From d53251e5a763342edba16213ab6359dca8c95cb0 Mon Sep 17 00:00:00 2001 From: scosta Date: Mon, 8 May 2023 21:55:33 +0100 Subject: [PATCH] #2595 adding dummy validator to reach class Signed-off-by: scosta --- .../api/ExtensionRegistrationApiAction.java | 21 ++--- .../ExtensionRegistrationValidator.java | 41 +++++++++ .../ExtensionRegistrationApiActionTest.java | 83 ++++++++++++++----- .../system_indices/SystemIndicesTests.java | 32 ------- 4 files changed, 110 insertions(+), 67 deletions(-) create mode 100644 src/main/java/org/opensearch/security/dlic/rest/validation/ExtensionRegistrationValidator.java diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiAction.java index 487009f08f..7ae3def88b 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiAction.java @@ -34,7 +34,7 @@ import org.opensearch.security.configuration.AdminDNs; import org.opensearch.security.configuration.ConfigurationRepository; import org.opensearch.security.dlic.rest.validation.AbstractConfigurationValidator; -import org.opensearch.security.dlic.rest.validation.InternalUsersValidator; +import org.opensearch.security.dlic.rest.validation.ExtensionRegistrationValidator; import org.opensearch.security.privileges.PrivilegesEvaluator; import org.opensearch.security.securityconf.impl.CType; import org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration; @@ -55,6 +55,8 @@ public class ExtensionRegistrationApiAction extends AbstractApiAction { //Sample Request // { // "unique_id": "hello_world", + // "description": "Extension that greets the user", + // "developer": "messages", // "indices": "messages", // "protected_indices": {}, // "endpoints": "/hello, /goodbye", @@ -98,9 +100,10 @@ protected void handleGet(final RestChannel channel, RestRequest request, Client @Override protected void handlePut(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException { - createdResponse(channel, " updated"); final String uniqueId = request.param("unique_id"); + final String description = request.param("unique_id"); + final String developer = request.param("unique_id"); final List indices = Arrays.asList(request.param("indices")); final List protected_indices = Arrays.asList(request.param("protected_indices")); final List endpoints = Arrays.asList(request.param("endpoints")); @@ -109,11 +112,6 @@ protected void handlePut(RestChannel channel, final RestRequest request, final C final String username = request.param("name"); - if(!validateRequest(request)){ - badRequestResponse(channel, "No Extension Unique ID specified."); - return; - } - if(save(request)){ generateAuthToken(); createdResponse(channel, "'" + uniqueId + "' updated"); @@ -136,7 +134,6 @@ protected void handlePut(RestChannel channel, final RestRequest request, final C // contentAsNode.remove("password"); // } - final boolean userExisted = internalUsersConfiguration.exists(username); // checks complete, create or update the user internalUsersConfiguration.putCObject(username, DefaultObjectMapper.readTree(contentAsNode, internalUsersConfiguration.getImplementingClass())); @@ -144,11 +141,8 @@ protected void handlePut(RestChannel channel, final RestRequest request, final C } private boolean save(RestRequest request) { - return true; - } - private boolean validateRequest(RestRequest request) { - return true; + return true; } @Override @@ -176,6 +170,7 @@ protected CType getConfigName() { @Override protected AbstractConfigurationValidator getValidator(RestRequest request, BytesReference ref, Object... params) { - return new InternalUsersValidator(request, isSuperAdmin(), ref, this.settings, params); + return new ExtensionRegistrationValidator(request, isSuperAdmin(), ref, this.settings, params); } } + diff --git a/src/main/java/org/opensearch/security/dlic/rest/validation/ExtensionRegistrationValidator.java b/src/main/java/org/opensearch/security/dlic/rest/validation/ExtensionRegistrationValidator.java new file mode 100644 index 0000000000..d22ea452a6 --- /dev/null +++ b/src/main/java/org/opensearch/security/dlic/rest/validation/ExtensionRegistrationValidator.java @@ -0,0 +1,41 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package org.opensearch.security.dlic.rest.validation; + +import org.opensearch.common.bytes.BytesReference; +import org.opensearch.common.settings.Settings; +import org.opensearch.rest.RestRequest; + +/** + * Validator for Internal Users Api Action. + */ +public class ExtensionRegistrationValidator extends AbstractConfigurationValidator { + + public ExtensionRegistrationValidator(final RestRequest request, boolean isSuperAdmin, BytesReference ref, final Settings opensearchSettings, + Object... param) { + super(request, ref, opensearchSettings, param); + allowedKeys.put("unique_id", DataType.STRING); + allowedKeys.put("description", DataType.STRING); + allowedKeys.put("indices", DataType.ARRAY); + allowedKeys.put("protected_indices", DataType.ARRAY); + allowedKeys.put("endpoints", DataType.ARRAY); + allowedKeys.put("protected_endpoints", DataType.ARRAY); + } + + @Override + public boolean validate() { + //TODO + return true; + + + } +} \ No newline at end of file diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiActionTest.java index 9a36b05c0f..f7376ef66d 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/ExtensionRegistrationApiActionTest.java @@ -16,12 +16,17 @@ import org.junit.Test; import org.opensearch.common.settings.Settings; +import org.opensearch.rest.RestStatus; import org.opensearch.security.support.ConfigConstants; +import