modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java - ignite - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.ignite.plugin.security;

 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import org.apache.ignite.IgniteException;
 import org.apache.ignite.internal.util.typedef.internal.U;
 import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
 import org.junit.Test;

 import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_VIEW;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE;
 import static org.apache.ignite.plugin.security.SecurityPermission.EVENTS_ENABLE;
 import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER;
 import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_DEPLOY;
 import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_INVOKE;
 import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL;
 import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE;
 import static org.apache.ignite.testframework.GridTestUtils.assertThrows;

 /**
  * Test for check correct work {@link SecurityPermissionSetBuilder permission builder}
  */
 public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
     /**
      */
     @SuppressWarnings({"ThrowableNotThrown"})
     @Test
     public void testPermissionBuilder() {
         SecurityBasicPermissionSet exp = new SecurityBasicPermissionSet();

         Map<String, Collection<SecurityPermission>> permCache = new HashMap<>();
         permCache.put("cache1", permissions(CACHE_PUT, CACHE_REMOVE, CACHE_CREATE));
         permCache.put("cache2", permissions(CACHE_READ, CACHE_DESTROY));

         exp.setCachePermissions(permCache);

         Map<String, Collection<SecurityPermission>> permTask = new HashMap<>();
         permTask.put("task1", permissions(TASK_CANCEL));
         permTask.put("task2", permissions(TASK_EXECUTE));

         exp.setTaskPermissions(permTask);

         Map<String, Collection<SecurityPermission>> permSrvc = new HashMap<>();
         permSrvc.put("service1", permissions(SERVICE_DEPLOY));
         permSrvc.put("service2", permissions(SERVICE_INVOKE));

         exp.setServicePermissions(permSrvc);

         exp.setSystemPermissions(permissions(ADMIN_VIEW, EVENTS_ENABLE, JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY));

         final SecurityPermissionSetBuilder permsBuilder = new SecurityPermissionSetBuilder();

         assertThrows(log, new Callable<Object>() {
                     @Override public Object call() throws Exception {
                         permsBuilder.appendCachePermissions("cache", ADMIN_VIEW);
                         return null;
                     }
                 }, IgniteException.class,
                 "you can assign permission only start with [CACHE_], but you try ADMIN_VIEW"
         );

         assertThrows(log, new Callable<Object>() {
                     @Override public Object call() throws Exception {
                         permsBuilder.appendTaskPermissions("task", CACHE_READ, JOIN_AS_SERVER);
                         return null;
                     }
                 }, IgniteException.class,
                 "you can assign permission only start with [TASK_], but you try CACHE_READ"
         );

         assertThrows(log, new Callable<Object>() {
                     @Override public Object call() throws Exception {
                         permsBuilder.appendSystemPermissions(TASK_EXECUTE, CACHE_PUT);
                         return null;
                     }
                 }, IgniteException.class,
                 "you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, " +
                     "JOIN_AS_SERVER], but you try TASK_EXECUTE"
         );

         assertThrows(log, new Callable<Object>() {
                 @Override public Object call() throws Exception {
                     permsBuilder.appendSystemPermissions(SERVICE_INVOKE, CACHE_REMOVE);
                     return null;
                 }
             }, IgniteException.class,
             "you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, " +
                 "JOIN_AS_SERVER], but you try SERVICE_INVOKE"
         );

         permsBuilder
             .appendCachePermissions("cache1", CACHE_PUT, CACHE_CREATE)
             .appendCachePermissions("cache1", CACHE_PUT, CACHE_REMOVE)
             .appendCachePermissions("cache2", CACHE_READ)
             .appendCachePermissions("cache2", CACHE_DESTROY)
             .appendTaskPermissions("task1", TASK_CANCEL)
             .appendTaskPermissions("task2", TASK_EXECUTE)
             .appendTaskPermissions("task2", TASK_EXECUTE)
             .appendServicePermissions("service1", SERVICE_DEPLOY)
             .appendServicePermissions("service2", SERVICE_INVOKE)
             .appendServicePermissions("service2", SERVICE_INVOKE)
             .appendSystemPermissions(ADMIN_VIEW)
             .appendSystemPermissions(ADMIN_VIEW, EVENTS_ENABLE)
             .appendSystemPermissions(JOIN_AS_SERVER)
             .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY);

         SecurityPermissionSet actual = permsBuilder.build();

         assertEquals(exp.cachePermissions(), actual.cachePermissions());
         assertEquals(exp.taskPermissions(), actual.taskPermissions());
         assertEquals(exp.servicePermissions(), actual.servicePermissions());
         assertEquals(exp.systemPermissions(), actual.systemPermissions());
         assertEquals(exp.defaultAllowAll(), actual.defaultAllowAll());
     }

     /**
      * @param perms Permissions.
      * @return Collection.
      */
     private static Collection<SecurityPermission> permissions(SecurityPermission... perms) {
         Collection<SecurityPermission> col = U.newHashSet(perms.length);

