[Test] Replace all mock authentication with concrete objects (#86424)

Changes in this PR enables marking the Authentication class to final in a future PR as part of the overall plan for closing down Authentication.
elastic · May 6, 2022 · 051f971 · 051f971
1 parent 339a3c0
commit 051f971
Show file tree

Hide file tree

Showing 25 changed files with 138 additions and 147 deletions.
diff --git a/...h/xpack/core/security/authz/accesscontrol/SecurityIndexReaderWrapperIntegrationTests.java b/...h/xpack/core/security/authz/accesscontrol/SecurityIndexReaderWrapperIntegrationTests.java
@@ -46,10 +46,10 @@
 import org.elasticsearch.test.IndexSettingsModule;
 import org.elasticsearch.xpack.core.security.SecurityContext;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authc.support.AuthenticationContextSerializer;
 import org.elasticsearch.xpack.core.security.authz.permission.DocumentPermissions;
 import org.elasticsearch.xpack.core.security.authz.permission.FieldPermissions;
-import org.elasticsearch.xpack.core.security.user.User;
 
 import java.util.HashSet;
 import java.util.List;
@@ -78,9 +78,7 @@ public void testDLS() throws Exception {
         final ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
         final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
 
-        final Authentication authentication = mock(Authentication.class);
-        when(authentication.getUser()).thenReturn(mock(User.class));
-        when(authentication.encode()).thenReturn(randomAlphaOfLength(24)); // don't care as long as it's not null
+        final Authentication authentication = AuthenticationTestHelper.builder().build();
         new AuthenticationContextSerializer().writeToContext(authentication, threadContext);
 
         IndexSettings indexSettings = IndexSettingsModule.newIndexSettings(shardId.getIndex(), Settings.EMPTY);
@@ -215,9 +213,7 @@ public void testDLSWithLimitedPermissions() throws Exception {
 
         final ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
         final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
-        final Authentication authentication = mock(Authentication.class);
-        when(authentication.getUser()).thenReturn(mock(User.class));
-        when(authentication.encode()).thenReturn(randomAlphaOfLength(24)); // don't care as long as it's not null
+        final Authentication authentication = AuthenticationTestHelper.builder().build();
         new AuthenticationContextSerializer().writeToContext(authentication, threadContext);
 
         final boolean noFilteredIndexPermissions = randomBoolean();

diff --git a/...t/java/org/elasticsearch/xpack/core/security/authz/permission/ClusterPermissionTests.java b/...t/java/org/elasticsearch/xpack/core/security/authz/permission/ClusterPermissionTests.java
@@ -12,6 +12,7 @@
 import org.elasticsearch.transport.TransportRequest;
 import org.elasticsearch.xcontent.XContentBuilder;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilege;
 import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilegeResolver;
 import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
@@ -42,7 +43,7 @@ public ClusterPermission.Builder buildPermission(ClusterPermission.Builder build
     @Before
     public void setup() {
         mockTransportRequest = mock(TransportRequest.class);
-        mockAuthentication = mock(Authentication.class);
+        mockAuthentication = AuthenticationTestHelper.builder().build();
     }
 
     public void testClusterPermissionBuilder() {

diff --git a/...rc/test/java/org/elasticsearch/xpack/core/security/authz/permission/LimitedRoleTests.java b/...rc/test/java/org/elasticsearch/xpack/core/security/authz/permission/LimitedRoleTests.java
@@ -23,6 +23,7 @@
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.TransportRequest;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.RestrictedIndices;
 import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessControl;
 import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilege;
@@ -183,7 +184,7 @@ public void testCheckClusterAction() {
         Role fromRole = Role.builder(EMPTY_RESTRICTED_INDICES, "a-role")
             .cluster(Collections.singleton("manage_security"), Collections.emptyList())
             .build();
-        Authentication authentication = mock(Authentication.class);
+        Authentication authentication = AuthenticationTestHelper.builder().build();
         assertThat(fromRole.checkClusterAction("cluster:admin/xpack/security/x", mock(TransportRequest.class), authentication), is(true));
         {
             Role limitedByRole = Role.builder(EMPTY_RESTRICTED_INDICES, "limited-role")

