GEODE-3974: Improve permissions for geode-modules functions (#1258)

Author: jdeppe-pivotal

extensions/geode-modules/src/main/java/org/apache/geode/modules/util/BootstrappingFunction.java

@@ -17,6 +17,8 @@
 import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -32,6 +34,8 @@
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.distributed.internal.MembershipListener;
 import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 public class BootstrappingFunction implements Function, MembershipListener, DataSerializable {
 
@@ -87,6 +91,11 @@ private Cache verifyCacheExists() {
     return cache;
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
+
   private void registerAsMembershipListener(Cache cache) {
     DistributionManager dm =
         ((InternalDistributedSystem) cache.getDistributedSystem()).getDistributionManager();

extensions/geode-modules/src/main/java/org/apache/geode/modules/util/CreateRegionFunction.java

@@ -20,10 +20,10 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Properties;
 
-import javax.xml.crypto.Data;
-
 import org.apache.geode.DataSerializable;
 import org.apache.geode.InternalGemFireError;
 import org.apache.geode.cache.AttributesFactory;
@@ -32,8 +32,6 @@
 import org.apache.geode.cache.Declarable;
 import org.apache.geode.cache.Region;
 import org.apache.geode.cache.RegionAttributes;
-import org.apache.geode.cache.RegionFactory;
-import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.cache.Scope;
 import org.apache.geode.cache.client.ClientCache;
 import org.apache.geode.cache.execute.Function;
@@ -46,6 +44,8 @@
 import org.apache.geode.internal.cache.PartitionedRegion;
 import org.apache.geode.internal.cache.xmlcache.CacheXmlGenerator;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 public class CreateRegionFunction implements Function, Declarable, DataSerializable {
 
@@ -96,6 +96,11 @@ public void execute(FunctionContext context) {
     context.getResultSender().lastResult(status);
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.DATA_MANAGE);
+  }
+
   private RegionStatus createOrRetrieveRegion(RegionConfiguration configuration) {
     RegionStatus status = null;
     String regionName = configuration.getRegionName();

extensions/geode-modules/src/main/java/org/apache/geode/modules/util/RegionSizeFunction.java

@@ -17,13 +17,16 @@
 import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Properties;
 
 import org.apache.geode.DataSerializable;
 import org.apache.geode.cache.Declarable;
 import org.apache.geode.cache.execute.Function;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.cache.execute.RegionFunctionContext;
+import org.apache.geode.security.ResourcePermission;
 
 public class RegionSizeFunction implements Function, Declarable, DataSerializable {
 
@@ -38,6 +41,12 @@ public void execute(FunctionContext context) {
     context.getResultSender().lastResult(rfc.getDataSet().size());
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
+  }
+
   public String getId() {
     return ID;
   }

extensions/geode-modules/src/main/java/org/apache/geode/modules/util/TouchPartitionedRegionEntriesFunction.java

@@ -17,6 +17,8 @@
 import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Properties;
 import java.util.Set;
 
@@ -29,6 +31,7 @@
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.cache.execute.RegionFunctionContext;
 import org.apache.geode.cache.partition.PartitionRegionHelper;
+import org.apache.geode.security.ResourcePermission;
 
 /**
  * Touches the keys contained in the set of keys by performing a get on the partitioned region.
@@ -76,6 +79,12 @@ public void execute(FunctionContext context) {
     context.getResultSender().lastResult(true);
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
+  }
+
   public String getId() {
     return ID;
   }

extensions/geode-modules/src/main/java/org/apache/geode/modules/util/TouchReplicatedRegionEntriesFunction.java

@@ -17,6 +17,8 @@
 import java.io.DataInput;
 import java.io.DataOutput;
 import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Properties;
 import java.util.Set;
 
@@ -27,6 +29,7 @@
 import org.apache.geode.cache.Region;
 import org.apache.geode.cache.execute.Function;
 import org.apache.geode.cache.execute.FunctionContext;
+import org.apache.geode.security.ResourcePermission;
 
