Skip to content

Add permission list management #2819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 20 commits into from
Closed

Add permission list management #2819

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
60b00ac
Add integration test for permission list
KodaiD Jun 23, 2025
88235e0
Merge branch 'master' into permission-list
KodaiD Jun 23, 2025
22842fa
Add test config
KodaiD Jun 24, 2025
45385d6
Add close() to scan call
KodaiD Jun 24, 2025
61dd00f
Fix DynamoEnv to provide a single getProperties method
KodaiD Jun 24, 2025
b89e66a
Create user and grant permissions in tests
KodaiD Jun 24, 2025
c4b7ff4
Divide the integration test into parts per storage
KodaiD Jun 25, 2025
f49de8f
Add GitHub Actions workflow
KodaiD Jun 25, 2025
52db096
Update grant method in Dynamo
KodaiD Jun 26, 2025
2d7cad5
Reformat
KodaiD Jun 26, 2025
3daa2b6
Merge branch 'master' into permission-list
KodaiD Jun 26, 2025
4b8afae
Exclude permission test files from the existing test settings
KodaiD Jun 26, 2025
12f6928
Update tests
KodaiD Jun 27, 2025
f42a6fe
Remove the unnecessary dependency
KodaiD Jun 27, 2025
2cf06d5
Remove the unnecessary synchronization method
KodaiD Jun 30, 2025
401730b
Add pull_request trigger to test workflow
KodaiD Jul 1, 2025
fe9d220
Fix to use conditional usrer-related queries
KodaiD Jul 1, 2025
7b4961b
Fix to use custom yaml file for Cassandra to enable auth
KodaiD Jul 1, 2025
1922d9c
Fix to sleep fixed time
KodaiD Jul 1, 2025
0688b38
Fix to use bitnami/cassandra image
KodaiD Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
199 changes: 199 additions & 0 deletions .github/workflows/test-permission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
name: Test Permissions
Copy link
Contributor Author

@KodaiD KodaiD Jun 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For JDBC databases, only MySQL is tested for now.


on:
workflow_dispatch:
Comment on lines +3 to +4
Copy link
Contributor Author

@KodaiD KodaiD Jun 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, the job is assumed to be run manually, for example, when a new release is made.


env:
TERM: dumb
JAVA_VERSION: '8'
JAVA_VENDOR: 'temurin'

jobs:
integration-test-permission-cassandra-3-0:
name: Cassandra 3.0 Permission Integration Test
runs-on: ubuntu-latest

services:
cassandra:
image: cassandra:3.0
env:
MAX_HEAP_SIZE: 2048m
HEAP_NEWSIZE: 512m
ports:
- 9042:9042

steps:
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestCassandraPermission' task
run: ./gradlew integrationTestCassandraPermission

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: cassandra_3.0_permission_integration_test_reports
path: core/build/reports/tests/integrationTestCassandraPermission

integration-test-permission-cassandra-3-11:
name: Cassandra 3.11 Permission Integration Test
runs-on: ubuntu-latest

services:
cassandra:
image: cassandra:3.11
env:
MAX_HEAP_SIZE: 2048m
HEAP_NEWSIZE: 512m
ports:
- 9042:9042

steps:
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestCassandraPermission' task
run: ./gradlew integrationTestCassandraPermission

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: cassandra_3.11_permission_integration_test_reports
path: core/build/reports/tests/integrationTestCassandraPermission

integration-test-permission-dynamo:
name: DynamoDB Permission Integration Test
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestDynamoPermission' task
run: ./gradlew integrationTestDynamoPermission
env:
DYNAMO_ACCESS_KEY_ID: ${{ secrets.DYNAMO_ACCESS_KEY }}
DYNAMO_SECRET_ACCESS_KEY: ${{ secrets.DYNAMO_SECRET_ACCESS_KEY }}