diff --git a/...g/elasticsearch/xpack/core/security/authz/privilege/ManageApplicationPrivilegesTests.java b/...g/elasticsearch/xpack/core/security/authz/privilege/ManageApplicationPrivilegesTests.java
@@ -25,6 +25,7 @@
 import org.elasticsearch.xpack.core.security.action.privilege.GetPrivilegesRequest;
 import org.elasticsearch.xpack.core.security.action.privilege.PutPrivilegesRequest;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.permission.ClusterPermission;
 import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivileges.ManageApplicationPrivileges;
 
@@ -40,7 +41,6 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
-import static org.mockito.Mockito.mock;
 
 public class ManageApplicationPrivilegesTests extends ESTestCase {
 
@@ -99,7 +99,7 @@ public void testActionAndRequestPredicate() {
         assertThat(kibanaAndLogstashPermission, notNullValue());
         assertThat(cloudAndSwiftypePermission, notNullValue());
 
-        final Authentication authentication = mock(Authentication.class);
+        final Authentication authentication = AuthenticationTestHelper.builder().build();
         final GetPrivilegesRequest getKibana1 = new GetPrivilegesRequest();
         getKibana1.application("kibana-1");
         assertTrue(kibanaAndLogstashPermission.check("cluster:admin/xpack/security/privilege/get", getKibana1, authentication));
@@ -128,7 +128,7 @@ public void testActionAndRequestPredicate() {
     }
 
     public void testSecurityForGetAllApplicationPrivileges() {
-        final Authentication authentication = mock(Authentication.class);
+        final Authentication authentication = AuthenticationTestHelper.builder().build();
         final GetPrivilegesRequest getAll = new GetPrivilegesRequest();
         getAll.application(null);
         getAll.privileges(new String[0]);

diff --git a/...asticsearch/xpack/core/security/authz/privilege/ManageOwnApiKeyClusterPrivilegeTests.java b/...asticsearch/xpack/core/security/authz/privilege/ManageOwnApiKeyClusterPrivilegeTests.java
@@ -16,6 +16,7 @@
 import org.elasticsearch.xpack.core.security.action.apikey.QueryApiKeyAction;
 import org.elasticsearch.xpack.core.security.action.apikey.QueryApiKeyRequest;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authc.AuthenticationTests;
 import org.elasticsearch.xpack.core.security.authc.RealmConfig;
 import org.elasticsearch.xpack.core.security.authc.RealmDomain;
@@ -196,7 +197,7 @@ public void testCheckQueryApiKeyRequest() {
             queryApiKeyRequest.setFilterForCurrentUser();
         }
         assertThat(
-            clusterPermission.check(QueryApiKeyAction.NAME, queryApiKeyRequest, mock(Authentication.class)),
+            clusterPermission.check(QueryApiKeyAction.NAME, queryApiKeyRequest, AuthenticationTestHelper.builder().build()),
             is(queryApiKeyRequest.isFilterForCurrentUser())
         );
     }

diff --git a/...e/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java b/...e/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java
@@ -22,7 +22,7 @@
 import org.elasticsearch.xpack.core.enrich.action.ExecuteEnrichPolicyAction;
 import org.elasticsearch.xpack.core.enrich.action.GetEnrichPolicyAction;
 import org.elasticsearch.xpack.core.enrich.action.PutEnrichPolicyAction;
-import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.permission.ClusterPermission;
 import org.elasticsearch.xpack.core.security.support.Automatons;
 import org.junit.Rule;
@@ -50,14 +50,14 @@ public void testSubActionPattern() throws Exception {
     private void verifyClusterActionAllowed(ClusterPrivilege clusterPrivilege, String... actions) {
         ClusterPermission clusterPermission = clusterPrivilege.buildPermission(ClusterPermission.builder()).build();
         for (String action : actions) {
-            assertTrue(clusterPermission.check(action, mock(TransportRequest.class), mock(Authentication.class)));
+            assertTrue(clusterPermission.check(action, mock(TransportRequest.class), AuthenticationTestHelper.builder().build()));
         }
     }
 
