Ensure integ tests run with security after plugin rename (#1023)

* Ensure integ tests run with security after plugin rename Signed-off-by: Craig Perkins <[email protected]> * Rename to time-series-analytics Signed-off-by: Craig Perkins <[email protected]> * Switch folder back Signed-off-by: Craig Perkins <[email protected]> * Run integTest with -i Signed-off-by: Craig Perkins <[email protected]> * Remove opensearch-anomaly-detection if installed Signed-off-by: Craig Perkins <[email protected]> * Update password rules and change expected error msg Signed-off-by: Craig Perkins <[email protected]> * Update password generation Signed-off-by: Craig Perkins <[email protected]> * Fix indexOf condition Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
opensearch-project · Sep 11, 2023 · 05d0a3b · 05d0a3b
1 parent 72210f0
commit 05d0a3b
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 24 deletions.
diff --git a/.github/workflows/test_security.yml b/.github/workflows/test_security.yml
@@ -23,22 +23,22 @@ jobs:
         with:
           java-version: ${{ matrix.java }}
 
-      # anomaly-detection
+      # time-series-analytics
       - name: Checkout AD
         uses: actions/checkout@v4
 
       - name: Build Anomaly Detection
         run: |
           ./gradlew assemble
       # example of variables:
-      # plugin = opensearch-anomaly-detection-2.4.0.0-SNAPSHOT.zip
-      # version = 2.4.0, plugin_version = 2.4.0.0, qualifier = SNAPSHOT
+      # plugin = opensearch-time-series-analytics-2.10.0.0-SNAPSHOT.zip
+      # version = 2.10.0, plugin_version = 2.10.0.0, qualifier = SNAPSHOT
       - name: Pull and Run Docker
         run: |
           plugin=`basename $(ls build/distributions/*.zip)`
-          version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-3`
-          plugin_version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-4`
-          qualifier=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1`
+          version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-3`
+          plugin_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-4`
+          qualifier=`echo $plugin|awk -F- '{print $6}'| cut -d. -f 1-1`
 
           if $qualifier!=SNAPSHOT
           then
@@ -54,6 +54,7 @@ jobs:
           then
             echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile
             echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-anomaly-detection ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-anomaly-detection; fi" >> Dockerfile
+            echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-time-series-analytics ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-time-series-analytics; fi" >> Dockerfile
             echo "ADD anomaly-detection/build/distributions/$plugin /tmp/" >> Dockerfile
             echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile
             docker build -t opensearch-ad:test .

diff --git a/src/test/java/org/opensearch/ad/rest/SecureADRestIT.java b/src/test/java/org/opensearch/ad/rest/SecureADRestIT.java
@@ -65,14 +65,18 @@ public class SecureADRestIT extends AnomalyDetectorRestTestCase {
      * Create an unguessable password. Simple password are weak due to https://tinyurl.com/383em9zk
      * @return a random password.
      */
-    public static String generatePassword() {
-        String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    public static String generatePassword(String username) {
+        String characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
 
         Random rng = new Random();
 
-        char[] password = new char[10];
-        for (int i = 0; i < 10; i++) {
-            password[i] = characters.charAt(rng.nextInt(characters.length()));
+        char[] password = new char[15];
+        for (int i = 0; i < 15; i++) {
+            char nextChar = characters.charAt(rng.nextInt(characters.length()));
+            while (username.indexOf(nextChar) > -1) {
+                nextChar = characters.charAt(rng.nextInt(characters.length()));
+            }
+            password[i] = nextChar;
         }
 
         return new String(password);
@@ -84,49 +88,49 @@ public void setupSecureTests() throws IOException {
             throw new IllegalArgumentException("Secure Tests are running but HTTPS is not set");
         createIndexRole(indexAllAccessRole, "*");
         createSearchRole(indexSearchAccessRole, "*");
-        String alicePassword = generatePassword();
+        String alicePassword = generatePassword(aliceUser);
         createUser(aliceUser, alicePassword, new ArrayList<>(Arrays.asList("odfe")));
         aliceClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), aliceUser, alicePassword)
             .setSocketTimeout(60000)
             .build();
 
