Updated Branches: refs/heads/master 169e91774 -> 37266e036
Even more itests for the config commands. Also includes a bugfix to a typo in the org.apache.karaf.command.acl.config.cfg which was identified by the new itests. Hurray to testing! Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/37266e03 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/37266e03 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/37266e03 Branch: refs/heads/master Commit: 37266e036b664da64c06aabfedd72e7fd60c4cca Parents: 169e917 Author: David Bosschaert <dav...@apache.org> Authored: Tue Jan 7 16:13:06 2014 +0000 Committer: David Bosschaert <dav...@apache.org> Committed: Tue Jan 7 16:13:06 2014 +0000 ---------------------------------------------------------------------- .../etc/org.apache.karaf.command.acl.config.cfg | 2 +- .../karaf/itests/SshCommandSecurityTest.java | 42 ++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/37266e03/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg index d8a4130..2bf61f3 100644 --- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg +++ b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg @@ -13,7 +13,7 @@ edit[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin edit[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin property-append = manager property-append[/.*jmx[.]acl.*/] = admin -property-append[/.*org[.]apache[.]karaf[.]command[.]acl|.].+/] = admin +property-append[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin property-append[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin property-delete = manager property-delete[/.*jmx[.]acl.*/] = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/37266e03/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java ---------------------------------------------------------------------- diff --git a/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java index cf7b8b8..28a2a05 100644 --- a/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java +++ b/itests/src/test/java/org/apache/karaf/itests/SshCommandSecurityTest.java @@ -105,6 +105,7 @@ public class SshCommandSecurityTest extends KarafTestSupport { testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++, false); testConfigEdits(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++, false); testConfigEdits("karaf", Result.OK, "cfg.karaf_" + counter++, true); + testConfigEdits("karaf", Result.OK, "jmx.acl.test_" + counter++, true); testConfigEdits("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++, true); testConfigEdits("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++, true); } @@ -146,6 +147,47 @@ public class SshCommandSecurityTest extends KarafTestSupport { } } + @Test + public void testConfigCommandSecurityWithoutEditSessionViaSsh() throws Exception { + String manageruser = "man" + System.nanoTime() + "_" + counter++; + String vieweruser = "view" + System.nanoTime() + "_" + counter++; + + addUsers(manageruser, vieweruser); + + // Test the viewer user. Since the viewer cannot modify anything wrt Config Admin + // the commands should not even be found... + testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "cfg." + vieweruser); + testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "jmx.acl.test_" + counter++); + testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.command.acl.test_" + counter++); + testConfigEditsNoSession(vieweruser, Result.NOT_FOUND, "org.apache.karaf.service.acl.test_" + counter++); + + // Test the manager user. The manager can modify some properties, but not the ones associated with security + // Therefore the config: commands will be found, but in some cases the manager is denied access + testConfigEditsNoSession(manageruser, Result.OK, "cfg." + manageruser); + testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "jmx.acl.test_" + counter++); + testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.command.acl.test_" + counter++); + testConfigEditsNoSession(manageruser, Result.NO_CREDENTIALS, "org.apache.karaf.service.acl.test_" + counter++); + + // The admin user can modify everything. + testConfigEditsNoSession("karaf", Result.OK, "cfg.karaf.test_" + counter++); + testConfigEditsNoSession("karaf", Result.OK, "jmx.acl.test_" + counter++); + testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.command.acl.test_" + counter++); + testConfigEditsNoSession("karaf", Result.OK, "org.apache.karaf.service.acl.test_" + counter++); + } + + private void testConfigEditsNoSession(String user, Result expectedResult, String pid) throws Exception, IOException { + assertCommand(user, "config:property-set -p " + pid + " a.b.c d.e.f", expectedResult); + assertCommand(user, "config:property-append -p " + pid + " a.b.c .g.h", expectedResult); + + if (expectedResult == Result.OK) { + Assert.assertTrue(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c = d.e.f.g.h")); + } + assertCommand(user, "config:property-delete -p " + pid + " a.b.c", expectedResult); + if (expectedResult == Result.OK) { + Assert.assertFalse(assertCommand(user, "config:property-list -p " + pid, Result.OK).contains("a.b.c")); + } + } + private String assertCommand(String user, String command, Result result) throws Exception, IOException { if (!command.endsWith("\n")) command += "\n";