From 3eb83ba9311dc2301a0909fd0353575cbe17de52 Mon Sep 17 00:00:00 2001 From: Lukasz Soszynski Date: Thu, 13 Oct 2022 16:10:46 +0200 Subject: [PATCH] Applied correction after CR for test related to security configuration updating. Signed-off-by: Lukasz Soszynski --- .../security/DefaultConfigurationTests.java | 28 +++++++++++++++++-- .../security/SecurityConfigurationTests.java | 20 ++++--------- .../framework/cluster/TestRestClient.java | 5 +++- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java index 4cf9110f98..589fe798d5 100644 --- a/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java +++ b/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java @@ -11,6 +11,7 @@ import java.io.IOException; import java.nio.file.Path; +import java.util.List; import java.util.Map; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; @@ -24,19 +25,31 @@ import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; import org.opensearch.test.framework.cluster.TestRestClient; +import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.aMapWithSize; +import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasKey; @RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) @ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class DefaultConfigurationTests { private final static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory(); + public static final String ADMIN_USER_NAME = "admin"; + public static final String DEFAULT_PASSWORD = "secret"; + public static final String NEW_USER = "new-user"; + public static final String LIMITED_USER = "limited-user"; @ClassRule public static LocalCluster cluster = new LocalCluster.Builder() .clusterManager(ClusterManager.SINGLENODE) - .nodeSettings(Map.of("plugins.security.allow_default_init_securityindex", true)) + .nodeSettings(Map.of( + "plugins.security.allow_default_init_securityindex", true, + "plugins.security.restapi.roles_enabled", List.of("user_admin__all_access") + )) .defaultConfigurationInitDirectory(configurationFolder.toString()) .loadConfigurationIntoIndex(false) .build(); @@ -48,9 +61,20 @@ public static void cleanConfigurationDirectory() throws IOException { @Test public void shouldLoadDefaultConfiguration() { - try(TestRestClient client = cluster.getRestClient("new-user", "secret")) { + try(TestRestClient client = cluster.getRestClient(NEW_USER, DEFAULT_PASSWORD)) { Awaitility.await().alias("Load default configuration") .until(() -> client.getAuthInfo().getStatusCode(), equalTo(200)); } + try(TestRestClient client = cluster.getRestClient(ADMIN_USER_NAME, DEFAULT_PASSWORD)){ + client.assertCorrectCredentials(ADMIN_USER_NAME); + HttpResponse response = client.get("/_plugins/_security/api/internalusers"); + response.assertStatusCode(200); + Map users = response.getBodyAs(Map.class); + assertThat(users, allOf( + aMapWithSize(3), + hasKey(ADMIN_USER_NAME), + hasKey(NEW_USER), + hasKey(LIMITED_USER))); + } } } diff --git a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java index 1ecc65107f..fc36f5992b 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java @@ -34,7 +34,6 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.notNullValue; import static org.opensearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.opensearch.security.support.ConfigConstants.SECURITY_BACKGROUND_INIT_IF_SECURITYINDEX_NOT_EXIST; import static org.opensearch.security.support.ConfigConstants.SECURITY_RESTAPI_ROLES_ENABLED; @@ -85,14 +84,13 @@ public void shouldCreateUserViaRestApi_success() { HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_1, String.format(CREATE_USER_BODY, ADDITIONAL_PASSWORD_1)); - assertThat(httpResponse, notNullValue()); assertThat(httpResponse.getStatusCode(), equalTo(201)); } try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(USER_ADMIN.getName()); } try(TestRestClient client = cluster.getRestClient(ADDITIONAL_USER_1, ADDITIONAL_PASSWORD_1)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(ADDITIONAL_USER_1); } } @@ -102,7 +100,6 @@ public void shouldCreateUserViaRestApi_failure() { HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_1, String.format(CREATE_USER_BODY, ADDITIONAL_PASSWORD_1)); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(403); } } @@ -112,7 +109,6 @@ public void shouldAuthenticateAsAdminWithCertificate_positive() { try(TestRestClient client = cluster.getRestClient(cluster.getAdminCertificate())) { HttpResponse httpResponse = client.get("/_plugins/_security/whoami"); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(200); assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("true")); } @@ -124,7 +120,6 @@ public void shouldAuthenticateAsAdminWithCertificate_negativeSelfSignedCertifica try(TestRestClient client = cluster.getRestClient(testCertificates.createSelfSignedCertificate("CN=bond"))) { HttpResponse httpResponse = client.get("/_plugins/_security/whoami"); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(200); assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("false")); } @@ -136,7 +131,6 @@ public void shouldAuthenticateAsAdminWithCertificate_negativeIncorrectDn() { try(TestRestClient client = cluster.getRestClient(testCertificates.createAdminCertificate("CN=non_admin"))) { HttpResponse httpResponse = client.get("/_plugins/_security/whoami"); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(200); assertThat(httpResponse.getTextFromJsonBody("/is_admin"), equalTo("false")); } @@ -149,14 +143,13 @@ public void shouldCreateUserViaRestApiWhenAdminIsAuthenticatedViaCertificate_pos HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_2, String.format(CREATE_USER_BODY, ADDITIONAL_PASSWORD_2)); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(201); } try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(USER_ADMIN.getName()); } try(TestRestClient client = cluster.getRestClient(ADDITIONAL_USER_2, ADDITIONAL_PASSWORD_2)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(ADDITIONAL_USER_2); } } @@ -167,7 +160,6 @@ public void shouldCreateUserViaRestApiWhenAdminIsAuthenticatedViaCertificate_neg HttpResponse httpResponse = client.putJson(INTERNAL_USERS_RESOURCE + ADDITIONAL_USER_2, String.format(CREATE_USER_BODY, ADDITIONAL_PASSWORD_2)); - assertThat(httpResponse, notNullValue()); httpResponse.assertStatusCode(401); } } @@ -181,10 +173,10 @@ public void shouldStillWorkAfterUpdateOfSecurityConfig() { cluster.updateUserConfiguration(users); try(TestRestClient client = cluster.getRestClient(USER_ADMIN)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(USER_ADMIN.getName()); } try(TestRestClient client = cluster.getRestClient(newUser)) { - client.assertCorrectCredentials(); + client.assertCorrectCredentials(newUser.getName()); } } diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java index 8aaa063e17..dbade41283 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java @@ -123,10 +123,13 @@ public HttpResponse getAuthInfo( Header... headers) { return executeRequest(new HttpGet(getHttpServerUri() + "/_opendistro/_security/authinfo?pretty"), headers); } - public void assertCorrectCredentials() { + public void assertCorrectCredentials(String expectedUserName) { HttpResponse response = getAuthInfo(); assertThat(response, notNullValue()); response.assertStatusCode(200); + String username = response.getTextFromJsonBody("/user_name"); + String message = String.format("Expected user name is '%s', but was '%s'", expectedUserName, username); + assertThat(message, username, equalTo(expectedUserName)); } public HttpResponse head(String path, Header... headers) {