Skip to content

Commit

Permalink
Use strong password in integ test (opensearch-project#987)
Browse files Browse the repository at this point in the history
Signed-off-by: Sooraj Sinha <[email protected]>
  • Loading branch information
soosinha authored Jun 7, 2023
1 parent bc9b61a commit 93205a1
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ import org.apache.hc.core5.http.io.entity.StringEntity
import org.opensearch.client.Request
import org.junit.BeforeClass

const val INTEG_TEST_PASSWORD = "ccr-integ-test@123"

abstract class SecurityBase : MultiClusterRestTestCase() {
companion object {
var initialized : Boolean = false
Expand Down Expand Up @@ -282,17 +284,17 @@ abstract class SecurityBase : MultiClusterRestTestCase() {
}

private fun addUsers(){
addUserToCluster("testUser1","password", FOLLOWER)
addUserToCluster("testUser1","password", LEADER)
addUserToCluster("testUser2","password", FOLLOWER)
addUserToCluster("testUser2","password", LEADER)
addUserToCluster("testUser3","password", FOLLOWER)
addUserToCluster("testUser4","password", FOLLOWER)
addUserToCluster("testUser5","password", FOLLOWER)
addUserToCluster("testUser6","password", LEADER)
addUserToCluster("testUser6","password", FOLLOWER)
addUserToCluster("testUser7","password", LEADER)
addUserToCluster("testUser7","password", FOLLOWER)
addUserToCluster("testUser1", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser1", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser2", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser2", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser3", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser4", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser5", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser6", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser6", INTEG_TEST_PASSWORD, FOLLOWER)
addUserToCluster("testUser7", INTEG_TEST_PASSWORD, LEADER)
addUserToCluster("testUser7", INTEG_TEST_PASSWORD, FOLLOWER)
}

private fun addUserToCluster(userName: String, password: String, clusterName: String) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"), waitForRestore = true)
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD), waitForRestore = true)
assertBusy {
Assertions.assertThat(followerClient.indices().exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT)).isEqualTo(true)
}
Expand All @@ -79,7 +79,7 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleNoPerms"))

Assertions.assertThatThrownBy { followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password")) }
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD)) }
.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -89,7 +89,7 @@ class SecurityCustomRolesIT: SecurityBase() {

Assertions.assertThatThrownBy {
followerClient.stopReplication("follower-index1",
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("No replication in progress for index:follower-index1")
}
Expand All @@ -99,7 +99,7 @@ class SecurityCustomRolesIT: SecurityBase() {

Assertions.assertThatThrownBy {
followerClient.stopReplication("follower-index1",
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -115,7 +115,7 @@ class SecurityCustomRolesIT: SecurityBase() {

var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
var requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")
var requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = requestOptions)

Expand Down Expand Up @@ -145,11 +145,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

Assertions.assertThatThrownBy {
followerClient.pauseReplication(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -167,11 +167,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}
}

Expand All @@ -188,11 +188,11 @@ class SecurityCustomRolesIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))

followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

Assertions.assertThatThrownBy {
followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -215,7 +215,7 @@ class SecurityCustomRolesIT: SecurityBase() {

followerClient.startReplication(StartReplicationRequest("source", leaderIndexName, followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms")),
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
assertBusy {
Assertions.assertThat(followerClient.indices()
.exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT))
Expand All @@ -234,7 +234,7 @@ class SecurityCustomRolesIT: SecurityBase() {
.put("index.shard.check_on_startup", "checksum")
.build()
followerClient.updateReplication(followerIndexName, settings,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))