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: dynamo_permission_integration_test_reports
path: core/build/reports/tests/integrationTestDynamoPermission

integration-test-permission-jdbc-mysql-5-7:
name: MySQL 5.7 Permission Integration Test
runs-on: ubuntu-latest

steps:
- name: Run MySQL 5.7
run: |
docker run -e MYSQL_ROOT_PASSWORD=mysql -p 3306:3306 -d mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestJdbcPermission' task
run: ./gradlew integrationTestJdbcPermission

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: mysql_5.7_permission_integration_test_reports
path: core/build/reports/tests/integrationTestJdbcPermission

integration-test-permission-jdbc-mysql-8-0:
name: MySQL 8.0 Permission Integration Test
runs-on: ubuntu-latest

steps:
- name: Run MySQL 8.0
run: |
docker run -e MYSQL_ROOT_PASSWORD=mysql -p 3306:3306 -d mysql:8.0 --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestJdbcPermission' task
run: ./gradlew integrationTestJdbcPermission

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: mysql_8.0_permission_integration_test_reports
path: core/build/reports/tests/integrationTestJdbcPermission

integration-test-permission-jdbc-mysql-8-4:
name: MySQL 8.4 Permission Integration Test
runs-on: ubuntu-latest

steps:
- name: Run MySQL 8.4
run: |
docker run -e MYSQL_ROOT_PASSWORD=mysql -p 3306:3306 -d mysql:8.4 --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
- uses: actions/checkout@v4

- name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_VENDOR }}

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4

- name: Execute Gradle 'integrationTestJdbcPermission' task
run: ./gradlew integrationTestJdbcPermission

- name: Upload Gradle test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: mysql_8.4_permission_integration_test_reports
path: core/build/reports/tests/integrationTestJdbcPermission
105 changes: 105 additions & 0 deletions core/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,15 @@ sourceSets {
compileClasspath += main.output + test.output
runtimeClasspath += main.output + test.output
srcDir file('src/integration-test/java')
exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcAdminPermissionIntegrationTest.java'
Comment on lines +15 to +23
Copy link
Contributor Author

@KodaiD KodaiD Jun 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid the permission tests are run in the CI, the test files are excluded.

}
resources.srcDir file('src/integration-test/resources')
}
Expand All @@ -22,6 +31,9 @@ sourceSets {
srcDir file('src/integration-test/java')
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/cassandra/*.java'
exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
Expand All @@ -42,6 +54,9 @@ sourceSets {
srcDir file('src/integration-test/java')
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/dynamo/*.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
Expand All @@ -53,6 +68,9 @@ sourceSets {
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/jdbc/*.java'
include '**/com/scalar/db/transaction/jdbc/*.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcPermissionTestUtils.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcPermissionIntegrationTest.java'
exclude '**/com/scalar/db/storage/jdbc/JdbcAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
Expand All @@ -67,6 +85,49 @@ sourceSets {
}
resources.srcDir file('src/integration-test/resources')
}
integrationTestCassandraPermission {
java {
compileClasspath += main.output + test.output
runtimeClasspath += main.output + test.output
srcDir file('src/integration-test/java')
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
include '**/com/scalar/db/storage/cassandra/CassandraAdminTestUtils.java'
include '**/com/scalar/db/storage/cassandra/CassandraEnv.java'
include '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
include '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
integrationTestDynamoPermission {
java {
compileClasspath += main.output + test.output
runtimeClasspath += main.output + test.output
srcDir file('src/integration-test/java')
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/dynamo/DynamoPermissionTestUtils.java'
include '**/com/scalar/db/storage/dynamo/DynamoAdminTestUtils.java'
include '**/com/scalar/db/storage/dynamo/DynamoEnv.java'
include '**/com/scalar/db/storage/dynamo/DynamoPermissionIntegrationTest.java'
include '**/com/scalar/db/storage/dynamo/DynamoAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
integrationTestJdbcPermission {
java {
compileClasspath += main.output + test.output
runtimeClasspath += main.output + test.output
srcDir file('src/integration-test/java')
include '**/com/scalar/db/common/*.java'
include '**/com/scalar/db/storage/jdbc/JdbcPermissionTestUtils.java'
include '**/com/scalar/db/storage/jdbc/JdbcAdminTestUtils.java'
include '**/com/scalar/db/storage/jdbc/JdbcTestUtils.java'
include '**/com/scalar/db/storage/jdbc/JdbcEnv.java'
include '**/com/scalar/db/storage/jdbc/JdbcPermissionIntegrationTest.java'
include '**/com/scalar/db/storage/jdbc/JdbcAdminPermissionIntegrationTest.java'
}
resources.srcDir file('src/integration-test/resources')
}
}

