You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/04/01 19:35:33 UTC
incubator-geode git commit: GEODE-17: ensure a successful shutdown
command is run last in this test
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-17-2 8d96191de -> 58860cc13
GEODE-17: ensure a successful shutdown command is run last in this test
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/58860cc1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/58860cc1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/58860cc1
Branch: refs/heads/feature/GEODE-17-2
Commit: 58860cc139c6584a8d8e75f9d18bb22ba473ad27
Parents: 8d96191
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Fri Apr 1 10:35:21 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Apr 1 10:35:21 2016 -0700
----------------------------------------------------------------------
.../security/AllCliCommandsSecurityTest.java | 236 ++++++++++---------
1 file changed, 125 insertions(+), 111 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/58860cc1/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
index 5d88074..0586cef 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
@@ -22,160 +22,172 @@ import com.gemstone.gemfire.management.MemberMXBean;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
import org.junit.ClassRule;
+import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.junit.runners.MethodSorters;
-import java.util.HashMap;
+import java.util.LinkedHashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
+/**
+ * tests will be run alphabetically, in this test class, we run non-admin test first,
+ * since we don't want to have the server stopped for the rest of the tests.
+ */
+
@Category(IntegrationTest.class)
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class AllCliCommandsSecurityTest {
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private MemberMXBean bean;
- private Map<String, String> perms = new HashMap<>();
+ // use LinkedHashMap to preserve order. We need to execute shutdown command last
+ private Map<String, String> commands = new LinkedHashMap<>();
public AllCliCommandsSecurityTest() {
// ClientCommands
- perms.put("list clients", "CLIENT:LIST");
- perms.put("describe client --clientID=172.16.196.144", "CLIENT:LIST");
+ commands.put("list clients", "CLIENT:LIST");
+ commands.put("describe client --clientID=172.16.196.144", "CLIENT:LIST");
// ConfigCommands
- perms.put("alter runtime", "DISTRIBUTED_SYSTEM:ALTER_RUNTIME");
- perms.put("describe config --member=Member1", "CLUSTER_CONFIGURATION:LIST");
- perms.put("export config --member=member1", "CLUSTER_CONFIGURATION:EXPORT");
+ commands.put("alter runtime", "DISTRIBUTED_SYSTEM:ALTER_RUNTIME");
+ commands.put("describe config --member=Member1", "CLUSTER_CONFIGURATION:LIST");
+ commands.put("export config --member=member1", "CLUSTER_CONFIGURATION:EXPORT");
//CreateAlterDestroyRegionCommands
- perms.put("alter region --name=region1 --eviction-max=5000", "REGION:ALTER");
- perms.put("create region --name=region12", "REGION:CREATE");
- perms.put("destroy region --name=value", "REGION:DESTROY");
+ commands.put("alter region --name=region1 --eviction-max=5000", "REGION:ALTER");
+ commands.put("create region --name=region12", "REGION:CREATE");
+ commands.put("destroy region --name=value", "REGION:DESTROY");
//Data Commands
- perms.put("rebalance --include-region=region1", "REGION:REBALANCE");
- perms.put("export data --region=region1 --file=foo.txt --member=value", "REGION:EXPORT");
- perms.put("import data --region=region1 --file=foo.txt --member=value", "REGION:IMPORT");
- perms.put("put --key=key1 --value=value1 --region=region1", "REGION:PUT");
- perms.put("get --key=key1 --region=region1", "REGION:GET");
- perms.put("remove --region=region1", "REGION:DELETE");
- perms.put("query --query='SELECT * FROM /region1'", "QUERY:EXECUTE");
+ commands.put("rebalance --include-region=region1", "REGION:REBALANCE");
+ commands.put("export data --region=region1 --file=foo.txt --member=value", "REGION:EXPORT");
+ commands.put("import data --region=region1 --file=foo.txt --member=value", "REGION:IMPORT");
+ commands.put("put --key=key1 --value=value1 --region=region1", "REGION:PUT");
+ commands.put("get --key=key1 --region=region1", "REGION:GET");
+ commands.put("remove --region=region1", "REGION:DELETE");
+ commands.put("query --query='SELECT * FROM /region1'", "QUERY:EXECUTE");
// Deploy commands
- perms.put("deploy --jar=group1_functions.jar --group=Group1", "FUNCTION:DEPLOY");
