honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request elastic/elasticsearch#2433 from javanna/feature/http_client 

Low level RestClient

Original commit: elastic/x-pack-elasticsearch@7a0c0eb9e6
This commit is contained in:
Luca Cavanna 2016-06-22 09:59:57 +02:00 committed by GitHub
parent 4f55896af8 1ea3397956
commit 694a91cd2f
29 changed files with 460 additions and 564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java
View File

@ -6,9 +6,11 @@
package org.elasticsearch.xpack.security.audit;
import com.carrotsearch.hppc.cursors.ObjectCursor;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Response;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
import org.elasticsearch.common.settings.Settings;
@ -19,7 +21,6 @@ import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collection;
@ -35,12 +36,12 @@ public class IndexAuditIT extends ESIntegTestCase {
private static final String USER = "test_user";
private static final String PASS = "changeme";
public void testIndexAuditTrailWorking() throws Exception {
HttpResponse response = httpClient().path("/")
.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))
.execute();
assertThat(response.getStatusCode(), is(200));
public void testShieldIndexAuditTrailWorking() throws Exception {
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
final AtomicBoolean indexExists = new AtomicBoolean(false);
boolean found = awaitBusy(() -> {

28
elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java
View File

@ -5,9 +5,12 @@
*/
package org.elasticsearch.example.realm;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.transport.NoNodeAvailableException;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
@ -16,7 +19,6 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collection;
@ -29,6 +31,7 @@ import static org.hamcrest.Matchers.is;
* Integration test to test authentication with the custom realm
*/
public class CustomRealmIT extends ESIntegTestCase {
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
@ -43,18 +46,23 @@ public class CustomRealmIT extends ESIntegTestCase {
}
public void testHttpConnectionWithNoAuthentication() throws Exception {
HttpResponse response = httpClient().path("/").execute();
assertThat(response.getStatusCode(), is(401));
String value = response.getHeaders().get("WWW-Authenticate");
assertThat(value, is("custom-challenge"));
try {
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
Response response = e.getResponse();
assertThat(response.getStatusLine().getStatusCode(), is(401));
String value = response.getHeader("WWW-Authenticate");
assertThat(value, is("custom-challenge"));
}
}
public void testHttpAuthentication() throws Exception {
HttpResponse response = httpClient().path("/")
.addHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER)
.addHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW)
.execute();
assertThat(response.getStatusCode(), is(200));
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER),
new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
}
public void testTransportClient() throws Exception {

3
elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityIT.java
View File

@ -7,9 +7,9 @@ package org.elasticsearch.smoketest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
@ -19,6 +19,7 @@ import java.io.IOException;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
public class GraphWithSecurityIT extends ESRestTestCase {
private final static String TEST_ADMIN_USERNAME = "test_admin";

8
elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java
View File

@ -14,7 +14,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.client.RestClient;
import org.elasticsearch.test.rest.client.RestTestClient;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@ -65,9 +65,9 @@ public class SmokeTestPluginsSslIT extends ESRestTestCase {
String token = basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()));
return Settings.builder()
.put(ThreadContext.PREFIX + ".Authorization", token)
.put(RestClient.PROTOCOL, "https")
.put(RestClient.TRUSTSTORE_PATH, keyStore)
.put(RestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
.put(RestTestClient.PROTOCOL, "https")
.put(RestTestClient.TRUSTSTORE_PATH, keyStore)
.put(RestTestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
.build();
}
}

25
elasticsearch/qa/smoke-test-watcher-with-groovy/src/test/java/org/elasticsearch/smoketest/WatcherRestTestCase.java
View File

@ -5,22 +5,19 @@
*/
package org.elasticsearch.smoketest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
public abstract class WatcherRestTestCase extends ESRestTestCase {
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
}
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
}
}

21
elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/java/org/elasticsearch/smoketest/WatcherRestTestCase.java
View File

@ -7,10 +7,6 @@ package org.elasticsearch.smoketest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
@ -18,8 +14,9 @@ import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
public abstract class WatcherRestTestCase extends ESRestTestCase {
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
}
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
}
}

2
elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/10_webhook.yaml
View File

@ -55,7 +55,7 @@
catch: request_timeout
cluster.health:
wait_for_nodes: 99
timeout: 10s
timeout: 5s
- match: { "timed_out": true }
- do:

2
elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/20_array_access.yaml
View File

@ -53,7 +53,7 @@
catch: request_timeout
cluster.health:
wait_for_nodes: 99
timeout: 10s
timeout: 5s
- match: { "timed_out": true }
- do:

