systemLogger, LogWriter securityLogger)
+ throws AuthenticationFailedException {}
+
+ @Override
+ @Deprecated
+ public Properties getCredentials(Properties securityProps, DistributedMember server,
+ boolean isPeer) throws AuthenticationFailedException {
+ return getCredentials(securityProps);
+ }
+}
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartClient.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartClient.java
index c116938..77bb847 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartClient.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartClient.java
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;
import static org.apache.geode.benchmark.parameters.GeodeProperties.clientProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
import java.io.File;
import java.net.InetAddress;
@@ -47,9 +46,7 @@ public class StartClient implements Task {
InetAddress locator = context.getHostsForRole("locator").iterator().next();
String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
- String withSslArg = System.getProperty("withSsl");
- Properties properties = (withSslArg != null)
- ? withSsl(clientProperties()) : clientProperties();
+ Properties properties = clientProperties();
ClientCache clientCache = new ClientCacheFactory(properties)
.setPdxSerializer(new ReflectionBasedAutoSerializer("benchmark.geode.data.*"))
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartLocator.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartLocator.java
index dede5c6..c5f53ff 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartLocator.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartLocator.java
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;
import static org.apache.geode.benchmark.parameters.GeodeProperties.locatorProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
import java.io.File;
import java.net.InetAddress;
@@ -41,9 +40,7 @@ public class StartLocator implements Task {
@Override
public void run(TestContext context) throws Exception {
- String withSslArg = System.getProperty("withSsl");
- Properties properties = (withSslArg != null)
- ? withSsl(locatorProperties()) : locatorProperties();
+ Properties properties = locatorProperties();
String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
properties.setProperty(ConfigurationProperties.STATISTIC_ARCHIVE_FILE, statsFile);
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartServer.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartServer.java
index cd50e88..99b1543 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartServer.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartServer.java
@@ -18,7 +18,6 @@
package org.apache.geode.benchmark.tasks;
import static org.apache.geode.benchmark.parameters.GeodeProperties.serverProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
import java.io.File;
import java.net.InetAddress;
@@ -45,9 +44,8 @@ public class StartServer implements Task {
@Override
public void run(TestContext context) throws Exception {
- String withSslArg = System.getProperty("withSsl");
- Properties properties = (withSslArg != null)
- ? withSsl(serverProperties()) : serverProperties();
+
+ Properties properties = serverProperties();
String locatorString = LocatorUtil.getLocatorString(context, locatorPort);
String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
diff --git a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/topology/ClientServerTopology.java b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/topology/ClientServerTopology.java
index 20d20fb..384fa92 100644
--- a/geode-benchmarks/src/main/java/org/apache/geode/benchmark/topology/ClientServerTopology.java
+++ b/geode-benchmarks/src/main/java/org/apache/geode/benchmark/topology/ClientServerTopology.java
@@ -49,7 +49,8 @@ public class ClientServerTopology {
static final int NUM_LOCATORS = 1;
static final int NUM_SERVERS = 2;
static final int NUM_CLIENTS = 1;
- private static final String WITH_SSL_ARGUMENT = "-DwithSsl";
+ private static final String WITH_SSL_ARGUMENT = "-DwithSsl=true";
+ private static final String WITH_SECURITY_MANAGER_ARGUMENT = "-DwithSecurityManager=true";
public static void configure(TestConfig testConfig) {
testConfig.role(LOCATOR, NUM_LOCATORS);
