From f9b300d893c24b1918bc403b6600464442d04ac0 Mon Sep 17 00:00:00 2001 From: cliu123 Date: Fri, 8 Apr 2022 23:59:03 -0700 Subject: [PATCH] Add Java docs for test methods Signed-off-by: cliu123 --- .../security/securityconf/ConfigModelV7.java | 14 ++++---- .../dlic/dlsfls/DfmOverwritesAllTest.java | 36 ++++++++++++------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java index 63c2b0d632..129e33e94e 100644 --- a/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java @@ -425,14 +425,12 @@ public EvaluatedDlsFlsConfig getDlsFls(User user, boolean dfmEmptyOverwritesAll, } if (dfmEmptyOverwritesAll) { - if (log.isDebugEnabled()) { - log.debug("Index patterns with no dls queries attached: {} - They will be removed from {}", noDlsConcreteIndices, - dlsQueriesByIndex.keySet()); - log.debug("Index patterns with no fls fields attached: {} - They will be removed from {}", noFlsConcreteIndices, - flsFields.keySet()); - log.debug("Index patterns with no masked fields attached: {} - They will be removed from {}", noMaskedFieldConcreteIndices, - maskedFieldsMap.keySet()); - } + log.debug("Index patterns with no dls queries attached: {} - They will be removed from {}", noDlsConcreteIndices, + dlsQueriesByIndex.keySet()); + log.debug("Index patterns with no fls fields attached: {} - They will be removed from {}", noFlsConcreteIndices, + flsFields.keySet()); + log.debug("Index patterns with no masked fields attached: {} - They will be removed from {}", noMaskedFieldConcreteIndices, + maskedFieldsMap.keySet()); // removing the indices that do not have D/M/F restrictions // from the keySet will also modify the underlying map dlsQueriesByIndex.keySet().removeAll(noDlsConcreteIndices); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java index f3e313a7c4..18e2f68695 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DfmOverwritesAllTest.java @@ -54,9 +54,12 @@ protected void populateData(Client tc) { } + /** + * Admin user sees all, no dfm restrictions apply. + * @throws Exception + */ @Test public void testDFMUnrestrictedUser() throws Exception { - // admin user sees all, no dfm restrictions apply final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_DFM_EMPTY_OVERRIDES_ALL, true).build(); setup(settings, new DynamicSecurityConfig().setConfig("securityconfig_dfm_empty_overwrites_all.yml") @@ -90,11 +93,13 @@ public void testDFMUnrestrictedUser() throws Exception { Assert.assertTrue(response.getBody().contains("value-2-4")); } - + /** + * Tests that the DFM settings are applied. User has only one role + * with D/F/M all enabled, so restrictions must kick in. + * @throws Exception + */ @Test public void testDFMRestrictedUser() throws Exception { - // tests that the DFM settings are applied. User has only one role - // with D/F/M all enabled, so restrictions must kick in final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_DFM_EMPTY_OVERRIDES_ALL, true).build(); setup(settings, new DynamicSecurityConfig().setConfig("securityconfig_dfm_empty_overwrites_all.yml") @@ -132,13 +137,16 @@ public void testDFMRestrictedUser() throws Exception { Assert.assertTrue(response.getBody().contains("3090f7e867f390fb96b20ba30ee518b09a927b857393ebd1262f31191a385efa")); } + /** + * User has the restricted role as in test testDFMRestrictedUser(). In addition, user has + * another role with the same index pattern as the restricted role but no DFM settings. In that + * case the unrestricted role should trump the restricted one, so basically user has + * full access again. + * @throws Exception + */ @Test public void testDFMRestrictedAndUnrestrictedAllIndices() throws Exception { - // user has the restricted role as in test testDFMRestrictedUser(). In addition, user has - // another role with the same index pattern as the restricted role but no DFM settings. In that - // case the unrestricted role should trump the restricted one, so basically user has - // full access again. final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_DFM_EMPTY_OVERRIDES_ALL, true).build(); setup(settings, new DynamicSecurityConfig().setConfig("securityconfig_dfm_empty_overwrites_all.yml") @@ -172,13 +180,15 @@ public void testDFMRestrictedAndUnrestrictedAllIndices() throws Exception { Assert.assertTrue(response.getBody().contains("value-2-4")); } + /** + * User has the restricted role as in test testDFMRestrictedUser(). In addition, user has + * another role where the index pattern matches two specific index ("index1-2", "index-1-1"), means this role has two indices + * which are more specific than the index pattern in the restricted role ("index1-*"), So the second role should + * remove the DMF restrictions from exactly two indices. Otherwise, restrictions still apply. + * @throws Exception + */ @Test public void testDFMRestrictedAndUnrestrictedOneIndex() throws Exception { - - // user has the restricted role as in test testDFMRestrictedUser(). In addition, user has - // another role where the index pattern matches two specific index ("index1-2", "index-1-1"), means this role has two indices - // which are more specific than the index pattern in the restricted role ("index1-*"), So the second role should - // remove the DMF restrictions from exactly two indices. Otherwise, restrictions still apply. final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_DFM_EMPTY_OVERRIDES_ALL, true).build(); setup(settings, new DynamicSecurityConfig().setConfig("securityconfig_dfm_empty_overwrites_all.yml") .setSecurityInternalUsers("internal_users_dfm_empty_overwrites_all.yml")