 /**
  * Touches the keys contained in the set of keys by performing a get on the replicated region. This
@@ -71,6 +74,12 @@ public void execute(FunctionContext context) {
     context.getResultSender().lastResult(true);
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
+  }
+
   public String getId() {
     return ID;
   }

extensions/geode-modules/src/test/java/org/apache/geode/modules/util/ModuleFunctionsSecurityTest.java

@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.modules.util;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.execute.FunctionService;
+import org.apache.geode.examples.SimpleSecurityManager;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.rules.ConnectionConfiguration;
+import org.apache.geode.test.junit.rules.GfshCommandRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
+
+@Category({IntegrationTest.class, SecurityTest.class})
+public class ModuleFunctionsSecurityTest {
+
+  @ClassRule
+  public static ServerStarterRule server =
+      new ServerStarterRule().withJMXManager().withSecurityManager(SimpleSecurityManager.class)
+          .withRegion(RegionShortcut.REPLICATE, "REPLICATE_1")
+          .withRegion(RegionShortcut.PARTITION, "PARTITION_1").withAutoStart();
+
+  @Rule
+  public GfshCommandRule gfsh =
+      new GfshCommandRule(server::getJmxPort, GfshCommandRule.PortType.jmxManager);
+
+  @BeforeClass
+  public static void setupClass() {
+    FunctionService.registerFunction(new BootstrappingFunction());
+    FunctionService.registerFunction(new CreateRegionFunction());
+    FunctionService.registerFunction(new RegionSizeFunction());
+    FunctionService.registerFunction(new TouchPartitionedRegionEntriesFunction());
+    FunctionService.registerFunction(new TouchReplicatedRegionEntriesFunction());
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+  public void testInvalidPermissionsForBootstrappingFunction() throws Exception {
+    gfsh.executeAndAssertThat("execute function --id=" + BootstrappingFunction.ID)
+        .containsOutput("not authorized for CLUSTER:MANAGE").statusIsSuccess();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+  public void testInvalidPermissionsForCreateRegionFunction() throws Exception {
+    gfsh.executeAndAssertThat("execute function --id=" + CreateRegionFunction.ID)
+        .containsOutput("not authorized for DATA:MANAGE").statusIsSuccess();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+  public void testInvalidPermissionsForRegionSizeFunction() throws Exception {
+    gfsh.executeAndAssertThat("execute function --region=REPLICATE_1 --id=" + RegionSizeFunction.ID)
+        .containsOutput("not authorized for DATA:READ:REPLICATE_1").statusIsSuccess();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+  public void testInvalidPermissionsForTouchPartitionedRegionEntriesFunction() throws Exception {
+    gfsh.executeAndAssertThat(
+        "execute function --region=PARTITION_1 --id=" + TouchPartitionedRegionEntriesFunction.ID)
+        .containsOutput("not authorized for DATA:READ:PARTITION_1").statusIsSuccess();
+  }
+
+  @Test
+  @ConnectionConfiguration(user = "dataWrite", password = "dataWrite")
+  public void testInvalidPermissionsForTouchReplicatedRegionEntriesFunction() throws Exception {
+    gfsh.executeAndAssertThat(
+        "execute function --region=REPLICATE_1 --id=" + TouchReplicatedRegionEntriesFunction.ID)
+        .containsOutput("not authorized for DATA:READ:REPLICATE_1").statusIsSuccess();
+  }
+}

geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/RegionCreateFunction.java

@@ -14,6 +14,8 @@
  */
 package org.apache.geode.management.internal.cli.functions;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 
 import org.apache.commons.lang.StringUtils;
@@ -49,6 +51,8 @@
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.management.internal.cli.util.RegionPath;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 /**
  *
@@ -121,6 +125,11 @@ public void execute(FunctionContext context) {
     }
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.DATA_MANAGE);
+  }
+
   private CliFunctionResult handleException(final String memberNameOrId, final String exceptionMsg,
       final Exception e) {
     if (e != null && logger.isDebugEnabled()) {