@@ -68,19 +69,24 @@ public class ClientServerTopology {
testConfig.jvmArgs(SERVER, JVM8_ARGS);
}
- String withSslArg = System.getProperty("withSsl");
- if (withSslArg != null && withSslArg.equals("true")) {
- logger.info("Configuring JVMs to run with SSL enabled");
- testConfig.jvmArgs(CLIENT, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
- testConfig.jvmArgs(LOCATOR, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
- testConfig.jvmArgs(SERVER, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
- }
+ addToTestConfig(testConfig, "withSsl", WITH_SSL_ARGUMENT);
+ addToTestConfig(testConfig, "withSecurityManager", WITH_SECURITY_MANAGER_ARGUMENT);
testConfig.before(new StartLocator(LOCATOR_PORT), LOCATOR);
testConfig.before(new StartServer(LOCATOR_PORT), SERVER);
testConfig.before(new StartClient(LOCATOR_PORT), CLIENT);
}
+ private static void addToTestConfig(TestConfig testConfig, String systemPropertyKey,
+ String jvmArgument) {
+ if (Boolean.getBoolean(systemPropertyKey)) {
+ logger.info("Configuring JVMs to run with " + jvmArgument);
+ testConfig.jvmArgs(CLIENT, jvmArgument);
+ testConfig.jvmArgs(LOCATOR, jvmArgument);
+ testConfig.jvmArgs(SERVER, jvmArgument);
+ }
+ }
+
private static final String[] appendIfNotEmpty(String[] a, String b) {
if (null == b || b.length() == 0) {
return a;
diff --git a/geode-benchmarks/src/test/java/org/apache/geode/benchmark/topology/ClientServerTopologyTest.java b/geode-benchmarks/src/test/java/org/apache/geode/benchmark/topology/ClientServerTopologyTest.java
index fd95157..fe5aa64 100644
--- a/geode-benchmarks/src/test/java/org/apache/geode/benchmark/topology/ClientServerTopologyTest.java
+++ b/geode-benchmarks/src/test/java/org/apache/geode/benchmark/topology/ClientServerTopologyTest.java
@@ -17,6 +17,7 @@ package org.apache.geode.benchmark.topology;
import static org.apache.geode.benchmark.parameters.JVMParameters.JVM8_ARGS;
+import static org.apache.geode.benchmark.parameters.JVMParameters.JVM_ARGS;
import static org.assertj.core.api.Assertions.assertThat;
import org.junit.jupiter.api.AfterEach;
@@ -32,6 +33,7 @@ public class ClientServerTopologyTest {
@AfterEach
public void clearProperties() {
System.clearProperty("withSsl");
+ System.clearProperty("withSecurityManager");
}
@Test
@@ -39,14 +41,14 @@ public class ClientServerTopologyTest {
System.setProperty("withSsl", "true");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
+ assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
}
@Test
public void configWithNoSsl() {
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
+ assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl=true");
}
@Test
@@ -54,36 +56,44 @@ public class ClientServerTopologyTest {
System.setProperty("java.runtime.version", "1.8.0_212");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
}
@Test
- public void configWithJava9OrHigher() {
+ public void configWithJava9() {
System.setProperty("java.runtime.version", "9.0.1");
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
}
@Test
- public void configWithSslAndJava8() {
- System.setProperty("withSsl", "true");
- System.setProperty("java.runtime.version", "1.8.0_212");
+ public void configWithoutSecurityManager() {
TestConfig testConfig = new TestConfig();
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
- assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
+ assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSecurityManager=true");
}
@Test
- public void configWithSslAndJava9() {
- System.setProperty("withSsl", "true");
+ public void configWithSecurityManager() {
+ System.setProperty("withSecurityManager", "true");
+ TestConfig testConfig = new TestConfig();
+ ClientServerTopology.configure(testConfig);
+ assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
+ }
+
+ @Test
+ public void configWithSecurityManagerAndSslAndJava9() {
+ System.setProperty("withSecurityManager", "true");
System.setProperty("java.runtime.version", "9.0.1");
+ System.setProperty("withSsl", "true");
TestConfig testConfig = new TestConfig();
+
ClientServerTopology.configure(testConfig);
- assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
+
+ assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
+ assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
