GEODE-3974: Improve permissions for geode-connectors functions (#1265)

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterConnectionFunction.java

@@ -14,6 +14,8 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Map;
 
 import org.apache.geode.annotations.Experimental;
@@ -23,6 +25,8 @@
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class AlterConnectionFunction
@@ -86,4 +90,9 @@ private CliFunctionResult createSuccessResult(String connectionName, String memb
     String message = "Altered JDBC connection " + connectionName + " on " + member;
     return new CliFunctionResult(member, xmlEntity, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/AlterMappingFunction.java

@@ -14,6 +14,8 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Map;
 
 import org.apache.geode.annotations.Experimental;
@@ -23,6 +25,8 @@
 import org.apache.geode.connectors.jdbc.internal.RegionMappingNotFoundException;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class AlterMappingFunction extends JdbcCliFunction<RegionMapping, CliFunctionResult> {
@@ -84,4 +88,9 @@ private CliFunctionResult createSuccessResult(String connectionName, String memb
     String message = "Altered JDBC connection " + connectionName + " on " + member;
     return new CliFunctionResult(member, xmlEntity, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateConnectionFunction.java

@@ -14,13 +14,18 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.ConnectionConfigExistsException;
 import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class CreateConnectionFunction
@@ -53,4 +58,9 @@ private CliFunctionResult createSuccessResult(String connectionName, String memb
     String message = "Created JDBC connection " + connectionName + " on " + member;
     return new CliFunctionResult(member, xmlEntity, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/CreateMappingFunction.java

@@ -14,13 +14,18 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.connectors.jdbc.internal.RegionMapping;
 import org.apache.geode.connectors.jdbc.internal.RegionMappingExistsException;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class CreateMappingFunction extends JdbcCliFunction<RegionMapping, CliFunctionResult> {
@@ -57,4 +62,9 @@ private CliFunctionResult createSuccessResult(String regionName, String member,
     String message = "Created JDBC mapping for region " + regionName + " on " + member;
     return new CliFunctionResult(member, xmlEntity, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeConnectionFunction.java

@@ -14,10 +14,15 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class DescribeConnectionFunction extends JdbcCliFunction<String, ConnectionConfiguration> {
@@ -31,4 +36,9 @@ ConnectionConfiguration getFunctionResult(JdbcConnectorService service,
       FunctionContext<String> context) {
     return service.getConnectionConfig(context.getArguments());
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DescribeMappingFunction.java

@@ -14,10 +14,15 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.connectors.jdbc.internal.RegionMapping;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class DescribeMappingFunction extends JdbcCliFunction<String, RegionMapping> {
@@ -30,4 +35,9 @@ public class DescribeMappingFunction extends JdbcCliFunction<String, RegionMappi
   RegionMapping getFunctionResult(JdbcConnectorService service, FunctionContext<String> context) {
     return service.getMappingForRegion(context.getArguments());
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyConnectionFunction.java

@@ -14,12 +14,17 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class DestroyConnectionFunction extends JdbcCliFunction<String, CliFunctionResult> {
@@ -76,4 +81,9 @@ private CliFunctionResult createNotFoundResult(String member, String connectionN
     String message = "Connection named \"" + connectionName + "\" not found";
     return new CliFunctionResult(member, false, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/DestroyMappingFunction.java

@@ -14,12 +14,17 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.connectors.jdbc.internal.RegionMapping;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class DestroyMappingFunction extends JdbcCliFunction<String, CliFunctionResult> {
@@ -76,4 +81,9 @@ private CliFunctionResult createNotFoundResult(String member, String regionName)
     String message = "Region mapping for region \"" + regionName + "\" not found";
     return new CliFunctionResult(member, false, message);
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_MANAGE);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/JdbcCliFunction.java

@@ -14,12 +14,17 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.Function;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.internal.InternalEntity;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public abstract class JdbcCliFunction<T1, T2> implements Function<T1>, InternalEntity {
@@ -54,6 +59,11 @@ public void execute(FunctionContext<T1> context) {
     }
   }
 
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+  }
+
   String getMember(FunctionContext<T1> context) {
     return argumentProvider.getMember(context);
   }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListConnectionFunction.java

@@ -14,12 +14,16 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.ConnectionConfiguration;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class ListConnectionFunction extends JdbcCliFunction<Void, ConnectionConfiguration[]> {
@@ -42,4 +46,9 @@ ConnectionConfiguration[] getConnectionConfigAsArray(JdbcConnectorService servic
   private Set<ConnectionConfiguration> getConnectionConfigs(JdbcConnectorService service) {
     return service.getConnectionConfigs();
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+  }
 }

geode-connectors/src/main/java/org/apache/geode/connectors/jdbc/internal/cli/ListMappingFunction.java

@@ -14,12 +14,16 @@
  */
 package org.apache.geode.connectors.jdbc.internal.cli;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 
 import org.apache.geode.annotations.Experimental;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.connectors.jdbc.internal.JdbcConnectorService;
 import org.apache.geode.connectors.jdbc.internal.RegionMapping;
+import org.apache.geode.management.internal.security.ResourcePermissions;
+import org.apache.geode.security.ResourcePermission;
 
 @Experimental
 public class ListMappingFunction extends JdbcCliFunction<Void, RegionMapping[]> {
@@ -41,4 +45,9 @@ RegionMapping[] getRegionMappingsAsArray(JdbcConnectorService service) {
   private Set<RegionMapping> getRegionMappings(JdbcConnectorService service) {
     return service.getRegionMappings();
   }
+
+  @Override
+  public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+    return Collections.singletonList(ResourcePermissions.CLUSTER_READ);
+  }
 }