Test related to security plugin configuration updates.

[lukasz-soszynski-eliatra]

Signed-off-by: Lukasz Soszynski [email protected]

Description

[Describe what this change achieves]

• Category (Integration tests)
• Why these changes are required?
• What is the old behavior before changes and new behavior after changes?

Integration tests which verify security plugin behaviour after the configuration update

Issues Resolved

[List any issues this PR will resolve]

Is this a backport? If so, please add backport PR # and/or commits #

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cliu123]

Don't we need methods to create other configurations like roles, internal_users and so on for future?

[lukasz-soszynski-eliatra]

Actually, other configuration files can be created by the method org.opensearch.security.ConfigurationFiles#createConfigurationDirectory. Role mapping file has its own dedicated method createRoleMappingFile because the role mapping file is used in configuration update test (org.opensearch.security.SecurityConfigurationTests#shouldUseSecurityAdminTool) where only roles mapping are update

[DarshitChanpura]

for my knowledge, what does this setting do?

[lukasz-soszynski-eliatra]

This configuration parameter is used in method org.opensearch.security.configuration.ConfigurationRepository#initOnNodeStart. If the value is true then the thread defined in the constructor org.opensearch.security.configuration.ConfigurationRepository#ConfigurationRepositoryis started. The thread is responsible for:

1. Loading default configuration (if another configuration parameter plugins.security.allow_default_init_securityindex is equal to true, but the default is false)
2. Loading security plugin configuration from index .opendistro_security to local node cache.

Both operations are not needed during the tests because in most cases a new cluster is created, security plugin configuration is inserted into index .opendistro_security and then a configuration update request is sent to the cluster, please see method org.opensearch.test.framework.TestSecurityConfig#initIndex

In practice switching the parameter plugins.security.background_init_if_securityindex_not_exist to true causes logging additional WARN messages.

@nibix please correct me if I went wrong.

[DarshitChanpura]

Bwc tests are broken on main. Tracking issue here: #2221

[codecov-commenter]

Codecov Report

Merging #2155 (738994d) into main (933a961) will decrease coverage by 0.18%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #2155      +/-   ##
============================================
- Coverage     61.16%   60.97%   -0.19%     
+ Complexity     3274     3261      -13     
============================================
  Files           259      259              
  Lines         18337    18336       -1     
  Branches       3248     3248              
============================================
- Hits          11215    11180      -35     
- Misses         5535     5565      +30     
- Partials       1587     1591       +4     

Impacted Files	Coverage Δ
...t/keybyoidc/AuthenticatorUnavailableException.java	0.00% <0.00%> (-20.00%)	⬇️
.../auth/http/jwt/keybyoidc/SelfRefreshingKeySet.java	59.85% <0.00%> (-8.46%)	⬇️
...ch/security/auditlog/routing/AsyncStoragePool.java	50.00% <0.00%> (-5.56%)	⬇️
...urity/ssl/transport/SecuritySSLNettyTransport.java	62.36% <0.00%> (-4.31%)	⬇️
...ic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java	55.81% <0.00%> (-3.49%)	⬇️
...earch/security/ssl/util/SSLConnectionTestUtil.java	93.18% <0.00%> (-2.28%)	⬇️
...ecurity/configuration/ConfigurationRepository.java	72.13% <0.00%> (-2.19%)	⬇️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java	57.46% <0.00%> (-1.50%)	⬇️
...iance/ComplianceIndexingOperationListenerImpl.java	61.76% <0.00%> (-1.48%)	⬇️
...search/security/transport/SecurityInterceptor.java	75.38% <0.00%> (-0.77%)	⬇️
... and 2 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[peternied]

@lukasz-soszynski-eliatra Please rebase/merge from main this should resolve the CI issues so this change can be merged. Note; I tried to update this PR myself, but I could not push it to your branch.

[lukasz-soszynski-eliatra]

Done, rebased into newest main