GEODE-3974: Improve permissions for geode-lucene functions

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneCreateIndexFunction.java

@@ -18,6 +18,9 @@
 import static org.apache.geode.cache.lucene.internal.LuceneServiceImpl.validateCommandParameters.INDEX_NAME;
 import static org.apache.geode.cache.lucene.internal.LuceneServiceImpl.validateCommandParameters.REGION_PATH;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.lucene.analysis.Analyzer;
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
@@ -33,11 +36,15 @@
 import org.apache.geode.cache.lucene.internal.cli.LuceneCliStrings;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexDetails;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexInfo;
+import org.apache.geode.cache.lucene.internal.security.LucenePermission;
 import org.apache.geode.internal.InternalEntity;
 import org.apache.geode.management.internal.cli.CliUtil;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 
 /**
@@ -110,6 +117,12 @@ public void execute(final FunctionContext context) {
  }
  }
 
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ return Collections.singleton(
+ new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, LucenePermission.TARGET));
+ }
+
  private LuceneSerializer toSerializer(String serializerName)
  throws InstantiationException, IllegalAccessException, ClassNotFoundException {
  String trimmedName = StringUtils.trim(serializerName);
@@ -136,5 +149,4 @@ private Analyzer toAnalyzer(String className) {
  CliUtil.forName(className, LuceneCliStrings.LUCENE_CREATE_INDEX__ANALYZER);
  return CliUtil.newInstance(clazz, LuceneCliStrings.LUCENE_CREATE_INDEX__ANALYZER);
  }
-
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneDescribeIndexFunction.java

@@ -15,6 +15,9 @@
 
 package org.apache.geode.cache.lucene.internal.cli.functions;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.execute.Function;
 import org.apache.geode.cache.execute.FunctionContext;
@@ -25,7 +28,11 @@
 import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexDetails;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexInfo;
+import org.apache.geode.cache.lucene.internal.security.LucenePermission;
 import org.apache.geode.internal.InternalEntity;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 /**
  * The LuceneDescribeIndexFunction class is a function used to collect the information on a
@@ -66,4 +73,10 @@ public void execute(final FunctionContext context) {
  }
  context.getResultSender().lastResult(result);
  }
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ return Collections.singleton(
+ new ResourcePermission(Resource.CLUSTER, Operation.READ, LucenePermission.TARGET));
+ }
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneDestroyIndexFunction.java

@@ -14,6 +14,9 @@
  */
 package org.apache.geode.cache.lucene.internal.cli.functions;
 
+import java.util.Collection;
+import java.util.Collections;
+
 import org.apache.commons.lang.StringUtils;
 
 import org.apache.geode.cache.execute.Function;
@@ -22,16 +25,19 @@
 import org.apache.geode.cache.lucene.LuceneServiceProvider;
 import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
 import org.apache.geode.cache.lucene.internal.cli.LuceneDestroyIndexInfo;
+import org.apache.geode.cache.lucene.internal.security.LucenePermission;
 import org.apache.geode.cache.lucene.internal.xml.LuceneXmlConstants;
 import org.apache.geode.internal.InternalEntity;
 import org.apache.geode.internal.cache.xmlcache.CacheXml;
 import org.apache.geode.management.internal.cli.functions.CliFunctionResult;
 import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 public class LuceneDestroyIndexFunction implements Function, InternalEntity {
-
  public void execute(final FunctionContext context) {
- CliFunctionResult result = null;
+ CliFunctionResult result;
  String memberId = context.getCache().getDistributedSystem().getDistributedMember().getId();
  try {
  LuceneDestroyIndexInfo indexInfo = (LuceneDestroyIndexInfo) context.getArguments();
@@ -66,4 +72,10 @@ protected XmlEntity getXmlEntity(String indexName, String regionPath) {
  return new XmlEntity(CacheXml.REGION, "name", regionName, LuceneXmlConstants.PREFIX,
  LuceneXmlConstants.NAMESPACE, LuceneXmlConstants.INDEX, "name", indexName);
  }
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ return Collections.singleton(
+ new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, LucenePermission.TARGET));
+ }
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneListIndexFunction.java

@@ -15,6 +15,8 @@
 
 package org.apache.geode.cache.lucene.internal.cli.functions;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -27,7 +29,11 @@
 import org.apache.geode.cache.lucene.internal.LuceneIndexImpl;
 import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
 import org.apache.geode.cache.lucene.internal.cli.LuceneIndexDetails;
+import org.apache.geode.cache.lucene.internal.security.LucenePermission;
 import org.apache.geode.internal.InternalEntity;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 /**
  * The LuceneListIndexFunction class is a function used to collect the information on all lucene
@@ -64,4 +70,10 @@ public void execute(final FunctionContext context) {
  }
  context.getResultSender().lastResult(indexDetailsSet);
  }
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ return Collections.singleton(
+ new ResourcePermission(Resource.CLUSTER, Operation.READ, LucenePermission.TARGET));
+ }
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/functions/LuceneSearchIndexFunction.java

@@ -15,14 +15,14 @@
 
 package org.apache.geode.cache.lucene.internal.cli.functions;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
 import org.apache.geode.cache.Cache;
-import org.apache.geode.cache.CacheFactory;
 import org.apache.geode.cache.execute.Function;
-import org.apache.geode.cache.execute.FunctionAdapter;
 import org.apache.geode.cache.execute.FunctionContext;
 import org.apache.geode.cache.lucene.LuceneQuery;
 import org.apache.geode.cache.lucene.LuceneQueryException;
@@ -35,6 +35,9 @@
 import org.apache.geode.cache.lucene.internal.cli.LuceneQueryInfo;
 import org.apache.geode.cache.lucene.internal.cli.LuceneSearchResults;
 import org.apache.geode.internal.InternalEntity;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 /**
  * The LuceneSearchIndexFunction class is a function used to collect the information on a particular
@@ -95,4 +98,9 @@ public void execute(final FunctionContext context) {
  context.getResultSender().lastResult(result);
  }
  }
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ return Collections.singleton(new ResourcePermission(Resource.DATA, Operation.READ, regionName));
+ }
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/directory/DumpDirectoryFiles.java

@@ -17,6 +17,8 @@
 
 import java.io.File;
 import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.index.IndexWriter;
@@ -35,6 +37,9 @@
 import org.apache.geode.internal.InternalEntity;
 import org.apache.geode.internal.cache.BucketNotFoundException;
 import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
 
 public class DumpDirectoryFiles implements Function, InternalEntity {
  private static final long serialVersionUID = 1L;
@@ -96,4 +101,12 @@ public String getId() {
  public boolean optimizeForWrite() {
  return true;
  }
+
+ @Override
+ public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
+ Set<ResourcePermission> required = new HashSet<>();
+ required.add(new ResourcePermission(Resource.DATA, Operation.READ, regionName));
+ required.add(new ResourcePermission(Resource.CLUSTER, Operation.MANAGE));
+ return required;
+ }
 }

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java

@@ -19,7 +19,6 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Optional;
 
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.Query;

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java

@@ -17,7 +17,6 @@
 
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.geode.cache.Cache;

geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java

@@ -18,7 +18,6 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
-import java.util.Optional;
 import java.util.Set;
 
 import org.apache.logging.log4j.Logger;