25
elasticsearch/qa/smoke-test-watcher-with-painless/src/test/java/org/elasticsearch/smoketest/WatcherRestTestCase.java
View File

@ -5,22 +5,19 @@
*/
package org.elasticsearch.smoketest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
public abstract class WatcherRestTestCase extends ESRestTestCase {
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
}
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
}
}

32
elasticsearch/qa/smoke-test-watcher-with-security/src/test/java/org/elasticsearch/smoketest/WatcherWithSecurityIT.java
View File

@ -5,28 +5,26 @@
*/
package org.elasticsearch.smoketest;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
public class WatcherWithSecurityIT extends ESRestTestCase {
private final static String TEST_ADMIN_USERNAME = "test_admin";
@ -43,24 +41,12 @@ public class WatcherWithSecurityIT extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
}
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
client.execute(request);
}
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
}
@Override

79
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelSettingsFilterTests.java
View File

@ -5,21 +5,18 @@
*/
package org.elasticsearch.marvel.security;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.marvel.MonitoringSettings;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.hamcrest.Matchers;
import org.junit.After;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
@ -29,13 +26,6 @@ import static org.hamcrest.CoreMatchers.nullValue;
public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
private CloseableHttpClient httpClient = HttpClients.createDefault();
@After
public void cleanup() throws IOException {
httpClient.close();
}
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -53,46 +43,35 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
}
public void testGetSettingsFiltered() throws Exception {
String body = executeRequest("GET", "/_nodes/settings", null, null).getBody();
Map<String, Object> response = JsonXContent.jsonXContent.createParser(body).map();
Map<String, Object> nodes = (Map<String, Object>) response.get("nodes");
for (Object node : nodes.values()) {
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
assertThat(extractValue("xpack.monitoring.agent.exporters._http.type", settings), Matchers.<Object>equalTo("http"));
assertThat(extractValue("xpack.monitoring.agent.exporters._http.enabled", settings), Matchers.<Object>equalTo("false"));
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.username");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.password");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.truststore.path");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.truststore.password");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.hostname_verification");
Header[] headers;
if (securityEnabled) {
headers = new Header[] {
new BasicHeader(BASIC_AUTH_HEADER,
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME,
new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())))};
} else {
headers = new Header[0];
}
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
Collections.emptyMap(), null, headers)) {
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
@SuppressWarnings("unchecked")
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
for (Object node : nodes.values()) {
@SuppressWarnings("unchecked")
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
assertThat(extractValue("xpack.monitoring.agent.exporters._http.type", settings), Matchers.<Object>equalTo("http"));
assertThat(extractValue("xpack.monitoring.agent.exporters._http.enabled", settings), Matchers.<Object>equalTo("false"));
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.username");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.password");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.truststore.path");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.truststore.password");
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.hostname_verification");
}
}
}
private void assertNullSetting(Map<String, Object> settings, String setting) {
assertThat(extractValue(setting, settings), nullValue());
}
protected HttpResponse executeRequest(String method, String path, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getInstance(HttpServerTransport.class,
internalCluster().getMasterName());
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.httpTransport(httpServerTransport)
.method(method)
.path(path);
if (params != null) {
for (Map.Entry<String, String> entry : params.entrySet()) {
requestBuilder.addParam(entry.getKey(), entry.getValue());
}
}
if (body != null) {
requestBuilder.body(body);
}
if (securityEnabled) {
requestBuilder.addHeader(BASIC_AUTH_HEADER,
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
}
return requestBuilder.execute();
}
}

