Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate requests are not impacted during security cache invalidation #3637

Merged
merged 10 commits into from
Nov 3, 2023
Merged

Validate requests are not impacted during security cache invalidation #3637

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1004ef7
Add async test to ensure bulk requests succeed while cache is invalid…
cwperks Nov 1, 2023
7ebe917
Change test name
cwperks Nov 1, 2023
9e1bfad
Remove Serializable from implementation list
cwperks Nov 2, 2023
87a767f
Fix checkstyle
cwperks Nov 2, 2023
a65c4ff
Address some code review comments
cwperks Nov 2, 2023
8b06832
Reduce number of variables
cwperks Nov 2, 2023
0ed3727
Instantiate restclient with AdminUser
cwperks Nov 2, 2023
6a785c7
Use client.delete and client.get
cwperks Nov 2, 2023
caa026c
Merge branch 'main' into optional-data-exception-fix
cwperks Nov 2, 2023
0ce56e7
Switch to postJson and remove shuffle
cwperks Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 98 additions & 0 deletions src/integrationTest/java/org/opensearch/security/http/AsyncTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/

package org.opensearch.security.http;

import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
import com.nimbusds.jose.util.StandardCharset;

import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.HttpStatus;
import org.apache.hc.core5.http.io.entity.ByteArrayEntity;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensearch.security.IndexOperationsHelper;
import org.opensearch.security.support.ConfigConstants;
import org.opensearch.test.framework.AsyncActions;
import org.opensearch.test.framework.RolesMapping;
import org.opensearch.test.framework.TestSecurityConfig;
import org.opensearch.test.framework.cluster.LocalCluster;
import org.opensearch.test.framework.cluster.TestRestClient;
import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse;

import java.util.Collections;
import java.util.Map;
import java.util.List;
import java.util.ArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.CompletableFuture;

import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL;
import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS;

@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class)
@ThreadLeakScope(ThreadLeakScope.Scope.NONE)
public class AsyncTests {
private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").backendRoles("admin");

@ClassRule
public static LocalCluster cluster = new LocalCluster.Builder().singleNode()
.authc(AUTHC_HTTPBASIC_INTERNAL)
.users(ADMIN_USER)
.rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles("admin"))
.anonymousAuth(false)
.nodeSettings(Map.of(ConfigConstants.SECURITY_RESTAPI_ROLES_ENABLED, List.of(ALL_ACCESS.getName())))
.build();

@Test
public void testBulkAndCacheInvalidationMixed() throws Exception {
String indexName = "test-index";
final String invalidateCachePath = "_plugins/_security/api/cache";
final String nodesPath = "_nodes";
final String bulkPath = "/_bulk";
final String document = ("{ \"index\": { \"_index\": \"" + indexName + "\" }}\n{ \"foo\": \"bar\" }\n").repeat(5);
final int parallelism = 5;
final int totalNumberOfRequests = 30;

try (final TestRestClient client = cluster.getRestClient(ADMIN_USER)) {
IndexOperationsHelper.createIndex(cluster, indexName);

final CountDownLatch countDownLatch = new CountDownLatch(1);

List<CompletableFuture<HttpResponse>> allRequests = new ArrayList<CompletableFuture<HttpResponse>>();

allRequests.addAll(AsyncActions.generate(() -> {
countDownLatch.await();
return client.delete(invalidateCachePath);
}, parallelism, totalNumberOfRequests));

allRequests.addAll(AsyncActions.generate(() -> {
countDownLatch.await();
final HttpPost post = new HttpPost(client.getHttpServerUri() + bulkPath);
post.setEntity(new ByteArrayEntity(document.getBytes(StandardCharset.UTF_8), ContentType.APPLICATION_JSON));
return client.executeRequest(post);
cwperks marked this conversation as resolved.
Show resolved Hide resolved
}, parallelism, totalNumberOfRequests));

allRequests.addAll(AsyncActions.generate(() -> {
countDownLatch.await();
return client.get(nodesPath);
}, parallelism, totalNumberOfRequests));

// Make sure all requests start at the same time
countDownLatch.countDown();
Collections.shuffle(allRequests);
cwperks marked this conversation as resolved.
Show resolved Hide resolved

AsyncActions.getAll(allRequests, 30, TimeUnit.SECONDS).forEach((response) -> { response.assertStatusCode(HttpStatus.SC_OK); });
}
}
}
2 changes: 1 addition & 1 deletion src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public class BasicAuthTests {
static final User TEST_USER = new User("test_user").password("s3cret");

public static final String CUSTOM_ATTRIBUTE_NAME = "superhero";
static final User SUPER_USER = new User("super-user").password("super-password").attr(CUSTOM_ATTRIBUTE_NAME, true);
static final User SUPER_USER = new User("super-user").password("super-password").attr(CUSTOM_ATTRIBUTE_NAME, "true");
public static final String NOT_EXISTING_USER = "not-existing-user";
public static final String INVALID_PASSWORD = "secret-password";

Expand Down
15 changes: 13 additions & 2 deletions src/integrationTest/java/org/opensearch/test/framework/TestSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,9 @@ public static class User implements UserCredentialsHolder, ToXContentObject {
String name;
private String password;
List<Role> roles = new ArrayList<>();
private Map<String, Object> attributes = new HashMap<>();
List<String> backendRoles = new ArrayList<>();
String requestedTenant;
private Map<String, String> attributes = new HashMap<>();

public User(String name) {
this.name = name;
Expand All @@ -282,7 +284,12 @@ public User roles(Role... roles) {
return this;
}

public User attr(String key, Object value) {
public User backendRoles(String... backendRoles) {
this.backendRoles.addAll(Arrays.asList(backendRoles));
return this;
}

public User attr(String key, String value) {
this.attributes.put(key, value);
return this;
}
Expand Down Expand Up @@ -315,6 +322,10 @@ public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params
xContentBuilder.field("opendistro_security_roles", roleNames);
}

if (!backendRoles.isEmpty()) {
xContentBuilder.field("backend_roles", backendRoles);
}

if (attributes != null && attributes.size() != 0) {
xContentBuilder.field("attributes", attributes);
}
Expand Down
Loading