-
Notifications
You must be signed in to change notification settings - Fork 282
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Andrey Pleskach <[email protected]>
- Loading branch information
1 parent
dadd03f
commit 5fc0627
Showing
15 changed files
with
621 additions
and
109 deletions.
There are no files selected for viewing
84 changes: 84 additions & 0 deletions
84
src/integrationTest/java/org/opensearch/security/AbstractDefaultConfigurationTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
*/ | ||
package org.opensearch.security; | ||
|
||
import java.io.IOException; | ||
import java.nio.file.Path; | ||
import java.util.Map; | ||
import java.util.concurrent.TimeUnit; | ||
|
||
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; | ||
import org.apache.commons.io.FileUtils; | ||
import org.awaitility.Awaitility; | ||
import org.junit.AfterClass; | ||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
|
||
import org.opensearch.security.state.SecurityMetadata; | ||
import org.opensearch.test.framework.cluster.LocalCluster; | ||
import org.opensearch.test.framework.cluster.TestRestClient; | ||
|
||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.hamcrest.Matchers.aMapWithSize; | ||
import static org.hamcrest.Matchers.allOf; | ||
import static org.hamcrest.Matchers.equalTo; | ||
import static org.hamcrest.Matchers.hasKey; | ||
import static org.junit.Assert.assertTrue; | ||
|
||
@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) | ||
@ThreadLeakScope(ThreadLeakScope.Scope.NONE) | ||
public abstract class AbstractDefaultConfigurationTests { | ||
public final static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory(); | ||
public static final String ADMIN_USER_NAME = "admin"; | ||
public static final String DEFAULT_PASSWORD = "secret"; | ||
public static final String NEW_USER = "new-user"; | ||
public static final String LIMITED_USER = "limited-user"; | ||
|
||
private final LocalCluster cluster; | ||
|
||
protected AbstractDefaultConfigurationTests(LocalCluster cluster) { | ||
this.cluster = cluster; | ||
} | ||
|
||
@AfterClass | ||
public static void cleanConfigurationDirectory() throws IOException { | ||
FileUtils.deleteDirectory(configurationFolder.toFile()); | ||
} | ||
|
||
@Test | ||
public void shouldLoadDefaultConfiguration() throws IOException { | ||
try (TestRestClient client = cluster.getRestClient(NEW_USER, DEFAULT_PASSWORD)) { | ||
Awaitility.waitAtMost(20, TimeUnit.SECONDS) | ||
.await("Load default configuration") | ||
.until(() -> client.getAuthInfo().getStatusCode(), equalTo(200)); | ||
} | ||
try (TestRestClient client = cluster.getRestClient(ADMIN_USER_NAME, DEFAULT_PASSWORD)) { | ||
client.confirmCorrectCredentials(ADMIN_USER_NAME); | ||
TestRestClient.HttpResponse response = client.get("_plugins/_security/api/internalusers"); | ||
response.assertStatusCode(200); | ||
Map<String, Object> users = response.getBodyAs(Map.class); | ||
assertThat(users, allOf(aMapWithSize(3), hasKey(ADMIN_USER_NAME), hasKey(NEW_USER), hasKey(LIMITED_USER))); | ||
assertClusterState(client); | ||
} | ||
} | ||
|
||
void assertClusterState(final TestRestClient client) { | ||
if (cluster.node().settings().getAsBoolean("plugins.security.allow_default_init_securityindex.use_cluster_state", false)) { | ||
final TestRestClient.HttpResponse response = client.get("_cluster/state"); | ||
response.assertStatusCode(200); | ||
final var clusterState = response.getBodyAs(Map.class); | ||
assertTrue(response.getBody(), clusterState.containsKey(SecurityMetadata.TYPE)); | ||
@SuppressWarnings("unchecked") | ||
final var securityClusterState = (Map<String, Object>) clusterState.get(SecurityMetadata.TYPE); | ||
assertTrue(response.getBody(), (Boolean) securityClusterState.get(SecurityMetadata.SECURITY_CONFIGURATION_APPLIED_FIELD_NAME)); | ||
} | ||
} | ||
|
||
} |
39 changes: 39 additions & 0 deletions
39
...tegrationTest/java/org/opensearch/security/DefaultConfigurationMultiNodeClusterTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
*/ | ||
package org.opensearch.security; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import org.junit.ClassRule; | ||
|
||
import org.opensearch.test.framework.cluster.ClusterManager; | ||
import org.opensearch.test.framework.cluster.LocalCluster; | ||
|
||
