Create user and grant permissions in tests

Author: KodaiD

core/build.gradle

@@ -73,18 +73,17 @@ sourceSets {
             runtimeClasspath += main.output + test.output
             srcDir file('src/integration-test/java')
             include '**/com/scalar/db/common/*.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
             include '**/com/scalar/db/storage/cassandra/CassandraAdminTestUtils.java'
             include '**/com/scalar/db/storage/cassandra/CassandraEnv.java'
             include '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
             include '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
-            include '**/com/scalar/db/storage/cosmos/CosmosAdminTestUtils.java'
-            include '**/com/scalar/db/storage/cosmos/CosmosEnv.java'
-            include '**/com/scalar/db/storage/cosmos/CosmosPermissionIntegrationTest.java'
-            include '**/com/scalar/db/storage/cosmos/CosmosAdminPermissionIntegrationTest.java'
+            include '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
             include '**/com/scalar/db/storage/dynamo/DynamoAdminTestUtils.java'
             include '**/com/scalar/db/storage/dynamo/DynamoEnv.java'
             include '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
             include '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
+            include '**/com/scalar/db/storage/jdbc/JdbcPermissionTestUtils.java'
             include '**/com/scalar/db/storage/jdbc/JdbcAdminTestUtils.java'
             include '**/com/scalar/db/storage/jdbc/JdbcTestUtils.java'
             include '**/com/scalar/db/storage/jdbc/JdbcEnv.java'
@@ -129,6 +128,8 @@ dependencies {
     implementation platform("software.amazon.awssdk:bom:${awssdkVersion}")
     implementation 'software.amazon.awssdk:applicationautoscaling'
     implementation 'software.amazon.awssdk:dynamodb'
+    implementation 'software.amazon.awssdk:iam'
+    implementation 'software.amazon.awssdk:iam-policy-builder'
     implementation "org.apache.commons:commons-dbcp2:${commonsDbcp2Version}"
     implementation "com.mysql:mysql-connector-j:${mysqlDriverVersion}"
     implementation "org.postgresql:postgresql:${postgresqlDriverVersion}"

core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java

@@ -2,6 +2,7 @@
 
 import com.scalar.db.api.DistributedStorageAdminPermissionIntegrationTestBase;
 import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Properties;
@@ -30,6 +31,11 @@ protected AdminTestUtils getAdminTestUtils(String testName) {
     return new CassandraAdminTestUtils(getProperties(testName));
   }
 
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new CassandraPermissionTestUtils(getProperties(testName));
+  }
+
   @Test
   @Override
   @Disabled("Import-related functionality is not supported in Cassandra")

core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraEnv.java

@@ -39,13 +39,7 @@ public static Properties getProperties(String testName) {
 
     return properties;
   }
-
-  /*
-   * This method is used for executing commands other than CREATE commands. In Cassandra, the
-   * ROLE executing the commands has multiple permissions for the object created implicitly.
-   * To know the exact permissions that should be granted to the ROLE, we avoid this behavior by
-   * using a different ROLE.
-   */
+  
   public static Properties getPropertiesForNormalUser(String testName) {
     String contactPoints =
         System.getProperty(PROP_CASSANDRA_CONTACT_POINTS, DEFAULT_CASSANDRA_CONTACT_POINTS);

core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java

@@ -1,6 +1,7 @@
 package com.scalar.db.storage.cassandra;
 
 import com.scalar.db.api.DistributedStoragePermissionIntegrationTestBase;
+import com.scalar.db.util.PermissionTestUtils;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Properties;
@@ -21,4 +22,9 @@ protected Properties getPropertiesForNormalUser(String testName) {
   protected Map<String, String> getCreationOptions() {
     return Collections.singletonMap(CassandraAdmin.REPLICATION_FACTOR, "1");
   }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new CassandraPermissionTestUtils(getProperties(testName));
+  }
 }

