diff --git a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java index 0cac27a032b3c..51ec53c59a076 100644 --- a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java +++ b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java @@ -44,11 +44,15 @@ import org.apache.ignite.internal.processors.query.calcite.schema.IgniteIndex; import org.apache.ignite.internal.processors.query.calcite.schema.IgniteTable; import org.apache.ignite.internal.processors.query.calcite.util.Commons; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; +import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.jetbrains.annotations.Nullable; +import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; +import static org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME; import static org.apache.ignite.internal.processors.query.calcite.exec.ExchangeServiceImpl.INBOX_INITIALIZATION_TIMEOUT; import static org.apache.ignite.testframework.GridTestUtils.assertThrowsAnyCause; import static org.apache.ignite.testframework.GridTestUtils.waitForCondition; @@ -237,6 +241,15 @@ protected List> sql(String sql, Object... params) { return sql(client, sql, params); } + /** */ + protected List> sqlAsRoot(IgniteEx ignite, String sql) throws Exception { + SecurityContext secCtx = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); + + try (OperationSecurityContext ignored = ignite.context().security().withContext(secCtx)) { + return sql(ignite, sql); + } + } + /** */ protected List> sql(IgniteEx ignite, String sql, Object... params) { // {@code sql} can contain more than one query. diff --git a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java index 40af652725f74..944c778583979 100644 --- a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java +++ b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java @@ -70,7 +70,6 @@ import org.apache.ignite.internal.processors.query.calcite.exec.task.StripedQueryTaskExecutor; import org.apache.ignite.internal.processors.query.running.GridRunningQueryInfo; import org.apache.ignite.internal.processors.query.running.HeavyQueriesTracker; -import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridTestClockTimer; import org.apache.ignite.internal.util.future.GridCompoundFuture; import org.apache.ignite.internal.util.typedef.F; @@ -89,8 +88,6 @@ import static org.apache.ignite.events.EventType.EVT_CACHE_QUERY_EXECUTED; import static org.apache.ignite.events.EventType.EVT_CACHE_QUERY_OBJECT_READ; import static org.apache.ignite.events.EventType.EVT_SQL_QUERY_EXECUTION; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; import static org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME; import static org.apache.ignite.internal.processors.cache.query.GridCacheQueryType.SQL_FIELDS; import static org.apache.ignite.internal.processors.metric.impl.MetricUtils.metricName; @@ -127,9 +124,6 @@ public class SqlDiagnosticIntegrationTest extends AbstractBasicIntegrationTest { /** */ private ListeningTestLogger log; - /** */ - private SecurityContext secCtxDflt; - /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { return super.getConfiguration(igniteInstanceName) @@ -164,8 +158,6 @@ public class SqlDiagnosticIntegrationTest extends AbstractBasicIntegrationTest { client = startClientGrid(); client.cluster().state(ClusterState.ACTIVE); - - secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); } /** {@inheritDoc} */ @@ -223,8 +215,6 @@ public void testParserMetrics() { /** */ @Test public void testBatchParserMetrics() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - MetricRegistryImpl mreg0 = grid(0).context().metric().registry(QUERY_PARSER_METRIC_GROUP_NAME); MetricRegistryImpl mreg1 = grid(1).context().metric().registry(QUERY_PARSER_METRIC_GROUP_NAME); mreg0.reset(); @@ -644,8 +634,6 @@ public void testSqlEvents() { /** */ @Test public void testSensitiveInformationHiding() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - cleanPerformanceStatisticsDir(); startCollectStatistics(); @@ -697,8 +685,8 @@ public void testSensitiveInformationHiding() throws Exception { sql(grid(0), "CREATE TABLE test_sens1 (val) WITH CACHE_NAME=\"test_sens1\" AS SELECT 'sensitive' AS val"); // Test CREATE/ALTER USER commands rewrite. - sql(grid(0), "CREATE USER test WITH PASSWORD 'sensitive'"); - sql(grid(0), "ALTER USER test WITH PASSWORD 'sensitive'"); + sqlAsRoot(grid(0), "CREATE USER test WITH PASSWORD 'sensitive'"); + sqlAsRoot(grid(0), "ALTER USER test WITH PASSWORD 'sensitive'"); // Test JOIN. sql(grid(0), diff --git a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java index e4b55afb15521..b12ed29ad42c3 100644 --- a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java +++ b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java @@ -28,16 +28,11 @@ import org.junit.Test; import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; -import static org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME; /** * Integration test for CREATE/ALTER/DROP USER DDL commands. */ public class UserDdlIntegrationTest extends AbstractDdlIntegrationTest { - /** Security context for default user. */ - private SecurityContext secCtxDflt; - /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName); @@ -55,41 +50,30 @@ public class UserDdlIntegrationTest extends AbstractDdlIntegrationTest { return cfg; } - /** {@inheritDoc} */ - @Override protected void beforeTest() throws Exception { - super.beforeTest(); - - secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); - - assertNotNull(secCtxDflt); - } - /** * Creates, alter and drops user. */ @SuppressWarnings("ThrowableNotThrown") @Test public void testCreateAlterDropUser() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - for (Ignite ignite : G.allGrids()) { IgniteEx igniteEx = (IgniteEx)ignite; - sql(igniteEx, "CREATE USER test WITH PASSWORD 'test'"); + sqlAsRoot(igniteEx, "CREATE USER test WITH PASSWORD 'test'"); SecurityContext secCtx = authenticate(igniteEx, "TEST", "test"); assertNotNull(secCtx); assertEquals("TEST", secCtx.subject().login()); - sql(igniteEx, "ALTER