honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: Add FLS & DLS tests for join field 

Original commit: elastic/x-pack-elasticsearch@3a35743ccc
This commit is contained in:
Martijn van Groningen 2017-06-06 09:34:37 +02:00
parent 3f6e640f90
commit 15022670e2
2 changed files with 72 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
plugin/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
View File

@ -24,10 +24,12 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.indices.IndicesRequestCache;
import org.elasticsearch.join.ParentJoinPlugin;
import org.elasticsearch.join.aggregations.Children;
import org.elasticsearch.join.aggregations.JoinAggregationBuilders;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.search.aggregations.AggregationBuilders;
import org.elasticsearch.join.aggregations.JoinAggregationBuilders;
import org.elasticsearch.join.aggregations.Children;
import org.elasticsearch.search.aggregations.bucket.global.Global;
import org.elasticsearch.search.aggregations.bucket.terms.Terms;
import org.elasticsearch.search.sort.SortBuilders;
@ -37,12 +39,12 @@ import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.join.ParentJoinPlugin;
import java.util.Arrays;
import java.util.Collections;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
@ -634,7 +636,7 @@ public class DocumentLevelSecurityTests extends SecurityIntegTestCase {
assertThat(termsAgg.getBuckets().size(), equalTo(0));
}
public void testParentChild() {
public void testParentChild_parentField() {
assertAcked(prepareCreate("test")
.setSettings("mapping.single_type", false)
.addMapping("parent")
@ -647,7 +649,35 @@ public class DocumentLevelSecurityTests extends SecurityIntegTestCase {
client().prepareIndex("test", "child", "c2").setSource("field2", "value2").setParent("p1").get();
client().prepareIndex("test", "child", "c3").setSource("field3", "value3").setParent("p1").get();
refresh();
verifyParentChild();
}
public void testParentChild_joinField() {
assertAcked(prepareCreate("test")
.addMapping("doc", "join_field", "type=join,parent=child", "field1", "type=text", "field2", "type=text",
"field3", "type=text"));
ensureGreen();
// index simple data
client().prepareIndex("test", "doc", "p1").setSource("join_field", "parent", "field1", "value1").get();
Map<String, Object> source = new HashMap<>();
source.put("field2", "value2");
Map<String, Object> joinField = new HashMap<>();
joinField.put("name", "child");
joinField.put("parent", "p1");
source.put("join_field", joinField);
client().prepareIndex("test", "doc", "c1").setSource(source).setRouting("p1").get();
client().prepareIndex("test", "doc", "c2").setSource(source).setRouting("p1").get();
source = new HashMap<>();
source.put("field3", "value3");
source.put("join_field", joinField);
client().prepareIndex("test", "doc", "c3").setSource(source).setRouting("p1").get();
refresh();
verifyParentChild();
}
private void verifyParentChild() {
SearchResponse searchResponse = client().prepareSearch("test")
.setQuery(hasChildQuery("child", matchAllQuery(), ScoreMode.None))
.get();

45
plugin/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
View File

@ -26,21 +26,23 @@ import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.IndexModule;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.indices.IndicesRequestCache;
import org.elasticsearch.join.ParentJoinPlugin;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.search.aggregations.AggregationBuilders;
import org.elasticsearch.search.aggregations.bucket.terms.Terms;
import org.elasticsearch.search.sort.SortOrder;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.join.ParentJoinPlugin;
import java.util.Arrays;
import java.util.Collections;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.index.query.QueryBuilders.constantScoreQuery;
@ -48,11 +50,11 @@ import static org.elasticsearch.index.query.QueryBuilders.existsQuery;
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
import static org.elasticsearch.join.query.JoinQueryBuilders.hasChildQuery;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
@ -113,7 +115,7 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
" - names: '*'\n" +
" privileges: [ ALL ]\n" +
" field_security:\n" +
" grant: [ field1 ]\n" +
" grant: [ field1, join_field* ]\n" +
"role3:\n" +
" cluster: [ all ]\n" +
" indices:\n" +
@ -1293,7 +1295,7 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
assertThat(response.getResponses()[0].getResponse().getFields().terms("field2").size(), equalTo(1L));
}
public void testParentChild() {
public void testParentChild_parentField() {
assertAcked(prepareCreate("test")
.setSettings("mapping.single_type", false)
.addMapping("parent")
@ -1305,7 +1307,32 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
client().prepareIndex("test", "child", "c1").setSource("field1", "red").setParent("p1").get();
client().prepareIndex("test", "child", "c2").setSource("field1", "yellow").setParent("p1").get();
refresh();
verifyParentChild();
}
public void testParentChild_joinField() {
assertAcked(prepareCreate("test")
.addMapping("doc", "join_field", "type=join,parent=child"));
ensureGreen();
// index simple data
client().prepareIndex("test", "doc", "p1").setSource("join_field", "parent").get();
Map<String, Object> source = new HashMap<>();
source.put("field1", "red");
Map<String, Object> joinField = new HashMap<>();
joinField.put("name", "child");
joinField.put("parent", "p1");
source.put("join_field", joinField);
client().prepareIndex("test", "doc", "c1").setSource(source).setRouting("p1").get();
source = new HashMap<>();
source.put("field1", "yellow");
source.put("join_field", joinField);
client().prepareIndex("test", "doc", "c2").setSource(source).setRouting("p1").get();
refresh();
verifyParentChild();
}
private void verifyParentChild() {
SearchResponse searchResponse = client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
.prepareSearch("test")