core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java

@@ -0,0 +1,53 @@
+package com.scalar.db.storage.cassandra;
+
+import com.datastax.driver.core.Session;
+import com.scalar.db.config.DatabaseConfig;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Properties;
+
+public class CassandraPermissionTestUtils implements PermissionTestUtils {
+  private final ClusterManager clusterManager;
+
+  public CassandraPermissionTestUtils(Properties properties) {
+    DatabaseConfig databaseConfig = new DatabaseConfig(properties);
+    clusterManager = new ClusterManager(databaseConfig);
+  }
+
+  @Override
+  public void createNormalUser(String userName, String password) {
+    clusterManager
+        .getSession()
+        .execute(
+            String.format(
+                "CREATE ROLE IF NOT EXISTS %s WITH PASSWORD = '%s' AND LOGIN = true",
+                userName, password));
+  }
+
+  @Override
+  public void dropNormalUser(String userName) {
+    clusterManager.getSession().execute(String.format("DROP ROLE IF EXISTS %s", userName));
+  }
+
+  @Override
+  public void grantRequiredPermission(String userName) {
+    Session session = clusterManager.getSession();
+    for (String grantStatement : getGrantPermissionStatements(userName)) {
+      session.execute(grantStatement);
+    }
+  }
+
+  private String[] getGrantPermissionStatements(String userName) {
+    return new String[] {
+      String.format("GRANT CREATE ON ALL KEYSPACES TO %s", userName),
+      String.format("GRANT DROP ON ALL KEYSPACES TO %s", userName),
+      String.format("GRANT ALTER ON ALL KEYSPACES TO %s", userName),
+      String.format("GRANT SELECT ON ALL KEYSPACES TO %s", userName),
+      String.format("GRANT MODIFY ON ALL KEYSPACES TO %s", userName)
+    };
+  }
+
+  @Override
+  public void close() {
+    clusterManager.close();
+  }
+}

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java

@@ -3,6 +3,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.scalar.db.api.DistributedStorageAdminPermissionIntegrationTestBase;
 import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
 import java.util.Map;
 import java.util.Properties;
 import org.junit.jupiter.api.Disabled;
@@ -30,6 +31,11 @@ protected AdminTestUtils getAdminTestUtils(String testName) {
     return new DynamoAdminTestUtils(getProperties(testName));
   }
 
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new DynamoPermissionTestUtils(getProperties(testName));
+  }
+
   @Test
   @Override
   @Disabled("Import-related functionality is not supported in DynamoDB")

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java

@@ -2,6 +2,7 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.scalar.db.api.DistributedStoragePermissionIntegrationTestBase;
+import com.scalar.db.util.PermissionTestUtils;
 import java.util.Map;
 import java.util.Properties;
 
@@ -21,4 +22,9 @@ protected Properties getPropertiesForNormalUser(String testName) {
   protected Map<String, String> getCreationOptions() {
     return ImmutableMap.of(DynamoAdmin.NO_SCALING, "false", DynamoAdmin.NO_BACKUP, "false");
   }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new DynamoPermissionTestUtils(getProperties(testName));
+  }
 }

core/src/integration-test/java/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java

@@ -0,0 +1,97 @@
+package com.scalar.db.storage.dynamo;
+
+import com.scalar.db.config.DatabaseConfig;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Properties;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.policybuilder.iam.IamEffect;
+import software.amazon.awssdk.policybuilder.iam.IamPolicy;
+import software.amazon.awssdk.policybuilder.iam.IamResource;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.iam.IamClient;
+import software.amazon.awssdk.services.iam.model.AttachUserPolicyRequest;
+import software.amazon.awssdk.services.iam.model.CreatePolicyVersionRequest;
+import software.amazon.awssdk.services.iam.model.User;
+
+public class DynamoPermissionTestUtils implements PermissionTestUtils {
+  private static final String IAM_POLICY_NAME = "test-dynamodb-permissions";
+  private static final IamPolicy POLICY =
+      IamPolicy.builder()
+          .addStatement(
+              s ->
+                  s.effect(IamEffect.ALLOW)
+                      .addAction("dynamodb:ConditionCheckItem")
+                      .addAction("dynamodb:PutItem")
+                      .addAction("dynamodb:ListTables")
+                      .addAction("dynamodb:DeleteItem")
+                      .addAction("dynamodb:Scan")
+                      .addAction("dynamodb:Query")
+                      .addAction("dynamodb:UpdateItem")
+                      .addAction("dynamodb:DeleteTable")
+                      .addAction("dynamodb:UpdateContinuousBackups")
+                      .addAction("dynamodb:CreateTable")
+                      .addAction("dynamodb:DescribeTable")
+                      .addAction("dynamodb:GetItem")
+                      .addAction("dynamodb:DescribeContinuousBackups")
+                      .addAction("dynamodb:UpdateTable")
+                      .addAction("application-autoscaling:RegisterScalableTarget")
+                      .addAction("application-autoscaling:DeleteScalingPolicy")
+                      .addAction("application-autoscaling:PutScalingPolicy")
+                      .addAction("application-autoscaling:DeregisterScalableTarget")
+                      .addAction("application-autoscaling:TagResource")
+                      .addResource(IamResource.ALL))
+          .build();
+  private final IamClient client;
+
+  public DynamoPermissionTestUtils(Properties properties) {
+    DynamoConfig config = new DynamoConfig(new DatabaseConfig(properties));
+    this.client =
+        IamClient.builder()
+            .region(Region.of(config.getRegion()))
+            .credentialsProvider(
+                StaticCredentialsProvider.create(
+                    AwsBasicCredentials.create(
+                        config.getAccessKeyId(), config.getSecretAccessKey())))
+            .build();
+  }
+
+  @Override
+  public void createNormalUser(String userName, String password) {
+    // Do nothing for DynamoDB.
+  }
+
+  @Override
+  public void dropNormalUser(String userName) {
+    // Do nothing for DynamoDB.
+  }
+
+  @Override
+  public void grantRequiredPermission(String userName) {
+    try {
+      // Get the account ID to construct the ARN\
+      User user = client.getUser().user();
+      String accountId = user.arn().split(":")[4];
+      String policyArn = String.format("arn:aws:iam::%s:policy/%s", accountId, IAM_POLICY_NAME);
+
+      // Create a new version of the existing policy
+      client.createPolicyVersion(
+          CreatePolicyVersionRequest.builder()
+              .policyArn(policyArn)
+              .policyDocument(POLICY.toJson())
+              .setAsDefault(true)
+              .build());
+
+      // Attach the policy to the user
+      client.attachUserPolicy(
+          AttachUserPolicyRequest.builder().userName(user.userName()).policyArn(policyArn).build());
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to grant required permissions", e);
+    }
+  }
+
+  @Override
+  public void close() {
+    client.close();
+  }
+}