USER test WITH PASSWORD 'newpasswd'"); + sqlAsRoot(igniteEx, "ALTER USER test WITH PASSWORD 'newpasswd'"); secCtx = authenticate(igniteEx, "TEST", "newpasswd"); assertNotNull(secCtx); assertEquals("TEST", secCtx.subject().login()); - sql(igniteEx, "DROP USER test"); + sqlAsRoot(igniteEx, "DROP USER test"); GridTestUtils.assertThrowsWithCause(() -> authenticate(igniteEx, "TEST", "newpasswd"), IgniteAccessControlException.class); diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java index d46e1466ad237..d7da1fa4ab21b 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java @@ -28,8 +28,7 @@ import org.apache.ignite.testframework.GridTestUtils; import org.junit.Test; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; +import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot; /** * Tests for authenticated an non authenticated JDBC thin connection. @@ -40,7 +39,6 @@ public class JdbcThinAuthenticateConnectionSelfTest extends JdbcThinAbstractSelf private static final String URL = "jdbc:ignite:thin://127.0.0.1"; /** {@inheritDoc} */ - @SuppressWarnings("deprecation") @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName); @@ -66,9 +64,7 @@ public class JdbcThinAuthenticateConnectionSelfTest extends JdbcThinAbstractSelf grid(0).cluster().state(ClusterState.ACTIVE); - try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) { - grid(0).context().security().createUser("another_user", "passwd".toCharArray()); - } + asRoot(grid(0), s -> s.createUser("another_user", "passwd".toCharArray())); } /** {@inheritDoc} */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java index 5bb5a2c909a5b..5c894ca07403f 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java @@ -18,19 +18,16 @@ package org.apache.ignite.internal.processors.authentication; import java.util.stream.IntStream; -import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterState; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.processors.security.IgniteSecurity; -import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; +import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot; import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; /** * Test for {@link IgniteAuthenticationProcessor} on unstable topology. @@ -90,33 +87,11 @@ public void test1kUsersNodeRestartServer() throws Exception { grid(0).cluster().state(ClusterState.ACTIVE); - IgniteSecurity sec = grid(0).context().security(); - - SecurityContext secCtxDflt = authenticate(grid(0), User.DFAULT_USER_NAME, "ignite"); - - withSecurityContextOnAllNodes(secCtxDflt); - - IntStream.range(0, USERS_COUNT).parallel().forEach( - i -> { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - sec.createUser("test" + i, "init".toCharArray()); - } - catch (Exception e) { - throw new IgniteException(e); - } - } - ); - - IntStream.range(0, USERS_COUNT).parallel().forEach( - i -> { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - sec.alterUser("test" + i, ("passwd_" + i).toCharArray()); - } - catch (Exception e) { - throw new IgniteException(e); - } - } - ); + IntStream.range(0, USERS_COUNT).parallel().forEach(i -> + asRoot(grid(0), s -> s.createUser("test" + i, "init".toCharArray()))); + + IntStream.range(0, USERS_COUNT).parallel().forEach(i -> + asRoot(grid(0), s -> s.alterUser("test" + i, ("passwd_" + i).toCharArray()))); stopGrid(0); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java index c6797501c38e0..2da948b2578d1 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java @@ -27,8 +27,8 @@ import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; +import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot; import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; /** * Test for {@link IgniteAuthenticationProcessor}. @@ -109,12 +109,11 @@ public void testNotDefaultUser() throws Exception { grid(0).cluster().state(ClusterState.ACTIVE); - SecurityContext secCtxDflt = authenticate(grid(0), User.DFAULT_USER_NAME, "ignite"); + for (int i = 0; i < 10; ++i) { + String userName = "test" + i; - withSecurityContextOnAllNodes(secCtxDflt); - - for (int i = 0; i < 10; ++i) - grid(0).context().security().createUser("test" + i, "passwd".toCharArray()); + asRoot(grid(0), s -> s.createUser(userName, "passwd".toCharArray())); + } stopAllGrids(); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java index 73401606f9726..e776abe2cc254 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java @@ -33,9 +33,9 @@ import org.junit.Ignore; import org.junit.Test; +import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot; import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; -import static org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME; +import static org.apache.ignite.testframework.GridTestUtils.runMultiThreaded; /** * Test for {@link IgniteAuthenticationProcessor} on unstable topology. @@ -50,9 +50,6 @@ public class AuthenticationProcessorNodeRestartTest extends GridCommonAbstractTe /** Client node. */ private static final int CLI_NODE = NODES_COUNT - 1; - /** Authorization context for default user. */ - private SecurityContext secCtxDflt; - /** Random. */ private static final Random RND = new Random(System.currentTimeMillis()); @@ -94,10 +91,6 @@ public class AuthenticationProcessorNodeRestartTest extends GridCommonAbstractTe startClientGrid(CLI_NODE); grid(0).cluster().state(ClusterState.ACTIVE); - - secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); - - assertNotNull(secCtxDflt); } /** {@inheritDoc} */ @@ -113,58 +106,48 @@ public class AuthenticationProcessorNodeRestartTest extends GridCommonAbstractTe @Ignore("https://issues.apache.org/jira/browse/IGNITE-7472") @Test public void testConcurrentAddUpdateRemoveNodeRestartCoordinator() throws Exception { - final IgniteInternalFuture restartFut = restartCoordinator(); - - withSecurityContextOnAllNodes(secCtxDflt); + final IgniteInternalFuture restartFut = restartCoordinator(); final AtomicInteger usrCnt = new AtomicInteger(); - GridTestUtils.runMultiThreaded(() -> { - withSecurityContextOnAllNodes(secCtxDflt); - + runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> { String user = "test" + usrCnt.getAndIncrement(); - try { - int state = 0; - while (!restartFut.isDone()) { - try { - switch (state) { - case 0: - grid(CLI_NODE).context().security().createUser(user, ("passwd_" + user).toCharArray()); - - break; + int state = 0; + while (!restartFut.isDone()) { + try { + switch (state) { + case 0: + s.createUser(user, ("passwd_" + user).toCharArray()); - case 1: - grid(CLI_NODE).context().security().alterUser(user, ("new_passwd_" + user).toCharArray()); + break; - break; + case 1: + s.alterUser(user, ("new_passwd_" + user).toCharArray()); - case 2: - grid(CLI_NODE).context().security().dropUser(user); + break; - break; + case 2: + s.dropUser(user); - default: - fail("Invalid state: " + state); - } + break; - state = ++state > 2 ? 