scalar-labs · brfrn169 · Jul 10, 2025 · Jul 8, 2025 · Jul 10, 2025 · Jul 10, 2025
diff --git a/.github/workflows/permission-check.yaml b/.github/workflows/permission-check.yaml
@@ -0,0 +1,88 @@
+name: Test Permissions
+
+on:
+  workflow_dispatch:
+
+env:
+  TERM: dumb
+  JAVA_VERSION: '8'
+  JAVA_VENDOR: 'temurin'
+
+jobs:
+  integration-test-permission-cassandra-3-0:
+    name: Cassandra 3.0 Permission Integration Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_VENDOR }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Start Cassandra with authentication enabled
+        run: |
+          docker run -d --name cassandra \
+            -p 9042:9042 \
+            -e CASSANDRA_PASSWORD_SEEDER=yes \
+            -e CASSANDRA_PASSWORD=cassandra \
+            -e CASSANDRA_AUTHENTICATOR=PasswordAuthenticator \
+            -e CASSANDRA_AUTHORIZER=CassandraAuthorizer \
+            bitnami/cassandra:3.0
+
+      - name: Wait for Cassandra to be ready
+        run: sleep 30
+
+      - name: Execute Gradle 'integrationTestCassandraPermission' task
+        run: ./gradlew integrationTestCassandraPermission
+
+      - name: Upload Gradle test reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cassandra_3.0_permission_integration_test_reports
+          path: core/build/reports/tests/integrationTestCassandraPermission
+
+  integration-test-permission-cassandra-3-11:
+    name: Cassandra 3.11 Permission Integration Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ env.JAVA_VERSION }} (${{ env.JAVA_VENDOR }})
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_VENDOR }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Start Cassandra with authentication enabled
+        run: |
+          docker run -d --name cassandra \
+            -p 9042:9042 \
+            -e CASSANDRA_PASSWORD_SEEDER=yes \
+            -e CASSANDRA_PASSWORD=cassandra \
+            -e CASSANDRA_AUTHENTICATOR=PasswordAuthenticator \
+            -e CASSANDRA_AUTHORIZER=CassandraAuthorizer \
+            bitnami/cassandra:3.11
+
+      - name: Wait for Cassandra to be ready
+        run: sleep 30
+
+      - name: Execute Gradle 'integrationTestCassandraPermission' task
+        run: ./gradlew integrationTestCassandraPermission
+
+      - name: Upload Gradle test reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cassandra_3.11_permission_integration_test_reports
+          path: core/build/reports/tests/integrationTestCassandraPermission
diff --git a/core/build.gradle b/core/build.gradle
@@ -22,6 +22,9 @@ sourceSets {
             srcDir file('src/integration-test/java')
             include '**/com/scalar/db/common/*.java'
             include '**/com/scalar/db/storage/cassandra/*.java'
+            exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
+            exclude '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
+            exclude '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
         }
         resources.srcDir file('src/integration-test/resources')
     }
@@ -67,6 +70,20 @@ sourceSets {
         }
         resources.srcDir file('src/integration-test/resources')
     }
+    integrationTestCassandraPermission {
+        java {
+            compileClasspath += main.output + test.output
+            runtimeClasspath += main.output + test.output
+            srcDir file('src/integration-test/java')
+            include '**/com/scalar/db/common/*.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraPermissionTestUtils.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraAdminTestUtils.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraEnv.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java'
+            include '**/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java'
+        }
+        resources.srcDir file('src/integration-test/resources')
+    }
 }
 
 configurations {
@@ -88,6 +105,9 @@ configurations {
     integrationTestMultiStorageImplementation.extendsFrom testImplementation
     integrationTestMultiStorageRuntimeOnly.extendsFrom testRuntimeOnly
     integrationTestMultiStorageCompileOnly.extendsFrom testCompileOnly
+    integrationTestCassandraPermissionImplementation.extendsFrom testImplementation
+    integrationTestCassandraPermissionRuntimeOnly.extendsFrom testRuntimeOnly
+    integrationTestCassandraPermissionCompileOnly.extendsFrom testCompileOnly
 }
 
 dependencies {
@@ -200,6 +220,17 @@ task integrationTestMultiStorage(type: Test) {
     }
 }
 