core/src/integration-test/java/com/scalar/db/storage/jdbc/JdbcAdminPermissionIntegrationTest.java

@@ -2,6 +2,7 @@
 
 import com.scalar.db.api.DistributedStorageAdminPermissionIntegrationTestBase;
 import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
 import java.util.Properties;
 
 public class JdbcAdminPermissionIntegrationTest
@@ -13,11 +14,16 @@ protected Properties getProperties(String testName) {
 
   @Override
   protected Properties getPropertiesForNormalUser(String testName) {
-    return JdbcEnv.getProperties(testName);
+    return JdbcEnv.getPropertiesForNormalUser(testName);
   }
 
   @Override
   protected AdminTestUtils getAdminTestUtils(String testName) {
     return new JdbcAdminTestUtils(getProperties(testName));
   }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new JdbcPermissionTestUtils(getProperties(testName));
+  }
 }

core/src/integration-test/java/com/scalar/db/storage/jdbc/JdbcEnv.java

@@ -7,10 +7,14 @@ public final class JdbcEnv {
   private static final String PROP_JDBC_URL = "scalardb.jdbc.url";
   private static final String PROP_JDBC_USERNAME = "scalardb.jdbc.username";
   private static final String PROP_JDBC_PASSWORD = "scalardb.jdbc.password";
+  private static final String PROP_JDBC_NORMAL_USERNAME = "scalardb.jdbc.normal_username";
+  private static final String PROP_JDBC_NORMAL_PASSWORD = "scalardb.jdbc.normal_password";
 
   private static final String DEFAULT_JDBC_URL = "jdbc:mysql://localhost:3306/";
   private static final String DEFAULT_JDBC_USERNAME = "root";
   private static final String DEFAULT_JDBC_PASSWORD = "mysql";
+  private static final String DEFAULT_JDBC_NORMAL_USERNAME = "test";
+  private static final String DEFAULT_JDBC_NORMAL_PASSWORD = "test";
 
   private JdbcEnv() {}
 
@@ -36,6 +40,28 @@ public static Properties getProperties(String testName) {
     return properties;
   }
 
+  public static Properties getPropertiesForNormalUser(String testName) {
+    String jdbcUrl = System.getProperty(PROP_JDBC_URL, DEFAULT_JDBC_URL);
+    String username = System.getProperty(PROP_JDBC_NORMAL_USERNAME, DEFAULT_JDBC_NORMAL_USERNAME);
+    String password = System.getProperty(PROP_JDBC_NORMAL_PASSWORD, DEFAULT_JDBC_NORMAL_PASSWORD);
+
+    Properties properties = new Properties();
+    properties.setProperty(DatabaseConfig.CONTACT_POINTS, jdbcUrl);
+    properties.setProperty(DatabaseConfig.USERNAME, username);
+    properties.setProperty(DatabaseConfig.PASSWORD, password);
+    properties.setProperty(DatabaseConfig.STORAGE, "jdbc");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN, "true");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_FILTERING, "true");
+    properties.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_ORDERING, "true");
+
+    // Add testName as a metadata schema suffix
+    properties.setProperty(
+        DatabaseConfig.SYSTEM_NAMESPACE_NAME,
+        DatabaseConfig.DEFAULT_SYSTEM_NAMESPACE_NAME + "_" + testName);
+
+    return properties;
+  }
+
   public static boolean isSqlite() {
     Properties properties = new Properties();
     properties.setProperty(