refactor(security): Move security out of runtime (apache#1821)

This is a pure refactor patch without any function changes.
The patch is aim to reduce the size and dependencies of security library,
mainly move the "security" out of "runtime", including:

- Add a test named "dsn_security_tests"
- Remove duplicate comments from **/CMakeLists.txt

.github/workflows/lint_and_test_cpp.yaml

@@ -143,6 +143,7 @@ jobs:
           - dsn.replication.simple_kv
           - dsn.rep_tests.simple_kv
           - dsn_runtime_tests
+          - dsn_security_tests
           - dsn_utils_tests
           - dsn.zookeeper.tests
           # TODO(yingchun): Disable it because we find it's too flaky, we will re-enable it after
@@ -223,6 +224,7 @@ jobs:
           - dsn.replication.simple_kv
           - dsn.rep_tests.simple_kv
           - dsn_runtime_tests
+          - dsn_security_tests
           - dsn_utils_tests
           - dsn.zookeeper.tests
           # TODO(yingchun): Disable it because we find it's too flaky, we will re-enable it after
@@ -308,6 +310,7 @@ jobs:
 #          - dsn.replication.simple_kv
 #          - dsn.rep_tests.simple_kv
 #          - dsn_runtime_tests
+#          - dsn_security_tests
 #          - dsn_utils_tests
 #          - dsn.zookeeper.tests
 #          - partition_split_test

src/CMakeLists.txt

@@ -51,6 +51,7 @@ add_subdirectory(remote_cmd)
 add_subdirectory(replica)
 add_subdirectory(runtime)
 add_subdirectory(sample)
+add_subdirectory(security)
 add_subdirectory(server)
 add_subdirectory(server/test)
 add_subdirectory(shell)

src/meta/meta_backup_service.cpp

@@ -41,7 +41,7 @@
 #include "runtime/rpc/rpc_holder.h"
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/async_calls.h"
 #include "runtime/task/task_code.h"
 #include "server_state.h"

src/meta/meta_service.h

@@ -51,7 +51,7 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/serverlet.h"
 #include "runtime/task/task.h"
 #include "runtime/task/task_code.h"

src/meta/server_state.cpp

@@ -63,7 +63,7 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/async_calls.h"
 #include "runtime/task/task.h"
 #include "runtime/task/task_spec.h"

src/replica/replica.cpp

@@ -51,7 +51,7 @@
 #include "replica_disk_migrator.h"
 #include "replica_stub.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "split/replica_split_manager.h"
 #include "utils/filesystem.h"
 #include "utils/fmt_logging.h"

src/replica/replica_2pc.cpp

@@ -61,7 +61,7 @@
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/rpc_stream.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/async_calls.h"
 #include "runtime/task/task.h"
 #include "runtime/task/task_code.h"

src/replica/replica_config.cpp

@@ -61,7 +61,7 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/async_calls.h"
 #include "runtime/task/task.h"
 #include "split/replica_split_manager.h"

src/replica/replica_stub.cpp

@@ -65,7 +65,7 @@
 #include "ranger/access_type.h"
 #include "runtime/rpc/rpc_message.h"
 #include "runtime/rpc/serialization.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/async_calls.h"
 #include "split/replica_split_manager.h"
 #include "utils/command_manager.h"

src/replica/replica_stub.h

@@ -56,7 +56,7 @@
 #include "ranger/access_type.h"
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_holder.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/serverlet.h"
 #include "runtime/task/task.h"
 #include "runtime/task/task_code.h"

src/runtime/CMakeLists.txt

@@ -25,11 +25,9 @@
 add_subdirectory(test)
 add_subdirectory(rpc)
 add_subdirectory(task)
-add_subdirectory(security)
 
