Skip to content

Commit

Permalink
Use strong password in security test (#933)
Browse files Browse the repository at this point in the history
* Use strong password in security test

Signed-off-by: bowenlan-amzn <[email protected]>

* Update PR tempate

Signed-off-by: bowenlan-amzn <[email protected]>

* Update more password

Signed-off-by: bowenlan-amzn <[email protected]>

---------

Signed-off-by: bowenlan-amzn <[email protected]>
(cherry picked from commit 43754be)
  • Loading branch information
bowenlan-amzn authored and github-actions[bot] committed Jun 2, 2023
1 parent 4277977 commit 84d031f
Show file tree
Hide file tree
Showing 6 changed files with 26 additions and 24 deletions.
2 changes: 1 addition & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
*Description of changes:*

*CheckList:*
[ ] Commits are signed per the DCO using --signoff
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/alerting/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ import javax.management.remote.JMXServiceURL
*/
abstract class AlertingRestTestCase : ODFERestTestCase() {

protected val password = "D%LMX3bo#@U3XqVQ"

protected val isDebuggingTest = DisableOnDebug(null).isDebugging
protected val isDebuggingRemoteCluster = System.getProperty("cluster.debug", "false")!!.toBoolean()
protected val numberOfNodes = System.getProperty("cluster.number_of_nodes", "1")!!.toInt()
Expand Down Expand Up @@ -1133,11 +1135,11 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
client().updateSettings(DestinationSettings.ALLOW_LIST.key, allowedDestinations)
}

fun createUser(name: String, passwd: String, backendRoles: Array<String>) {
fun createUser(name: String, backendRoles: Array<String>) {
val request = Request("PUT", "/_plugins/_security/api/internalusers/$name")
val broles = backendRoles.joinToString { it -> "\"$it\"" }
var entity = " {\n" +
"\"password\": \"$passwd\",\n" +
"\"password\": \"$password\",\n" +
"\"backend_roles\": [$broles],\n" +
"\"attributes\": {\n" +
"}} "
Expand Down Expand Up @@ -1277,7 +1279,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
}

fun createUserWithTestData(user: String, index: String, role: String, backendRole: String) {
createUser(user, user, arrayOf(backendRole))
createUser(user, arrayOf(backendRole))
createTestIndex(index)
createIndexRole(role, index)
createUserRolesMapping(role, arrayOf(user))
Expand All @@ -1290,7 +1292,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
backendRoles: List<String>,
clusterPermissions: String?
) {
createUser(user, user, backendRoles.toTypedArray())
createUser(user, backendRoles.toTypedArray())
createTestIndex(index)
createCustomIndexRole(role, index, clusterPermissions)
createUserRolesMapping(role, arrayOf(user))
Expand All @@ -1302,7 +1304,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
backendRoles: List<String>,
isExistingRole: Boolean
) {
createUser(user, user, backendRoles.toTypedArray())
createUser(user, backendRoles.toTypedArray())
for (role in roles) {
if (isExistingRole) {
updateRoleMapping(role, listOf(user), true)
Expand All @@ -1319,7 +1321,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
backendRole: String,
dlsQuery: String
) {
createUser(user, user, arrayOf(backendRole))
createUser(user, arrayOf(backendRole))
createTestIndex(index)
createIndexRoleWithDocLevelSecurity(role, index, dlsQuery)
createUserRolesMapping(role, arrayOf(user))
Expand All @@ -1333,7 +1335,7 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
dlsQuery: String,
clusterPermissions: String?
) {
createUser(user, user, arrayOf(backendRole))
createUser(user, arrayOf(backendRole))
createTestIndex(index)
createIndexRoleWithDocLevelSecurity(role, index, dlsQuery)
createCustomIndexRole(role, index, clusterPermissions)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ class SecureDestinationRestApiIT : AlertingRestTestCase() {
@Before
fun create() {
if (userClient == null) {
createUser(user, user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
createUser(user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
@Before
fun create() {
if (userClient == null) {
createUser(user, user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
createUser(user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ class SecureEmailGroupsRestApiIT : AlertingRestTestCase() {
@Before
fun create() {
if (userClient == null) {
createUser(user, user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
createUser(user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
@Before
fun create() {
if (userClient == null) {
createUser(user, user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
createUser(user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, password).setSocketTimeout(60000).build()
}
}

Expand Down Expand Up @@ -395,7 +395,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
listOf("role2"),
getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
.setSocketTimeout(60000).build()

val getMonitorResponse = getUserClient?.makeRequest(
Expand Down Expand Up @@ -588,7 +588,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
listOf("role2"),
getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
.setSocketTimeout(60000).build()

val getMonitorResponse = getUserClient?.makeRequest(
Expand Down Expand Up @@ -724,7 +724,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
listOf("role2"),
getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
.setSocketTimeout(60000).build()

val getMonitorResponse = getUserClient?.makeRequest(
Expand Down Expand Up @@ -777,7 +777,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
false
)

val updateUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), updateUser, updateUser)
val updateUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), updateUser, password)
.setSocketTimeout(60000).build()
val updatedMonitor = updateMonitorWithClient(updateUserClient, createdMonitor, listOf("role5"))

Expand Down Expand Up @@ -828,7 +828,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
listOf("role1", "role2"),
getClusterPermissionsFromCustomRole(ALERTING_GET_MONITOR_ACCESS)
)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, getUser)
val getUserClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), getUser, password)
.setSocketTimeout(60000).build()

val getMonitorResponse = getUserClient?.makeRequest(
Expand Down Expand Up @@ -1342,7 +1342,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
TODO: https://github.com/opensearch-project/alerting/issues/300
*/
fun `test execute query-level monitor with user having partial index permissions`() {
createUser(user, user, arrayOf(TEST_HR_BACKEND_ROLE))
createUser(user, arrayOf(TEST_HR_BACKEND_ROLE))
createTestIndex(TEST_HR_INDEX)
createIndexRoleWithDocLevelSecurity(
TEST_HR_ROLE,
Expand Down Expand Up @@ -1398,7 +1398,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
}

fun `test execute bucket-level monitor with user having partial index permissions`() {
createUser(user, user, arrayOf(TEST_HR_BACKEND_ROLE))
createUser(user, arrayOf(TEST_HR_BACKEND_ROLE))
createTestIndex(TEST_HR_INDEX)
createIndexRoleWithDocLevelSecurity(
TEST_HR_ROLE,
Expand Down Expand Up @@ -1474,7 +1474,7 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
*/
fun `test create monitor failure clean up with a user without delete monitor access`() {
enableFilterBy()
createUser(user, user, listOf(TEST_HR_BACKEND_ROLE, "role2").toTypedArray())
createUser(user, listOf(TEST_HR_BACKEND_ROLE, "role2").toTypedArray())
createTestIndex(TEST_HR_INDEX)
createCustomIndexRole(
ALERTING_INDEX_MONITOR_ACCESS,
Expand Down

0 comments on commit 84d031f

Please sign in to comment.