Examples with RoleInfo org.voltdb.compiler.VoltProjectBuilder.RoleInfo used on opensource projects

Example 1 with RoleInfo

use of org.voltdb.compiler.VoltProjectBuilder.RoleInfo in project voltdb by VoltDB.

the class TestUpdateClasses method testRoleControl.

@Test
public void testRoleControl() throws Exception {
    System.out.println("\n\n-----\n testRoleControl \n-----\n\n");
    String pathToCatalog = Configuration.getPathToCatalogForTest("updateclasses.jar");
    String pathToDeployment = Configuration.getPathToCatalogForTest("updateclasses.xml");
    VoltProjectBuilder builder = new VoltProjectBuilder();
    builder.addLiteralSchema("-- Don't care");
    builder.setUseDDLSchema(true);
    RoleInfo[] groups = new RoleInfo[] { new RoleInfo("adhoc", true, false, false, false, false, false) };
    UserInfo[] users = new UserInfo[] { new UserInfo("adhocuser", "adhocuser", new String[] { "adhoc" }), new UserInfo("sysuser", "sysuser", new String[] { "ADMINISTRATOR" }) };
    builder.addRoles(groups);
    builder.addUsers(users);
    // Test defines its own ADMIN user
    builder.setSecurityEnabled(true, false);
    boolean success = builder.compile(pathToCatalog, 2, 1, 0);
    assertTrue("Schema compilation failed", success);
    MiscUtils.copyFile(builder.getPathToDeployment(), pathToDeployment);
    // This is maybe cheating a little bit?
    InMemoryJarfile jarfile = new InMemoryJarfile();
    for (Class<?> clazz : PROC_CLASSES) {
        VoltCompiler comp = new VoltCompiler(false);
        comp.addClassToJar(jarfile, clazz);
    }
    for (Class<?> clazz : EXTRA_CLASSES) {
        VoltCompiler comp = new VoltCompiler(false);
        comp.addClassToJar(jarfile, clazz);
    }
    Client auth_client = null;
    try {
        VoltDB.Configuration config = new VoltDB.Configuration();
        config.m_pathToCatalog = pathToCatalog;
        config.m_pathToDeployment = pathToDeployment;
        // Default client auth is going to fail, catch and keep chugging
        try {
            startSystem(config);
        } catch (IOException ioe) {
            assertTrue(ioe.getMessage().contains("Authentication rejected"));
        }
        m_client.close();
        // reconnect m_client with auth that will connect but no sysproc powers
        ClientConfig bad_config = new ClientConfig("adhocuser", "adhocuser");
        m_client = ClientFactory.createClient(bad_config);
        m_client.createConnection("localhost");
        // Need a client with the right auth
        ClientConfig auth_config = new ClientConfig("sysuser", "sysuser");
        auth_client = ClientFactory.createClient(auth_config);
        auth_client.createConnection("localhost");
        ClientResponse resp;
        resp = auth_client.callProcedure("@SystemCatalog", "CLASSES");
        System.out.println(resp.getResults()[0]);
        // New cluster, you're like summer vacation...
        assertEquals(0, resp.getResults()[0].getRowCount());
        assertFalse(VoltTableTestHelpers.moveToMatchingRow(resp.getResults()[0], "CLASS_NAME", PROC_CLASSES[0].getCanonicalName()));
        boolean threw = false;
        try {
            resp = auth_client.callProcedure(PROC_CLASSES[0].getSimpleName());
        } catch (ProcCallException pce) {
            assertTrue(pce.getMessage().contains("was not found"));
            threw = true;
        }
        assertTrue(threw);
        threw = false;
        try {
            resp = m_client.callProcedure("@UpdateClasses", jarfile.getFullJarBytes(), null);
        } catch (ProcCallException pce) {
            assertTrue(pce.getMessage().contains("does not have admin permission"));
            threw = true;
        }
        assertTrue(threw);
        resp = auth_client.callProcedure("@UpdateClasses", jarfile.getFullJarBytes(), null);
        assertEquals(ClientResponse.SUCCESS, resp.getStatus());
        // Are we still like summer vacation?
        resp = auth_client.callProcedure("@SystemCatalog", "CLASSES");
        VoltTable results = resp.getResults()[0];
        System.out.println(results);
        assertEquals(3, results.getRowCount());
        assertTrue(VoltTableTestHelpers.moveToMatchingRow(results, "CLASS_NAME", PROC_CLASSES[0].getCanonicalName()));
        assertEquals(1L, results.getLong("VOLT_PROCEDURE"));
        assertEquals(0L, results.getLong("ACTIVE_PROC"));
    } finally {
        if (auth_client != null) {
            auth_client.close();
        }
        teardownSystem();
    }
}

