IGNITE-26966 Add permission check for rolling upgrade management (#12510)

Author: chesnokoff

modules/control-utility/src/test/java/org/apache/ignite/internal/commandline/SecurityCommandHandlerPermissionsTest.java

@@ -31,6 +31,7 @@
 import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
 import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
 import org.apache.ignite.internal.util.typedef.F;
+import org.apache.ignite.lang.IgniteProductVersion;
 import org.apache.ignite.plugin.security.SecurityPermission;
 import org.apache.ignite.plugin.security.SecurityPermissionSet;
 import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
@@ -41,11 +42,13 @@
 import org.junit.runners.Parameterized;
 
 import static java.util.Arrays.asList;
+import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_BUILD_VER;
 import static org.apache.ignite.internal.commandline.ArgumentParser.CMD_PASSWORD;
 import static org.apache.ignite.internal.commandline.ArgumentParser.CMD_USER;
 import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_OK;
 import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_UNEXPECTED_ERROR;
 import static org.apache.ignite.internal.util.IgniteUtils.resolveIgnitePath;
+import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_ROLLING_UPGRADE;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY;
 import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
@@ -138,6 +141,40 @@ public void testCacheCreate() throws Exception {
         );
     }
 
+    /** */
+    @Test
+    public void testRollingUpgrade() throws Exception {
+        IgniteEx ign = startGrid(
+            0,
+            userData(TEST_NO_PERMISSIONS_LOGIN, NO_PERMISSIONS),
+            userData(TEST_LOGIN, systemPermissions(ADMIN_ROLLING_UPGRADE))
+        );
+
+        IgniteProductVersion curVer = IgniteProductVersion.fromString(ign.localNode().attribute(ATTR_BUILD_VER));
+        String targetVerStr = curVer.major() + "." + (curVer.minor() + 1) + ".0";
+
+        List<String> cmdArgs = asList("--rolling-upgrade", "enable", targetVerStr);
+
+        assertEquals(EXIT_CODE_UNEXPECTED_ERROR, execute(enrichWithConnectionArguments(cmdArgs, TEST_NO_PERMISSIONS_LOGIN)));
+
+        assertFalse(ign.context().rollingUpgrade().enabled());
+
+        assertEquals(EXIT_CODE_OK, execute(enrichWithConnectionArguments(cmdArgs, TEST_LOGIN)));
+
+        assertTrue(ign.context().rollingUpgrade().enabled());
+        assertEquals(IgniteProductVersion.fromString(targetVerStr), ign.context().rollingUpgrade().versions().get2());
+
+        cmdArgs = asList("--rolling-upgrade", "disable");
+
+        assertEquals(EXIT_CODE_UNEXPECTED_ERROR, execute(enrichWithConnectionArguments(cmdArgs, TEST_NO_PERMISSIONS_LOGIN)));
+
+        assertTrue(ign.context().rollingUpgrade().enabled());
+
+        assertEquals(EXIT_CODE_OK, execute(enrichWithConnectionArguments(cmdArgs, TEST_LOGIN)));
+
+        assertFalse(ign.context().rollingUpgrade().enabled());
+    }
+
     /** */
     @Test
     public void testServiceCancel() throws Exception {

modules/core/src/main/java/org/apache/ignite/internal/management/rollingupgrade/RollingUpgradeDisableTask.java

@@ -26,8 +26,10 @@
 import org.apache.ignite.internal.visor.VisorJob;
 import org.apache.ignite.internal.visor.VisorOneNodeTask;
 import org.apache.ignite.lang.IgniteProductVersion;
+import org.apache.ignite.plugin.security.SecurityPermissionSet;
 
 import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_BUILD_VER;
+import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.NO_PERMISSIONS;
 
 /** Task to disable rolling upgrade. */
 @GridInternal
@@ -50,6 +52,13 @@ protected RollingUpgradeDisableJob(NoArg arg, boolean debug) {
             super(arg, debug);
         }
 