- perms.put("list deployed", "FUNCTION:LIST");
- perms.put("undeploy --group=Group1", "FUNCTION:UNDEPLOY");
+ commands.put("deploy --jar=group1_functions.jar --group=Group1", "FUNCTION:DEPLOY");
+ commands.put("list deployed", "FUNCTION:LIST");
+ commands.put("undeploy --group=Group1", "FUNCTION:UNDEPLOY");
// Diskstore Commands
- perms.put("backup disk-store --dir=foo", "DISKSTORE:MANAGE");
- perms.put("list disk-stores", "DISKSTORE:LIST");
- perms.put("create disk-store --name=foo --dir=bar", "DISKSTORE:MANAGE");
- perms.put("compact disk-store --name=foo", "DISKSTORE:MANAGE");
- perms.put("compact offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- perms.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- perms.put("describe disk-store --name=foo --member=baz", "DISKSTORE:LIST");
- perms.put("revoke missing-disk-store --id=foo", "DISKSTORE:MANAGE");
- perms.put("show missing-disk-stores", "DISKSTORE:MANAGE");
- perms.put("describe offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:LIST");
- perms.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", "DISKSTORE:MANAGE");
- perms.put("validate offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- // perms.put("alter offline-disk-store --name=foo --region=xyz --disk-dirs=bar", DISKSTORE_MANAGE);
- perms.put("destroy disk-store --name=foo", "DISKSTORE:MANAGE");
+ commands.put("backup disk-store --dir=foo", "DISKSTORE:MANAGE");
+ commands.put("list disk-stores", "DISKSTORE:LIST");
+ commands.put("create disk-store --name=foo --dir=bar", "DISKSTORE:MANAGE");
+ commands.put("compact disk-store --name=foo", "DISKSTORE:MANAGE");
+ commands.put("compact offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
+ commands.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
+ commands.put("describe disk-store --name=foo --member=baz", "DISKSTORE:LIST");
+ commands.put("revoke missing-disk-store --id=foo", "DISKSTORE:MANAGE");
+ commands.put("show missing-disk-stores", "DISKSTORE:MANAGE");
+ commands.put("describe offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:LIST");
+ commands.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", "DISKSTORE:MANAGE");
+ commands.put("validate offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
+ commands.put("alter disk-store --name=foo --region=xyz --disk-dirs=bar", "DISKSTORE:MANAGE");
+ commands.put("destroy disk-store --name=foo", "DISKSTORE:MANAGE");
// DurableClientCommands
- perms.put("close durable-client --durable-client-id=client1", "CONTINUOUS_QUERY:STOP");
- perms.put("close durable-cq --durable-client-id=client1 --durable-cq-name=cq1", "CONTINUOUS_QUERY:STOP");
- perms.put("show subscription-queue-size --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
- perms.put("list durable-cqs --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
+ commands.put("close durable-client --durable-client-id=client1", "CONTINUOUS_QUERY:STOP");
+ commands.put("close durable-cq --durable-client-id=client1 --durable-cq-name=cq1", "CONTINUOUS_QUERY:STOP");
+ commands.put("show subscription-queue-size --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
+ commands.put("list durable-cqs --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
//ExportIMportSharedConfigurationCommands
- perms.put("export cluster-configuration --zip-file-name=mySharedConfig.zip", "CLUSTER_CONFIGURATION:EXPORT");
- perms.put("import cluster-configuration --zip-file-name=value", "CLUSTER_CONFIGURATION:IMPORT");
+ commands.put("export cluster-configuration --zip-file-name=mySharedConfig.zip", "CLUSTER_CONFIGURATION:EXPORT");
+ commands.put("import cluster-configuration --zip-file-name=value", "CLUSTER_CONFIGURATION:IMPORT");
//FunctionCommands
- perms.put("destroy function --id=InterestCalculations", "FUNCTION:DESTROY");
- perms.put("execute function --id=InterestCalculations --group=Group1", "FUNCTION:EXECUTE");
- perms.put("list functions", "FUNCTION:LIST");
+ commands.put("destroy function --id=InterestCalculations", "FUNCTION:DESTROY");
+ commands.put("execute function --id=InterestCalculations --group=Group1", "FUNCTION:EXECUTE");
+ commands.put("list functions", "FUNCTION:LIST");
//GfshHelpCommands
- perms.put("hint", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("help", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("hint", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("help", "DISTRIBUTED_SYSTEM:ALL");
//IndexCommands
