Search in sources :

Example 1 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class GuardrailTester method setUpClass.

@BeforeClass
public static void setUpClass() {
    CQLTester.setUpClass();
    requireAuthentication();
    requireNetwork();
    guardrails().setEnabled(true);
    systemClientState = ClientState.forInternalCalls();
    userClientState = ClientState.forExternalCalls(InetSocketAddress.createUnresolved("127.0.0.1", 123));
    superClientState = ClientState.forExternalCalls(InetSocketAddress.createUnresolved("127.0.0.1", 321));
    superClientState.login(new AuthenticatedUser(CassandraRoleManager.DEFAULT_SUPERUSER_NAME));
}
Also used : AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) BeforeClass(org.junit.BeforeClass)

Example 2 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class PermissionsCacheKeysTable method applyPartitionDeletion.

@Override
protected void applyPartitionDeletion(ColumnValues partitionKey) {
    AuthenticatedUser user = new AuthenticatedUser(partitionKey.value(0));
    IResource resource = resourceFromNameIfExists(partitionKey.value(1));
    // no need to delete invalid resource
    if (resource == null)
        return;
    AuthenticatedUser.permissionsCache.invalidate(Pair.create(user, resource));
}
Also used : AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) IResource(org.apache.cassandra.auth.IResource)

Example 3 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class InvalidateCredentialsCacheTest method testInvalidateSingleCredential.

@Test
public void testInvalidateSingleCredential() {
    // cache credential
    roleANegotiator.getAuthenticatedUser();
    long originalReadsCount = getRolesReadCount();
    // enure credential is cached
    assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
    assertThat(originalReadsCount).isEqualTo(getRolesReadCount());
    // invalidate credential
    ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatecredentialscache", ROLE_A.getRoleName());
    tool.assertOnCleanExit();
    assertThat(tool.getStdout()).isEmpty();
    // ensure credential is reloaded
    assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
    assertThat(originalReadsCount).isLessThan(getRolesReadCount());
}
Also used : ToolRunner(org.apache.cassandra.tools.ToolRunner) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) Test(org.junit.Test)

Example 4 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class InvalidateCredentialsCacheTest method testInvalidateAllCredentials.

@Test
public void testInvalidateAllCredentials() {
    // cache credentials
    roleANegotiator.getAuthenticatedUser();
    roleBNegotiator.getAuthenticatedUser();
    long originalReadsCount = getRolesReadCount();
    // enure credentials are cached
    assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
    assertThat(roleBNegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_B.getRoleName()));
    assertThat(originalReadsCount).isEqualTo(getRolesReadCount());
    // invalidate both credentials
    ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatecredentialscache");
    tool.assertOnCleanExit();
    assertThat(tool.getStdout()).isEmpty();
    // ensure credential for roleA is reloaded
    assertThat(roleANegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_A.getRoleName()));
    long readsCountAfterFirstReLoad = getRolesReadCount();
    assertThat(originalReadsCount).isLessThan(readsCountAfterFirstReLoad);
    // ensure credential for roleB is reloaded
    assertThat(roleBNegotiator.getAuthenticatedUser()).isEqualTo(new AuthenticatedUser(ROLE_B.getRoleName()));
    long readsCountAfterSecondReLoad = getRolesReadCount();
    assertThat(readsCountAfterFirstReLoad).isLessThan(readsCountAfterSecondReLoad);
}
Also used : ToolRunner(org.apache.cassandra.tools.ToolRunner) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) Test(org.junit.Test)

Example 5 with AuthenticatedUser

use of org.apache.cassandra.auth.AuthenticatedUser in project cassandra by apache.

the class InvalidateNetworkPermissionsCacheTest method testInvalidateAllNetworkPermissions.

@Test
public void testInvalidateAllNetworkPermissions() {
    AuthenticatedUser roleA = new AuthenticatedUser(ROLE_A.getRoleName());
    AuthenticatedUser roleB = new AuthenticatedUser(ROLE_B.getRoleName());
    // cache network permissions
    roleA.hasLocalAccess();
    roleB.hasLocalAccess();
    long originalReadsCount = getNetworkPermissionsReadCount();
    // enure network permissions are cached
    assertThat(roleA.hasLocalAccess()).isTrue();
    assertThat(roleB.hasLocalAccess()).isTrue();
    assertThat(originalReadsCount).isEqualTo(getNetworkPermissionsReadCount());
    // invalidate both network permissions
    ToolRunner.ToolResult tool = ToolRunner.invokeNodetool("invalidatenetworkpermissionscache");
    tool.assertOnCleanExit();
    assertThat(tool.getStdout()).isEmpty();
    // ensure network permission for roleA is reloaded
    assertThat(roleA.hasLocalAccess()).isTrue();
    long readsCountAfterFirstReLoad = getNetworkPermissionsReadCount();
    assertThat(originalReadsCount).isLessThan(readsCountAfterFirstReLoad);
    // ensure network permission for roleB is reloaded
    assertThat(roleB.hasLocalAccess()).isTrue();
    long readsCountAfterSecondReLoad = getNetworkPermissionsReadCount();
    assertThat(readsCountAfterFirstReLoad).isLessThan(readsCountAfterSecondReLoad);
}
Also used : ToolRunner(org.apache.cassandra.tools.ToolRunner) AuthenticatedUser(org.apache.cassandra.auth.AuthenticatedUser) Test(org.junit.Test)

Aggregations

AuthenticatedUser (org.apache.cassandra.auth.AuthenticatedUser)18 ToolRunner (org.apache.cassandra.tools.ToolRunner)8 Test (org.junit.Test)8 IResource (org.apache.cassandra.auth.IResource)3 Permission (org.apache.cassandra.auth.Permission)3 AuthenticationException (org.apache.cassandra.exceptions.AuthenticationException)3 IAuthenticator (org.apache.cassandra.auth.IAuthenticator)2 ResultMessage (org.apache.cassandra.transport.messages.ResultMessage)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 ArrayList (java.util.ArrayList)1 Set (java.util.Set)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 AuthTestUtils (org.apache.cassandra.auth.AuthTestUtils)1 DataResource (org.apache.cassandra.auth.DataResource)1 DatabaseDescriptor (org.apache.cassandra.config.DatabaseDescriptor)1 CQLStatement (org.apache.cassandra.cql3.CQLStatement)1 QueryOptions (org.apache.cassandra.cql3.QueryOptions)1 InvalidRequestException (org.apache.cassandra.exceptions.InvalidRequestException)1 org.apache.cassandra.schema (org.apache.cassandra.schema)1 KeyspacesDiff (org.apache.cassandra.schema.Keyspaces.KeyspacesDiff)1