     private void verifyClusterActionDenied(ClusterPrivilege clusterPrivilege, String... actions) {
         ClusterPermission clusterPermission = clusterPrivilege.buildPermission(ClusterPermission.builder()).build();
         for (String action : actions) {
-            assertFalse(clusterPermission.check(action, mock(TransportRequest.class), mock(Authentication.class)));
+            assertFalse(clusterPermission.check(action, mock(TransportRequest.class), AuthenticationTestHelper.builder().build()));
         }
     }
 

diff --git a/...rg/elasticsearch/xpack/core/security/authz/privilege/WriteProfileDataPrivilegesTests.java b/...rg/elasticsearch/xpack/core/security/authz/privilege/WriteProfileDataPrivilegesTests.java
@@ -33,6 +33,7 @@
 import org.elasticsearch.xpack.core.security.action.profile.UpdateProfileDataAction;
 import org.elasticsearch.xpack.core.security.action.profile.UpdateProfileDataRequest;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.permission.ClusterPermission;
 
 import java.io.ByteArrayInputStream;
@@ -103,7 +104,7 @@ public void testActionAndRequestPredicate() {
             .build();
         assertThat(writeProfileDataPermission, notNullValue());
 
-        final Authentication authentication = mock(Authentication.class);
+        final Authentication authentication = AuthenticationTestHelper.builder().build();
         // request application name matches privilege wildcard
         UpdateProfileDataRequest updateProfileDataRequest = randomBoolean()
             ? newUpdateProfileDataRequest(Set.of(prefix + randomAlphaOfLengthBetween(0, 2)), Set.of())
@@ -180,7 +181,7 @@ public void testParseAbnormals() throws Exception {
                 ? newUpdateProfileDataRequest(Set.of(randomAlphaOfLengthBetween(0, 2)), Set.of())
                 : newUpdateProfileDataRequest(Set.of(), Set.of(randomAlphaOfLengthBetween(0, 2)));
             ClusterPermission perm = priv.buildPermission(ClusterPermission.builder()).build();
-            assertFalse(perm.check(UpdateProfileDataAction.NAME, updateProfileDataRequest, mock(Authentication.class)));
+            assertFalse(perm.check(UpdateProfileDataAction.NAME, updateProfileDataRequest, AuthenticationTestHelper.builder().build()));
         }
         final String aNullApplication = "{\"write\":{\"applications\":[null]}}";
         try (
@@ -217,12 +218,18 @@ public void testParseAbnormals() throws Exception {
                 ? newUpdateProfileDataRequest(Set.of(randomAlphaOfLengthBetween(1, 2)), Set.of())
                 : newUpdateProfileDataRequest(Set.of(), Set.of(randomAlphaOfLengthBetween(1, 2)));
             ClusterPermission perm = priv.buildPermission(ClusterPermission.builder()).build();
-            assertFalse(perm.check(UpdateProfileDataAction.NAME, updateProfileDataRequest, mock(Authentication.class)));
+            assertFalse(perm.check(UpdateProfileDataAction.NAME, updateProfileDataRequest, AuthenticationTestHelper.builder().build()));
             updateProfileDataRequest = randomBoolean()
                 ? newUpdateProfileDataRequest(Set.of(""), Set.of())
                 : newUpdateProfileDataRequest(Set.of(), Set.of(""));
             perm = priv.buildPermission(ClusterPermission.builder()).build();
-            assertTrue(perm.check("cluster:admin/xpack/security/profile/put/data", updateProfileDataRequest, mock(Authentication.class)));
+            assertTrue(
+                perm.check(
+                    "cluster:admin/xpack/security/profile/put/data",
+                    updateProfileDataRequest,
+                    AuthenticationTestHelper.builder().build()
+                )
+            );
         }
     }