- perms.put("clear defined indexes", "INDEX:FLUSH");
- perms.put("create defined indexes", "INDEX:CREATE");
- perms.put("create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key", "INDEX:CREATE");
- perms.put("define index --name=myIndex1 --expression=exp1 --region=/exampleRegion", "INDEX:CREATE");
- perms.put("destroy index --member=server2", "INDEX:DESTROY");
- perms.put("list indexes", "INDEX:LIST");
+ commands.put("clear defined indexes", "INDEX:FLUSH");
+ commands.put("create defined indexes", "INDEX:CREATE");
+ commands.put("create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key", "INDEX:CREATE");
+ commands.put("define index --name=myIndex1 --expression=exp1 --region=/exampleRegion", "INDEX:CREATE");
+ commands.put("destroy index --member=server2", "INDEX:DESTROY");
+ commands.put("list indexes", "INDEX:LIST");
//LauncherLifecycleCommands
- perms.put("start jconsole", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("start jvisualvm", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("start locator --name=locator1", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("start pulse", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("start server --name=server1", "MEMBER:START");
- perms.put("start vsd", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("status locator", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("status server", "MEMBER:STATUS");
- perms.put("stop locator --name=locator1", "LOCATOR:STOP");
- perms.put("stop server --name=server1", "MEMBER:STOP");
+ commands.put("start jconsole", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("start jvisualvm", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("start locator --name=locator1", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("start pulse", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("start server --name=server1", "MEMBER:START");
+ commands.put("start vsd", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("status locator", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("status server", "MEMBER:STATUS");
+ commands.put("stop locator --name=locator1", "LOCATOR:STOP");
+ commands.put("stop server --name=server1", "MEMBER:STOP");
//MemberCommands
- perms.put("describe member --name=server1", "MEMBER:LIST");
- perms.put("list members", "MEMBER:LIST");
+ commands.put("describe member --name=server1", "MEMBER:LIST");
+ commands.put("list members", "MEMBER:LIST");
// Misc Commands
- perms.put("change loglevel --loglevel=severe --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
- perms.put("export logs --dir=data/logs", "DISTRIBUTED_SYSTEM:LIST");
- perms.put("export stack-traces --file=stack.txt", "DISTRIBUTED_SYSTEM:LIST");
- perms.put("gc", "DISTRIBUTED_SYSTEM:MANAGE");
- perms.put("netstat --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
- perms.put("show dead-locks --file=deadlocks.txt", "DISTRIBUTED_SYSTEM:LIST");
- perms.put("show log --member=locator1 --lines=5", "DISTRIBUTED_SYSTEM:LIST");
- perms.put("show metrics", "DISTRIBUTED_SYSTEM:LIST");
- // perms.put("shutdown", DISTRIBUTED_SYSTEM_MANAGE);
+ commands.put("change loglevel --loglevel=severe --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
+ commands.put("export logs --dir=data/logs", "DISTRIBUTED_SYSTEM:LIST");
+ commands.put("export stack-traces --file=stack.txt", "DISTRIBUTED_SYSTEM:LIST");
+ commands.put("gc", "DISTRIBUTED_SYSTEM:MANAGE");
+ commands.put("netstat --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
+ commands.put("show dead-locks --file=deadlocks.txt", "DISTRIBUTED_SYSTEM:LIST");
+ commands.put("show log --member=locator1 --lines=5", "DISTRIBUTED_SYSTEM:LIST");
+ commands.put("show metrics", "DISTRIBUTED_SYSTEM:LIST");
+
// PDX Commands
- perms.put("configure pdx --read-serialized=true", "PDX:MANAGE");
- perms.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", "PDX:MANAGE");
+ commands.put("configure pdx --read-serialized=true", "PDX:MANAGE");
+ commands.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", "PDX:MANAGE");
// Queue Commands
- perms.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", "ASYNC_EVENT_QUEUE:MANAGE");
- perms.put("list async-event-queues", "ASYNC_EVENT_QUEUE:LIST");
+ commands.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", "ASYNC_EVENT_QUEUE:MANAGE");
+ commands.put("list async-event-queues", "ASYNC_EVENT_QUEUE:LIST");
//RegionCommands
- perms.put("describe region --name=value", "REGION:LIST");
