Skip to content

Commit

Permalink
test
Browse files Browse the repository at this point in the history
  • Loading branch information
@lezzago
lezzago committed Mar 8, 2022
1 parent 21b97e6 commit a95d63a
Showing 1 changed file with 22 additions and 79 deletions.
101 changes: 22 additions & 79 deletions alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ import org.apache.http.HttpHeaders
import org.apache.http.entity.ContentType
import org.apache.http.message.BasicHeader
import org.apache.http.nio.entity.NStringEntity
import org.apache.logging.log4j.LogManager
import org.junit.After
import org.junit.Before
import org.junit.BeforeClass
import org.opensearch.alerting.ADMIN
import org.opensearch.alerting.ALERTING_BASE_URI
Expand Down Expand Up @@ -51,6 +54,8 @@ import org.opensearch.rest.RestStatus
import org.opensearch.search.builder.SearchSourceBuilder
import org.opensearch.test.junit.annotations.TestLogging

private val log = LogManager.getLogger(SecureMonitorRestApiIT::class.java)

@TestLogging("level:DEBUG", reason = "Debug for tests.")
@Suppress("UNCHECKED_CAST")
class SecureMonitorRestApiIT : AlertingRestTestCase() {
Expand All @@ -67,29 +72,28 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
val user = "userOne"
var userClient: RestClient? = null

// @Before
// fun create() {
//
// if (userClient == null) {
// createUser(user, user, arrayOf())
// userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
// }
// }
//
// @After
// fun cleanup() {
//
// userClient?.close()
// deleteUser(user)
// }
@Before
fun create() {

if (userClient == null) {
createUser(user, user, arrayOf())
userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
Thread.sleep(1000)
}
}

@After
fun cleanup() {

userClient?.close()
deleteUser(user)
Thread.sleep(1000)
}

// Create Monitor related security tests

fun `test create monitor with an user with alerting role`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

createUserWithTestData(user, TEST_HR_INDEX, TEST_HR_ROLE, TEST_HR_BACKEND_ROLE)
createUserRolesMapping(ALERTING_FULL_ACCESS_ROLE, arrayOf(user))
try {
Expand All @@ -108,8 +112,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

/*
Expand Down Expand Up @@ -223,8 +225,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {

fun `test create monitor with an user without index read role`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()
createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
Expand All @@ -248,8 +248,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test create monitor with disable filter by`() {
Expand All @@ -261,9 +259,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
}

fun `test get monitor with an user with get monitor role`() {
createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
Expand All @@ -285,8 +280,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

/*
Expand Down Expand Up @@ -429,9 +422,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {

disableFilterBy()

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

// creates monitor as "admin" user.
val monitor = createRandomMonitor(true)
val search = SearchSourceBuilder().query(QueryBuilders.termQuery("_id", monitor.id)).toString()
Expand Down Expand Up @@ -472,17 +462,12 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test query monitors with enable filter by`() {

enableFilterBy()

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

// creates monitor as "admin" user.
val monitor = createRandomMonitor(true)
val search = SearchSourceBuilder().query(QueryBuilders.termQuery("_id", monitor.id)).toString()
Expand Down Expand Up @@ -523,14 +508,9 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test execute monitor with an user with execute monitor access`() {
createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
Expand All @@ -551,8 +531,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

/*
Expand Down Expand Up @@ -585,9 +563,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
*/

fun `test delete monitor with an user with delete monitor access`() {
createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
Expand All @@ -610,14 +585,9 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test delete monitor with an user without delete monitor access`() {
createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
Expand All @@ -642,15 +612,10 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test query all alerts in all states with disabled filter by`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

disableFilterBy()
putAlertMappings()
val monitor = createRandomMonitor(refresh = true)
Expand Down Expand Up @@ -683,15 +648,10 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test query all alerts in all states with filter by`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

enableFilterBy()
putAlertMappings()
val adminUser = User(ADMIN, listOf(ADMIN), listOf(ALL_ACCESS_ROLE), listOf())
Expand Down Expand Up @@ -725,15 +685,10 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test get alerts with an user with get alerts role`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

putAlertMappings()
val ackAlertsUser = User(ADMIN, listOf(ADMIN), listOf(ALERTING_GET_ALERTS_ACCESS), listOf())
var monitor = createRandomMonitor(refresh = true).copy(user = ackAlertsUser)
Expand Down Expand Up @@ -764,17 +719,12 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

// Execute Monitor related security tests

fun `test execute monitor with elevate permissions`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

val action = randomAction(template = randomTemplateScript("Hello {{ctx.monitor.name}}"), destinationId = createDestination().id)
val inputs = listOf(
SearchInput(
Expand All @@ -801,15 +751,10 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleMapping(ALERTING_FULL_ACCESS_ROLE)
}
userClient.close()
deleteUser(user)
}

fun `test admin all access with enable filter by`() {

createUser(user, user, arrayOf())
val userClient = SecureRestClientBuilder(clusterHosts.toTypedArray(), isHttps(), user, user).setSocketTimeout(60000).build()

enableFilterBy()
createUserWithTestData(user, TEST_HR_INDEX, TEST_HR_ROLE, TEST_HR_BACKEND_ROLE)
createUserRolesMapping(ALERTING_FULL_ACCESS_ROLE, arrayOf(user))
Expand Down Expand Up @@ -863,8 +808,6 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
} finally {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
userClient.close()
deleteUser(user)
}

/*
Expand Down

0 comments on commit a95d63a

Please sign in to comment.