From ea803dcdb05fa2917733ca0c54b79c767f40aa8c Mon Sep 17 00:00:00 2001 From: bowenlan-amzn Date: Thu, 25 May 2023 10:26:30 -0700 Subject: [PATCH] Use strong password in security test Signed-off-by: bowenlan-amzn --- .../SecurityAnalyticsRestTestCase.java | 14 ++++++++------ .../alerts/SecureAlertsRestApiIT.java | 18 +++++++++--------- .../findings/SecureFindingRestApiIT.java | 18 +++++++++--------- .../resthandler/SecureDetectorRestApiIT.java | 16 ++++++++-------- 4 files changed, 34 insertions(+), 32 deletions(-) diff --git a/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java b/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java index bfae03c62..094abfd37 100644 --- a/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java +++ b/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java @@ -91,6 +91,8 @@ public class SecurityAnalyticsRestTestCase extends OpenSearchRestTestCase { + protected String password = "V%&ymu35#wbQaUo7"; + protected void createRuleTopicIndex(String detectorType, String additionalMapping) throws IOException { String mappings = "" + @@ -1227,12 +1229,12 @@ protected void createCustomRole(String name, String clusterPermissions) throws I client().performRequest(request); } - public void createUser(String name, String passwd, String[] backendRoles) throws IOException { + public void createUser(String name, String[] backendRoles) throws IOException { Request request = new Request("PUT", String.format(Locale.getDefault(), "/_plugins/_security/api/internalusers/%s", name)); String broles = String.join(",", backendRoles); //String roles = String.join(",", customRoles); String entity = " {\n" + - "\"password\": \"" + passwd + "\",\n" + + "\"password\": \"" + password + "\",\n" + "\"backend_roles\": [\"" + broles + "\"],\n" + "\"attributes\": {\n" + "}} "; @@ -1261,27 +1263,27 @@ protected void enableOrDisableFilterBy(String trueOrFalse) throws IOException { protected void createUserWithDataAndCustomRole(String userName, String userPasswd, String roleName, String[] backendRoles, String clusterPermissions ) throws IOException { String[] users = {userName}; - createUser(userName, userPasswd, backendRoles); + createUser(userName, backendRoles); createCustomRole(roleName, clusterPermissions); createUserRolesMapping(roleName, users); } protected void createUserWithDataAndCustomRole(String userName, String userPasswd, String roleName, String[] backendRoles, List clusterPermissions, List indexPermissions, List indexPatterns) throws IOException { String[] users = {userName}; - createUser(userName, userPasswd, backendRoles); + createUser(userName, backendRoles); createIndexRole(roleName, clusterPermissions, indexPermissions, indexPatterns); createUserRolesMapping(roleName, users); } protected void createUserWithData(String userName, String userPasswd, String roleName, String[] backendRoles ) throws IOException { String[] users = {userName}; - createUser(userName, userPasswd, backendRoles); + createUser(userName, backendRoles); createUserRolesMapping(roleName, users); } public void createUserWithTestData(String user, String index, String role, String [] backendRoles, List indexPermissions) throws IOException{ String[] users = {user}; - createUser(user, user, backendRoles); + createUser(user, backendRoles); createTestIndex(client(), index, windowsIndexMapping(), Settings.EMPTY); createIndexRole(role, Collections.emptyList(), indexPermissions, List.of(index)); createUserRolesMapping(role, users); diff --git a/src/test/java/org/opensearch/securityanalytics/alerts/SecureAlertsRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/alerts/SecureAlertsRestApiIT.java index ff6cba8bb..dac0b62ad 100644 --- a/src/test/java/org/opensearch/securityanalytics/alerts/SecureAlertsRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/alerts/SecureAlertsRestApiIT.java @@ -49,7 +49,7 @@ public void create() throws IOException { String[] backendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles ); if (userClient == null) { - userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build(); + userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build(); } } @@ -161,7 +161,7 @@ public void testGetAlerts_byDetectorId_success() throws IOException { String userRead = "userReadAlert"; String[] backendRoles = { TEST_IT_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles ); - RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); // Call GetAlerts API Map params = new HashMap<>(); @@ -186,15 +186,15 @@ public void testGetAlerts_byDetectorId_success() throws IOException { // recreate user with matching backend roles and try again String[] newBackendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles ); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null); getAlertsBody = asMap(getAlertsResponse); Assert.assertEquals(1, getAlertsBody.get("total_alerts")); userReadOnlyClient.close(); // update user with no backend roles and try again - createUser(userRead, userRead, EMPTY_ARRAY); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + createUser(userRead, EMPTY_ARRAY); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); try { getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null); } catch (ResponseException e) @@ -280,7 +280,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt String userRead = "userReadAlert"; String[] backendRoles = { TEST_IT_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles ); - RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); // Call GetAlerts API Map params = new HashMap<>(); @@ -305,15 +305,15 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt // recreate user with matching backend roles and try again String[] newBackendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles ); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null); getAlertsBody = asMap(getAlertsResponse); Assert.assertEquals(1, getAlertsBody.get("total_alerts")); userReadOnlyClient.close(); // update user with no backend roles and try again - createUser(userRead, userRead, EMPTY_ARRAY); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + createUser(userRead, EMPTY_ARRAY); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); try { getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null); } catch (ResponseException e) diff --git a/src/test/java/org/opensearch/securityanalytics/findings/SecureFindingRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/findings/SecureFindingRestApiIT.java index 17add4956..8bb395dec 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/SecureFindingRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/SecureFindingRestApiIT.java @@ -54,7 +54,7 @@ public void create() throws IOException { String[] backendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles ); if (userClient == null) { - userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build(); + userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build(); } } @@ -120,7 +120,7 @@ public void testGetFindings_byDetectorId_success() throws IOException { String userRead = "userReadFinding"; String[] backendRoles = { TEST_IT_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles ); - RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); // Call GetFindings API Map params = new HashMap<>(); params.put("detector_id", createdId); @@ -144,15 +144,15 @@ public void testGetFindings_byDetectorId_success() throws IOException { // recreate user with matching backend roles and try again String[] newBackendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles ); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null); getFindingsBody = entityAsMap(getFindingsResponse); Assert.assertEquals(1, getFindingsBody.get("total_findings")); userReadOnlyClient.close(); // update user with no backend roles and try again - createUser(userRead, userRead, EMPTY_ARRAY); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + createUser(userRead, EMPTY_ARRAY); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); try { getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null); } catch (ResponseException e) @@ -275,7 +275,7 @@ public void testGetFindings_byDetectorType_success() throws IOException { String userRead = "userReadFinding"; String[] backendRoles = { TEST_IT_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles ); - RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); // Call GetFindings API for first detector @@ -307,7 +307,7 @@ public void testGetFindings_byDetectorType_success() throws IOException { // recreate user with matching backend roles and try again String[] newBackendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles ); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null); getFindingsBody = entityAsMap(getFindingsResponse); Assert.assertEquals(1, getFindingsBody.get("total_findings")); @@ -315,8 +315,8 @@ public void testGetFindings_byDetectorType_success() throws IOException { // update user with no backend roles and try again - createUser(userRead, userRead, EMPTY_ARRAY); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + createUser(userRead, EMPTY_ARRAY); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); try { getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null); } catch (ResponseException e) diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/SecureDetectorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/SecureDetectorRestApiIT.java index e9ce3b9d9..1fba8adc0 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/SecureDetectorRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/SecureDetectorRestApiIT.java @@ -55,7 +55,7 @@ public void create() throws IOException { String[] backendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles ); if (userClient == null) { - userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build(); + userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build(); } } @@ -128,7 +128,7 @@ public void testCreateDetectorWithFullAccess() throws IOException { String userRead = "userRead"; String[] backendRoles = { TEST_IT_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles ); - RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); Response getResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + createdId, Collections.emptyMap(), null); Map getResponseBody = asMap(getResponse); Assert.assertEquals(createdId, getResponseBody.get("_id")); @@ -150,7 +150,7 @@ public void testCreateDetectorWithFullAccess() throws IOException { // recreate user with matching backend roles and try again String[] newBackendRoles = { TEST_HR_BACKEND_ROLE }; createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles ); - userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build(); + userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build(); getResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + createdId, Collections.emptyMap(), null); getResponseBody = asMap(getResponse); Assert.assertEquals(createdId, getResponseBody.get("_id")); @@ -177,7 +177,7 @@ public void testCreateDetectorWithNoBackendRoles() throws IOException { String userFull= "userFull"; String[] backendRoles = {}; createUserWithData( userFull, userFull, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles ); - RestClient userFullClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userFull, userFull).setSocketTimeout(60000).build(); + RestClient userFullClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userFull, password).setSocketTimeout(60000).build(); String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY); @@ -218,7 +218,7 @@ public void testCreateDetector_userHasIndexAccess_success() throws IOException { RestClient clientWithAccess = null; try { - clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, userWithAccess).setSocketTimeout(60000).build(); + clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, password).setSocketTimeout(60000).build(); String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY); Request createMappingRequest = new Request("POST", SecurityAnalyticsPlugin.MAPPER_BASE_URI); @@ -264,7 +264,7 @@ public void testCreateDetector_userDoesntHaveIndexAccess_failure() throws IOExce RestClient clientWithoutAccess = null; try { - clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, userWithoutAccess).setSocketTimeout(60000).build(); + clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, password).setSocketTimeout(60000).build(); String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY); @@ -303,7 +303,7 @@ public void testUpdateDetector_userHasIndexAccess_success() throws IOException { createUserWithDataAndCustomRole(userWithAccess, userWithAccess, roleNameWithIndexPatternAccess, backendRoles, clusterPermissions, indexPermissions, List.of(windowsIndexPattern)); RestClient clientWithAccess = null; try { - clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, userWithAccess).setSocketTimeout(60000).build(); + clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, password).setSocketTimeout(60000).build(); //createUserRolesMapping("alerting_full_access", users); String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY); @@ -356,7 +356,7 @@ public void testUpdateDetector_userDoesntHaveIndexAccess_failure() throws IOExce RestClient clientWithoutAccess = null; try { - clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, userWithoutAccess).setSocketTimeout(60000).build(); + clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, password).setSocketTimeout(60000).build(); //createUserRolesMapping("alerting_full_access", users); String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);