Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport main] Use strong password in security test #454

Merged
merged 1 commit into from
Aug 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,8 @@

public class SecurityAnalyticsRestTestCase extends OpenSearchRestTestCase {

protected String password = "V%&ymu35#wbQaUo7";

protected void createRuleTopicIndex(String detectorType, String additionalMapping) throws IOException {

String mappings = "" +
Expand Down Expand Up @@ -1229,12 +1231,12 @@ protected void createCustomRole(String name, String clusterPermissions) throws I
client().performRequest(request);
}

public void createUser(String name, String passwd, String[] backendRoles) throws IOException {
public void createUser(String name, String[] backendRoles) throws IOException {
Request request = new Request("PUT", String.format(Locale.getDefault(), "/_plugins/_security/api/internalusers/%s", name));
String broles = String.join(",", backendRoles);
//String roles = String.join(",", customRoles);
String entity = " {\n" +
"\"password\": \"" + passwd + "\",\n" +
"\"password\": \"" + password + "\",\n" +
"\"backend_roles\": [\"" + broles + "\"],\n" +
"\"attributes\": {\n" +
"}} ";
Expand Down Expand Up @@ -1263,27 +1265,27 @@ protected void enableOrDisableFilterBy(String trueOrFalse) throws IOException {

protected void createUserWithDataAndCustomRole(String userName, String userPasswd, String roleName, String[] backendRoles, String clusterPermissions ) throws IOException {
String[] users = {userName};
createUser(userName, userPasswd, backendRoles);
createUser(userName, backendRoles);
createCustomRole(roleName, clusterPermissions);
createUserRolesMapping(roleName, users);
}

protected void createUserWithDataAndCustomRole(String userName, String userPasswd, String roleName, String[] backendRoles, List<String> clusterPermissions, List<String> indexPermissions, List<String> indexPatterns) throws IOException {
String[] users = {userName};
createUser(userName, userPasswd, backendRoles);
createUser(userName, backendRoles);
createIndexRole(roleName, clusterPermissions, indexPermissions, indexPatterns);
createUserRolesMapping(roleName, users);
}

protected void createUserWithData(String userName, String userPasswd, String roleName, String[] backendRoles ) throws IOException {
String[] users = {userName};
createUser(userName, userPasswd, backendRoles);
createUser(userName, backendRoles);
createUserRolesMapping(roleName, users);
}

public void createUserWithTestData(String user, String index, String role, String [] backendRoles, List<String> indexPermissions) throws IOException{
String[] users = {user};
createUser(user, user, backendRoles);
createUser(user, backendRoles);
createTestIndex(client(), index, windowsIndexMapping(), Settings.EMPTY);
createIndexRole(role, Collections.emptyList(), indexPermissions, List.of(index));
createUserRolesMapping(role, users);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public void create() throws IOException {
String[] backendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles );
if (userClient == null) {
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build();
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build();
}
}

Expand Down Expand Up @@ -162,7 +162,7 @@ public void testGetAlerts_byDetectorId_success() throws IOException {
String userRead = "userReadAlert";
String[] backendRoles = { TEST_IT_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles );
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();

// Call GetAlerts API
Map<String, String> params = new HashMap<>();
Expand All @@ -187,15 +187,15 @@ public void testGetAlerts_byDetectorId_success() throws IOException {
// recreate user with matching backend roles and try again
String[] newBackendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles );
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null);
getAlertsBody = asMap(getAlertsResponse);
Assert.assertEquals(1, getAlertsBody.get("total_alerts"));
userReadOnlyClient.close();

// update user with no backend roles and try again
createUser(userRead, userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
createUser(userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
try {
getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null);
} catch (ResponseException e)
Expand Down Expand Up @@ -281,7 +281,7 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt
String userRead = "userReadAlert";
String[] backendRoles = { TEST_IT_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles );
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();

// Call GetAlerts API
Map<String, String> params = new HashMap<>();
Expand All @@ -306,15 +306,15 @@ public void testGetAlerts_byDetectorType_success() throws IOException, Interrupt
// recreate user with matching backend roles and try again
String[] newBackendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles );
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null);
getAlertsBody = asMap(getAlertsResponse);
Assert.assertEquals(1, getAlertsBody.get("total_alerts"));
userReadOnlyClient.close();

// update user with no backend roles and try again
createUser(userRead, userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
createUser(userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
try {
getAlertsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.ALERTS_BASE_URI, params, null);
} catch (ResponseException e)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ public void create() throws IOException {
String[] backendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles );
if (userClient == null) {
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build();
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build();
}
}

Expand Down Expand Up @@ -120,7 +120,7 @@ public void testGetFindings_byDetectorId_success() throws IOException {
String userRead = "userReadFinding";
String[] backendRoles = { TEST_IT_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles );
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
// Call GetFindings API
Map<String, String> params = new HashMap<>();
params.put("detector_id", createdId);
Expand All @@ -144,15 +144,15 @@ public void testGetFindings_byDetectorId_success() throws IOException {
// recreate user with matching backend roles and try again
String[] newBackendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles );
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
getFindingsBody = entityAsMap(getFindingsResponse);
Assert.assertEquals(1, getFindingsBody.get("total_findings"));
userReadOnlyClient.close();