+task integrationTestCassandraPermission(type: Test) {
+    description = 'Runs the integration tests for Cassandra permissions.'
+    group = 'verification'
+    testClassesDirs = sourceSets.integrationTestCassandraPermission.output.classesDirs
+    classpath = sourceSets.integrationTestCassandraPermission.runtimeClasspath
+    outputs.upToDateWhen { false }  // ensures integration tests are run every time when called
+    options {
+        systemProperties(System.getProperties().findAll { it.key.toString().startsWith("scalardb") })
+    }
+}
+
 spotless {
     java {
         target 'src/*/java/**/*.java'

diff --git a/...on-test/java/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java b/...on-test/java/com/scalar/db/storage/cassandra/CassandraAdminPermissionIntegrationTest.java
@@ -0,0 +1,141 @@
+package com.scalar.db.storage.cassandra;
+
+import static com.scalar.db.storage.cassandra.CassandraPermissionTestUtils.MAX_RETRY_COUNT;
+import static com.scalar.db.storage.cassandra.CassandraPermissionTestUtils.SLEEP_BETWEEN_RETRIES_SECONDS;
+
+import com.google.common.util.concurrent.Uninterruptibles;
+import com.scalar.db.api.DistributedStorageAdminPermissionIntegrationTestBase;
+import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Properties;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+public class CassandraAdminPermissionIntegrationTest
+    extends DistributedStorageAdminPermissionIntegrationTestBase {
+  @Override
+  protected Properties getProperties(String testName) {
+    return CassandraEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Properties getPropertiesForNormalUser(String testName) {
+    return CassandraEnv.getPropertiesForNormalUser(testName);
+  }
+
+  @Override
+  protected AdminTestUtils getAdminTestUtils(String testName) {
+    return new CassandraAdminTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new CassandraPermissionTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected Map<String, String> getCreationOptions() {
+    return Collections.singletonMap(CassandraAdmin.REPLICATION_FACTOR, "1");
+  }
+
+  @Override
+  protected void waitForNamespaceCreation() {
+    try {
+      AdminTestUtils utils = getAdminTestUtils(TEST_NAME);
+      int retryCount = 0;
+      while (retryCount < MAX_RETRY_COUNT) {
+        if (utils.namespaceExists(NAMESPACE)) {
+          utils.close();
+          return;
+        }
+        Uninterruptibles.sleepUninterruptibly(
+            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
+        retryCount++;
+      }
+      utils.close();
+      throw new RuntimeException("Namespace was not created after " + MAX_RETRY_COUNT + " retries");
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to wait for namespace creation", e);
+    }
+  }
+
+  @Override
+  protected void waitForTableCreation() {
+    try {
+      AdminTestUtils utils = getAdminTestUtils(TEST_NAME);
+      int retryCount = 0;
+      while (retryCount < MAX_RETRY_COUNT) {
+        if (utils.tableExists(NAMESPACE, TABLE)) {
+          utils.close();
+          return;
+        }
+        Uninterruptibles.sleepUninterruptibly(
+            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
+        retryCount++;
+      }
+      utils.close();
+      throw new RuntimeException("Table was not created after " + MAX_RETRY_COUNT + " retries");
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to wait for table creation", e);
+    }
+  }
+
+  @Override
+  protected void waitForNamespaceDeletion() {
+    try {
+      AdminTestUtils utils = getAdminTestUtils(TEST_NAME);
+      int retryCount = 0;
+      while (retryCount < MAX_RETRY_COUNT) {
+        if (!utils.namespaceExists(NAMESPACE)) {
+          utils.close();
+          return;
+        }
+        Uninterruptibles.sleepUninterruptibly(
+            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
+        retryCount++;
+      }
+      utils.close();
+      throw new RuntimeException("Namespace was not deleted after " + MAX_RETRY_COUNT + " retries");
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to wait for namespace deletion", e);
+    }
+  }
+
+  @Override
+  protected void waitForTableDeletion() {
+    try {
+      AdminTestUtils utils = getAdminTestUtils(TEST_NAME);
+      int retryCount = 0;
+      while (retryCount < MAX_RETRY_COUNT) {
+        if (!utils.tableExists(NAMESPACE, TABLE)) {
+          utils.close();
+          return;
+        }
+        Uninterruptibles.sleepUninterruptibly(
+            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
+        retryCount++;
+      }
+      utils.close();
+      throw new RuntimeException("Table was not deleted after " + MAX_RETRY_COUNT + " retries");
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to wait for table deletion", e);
+    }
+  }
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in Cassandra")
+  public void getImportTableMetadata_WithSufficientPermission_ShouldSucceed() {}
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in Cassandra")
+  public void addRawColumnToTable_WithSufficientPermission_ShouldSucceed() {}
+
+  @Test
+  @Override
+  @Disabled("Import-related functionality is not supported in Cassandra")
+  public void importTable_WithSufficientPermission_ShouldSucceed() {}
+}
diff --git a/core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraEnv.java b/core/src/integration-test/java/com/scalar/db/storage/cassandra/CassandraEnv.java
@@ -7,10 +7,14 @@ public final class CassandraEnv {
   private static final String PROP_CASSANDRA_CONTACT_POINTS = "scalardb.cassandra.contact_points";
   private static final String PROP_CASSANDRA_USERNAME = "scalardb.cassandra.username";
   private static final String PROP_CASSANDRA_PASSWORD = "scalardb.cassandra.password";
+  private static final String PROP_CASSANDRA_NORMAL_USERNAME = "scalardb.cassandra.normal_username";
+  private static final String PROP_CASSANDRA_NORMAL_PASSWORD = "scalardb.cassandra.normal_password";
 