69
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
View File

@ -5,16 +5,18 @@
*/
package org.elasticsearch.integration;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.http.HttpServerTransport;
import org.apache.http.HttpEntity;
import org.apache.http.StatusLine;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.After;
import java.io.IOException;
import java.util.HashMap;
@ -32,19 +34,16 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
private CloseableHttpClient httpClient = HttpClients.createDefault();
@After
public void cleanup() throws IOException {
httpClient.close();
}
protected void assertAccessIsAllowed(String user, String method, String uri, String body,
Map<String, String> params) throws IOException {
HttpResponse response = executeRequest(user, method, uri, body, params);
String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
response.getStatusCode(), response.getReasonPhrase(), response.getBody());
assertThat(message, response.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
try (Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body),
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))))) {
StatusLine statusLine = response.getStatusLine();
String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity()));
assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
}
}
protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException {
@ -65,28 +64,24 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
protected void assertAccessIsDenied(String user, String method, String uri, String body,
Map<String, String> params) throws IOException {
HttpResponse response = executeRequest(user, method, uri, body, params);
String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
response.getStatusCode(), response.getReasonPhrase(), response.getBody());
assertThat(message, response.getStatusCode(), is(403));
try {
getRestClient().performRequest(method, uri, params, entityOrNull(body),
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))));
fail("request should have failed");
} catch(ResponseException e) {
StatusLine statusLine = e.getResponse().getStatusLine();
String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
statusLine.getStatusCode(), statusLine.getReasonPhrase(), e.getResponseBody());
assertThat(message, statusLine.getStatusCode(), is(403));
}
}
protected HttpResponse executeRequest(String user, String method, String uri, String body,
Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
requestBuilder.path(uri);
requestBuilder.method(method);
for (Map.Entry<String, String> entry : params.entrySet()) {
requestBuilder.addParam(entry.getKey(), entry.getValue());
}
private static HttpEntity entityOrNull(String body) {
HttpEntity entity = null;
if (body != null) {
requestBuilder.body(body);
entity = new StringEntity(body, RestClient.JSON_CONTENT_TYPE);
}
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(user,
new SecuredString("passwd".toCharArray())));
return requestBuilder.execute();
return entity;
}
}

74
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java
View File

@ -5,9 +5,15 @@
*/
package org.elasticsearch.integration;
import org.apache.http.Header;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.Security;
@ -15,10 +21,10 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.XPackPlugin;
import java.io.IOException;
import java.util.Collections;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
@ -49,8 +55,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
.get().isCreated();
assertThat(created, is(false));
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test", "not test").get();
assertThat((String) getResponse.getField("test").getValue(), equalTo("test"));
assertThat((String) getResponse.getField("not test").getValue(), equalTo("not test"));
assertThat(getResponse.getField("test").getValue(), equalTo("test"));
assertThat(getResponse.getField("not test").getValue(), equalTo("not test"));
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
// FLS kicks in because the request can't be found and only returns meta fields
@ -62,43 +68,61 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
assertThat(((UpdateResponse)response.getItems()[0].getResponse()).isCreated(), is(false));
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").
setFields("test", "not test", "bulk updated").get();
assertThat((String) getResponse.getField("test").getValue(), equalTo("test"));
assertThat((String) getResponse.getField("not test").getValue(), equalTo("not test"));
assertThat((String) getResponse.getField("bulk updated").getValue(), equalTo("bulk updated"));
assertThat(getResponse.getField("test").getValue(), equalTo("test"));
assertThat(getResponse.getField("not test").getValue(), equalTo("not test"));
assertThat(getResponse.getField("bulk updated").getValue(), equalTo("bulk updated"));
}
public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
final String path = "/index1/type/1";
final String basicAuthHeader = UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()));
final Header basicAuthHeader = new BasicHeader("Authorization",
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("PUT").body("{\"test\":\"test\"}").execute();
HttpResponse response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
assertThat(response.getBody(), containsString("\"test\":\"test\""));
StringEntity body = new StringEntity("{\"test\":\"test\"}", RestClient.JSON_CONTENT_TYPE);
try (Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
}
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
}
if (randomBoolean()) {
flushAndRefresh();
}
//update with new field
httpClient().path(path + "/_update").addHeader("Authorization", basicAuthHeader).method("POST").
body("{\"doc\": {\"not test\": \"not test\"}}").execute();
response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
assertThat(response.getBody(), containsString("\"test\":\"test\""));
assertThat(response.getBody(), containsString("\"not test\":\"not test\""));
body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", RestClient.JSON_CONTENT_TYPE);
try (Response response = getRestClient().performRequest("POST", path + "/_update",
Collections.emptyMap(), body, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
}
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
String responseBody = EntityUtils.toString(response.getEntity());
assertThat(responseBody, containsString("\"test\":\"test\""));
assertThat(responseBody, containsString("\"not test\":\"not test\""));
}
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
// FLS kicks in because the request can't be found and only returns meta fields
flushAndRefresh();
// update with bulk
httpClient().path("/_bulk").addHeader("Authorization", basicAuthHeader).method("POST")
.body("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n{\"doc\": {\"bulk updated\":\"bulk " +
"updated\"}}\n")
.execute();
response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
assertThat(response.getBody(), containsString("\"test\":\"test\""));
assertThat(response.getBody(), containsString("\"not test\":\"not test\""));
assertThat(response.getBody(), containsString("\"bulk updated\":\"bulk updated\""));
body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", RestClient.JSON_CONTENT_TYPE);
try (Response response = getRestClient().performRequest("POST", "/_bulk",
Collections.emptyMap(), body, basicAuthHeader)) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
}
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
String responseBody = EntityUtils.toString(response.getEntity());
assertThat(responseBody, containsString("\"test\":\"test\""));
assertThat(responseBody, containsString("\"not test\":\"not test\""));
assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
}
}
}