// update user with no backend roles and try again
createUser(userRead, userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
createUser(userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
try {
getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
} catch (ResponseException e)
Expand Down Expand Up @@ -275,7 +275,7 @@ public void testGetFindings_byDetectorType_success() throws IOException {
String userRead = "userReadFinding";
String[] backendRoles = { TEST_IT_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles );
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();


// Call GetFindings API for first detector
Expand Down Expand Up @@ -307,16 +307,16 @@ public void testGetFindings_byDetectorType_success() throws IOException {
// recreate user with matching backend roles and try again
String[] newBackendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles );
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
getFindingsBody = entityAsMap(getFindingsResponse);
Assert.assertEquals(1, getFindingsBody.get("total_findings"));
userReadOnlyClient.close();


// update user with no backend roles and try again
createUser(userRead, userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
createUser(userRead, EMPTY_ARRAY);
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
try {
getFindingsResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.FINDINGS_BASE_URI + "/_search", params, null);
} catch (ResponseException e)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ public void create() throws IOException {
String[] backendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData(user, user, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles );
if (userClient == null) {
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, user).setSocketTimeout(60000).build();
userClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), user, password).setSocketTimeout(60000).build();
}
}

Expand Down Expand Up @@ -128,7 +128,7 @@ public void testCreateDetectorWithFullAccess() throws IOException {
String userRead = "userRead";
String[] backendRoles = { TEST_IT_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, backendRoles );
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
RestClient userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
Response getResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + createdId, Collections.emptyMap(), null);
Map<String, Object> getResponseBody = asMap(getResponse);
Assert.assertEquals(createdId, getResponseBody.get("_id"));
Expand All @@ -150,7 +150,7 @@ public void testCreateDetectorWithFullAccess() throws IOException {
// recreate user with matching backend roles and try again
String[] newBackendRoles = { TEST_HR_BACKEND_ROLE };
createUserWithData( userRead, userRead, SECURITY_ANALYTICS_READ_ACCESS_ROLE, newBackendRoles );
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, userRead).setSocketTimeout(60000).build();
userReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userRead, password).setSocketTimeout(60000).build();
getResponse = makeRequest(userReadOnlyClient, "GET", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + createdId, Collections.emptyMap(), null);
getResponseBody = asMap(getResponse);
Assert.assertEquals(createdId, getResponseBody.get("_id"));
Expand All @@ -177,7 +177,7 @@ public void testCreateDetectorWithNoBackendRoles() throws IOException {
String userFull= "userFull";
String[] backendRoles = {};
createUserWithData( userFull, userFull, SECURITY_ANALYTICS_FULL_ACCESS_ROLE, backendRoles );
RestClient userFullClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userFull, userFull).setSocketTimeout(60000).build();
RestClient userFullClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userFull, password).setSocketTimeout(60000).build();

String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);

Expand Down Expand Up @@ -218,7 +218,7 @@ public void testCreateDetector_userHasIndexAccess_success() throws IOException {
RestClient clientWithAccess = null;

try {
clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, userWithAccess).setSocketTimeout(60000).build();
clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, password).setSocketTimeout(60000).build();
String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);

Request createMappingRequest = new Request("POST", SecurityAnalyticsPlugin.MAPPER_BASE_URI);
Expand Down Expand Up @@ -264,7 +264,7 @@ public void testCreateDetector_userDoesntHaveIndexAccess_failure() throws IOExce
RestClient clientWithoutAccess = null;

try {
clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, userWithoutAccess).setSocketTimeout(60000).build();
clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, password).setSocketTimeout(60000).build();

String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);

Expand Down Expand Up @@ -303,7 +303,7 @@ public void testUpdateDetector_userHasIndexAccess_success() throws IOException {
createUserWithDataAndCustomRole(userWithAccess, userWithAccess, roleNameWithIndexPatternAccess, backendRoles, clusterPermissions, indexPermissions, List.of(windowsIndexPattern));
RestClient clientWithAccess = null;
try {
clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, userWithAccess).setSocketTimeout(60000).build();
clientWithAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithAccess, password).setSocketTimeout(60000).build();
//createUserRolesMapping("alerting_full_access", users);
String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);

Expand Down Expand Up @@ -356,7 +356,7 @@ public void testUpdateDetector_userDoesntHaveIndexAccess_failure() throws IOExce
RestClient clientWithoutAccess = null;

try {
clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, userWithoutAccess).setSocketTimeout(60000).build();
clientWithoutAccess = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[]{}), isHttps(), userWithoutAccess, password).setSocketTimeout(60000).build();

//createUserRolesMapping("alerting_full_access", users);
String index = createTestIndex(client(), randomIndex(), windowsIndexMapping(), Settings.EMPTY);
Expand Down