0 : state; - } - catch (UserManagementException e) { - U.error(log, e); - fail("Unexpected exception on user operation"); - } - catch (IgniteCheckedException e) { - // Reconnect - U.error(log, e); + default: + fail("Invalid state: " + state); } + + state = ++state > 2 ? 0 : state; + } + catch (UserManagementException e) { + U.error(log, e); + fail("Unexpected exception on user operation"); + } + catch (IgniteCheckedException e) { + // Reconnect + U.error(log, e); } } - catch (Exception e) { - U.error(log, "Unexpected exception on concurrent add/remove: " + user, e); - fail(); - } - }, 10, "user-op"); + }), 10, "user-op"); restartFut.get(); } @@ -176,12 +159,12 @@ public void testConcurrentAddUpdateRemoveNodeRestartCoordinator() throws Excepti public void testConcurrentAuthorize() throws Exception { final int testUsersCnt = 10; - withSecurityContextOnAllNodes(secCtxDflt); - - for (int i = 0; i < testUsersCnt; ++i) - grid(CLI_NODE).context().security().createUser("test" + i, ("passwd_test" + i).toCharArray()); + asRoot(grid(CLI_NODE), s -> { + for (int i = 0; i < testUsersCnt; ++i) + s.createUser("test" + i, ("passwd_test" + i).toCharArray()); + }); - final IgniteInternalFuture restartFut = GridTestUtils.runAsync(() -> { + final IgniteInternalFuture restartFut = GridTestUtils.runAsync(() -> { try { for (int i = 0; i < RESTARTS; ++i) { int nodeIdx = RND.nextInt(NODES_COUNT - 1); @@ -230,7 +213,7 @@ public void testConcurrentAuthorize() throws Exception { /** * @return Future. */ - private IgniteInternalFuture restartCoordinator() { + private IgniteInternalFuture restartCoordinator() { return GridTestUtils.runAsync(() -> { try { int restarts = 0; @@ -264,51 +247,28 @@ private IgniteInternalFuture restartCoordinator() { public void test1kUsersNodeRestartServer() throws Exception { final AtomicInteger usrCnt = new AtomicInteger(); - GridTestUtils.runMultiThreaded(() -> { - withSecurityContextOnAllNodes(secCtxDflt); + runMultiThreaded(() -> asRoot(grid(0), s -> { + while (usrCnt.get() < 200) { + String user = "test" + usrCnt.getAndIncrement(); - try { - while (usrCnt.get() < 200) { - String user = "test" + usrCnt.getAndIncrement(); - - System.out.println("+++ CREATE " + user); - grid(0).context().security().createUser(user, "init".toCharArray()); - } + s.createUser(user, "init".toCharArray()); } - catch (Exception e) { - log.error("Unexpected exception.", e); - - fail("Unexpected exception on add / remove"); - } - }, 3, "user-op"); + }), 3, "user-op"); usrCnt.set(0); - GridTestUtils.runMultiThreaded(() -> { - withSecurityContextOnAllNodes(secCtxDflt); + runMultiThreaded(() -> asRoot(grid(0), s -> { + while (usrCnt.get() < 200) { + String user = "test" + usrCnt.getAndIncrement(); - try { - while (usrCnt.get() < 200) { - String user = "test" + usrCnt.getAndIncrement(); - - System.out.println("+++ ALTER " + user); - - grid(0).context().security().alterUser(user, ("passwd_" + user).toCharArray()); - } - } - catch (Exception e) { - log.error("Unexpected exception.", e); - - fail("Unexpected exception on add / remove"); + s.alterUser(user, ("passwd_" + user).toCharArray()); } - }, 3, "user-op"); + }), 3, "user-op"); - System.out.println("+++ STOP"); stopGrid(0, true); U.sleep(1000); - System.out.println("+++ START"); startGrid(0); authenticate(grid(0), "ignite", "ignite"); @@ -319,32 +279,19 @@ public void test1kUsersNodeRestartServer() throws Exception { */ @Test public void testConcurrentAddUpdateRemoveNodeRestartServer() throws Exception { - IgniteInternalFuture restartFut = loopServerRestarts(); - - withSecurityContextOnAllNodes(secCtxDflt); + IgniteInternalFuture restartFut = loopServerRestarts(); final AtomicInteger usrCnt = new AtomicInteger(); - GridTestUtils.runMultiThreaded(() -> { - withSecurityContextOnAllNodes(secCtxDflt); - + runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> { String user = "test" + usrCnt.getAndIncrement(); - try { - while (!restartFut.isDone()) { - grid(CLI_NODE).context().security().createUser(user, "init".toCharArray()); - - grid(CLI_NODE).context().security().alterUser(user, ("passwd_" + user).toCharArray()); - - grid(CLI_NODE).context().security().dropUser(user); - } - } - catch (Exception e) { - log.error("Unexpected exception.", e); - - fail("Unexpected exception on add / remove"); + while (!restartFut.isDone()) { + s.createUser(user, "init".toCharArray()); + s.alterUser(user, ("passwd_" + user).toCharArray()); + s.dropUser(user); } - }, 10, "user-op"); + }), 10, "user-op"); restartFut.get(); } @@ -354,36 +301,25 @@ public void testConcurrentAddUpdateRemoveNodeRestartServer() throws Exception { */ @Test public void testConcurrentFailedOperationNodeRestartServer() throws Exception { - IgniteInternalFuture restartFut = loopServerRestarts(); - - withSecurityContextOnAllNodes(secCtxDflt); + IgniteInternalFuture restartFut = loopServerRestarts(); - grid(CLI_NODE).context().security().createUser("test", "test".toCharArray()); - - GridTestUtils.runMultiThreaded(() -> { - withSecurityContextOnAllNodes(secCtxDflt); + asRoot(grid(CLI_NODE), s -> s.createUser("test", "test".toCharArray())); - try { - while (!restartFut.isDone()) { - GridTestUtils.assertThrows(log, () -> { - grid(CLI_NODE).context().security().createUser("test", "test".toCharArray()); - - return null; - }, UserManagementException.class, "User already exists"); - } - } - catch (Exception e) { - log.error("Unexpected exception.", e); + runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> { + while (!restartFut.isDone()) { + GridTestUtils.assertThrows(log, () -> { + s.createUser("test", "test".toCharArray()); - fail("Unexpected error on failed operation"); + return null; + }, UserManagementException.class, "User already exists"); } - }, 10, "user-op"); + }), 10, "user-op"); restartFut.get(); } /** */ - private IgniteInternalFuture loopServerRestarts() { + private IgniteInternalFuture loopServerRestarts() { return GridTestUtils.runAsync(() -> { try { for (int i = 0; i < RESTARTS; ++i) { diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java index 3cc4cbc001e78..9976502b213b6 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java @@ -17,14 +17,11 @@ package org.apache.ignite.internal.processors.authentication; -import java.util.ArrayList; import java.util.Base64; -import java.util.List; import java.util.Random; -import java.util.concurrent.Callable; import java.util.concurrent.atomic.AtomicInteger; -import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.Ignition; import org.apache.ignite.cluster.ClusterState; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; @@ -34,7 +31,8 @@ import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.internal.util.lang.ConsumerX; +import org.apache.ignite.internal.util.lang.RunnableX; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; @@ -62,9 +60,6 @@ public class AuthenticationProcessorSelfTest extends GridCommonAbstractTest { /** Random. */ private static final Random RND = new Random(System.currentTimeMillis()); - /** Security context for default user. */ - protected SecurityContext secCtxDflt; - /** * @param len String length. * @return Random string (Base64 on random bytes). @@ -115,10 +110,6 @@ private static String randomString(int len) { startClientGrid(CLI_NODE); grid(0).cluster().state(ClusterState.ACTIVE); - - secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); - - assertNotNull(secCtxDflt); } /** {@inheritDoc} */ @@ -146,19 +137,27 @@ public void testDefaultUser() throws Exception { */ @Test public void testDefaultUserUpdate() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - // Change from all nodes - for (int nodeIdx = 0; nodeIdx < NODES_COUNT; ++nodeIdx) { - grid(nodeIdx).context().security().alterUser("ignite", ("ignite" + nodeIdx).toCharArray()); + String rootPwd = "ignite"; - // Check each change from all nodes - for (int i = 0; i < NODES_COUNT; ++i) { - SecurityContext secCtx = authenticate(grid(i), "ignite", "ignite" + nodeIdx); + // Change from all nodes + for (int nodeIdx = 0; nodeIdx < NODES_COUNT; ++nodeIdx) { + String updRootPwd = "ignite" + nodeIdx; - assertNotNull(secCtx); - assertEquals("ignite", secCtx.subject().login()); - } + asRoot( + grid(nodeIdx), + s -> s.alterUser("ignite", updRootPwd.toCharArray()), + rootPwd + ); + + // Check each change from all nodes + for (int i = 0; i < NODES_COUNT; ++i) { + SecurityContext secCtx = authenticate(grid(i), "ignite", updRootPwd); + + assertNotNull(secCtx); + assertEquals("ignite", secCtx.subject().login()); } + + rootPwd = updRootPwd; } } @@ -167,20 +166,15 @@ public void testDefaultUserUpdate() throws Exception { */ @Test public void testRemoveDefault() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - for (int i = 0; i < NODES_COUNT; ++i) { - final int nodeIdx = i; - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().dropUser("ignite"); + for (int i = 0; i < NODES_COUNT; ++i) { + final int nodeIdx = i; - return null; - } - }, IgniteAccessControlException.class, "Default user cannot be removed"); + assertThrows( + () -> asRoot(grid(nodeIdx), s -> s.dropUser("ignite")), + IgniteAccessControlException.class, + "Default user cannot be removed"); - assertNotNull(authenticate(grid(0), "ignite", "ignite")); - } + assertNotNull(authenticate(grid(0), "ignite", "ignite")); } } @@ -189,49 +183,38 @@ public void testRemoveDefault() throws Exception { */ @Test public void testUserManagementPermission() throws Exception { - try (AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(0).context().security().createUser("test", "test".toCharArray()); - - final SecurityContext secCtx = authenticate(grid(0), "test", "test"); + asRoot(grid(0), s -> s.createUser("test", "test".toCharArray())); - for (int i = 0; i < NODES_COUNT; ++i) { - final int nodeIdx = i; + final SecurityContext secCtx = authenticate(grid(0), "test", "test"); - AutoCloseable innerNodeCtxsHnd = withSecurityContextOnAllNodes(secCtx); + for (int i = 0; i < NODES_COUNT; ++i) { + final int nodeIdx = i; - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().createUser("test1", "test1".toCharArray()); + try (OperationSecurityContext ignored = grid(nodeIdx).context().security().withContext(secCtx)) { + GridTestUtils.assertThrows(log, () -> { + grid(nodeIdx).context().security().createUser("test1", "test1".toCharArray()); - return null; - } + return null; }, IgniteAccessControlException.class, "User management operations are not allowed for user"); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().dropUser("test"); + GridTestUtils.assertThrows(log, () -> { + grid(nodeIdx).context().security().dropUser("test"); - return null; - } + return null; }, IgniteAccessControlException.class, "User management operations are not allowed for user"); grid(nodeIdx).context().security().alterUser("test", "new_password".toCharArray()); grid(nodeIdx).context().security().alterUser("test", "test".toCharArray()); + } - // Check error on empty auth context: - innerNodeCtxsHnd.close(); - nodeCtxsHnd.close(); - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().dropUser("test"); + // Check error on empty auth context: + GridTestUtils.assertThrows(log, () -> { + grid(nodeIdx).context().security().dropUser("test"); - return