39
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
View File

@ -5,14 +5,15 @@
*/
package org.elasticsearch.integration;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
import org.elasticsearch.xpack.security.authc.Realm;
@ -22,10 +23,7 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.security.user.User;
import org.junit.BeforeClass;
import java.util.ArrayList;
@ -39,14 +37,10 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.sameInstance;
/**
*
*/
public class ClearRealmsCacheTests extends SecurityIntegTestCase {
private static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
@ -168,21 +162,12 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
}
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
try (CloseableHttpClient client = HttpClients.createDefault()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(client)
.httpTransport(internalCluster().getDataNodeInstance(HttpServerTransport.class))
.method("POST")
.path(path);
for (Map.Entry<String, String> entry : params.entrySet()) {
requestBuilder.addParam(entry.getKey(), entry.getValue());
}
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
HttpResponse response = requestBuilder.execute();
assertThat(response.hasBody(), is(true));
String body = response.getBody();
assertThat(body.contains("cluster_name"), is(true));
try (Response response = getRestClient().performRequest("POST", path, params, null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertNotNull(response.getEntity());
assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
}
}
}

16
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
View File

@ -5,9 +5,11 @@
*/
package org.elasticsearch.integration;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
@ -23,11 +25,11 @@ import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.test.NativeRealmIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Before;
import org.junit.BeforeClass;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
@ -128,7 +130,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
final boolean useHttp = randomBoolean();
final boolean clearAll = randomBoolean();
logger.debug("--> starting to clear roles. using http [{}] clearing all [{}]", useHttp, clearAll);
String[] rolesToClear = clearAll ? (randomBoolean() ? roles : null) : toModify.toArray(Strings.EMPTY_ARRAY);
String[] rolesToClear = clearAll ? (randomBoolean() ? roles : null) : toModify.toArray(new String[toModify.size()]);
if (useHttp) {
String path;
if (rolesToClear == null) {
@ -136,12 +138,12 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
} else {
path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache";
}
HttpResponse response = httpClient().path(path).method("POST")
.addHeader("Authorization",
try (Response response = getRestClient().performRequest("POST", path, Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
.execute();
assertThat(response.getStatusCode(), is(RestStatus.OK.getStatus()));
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus()));
}
} else {
securityClient.prepareClearRolesCache().names(rolesToClear).get();
}

19
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
View File

@ -5,20 +5,21 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase.BadApple;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.junit.Before;
import java.util.Collections;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import static java.util.Collections.singletonMap;
import static org.hamcrest.Matchers.containsString;
import static org.apache.lucene.util.LuceneTestCase.BadApple;
import static org.hamcrest.Matchers.is;
//test is just too slow, please fix it to not be sleep-based
@ -303,8 +304,14 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
}
public void testThatUnknownUserIsRejectedProperly() throws Exception {
HttpResponse response = executeRequest("idonotexist", "GET", "/", null, new HashMap<>());
assertThat(response.getStatusCode(), is(401));
try {
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecuredString("passwd".toCharArray()))));
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
}
}
private void assertUserExecutes(String user, String action, String index, boolean userIsAllowed) throws Exception {

15
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -14,6 +14,8 @@ import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse;
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.transport.NoNodeAvailableException;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.component.AbstractComponent;
@ -194,13 +196,20 @@ public class LicensingTests extends SecurityIntegTestCase {
}
public void testRestAuthenticationByLicenseType() throws Exception {
// the default of the licensing tests is basic
assertThat(httpClient().path("/").execute().getStatusCode(), is(200));
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null)) {
// the default of the licensing tests is basic
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
// generate a new license with a mode that enables auth
OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD);
enableLicensing(mode);
assertThat(httpClient().path("/").execute().getStatusCode(), is(401));
try {
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
}
}
public void testTransportClientAuthenticationByLicenseType() throws Exception {

1
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginEnabledDisabledTests.java
View File