Example 2 with RoleInfo

use of org.voltdb.compiler.VoltProjectBuilder.RoleInfo in project voltdb by VoltDB.

the class TestCatalogDiffs method testChangeUsersAssignedGroups.

public void testChangeUsersAssignedGroups() throws IOException {
    RoleInfo[] gi = new RoleInfo[2];
    gi[0] = new RoleInfo("group1", true, true, true, true, false, false);
    gi[1] = new RoleInfo("group2", true, true, true, true, false, true);
    UserInfo[] ui = new UserInfo[2];
    ui[0] = new UserInfo("user1", "password", new String[] { "group1" });
    ui[1] = new UserInfo("user2", "password", new String[] { "group2" });
    String original = compileWithGroups(false, null, gi, ui, "base", BASEPROCS);
    Catalog catOriginal = catalogForJar(original);
    // swap the user's group assignments
    ui[0] = new UserInfo("user1", "password", new String[] { "group2" });
    ui[1] = new UserInfo("user2", "password", new String[] { "group1" });
    String updated = compileWithGroups(false, null, gi, ui, "base", BASEPROCS);
    Catalog catUpdated = catalogForJar(updated);
    verifyDiff(catOriginal, catUpdated, false);
}

Example 3 with RoleInfo

use of org.voltdb.compiler.VoltProjectBuilder.RoleInfo in project voltdb by VoltDB.

the class TestCatalogDiffs method testDeleteUser.

public void testDeleteUser() throws IOException {
    RoleInfo[] gi = new RoleInfo[1];
    gi[0] = new RoleInfo("group1", true, true, true, true, false, false);
    UserInfo[] ui = new UserInfo[1];
    ui[0] = new UserInfo("user1", "password", new String[] { "group1" });
    String original = compileWithGroups(false, null, gi, ui, "base", BASEPROCS);
    Catalog catOriginal = catalogForJar(original);
    // no users this time
    String updated = compileWithGroups(false, null, gi, null, "base", BASEPROCS);
    Catalog catUpdated = catalogForJar(updated);
    verifyDiff(catOriginal, catUpdated, false);
}

Example 4 with RoleInfo

use of org.voltdb.compiler.VoltProjectBuilder.RoleInfo in project voltdb by VoltDB.

the class TestSecuritySuite method suite.

