geode-core/src/distributedTest/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.management.internal.configuration;

 import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
 import static org.apache.geode.distributed.ConfigurationProperties.LOG_FILE_SIZE_LIMIT;
 import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.assertj.core.api.Assertions.assertThat;

 import java.io.File;
 import java.util.Properties;

 import org.apache.commons.io.FileUtils;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;

 import org.apache.geode.distributed.internal.InternalConfigurationPersistenceService;
 import org.apache.geode.distributed.internal.InternalLocator;
 import org.apache.geode.examples.SimpleSecurityManager;
 import org.apache.geode.internal.cache.InternalCache;
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.management.internal.configuration.utils.ZipUtils;
 import org.apache.geode.test.dunit.rules.ClusterStartupRule;
 import org.apache.geode.test.dunit.rules.MemberVM;
 import org.apache.geode.test.junit.categories.SecurityTest;
 import org.apache.geode.test.junit.rules.GfshCommandRule;
 import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;

 @Category({SecurityTest.class})
 public class ClusterConfigWithSecurityDUnitTest {

   private String clusterConfigZipPath;
   private MemberVM locator0;
   private Properties locatorProps;

   @Rule
   public SerializableTemporaryFolder temporaryFolder = new SerializableTemporaryFolder();

   @Rule
   public ClusterStartupRule lsRule = new ClusterStartupRule();

   @Rule
   public GfshCommandRule connector = new GfshCommandRule();

   @Before
   public void before() throws Exception {
     clusterConfigZipPath = buildSecureClusterConfigZip();
     locator0 =
         lsRule.startLocatorVM(0, x -> x.withSecurityManager(SimpleSecurityManager.class));
   }

   @Test
   @Ignore("Fails until GEODE-2315 is implemented")
   public void testSecurityPropsInheritanceOnLocator() throws Exception {
     locatorProps.clear();
     locatorProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]");
     locatorProps.setProperty("security-username", "cluster");
     locatorProps.setProperty("security-password", "cluster");
     MemberVM locator1 = lsRule.startLocatorVM(1, locatorProps);

     // the second locator should inherit the first locator's security props
     locator1.invoke(() -> {
       InternalLocator locator = ClusterStartupRule.getLocator();
       InternalConfigurationPersistenceService sc = locator.getConfigurationPersistenceService();
       Properties clusterConfigProps = sc.getConfiguration("cluster").getGemfireProperties();
       assertThat(clusterConfigProps.getProperty(SECURITY_MANAGER))
           .isEqualTo(SimpleSecurityManager.class.getName());
       assertThat(locator.getConfig().getSecurityManager()).isNotEmpty();
     });
   }

   @Test
   public void testImportNotOverwriteSecurity() throws Exception {
     connector.connect(locator0, CliStrings.CONNECT__USERNAME, "cluster",
         CliStrings.CONNECT__PASSWORD, "cluster");

     connector
         .executeAndAssertThat(
             "import cluster-configuration --zip-file-name=" + clusterConfigZipPath)
         .statusIsSuccess();

     locator0.invoke(() -> {
       InternalLocator locator = ClusterStartupRule.getLocator();
       InternalConfigurationPersistenceService sc = locator.getConfigurationPersistenceService();
       Properties properties = sc.getConfiguration("cluster").getGemfireProperties();
       assertThat(properties.getProperty(MCAST_PORT)).isEqualTo("0");
       assertThat(properties.getProperty(LOG_FILE_SIZE_LIMIT)).isEqualTo("8000");

       // the security manager is still the locator's security manager, not the imported one.
       assertThat(properties.getProperty(SECURITY_MANAGER))
           .isEqualTo(SimpleSecurityManager.class.getName());
     });
   }

   @Test // fails due to GEODE-3062
   public void testSecurityPropsInheritanceOnServer() throws Exception {
     Properties serverProps = new Properties();
     serverProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]");
     serverProps.setProperty("security-username", "cluster");
     serverProps.setProperty("security-password", "cluster");
     MemberVM server = lsRule.startServerVM(1, serverProps);

     // cluster config specifies a security-manager so integrated security should be enabled
     server.invoke(() -> {
       InternalCache cache = ClusterStartupRule.getCache();
       Properties properties = cache.getDistributedSystem().getSecurityProperties();
       assertThat(properties.getProperty(SECURITY_MANAGER))
           .isEqualTo(SimpleSecurityManager.class.getName());
       assertThat(cache.getSecurityService().isIntegratedSecurity()).isTrue();
     });
   }

   private String buildSecureClusterConfigZip() throws Exception {
     File clusterDir = temporaryFolder.newFolder("cluster");
     File clusterSubDir = new File(clusterDir, "cluster");

