IGNITE-15384 Fix execution of daemon node operations that require authorization. (#9380)
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
index 6527448..007dfed 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
@@ -805,20 +805,25 @@
discoWrk.discoCache = discoCache;
- if (!isLocDaemon && !ctx.clientDisconnected()) {
+ if (!ctx.clientDisconnected()) {
+ // The security processor must be notified first, since {@link IgniteSecurity#onLocalJoin}
+ // finishes local node security context initialization that can be demanded by other Ignite
+ // components.
ctx.security().onLocalJoin();
- ctx.cache().context().versions().onLocalJoin(topVer);
+ if (!isLocDaemon) {
+ ctx.cache().context().versions().onLocalJoin(topVer);
- ctx.cache().context().coordinators().onLocalJoin(discoEvt, discoCache);
+ ctx.cache().context().coordinators().onLocalJoin(discoEvt, discoCache);
- ctx.cache().context().exchange().onLocalJoin(discoEvt, discoCache);
+ ctx.cache().context().exchange().onLocalJoin(discoEvt, discoCache);
- ctx.service().onLocalJoin(discoEvt, discoCache);
+ ctx.service().onLocalJoin(discoEvt, discoCache);
- ctx.encryption().onLocalJoin();
+ ctx.encryption().onLocalJoin();
- ctx.cluster().onLocalJoin();
+ ctx.cluster().onLocalJoin();
+ }
}
IgniteInternalFuture<Boolean> transitionWaitFut = ctx.state().onLocalJoin(discoCache);
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/daemon/DaemonNodeBasicSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/daemon/DaemonNodeBasicSecurityTest.java
new file mode 100644
index 0000000..04262373
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/daemon/DaemonNodeBasicSecurityTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security.daemon;
+
+import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.internal.IgniteEx;
+import org.apache.ignite.internal.processors.security.AbstractSecurityTest;
+import org.apache.ignite.internal.processors.security.AbstractTestSecurityPluginProvider;
+import org.junit.Test;
+
+import static org.apache.ignite.cluster.ClusterState.ACTIVE;
+import static org.apache.ignite.cluster.ClusterState.INACTIVE;
+
+/**
+ * Tests that daemon node can successfully join the cluster with security enabled and perform operations that require
+ * authorization.
+ */
+public class DaemonNodeBasicSecurityTest extends AbstractSecurityTest {
+ /** {@inheritDoc} */
+ @Override protected IgniteConfiguration getConfiguration(
+ String instanceName,
+ AbstractTestSecurityPluginProvider pluginProv
+ ) throws Exception {
+ return super.getConfiguration(instanceName, pluginProv)
+ .setDaemon(instanceName.contains("daemon"))
+ .setClusterStateOnStart(INACTIVE);
+ }
+
+ /** */
+ @Test
+ public void testDaemonNode() throws Exception {
+ IgniteEx crd = startGridAllowAll("crd");
+
+ IgniteEx daemonNode = startGridAllowAll("daemon");
+
+ daemonNode.cluster().state(ACTIVE);
+
+ assertEquals(ACTIVE, crd.cluster().state());
+ }
+}
diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
index d7b4f83..c56ec9c 100644
--- a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
+++ b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
@@ -43,6 +43,7 @@
import org.apache.ignite.internal.processors.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest;
import org.apache.ignite.internal.processors.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest;
import org.apache.ignite.internal.processors.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest;
+import org.apache.ignite.internal.processors.security.daemon.DaemonNodeBasicSecurityTest;
import org.apache.ignite.internal.processors.security.datastreamer.DataStreamerPermissionCheckTest;
import org.apache.ignite.internal.processors.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest;
import org.apache.ignite.internal.processors.security.events.EventsRemoteSecurityContextCheckTest;
@@ -126,7 +127,8 @@
IgniteSecurityProcessorTest.class,
MultipleSSLContextsTest.class,
- MaintenanceModeNodeSecurityTest.class
+ MaintenanceModeNodeSecurityTest.class,
+ DaemonNodeBasicSecurityTest.class
})
public class SecurityTestSuite {
/** */