@ -19,7 +19,6 @@ import org.junit.After;
import org.junit.BeforeClass;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
/**

36
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java
View File

@ -5,23 +5,21 @@
*/
package org.elasticsearch.xpack.security;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import java.io.IOException;
import java.util.Collections;
import static org.elasticsearch.rest.RestStatus.OK;
import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.is;
public class SecurityPluginTests extends SecurityIntegTestCase {
@ -35,24 +33,20 @@ public class SecurityPluginTests extends SecurityIntegTestCase {
}
public void testThatPluginIsLoaded() throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
try {
logger.info("executing unauthorized request to /_xpack info");
HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
.method("GET")
.path("/_xpack")
.execute();
assertThat(response.getStatusCode(), is(UNAUTHORIZED.getStatus()));
getRestClient().performRequest("GET", "/_xpack", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(UNAUTHORIZED.getStatus()));
}
logger.info("executing authorized request to /_xpack infos");
response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
.method("GET")
.path("/_xpack")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
logger.info("executing authorized request to /_xpack infos");
try (Response response = getRestClient().performRequest("GET", "/_xpack", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
.execute();
assertThat(response.getStatusCode(), is(OK.getStatus()));
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
}
}
}

86
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java
View File

@ -5,10 +5,13 @@
*/
package org.elasticsearch.xpack.security.authc;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
@ -20,7 +23,6 @@ import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collections;
@ -115,30 +117,36 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
public void testUserImpersonationUsingHttp() throws Exception {
// use the transport client user and try to run as
HttpResponse response = httpClient().method("GET")
.path("/_nodes")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(TRANSPORT_CLIENT_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
.execute();
assertThat(response.getStatusCode(), is(403));
try {
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(TRANSPORT_CLIENT_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME));
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
}
//the run as user shouldn't have access to the nodes api
response = httpClient().method("GET")
.path("/_nodes")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
.execute();
assertThat(response.getStatusCode(), is(403));
try {
//the run as user shouldn't have access to the nodes api
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))));
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
}
// but when running as a different user it should work
response = httpClient().method("GET")
.path("/_nodes")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
.execute();
assertThat(response.getStatusCode(), is(200));
try (Response response = getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
}
public void testEmptyUserImpersonationHeader() throws Exception {
@ -164,13 +172,16 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
}
public void testEmptyHeaderUsingHttp() throws Exception {
HttpResponse response = httpClient().method("GET")
.path("/_nodes")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "")
.execute();
assertThat(response.getStatusCode(), is(401));
try {
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, ""));
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
}
}
public void testNonExistentRunAsUser() throws Exception {
@ -196,13 +207,16 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
}
public void testNonExistentRunAsUserUsingHttp() throws Exception {
HttpResponse response = httpClient().method("GET")
.path("/_nodes")
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist")
.execute();
assertThat(response.getStatusCode(), is(403));
try {
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist"));
fail("request should have failed");
} catch (ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
}
}
// build our own here to better mimic an actual client...

38
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java
View File

@ -7,11 +7,14 @@ package org.elasticsearch.xpack.security.authc.pki;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
@ -20,8 +23,6 @@ import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerT
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
import org.junit.BeforeClass;
@ -34,6 +35,7 @@ import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Collections;
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_PASSWORD;
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_USER_NAME;
@ -78,23 +80,21 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
}
public void testRestClientWithoutClientCertificate() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(getSSLContext()).build();
try (RestClient restClient = createRestClient(httpClient, "https")) {
try {
restClient.performRequest("GET", "_nodes", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
}
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(getSSLContext()).build()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.host("localhost")
.port(((InetSocketTransportAddress)httpServerTransport.boundAddress().publishAddress()).address().getPort())
.protocol("https")
.method("GET")
.path("/_nodes");
HttpResponse response = requestBuilder.execute();
assertThat(response.getStatusCode(), is(401));
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
response = requestBuilder.execute();
assertThat(response.getStatusCode(), is(200));
try (Response response = restClient.performRequest("GET", "_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
}
}

35
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java
View File

@ -8,27 +8,27 @@ package org.elasticsearch.xpack.security.authc.pki;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Locale;
import static org.hamcrest.Matchers.is;
@ -77,21 +77,16 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
}
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(sc).build()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.host("localhost")
.port(((InetSocketTransportAddress)httpServerTransport.boundAddress().publishAddress()).address().getPort())
.protocol("https")
.method("GET")
.path("/_nodes");
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
HttpResponse response = requestBuilder.execute();
assertThat(response.getStatusCode(), is(200));
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sc).build();
try (RestClient restClient = createRestClient(httpClient, "https")) {
try (Response response = restClient.performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
}
}
}