null; - } - }, IgniteAccessControlException.class, - "User management operations initiated on behalf of the Ignite node are not expected."); - } + return null; + }, IgniteAccessControlException.class, + "User management operations initiated on behalf of the Ignite node are not expected."); } } @@ -240,22 +223,20 @@ public void testUserManagementPermission() throws Exception { */ @Test public void testProceedUsersOnJoinNode() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(0).context().security().createUser("test0", "test".toCharArray()); - grid(0).context().security().createUser("test1", "test".toCharArray()); + asRoot(grid(0), s -> s.createUser("test0", "test".toCharArray())); + asRoot(grid(0), s -> s.createUser("test1", "test".toCharArray())); - int nodeIdx = NODES_COUNT; + int nodeIdx = NODES_COUNT; - startGrid(nodeIdx); + startGrid(nodeIdx); - SecurityContext secCtx0 = authenticate(grid(nodeIdx), "test0", "test"); - SecurityContext secCtx1 = authenticate(grid(nodeIdx), "test1", "test"); + SecurityContext secCtx0 = authenticate(grid(nodeIdx), "test0", "test"); + SecurityContext secCtx1 = authenticate(grid(nodeIdx), "test1", "test"); - assertNotNull(secCtx0); - assertEquals("test0", secCtx0.subject().login()); - assertNotNull(secCtx1); - assertEquals("test1", secCtx1.subject().login()); - } + assertNotNull(secCtx0); + assertEquals("test0", secCtx0.subject().login()); + assertNotNull(secCtx1); + assertEquals("test1", secCtx1.subject().login()); } /** @@ -263,26 +244,20 @@ public void testProceedUsersOnJoinNode() throws Exception { */ @Test public void testAuthenticationInvalidUser() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - for (int i = 0; i < NODES_COUNT; ++i) { - final int nodeIdx = i; + for (int i = 0; i < NODES_COUNT; ++i) { + final int nodeIdx = i; - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - authenticate(grid(nodeIdx), "invalid_name", "test"); + GridTestUtils.assertThrows(log, () -> { + authenticate(grid(nodeIdx), "invalid_name", "test"); - return null; - } - }, IgniteAccessControlException.class, "The user name or password is incorrect"); + return null; + }, IgniteAccessControlException.class, "The user name or password is incorrect"); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - authenticate(grid(nodeIdx), "test", "invalid_password"); + GridTestUtils.assertThrows(log, () -> { + authenticate(grid(nodeIdx), "test", "invalid_password"); - return null; - } - }, IgniteAccessControlException.class, "The user name or password is incorrect"); - } + return null; + }, IgniteAccessControlException.class, "The user name or password is incorrect"); } } @@ -291,11 +266,9 @@ public void testAuthenticationInvalidUser() throws Exception { */ @Test public void testAddUpdateRemoveUser() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - for (int i = 0; i < NODES_COUNT; ++i) { - for (int j = 0; j < NODES_COUNT; ++j) - checkAddUpdateRemoveUser(grid(i), grid(j)); - } + for (int i = 0; i < NODES_COUNT; ++i) { + for (int j = 0; j < NODES_COUNT; ++j) + checkAddUpdateRemoveUser(grid(i), grid(j)); } } @@ -304,15 +277,13 @@ public void testAddUpdateRemoveUser() throws Exception { */ @Test public void testUpdateUser() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(0).context().security().createUser("test", "test".toCharArray()); + asRoot(grid(0), s -> s.createUser("test", "test".toCharArray())); - SecurityContext secCtx = authenticate(grid(0), "test", "test"); + assertNotNull(authenticate(grid(0), "test", "test")); - for (int i = 0; i < NODES_COUNT; ++i) { - for (int j = 0; j < NODES_COUNT; ++j) - checkUpdateUser(secCtx, grid(i), grid(j)); - } + for (int i = 0; i < NODES_COUNT; ++i) { + for (int j = 0; j < NODES_COUNT; ++j) + checkUpdateUser(grid(i), grid(j)); } } @@ -321,26 +292,12 @@ public void testUpdateUser() throws Exception { */ @Test public void testUpdateRemoveDoesNotExistsUser() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - for (int i = 0; i < NODES_COUNT; ++i) { - final int nodeIdx = i; - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().alterUser("invalid_name", "test".toCharArray()); - - return null; - } - }, UserManagementException.class, "User doesn't exist"); + for (int i = 0; i < NODES_COUNT; ++i) { + final int nodeIdx = i; - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().dropUser("invalid_name"); + assertThrows(() -> asRoot(grid(nodeIdx), s -> s.alterUser("invalid_name", "test".toCharArray())), "User doesn't exist"); - return null; - } - }, UserManagementException.class, "User doesn't exist"); - } + assertThrows(() -> asRoot(grid(nodeIdx), s -> s.dropUser("invalid_name")), "User doesn't exist"); } } @@ -349,20 +306,12 @@ public void testUpdateRemoveDoesNotExistsUser() throws Exception { */ @Test public void testAddAlreadyExistsUser() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(0).context().security().createUser("test", "test".toCharArray()); - - for (int i = 0; i < NODES_COUNT; ++i) { - final int nodeIdx = i; + asRoot(grid(0), s -> s.createUser("test", "test".toCharArray())); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(nodeIdx).context().security().createUser("test", "new_passwd".toCharArray()); + for (int i = 0; i < NODES_COUNT; ++i) { + final int nodeIdx = i; - return null; - } - }, UserManagementException.class, "User already exists"); - } + assertThrows(() -> asRoot(grid(nodeIdx), s -> s.createUser("test", "new_passwd".toCharArray())), "User already exists"); } } @@ -371,39 +320,37 @@ public void testAddAlreadyExistsUser() throws Exception { */ @Test public void testAuthorizeOnClientDisconnect() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(CLI_NODE).context().security().createUser("test", "test".toCharArray()); - } + asRoot(grid(CLI_NODE), s -> s.createUser("test", "test".toCharArray())); - final IgniteInternalFuture stopServersFut = GridTestUtils.runAsync(new Runnable() { - @Override public void run() { - try { - for (int i = 0; i < CLI_NODE; ++i) { - Thread.sleep(500); + final