org.opensearch.security.system_indices.SystemIndicesTests; +import org.opensearch.security.test.DynamicSecurityConfig; +import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.rest.RestHelper; +import static org.junit.Assert.assertEquals; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; -public class ExtensionRegistrationApiActionTest extends AbstractRestApiUnitTest { +public class ExtensionRegistrationApiActionTest extends SystemIndicesTests { private final String ENDPOINT = PLUGINS_PREFIX + "/api/extensions/register"; //Sample Request @@ -36,30 +41,64 @@ public class ExtensionRegistrationApiActionTest extends AbstractRestApiUnitTest private final String wrongExtRequest = " {\n" + " \"indices\": \"messages\",\n" + " \"protected_indices\": {},\n" + " \"endpoints\": \"/hello, /goodbye\",\n" + " \"protected_endpoints\": \"/update/{name}\"\n" + " }"; - @Test - public void ShouldGetAuthTokenWhenRegistryGetsCreatedTest() throws Exception { - - Settings settings = Settings.builder().put(ConfigConstants.SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION, true).build(); - setup(settings); - - rh.keystore = "restapi/kirk-keystore.jks"; - rh.sendAdminCertificate = true; - - RestHelper.HttpResponse response = rh.executePutRequest(ENDPOINT, correctExtRequest); - Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); + private void setupSettingsWithSsl() throws Exception { + + Settings systemIndexSettings = Settings.builder() + .put(ConfigConstants.SECURITY_SYSTEM_INDICES_ENABLED_KEY, false) + .put("plugins.security.ssl.http.enabled",true) + .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")) + .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")) + .put("path.repo", repositoryPath.getRoot().getAbsolutePath()) + .build(); + setup(Settings.EMPTY, + new DynamicSecurityConfig() + .setConfig("config_system_indices.yml") + .setSecurityRoles("roles_system_indices.yml") + .setSecurityInternalUsers("internal_users_system_indices.yml") + .setSecurityRolesMapping("roles_mapping_system_indices.yml"), + systemIndexSettings, + true); + } + private RestHelper keyStoreRestHelper() { + RestHelper restHelper = restHelper(); + restHelper.keystore = "kirk-keystore.jks"; + restHelper.enableHTTPClientSSL = true; + restHelper.trustHTTPServerCertificate = true; + restHelper.sendAdminCertificate = true; + return restHelper; } + private RestHelper sslRestHelper() { + RestHelper restHelper = restHelper(); + restHelper.enableHTTPClientSSL = true; + return restHelper; + } @Test - public void RegisterExtShouldFailIfMissingFields() throws Exception { - - Settings settings = Settings.builder().put(ConfigConstants.SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION, true).build(); - setup(settings); - - rh.keystore = "restapi/kirk-keystore.jks"; - rh.sendAdminCertificate = true; - - RestHelper.HttpResponse response = rh.executePutRequest(ENDPOINT, wrongExtRequest); - Assert.assertEquals(HttpStatus.SC_BAD_REQUEST, response.getStatusCode()); + public void tempTestForExtensionRegistrationAPiActionRemoveAfter() throws Exception { + setupSettingsWithSsl(); + + RestHelper keyStoreRestHelper = keyStoreRestHelper(); + RestHelper sslRestHelper = sslRestHelper(); + + String indexSettings = "{\n" + + " \"index\" : {\n" + + " \"refresh_interval\" : null\n" + + " }\n" + + "}"; + + //as Superadmin + RestHelper.HttpResponse responsea = keyStoreRestHelper.executeGetRequest( ENDPOINT, indexSettings); + assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); + + responsea = keyStoreRestHelper.executePutRequest( ENDPOINT, indexSettings); + assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); + + //as admin + // responsea = sslRestHelper.executeGetRequest( ENDPOINT, indexSettings, allAccessUserHeader); + // assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); + // + // responsea = sslRestHelper.executePutRequest( ENDPOINT, indexSettings, allAccessUserHeader); + // assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); } } diff --git a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java index f57e183cd4..e577a2b1d1 100644 --- a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java +++ b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java @@ -360,38 +360,6 @@ public void testUpdateIndexSettings() throws Exception { } } - @Test - public void tempTestForExtensionRegistrationAPiActionRemoveAfter() throws Exception { - setupSystemIndicesDisabledWithSsl(); -// createTestIndicesAndDocs(); - - RestHelper keyStoreRestHelper = keyStoreRestHelper(); - RestHelper sslRestHelper = sslRestHelper(); - - String indexSettings = "{\n" + - " \"index\" : {\n" + - " \"refresh_interval\" : null\n" + - " }\n" + - "}"; - String ENDPOINT = PLUGINS_PREFIX + "/api/extensions/register"; - - - //as Superadmin - RestHelper.HttpResponse responsea = keyStoreRestHelper.executeGetRequest( ENDPOINT, indexSettings); - assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); - - responsea = keyStoreRestHelper.executePutRequest( ENDPOINT, indexSettings); - assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); - - //as admin - responsea = sslRestHelper.executeGetRequest( ENDPOINT, indexSettings, allAccessUserHeader); - assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); - - responsea = sslRestHelper.executePutRequest( ENDPOINT, indexSettings, allAccessUserHeader); - assertEquals(RestStatus.CREATED.getStatus(), responsea.getStatusCode()); - } - - @Test public void testUpdateIndexSettingsWithSystemIndices() throws Exception { setupSystemIndicesEnabledWithSsl();