Add Cassandra permission test

[KodaiD]

Description

This PR adds a permission test for Cassandra under ScalarDB. To check what permissions are required for all ScalarDB operations, all DistributedStorage and DistributedStorageAdmin methods are tested. This is a first step of the permission tests project. Permission tests for other backends will be added in the future.

Related issues and/or PRs

N/A

Changes made

• Added a new integration test for the implementations of DistributedStorage in Cassandra adapter.
• Added a new integration test for the implementations of DistributedStorageAdmin in Cassandra adapter.
• Added a GitHub Action workflow to run the permission tests on workflow dispatch.

Checklist

• I have commented my code, particularly in hard-to-understand areas.
• I have updated the documentation to reflect the changes.
• I have considered whether similar issues could occur in other products, components, or modules if this PR is for bug fixes.
• Any remaining open issues linked to this PR are documented and up-to-date (Jira, GitHub, etc.).
• Tests (unit, integration, etc.) have been added for the changes.
• My changes generate no new warnings.
• Any dependent changes in other PRs have been merged and published.

Additional notes (optional)

N/A

Release notes

N/A

[Copilot]

Pull Request Overview

This PR introduces permission tests for Cassandra under ScalarDB by adding integration tests for both DistributedStorage and DistributedStorageAdmin, as well as updating the Gradle build and GitHub Actions workflow to run these tests.

• New integration tests for permission checks on storage and admin APIs
• Implementation of Cassandra-specific PermissionTestUtils and environment configuration
• Separate Gradle source set and workflow steps for Cassandra permission tests

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
integration-test/src/main/java/com/scalar/db/util/PermissionTestUtils.java	Added interface with methods for user management and permission granting
integration-test/src/main/java/com/scalar/db/api/DistributedStoragePermissionIntegrationTestBase.java	Introduced tests for storage methods using granted permissions
integration-test/src/main/java/com/scalar/db/api/DistributedStorageAdminPermissionIntegrationTestBase.java	Added tests for admin operations with sufficient permissions
core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java	Implemented Cassandra-specific permission management logic
core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java	Extended base storage permission tests for Cassandra
core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraEnv.java	Updated to include normal user properties for Cassandra
core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java	Extended admin permission tests for Cassandra with retry waits
core/build.gradle	Configured new integration test source set and dependencies for Cassandra permission tests
.github/workflows/permission-check.yaml	Added workflow jobs to run Cassandra permission tests for different Cassandra versions

[gemini-code-assist]

Summary of Changes

Hello @KodaiD, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a comprehensive set of permission integration tests for the Cassandra backend in ScalarDB. The primary goal is to verify that all DistributedStorage and DistributedStorageAdmin operations function correctly when executed by a user with the necessary permissions, ensuring the system's security and operational integrity. This is the initial phase of a broader project to implement permission tests across all ScalarDB backends.

Highlights

• New Permission Test Framework: I've introduced a new set of abstract base classes (DistributedStoragePermissionIntegrationTestBase and DistributedStorageAdminPermissionIntegrationTestBase) to standardize permission testing for DistributedStorage and DistributedStorageAdmin operations across different backends.
• Cassandra-Specific Permission Tests: I've implemented concrete permission integration tests for the Cassandra adapter (CassandraPermissionIntegrationTest and CassandraAdminPermissionIntegrationTest), covering a wide range of operations like get, scan, put, delete, mutate, and various admin functions (create/drop namespace/table, repair, etc.).
• Cassandra User Management Utilities: I've added CassandraPermissionTestUtils to programmatically create, drop, and grant necessary permissions to a 'normal' test user within Cassandra, facilitating isolated and realistic permission testing.
• Gradle Build Configuration: I've updated the build.gradle file to define a new dedicated source set and Gradle task (integrationTestCassandraPermission) for these new permission tests, allowing them to be run independently from other integration tests.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces new integration tests for Cassandra permissions, covering both DistributedStorage and DistributedStorageAdmin operations. The changes include adding new Gradle configurations and tasks to support these tests, along with new test utility classes. The overall structure of the new tests aligns with existing integration test patterns. However, there are several areas for improvement related to maintainability and correctness, such as reducing code duplication, refining exception handling to be more specific, and addressing potential security risks (even in test code) by avoiding String.format for SQL queries.

[brfrn169]

Overall, LGTM. Left a few comments. PTAL!

[KodaiD]

@brfrn169 Thank you for your comment!
As you mentioned, we should test get and scan with index. I added tests in 9529726. PTAL!

[brfrn169]

LGTM! Thank you!

[Torch3333]

LGTM, thank you!

[komamitsu]

LGTM, thank you!

[feeblefakie]

LGTM! Thank you!