+ assertThat(testConfig.getJvmArgs().get("client")).contains(JVM_ARGS);
assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
}
}
diff --git a/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java b/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
index 7eb84a5..665d726 100644
--- a/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
+++ b/harness/src/main/java/org/apache/geode/perftest/jvms/RemoteJVMFactory.java
@@ -17,11 +17,13 @@
package org.apache.geode.perftest.jvms;
+
import static java.util.concurrent.TimeUnit.DAYS;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -41,6 +43,7 @@ import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
+import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.tools.keytool.CertAndKeyGen;
@@ -66,8 +69,8 @@ public class RemoteJVMFactory {
public static final String OUTPUT_DIR = "OUTPUT_DIR";
public static final String JVM_ID = "JVM_ID";
public static final int RMI_PORT = 33333;
- public static final String CLASSPATH = System.getProperty("java.class.path");
- public static final String JAVA_HOME = System.getProperty("java.home");
+ private static final String CLASSPATH = System.getProperty("java.class.path");
+ private static final String JAVA_HOME = System.getProperty("java.home");
private final JVMLauncher jvmLauncher;
private final ClassPathCopier classPathCopier;
private final ControllerFactory controllerFactory;
@@ -118,6 +121,11 @@ public class RemoteJVMFactory {
File keyStore = createKeystore();
infra.copyToNodes(Arrays.asList(keyStore), node -> getLibDir(mapping, node), false);
+ InputStream inputStream = getClass().getClassLoader().getResourceAsStream("security.json");
+ File file = new File("security.json");
+ FileUtils.copyInputStreamToFile(inputStream, file);
+ infra.copyToNodes(Arrays.asList(file), node -> getLibDir(mapping, node), false);
+
CompletableFuture<Void> processesExited = jvmLauncher.launchProcesses(infra, RMI_PORT, mapping);
if (!controller.waitForWorkers(5, TimeUnit.MINUTES)) {
@@ -139,11 +147,6 @@ public class RemoteJVMFactory {
.getLibDir();
}
- private String getOutputDir(List<JVMMapping> mapping, Infrastructure.Node node) {
- return getJvmMapping(mapping, node)
- .getOutputDir();
- }
-
private File createKeystore()
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException,
NoSuchProviderException, InvalidKeyException, SignatureException {
diff --git a/harness/src/main/resources/security.json b/harness/src/main/resources/security.json
new file mode 100644
index 0000000..9d401cd
--- /dev/null
+++ b/harness/src/main/resources/security.json
@@ -0,0 +1,72 @@
+{
+ "roles": [
+ {
+ "name": "data",
+ "operationsAllowed": [
+ "DATA:MANAGE",
+ "DATA:WRITE",
+ "DATA:READ"
+ ]
+ },
+ {
+ "name": "cluster",
+ "operationsAllowed": [
+ "CLUSTER:MANAGE",
+ "CLUSTER:WRITE",
+ "CLUSTER:READ"
+ ]
+ },
+ {
+ "name": "region1data",
+ "operationsAllowed": [
+ "DATA:MANAGE",
+ "DATA:WRITE",
+ "DATA:READ"
+ ],
+ "regions": ["region1"]
+ },
+ {
+ "name": "dataReader",
+ "operationsAllowed": [
+ "DATA:READ"
+ ]
+ },
+ {
+ "name": "dataWriter",
+ "operationsAllowed": [
+ "DATA:WRITE"
+ ]
+ }
+ ],
+ "users": [
+ {
+ "name": "superUser",
+ "password": "123",
+ "roles": [
+ "cluster",
+ "data"
+ ]
+ },
+ {
+ "name": "region1dataAdmin",
+ "password": "123",
+ "roles": [
+ "region1data"
+ ]
+ },
+ {
+ "name": "dataReader",
+ "password": "123",
+ "roles": [
+ "dataReader"
+ ]
+ },
+ {
+ "name": "dataWriter",
+ "password": "123",
+ "roles": [
+ "dataWriter"
+ ]
+ }
+ ]
+}
diff --git a/infrastructure/scripts/aws/README.md b/infrastructure/scripts/aws/README.md
index 227fb01..badff0a 100644
--- a/infrastructure/scripts/aws/README.md
+++ b/infrastructure/scripts/aws/README.md
@@ -172,7 +172,7 @@ monitor the test.
## Example
```bash
-./launch_cluster --tag profiling --count 4
+./launch_cluster.sh --tag profiling --count 4
./copy_to_cluster.sh --tag profiling -- /Applications/YourKit-Java-Profiler-2019.1.app/Contents/Resources/bin/linux-x86-64/libyjpagent.so .
./run_tests.sh --tag profiling --geode-branch develop -- -i -Pbenchmark.profiler.argument=-agentpath:/home/geode/libyjpagent.so=disablestacktelemetry,exceptions=disable,delay=60000,sessionname=JVM_ROLE-JVM_ID
./destroy_cluster.sh --tag profiling