QPID-6090: [Java Broker] Prevent removal of existing group nodes from the permitted nodes attribute on VHN

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1624012 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 69 insertions, 3 deletions

diff --git a/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHAVirtualHostNodeImpl.java b/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHAVirtualHostNodeImpl.java
index b9f0764f67..2eadd63268 100644
--- a/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHAVirtualHostNodeImpl.java
+++ b/java/bdbstore/src/main/java/org/apache/qpid/server/virtualhostnode/berkeleydb/BDBHAVirtualHostNodeImpl.java
@@ -761,13 +761,38 @@ public class BDBHAVirtualHostNodeImpl extends AbstractVirtualHostNode<BDBHAVirtu
         }
     }
 
-    private void validatePermittedNodes(List<String> permittedNodes)
+    private void validatePermittedNodes(List<String> proposedPermittedNodes)
     {
-        if (permittedNodes == null || permittedNodes.isEmpty())
+        if (proposedPermittedNodes == null || proposedPermittedNodes.isEmpty())
         {
             throw new IllegalArgumentException(String.format("Attribute '%s' is mandatory and must be set", PERMITTED_NODES));
         }
-        for (String permittedNode: permittedNodes)
+
+        String missingNodeAddress = null;
+        if (!proposedPermittedNodes.contains(getAddress()))
+        {
+            missingNodeAddress = getAddress();
+        }
+        else
+        {
+            for (final RemoteReplicationNode<?> node : getRemoteReplicationNodes())
+            {
+                final BDBHARemoteReplicationNode<?> bdbHaRemoteReplicationNode = (BDBHARemoteReplicationNode<?>) node;
+                final String remoteNodeAddress = bdbHaRemoteReplicationNode.getAddress();
+                if (!proposedPermittedNodes.contains(remoteNodeAddress))
+                {
+                    missingNodeAddress = remoteNodeAddress;
+                    break;
+                }
+            }
+        }
+
+        if (missingNodeAddress != null)
+        {
+            throw new IllegalArgumentException(String.format("The current group node '%s' cannot be removed from '%s' as its already a group member", missingNodeAddress, PERMITTED_NODES));
+        }
+
+        for (String permittedNode: proposedPermittedNodes)
         {
             String[] tokens = permittedNode.split(":");
             if (tokens.length != 2)
diff --git a/java/bdbstore/src/test/java/org/apache/qpid/server/store/berkeleydb/BDBHAVirtualHostNodeTest.java b/java/bdbstore/src/test/java/org/apache/qpid/server/store/berkeleydb/BDBHAVirtualHostNodeTest.java
index acebaf55a0..be3c7fe6cb 100644
--- a/java/bdbstore/src/test/java/org/apache/qpid/server/store/berkeleydb/BDBHAVirtualHostNodeTest.java
+++ b/java/bdbstore/src/test/java/org/apache/qpid/server/store/berkeleydb/BDBHAVirtualHostNodeTest.java
@@ -372,6 +372,47 @@ public class BDBHAVirtualHostNodeTest extends QpidTestCase
         }
     }
 
+    public void testCurrentNodeCannotBeRemovedFromPermittedNodeList() throws Exception
+    {
+        int node1PortNumber = findFreePort();
+        int node2PortNumber = getNextAvailable(node1PortNumber+1);
+        int node3PortNumber = getNextAvailable(node2PortNumber+1);
+
+        String node1Address = "localhost:" + node1PortNumber;
+        String node2Address = "localhost:" + node2PortNumber;
+        String node3Address = "localhost:" + node3PortNumber;
+
+        String groupName = "group";
+        String node1Name = "node1";
+
+        Map<String, Object> node1Attributes = _helper.createNodeAttributes(node1Name, groupName, node1Address, node1Address, node1Name, node1PortNumber, node2PortNumber, node3PortNumber);
+        BDBHAVirtualHostNode<?> node1 = _helper.createAndStartHaVHN(node1Attributes);
+
+        Map<String, Object> node2Attributes = _helper.createNodeAttributes("node2", groupName, node2Address, node1Address, node1Name);
+        BDBHAVirtualHostNode<?> node2 = _helper.createAndStartHaVHN(node2Attributes);
+
+        Map<String, Object> node3Attributes = _helper.createNodeAttributes("node3", groupName, node3Address, node1Address, node1Name);
+        BDBHAVirtualHostNode<?> node3 = _helper.createAndStartHaVHN(node3Attributes);
+
+        _helper.awaitRemoteNodes(node1, 2);
+
+        // Create new "proposed" permitted nodes list with a current node missing
+        List<String> amendedPermittedNodes = new ArrayList<String>();
+        amendedPermittedNodes.add(node1Address);
+        amendedPermittedNodes.add(node2Address);
+
+        // Try to update the permitted nodes attributes using the new list
+        try
+        {
+            node1.setAttributes(Collections.<String, Object>singletonMap(BDBHAVirtualHostNode.PERMITTED_NODES, amendedPermittedNodes));
+            fail("Operation to remove current group node from permitted nodes should have failed");
+        }
+        catch(IllegalArgumentException e)
+        {
+            assertEquals("Unexpected exception message", String.format("The current group node '%s' cannot be removed from '%s' as its already a group member", node3Address, BDBHAVirtualHostNode.PERMITTED_NODES), e.getMessage());
+        }
+    }
+
     public void testIntruderProtectionInManagementMode() throws Exception
     {
         int node1PortNumber = findFreePort();