 # TODO(zlw) remove perf_counter from dsn_runtime after the refactor by WuTao
 add_library(dsn_runtime STATIC
-        $<TARGET_OBJECTS:dsn.security>
         $<TARGET_OBJECTS:dsn.rpc>
         $<TARGET_OBJECTS:dsn.task>
         $<TARGET_OBJECTS:dsn.perf_counter>
@@ -50,6 +48,6 @@ add_library(dsn_runtime STATIC
         tool_api.cpp
         tracer.cpp
         zlocks.cpp)
-target_link_libraries(dsn_runtime PRIVATE dsn_utils sasl2 gssapi_krb5 krb5)
+target_link_libraries(dsn_runtime PRIVATE dsn_security dsn_utils sasl2 gssapi_krb5 krb5)
 define_file_basename_for_sources(dsn_runtime)
 install(TARGETS dsn_runtime DESTINATION "lib")

src/runtime/service_api_c.cpp

@@ -52,8 +52,8 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_engine.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/init.h"
-#include "runtime/security/negotiation_manager.h"
+#include "security/init.h"
+#include "security/negotiation_manager.h"
 #include "runtime/service_app.h"
 #include "runtime/service_engine.h"
 #include "runtime/task/task.h"
@@ -82,7 +82,6 @@ DSN_DEFINE_bool(core,
                 pause_on_start,
                 false,
                 "whether to pause at startup time for easier debugging");
-
 #ifdef DSN_ENABLE_GPERF
 DSN_DEFINE_double(core,
                   tcmalloc_release_rate,

src/runtime/security/CMakeLists.txt → src/security/CMakeLists.txt

@@ -15,28 +15,17 @@
 # specific language governing permissions and limitations
 # under the License.
 
-set(MY_PROJ_NAME dsn.security)
-
+set(MY_PROJ_NAME dsn_security)
 thrift_generate_cpp(
     SECURITY_THRIFT_SRCS
     SECURITY_THRIFT_HDRS
-        ${PROJECT_ROOT}/idl/security.thrift
-)
-
+        ${PROJECT_ROOT}/idl/security.thrift)
 set(MY_PROJ_SRC ${SECURITY_THRIFT_SRCS})
-
-# Search mode for source files under CURRENT project directory?
-# "GLOB_RECURSE" for recursive search
-# "GLOB" for non-recursive search
 set(MY_SRC_SEARCH_MODE "GLOB")
-
-set(MY_PROJ_INC_PATH "")
-
-set(MY_PROJ_LIBS "")
-
-set(MY_PROJ_LIB_PATH "")
-
-# Extra files that will be installed
-set(MY_BINPLACES "")
-
+set(MY_PROJ_LIBS
+        dsn_meta_server
+        dsn_replication_common
+        dsn_runtime
+        dsn_utils)
 dsn_add_object()
+add_subdirectory(test)

src/runtime/security/client_negotiation.cpp → src/security/client_negotiation.cpp

@@ -28,8 +28,8 @@
 #include "negotiation_utils.h"
 #include "runtime/rpc/network.h"
 #include "runtime/rpc/rpc_address.h"
-#include "runtime/security/negotiation.h"
-#include "runtime/security/sasl_wrapper.h"
+#include "security/negotiation.h"
+#include "security/sasl_wrapper.h"
 #include "utils/autoref_ptr.h"
 #include "utils/error_code.h"
 #include "utils/errors.h"

src/runtime/security/negotiation.cpp → src/security/negotiation.cpp

@@ -21,7 +21,7 @@
 
 #include "client_negotiation.h"
 #include "negotiation_utils.h"
-#include "runtime/security/sasl_wrapper.h"
+#include "security/sasl_wrapper.h"
 #include "server_negotiation.h"
 #include "utils/flags.h"
 #include "utils/fmt_logging.h"

src/runtime/security/negotiation_manager.cpp → src/security/negotiation_manager.cpp

@@ -71,7 +71,7 @@ void negotiation_manager::on_negotiation_request(negotiation_rpc rpc)
           "only server session receives negotiation request");
 
     // reply SASL_AUTH_DISABLE if auth is not enable
-    if (!security::FLAGS_enable_auth) {
+    if (!FLAGS_enable_auth) {
         rpc.response().status = negotiation_status::type::SASL_AUTH_DISABLE;
         return;
     }

src/runtime/security/negotiation_manager.h → src/security/negotiation_manager.h

@@ -20,7 +20,7 @@
 #include <memory>
 #include <unordered_map>
 
-#include "runtime/security/negotiation.h"
+#include "security/negotiation.h"
 #include "runtime/serverlet.h"
 #include "utils/singleton.h"
 

src/runtime/security/server_negotiation.cpp → src/security/server_negotiation.cpp