29
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java
View File

@ -5,19 +5,18 @@
*/
package org.elasticsearch.xpack.security.authc.pki;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import java.util.Collections;
import static org.hamcrest.Matchers.is;
@ -44,17 +43,11 @@ public class PkiWithoutSSLTests extends SecurityIntegTestCase {
}
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.httpTransport(httpServerTransport)
.method("GET")
.path("/_nodes");
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
HttpResponse response = requestBuilder.execute();
assertThat(response.getStatusCode(), is(200));
try (Response response = getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
}
}
}

60
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java
View File

@ -5,6 +5,10 @@
*/
package org.elasticsearch.xpack.security.rest.action;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -12,10 +16,10 @@ import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
import org.elasticsearch.xpack.security.user.AnonymousUser;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.test.rest.json.JsonPath;
import org.junit.BeforeClass;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -47,32 +51,40 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
}
public void testAuthenticateApi() throws Exception {
HttpResponse response = httpClient().method("GET").path("/_xpack/security/_authenticate")
.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
.execute();
assertThat(response.getStatusCode(), is(200));
JsonPath jsonPath = new JsonPath(response.getBody());
assertThat(jsonPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
List<String> roles = (List<String>) jsonPath.evaluate("roles");
assertThat(roles.size(), is(1));
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
try (Response response = getRestClient().performRequest(
"GET", "/_xpack/security/_authenticate", Collections.emptyMap(), null,
new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
JsonPath jsonPath = new JsonPath(EntityUtils.toString(response.getEntity()));
assertThat(jsonPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
@SuppressWarnings("unchecked")
List<String> roles = (List<String>) jsonPath.evaluate("roles");
assertThat(roles.size(), is(1));
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
}
}
public void testAuthenticateApiWithoutAuthentication() throws Exception {
HttpResponse response = httpClient().method("GET").path("/_xpack/security/_authenticate")
.execute();
if (anonymousEnabled) {
assertThat(response.getStatusCode(), is(200));
JsonPath jsonPath = new JsonPath(response.getBody());
assertThat(jsonPath.evaluate("username").toString(), equalTo("anon"));
List<String> roles = (List<String>) jsonPath.evaluate("roles");
assertThat(roles.size(), is(2));
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE, "foo"));
} else {
assertThat(response.getStatusCode(), is(401));
try (Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
Collections.emptyMap(), null)) {
if (anonymousEnabled) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
JsonPath jsonPath = new JsonPath(EntityUtils.toString(response.getEntity()));
assertThat(jsonPath.evaluate("username").toString(), equalTo("anon"));
@SuppressWarnings("unchecked")
List<String> roles = (List<String>) jsonPath.evaluate("roles");
assertThat(roles.size(), is(2));
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE, "foo"));
} else {
fail("request should have failed");
}
} catch(ResponseException e) {
if (anonymousEnabled) {
fail("request should have succeeded");
} else {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
}
}
}
}

33
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java
View File

@ -9,20 +9,21 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
@ -30,10 +31,12 @@ import javax.net.ssl.SSLHandshakeException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Collections;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
public class SslClientAuthTests extends SecurityIntegTestCase {
@Override
@ -59,14 +62,8 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
SSLContexts.createDefault(),
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
try {
new HttpRequestBuilder(client)
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
.method("GET").path("/")
.protocol("https")
.execute();
try (RestClient restClient = createRestClient(HttpClients.custom().setSSLSocketFactory(socketFactory).build(), "https")) {
restClient.performRequest("GET", "/", Collections.emptyMap(), null);
fail("Expected SSLHandshakeException");
} catch (SSLHandshakeException e) {
assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target"));
@ -85,13 +82,13 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
HttpResponse response = new HttpRequestBuilder(client)
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
.method("GET").path("/")
.protocol("https")
.addHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword()))
.execute();
assertThat(response.getBody(), containsString("You Know, for Search"));
try (RestClient restClient = createRestClient(client, "https")) {
try (Response response = restClient.performRequest("GET", "/", Collections.emptyMap(), null,
new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())))) {
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search"));
}
}
}
public void testThatTransportWorksWithoutSslClientAuth() throws Exception {

43
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserIntegTests.java
View File