// Wait for the settings to get updated at follower cluster.
assertBusy ({
Expand All @@ -260,7 +260,7 @@ class SecurityCustomRolesIT: SecurityBase() {
Assertions.assertThat(createIndexResponse.isAcknowledged).isTrue()
followerClient.startReplication(StartReplicationRequest("source", leaderIndexName, followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms")),
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"), waitForRestore = true)
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD), waitForRestore = true)
assertBusy {
Assertions.assertThat(followerClient.indices()
.exists(GetIndexRequest(followerIndexName), RequestOptions.DEFAULT))
Expand All @@ -279,7 +279,7 @@ class SecurityCustomRolesIT: SecurityBase() {
.build()
Assertions.assertThatThrownBy {
followerClient.updateReplication(followerIndexName, settings,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand All @@ -297,7 +297,7 @@ class SecurityCustomRolesIT: SecurityBase() {
try {
followerClient.updateAutoFollowPattern(connectionAlias, indexPatternName, indexPattern,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"),
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
// Verify that existing index matching the pattern are replicated.
assertBusy ({
Assertions.assertThat(followerClient.indices()
Expand Down Expand Up @@ -326,7 +326,7 @@ class SecurityCustomRolesIT: SecurityBase() {
Assertions.assertThatThrownBy {
followerClient.updateAutoFollowPattern(connectionAlias, indexPatternName, indexPattern,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleNoPerms"),
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2","password"))
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser2",INTEG_TEST_PASSWORD))
}.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
}
Expand Down Expand Up @@ -358,7 +358,7 @@ class SecurityCustomRolesIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
insertDocToIndex(LEADER, "1", "dummy data 1",leaderIndexName)
//Querying ES cluster throws random exceptions like ClusterManagerNotDiscovered or ShardsFailed etc, so catching them and retrying
assertBusy ({
Expand All @@ -370,15 +370,15 @@ class SecurityCustomRolesIT: SecurityBase() {
}, 1, TimeUnit.MINUTES)
assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}

updateRole(followerIndexName,"followerRoleValidPerms", false)
insertDocToIndex(LEADER, "2", "dummy data 2",leaderIndexName)

assertBusy ({
validatePausedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 100, TimeUnit.SECONDS)
} finally {
updateRole(followerIndexName,"followerRoleValidPerms", true)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleNoPerms",followerClusterRole = "followerRoleValidPerms"))
Assertions.assertThatThrownBy { followerClient.startReplication(startReplicationRequest,
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser6","password")) }
requestOptions= RequestOptions.DEFAULT.addBasicAuthHeader("testUser6",INTEG_TEST_PASSWORD)) }
.isInstanceOf(ResponseException::class.java)
.hasMessageContaining("403 Forbidden")
.hasMessageContaining("no permissions for [indices:admin/plugins/replication/index/setup/validate]")
Expand All @@ -64,7 +64,7 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
var startReplicationRequest = StartReplicationRequest("source",leaderIndexName,followerIndexName,
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
followerClient.startReplication(startReplicationRequest, waitForRestore = true,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
insertDocToIndex(LEADER, "1", "dummy data 1",leaderIndexName)
//Querying ES cluster throws random exceptions like ClusterManagerNotDiscovered or ShardsFailed etc, so catching them and retrying
assertBusy ({
Expand All @@ -76,13 +76,13 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
}, 1, TimeUnit.MINUTES)
assertBusy {
`validate status syncing response`(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}
updateRole(followerIndexName,"leaderRoleValidPerms", false)
insertDocToIndex(LEADER, "2", "dummy data 2",leaderIndexName)
assertBusy ({
validatePausedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 100, TimeUnit.SECONDS)
} finally {
updateRole(followerIndexName,"leaderRoleValidPerms", true)
Expand All @@ -101,10 +101,10 @@ class SecurityCustomRolesLeaderIT: SecurityBase() {
useRoles = UseRoles(leaderClusterRole = "leaderRoleValidPerms",followerClusterRole = "followerRoleValidPerms"))
updateFileChunkPermissions("","leaderRoleValidPerms", false)
followerClient.startReplication(startReplicationRequest,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password"))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD))
assertBusy ({
validateFailedState(followerClient.replicationStatus(followerIndexName,
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1","password")))
requestOptions = RequestOptions.DEFAULT.addBasicAuthHeader("testUser1",INTEG_TEST_PASSWORD)))
}, 60, TimeUnit.SECONDS)
} catch (ex : Exception) {
logger.info("Exception is", ex)
Expand Down
Loading

0 comments on commit 93205a1

Please sign in to comment.