     String clusterProperties = "mcast-port=0\n" + "log-file-size-limit=8000\n"
         + "security-manager=org.apache.geode.example.security.ExampleSecurityManager";
     FileUtils.writeStringToFile(new File(clusterSubDir, "cluster.properties"), clusterProperties);
     File clusterZip = new File(temporaryFolder.getRoot(), "cluster_config_security.zip");
     ZipUtils.zipDirectory(clusterDir.getCanonicalPath(), clusterZip.getCanonicalPath());
     FileUtils.deleteDirectory(clusterDir);
     return clusterZip.getCanonicalPath();
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.management.internal.configuration;

	import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
	import static org.apache.geode.distributed.ConfigurationProperties.LOG_FILE_SIZE_LIMIT;
	import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
	import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
	import static org.assertj.core.api.Assertions.assertThat;

	import java.io.File;
	import java.util.Properties;

	import org.apache.commons.io.FileUtils;
	import org.junit.Before;
	import org.junit.Ignore;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.experimental.categories.Category;

	import org.apache.geode.distributed.internal.InternalConfigurationPersistenceService;
	import org.apache.geode.distributed.internal.InternalLocator;
	import org.apache.geode.examples.SimpleSecurityManager;
	import org.apache.geode.internal.cache.InternalCache;
	import org.apache.geode.management.internal.cli.i18n.CliStrings;
	import org.apache.geode.management.internal.configuration.utils.ZipUtils;
	import org.apache.geode.test.dunit.rules.ClusterStartupRule;
	import org.apache.geode.test.dunit.rules.MemberVM;
	import org.apache.geode.test.junit.categories.SecurityTest;
	import org.apache.geode.test.junit.rules.GfshCommandRule;
	import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;

	@Category({SecurityTest.class})
	public class ClusterConfigWithSecurityDUnitTest {

	private String clusterConfigZipPath;
	private MemberVM locator0;
	private Properties locatorProps;

	@Rule
	public SerializableTemporaryFolder temporaryFolder = new SerializableTemporaryFolder();

	@Rule
	public ClusterStartupRule lsRule = new ClusterStartupRule();

	@Rule
	public GfshCommandRule connector = new GfshCommandRule();

	@Before
	public void before() throws Exception {
	clusterConfigZipPath = buildSecureClusterConfigZip();
	locator0 =
	lsRule.startLocatorVM(0, x -> x.withSecurityManager(SimpleSecurityManager.class));
	}

	@Test
	@Ignore("Fails until GEODE-2315 is implemented")
	public void testSecurityPropsInheritanceOnLocator() throws Exception {
	locatorProps.clear();
	locatorProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]");
	locatorProps.setProperty("security-username", "cluster");
	locatorProps.setProperty("security-password", "cluster");
	MemberVM locator1 = lsRule.startLocatorVM(1, locatorProps);

	// the second locator should inherit the first locator's security props
	locator1.invoke(() -> {
	InternalLocator locator = ClusterStartupRule.getLocator();
	InternalConfigurationPersistenceService sc = locator.getConfigurationPersistenceService();
	Properties clusterConfigProps = sc.getConfiguration("cluster").getGemfireProperties();
	assertThat(clusterConfigProps.getProperty(SECURITY_MANAGER))
	.isEqualTo(SimpleSecurityManager.class.getName());
	assertThat(locator.getConfig().getSecurityManager()).isNotEmpty();
	});
	}

	@Test
	public void testImportNotOverwriteSecurity() throws Exception {
	connector.connect(locator0, CliStrings.CONNECT__USERNAME, "cluster",
	CliStrings.CONNECT__PASSWORD, "cluster");

	connector
	.executeAndAssertThat(
	"import cluster-configuration --zip-file-name=" + clusterConfigZipPath)
	.statusIsSuccess();

	locator0.invoke(() -> {
	InternalLocator locator = ClusterStartupRule.getLocator();
	InternalConfigurationPersistenceService sc = locator.getConfigurationPersistenceService();
	Properties properties = sc.getConfiguration("cluster").getGemfireProperties();
	assertThat(properties.getProperty(MCAST_PORT)).isEqualTo("0");
	assertThat(properties.getProperty(LOG_FILE_SIZE_LIMIT)).isEqualTo("8000");

	// the security manager is still the locator's security manager, not the imported one.
	assertThat(properties.getProperty(SECURITY_MANAGER))
	.isEqualTo(SimpleSecurityManager.class.getName());
	});
	}

	@Test // fails due to GEODE-3062
	public void testSecurityPropsInheritanceOnServer() throws Exception {
	Properties serverProps = new Properties();
	serverProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]");
	serverProps.setProperty("security-username", "cluster");
	serverProps.setProperty("security-password", "cluster");
	MemberVM server = lsRule.startServerVM(1, serverProps);

	// cluster config specifies a security-manager so integrated security should be enabled
	server.invoke(() -> {
	InternalCache cache = ClusterStartupRule.getCache();
	Properties properties = cache.getDistributedSystem().getSecurityProperties();
	assertThat(properties.getProperty(SECURITY_MANAGER))
	.isEqualTo(SimpleSecurityManager.class.getName());
	assertThat(cache.getSecurityService().isIntegratedSecurity()).isTrue();
	});
	}

	private String buildSecureClusterConfigZip() throws Exception {
	File clusterDir = temporaryFolder.newFolder("cluster");
	File clusterSubDir = new File(clusterDir, "cluster");

	String clusterProperties = "mcast-port=0\n" + "log-file-size-limit=8000\n"
	+ "security-manager=org.apache.geode.example.security.ExampleSecurityManager";
	FileUtils.writeStringToFile(new File(clusterSubDir, "cluster.properties"), clusterProperties);
	File clusterZip = new File(temporaryFolder.getRoot(), "cluster_config_security.zip");
	ZipUtils.zipDirectory(clusterDir.getCanonicalPath(), clusterZip.getCanonicalPath());
	FileUtils.deleteDirectory(clusterDir);
	return clusterZip.getCanonicalPath();
	}
	}