-        String bobPassword = generatePassword();
+        String bobPassword = generatePassword(bobUser);
         createUser(bobUser, bobPassword, new ArrayList<>(Arrays.asList("odfe")));
         bobClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), bobUser, bobPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String catPassword = generatePassword();
+        String catPassword = generatePassword(catUser);
         createUser(catUser, catPassword, new ArrayList<>(Arrays.asList("aes")));
         catClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), catUser, catPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String dogPassword = generatePassword();
+        String dogPassword = generatePassword(dogUser);
         createUser(dogUser, dogPassword, new ArrayList<>(Arrays.asList()));
         dogClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), dogUser, dogPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String elkPassword = generatePassword();
+        String elkPassword = generatePassword(elkUser);
         createUser(elkUser, elkPassword, new ArrayList<>(Arrays.asList("odfe")));
         elkClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), elkUser, elkPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String fishPassword = generatePassword();
+        String fishPassword = generatePassword(fishUser);
         createUser(fishUser, fishPassword, new ArrayList<>(Arrays.asList("odfe", "aes")));
         fishClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), fishUser, fishPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String goatPassword = generatePassword();
+        String goatPassword = generatePassword(goatUser);
         createUser(goatUser, goatPassword, new ArrayList<>(Arrays.asList("opensearch")));
         goatClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), goatUser, goatPassword)
             .setSocketTimeout(60000)
             .build();
 
-        String lionPassword = generatePassword();
+        String lionPassword = generatePassword(lionUser);
         createUser(lionUser, lionPassword, new ArrayList<>(Arrays.asList("opensearch")));
         lionClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), lionUser, lionPassword)
             .setSocketTimeout(60000)
@@ -202,7 +206,7 @@ public void testGetApiFilterByEnabled() throws IOException {
         // User Cat has AD full access, but is part of different backend role so Cat should not be able to access
         // Alice detector
         Exception exception = expectThrows(IOException.class, () -> { getConfig(aliceDetector.getId(), catClient); });
-        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access detector: " + aliceDetector.getId()));
+        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access config: " + aliceDetector.getId()));
     }
 
     private void confirmingClientIsAdmin() throws IOException {
@@ -336,7 +340,7 @@ public void testStartApiFilterByEnabled() throws IOException {
         Exception exception = expectThrows(IOException.class, () -> {
             startAnomalyDetector(aliceDetector.getId(), new DateRange(now.minus(10, ChronoUnit.DAYS), now), catClient);
         });
-        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access detector: " + aliceDetector.getId()));
+        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access config: " + aliceDetector.getId()));
     }
 
     public void testStopApiFilterByEnabled() throws IOException {
@@ -346,7 +350,7 @@ public void testStopApiFilterByEnabled() throws IOException {
         // User Cat has AD full access, but is part of different backend role so Cat should not be able to access
         // Alice detector
         Exception exception = expectThrows(IOException.class, () -> { stopAnomalyDetector(aliceDetector.getId(), catClient, true); });
-        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access detector: " + aliceDetector.getId()));
+        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access config: " + aliceDetector.getId()));
     }
 
     public void testDeleteApiFilterByEnabled() throws IOException {
@@ -356,7 +360,7 @@ public void testDeleteApiFilterByEnabled() throws IOException {
         // User Cat has AD full access, but is part of different backend role so Cat should not be able to access
         // Alice detector
         Exception exception = expectThrows(IOException.class, () -> { deleteAnomalyDetector(aliceDetector.getId(), catClient); });
-        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access detector: " + aliceDetector.getId()));
+        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access config: " + aliceDetector.getId()));
     }
 
     public void testCreateAnomalyDetectorWithNoBackendRole() throws IOException {
@@ -438,7 +442,7 @@ public void testPreviewAnomalyDetectorWithFilterEnabled() throws IOException {
         // User Cat has AD full access, but is part of different backend role so Cat should not be able to access
         // Alice detector
         Exception exception = expectThrows(IOException.class, () -> { previewAnomalyDetector(aliceDetector.getId(), catClient, input); });
-        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access detector: " + aliceDetector.getId()));
+        Assert.assertTrue(exception.getMessage().contains("User does not have permissions to access config: " + aliceDetector.getId()));
     }
 
     public void testPreviewAnomalyDetectorWithNoReadPermissionOfIndex() throws IOException {