/**
     * Build a list of the tests that will be run when TestSecuritySuite gets run by JUnit.
     * Use helper classes that are part of the RegressionSuite framework.
     * This particular class runs all tests on the the local JNI backend with both
     * one and two partition configurations, as well as on the hsql backend.
     *
     * @return The TestSuite containing all the tests to be run.
     */
public static Test suite() {
    VoltServerConfig config = null;
    // the suite made here will all be using the tests from this class
    MultiConfigSuiteBuilder builder = new MultiConfigSuiteBuilder(TestSecuritySuite.class);
    // build up a project builder for the workload
    TPCCProjectBuilder project = new TPCCProjectBuilder();
    project.addDefaultSchema();
    project.addDefaultPartitioning();
    ArrayList<ProcedureInfo> procedures = new ArrayList<>();
    procedures.add(new ProcedureInfo(new String[0], PROCEDURES[0]));
    procedures.add(new ProcedureInfo(new String[] { "group1" }, PROCEDURES[1]));
    procedures.add(new ProcedureInfo(new String[] { "group1", "group2" }, PROCEDURES[2]));
    project.addProcedures(procedures);
    UserInfo[] users = new UserInfo[] { new UserInfo("user1", "password", new String[] { "grouP1" }), new UserInfo("user2", "password", new String[] { "grouP2" }), new UserInfo("user3", "password", new String[] { "grouP3" }), new UserInfo("user4", "password", new String[] { "AdMINISTRATOR" }), new UserInfo("userWithDefaultUserPerm", "password", new String[] { "User" }), new UserInfo("userWithAllProc", "password", new String[] { "GroupWithAllProcPerm" }), new UserInfo("userWithDefaultProcPerm", "password", new String[] { "groupWithDefaultProcPerm" }), new UserInfo("userWithoutDefaultProcPerm", "password", new String[] { "groupWiThoutDefaultProcPerm" }), new UserInfo("userWithDefaultProcReadPerm", "password", new String[] { "groupWiThDefaultProcReadPerm" }) };
    project.addUsers(users);
    RoleInfo[] groups = new RoleInfo[] { new RoleInfo("Group1", false, false, false, false, false, false), new RoleInfo("Group2", true, false, false, false, false, false), new RoleInfo("Group3", true, false, false, false, false, false), new RoleInfo("GroupWithDefaultUserPerm", true, false, false, false, false, true), new RoleInfo("GroupWithAllProcPerm", false, false, false, false, false, true), new RoleInfo("GroupWithDefaultProcPerm", false, false, false, true, false, false), new RoleInfo("GroupWithoutDefaultProcPerm", false, false, false, false, false, false), new RoleInfo("GroupWithDefaultProcReadPerm", false, false, false, false, true, false) };
    project.addRoles(groups);
    // suite defines its own ADMINISTRATOR user
    project.setSecurityEnabled(true, false);
    // export disabled in community
    if (MiscUtils.isPro()) {
        project.addExport(true);
    }
    /////////////////////////////////////////////////////////////
    // CONFIG #1: 1 Local Site/Partitions running on JNI backend
    /////////////////////////////////////////////////////////////
    // get a server config for the native backend with one sites/partitions
    config = new LocalCluster("security-onesite.jar", 1, 1, 0, BackendTarget.NATIVE_EE_JNI);
    // build the jarfile
    if (!config.compile(project))
        fail();
    // add this config to the set of tests to run
    builder.addServerConfig(config, false);
    return builder;
}

Example 5 with RoleInfo

use of org.voltdb.compiler.VoltProjectBuilder.RoleInfo in project voltdb by VoltDB.

the class TestVoltDB method testCompileDeploymentAddUserToNonExistentGroup.

/**
     * ENG-7088: Validate that deployment file users that want to belong to roles which
     * don't yet exist don't render the deployment file invalid.
     */
@Test
public void testCompileDeploymentAddUserToNonExistentGroup() throws IOException {
    TPCCProjectBuilder project = new TPCCProjectBuilder();
    project.addDefaultSchema();
    project.addDefaultPartitioning();
    project.addDefaultProcedures();
    project.setSecurityEnabled(true, true);
    RoleInfo[] groups = new RoleInfo[] { new RoleInfo("foo", false, false, false, false, false, false), new RoleInfo("blah", false, false, false, false, false, false) };
    project.addRoles(groups);
    UserInfo[] users = new UserInfo[] { new UserInfo("john", "hugg", new String[] { "foo" }), new UserInfo("ryan", "betts", new String[] { "foo", "bar" }), new UserInfo("ariel", "weisberg", new String[] { "bar" }) };
    project.addUsers(users);
    String testDir = BuildDirectoryUtils.getBuildDirectoryPath();
    String jarName = "compile-deployment.jar";
    String catalogJar = testDir + File.separator + jarName;
    assertTrue("Project failed to compile", project.compile(catalogJar));
    byte[] bytes = MiscUtils.fileToBytes(new File(catalogJar));
    String serializedCatalog = CatalogUtil.getSerializedCatalogStringFromJar(CatalogUtil.loadAndUpgradeCatalogFromJar(bytes, false).getFirst());
    assertNotNull("Error loading catalog from jar", serializedCatalog);
    Catalog catalog = new Catalog();
    catalog.execute(serializedCatalog);
    // this should succeed even though group "bar" does not exist
    assertTrue("Deployment file should have been able to validate", CatalogUtil.compileDeployment(catalog, project.getPathToDeployment(), true) == null);
}