Extend permission checks in MessageTasks and add a test coverage [HZ-2090] [5.3.z] #25539
Conversation
…2090] (hazelcast#25509) This change extends permission checks in client messages and adds a basic test coverage.
…sks [HZ-2090] (hazelcast#25529) Permission type fixes. Follow up for hazelcast#25509
kwart
added
Type: Enhancement
Team: Client
Backport
Source: Internal
|
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] Failed to execute goal org.codehaus.mojo:license-maven-plugin:2.0.1:add-third-party (add-third-party) on project hazelcast-jet-files-s3: could not init goal AddThirdPartyMojo for reason : null: ConcurrentModificationException -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-jet-files-s3 -------------------------- |
There was a problem hiding this comment.
Looks like a 1:1 cherry pick from the master PR. Hence, it looks good to me.
There was a problem hiding this comment.
@kwart This may break some existing customer code, right? Are we OK to merge in the patch since it is a security issue?
The change is not expected to break existing code. Only if there is a client permission misconfiguration on members (i.e. missing permission grants), then after applying the fix it might require a configuration fix on members. |
|
Adding Ondrej as a gatekeeper for the PR merge 😉 |
|
Merging after a discussion with Ondrej. |
@kwart Yes, but it will make working user code not work but require some changes in the config to make it work. That is why I raised this concern. It may be OK since it is security related. |
Backport of #25509
This PR extends permission checks in client messages and adds basic test coverage.