- perms.put("list regions", "REGION:LIST");
+ commands.put("describe region --name=value", "REGION:LIST");
+ commands.put("list regions", "REGION:LIST");
// StatusCommands
- perms.put("status cluster-config-service", "CLUSTER_CONFIGURATION:STATUS");
+ commands.put("status cluster-config-service", "CLUSTER_CONFIGURATION:STATUS");
// Shell Commands
- perms.put("connect", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("debug --state=on", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("describe connection", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("echo --string=\"Hello World!\"", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("encrypt password --password=value", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("version", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("sleep", "DISTRIBUTED_SYSTEM:ALL");
- perms.put("sh ls", "DISTRIBUTED_SYSTEM:ALL");
- // perms.put("disconnect", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("connect", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("debug --state=on", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("describe connection", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("echo --string=\"Hello World!\"", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("encrypt password --password=value", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("version", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("sleep", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("sh ls", "DISTRIBUTED_SYSTEM:ALL");
+
// WAN Commands
- perms.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", "GATEWAY:MANAGE");
- perms.put("start gateway-sender --id=sender1", "GATEWAY:MANAGE");
- perms.put("pause gateway-sender --id=sender1", "GATEWAY:MANAGE");
- perms.put("resume gateway-sender --id=sender1", "GATEWAY:MANAGE");
- perms.put("stop gateway-sender --id=sender1", "GATEWAY:MANAGE");
- perms.put("load-balance gateway-sender --id=sender1", "GATEWAY:MANAGE");
- perms.put("list gateways", "GATEWAY:LIST");
- perms.put("create gateway-receiver", "GATEWAY:MANAGE");
- perms.put("start gateway-receiver", "GATEWAY:MANAGE");
- perms.put("stop gateway-receiver", "GATEWAY:MANAGE");
- perms.put("status gateway-receiver", "GATEWAY:LIST");
+ commands.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", "GATEWAY:MANAGE");
+ commands.put("start gateway-sender --id=sender1", "GATEWAY:MANAGE");
+ commands.put("pause gateway-sender --id=sender1", "GATEWAY:MANAGE");
+ commands.put("resume gateway-sender --id=sender1", "GATEWAY:MANAGE");
+ commands.put("stop gateway-sender --id=sender1", "GATEWAY:MANAGE");
+ commands.put("load-balance gateway-sender --id=sender1", "GATEWAY:MANAGE");
+ commands.put("list gateways", "GATEWAY:LIST");
+ commands.put("create gateway-receiver", "GATEWAY:MANAGE");
+ commands.put("start gateway-receiver", "GATEWAY:MANAGE");
+ commands.put("stop gateway-receiver", "GATEWAY:MANAGE");
+ commands.put("status gateway-receiver", "GATEWAY:LIST");
+
+ commands.put("disconnect", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("shutdown", "DISTRIBUTED_SYSTEM:MANAGE");
}
@ClassRule
@@ -191,23 +203,25 @@ public class AllCliCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
- public void testAdminUser() throws Exception {
- for (String cmd : perms.keySet()) {
- LogService.getLogger().info("processing: "+cmd);
- bean.processCommand(cmd);
+ @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ // run this test first
+ public void a_testNoAccess(){
+ for (Map.Entry<String, String> perm : commands.entrySet()) {
+ LogService.getLogger().info("processing: "+perm.getKey());
+ assertThatThrownBy(() -> bean.processCommand(perm.getKey()))
+ .hasMessageStartingWith("Access Denied: Not authorized for " + perm.getValue())
+ .isInstanceOf(SecurityException.class);
}
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
- public void testNoAccess(){
- for (Map.Entry<String, String> perm : perms.entrySet()) {
- LogService.getLogger().info("processing: "+perm.getKey());
- assertThatThrownBy(() -> bean.processCommand(perm.getKey()))
- .hasMessageStartingWith("Access Denied: Not authorized for " + perm.getValue())
- .isInstanceOf(SecurityException.class);
+ @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
+ public void b_testBAdminUser() throws Exception {
+ for (String cmd : commands.keySet()) {
+ LogService.getLogger().info("processing: "+cmd);
+ bean.processCommand(cmd);
}
}
+
}