   private static final String DEFAULT_CASSANDRA_CONTACT_POINTS = "localhost";
   private static final String DEFAULT_CASSANDRA_USERNAME = "cassandra";
   private static final String DEFAULT_CASSANDRA_PASSWORD = "cassandra";
+  private static final String DEFAULT_CASSANDRA_NORMAL_USERNAME = "test";
+  private static final String DEFAULT_CASSANDRA_NORMAL_PASSWORD = "test";
 
   private CassandraEnv() {}
 
@@ -29,4 +33,17 @@ public static Properties getProperties(@SuppressWarnings("unused") String testNa
     props.setProperty(DatabaseConfig.CROSS_PARTITION_SCAN_ORDERING, "false");
     return props;
   }
+
+  public static Properties getPropertiesForNormalUser(String testName) {
+    Properties properties = getProperties(testName);
+
+    String username =
+        System.getProperty(PROP_CASSANDRA_NORMAL_USERNAME, DEFAULT_CASSANDRA_NORMAL_USERNAME);
+    String password =
+        System.getProperty(PROP_CASSANDRA_NORMAL_PASSWORD, DEFAULT_CASSANDRA_NORMAL_PASSWORD);
+    properties.setProperty(DatabaseConfig.USERNAME, username);
+    properties.setProperty(DatabaseConfig.PASSWORD, password);
+
+    return properties;
+  }
 }
diff --git a/...gration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java b/...gration-test/java/com/scalar/db/storage/cassandra/CassandraPermissionIntegrationTest.java
@@ -0,0 +1,61 @@
+package com.scalar.db.storage.cassandra;
+
+import static com.scalar.db.storage.cassandra.CassandraPermissionTestUtils.MAX_RETRY_COUNT;
+import static com.scalar.db.storage.cassandra.CassandraPermissionTestUtils.SLEEP_BETWEEN_RETRIES_SECONDS;
+
+import com.google.common.util.concurrent.Uninterruptibles;
+import com.scalar.db.api.DistributedStoragePermissionIntegrationTestBase;
+import com.scalar.db.util.AdminTestUtils;
+import com.scalar.db.util.PermissionTestUtils;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+public class CassandraPermissionIntegrationTest
+    extends DistributedStoragePermissionIntegrationTestBase {
+  @Override
+  protected Properties getProperties(String testName) {
+    return CassandraEnv.getProperties(testName);
+  }
+
+  @Override
+  protected Properties getPropertiesForNormalUser(String testName) {
+    return CassandraEnv.getPropertiesForNormalUser(testName);
+  }
+
+  @Override
+  protected PermissionTestUtils getPermissionTestUtils(String testName) {
+    return new CassandraPermissionTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected AdminTestUtils getAdminTestUtils(String testName) {
+    return new CassandraAdminTestUtils(getProperties(testName));
+  }
+
+  @Override
+  protected Map<String, String> getCreationOptions() {
+    return Collections.singletonMap(CassandraAdmin.REPLICATION_FACTOR, "1");
+  }
+
+  @Override
+  protected void waitForTableCreation() {
+    try {
+      AdminTestUtils utils = getAdminTestUtils(TEST_NAME);
+      int retryCount = 0;
+      while (retryCount < MAX_RETRY_COUNT) {
+        if (utils.tableExists(NAMESPACE, TABLE)) {
+          utils.close();
+          return;
+        }
+        Uninterruptibles.sleepUninterruptibly(SLEEP_BETWEEN_RETRIES_SECONDS, TimeUnit.SECONDS);
+        retryCount++;
+      }
+      utils.close();
+      throw new RuntimeException("Table was not created after " + MAX_RETRY_COUNT + " retries");
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to wait for table creation", e);
+    }
+  }
+}