Test related to security plugin configuration updates. (#2155)

* Test related to security plugin configuration updates. Signed-off-by: Lukasz Soszynski <[email protected]>
opensearch-project · Dec 13, 2022 · 6ae3941 · 6ae3941
1 parent 7b52ef9
commit 6ae3941
Show file tree

Hide file tree

Showing 20 changed files with 595 additions and 49 deletions.
diff --git a/src/integrationTest/java/org/opensearch/security/ConfigurationFiles.java b/src/integrationTest/java/org/opensearch/security/ConfigurationFiles.java
@@ -0,0 +1,61 @@
+/*
+* Copyright OpenSearch Contributors
+* SPDX-License-Identifier: Apache-2.0
+*
+* The OpenSearch Contributors require contributions made to
+* this file be licensed under the Apache-2.0 license or a
+* compatible open source license.
+*
+*/
+package org.opensearch.security;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Objects;
+
+class ConfigurationFiles {
+
+	public static void createRoleMappingFile(File destination) {
+		String resource = "roles_mapping.yml";
+		copyResourceToFile(resource, destination);
+	}
+
+	public static Path createConfigurationDirectory()  {
+		try {
+			Path tempDirectory = Files.createTempDirectory("test-security-config");
+			String[] configurationFiles = {
+				"config.yml",
+				"action_groups.yml",
+				"config.yml",
+				"internal_users.yml",
+				"roles.yml",
+				"roles_mapping.yml",
+				"security_tenants.yml",
+				"tenants.yml"
+			};
+			for (String fileName : configurationFiles) {
+				Path configFileDestination = tempDirectory.resolve(fileName);
+				copyResourceToFile(fileName, configFileDestination.toFile());
+			}
+			return tempDirectory.toAbsolutePath();
+		} catch (IOException ex) {
+		throw new RuntimeException("Cannot create directory with security plugin configuration.", ex);
+		}
+	}
+
+	private static void copyResourceToFile(String resource, File destination) {
+		try(InputStream input = ConfigurationFiles.class.getClassLoader().getResourceAsStream(resource)) {
+			Objects.requireNonNull(input, "Cannot find source resource " + resource);
+			try(OutputStream output = new FileOutputStream(destination)) {
+				input.transferTo(output);
+			}
+		} catch (IOException e) {
+			throw new RuntimeException("Cannot create file with security plugin configuration", e);
+		}
+	}
+}
diff --git a/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java
@@ -0,0 +1,80 @@
+/*
+* Copyright OpenSearch Contributors
+* SPDX-License-Identifier: Apache-2.0
+*
+* The OpenSearch Contributors require contributions made to
+* this file be licensed under the Apache-2.0 license or a
+* compatible open source license.
+*
+*/
+package org.opensearch.security;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Map;
+
+import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
+import org.apache.commons.io.FileUtils;
+import org.awaitility.Awaitility;
+import org.junit.AfterClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.opensearch.test.framework.cluster.ClusterManager;
+import org.opensearch.test.framework.cluster.LocalCluster;
+import org.opensearch.test.framework.cluster.TestRestClient;
+import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.aMapWithSize;
+import static org.hamcrest.Matchers.allOf;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.hasKey;
+
+@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class)
+@ThreadLeakScope(ThreadLeakScope.Scope.NONE)
+public class DefaultConfigurationTests {
+
+	private final static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory();
+	public static final String ADMIN_USER_NAME = "admin";
+	public static final String DEFAULT_PASSWORD = "secret";
+	public static final String NEW_USER = "new-user";
+	public static final String LIMITED_USER = "limited-user";
+
+	@ClassRule
+	public static LocalCluster cluster = new LocalCluster.Builder()
+		.clusterManager(ClusterManager.SINGLENODE)
+		.nodeSettings(Map.of(
+			"plugins.security.allow_default_init_securityindex", true,
+			"plugins.security.restapi.roles_enabled", List.of("user_admin__all_access")
+		))
+		.defaultConfigurationInitDirectory(configurationFolder.toString())
+		.loadConfigurationIntoIndex(false)
+		.build();
+
+	@AfterClass
+	public static void cleanConfigurationDirectory() throws IOException {
+		FileUtils.deleteDirectory(configurationFolder.toFile());
+	}
+
+	@Test
+	public void shouldLoadDefaultConfiguration()  {
+		try(TestRestClient client = cluster.getRestClient(NEW_USER, DEFAULT_PASSWORD)) {
+			Awaitility.await().alias("Load default configuration")
+				.until(() -> client.getAuthInfo().getStatusCode(), equalTo(200));
+		}
+		try(TestRestClient client = cluster.getRestClient(ADMIN_USER_NAME, DEFAULT_PASSWORD)){
+			client.assertCorrectCredentials(ADMIN_USER_NAME);
+			HttpResponse response = client.get("/_plugins/_security/api/internalusers");
+			response.assertStatusCode(200);
+			Map<String, Object> users = response.getBodyAs(Map.class);
+			assertThat(users, allOf(
+				aMapWithSize(3),
+				hasKey(ADMIN_USER_NAME),
+				hasKey(NEW_USER),
+				hasKey(LIMITED_USER)));
+		}
+	}
+}
diff --git a/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java b/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java
@@ -120,7 +120,7 @@ public void shouldNotBlockIpWhenFailureAuthenticationCountIsLessThanAllowedTries
 	}
 
 	@Test
-	public void shouldBlockIpWhenFailureAuthenticationCountIsGraterThanAllowedTries() {
+	public void shouldBlockIpWhenFailureAuthenticationCountIsGreaterThanAllowedTries() {
 		authenticateUserWithIncorrectPassword(CLIENT_IP_8, USER_1, ALLOWED_TRIES * 2);
 		try(TestRestClient client = cluster.createGenericClientRestClient(userWithSourceIp(USER_1, CLIENT_IP_8))) {
 

diff --git a/src/integrationTest/java/org/opensearch/security/SecurityAdminLauncher.java b/src/integrationTest/java/org/opensearch/security/SecurityAdminLauncher.java
@@ -0,0 +1,41 @@
+/*
+* Copyright OpenSearch Contributors
+* SPDX-License-Identifier: Apache-2.0
+*
+* The OpenSearch Contributors require contributions made to
+* this file be licensed under the Apache-2.0 license or a
+* compatible open source license.
+*
+*/
+package org.opensearch.security;
+
+import java.io.File;
+
+import org.opensearch.security.tools.SecurityAdmin;
+import org.opensearch.test.framework.certificate.TestCertificates;
+
+import static java.util.Objects.requireNonNull;
+
+class SecurityAdminLauncher {
+
+	private final TestCertificates certificates;
+	private int port;
+
+	public SecurityAdminLauncher(int port, TestCertificates certificates) {
+		this.port = port;
+		this.certificates = requireNonNull(certificates, "Certificates are required to communicate with cluster.");
+	}
+
+	public int updateRoleMappings(File roleMappingsConfigurationFile) throws Exception {
+		String[] commandLineArguments = {"-cacert", certificates.getRootCertificate().getAbsolutePath(),
+			"-cert", certificates.getAdminCertificate().getAbsolutePath(),
+			"-key", certificates.getAdminKey(null).getAbsolutePath(),
+			"-nhnv",
+			"-p", String.valueOf(port),
+			"-f", roleMappingsConfigurationFile.getAbsolutePath(),
+			"-t", "rolesmapping"
+		};
+
+		return SecurityAdmin.execute(commandLineArguments);
+	}
+}