IgniteInternalFuture stopServersFut = GridTestUtils.runAsync(() -> { + try { + for (int i = 0; i < CLI_NODE; ++i) { + Thread.sleep(500); - stopGrid(i); - } - } - catch (Exception e) { - e.printStackTrace(); - fail("Unexpected exception"); + stopGrid(i); } } - }); + catch (Exception e) { + log.error("Unexpected exception", e); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - while (!stopServersFut.isDone()) { - SecurityContext secCtx = authenticate(grid(CLI_NODE), "test", "test"); + fail("Unexpected exception"); + } + }); - assertNotNull(secCtx); - } + GridTestUtils.assertThrows( + log, + () -> { + while (!stopServersFut.isDone()) { + SecurityContext secCtx = authenticate(grid(CLI_NODE), "test", "test"); - return null; + assertNotNull(secCtx); } + + return null; }, IgniteCheckedException.class, - "Client node was disconnected from topology (operation result is unknown)"); + "Client node was disconnected from topology (operation result is unknown)" + ); stopServersFut.get(); } @@ -415,24 +362,15 @@ public void testAuthorizeOnClientDisconnect() throws Exception { public void testConcurrentAddRemove() throws Exception { final AtomicInteger usrCnt = new AtomicInteger(); - GridTestUtils.runMultiThreaded(new Runnable() { - @Override public void run() { - withSecurityContextOnAllNodes(secCtxDflt); - String user = "test" + usrCnt.getAndIncrement(); + GridTestUtils.runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> { + String user = "test" + usrCnt.getAndIncrement(); - try { - for (int i = 0; i < ITERATIONS; ++i) { - grid(CLI_NODE).context().security().createUser(user, ("passwd_" + user).toCharArray()); + for (int i = 0; i < ITERATIONS; ++i) { + s.createUser(user, ("passwd_" + user).toCharArray()); - grid(CLI_NODE).context().security().dropUser(user); - } - } - catch (Exception e) { - e.printStackTrace(); - fail("Unexpected exception"); - } + s.dropUser(user); } - }, 10, "user-op"); + }), 10, "user-op"); } /** @@ -440,30 +378,31 @@ public void testConcurrentAddRemove() throws Exception { */ @Test public void testUserPersistence() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - for (int i = 0; i < NODES_COUNT; ++i) - grid(i).context().security().createUser("test" + i, ("passwd" + i).toCharArray()); - - grid(CLI_NODE).context().security().alterUser("ignite", "new_passwd".toCharArray()); + for (int i = 0; i < NODES_COUNT; ++i) { + int finalI = i; - stopAllGrids(); + asRoot(grid(CLI_NODE), s -> s.createUser("test" + finalI, ("passwd" + finalI).toCharArray())); + } - startGrids(NODES_COUNT - 1); - startClientGrid(CLI_NODE); + asRoot(grid(CLI_NODE), s -> s.alterUser("ignite", "new_passwd".toCharArray())); - for (int i = 0; i < NODES_COUNT; ++i) { - for (int usrIdx = 0; usrIdx < NODES_COUNT; ++usrIdx) { - SecurityContext secCtx0 = authenticate(grid(i), "test" + usrIdx, "passwd" + usrIdx); + stopAllGrids(); - assertNotNull(secCtx0); - assertEquals("test" + usrIdx, secCtx0.subject().login()); - } + startGrids(NODES_COUNT - 1); + startClientGrid(CLI_NODE); - SecurityContext secCtx = authenticate(grid(i), "ignite", "new_passwd"); + for (int i = 0; i < NODES_COUNT; ++i) { + for (int usrIdx = 0; usrIdx < NODES_COUNT; ++usrIdx) { + SecurityContext secCtx0 = authenticate(grid(i), "test" + usrIdx, "passwd" + usrIdx); - assertNotNull(secCtx); - assertEquals("ignite", secCtx.subject().login()); + assertNotNull(secCtx0); + assertEquals("test" + usrIdx, secCtx0.subject().login()); } + + SecurityContext secCtx = authenticate(grid(i), "ignite", "new_passwd"); + + assertNotNull(secCtx); + assertEquals("ignite", secCtx.subject().login()); } } @@ -472,27 +411,25 @@ public void testUserPersistence() throws Exception { */ @Test public void testDefaultUserPersistence() throws Exception { - try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) { - grid(CLI_NODE).context().security().createUser("test", "passwd".toCharArray()); + asRoot(grid(CLI_NODE), s -> s.createUser("test", "passwd".toCharArray())); - stopAllGrids(); + stopAllGrids(); - U.sleep(500); + U.sleep(500); - startGrids(NODES_COUNT - 1); - startClientGrid(CLI_NODE); + startGrids(NODES_COUNT - 1); + startClientGrid(CLI_NODE); - for (int i = 0; i < NODES_COUNT; ++i) { - SecurityContext secCtx = authenticate(grid(i), "ignite", "ignite"); + for (int i = 0; i < NODES_COUNT; ++i) { + SecurityContext secCtx = authenticate(grid(i), "ignite", "ignite"); - assertNotNull(secCtx); - assertEquals("ignite", secCtx.subject().login()); + assertNotNull(secCtx); + assertEquals("ignite", secCtx.subject().login()); - secCtx = authenticate(grid(i), "test", "passwd"); + secCtx = authenticate(grid(i), "test", "passwd"); - assertNotNull(secCtx); - assertEquals("test", secCtx.subject().login()); - } + assertNotNull(secCtx); + assertEquals("test", secCtx.subject().login()); } } @@ -501,64 +438,24 @@ public void testDefaultUserPersistence() throws Exception { */ @Test public void testInvalidUserNamePassword() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser(null, "test".toCharArray()); - - return null; - } - }, UserManagementException.class, "User name is empty"); - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser("", "test".toCharArray()); - - return null; - } - }, UserManagementException.class, "User name is empty"); + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser(null, "test".toCharArray())), "User name is empty"); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser("test", null); + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("", "test".toCharArray())), "User name is empty"); - return null; - } - }, UserManagementException.class, "Password is empty"); + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test", null)), "Password is empty"); - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser("test", "".toCharArray()); - - return null; - } - }, UserManagementException.class, "Password is empty"); - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser( - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "a".toCharArray()); - - return