Skip to content

Commit

Permalink
Use strong password in integ test (#987) (#990)
Browse files Browse the repository at this point in the history
Signed-off-by: Sooraj Sinha <[email protected]>
(cherry picked from commit 93205a1)

Co-authored-by: Sooraj Sinha <[email protected]>
  • Loading branch information
opensearch-trigger-bot[bot] and soosinha authored Jun 7, 2023
1 parent 474eb67 commit a09aab9
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import org.junit.AfterClass
import org.junit.BeforeClass
import javax.swing.text.StyledEditorKit

const val INTEG_TEST_PASSWORD = "ccr-integ-test@123"

abstract class SecurityBase : MultiClusterRestTestCase() {
companion object {
var initialized : Boolean = false
Expand Down Expand Up @@ -284,17 +286,17 @@ abstract class SecurityBase : MultiClusterRestTestCase() {
}

private fun addUsers(){
addUserToCluster("testUser1","password", FOLLOWER)
addUserToCluster("testUser1","password", LEADER)
addUserToCluster("testUser2","password", FOLLOWER)
addUserToCluster("testUser2","password", LEADER)
addUserToCluster("testUser3","password", FOLLOWER)
addUserToCluster("testUser4","password", FOLLOWER)
addUserToCluster("testUser5","password", FOLLOWER)
addUserToCluster("testUser6","password", LEADER)
addUserToCluster("testUser6","password", FOLLOWER)
addUserToCluster("testUser7","password", LEADER)
addUserToCluster("testUser7","password", FOLLOWER)
addUserToCluster("testUser1", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser1", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser2", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser2", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser3", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser4", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser5", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser6", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser6", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser7", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser7", INTEG_TEST_PASSWORD, FOLLOWER)
}

private fun addUserToCluster(userName: String, password: String, clusterName: String) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"), waitForRestore = true)
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD), waitForRestore = true)
assertBusy {
Assertions.assertThat(followerClient.indices().exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT)).isEqualTo(true)
}
Expand All @@ -80,7 +80,7 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleNoPerms"))

Assertions.assertThatThrownBy { followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password")) }
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD)) }
.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -90,7 +90,7 @@ class SecurityCustomRolesIT: SecurityBase() {

Assertions.assertThatThrownBy {
followerClient.stopReplication("follower-index1",
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("No replication in progress for index:follower-index1")
}
Expand All @@ -100,7 +100,7 @@ class SecurityCustomRolesIT: SecurityBase() {

Assertions.assertThatThrownBy {
followerClient.stopReplication("follower-index1",
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -116,7 +116,7 @@ class SecurityCustomRolesIT: SecurityBase() {

var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
var requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")
var requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = requestOptions)

Expand Down Expand Up @@ -146,11 +146,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

Assertions.assertThatThrownBy {
followerClient.pauseReplication(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -168,11 +168,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}
}

Expand All @@ -189,11 +189,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

Assertions.assertThatThrownBy {
followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -216,7 +216,7 @@ class SecurityCustomRolesIT: SecurityBase() {

followerClient.startReplication(StartReplicationRequest("source", leaderIndexName, followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms")),
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
assertBusy {
Assertions.assertThat(followerClient.indices()
.exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT))
Expand All @@ -235,7 +235,7 @@ class SecurityCustomRolesIT: SecurityBase() {
.put("index.shard.check_on_startup", "checksum")
.build()
followerClient.updateReplication(followerIndexName, settings,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

// Wait for the settings to get updated at follower cluster.
assertBusy ({
Expand All @@ -261,7 +261,7 @@ class SecurityCustomRolesIT: SecurityBase() {
Assertions.assertThat(createIndexResponse.isAcknowledged).isTrue()
followerClient.startReplication(StartReplicationRequest("source", leaderIndexName, followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms")),
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"), waitForRestore = true)
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD), waitForRestore = true)
assertBusy {
Assertions.assertThat(followerClient.indices()
.exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT))
Expand All @@ -280,7 +280,7 @@ class SecurityCustomRolesIT: SecurityBase() {
.build()
Assertions.assertThatThrownBy {
followerClient.updateReplication(followerIndexName, settings,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -298,7 +298,7 @@ class SecurityCustomRolesIT: SecurityBase() {
try {
followerClient.updateAutoFollowPattern(connectionAlias, indexPatternName, indexPattern,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"),
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
// Verify that existing index matching the pattern are replicated.
assertBusy ({
Assertions.assertThat(followerClient.indices()
Expand Down Expand Up @@ -327,7 +327,7 @@ class SecurityCustomRolesIT: SecurityBase() {
Assertions.assertThatThrownBy {
followerClient.updateAutoFollowPattern(connectionAlias, indexPatternName, indexPattern,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleNoPerms"),
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand Down Expand Up @@ -359,7 +359,7 @@ class SecurityCustomRolesIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
insertDocToIndex(LEADER, "1", "dummy data 1",leaderIndexName)
//Querying ES cluster throws random exceptions like ClusterManagerNotDiscovered or ShardsFailed etc, so catching them and retrying
assertBusy ({
Expand All @@ -371,15 +371,15 @@ class SecurityCustomRolesIT: SecurityBase() {
}, 1, TimeUnit.MINUTES)
assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}

updateRole(followerIndexName,"followerRoleValidPerms", false)
insertDocToIndex(LEADER, "2", "dummy data 2",leaderIndexName)

assertBusy ({
validatePausedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 100, TimeUnit.SECONDS)
} finally {
updateRole(followerIndexName,"followerRoleValidPerms", true)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleNoPerms",followerClusterRole = "followerRoleValidPerms"))
Assertions.assertThatThrownBy { followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser6","password")) }
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser6",INTEG_TEST_PASSWORD)) }
.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
.hasMessageContaining("no permissions for [indices:admin/plugins/replication/index/setup/validate]")
Expand All @@ -64,7 +64,7 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
insertDocToIndex(LEADER, "1", "dummy data 1",leaderIndexName)
//Querying ES cluster throws random exceptions like ClusterManagerNotDiscovered or ShardsFailed etc, so catching them and retrying
assertBusy ({
Expand All @@ -76,13 +76,13 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
}, 1, TimeUnit.MINUTES)
assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}
updateRole(followerIndexName,"leaderRoleValidPerms", false)
insertDocToIndex(LEADER, "2", "dummy data 2",leaderIndexName)
assertBusy ({
validatePausedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 100, TimeUnit.SECONDS)
} finally {
updateRole(followerIndexName,"leaderRoleValidPerms", true)
Expand All @@ -101,10 +101,10 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
updateFileChunkPermissions("","leaderRoleValidPerms", false)
followerClient.startReplication(startReplicationRequest,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
assertBusy ({
validateFailedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 60, TimeUnit.SECONDS)
} catch (ex : Exception) {
logger.info("Exception is", ex)
Expand Down
Loading

0 comments on commit a09aab9

Please sign in to comment.