@@ -24,8 +24,8 @@
 #include "fmt/format.h"
 #include "runtime/rpc/network.h"
 #include "runtime/rpc/rpc_address.h"
-#include "runtime/security/negotiation.h"
-#include "runtime/security/sasl_wrapper.h"
+#include "security/negotiation.h"
+#include "security/sasl_wrapper.h"
 #include "security_types.h"
 #include "utils/autoref_ptr.h"
 #include "utils/blob.h"

src/security/test/CMakeLists.txt

@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set(MY_PROJ_NAME dsn_security_tests)
+set(MY_PROJ_SRC "")
+set(MY_SRC_SEARCH_MODE "GLOB")
+set(MY_PROJ_LIBS
+        dsn_security
+        dsn_meta_server
+        dsn_replication_common
+        dsn_runtime
+        dsn_utils
+        gtest)
+set(MY_BINPLACES
+        config.ini
+        run.sh)
+dsn_add_test()

src/runtime/test/client_negotiation_test.cpp → src/security/test/client_negotiation_test.cpp

@@ -24,8 +24,8 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_holder.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/client_negotiation.h"
-#include "runtime/security/negotiation.h"
+#include "security/client_negotiation.h"
+#include "security/negotiation.h"
 #include "security_types.h"
 #include "utils/blob.h"
 #include "utils/error_code.h"

src/security/test/config.ini

@@ -0,0 +1,24 @@
+; Licensed to the Apache Software Foundation (ASF) under one
+; or more contributor license agreements.  See the NOTICE file
+; distributed with this work for additional information
+; regarding copyright ownership.  The ASF licenses this file
+; to you under the Apache License, Version 2.0 (the
+; "License"); you may not use this file except in compliance
+; with the License.  You may obtain a copy of the License at
+;
+;   http://www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing,
+; software distributed under the License is distributed on an
+; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+; KIND, either express or implied.  See the License for the
+; specific language governing permissions and limitations
+; under the License.
+
+[apps.client]
+type = test
+arguments = localhost 20101
+pools = THREAD_POOL_DEFAULT
+
+[core]
+tool = nativerun

src/security/test/main.cpp

@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include <chrono>
+#include <gtest/gtest.h>
+#include <thread>
+
+#include "runtime/app_model.h"
+#include "runtime/service_app.h"
+#include "runtime/test_utils.h"
+
+int g_test_count = 0;
+int g_test_ret = 0;
+
+GTEST_API_ int main(int argc, char **argv)
+{
+    testing::InitGoogleTest(&argc, argv);
+
+    dsn::service_app::register_factory<test_client>("test");
+    dsn_run(argc, argv, false);
+    while (g_test_count == 0) {
+        std::this_thread::sleep_for(std::chrono::seconds(1));
+    }
+
+#ifndef ENABLE_GCOV
+    dsn_exit(g_test_ret);
+#endif
+    return g_test_ret;
+}

src/runtime/test/meta_access_controller_test.cpp → src/security/test/meta_access_controller_test.cpp

@@ -25,7 +25,7 @@
 #include "runtime/rpc/network.sim.h"
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/access_controller.h"
+#include "security/access_controller.h"
 #include "runtime/task/task_code.h"
 #include "utils/autoref_ptr.h"
 #include "utils/flags.h"

src/runtime/test/negotiation_manager_test.cpp → src/security/test/negotiation_manager_test.cpp

@@ -15,7 +15,7 @@
 // specific language governing permissions and limitations
 // under the License.
 
-#include "runtime/security/negotiation_manager.h"
+#include "security/negotiation_manager.h"
 
 #include "failure_detector/fd.code.definition.h"
 #include "gtest/gtest.h"
@@ -26,7 +26,7 @@
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_holder.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/negotiation_utils.h"
+#include "security/negotiation_utils.h"
 #include "runtime/task/task_code.h"
 #include "security_types.h"
 #include "utils/autoref_ptr.h"

src/runtime/test/replica_access_controller_test.cpp → src/security/test/replica_access_controller_test.cpp

@@ -27,7 +27,7 @@
 #include "runtime/rpc/network.sim.h"
 #include "runtime/rpc/rpc_address.h"
 #include "runtime/rpc/rpc_message.h"
-#include "runtime/security/replica_access_controller.h"
+#include "security/replica_access_controller.h"
 #include "utils/autoref_ptr.h"
 #include "utils/flags.h"