use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.
the class GuardrailTester method setUpClass.
@BeforeClass
public static void setUpClass() {
CQLTester.setUpClass();
requireAuthentication();
requireNetwork();
guardrails().setEnabled(true);
systemClientState = ClientState.forInternalCalls();
userClientState = ClientState.forExternalCalls(InetSocketAddress.createUnresolved("127.0.0.1", 123));
superClientState = ClientState.forExternalCalls(InetSocketAddress.createUnresolved("127.0.0.1", 321));
superClientState.login(new AuthenticatedUser(CassandraRoleManager.DEFAULT_SUPERUSER_NAME));
}
use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.
the class PermissionsCacheKeysTable method applyPartitionDeletion.
@Override
protected void applyPartitionDeletion(ColumnValues partitionKey) {
AuthenticatedUser user = new AuthenticatedUser(partitionKey.value(0));
IResource resource = resourceFromNameIfExists(partitionKey.value(1));
// no need to delete invalid resource
if (resource == null)
return;
AuthenticatedUser.permissionsCache.invalidate(Pair.create(user, resource));
}
use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.
the class InvalidateCredentialsCacheTest method testInvalidateSingleCredential.
@Test
public void testInvalidateSingleCredential() {
// cache credential
roleANegotiator.getAuthenticatedUser();
long originalReadsCount = getRolesReadCount();
// enure credential is cached
assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
assertThat(originalReadsCount).isEqualTo(getRolesReadCount());
// invalidate credential
ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatecredentialscache", ROLE_A.getRoleName());
tool.assertOnCleanExit();
assertThat(tool.getStdout()).isEmpty();
// ensure credential is reloaded
assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
assertThat(originalReadsCount).isLessThan(getRolesReadCount());
}
use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.
the class InvalidateCredentialsCacheTest method testInvalidateAllCredentials.
@Test
public void testInvalidateAllCredentials() {
// cache credentials
roleANegotiator.getAuthenticatedUser();
roleBNegotiator.getAuthenticatedUser();
long originalReadsCount = getRolesReadCount();
// enure credentials are cached
assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
assertThat(roleBNegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_B.getRoleName()));
assertThat(originalReadsCount).isEqualTo(getRolesReadCount());
// invalidate both credentials
ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatecredentialscache");
tool.assertOnCleanExit();
assertThat(tool.getStdout()).isEmpty();
// ensure credential for roleA is reloaded
assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
long readsCountAfterFirstReLoad = getRolesReadCount();
assertThat(originalReadsCount).isLessThan(readsCountAfterFirstReLoad);
// ensure credential for roleB is reloaded
assertThat(roleBNegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_B.getRoleName()));
long readsCountAfterSecondReLoad = getRolesReadCount();
assertThat(readsCountAfterFirstReLoad).isLessThan(readsCountAfterSecondReLoad);
}
use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.
the class InvalidateNetworkPermissionsCacheTest method testInvalidateAllNetworkPermissions.
@Test
public void testInvalidateAllNetworkPermissions() {
AuthenticatedUser roleA = new AuthenticatedUser(ROLE_A.getRoleName());
AuthenticatedUser roleB = new AuthenticatedUser(ROLE_B.getRoleName());
// cache network permissions
roleA.hasLocalAccess();
roleB.hasLocalAccess();
long originalReadsCount = getNetworkPermissionsReadCount();
// enure network permissions are cached
assertThat(roleA.hasLocalAccess()).isTrue();
assertThat(roleB.hasLocalAccess()).isTrue();
assertThat(originalReadsCount).isEqualTo(getNetworkPermissionsReadCount());
// invalidate both network permissions
ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatenetworkpermissionscache");
tool.assertOnCleanExit();
assertThat(tool.getStdout()).isEmpty();
// ensure network permission for roleA is reloaded
assertThat(roleA.hasLocalAccess()).isTrue();
long readsCountAfterFirstReLoad = getNetworkPermissionsReadCount();
assertThat(originalReadsCount).isLessThan(readsCountAfterFirstReLoad);
// ensure network permission for roleB is reloaded
assertThat(roleB.hasLocalAccess()).isTrue();
long readsCountAfterSecondReLoad = getNetworkPermissionsReadCount();
assertThat(readsCountAfterFirstReLoad).isLessThan(readsCountAfterSecondReLoad);
}
Aggregations