[Test] Add Monitoring Bulk API REST tests with privileges (elastic/x-pack-elasticsearch#968)
This commit removes the smoke-test-monitoring-with-security project and replaces it with a REST test. Original commit: elastic/x-pack-elasticsearch@f1665815c2
This commit is contained in:
parent
07a99c4792
commit
6396edc6a7
|
@ -0,0 +1,140 @@
|
|||
---
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
# Creates a role and a user "Logstash Agent" who can use
|
||||
# the Monitoring Bulk API and read the monitoring indices.
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "logstash_agent_role"
|
||||
body: >
|
||||
{
|
||||
"cluster": ["cluster:admin/xpack/monitoring/bulk"],
|
||||
"indices": [
|
||||
{
|
||||
"privileges": ["read"],
|
||||
"names": ".monitoring-*"
|
||||
}
|
||||
]
|
||||
}
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "logstash_agent"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "logstash_agent_role" ]
|
||||
}
|
||||
|
||||
# Creates a role and a user "Unknown Agent" who can only
|
||||
# read the monitoring indices.
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "unkown_agent_role"
|
||||
body: >
|
||||
{
|
||||
"cluster": ["monitor"],
|
||||
"indices": [
|
||||
{
|
||||
"privileges": ["read"],
|
||||
"names": ".monitoring-*"
|
||||
}
|
||||
]
|
||||
}
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "unknown_agent"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "unkown_agent_role" ]
|
||||
}
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "logstash_agent"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
name: "logstash_agent_role"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "unknown_agent"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
name: "unkown_agent_role"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Monitoring Bulk API":
|
||||
- skip:
|
||||
features: catch_unauthorized
|
||||
|
||||
- do:
|
||||
headers:
|
||||
# Authorization: logstash_agent
|
||||
Authorization: "Basic bG9nc3Rhc2hfYWdlbnQ6czNrcml0"
|
||||
xpack.monitoring.bulk:
|
||||
system_id: "logstash"
|
||||
system_api_version: "2"
|
||||
interval: "10s"
|
||||
body:
|
||||
- index:
|
||||
_type: logstash_metric
|
||||
- metric:
|
||||
queue: 10
|
||||
- index:
|
||||
_index: _data
|
||||
_type: logstash_info
|
||||
- info:
|
||||
license: basic
|
||||
- is_false: errors
|
||||
|
||||
- do:
|
||||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
search:
|
||||
index: .monitoring-logstash-*
|
||||
type: logstash_metric
|
||||
- match: { hits.total: 1 }
|
||||
|
||||
- do:
|
||||
search:
|
||||
index: .monitoring-data-*
|
||||
type: logstash_info
|
||||
- match: { hits.total: 1 }
|
||||
|
||||
- do:
|
||||
catch: forbidden
|
||||
headers:
|
||||
# Authorization: unknown_agent
|
||||
Authorization: "Basic dW5rbm93bl9hZ2VudDpzM2tyaXQ="
|
||||
xpack.monitoring.bulk:
|
||||
system_id: "logstash"
|
||||
system_api_version: "2"
|
||||
interval: "10s"
|
||||
body:
|
||||
- index:
|
||||
_type: logstash_metric
|
||||
- metric:
|
||||
queue: 10
|
||||
- match: { "error.type": "security_exception" }
|
||||
- match: { "error.reason": "action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [unknown_agent]" }
|
||||
|
||||
- do:
|
||||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
search:
|
||||
index: .monitoring-logstash-*
|
||||
type: logstash_metric
|
||||
- match: { hits.total: 1 }
|
|
@ -1,50 +0,0 @@
|
|||
subprojects {
|
||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||
apply plugin: 'elasticsearch.rest-test'
|
||||
|
||||
dependencies {
|
||||
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
||||
}
|
||||
|
||||
// bring in monitoring rest test suite
|
||||
task copyMonitoringRestTests(type: Copy) {
|
||||
into project.sourceSets.test.output.resourcesDir
|
||||
from project(':x-pack-elasticsearch:plugin').sourceSets.test.resources.srcDirs
|
||||
include 'rest-api-spec/test/monitoring/**'
|
||||
}
|
||||
|
||||
integTest {
|
||||
dependsOn copyMonitoringRestTests
|
||||
}
|
||||
|
||||
integTestCluster {
|
||||
systemProperty 'es.logger.level', 'TRACE'
|
