From f1404eb7eb769dcb5ec5fb1dbb5efd386a0aa967 Mon Sep 17 00:00:00 2001 From: Sandesh Kumar Date: Thu, 31 Mar 2022 15:23:55 +0530 Subject: [PATCH] Adding additional test cases for backing indices of data streams Signed-off-by: Sandesh Kumar --- .../security/DataStreamIntegrationTests.java | 45 +++++++++++++++++++ src/test/resources/roles.yml | 12 +++++ src/test/resources/roles_mapping.yml | 5 +++ 3 files changed, 62 insertions(+) diff --git a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java index d79d3fd5a2..3d314c685e 100644 --- a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java +++ b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java @@ -209,4 +209,49 @@ public void testDataStreamStats() throws Exception { response = rh.executeGetRequest("/_data_stream/my-data-stream*/_stats", encodeBasicHeader("ds3", "nagilum")); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); } + + @Test + public void testBackingIndicesOfDataStream() throws Exception { + + setup(); + RestHelper rh = nonSslRestHelper(); + createSampleDataStreams(rh); + HttpResponse response; + + response = rh.executeGetRequest("my-data-stream11", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest("my-data-stream22", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream11-000001", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream22-000001", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream21-000001,.ds-my-data-stream22-000001", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream2*", encodeBasicHeader("ds0", "nagilum")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + + response = rh.executeGetRequest("my-data-stream11", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest("my-data-stream22", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream11-000001", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream22-000001", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream21-000001,.ds-my-data-stream22-000001", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + + response = rh.executeGetRequest(".ds-my-data-stream2*", encodeBasicHeader("ds2", "nagilum")); + Assert.assertEquals(HttpStatus.SC_FORBIDDEN, response.getStatusCode()); + } } diff --git a/src/test/resources/roles.yml b/src/test/resources/roles.yml index 1ba7adb8de..c7a171523b 100644 --- a/src/test/resources/roles.yml +++ b/src/test/resources/roles.yml @@ -1080,6 +1080,17 @@ index_template_perm: allowed_actions: - "indices:admin/index_template/*" +data_stream_0: + reserved: true + hidden: false + description: "Migrated from v6 (all types mapped)" + cluster_permissions: [] + index_permissions: + - index_patterns: + - "*my-data-stream2*" + allowed_actions: + - "indices:admin/get" + data_stream_1: reserved: true hidden: false @@ -1105,6 +1116,7 @@ data_stream_2: - "indices:admin/data_stream/create" - "indices:monitor/data_stream/stats" - "indices:admin/data_stream/delete" + - "indices:admin/get" data_stream_3: reserved: true diff --git a/src/test/resources/roles_mapping.yml b/src/test/resources/roles_mapping.yml index f5c39dc7c0..6cf3ae377b 100644 --- a/src/test/resources/roles_mapping.yml +++ b/src/test/resources/roles_mapping.yml @@ -393,6 +393,11 @@ index_template_perm: hidden: false users: - "ds1" +data_stream_0: + reserved: false + hidden: false + users: + - "ds0" data_stream_1: reserved: false hidden: false