@ -5,25 +5,16 @@
*/
package org.elasticsearch.xpack.security.user;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.client.Response;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
import org.elasticsearch.test.SecurityIntegTestCase;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Locale;
import java.util.Collections;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
@ -51,28 +42,22 @@ public class AnonymousUserIntegTests extends SecurityIntegTestCase {
}
public void testAnonymousViaHttp() throws Exception {
try (CloseableHttpClient client = HttpClients.createDefault();
CloseableHttpResponse response = client.execute(new HttpGet(getNodeUrl() + "_nodes"))) {
int statusCode = response.getStatusLine().getStatusCode();
String data = Streams.copyToString(new InputStreamReader(response.getEntity().getContent(), StandardCharsets.UTF_8));
try {
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
int statusCode = e.getResponse().getStatusLine().getStatusCode();
Response response = e.getResponse();
if (authorizationExceptionsEnabled) {
assertThat(statusCode, is(403));
assertThat(response.getFirstHeader("WWW-Authenticate"), nullValue());
assertThat(data, containsString("security_exception"));
assertThat(response.getHeader("WWW-Authenticate"), nullValue());
assertThat(e.getResponseBody(), containsString("security_exception"));
} else {
assertThat(statusCode, is(401));
assertThat(response.getFirstHeader("WWW-Authenticate"), notNullValue());
assertThat(response.getFirstHeader("WWW-Authenticate").getValue(), containsString("Basic"));
assertThat(data, containsString("security_exception"));
assertThat(response.getHeader("WWW-Authenticate"), notNullValue());
assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic"));
assertThat(e.getResponseBody(), containsString("security_exception"));
}
}
}
private String getNodeUrl() {
TransportAddress transportAddress =
randomFrom(internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddresses());
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
return String.format(Locale.ROOT, "http://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort());
}
}

113
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java
View File

@ -5,26 +5,11 @@
*/
package org.elasticsearch.xpack.test.rest;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import com.carrotsearch.randomizedtesting.annotations.Name;
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
@ -33,15 +18,25 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.license.plugin.TestUtils;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.test.rest.ESRestTestCase;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.elasticsearch.test.rest.client.RestTestResponse;
import org.elasticsearch.test.rest.parser.RestTestParseException;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
import org.junit.After;
import org.junit.Before;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
import static java.util.Collections.singletonList;
import static java.util.Collections.singletonMap;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.is;
public abstract class XPackRestTestCase extends ESRestTestCase {
@ -58,31 +53,19 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
@Before
public void startWatcher() throws Exception {
try (CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http",
null,
url.getHost(),
url.getPort(),
"/_xpack/watcher/_start", null, null));
request.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse response = client.execute(request)) {
}
try {
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
} catch(ResponseException e) {
//TODO ignore for now, needs to be fixed though
}
}
@After
public void stopWatcher() throws Exception {
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
URL url = getClusterUrls()[0];
HttpPut request = new HttpPut(new URI("http",
null,
url.getHost(),
url.getPort(),
"/_xpack/watcher/_stop", null, null));
request.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse response = client.execute(request)) {
}
try {
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
} catch(ResponseException e) {
//TODO ignore for now, needs to be fixed though
}
}
@ -92,10 +75,10 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
TestUtils.generateSignedLicense("trial", TimeValue.timeValueHours(2)).toXContent(builder, ToXContent.EMPTY_PARAMS);
final BytesReference bytes = builder.bytes();
try (XContentParser parser = XContentFactory.xContent(bytes).createParser(bytes)) {
final List<Map<String, Object>> bodies = Collections.singletonList(Collections.singletonMap("license",
final List<Map<String, Object>> bodies = singletonList(singletonMap("license",
parser.map()));
getAdminExecutionContext().callApi("license.post", Collections.singletonMap("acknowledge", "true"),
bodies, Collections.singletonMap("Authorization", BASIC_AUTH_VALUE));
getAdminExecutionContext().callApi("license.post", singletonMap("acknowledge", "true"),
bodies, singletonMap("Authorization", BASIC_AUTH_VALUE));
}
}
@ -103,43 +86,21 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
public void clearUsersAndRoles() throws Exception {
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
try (CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
final URL url = getClusterUrls()[0];
HttpGet getUsersRequest = new HttpGet(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/security/user", null, null));
getUsersRequest.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse closeableHttpResponse = client.execute(getUsersRequest)) {
assertThat(closeableHttpResponse.getStatusLine().getStatusCode(), is(200));
String response = Streams.copyToString(
new InputStreamReader(closeableHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8));
Map<String, Object> responseMap = XContentFactory.xContent(response).createParser(response).map();
// in the structure of this API, the users are the keyset
for (String user : responseMap.keySet()) {
HttpDelete delete = new HttpDelete(new URI("http", null, url.getHost(), url.getPort(),
"/_xpack/security/user/" + user, null, null));
delete.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse deleteResponse = client.execute(delete)) {
}
}
RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> users = (Map<String, Object>) response.getBody();
for (String user: users.keySet()) {
if (ReservedRealm.isReserved(user) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
}
}
HttpGet getRolesRequest = new HttpGet(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/security/role",
null, null));
getRolesRequest.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse closeableHttpResponse = client.execute(getRolesRequest)) {
assertThat(closeableHttpResponse.getStatusLine().getStatusCode(), is(200));
String response = Streams.copyToString(
new InputStreamReader(closeableHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8));
Map<String, Object> responseMap = XContentFactory.xContent(response).createParser(response).map();
// in the structure of this API, the users are the keyset
for (String role : responseMap.keySet()) {
HttpDelete delete = new HttpDelete(new URI("http", null, url.getHost(), url.getPort(),
"/_xpack/security/role/" + role, null, null));
delete.addHeader("Authorization", BASIC_AUTH_VALUE);
try (CloseableHttpResponse deleteResponse = client.execute(delete)) {
}
}
response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> roles = (Map<String, Object>) response.getBody();
for (String role: roles.keySet()) {
if (ReservedRolesStore.isReserved(role) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
}
}
}

