Backport to branch(3) : Add Cassandra permission test

[feeblefakie]

This is an automated backport of the following:

• Original PR: Add Cassandra permission test #2822
• Backported commit: 29e0a41

Please merge this PR after all checks have passed.

[gemini-code-assist]

Summary of Changes

Hello @feeblefakie, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request backports a significant enhancement to the testing suite by introducing a comprehensive framework for verifying permission handling in distributed storage systems, with a specific focus on Cassandra. It adds new integration tests that simulate operations by both administrative and normal users, ensuring that permission controls function as expected within the Cassandra backend.

Highlights

• New Permission Integration Test Framework: Introduced abstract base classes (DistributedStorageAdminPermissionIntegrationTestBase, DistributedStoragePermissionIntegrationTestBase) to standardize permission testing across different distributed storage implementations. These classes define common test scenarios for both administrative and data manipulation operations.
• Cassandra-Specific Permission Tests: Added concrete Cassandra implementations (CassandraAdminPermissionIntegrationTest, CassandraPermissionIntegrationTest) that extend the new base classes. These tests specifically verify permission handling for various administrative and data manipulation operations within the Cassandra backend, with some import-related functionalities explicitly disabled due to Cassandra's lack of support.
• Gradle Build Configuration: Modified the core/build.gradle file to create a dedicated Gradle source set and task (integrationTestCassandraPermission). This configuration ensures that the new Cassandra permission tests are run independently from other integration tests.
• Cassandra User Management Utilities: Implemented CassandraPermissionTestUtils to programmatically manage Cassandra user roles and permissions (create, drop, grant) using CQL commands for testing purposes. Additionally, CassandraEnv was updated to support configuring properties for a 'normal user' (non-admin) to facilitate these permission tests.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a backport that adds integration tests for Cassandra permissions. The changes are well-structured, introducing a new test suite and the necessary build configurations and test utilities. My feedback primarily focuses on improving the robustness and quality of the new test code. I've suggested using try-with-resources for proper resource management to prevent potential leaks, making test teardown logic more resilient to null pointer exceptions, and adjusting a test constant to enhance test case validity. These changes will contribute to more stable and reliable tests.

[gemini-code-assist]

The AdminTestUtils instance is not guaranteed to be closed if an exception is thrown within the try block. This can lead to resource leaks. To ensure utils.close() is always called, use a try-with-resources statement. This also simplifies the code by removing the manual utils.close() calls.

    try (AdminTestUtils utils = getAdminTestUtils(TEST_NAME)) {
      int retryCount = 0;
      while (retryCount < MAX_RETRY_COUNT) {
        if (utils.namespaceExists(NAMESPACE)) {
          return;
        }
        Uninterruptibles.sleepUninterruptibly(
            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
        retryCount++;
      }
      throw new RuntimeException("Namespace was not created after " + MAX_RETRY_COUNT + " retries");
    } catch (Exception e) {
      throw new RuntimeException("Failed to wait for namespace creation", e);
    }

[gemini-code-assist]

The AdminTestUtils instance is not guaranteed to be closed if an exception is thrown within the try block. This can lead to resource leaks. To ensure utils.close() is always called, use a try-with-resources statement.

    try (AdminTestUtils utils = getAdminTestUtils(TEST_NAME)) {
      int retryCount = 0;
      while (retryCount < MAX_RETRY_COUNT) {
        if (utils.tableExists(NAMESPACE, TABLE)) {
          return;
        }
        Uninterruptibles.sleepUninterruptibly(
            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
        retryCount++;
      }
      throw new RuntimeException("Table was not created after " + MAX_RETRY_COUNT + " retries");
    } catch (Exception e) {
      throw new RuntimeException("Failed to wait for table creation", e);
    }

[gemini-code-assist]

The AdminTestUtils instance is not guaranteed to be closed if an exception is thrown within the try block. This can lead to resource leaks. To ensure utils.close() is always called, use a try-with-resources statement.

    try (AdminTestUtils utils = getAdminTestUtils(TEST_NAME)) {
      int retryCount = 0;
      while (retryCount < MAX_RETRY_COUNT) {
        if (!utils.namespaceExists(NAMESPACE)) {
          return;
        }
        Uninterruptibles.sleepUninterruptibly(
            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
        retryCount++;
      }
      throw new RuntimeException("Namespace was not deleted after " + MAX_RETRY_COUNT + " retries");
    } catch (Exception e) {
      throw new RuntimeException("Failed to wait for namespace deletion", e);
    }

[gemini-code-assist]

The AdminTestUtils instance is not guaranteed to be closed if an exception is thrown within the try block. This can lead to resource leaks. To ensure utils.close() is always called, use a try-with-resources statement.

    try (AdminTestUtils utils = getAdminTestUtils(TEST_NAME)) {
      int retryCount = 0;
      while (retryCount < MAX_RETRY_COUNT) {
        if (!utils.tableExists(NAMESPACE, TABLE)) {
          return;
        }
        Uninterruptibles.sleepUninterruptibly(
            SLEEP_BETWEEN_RETRIES_SECONDS, java.util.concurrent.TimeUnit.SECONDS);
        retryCount++;
      }
      throw new RuntimeException("Table was not deleted after " + MAX_RETRY_COUNT + " retries");
    } catch (Exception e) {
      throw new RuntimeException("Failed to wait for table deletion", e);
    }

[gemini-code-assist]

The AdminTestUtils instance is not guaranteed to be closed if an exception is thrown within the try block. This can lead to resource leaks. To ensure utils.close() is always called, use a try-with-resources statement. This also simplifies the code by removing the manual utils.close() calls.

    try (AdminTestUtils utils = getAdminTestUtils(TEST_NAME)) {
      int retryCount = 0;
      while (retryCount < MAX_RETRY_COUNT) {
        if (utils.tableExists(NAMESPACE, TABLE)) {
          return;
        }
        Uninterruptibles.sleepUninterruptibly(SLEEP_BETWEEN_RETRIES_SECONDS, TimeUnit.SECONDS);
        retryCount++;
      }
      throw new RuntimeException("Table was not created after " + MAX_RETRY_COUNT + " retries");
    } catch (Exception e) {
      throw new RuntimeException("Failed to wait for table creation", e);
    }

[gemini-code-assist]

If adminForRootUser is null (for example, if @BeforeAll fails during its initialization), calling methods on it will cause a NullPointerException, preventing the rest of the cleanup in @AfterAll from running. It's safer to add a null check before using adminForRootUser.

    if (adminForRootUser != null) {
      try {
        adminForRootUser.dropTable(NAMESPACE, TABLE, true);

[gemini-code-assist]

The constant INT_COLUMN_VALUE2 has the same value as INT_COLUMN_VALUE1. This makes tests that are supposed to update a value (like put_WithPutIfExists_WithSufficientPermission_ShouldSucceed) less meaningful, as they are "updating" with the same value. Consider changing it to a different value to improve test coverage.

Suggested change

	private static final int INT_COLUMN_VALUE2 = 1;
	private static final int INT_COLUMN_VALUE2 = 2;

[gemini-code-assist]

If adminForRootUser is null (for example, if @BeforeAll fails during its initialization), calling methods on it will cause a NullPointerException. This would cause the @AfterAll cleanup to fail. It's safer to add a null check before using adminForRootUser.

    if (adminForRootUser != null) {

[brfrn169]

LGTM! Thank you!