Skip to content

Commit

Permalink
Applied correction after CR for test related to security configuratio…
Browse files Browse the repository at this point in the history
…n updating.

Signed-off-by: Lukasz Soszynski <[email protected]>
  • Loading branch information
lukasz-soszynski-eliatra committed Oct 13, 2022
1 parent 079d7f0 commit 3eb83ba
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import java.util.Map;

import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
Expand All @@ -24,19 +25,31 @@
import org.opensearch.test.framework.cluster.ClusterManager;
import org.opensearch.test.framework.cluster.LocalCluster;
import org.opensearch.test.framework.cluster.TestRestClient;
import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.aMapWithSize;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasKey;

@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class)
@ThreadLeakScope(ThreadLeakScope.Scope.NONE)
public class DefaultConfigurationTests {

private final static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory();
public static final String ADMIN_USER_NAME = "admin";
public static final String DEFAULT_PASSWORD = "secret";
public static final String NEW_USER = "new-user";
public static final String LIMITED_USER = "limited-user";

@ClassRule
public static LocalCluster cluster = new LocalCluster.Builder()
.clusterManager(ClusterManager.SINGLENODE)
.nodeSettings(Map.of("plugins.security.allow_default_init_securityindex", true))
.nodeSettings(Map.of(
"plugins.security.allow_default_init_securityindex", true,
"plugins.security.restapi.roles_enabled", List.of("user_admin__all_access")
))
.defaultConfigurationInitDirectory(configurationFolder.toString())
.loadConfigurationIntoIndex(false)
.build();
Expand All @@ -48,9 +61,20 @@ public static void cleanConfigurationDirectory() throws IOException {

@Test
public void shouldLoadDefaultConfiguration() {
try(TestRestClient client = cluster.getRestClient("new-user", "secret")) {
try(TestRestClient client = cluster.getRestClient(NEW_USER, DEFAULT_PASSWORD)) {
Awaitility.await().alias("Load default configuration")
.until(() -> client.getAuthInfo().getStatusCode(), equalTo(200));
}
try(TestRestClient client = cluster.getRestClient(ADMIN_USER_NAME, DEFAULT_PASSWORD)){
client.assertCorrectCredentials(ADMIN_USER_NAME);
HttpResponse response = client.get("/_plugins/_security/api/internalusers");
response.assertStatusCode(200);
Map<String, Object> users = response.getBodyAs(Map.class);
assertThat(users, allOf(
aMapWithSize(3),
hasKey(ADMIN_USER_NAME),
hasKey(NEW_USER),
hasKey(LIMITED_USER)));
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.opensearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.opensearch.security.support.ConfigConstants.SECURITY_BACKGROUND_INIT_IF_SECURITYINDEX_NOT_EXIST;
import static org.opensearch.security.support.ConfigConstants.SECURITY_RESTAPI_ROLES_ENABLED;
Expand Down Expand Up @@ -85,14 +84,13 @@ public void shouldCreateUserViaRestApi_success() {
HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_1, String.format(CREATE_USER_BODY,
ADDITIONAL_PASSWORD_1));

assertThat(httpResponse, notNullValue());
assertThat(httpResponse.getStatusCode(), equalTo(201));
}
try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(USER_ADMIN.getName());
}
try(TestRestClient client = cluster.getRestClient(ADDITIONAL_USER_1, ADDITIONAL_PASSWORD_1)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(ADDITIONAL_USER_1);
}
}

Expand All @@ -102,7 +100,6 @@ public void shouldCreateUserViaRestApi_failure() {
HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_1, String.format(CREATE_USER_BODY,
ADDITIONAL_PASSWORD_1));

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(403);
}
}
Expand All @@ -112,7 +109,6 @@ public void shouldAuthenticateAsAdminWithCertificate_positive() {
try(TestRestClient client = cluster.getRestClient(cluster.getAdminCertificate())) {
HttpResponse httpResponse = client.get("/_plugins/_security/whoami");

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(200);
assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("true"));
}
Expand All @@ -124,7 +120,6 @@ public void shouldAuthenticateAsAdminWithCertificate_negativeSelfSignedCertifica
try(TestRestClient client = cluster.getRestClient(testCertificates.createSelfSignedCertificate("CN=bond"))) {
HttpResponse httpResponse = client.get("/_plugins/_security/whoami");

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(200);
assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("false"));
}
Expand All @@ -136,7 +131,6 @@ public void shouldAuthenticateAsAdminWithCertificate_negativeIncorrectDn() {
try(TestRestClient client = cluster.getRestClient(testCertificates.createAdminCertificate("CN=non_admin"))) {
HttpResponse httpResponse = client.get("/_plugins/_security/whoami");

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(200);
assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("false"));
}
Expand All @@ -149,14 +143,13 @@ public void shouldCreateUserViaRestApiWhenAdminIsAuthenticatedViaCertificate_pos
HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_2, String.format(CREATE_USER_BODY,
ADDITIONAL_PASSWORD_2));

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(201);
}
try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(USER_ADMIN.getName());
}
try(TestRestClient client = cluster.getRestClient(ADDITIONAL_USER_2, ADDITIONAL_PASSWORD_2)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(ADDITIONAL_USER_2);
}
}

Expand All @@ -167,7 +160,6 @@ public void shouldCreateUserViaRestApiWhenAdminIsAuthenticatedViaCertificate_neg
HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_2, String.format(CREATE_USER_BODY,
ADDITIONAL_PASSWORD_2));

assertThat(httpResponse, notNullValue());
httpResponse.assertStatusCode(401);
}
}
Expand All @@ -181,10 +173,10 @@ public void shouldStillWorkAfterUpdateOfSecurityConfig() {
cluster.updateUserConfiguration(users);

try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(USER_ADMIN.getName());
}
try(TestRestClient client = cluster.getRestClient(newUser)) {
client.assertCorrectCredentials();
client.assertCorrectCredentials(newUser.getName());
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,10 +123,13 @@ public HttpResponse getAuthInfo( Header... headers) {
return executeRequest(new HttpGet(getHttpServerUri() + "/_opendistro/_security/authinfo?pretty"), headers);
}

public void assertCorrectCredentials() {
public void assertCorrectCredentials(String expectedUserName) {
HttpResponse response = getAuthInfo();
assertThat(response, notNullValue());
response.assertStatusCode(200);
String username = response.getTextFromJsonBody("/user_name");
String message = String.format("Expected user name is '%s', but was '%s'", expectedUserName, username);
assertThat(message, username, equalTo(expectedUserName));
}

public HttpResponse head(String path, Header... headers) {
Expand Down

0 comments on commit 3eb83ba

Please sign in to comment.