configurations {
Expand All @@ -88,6 +149,15 @@ configurations {
integrationTestMultiStorageImplementation.extendsFrom testImplementation
integrationTestMultiStorageRuntimeOnly.extendsFrom testRuntimeOnly
integrationTestMultiStorageCompileOnly.extendsFrom testCompileOnly
integrationTestCassandraPermissionImplementation.extendsFrom testImplementation
integrationTestCassandraPermissionRuntimeOnly.extendsFrom testRuntimeOnly
integrationTestCassandraPermissionCompileOnly.extendsFrom testCompileOnly
integrationTestDynamoPermissionImplementation.extendsFrom testImplementation
integrationTestDynamoPermissionRuntimeOnly.extendsFrom testRuntimeOnly
integrationTestDynamoPermissionCompileOnly.extendsFrom testCompileOnly
integrationTestJdbcPermissionImplementation.extendsFrom testImplementation
integrationTestJdbcPermissionRuntimeOnly.extendsFrom testRuntimeOnly
integrationTestJdbcPermissionCompileOnly.extendsFrom testCompileOnly
}

dependencies {
Expand All @@ -100,6 +170,8 @@ dependencies {
implementation platform("software.amazon.awssdk:bom:${awssdkVersion}")
implementation 'software.amazon.awssdk:applicationautoscaling'
implementation 'software.amazon.awssdk:dynamodb'
implementation 'software.amazon.awssdk:iam'
implementation 'software.amazon.awssdk:iam-policy-builder'
implementation "org.apache.commons:commons-dbcp2:${commonsDbcp2Version}"
implementation "com.mysql:mysql-connector-j:${mysqlDriverVersion}"
implementation "org.postgresql:postgresql:${postgresqlDriverVersion}"
Expand Down Expand Up @@ -200,6 +272,39 @@ task integrationTestMultiStorage(type: Test) {
}
}

task integrationTestCassandraPermission(type: Test) {
description = 'Runs the integration tests for Cassandra permissions.'
group = 'verification'
testClassesDirs = sourceSets.integrationTestCassandraPermission.output.classesDirs
classpath = sourceSets.integrationTestCassandraPermission.runtimeClasspath
outputs.upToDateWhen { false } // ensures integration tests are run every time when called
options {
systemProperties(System.getProperties().findAll { it.key.toString().startsWith("scalardb") })
}
}

task integrationTestDynamoPermission(type: Test) {
description = 'Runs the integration tests for DynamoDB permissions.'
group = 'verification'
testClassesDirs = sourceSets.integrationTestDynamoPermission.output.classesDirs
classpath = sourceSets.integrationTestDynamoPermission.runtimeClasspath
outputs.upToDateWhen { false } // ensures integration tests are run every time when called
options {
systemProperties(System.getProperties().findAll { it.key.toString().startsWith("scalardb") })
}
}

task integrationTestJdbcPermission(type: Test) {
description = 'Runs the integration tests for JDBC permissions.'
group = 'verification'
testClassesDirs = sourceSets.integrationTestJdbcPermission.output.classesDirs
classpath = sourceSets.integrationTestJdbcPermission.runtimeClasspath
outputs.upToDateWhen { false } // ensures integration tests are run every time when called
options {
systemProperties(System.getProperties().findAll { it.key.toString().startsWith("scalardb") })
}
}

spotless {
java {
target 'src/*/java/**/*.java'
Expand Down
Loading