Backport to branch(3.12) : Add DynamoDB permission test (#2856)

Co-authored-by: Kodai Doki <[email protected]>

Author: feeblefakie

.github/workflows/permission-check.yaml

@@ -7,6 +7,8 @@ env:
   TERM: dumb
   JAVA_VERSION: '8'
   JAVA_VENDOR: 'temurin'
+  DYNAMO_ACCESS_KEY_ID: ${{ secrets.DYNAMO_ACCESS_KEY }}
+  DYNAMO_SECRET_ACCESS_KEY: ${{ secrets.DYNAMO_SECRET_ACCESS_KEY }}
 
 jobs:
   integration-test-permission-cassandra-3-0:
@@ -86,3 +88,29 @@ jobs:
         with:
           name: cassandra_3.11_permission_integration_test_reports
           path: core/build/reports/tests/integrationTestCassandraPermission
+
+  integration-test-permission-dynamo:
+    name: DynamoDB Permission Integration Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_VENDOR }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Execute Gradle 'integrationTestDynamoPermission' task
+        run: ./gradlew integrationTestDynamoPermission -Dscalardb.dynamo.emulator_used=false -Dscalardb.dynamo.region=ap-northeast-1 -Dscalardb.dynamo.access_key_id=${{ env.DYNAMO_ACCESS_KEY_ID }} -Dscalardb.dynamo.secret_access_key=${{ env.DYNAMO_SECRET_ACCESS_KEY }}
+
+      - name: Upload Gradle test reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dynamo_permission_integration_test_reports
+          path: core/build/reports/tests/integrationTestDynamoPermission

core/build.gradle

@@ -42,6 +42,9 @@ sourceSets {
             runtimeClasspath += main.output + test.output
             srcDir file('src/integration-test/java')
             include '**/com/scalar/db/storage/dynamo/*.java'
+            exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
+            exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
+            exclude '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
         }
         resources.srcDir file('src/integration-test/resources')
     }
@@ -79,6 +82,20 @@ sourceSets {
         }
         resources.srcDir file('src/integration-test/resources')
     }
+    integrationTestDynamoPermission {
+        java {
+            compileClasspath += main.output + test.output
+            runtimeClasspath += main.output + test.output
+            srcDir file('src/integration-test/java')
+            include '**/com/scalar/db/common/*.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoAdminTestUtils.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoEnv.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
+        }
+        resources.srcDir file('src/integration-test/resources')
+    }
 }
 
 configurations {
@@ -103,6 +120,9 @@ configurations {
     integrationTestCassandraPermissionImplementation.extendsFrom testImplementation
     integrationTestCassandraPermissionRuntimeOnly.extendsFrom testRuntimeOnly
     integrationTestCassandraPermissionCompileOnly.extendsFrom testCompileOnly
+    integrationTestDynamoPermissionImplementation.extendsFrom testImplementation
+    integrationTestDynamoPermissionRuntimeOnly.extendsFrom testRuntimeOnly
+    integrationTestDynamoPermissionCompileOnly.extendsFrom testCompileOnly
 }
 
 dependencies {
@@ -116,6 +136,8 @@ dependencies {
     implementation platform("software.amazon.awssdk:bom:${awssdkVersion}")
     implementation 'software.amazon.awssdk:applicationautoscaling'
     implementation 'software.amazon.awssdk:dynamodb'
+    testImplementation 'software.amazon.awssdk:iam'
+    testImplementation 'software.amazon.awssdk:iam-policy-builder'
     implementation "org.apache.commons:commons-dbcp2:${commonsDbcp2Version}"
     implementation "com.mysql:mysql-connector-j:${mysqlDriverVersion}"
     implementation "org.postgresql:postgresql:${postgresqlDriverVersion}"
@@ -221,6 +243,17 @@ task integrationTestCassandraPermission(type: Test) {
     }
 }
 
+task integrationTestDynamoPermission(type: Test) {
+    description = 'Runs the integration tests for DynamoDB permissions.'
+    group = 'verification'
+    testClassesDirs = sourceSets.integrationTestDynamoPermission.output.classesDirs
+    classpath = sourceSets.integrationTestDynamoPermission.runtimeClasspath
+    outputs.upToDateWhen { false }  // ensures integration tests are run every time when called
+    options {
+        systemProperties(System.getProperties().findAll { it.key.toString().startsWith("scalardb") })
+    }
+}
+
 spotless {
     java {
         target 'src/*/java/**/*.java'

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java

@@ -0,0 +1,62 @@
+package com.scalar.db.storage.dynamo;
+
+import static com.scalar.db.storage.dynamo.DynamoPermissionTestUtils.SLEEP_BETWEEN_TESTS_SECONDS;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.Uninterruptibles;
+import com.scalar.db.api.DistributedStorageAdminPermissionIntegrationTestBase;
+import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+public class DynamoAdminPermissionIntegrationTest
+    extends DistributedStorageAdminPermissionIntegrationTestBase {
+  @Override
+  protected Properties getProperties(String testName) {
+    return DynamoEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Properties getPropertiesForNormalUser(String testName) {
+    return DynamoEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Map<String, String> getCreationOptions() {
+    return ImmutableMap.of(DynamoAdmin.NO_SCALING, "false", DynamoAdmin.NO_BACKUP, "false");
+  }
+
+  @Override
+  protected AdminTestUtils getAdminTestUtils(String testName) {
+    return new DynamoAdminTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new DynamoPermissionTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected void sleepBetweenTests() {
+    Uninterruptibles.sleepUninterruptibly(SLEEP_BETWEEN_TESTS_SECONDS, TimeUnit.SECONDS);
+  }
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in DynamoDB")
+  public void getImportTableMetadata_WithSufficientPermission_ShouldSucceed() {}
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in DynamoDB")
+  public void addRawColumnToTable_WithSufficientPermission_ShouldSucceed() {}
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in DynamoDB")
+  public void importTable_WithSufficientPermission_ShouldSucceed() {}
+}

