New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend permission checks in MessageTasks and add a test coverage [HZ-2090] [5.3.z] #25539
Extend permission checks in MessageTasks and add a test coverage [HZ-2090] [5.3.z] #25539
Conversation
…2090] (hazelcast#25509) This change extends permission checks in client messages and adds a basic test coverage.
…sks [HZ-2090] (hazelcast#25529) Permission type fixes. Follow up for hazelcast#25509
The job Click to expand the log file---------ERRORS----------- -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] 'dependencies.dependency.groupId' for $com.google.protobuf:protobuf-java:jar with value '$com.google.protobuf' does not match a valid id pattern. @ line 17, column 16 -------------------------- [ERROR] 'dependencies.dependency.version' for $com.google.protobuf:protobuf-java:jar is missing. @ line 16, column 17 -------------------------- [ERROR] Failed to execute goal org.codehaus.mojo:license-maven-plugin:2.0.1:add-third-party (add-third-party) on project hazelcast-jet-files-s3: could not init goal AddThirdPartyMojo for reason : null: ConcurrentModificationException -> [Help 1] -------------------------- [ERROR] -------------------------- [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. -------------------------- [ERROR] Re-run Maven using the -X switch to enable full debug logging. -------------------------- [ERROR] -------------------------- [ERROR] For more information about the errors and possible solutions, please read the following articles: -------------------------- [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -------------------------- [ERROR] -------------------------- [ERROR] After correcting the problems, you can resume the build with the command -------------------------- [ERROR] mvn -rf :hazelcast-jet-files-s3 -------------------------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a 1:1 cherry pick from the master PR. Hence, it looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kwart This may break some existing customer code, right? Are we OK to merge in the patch since it is a security issue?
The change is not expected to break existing code. Only if there is a client permission misconfiguration on members (i.e. missing permission grants), then after applying the fix it might require a configuration fix on members. |
Adding Ondrej as a gatekeeper for the PR merge 😉 |
Merging after a discussion with Ondrej. |
@kwart Yes, but it will make working user code not work but require some changes in the config to make it work. That is why I raised this concern. It may be OK since it is security related. |
Backport of #25509
This PR extends permission checks in client messages and adds basic test coverage.