||||
plugin ':x-pack-elasticsearch:plugin'
|
||||
setting 'xpack.monitoring.collection.interval', '3s'
|
||||
extraConfigFile 'x-pack/roles.yml', '../roles.yml'
|
||||
setupCommand 'setupTestAdminUser',
|
||||
'bin/x-pack/users', 'useradd', 'test_admin', '-p', 'changeme', '-r', 'superuser'
|
||||
setupCommand 'setupMonitoredSystemUser',
|
||||
'bin/x-pack/users', 'useradd', 'monitoring_system', '-p', 'changeme', '-r', 'monitoring_system,monitoring_without_bulk'
|
||||
setupCommand 'setupPowerlessUser',
|
||||
'bin/x-pack/users', 'useradd', 'not_monitoring_system', '-p', 'changeme', '-r', 'monitoring_without_bulk'
|
||||
|
||||
waitCondition = { node, ant ->
|
||||
File tmpFile = new File(node.cwd, 'wait.success')
|
||||
ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow",
|
||||
dest: tmpFile.toString(),
|
||||
username: 'test_admin',
|
||||
password: 'changeme',
|
||||
ignoreerrors: true,
|
||||
retries: 10)
|
||||
return tmpFile.exists()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Allow {@code integTest} to be invoked on this project to run both Monitoring+Security smoke tests.
|
||||
*/
|
||||
task integTest {
|
||||
dependsOn subprojects.integTest
|
||||
}
|
|
@ -1,61 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.smoketest;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate;
|
||||
import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
public class SmokeTestMonitoringWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase {
|
||||
|
||||
public SmokeTestMonitoringWithSecurityClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
@ParametersFactory
|
||||
public static Iterable<Object[]> parameters() throws IOException {
|
||||
return ESClientYamlSuiteTestCase.createParameters();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restClientSettings() {
|
||||
String token = basicAuthHeaderValue("not_monitoring_system", new SecuredString("changeme".toCharArray()));
|
||||
return Settings.builder()
|
||||
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restAdminSettings() {
|
||||
String token = basicAuthHeaderValue("test_admin", new SecuredString("changeme".toCharArray()));
|
||||
return Settings.builder()
|
||||
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void test() throws IOException {
|
||||
try {
|
||||
super.test();
|
||||
fail("should have failed because of missing role");
|
||||
} catch(AssertionError ae) {
|
||||
assertThat(ae.getMessage(), containsString("action [cluster:admin/xpack/monitoring/bulk]"));
|
||||
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
|
||||
assertThat(ae.getMessage(), containsString("is unauthorized for user [not_monitoring_system]"));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
monitoring_system:
|
||||
cluster: [ 'cluster:admin/xpack/monitoring/bulk' ]
|
||||
|
||||
monitoring_without_bulk:
|
||||
cluster: [ 'monitor' ]
|
||||
indices:
|
||||
- names: '.monitoring-*'
|
||||
privileges:
|
||||
- write
|
||||
- read
|
||||
- manage
|
|
@ -1,47 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.smoketest;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate;
|
||||
import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class SmokeTestMonitoringWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase {
|
||||
|
||||
public SmokeTestMonitoringWithSecurityClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
@ParametersFactory
|
||||
public static Iterable<Object[]> parameters() throws IOException {
|
||||
return ESClientYamlSuiteTestCase.createParameters();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restClientSettings() {
|
||||
String token = basicAuthHeaderValue("monitoring_system", new SecuredString("changeme".toCharArray()));
|
||||
return Settings.builder()
|
||||
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restAdminSettings() {
|
||||
String token = basicAuthHeaderValue("test_admin", new SecuredString("changeme".toCharArray()));
|
||||
return Settings.builder()
|
||||
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||
.build();
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue