Use strong password in security test (#933) (#953)

* Use strong password in security test

Signed-off-by: bowenlan-amzn <[email protected]>

* Update PR tempate

Signed-off-by: bowenlan-amzn <[email protected]>

* Update more password

Signed-off-by: bowenlan-amzn <[email protected]>

---------

Signed-off-by: bowenlan-amzn <[email protected]>
(cherry picked from commit 43754be)

Co-authored-by: bowenlan-amzn <[email protected]>

.github/PULL_REQUEST_TEMPLATE.md

@@ -3,7 +3,7 @@
 *Description of changes:*
 
 *CheckList:*
-[ ] Commits are signed per the DCO using --signoff
+- [ ] Commits are signed per the DCO using --signoff
 
 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
 For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/alerting/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

alerting/src/test/kotlin/org/opensearch/alerting/AlertingRestTestCase.kt

@@ -80,6 +80,8 @@ import javax.management.remote.JMXServiceURL
  */
 abstract class AlertingRestTestCase : ODFERestTestCase() {
 
+    protected val password = "D%LMX3bo#@U3XqVQ"
+
     protected val isDebuggingTest = DisableOnDebug(null).isDebugging
     protected val isDebuggingRemoteCluster = System.getProperty("cluster.debug", "false")!!.toBoolean()
     protected val numberOfNodes = System.getProperty("cluster.number_of_nodes", "1")!!.toInt()
@@ -1133,11 +1135,11 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         client().updateSettings(DestinationSettings.ALLOW_LIST.key, allowedDestinations)
     }
 
-    fun createUser(name: String, passwd: String, backendRoles: Array<String>) {
+    fun createUser(name: String, backendRoles: Array<String>) {
         val request = Request("PUT", "/_plugins/_security/api/internalusers/$name")
         val broles = backendRoles.joinToString { it -> "\"$it\"" }
         var entity = " {\n" +
-            "\"password\": \"$passwd\",\n" +
+            "\"password\": \"$password\",\n" +
             "\"backend_roles\": [$broles],\n" +
             "\"attributes\": {\n" +
             "}} "
@@ -1277,7 +1279,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
     }
 
     fun createUserWithTestData(user: String, index: String, role: String, backendRole: String) {
-        createUser(user, user, arrayOf(backendRole))
+        createUser(user, arrayOf(backendRole))
         createTestIndex(index)
         createIndexRole(role, index)
         createUserRolesMapping(role, arrayOf(user))
@@ -1290,7 +1292,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         backendRoles: List<String>,
         clusterPermissions: String?
     ) {
-        createUser(user, user, backendRoles.toTypedArray())
+        createUser(user, backendRoles.toTypedArray())
         createTestIndex(index)
         createCustomIndexRole(role, index, clusterPermissions)
         createUserRolesMapping(role, arrayOf(user))
@@ -1302,7 +1304,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         backendRoles: List<String>,
         isExistingRole: Boolean
     ) {
-        createUser(user, user, backendRoles.toTypedArray())
+        createUser(user, backendRoles.toTypedArray())
         for (role in roles) {
             if (isExistingRole) {
                 updateRoleMapping(role, listOf(user), true)
@@ -1319,7 +1321,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         backendRole: String,
         dlsQuery: String
     ) {
-        createUser(user, user, arrayOf(backendRole))
+        createUser(user, arrayOf(backendRole))
         createTestIndex(index)
         createIndexRoleWithDocLevelSecurity(role, index, dlsQuery)
         createUserRolesMapping(role, arrayOf(user))
@@ -1333,7 +1335,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         dlsQuery: String,
         clusterPermissions: String?
     ) {
-        createUser(user, user, arrayOf(backendRole))
+        createUser(user, arrayOf(backendRole))
         createTestIndex(index)
         createIndexRoleWithDocLevelSecurity(role, index, dlsQuery)
         createCustomIndexRole(role, index, clusterPermissions)

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureDestinationRestApiIT.kt

@@ -48,8 +48,8 @@ class SecureDestinationRestApiIT : AlertingRestTestCase() {
     @Before
     fun create() {
         if (userClient == null) {
-            createUser(user, user, arrayOf())
-            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
+            createUser(user, arrayOf())
+            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
         }
     }
 

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureEmailAccountRestApiIT.kt

@@ -59,8 +59,8 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
     @Before
     fun create() {
         if (userClient == null) {
-            createUser(user, user, arrayOf())
-            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
+            createUser(user, arrayOf())
+            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
         }
     }
 

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureEmailGroupsRestApiIT.kt

@@ -59,8 +59,8 @@ class SecureEmailGroupsRestApiIT : AlertingRestTestCase() {
     @Before
     fun create() {
         if (userClient == null) {
-            createUser(user, user, arrayOf())
-            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
+            createUser(user, arrayOf())
+            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
         }
     }
 

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt

@@ -86,8 +86,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
     @Before
     fun create() {
         if (userClient == null) {
-            createUser(user, user, arrayOf())
-            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
+            createUser(user, arrayOf())
+            userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
         }
     }
 
@@ -395,7 +395,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             listOf("role2"),
             getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
         )
-        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
+        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
             .setSocketTimeout(60000).build()
 
         val getMonitorResponse = getUserClient?.makeRequest(
@@ -588,7 +588,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             listOf("role2"),
             getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
         )
-        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
+        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
             .setSocketTimeout(60000).build()
 
         val getMonitorResponse = getUserClient?.makeRequest(
@@ -724,7 +724,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             listOf("role2"),
             getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
         )
-        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
+        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
             .setSocketTimeout(60000).build()
 
         val getMonitorResponse = getUserClient?.makeRequest(
@@ -777,7 +777,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             false
         )
 
-        val updateUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), updateUser, updateUser)
+        val updateUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), updateUser, password)
             .setSocketTimeout(60000).build()
         val updatedMonitor = updateMonitorWithClient(updateUserClient, createdMonitor, listOf("role5"))
 
@@ -828,7 +828,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             listOf("role1", "role2"),
             getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
         )
-        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
+        val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
             .setSocketTimeout(60000).build()
 
         val getMonitorResponse = getUserClient?.makeRequest(
@@ -1342,7 +1342,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
     TODO: https://github.com/opensearch-project/alerting/issues/300
      */
     fun `test execute query-level monitor with user having partial index permissions`() {
-        createUser(user, user, arrayOf(TEST_HR_BACKEND_ROLE))
+        createUser(user, arrayOf(TEST_HR_BACKEND_ROLE))
         createTestIndex(TEST_HR_INDEX)
         createIndexRoleWithDocLevelSecurity(
             TEST_HR_ROLE,
@@ -1398,7 +1398,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
     }
 
     fun `test execute bucket-level monitor with user having partial index permissions`() {
-        createUser(user, user, arrayOf(TEST_HR_BACKEND_ROLE))
+        createUser(user, arrayOf(TEST_HR_BACKEND_ROLE))
         createTestIndex(TEST_HR_INDEX)
         createIndexRoleWithDocLevelSecurity(
             TEST_HR_ROLE,
@@ -1474,7 +1474,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
      */
     fun `test create monitor failure clean up with a user without delete monitor access`() {
         enableFilterBy()
-        createUser(user, user, listOf(TEST_HR_BACKEND_ROLE, "role2").toTypedArray())
+        createUser(user, listOf(TEST_HR_BACKEND_ROLE, "role2").toTypedArray())
         createTestIndex(TEST_HR_INDEX)
         createCustomIndexRole(
             ALERTING_INDEX_MONITOR_ACCESS,