         Collections.addAll(col, perms);

         return col;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.ignite.plugin.security;

	import java.util.Collection;
	import java.util.Collections;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.concurrent.Callable;
	import org.apache.ignite.IgniteException;
	import org.apache.ignite.internal.util.typedef.internal.U;
	import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
	import org.junit.Test;

	import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_VIEW;
	import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
	import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY;
	import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT;
	import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
	import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE;
	import static org.apache.ignite.plugin.security.SecurityPermission.EVENTS_ENABLE;
	import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER;
	import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_DEPLOY;
	import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_INVOKE;
	import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL;
	import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE;
	import static org.apache.ignite.testframework.GridTestUtils.assertThrows;

	/**
	* Test for check correct work {@link SecurityPermissionSetBuilder permission builder}
	*/
	public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
	/**
	*/
	@SuppressWarnings({"ThrowableNotThrown"})
	@Test
	public void testPermissionBuilder() {
	SecurityBasicPermissionSet exp = new SecurityBasicPermissionSet();

	Map<String, Collection<SecurityPermission>> permCache = new HashMap<>();
	permCache.put("cache1", permissions(CACHE_PUT, CACHE_REMOVE, CACHE_CREATE));
	permCache.put("cache2", permissions(CACHE_READ, CACHE_DESTROY));

	exp.setCachePermissions(permCache);

	Map<String, Collection<SecurityPermission>> permTask = new HashMap<>();
	permTask.put("task1", permissions(TASK_CANCEL));
	permTask.put("task2", permissions(TASK_EXECUTE));

	exp.setTaskPermissions(permTask);

	Map<String, Collection<SecurityPermission>> permSrvc = new HashMap<>();
	permSrvc.put("service1", permissions(SERVICE_DEPLOY));
	permSrvc.put("service2", permissions(SERVICE_INVOKE));

	exp.setServicePermissions(permSrvc);

	exp.setSystemPermissions(permissions(ADMIN_VIEW, EVENTS_ENABLE, JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY));

	final SecurityPermissionSetBuilder permsBuilder = new SecurityPermissionSetBuilder();

	assertThrows(log, new Callable<Object>() {
	@Override public Object call() throws Exception {
	permsBuilder.appendCachePermissions("cache", ADMIN_VIEW);
	return null;
	}
	}, IgniteException.class,
	"you can assign permission only start with [CACHE_], but you try ADMIN_VIEW"
	);

	assertThrows(log, new Callable<Object>() {
	@Override public Object call() throws Exception {
	permsBuilder.appendTaskPermissions("task", CACHE_READ, JOIN_AS_SERVER);
	return null;
	}
	}, IgniteException.class,
	"you can assign permission only start with [TASK_], but you try CACHE_READ"
	);

	assertThrows(log, new Callable<Object>() {
	@Override public Object call() throws Exception {
	permsBuilder.appendSystemPermissions(TASK_EXECUTE, CACHE_PUT);
	return null;
	}
	}, IgniteException.class,
	"you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, " +
	"JOIN_AS_SERVER], but you try TASK_EXECUTE"
	);

	assertThrows(log, new Callable<Object>() {
	@Override public Object call() throws Exception {
	permsBuilder.appendSystemPermissions(SERVICE_INVOKE, CACHE_REMOVE);
	return null;
	}
	}, IgniteException.class,
	"you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, " +
	"JOIN_AS_SERVER], but you try SERVICE_INVOKE"
	);

	permsBuilder
	.appendCachePermissions("cache1", CACHE_PUT, CACHE_CREATE)
	.appendCachePermissions("cache1", CACHE_PUT, CACHE_REMOVE)
	.appendCachePermissions("cache2", CACHE_READ)
	.appendCachePermissions("cache2", CACHE_DESTROY)
	.appendTaskPermissions("task1", TASK_CANCEL)
	.appendTaskPermissions("task2", TASK_EXECUTE)
	.appendTaskPermissions("task2", TASK_EXECUTE)
	.appendServicePermissions("service1", SERVICE_DEPLOY)
	.appendServicePermissions("service2", SERVICE_INVOKE)
	.appendServicePermissions("service2", SERVICE_INVOKE)
	.appendSystemPermissions(ADMIN_VIEW)
	.appendSystemPermissions(ADMIN_VIEW, EVENTS_ENABLE)
	.appendSystemPermissions(JOIN_AS_SERVER)
	.appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY);

	SecurityPermissionSet actual = permsBuilder.build();

	assertEquals(exp.cachePermissions(), actual.cachePermissions());
	assertEquals(exp.taskPermissions(), actual.taskPermissions());
	assertEquals(exp.servicePermissions(), actual.servicePermissions());
	assertEquals(exp.systemPermissions(), actual.systemPermissions());
	assertEquals(exp.defaultAllowAll(), actual.defaultAllowAll());
	}

	/**
	* @param perms Permissions.
	* @return Collection.
	*/
	private static Collection<SecurityPermission> permissions(SecurityPermission... perms) {
	Collection<SecurityPermission> col = U.newHashSet(perms.length);

	Collections.addAll(col, perms);

	return col;
	}
	}