null; - } - }, UserManagementException.class, "User name is too long"); - } - - /** - * @param name User name to check. - */ - private void checkInvalidUsername(final String name) { + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test", "".toCharArray())), "Password is empty"); + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser( + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "a".toCharArray())), + "User name is too long"); } /** Test the ability to obtain the security context ot an authenticated user on the remote server node. */ @Test public void testRemoteNodeSecurityContext() throws Exception { - try (OperationSecurityContext ignored = grid(CLI_NODE).context().security().withContext(secCtxDflt)) { - grid(CLI_NODE).context().security().createUser("test", "pwd".toCharArray()); - } + asRoot(grid(CLI_NODE), s -> s.createUser("test", "pwd".toCharArray())); SecuritySubject subj = authenticate(grid(0), "test", "pwd").subject(); @@ -579,15 +476,7 @@ public void testRemoteNodeSecurityContext() throws Exception { * @param passwd User's password to check. */ private void checkInvalidPassword(final String passwd) { - withSecurityContextOnAllNodes(secCtxDflt); - - GridTestUtils.assertThrows(log, new Callable() { - @Override public Object call() throws Exception { - grid(CLI_NODE).context().security().createUser("test", passwd.toCharArray()); - - return null; - } - }, UserManagementException.class, "Invalid user name"); + assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test", passwd.toCharArray())), "Invalid user name"); } /** @@ -596,38 +485,37 @@ private void checkInvalidPassword(final String passwd) { * @throws Exception On error. */ private void checkAddUpdateRemoveUser(IgniteEx createNode, IgniteEx authNode) throws Exception { - createNode.context().security().createUser("test", "test".toCharArray()); + asRoot(createNode, s -> s.createUser("test", "test".toCharArray())); SecurityContext newSecCtx = authenticate(authNode, "test", "test"); assertNotNull(newSecCtx); assertEquals("test", newSecCtx.subject().login()); - createNode.context().security().alterUser("test", "newpasswd".toCharArray()); + asRoot(createNode, s -> s.alterUser("test", "newpasswd".toCharArray())); newSecCtx = authenticate(authNode, "test", "newpasswd"); assertNotNull(newSecCtx); assertEquals("test", newSecCtx.subject().login()); - createNode.context().security().dropUser("test"); + asRoot(createNode, s -> s.dropUser("test")); } /** - * @param secCtx Security context. * @param updNode Node to execute update operation. * @param authNode Node to execute authentication. * @throws Exception On error. */ - private void checkUpdateUser(SecurityContext secCtx, IgniteEx updNode, IgniteEx authNode) throws Exception { + private void checkUpdateUser(IgniteEx updNode, IgniteEx authNode) throws Exception { String newPasswd = randomString(16); - updNode.context().security().alterUser("test", newPasswd.toCharArray()); + asRoot(updNode, s -> s.alterUser("test", newPasswd.toCharArray())); - SecurityContext secCtxNew = authenticate(authNode, "test", newPasswd); + SecurityContext secCtx = authenticate(authNode, "test", newPasswd); - assertNotNull(secCtxNew); - assertEquals("test", secCtxNew.subject().login()); + assertNotNull(secCtx); + assertEquals("test", secCtx.subject().login()); } /** Authenticates user on the specified node. */ @@ -640,21 +528,50 @@ public static SecurityContext authenticate(IgniteEx ignite, String login, String return ignite.context().security().authenticate(authCtx); } - /** - * Sets specified security context on all nodes. - * - * @return Holder of current security contexts. If closed, all security context will bew restored. - */ - public static AutoCloseable withSecurityContextOnAllNodes(SecurityContext ctx) { - List oldSecCtxs = new ArrayList<>(); + /** */ + public static void asRoot(IgniteEx ignite, ConsumerX action) { + asRoot(ignite, action, "ignite"); + } + + /** */ + public static void asRoot(IgniteEx ignite, ConsumerX action, String rootPwd) { + try { + IgniteEx srv = (IgniteEx)Ignition.allGrids().stream() + .filter(g -> !g.configuration().isClientMode()) + .findFirst() + .orElseThrow(); + + SecurityContext secCtx = authenticate(srv, DFAULT_USER_NAME, rootPwd); - for (Ignite node : G.allGrids()) - oldSecCtxs.add(((IgniteEx)node).context().security().withContext(ctx)); + assertNotNull(secCtx); - return new AutoCloseable() { - @Override public void close() throws Exception { - oldSecCtxs.forEach(OperationSecurityContext::close); + try (OperationSecurityContext ignored = ignite.context().security().withContext(secCtx)) { + action.accept(ignite.context().security()); } - }; + } + catch (Exception e) { + log.error("Operation failed", e); + + throw new RuntimeException(e); + } + } + + /** */ + private void assertThrows(RunnableX action, String msg) { + assertThrows(action, UserManagementException.class, msg); + } + + /** */ + private void assertThrows(RunnableX action, Class errCls, String msg) { + GridTestUtils.assertThrowsAnyCause( + log, + () -> { + action.run(); + + return null; + }, + errCls, + msg + ); } } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java index 1cf41f20f165f..524e99927364e 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java @@ -26,13 +26,13 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException; import org.apache.ignite.internal.processors.authentication.UserManagementException; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate; -import static org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes; import static org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME; /** @@ -42,9 +42,6 @@ public class SqlUserCommandSelfTest extends GridCommonAbstractTest { /** Nodes count. */ private static final int NODES_COUNT = 3; - /** Security context for default user. */ - private SecurityContext secCtxDflt; - /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName); @@ -73,10 +70,6 @@ public class SqlUserCommandSelfTest extends GridCommonAbstractTest { startClientGrid(NODES_COUNT - 1); grid(0).cluster().state(ClusterState.ACTIVE); - - secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite"); - - assertNotNull(secCtxDflt); } /** {@inheritDoc} */ @@ -91,24 +84,22 @@ public class SqlUserCommandSelfTest extends GridCommonAbstractTest { */ @Test public void testCreateUpdateDropUser() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - for (int i = 0; i < NODES_COUNT; ++i) { - userSql(i, "CREATE USER test WITH PASSWORD 'test'"); + doSqlAsRoot(i, "CREATE USER test WITH PASSWORD 'test'"); SecurityContext secCtx = authenticate(grid(i), "TEST", "test"); assertNotNull(secCtx); assertEquals("TEST", secCtx.subject().login()); - userSql(i, "ALTER USER test WITH PASSWORD 'newpasswd'"); + doSqlAsRoot(i, "ALTER USER test WITH PASSWORD 'newpasswd'"); secCtx = authenticate(grid(i), "TEST", "newpasswd"); assertNotNull(secCtx); assertEquals("TEST", secCtx.subject().login()); - userSql(i, "DROP USER test"); + doSqlAsRoot(i, "DROP USER test"); } } @@ -117,15 +108,14 @@ public void testCreateUpdateDropUser() throws Exception { */ @Test public void testCreateWithAlreadyExistUser() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - userSql(0, "CREATE USER test WITH PASSWORD 'test'"); + doSqlAsRoot(0, "CREATE USER test WITH PASSWORD 'test'"); for (int i = 0; i < NODES_COUNT; ++i) { final int idx = i; GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "CREATE USER test WITH PASSWORD 'test'"); + doSqlAsRoot(idx, "CREATE USER test WITH PASSWORD 'test'"); return null; } @@ -138,14 +128,12 @@ public void testCreateWithAlreadyExistUser() throws Exception { */ @Test public void testAlterDropNotExistUser() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - for (int i = 0; i < NODES_COUNT; ++i) { final int idx = i; GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "ALTER USER test WITH PASSWORD 'test'"); + doSqlAsRoot(idx, "ALTER USER test WITH PASSWORD 'test'"); return null; } @@ -153,7 +141,7 @@ public void testAlterDropNotExistUser() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "DROP USER test"); + doSqlAsRoot(idx, "DROP USER test"); return null; } @@ -171,7 +159,7 @@ public void testNotAuthenticateOperation() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "CREATE USER test WITH PASSWORD 'test'"); + doSql(idx, "CREATE USER test WITH PASSWORD 'test'"); return null; } @@ -180,7 +168,7 @@ public void testNotAuthenticateOperation() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "ALTER USER test WITH PASSWORD 'test'"); + doSql(idx, "ALTER USER test WITH PASSWORD 'test'"); return null; } @@ -189,7 +177,7 @@ public void testNotAuthenticateOperation() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "DROP USER test"); + doSql(idx, "DROP USER test"); return null; } @@ -203,20 +191,17 @@ public void testNotAuthenticateOperation() throws Exception { */ @Test public void testNotAuthorizedOperation() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - - userSql(0, "CREATE USER user0 WITH PASSWORD 'user0'"); + String login = "USER0"; + String pwd = "user0"; - SecurityContext secCtx = authenticate(grid(0), "USER0", "user0"); - - withSecurityContextOnAllNodes(secCtx); + doSqlAsRoot(0, "CREATE USER " + login + " WITH PASSWORD '" + pwd + "'"); for (int i = 0; i < NODES_COUNT; ++i) { final int idx = i; GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "CREATE USER test WITH PASSWORD 'test'"); + doSqlAs(idx, "CREATE USER test WITH PASSWORD 'test'", login, pwd); return null; } @@ -224,7 +209,7 @@ public void testNotAuthorizedOperation() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "ALTER USER test WITH PASSWORD 'test'"); + doSqlAs(idx, "ALTER USER test WITH PASSWORD 'test'", login, pwd); return null; } @@ -232,7 +217,7 @@ public void testNotAuthorizedOperation() throws Exception { GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "DROP USER test"); + doSqlAs(idx, "DROP USER test", login, pwd); return null; } @@ -245,14 +230,12 @@ public void testNotAuthorizedOperation() throws Exception { */ @Test public void testDropDefaultUser() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); - for (int i = 0; i < NODES_COUNT; ++i) { final int idx = i; GridTestUtils.assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { - userSql(idx, "DROP USER \"ignite\""); + doSqlAsRoot(idx, "DROP USER \"ignite\""); return null; } @@ -265,26 +248,34 @@ public void testDropDefaultUser() throws Exception { */ @Test public void testQuotedUsername() throws Exception { - withSecurityContextOnAllNodes(secCtxDflt); + doSqlAsRoot(0, "CREATE USER \"test\" with password 'test'"); - userSql(0, "CREATE USER \"test\" with password 'test'"); + doSqlAsRoot(0, "CREATE USER \" test\" with password 'test'"); - userSql(0, "CREATE USER \" test\" with password 'test'"); + doSqlAsRoot(0, "CREATE USER \" test \" with password 'test'"); - userSql(0, "CREATE USER \" test \" with password 'test'"); + doSqlAsRoot(0, "CREATE USER \"test \" with password 'test'"); - userSql(0, "CREATE USER \"test \" with password 'test'"); + doSqlAsRoot(0, "CREATE USER \"111\" with password 'test'"); + } - userSql(0, "CREATE USER \"111\" with password 'test'"); + /** */ + private void doSqlAsRoot(int nodeIdx, String sql) throws Exception { + doSqlAs(nodeIdx, sql, DFAULT_USER_NAME, "ignite"); } - /** - * @param nodeIdx Node index. - * @param sql Sql query. - */ - private void userSql(int nodeIdx, String sql) { - List> res = grid(nodeIdx).context().query().querySqlFields( - new SqlFieldsQuery(sql), false).getAll(); + /** */ + private void doSqlAs(int nodeIdx, String sql, String login, String pwd) throws Exception { + SecurityContext secCtx = authenticate(grid(0), login, pwd); + + try (OperationSecurityContext ignored = grid(nodeIdx).context().security().withContext(secCtx)) { + doSql(nodeIdx, sql); + } + } + + /** */ + private void doSql(int nodeIdx, String sql) { + List> res = grid(nodeIdx).context().query().querySqlFields(new SqlFieldsQuery(sql), false).getAll(); assertEquals(1, res.size()); assertEquals(1, res.get(0).size());