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoEnv.java

@@ -10,12 +10,14 @@ public final class DynamoEnv {
   private static final String PROP_DYNAMO_REGION = "scalardb.dynamo.region";
   private static final String PROP_DYNAMO_ACCESS_KEY_ID = "scalardb.dynamo.access_key_id";
   private static final String PROP_DYNAMO_SECRET_ACCESS_KEY = "scalardb.dynamo.secret_access_key";
+  private static final String PROP_DYNAMO_EMULATOR_USED = "scalardb.dynamo.emulator_used";
   private static final String PROP_DYNAMO_CREATE_OPTIONS = "scalardb.dynamo.create_options";
 
   private static final String DEFAULT_DYNAMO_ENDPOINT_OVERRIDE = "http://localhost:8000";
   private static final String DEFAULT_DYNAMO_REGION = "us-west-2";
   private static final String DEFAULT_DYNAMO_ACCESS_KEY_ID = "fakeMyKeyId";
   private static final String DEFAULT_DYNAMO_SECRET_ACCESS_KEY = "fakeSecretAccessKey";
+  private static final String DEFAULT_DYNAMO_EMULATOR_USED = "true";
 
   private static final ImmutableMap<String, String> DEFAULT_DYNAMO_CREATE_OPTIONS =
       ImmutableMap.of(DynamoAdmin.NO_SCALING, "true", DynamoAdmin.NO_BACKUP, "true");
@@ -30,24 +32,26 @@ public static Properties getProperties(String testName) {
         System.getProperty(PROP_DYNAMO_ACCESS_KEY_ID, DEFAULT_DYNAMO_ACCESS_KEY_ID);
     String secretAccessKey =
         System.getProperty(PROP_DYNAMO_SECRET_ACCESS_KEY, DEFAULT_DYNAMO_SECRET_ACCESS_KEY);
+    String isEmulatorUsed =
+        System.getProperty(PROP_DYNAMO_EMULATOR_USED, DEFAULT_DYNAMO_EMULATOR_USED);
 
-    Properties props = new Properties();
-    if (endpointOverride != null) {
-      props.setProperty(DynamoConfig.ENDPOINT_OVERRIDE, endpointOverride);
+    Properties properties = new Properties();
+    if (Boolean.parseBoolean(isEmulatorUsed) && endpointOverride != null) {
+      properties.setProperty(DynamoConfig.ENDPOINT_OVERRIDE, endpointOverride);
     }
-    props.setProperty(DatabaseConfig.CONTACT_POINTS, region);
-    props.setProperty(DatabaseConfig.USERNAME, accessKeyId);
-    props.setProperty(DatabaseConfig.PASSWORD, secretAccessKey);
-    props.setProperty(DatabaseConfig.STORAGE, "dynamo");
-    props.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN, "true");
-    props.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_FILTERING, "false");
-    props.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_ORDERING, "false");
+    properties.setProperty(DatabaseConfig.CONTACT_POINTS, region);
+    properties.setProperty(DatabaseConfig.USERNAME, accessKeyId);
+    properties.setProperty(DatabaseConfig.PASSWORD, secretAccessKey);
+    properties.setProperty(DatabaseConfig.STORAGE, "dynamo");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN, "true");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_FILTERING, "false");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_ORDERING, "false");
 
     // Add testName as a metadata namespace suffix
-    props.setProperty(
+    properties.setProperty(
         DynamoConfig.TABLE_METADATA_NAMESPACE, DynamoAdmin.METADATA_NAMESPACE + "_" + testName);
 
-    return props;
+    return properties;
   }
 
   public static Map<String, String> getCreationOptions() {

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java

@@ -0,0 +1,36 @@
+package com.scalar.db.storage.dynamo;
+
+import com.google.common.collect.ImmutableMap;
+import com.scalar.db.api.DistributedStoragePermissionIntegrationTestBase;
+import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Map;
+import java.util.Properties;
+
+public class DynamoPermissionIntegrationTest
+    extends DistributedStoragePermissionIntegrationTestBase {
+  @Override
+  protected Properties getProperties(String testName) {
+    return DynamoEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Properties getPropertiesForNormalUser(String testName) {
+    return DynamoEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Map<String, String> getCreationOptions() {
+    return ImmutableMap.of(DynamoAdmin.NO_SCALING, "false", DynamoAdmin.NO_BACKUP, "false");
+  }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new DynamoPermissionTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected AdminTestUtils getAdminTestUtils(String testName) {
+    return new DynamoAdminTestUtils(getProperties(testName));
+  }
+}