From 0dfd0a50cdf848cf4a8a25383860f5a21632622c Mon Sep 17 00:00:00 2001 From: Ashish Agrawal Date: Tue, 8 Mar 2022 13:38:33 -0800 Subject: [PATCH] test fix --- .../resthandler/SecureMonitorRestApiIT.kt | 94 ++++++++++++++++--- 1 file changed, 79 insertions(+), 15 deletions(-) diff --git a/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt b/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt index 8391ded26..b83bf3c2a 100644 --- a/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt +++ b/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt @@ -69,26 +69,29 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { val user = "userOne" var userClient: RestClient? = null - @Before - fun create() { - - if (userClient == null) { - createUser(user, user, arrayOf()) - userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() - } - } - - @After - fun cleanup() { - - userClient?.close() - deleteUser(user) - } +// @Before +// fun create() { +// +// if (userClient == null) { +// createUser(user, user, arrayOf()) +// userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() +// } +// } +// +// @After +// fun cleanup() { +// +// userClient?.close() +// deleteUser(user) +// } // Create Monitor related security tests fun `test create monitor with an user with alerting role`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + createUserWithTestData(user, TEST_HR_INDEX, TEST_HR_ROLE, TEST_HR_BACKEND_ROLE) createUserRolesMapping(ALERTING_FULL_ACCESS_ROLE, arrayOf(user)) try { @@ -107,6 +110,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } /* @@ -220,6 +225,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { fun `test create monitor with an user without index read role`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() createUserWithTestDataAndCustomRole( user, TEST_HR_INDEX, @@ -243,6 +250,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } fun `test create monitor with disable filter by`() { @@ -254,6 +263,9 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } fun `test get monitor with an user with get monitor role`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + createUserWithTestDataAndCustomRole( user, TEST_HR_INDEX, @@ -275,6 +287,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } /* @@ -417,6 +431,9 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { disableFilterBy() + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + // creates monitor as "admin" user. val monitor = createRandomMonitor(true) val search = SearchSourceBuilder().query(QueryBuilders.termQuery("_id", monitor.id)).toString() @@ -457,12 +474,17 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE) } + userClient.close() + deleteUser(user) } fun `test query monitors with enable filter by`() { enableFilterBy() + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + // creates monitor as "admin" user. val monitor = createRandomMonitor(true) val search = SearchSourceBuilder().query(QueryBuilders.termQuery("_id", monitor.id)).toString() @@ -503,9 +525,14 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE) } + userClient.close() + deleteUser(user) } fun `test execute monitor with an user with execute monitor access`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + createUserWithTestDataAndCustomRole( user, TEST_HR_INDEX, @@ -526,6 +553,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } /* @@ -558,6 +587,9 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { */ fun `test delete monitor with an user with delete monitor access`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + createUserWithTestDataAndCustomRole( user, TEST_HR_INDEX, @@ -580,9 +612,14 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } fun `test delete monitor with an user without delete monitor access`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + createUserWithTestDataAndCustomRole( user, TEST_HR_INDEX, @@ -607,10 +644,15 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } fun `test query all alerts in all states with disabled filter by`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + disableFilterBy() putAlertMappings() val monitor = createRandomMonitor(refresh = true) @@ -643,10 +685,15 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE) } + userClient.close() + deleteUser(user) } fun `test query all alerts in all states with filter by`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + enableFilterBy() putAlertMappings() val adminUser = User(ADMIN, listOf(ADMIN), listOf(ALL_ACCESS_ROLE), listOf()) @@ -680,10 +727,15 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE) } + userClient.close() + deleteUser(user) } fun `test get alerts with an user with get alerts role`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + putAlertMappings() val ackAlertsUser = User(ADMIN, listOf(ADMIN), listOf(ALERTING_GET_ALERTS_ACCESS), listOf()) var monitor = createRandomMonitor(refresh = true).copy(user = ackAlertsUser) @@ -714,12 +766,17 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } // Execute Monitor related security tests fun `test execute monitor with elevate permissions`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + val action = randomAction(template = randomTemplateScript("Hello {{ctx.monitor.name}}"), destinationId = createDestination().id) val inputs = listOf( SearchInput( @@ -746,10 +803,15 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE) } + userClient.close() + deleteUser(user) } fun `test admin all access with enable filter by`() { + createUser(user, user, arrayOf()) + val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build() + enableFilterBy() createUserWithTestData(user, TEST_HR_INDEX, TEST_HR_ROLE, TEST_HR_BACKEND_ROLE) createUserRolesMapping(ALERTING_FULL_ACCESS_ROLE, arrayOf(user)) @@ -803,6 +865,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() { } finally { deleteRoleAndRoleMapping(TEST_HR_ROLE) } + userClient.close() + deleteUser(user) } /*