public class DefaultConfigurationMultiNodeClusterTests extends AbstractDefaultConfigurationTests { | ||
|
||
@ClassRule | ||
public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS) | ||
.nodeSettings( | ||
Map.of( | ||
"plugins.security.allow_default_init_securityindex", | ||
true, | ||
"plugins.security.restapi.roles_enabled", | ||
List.of("user_admin__all_access") | ||
) | ||
) | ||
.defaultConfigurationInitDirectory(configurationFolder.toString()) | ||
.loadConfigurationIntoIndex(false) | ||
.build(); | ||
|
||
public DefaultConfigurationMultiNodeClusterTests() { | ||
super(cluster); | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
...ava/org/opensearch/security/DefaultConfigurationMultiNodeClusterUseClusterStateTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
*/ | ||
package org.opensearch.security; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import org.junit.ClassRule; | ||
|
||
import org.opensearch.test.framework.cluster.ClusterManager; | ||
import org.opensearch.test.framework.cluster.LocalCluster; | ||
|
||
public class DefaultConfigurationMultiNodeClusterUseClusterStateTests extends AbstractDefaultConfigurationTests { | ||
|
||
@ClassRule | ||
public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS) | ||
.nodeSettings( | ||
Map.of( | ||
"plugins.security.allow_default_init_securityindex", | ||
true, | ||
"plugins.security.allow_default_init_securityindex.use_cluster_state", | ||
true, | ||
"plugins.security.restapi.roles_enabled", | ||
List.of("user_admin__all_access") | ||
) | ||
) | ||
.defaultConfigurationInitDirectory(configurationFolder.toString()) | ||
.loadConfigurationIntoIndex(false) | ||
.build(); | ||
|
||
public DefaultConfigurationMultiNodeClusterUseClusterStateTests() { | ||
super(cluster); | ||
} | ||
|
||
} |
44 changes: 44 additions & 0 deletions
44
...egrationTest/java/org/opensearch/security/DefaultConfigurationSingleNodeClusterTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
*/ | ||
package org.opensearch.security; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; | ||
import org.junit.ClassRule; | ||
import org.junit.runner.RunWith; | ||
|
||
import org.opensearch.test.framework.cluster.ClusterManager; | ||
import org.opensearch.test.framework.cluster.LocalCluster; | ||
|
||
@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) | ||
@ThreadLeakScope(ThreadLeakScope.Scope.NONE) | ||
public class DefaultConfigurationSingleNodeClusterTests extends AbstractDefaultConfigurationTests { | ||
|
||
@ClassRule | ||
public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) | ||
.nodeSettings( | ||
Map.of( | ||
"plugins.security.allow_default_init_securityindex", | ||
true, | ||
"plugins.security.restapi.roles_enabled", | ||
List.of("user_admin__all_access") | ||
) | ||
) | ||
.defaultConfigurationInitDirectory(configurationFolder.toString()) | ||
.loadConfigurationIntoIndex(false) | ||
.build(); | ||
|
||
public DefaultConfigurationSingleNodeClusterTests() { | ||
super(cluster); | ||
} | ||
|
||
} |
42 changes: 42 additions & 0 deletions
42
...va/org/opensearch/security/DefaultConfigurationSingleNodeClusterUseClusterStateTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
*/ | ||
package org.opensearch.security; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import org.junit.ClassRule; | ||
|
||
import org.opensearch.test.framework.cluster.ClusterManager; | ||
import org.opensearch.test.framework.cluster.LocalCluster; | ||
|
||
public class DefaultConfigurationSingleNodeClusterUseClusterStateTests extends AbstractDefaultConfigurationTests { | ||
|
||
@ClassRule | ||
public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) | ||
.nodeSettings( | ||
Map.of( | ||
"plugins.security.allow_default_init_securityindex", | ||
true, | ||
"plugins.security.allow_default_init_securityindex.use_cluster_state", | ||
true, | ||
"plugins.security.restapi.roles_enabled", | ||
List.of("user_admin__all_access") | ||
) | ||
) | ||
.defaultConfigurationInitDirectory(configurationFolder.toString()) | ||
.loadConfigurationIntoIndex(false) | ||
.build(); | ||
|
||
public DefaultConfigurationSingleNodeClusterUseClusterStateTests() { | ||
super(cluster); | ||
} | ||
|
||
} |
78 changes: 0 additions & 78 deletions
78
src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.