18
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java
View File

@ -6,10 +6,9 @@
package org.elasticsearch.xpack.watcher;
import org.apache.http.HttpStatus;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport;
@ -18,12 +17,10 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPoolInfo;
import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor;
import java.util.Collection;
import java.util.Collections;
@ -70,12 +67,11 @@ public class WatcherPluginDisableTests extends ESIntegTestCase {
public void testRestEndpoints() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
HttpRequestBuilder request = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
.method("GET")
.path("/_xpack/watcher");
HttpResponse response = request.execute();
assertThat(response.getStatusCode(), is(HttpStatus.SC_BAD_REQUEST));
try {
getRestClient().performRequest("GET", "/_xpack/watcher", Collections.emptyMap(), null);
fail("request should have failed");
} catch(ResponseException e) {
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(HttpStatus.SC_BAD_REQUEST));
}
}

60
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java
View File

@ -5,32 +5,29 @@
*/
package org.elasticsearch.xpack.watcher.test.integration;
import org.apache.http.Header;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.Response;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.common.xcontent.support.XContentMapValues;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
import org.junit.After;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_PASSWORD;
import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_USERNAME;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.Matchers.is;
/**
*
*/
public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCase {
private CloseableHttpClient httpClient = HttpClients.createDefault();
@ -52,37 +49,26 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
}
public void testGetSettingsSmtpPassword() throws Exception {
String body = executeRequest("GET", "/_nodes/settings", null, null).getBody();
Map<String, Object> response = JsonXContent.jsonXContent.createParser(body).map();
Map<String, Object> nodes = (Map<String, Object>) response.get("nodes");
for (Object node : nodes.values()) {
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
is((Object) "_user"));
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings),
nullValue());
Header[] headers;
if (securityEnabled()) {
headers = new Header[] {
new BasicHeader(BASIC_AUTH_HEADER,
basicAuthHeaderValue(MarvelIntegTestCase.SecuritySettings.TEST_USERNAME,
new SecuredString(MarvelIntegTestCase.SecuritySettings.TEST_PASSWORD.toCharArray())))};
} else {
headers = new Header[0];
}
}
protected HttpResponse executeRequest(String method, String path, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = getInstanceFromMaster(HttpServerTransport.class);
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.httpTransport(httpServerTransport)
.method(method)
.path(path);
if (params != null) {
for (Map.Entry<String, String> entry : params.entrySet()) {
requestBuilder.addParam(entry.getKey(), entry.getValue());
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
Collections.emptyMap(), null, headers)) {
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
for (Object node : nodes.values()) {
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
is((Object) "_user"));
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.password", settings),
nullValue());
}
}
if (body != null) {
requestBuilder.body(body);
}
if (securityEnabled()) {
requestBuilder.addHeader(BASIC_AUTH_HEADER,
basicAuthHeaderValue(TEST_USERNAME, new SecuredString(TEST_PASSWORD.toCharArray())));
}
return requestBuilder.execute();
}
}