+        /** {@inheritDoc} */
+        @Override public SecurityPermissionSet requiredPermissions() {
+            // This task does nothing but delegate a call to the Ignite Rolling Upgrade processor, which performs user
+            // permissions checks on its own. Therefore, it is safe to execute task without any additional permissions check.
+            return NO_PERMISSIONS;
+        }
+
         /** {@inheritDoc} */
         @Override protected RollingUpgradeTaskResult run(NoArg arg) throws IgniteException {
             RollingUpgradeProcessor proc = ignite.context().rollingUpgrade();

modules/core/src/main/java/org/apache/ignite/internal/management/rollingupgrade/RollingUpgradeEnableTask.java

@@ -25,6 +25,9 @@
 import org.apache.ignite.internal.visor.VisorJob;
 import org.apache.ignite.internal.visor.VisorOneNodeTask;
 import org.apache.ignite.lang.IgniteProductVersion;
+import org.apache.ignite.plugin.security.SecurityPermissionSet;
+
+import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.NO_PERMISSIONS;
 
 /** Task to enable rolling upgrade. */
 @GridInternal
@@ -47,6 +50,13 @@ protected RollingUpgradeEnableJob(RollingUpgradeEnableCommandArg arg, boolean de
             super(arg, debug);
         }
 
+        /** {@inheritDoc} */
+        @Override public SecurityPermissionSet requiredPermissions() {
+            // This task does nothing but delegate a call to the Ignite Rolling Upgrade processor, which performs user
+            // permissions checks on its own. Therefore, it is safe to execute task without any additional permissions check.
+            return NO_PERMISSIONS;
+        }
+
         /** {@inheritDoc} */
         @Override protected RollingUpgradeTaskResult run(RollingUpgradeEnableCommandArg arg) throws IgniteException {
             RollingUpgradeProcessor proc = ignite.context().rollingUpgrade();

modules/core/src/main/java/org/apache/ignite/internal/processors/rollingupgrade/RollingUpgradeProcessor.java

@@ -33,6 +33,7 @@
 import org.apache.ignite.internal.util.typedef.internal.LT;
 import org.apache.ignite.internal.util.typedef.internal.U;
 import org.apache.ignite.lang.IgniteProductVersion;
+import org.apache.ignite.plugin.security.SecurityPermission;
 import org.apache.ignite.spi.IgniteNodeValidationResult;
 import org.apache.ignite.spi.discovery.DiscoverySpi;
 import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
@@ -166,6 +167,8 @@ public RollingUpgradeProcessor(GridKernalContext ctx) {
      *     </ul>
      */
     public void enable(IgniteProductVersion target, boolean force) throws IgniteCheckedException {
+        ctx.security().authorize(SecurityPermission.ADMIN_ROLLING_UPGRADE);
+
         if (startLatch.getCount() > 0)
             throw new IgniteCheckedException("Cannot enable rolling upgrade: processor has not been started yet");
 
@@ -213,6 +216,8 @@ public void enable(IgniteProductVersion target, boolean force) throws IgniteChec
      * or metastorage is not ready.
      */
     public void disable() throws IgniteCheckedException {
+        ctx.security().authorize(SecurityPermission.ADMIN_ROLLING_UPGRADE);
+
         if (!U.isLocalNodeCoordinator(ctx.discovery()))
             throw new IgniteCheckedException("Rolling upgrade can be disabled only on coordinator node");
 

modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java

@@ -117,7 +117,10 @@ public enum SecurityPermission {
     SQL_VIEW_CREATE,
 
     /** Permission to execute DROP VIEW command. */
-    SQL_VIEW_DROP;
+    SQL_VIEW_DROP,
+
+    /** Permission to perform rolling upgrade. */
+    ADMIN_ROLLING_UPGRADE;
 
     /** Enumerated values. */
     private static final SecurityPermission[] VALS = values();