Merge branch '523-geode-cluster-operator'

lib/java_buildpack/container/tomcat/tomcat_geode_store.rb

@@ -38,9 +38,9 @@ def compile
       def release
         return unless supports?
         credentials = @application.services.find_service(FILTER, KEY_LOCATORS, KEY_USERS)['credentials']
-        user = credentials[KEY_USERS].find { |u| u['username'] == 'cluster_operator' }
+        user = credentials[KEY_USERS].find { |u| cluster_operator?(u) }
 
-        @droplet.java_opts.add_system_property 'gemfire.security-username', 'cluster_operator'
+        @droplet.java_opts.add_system_property 'gemfire.security-username', user['username']
         @droplet.java_opts.add_system_property 'gemfire.security-password', user['password']
         @droplet.java_opts.add_system_property 'gemfire.security-client-auth-init',
                                                'io.pivotal.cloudcache.ClientAuthInitialize.create'
@@ -78,6 +78,10 @@ def supports?
                        :CACHE_CLIENT_LISTENER_CLASS_NAME, :SCHEMA_URL, :SCHEMA_INSTANCE_URL, :SCHEMA_LOCATION,
                        :LOCATOR_REGEXP, :FUNCTION_SERVICE_CLASS_NAMES
 
+      def cluster_operator?(user)
+        user['username'] == 'cluster_operator' || user['roles'] && (user['roles'].include? 'cluster_operator')
+      end
+
       def add_client_cache(document)
         client_cache = document.add_element 'client-cache',
                                             'xmlns' => SCHEMA_URL,

spec/java_buildpack/container/tomcat/tomcat_geode_store_spec.rb

@@ -41,8 +41,11 @@
           'locators' => ['some-locator[some-port]', 'some-other-locator[some-other-port]'],
           'users' =>
               [
-                { 'password' => 'fake-password',
-                  'username' => 'cluster_operator' }
+                {
+                  'password' => 'some-password',
+                  'username' => 'some-username',
+                  'roles' => ['cluster_operator']
+                }
               ]
         }
       )
@@ -102,9 +105,40 @@
       expect(java_opts).to include(
         '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create'
       )
-      expect(java_opts).to include('-Dgemfire.security-username=cluster_operator')
-      expect(java_opts).to include('-Dgemfire.security-password=fake-password')
+      expect(java_opts).to include('-Dgemfire.security-username=some-username')
+      expect(java_opts).to include('-Dgemfire.security-password=some-password')
     end
+  end
 
+  context 'when there is session replication service and service credentials do not include roles' do
+    before do
+      allow(services).to receive(:one_service?).with(/session-replication/, 'locators', 'users')
+                                               .and_return(true)
+      allow(services).to receive(:find_service).and_return(
+        'credentials' => {
+          'locators' => ['some-locator[some-port]', 'some-other-locator[some-other-port]'],
+          'users' =>
+              [
+                {
+                  'password' => 'some-password',
+                  'username' => 'cluster_operator'
+                }
+              ]
+        }
+      )
+    end
+
+    it 'assumes usernames represent roles and passes security properties to the release',
+       app_fixture:   'container_tomcat_geode_store',
+       cache_fixture: 'stub-geode-store.tar' do
+
+      component.release
+
+      expect(java_opts).to include(
+        '-Dgemfire.security-client-auth-init=io.pivotal.cloudcache.ClientAuthInitialize.create'
+      )
+      expect(java_opts).to include('-Dgemfire.security-username=cluster_operator')
+      expect(java_opts).to include('-Dgemfire.security-password=some-password')
+    end
   end
 end