honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove and ban @Test 

Original commit: elastic/x-pack-elasticsearch@02425ca13d
This commit is contained in:
Nik Everett 2015-10-14 09:54:11 -04:00
parent 7380e45abb
commit 8231e856c2
254 changed files with 2301 additions and 2892 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java
View File

@ -10,15 +10,12 @@ import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.util.Collection;
import static org.hamcrest.Matchers.is;
public class MarvelPluginClientTests extends ESTestCase {
@Test
public void testModulesWithClientSettings() {
Settings settings = Settings.builder()
.put(Client.CLIENT_TYPE_SETTING, TransportClient.CLIENT_TYPE)
@ -30,7 +27,6 @@ public class MarvelPluginClientTests extends ESTestCase {
assertThat(modules.size(), is(0));
}
@Test
public void testModulesWithNodeSettings() {
// these settings mimic what ES does when running as a node...
Settings settings = Settings.builder()
@ -41,5 +37,4 @@ public class MarvelPluginClientTests extends ESTestCase {
Collection<Module> modules = plugin.nodeModules();
assertThat(modules.size(), is(6));
}
}

15
marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java
View File

@ -8,25 +8,17 @@ package org.elasticsearch.marvel;
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.marvel.agent.AgentService;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.plugins.PluginInfo;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.tribe.TribeService;
import org.junit.Test;
import java.util.Arrays;
import java.util.Collection;
import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST;
import static org.hamcrest.Matchers.equalTo;
@ClusterScope(scope = TEST, transportClientRatio = 0, numClientNodes = 0, numDataNodes = 0)
public class MarvelPluginTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -34,21 +26,18 @@ public class MarvelPluginTests extends MarvelIntegTestCase {
.build();
}
@Test
public void testMarvelEnabled() {
internalCluster().startNode(Settings.builder().put(MarvelPlugin.ENABLED, true).build());
assertPluginIsLoaded();
assertServiceIsBound(AgentService.class);
}
@Test
public void testMarvelDisabled() {
internalCluster().startNode(Settings.builder().put(MarvelPlugin.ENABLED, false).build());
assertPluginIsLoaded();
assertServiceIsNotBound(AgentService.class);
}
@Test
public void testMarvelDisabledOnTribeNode() {
internalCluster().startNode(Settings.builder().put(TribeService.TRIBE_NAME, "t1").build());
assertPluginIsLoaded();
@ -73,7 +62,7 @@ public class MarvelPluginTests extends MarvelIntegTestCase {
}
}
private void assertServiceIsBound(Class klass) {
private void assertServiceIsBound(Class<?> klass) {
try {
Object binding = internalCluster().getDataNodeInstance(klass);
assertNotNull(binding);
@ -83,7 +72,7 @@ public class MarvelPluginTests extends MarvelIntegTestCase {
}
}
private void assertServiceIsNotBound(Class klass) {
private void assertServiceIsNotBound(Class<?> klass) {
try {
internalCluster().getDataNodeInstance(klass);
fail("should have thrown an exception about missing implementation");

10
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterInfoCollectorTests.java
View File

@ -13,15 +13,16 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.junit.Test;
import java.util.Collection;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.notNullValue;
public class ClusterInfoCollectorTests extends AbstractCollectorTestCase {
@Test
public void testClusterInfoCollector() throws Exception {
Collection<MarvelDoc> results = newClusterInfoCollector().doCollect();
assertThat(results, hasSize(1));
@ -44,7 +45,6 @@ public class ClusterInfoCollectorTests extends AbstractCollectorTestCase {
assertThat(clusterInfoMarvelDoc.getClusterStats().getNodesStats().getCounts().getTotal(), equalTo(internalCluster().getNodeNames().length));
}
@Test
public void testClusterInfoCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

11
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollectorTests.java
View File

@ -13,17 +13,17 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.junit.Test;
import java.util.Collection;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
public class ClusterStateCollectorTests extends AbstractCollectorTestCase {
@Test
public void testClusterStateCollectorNoIndices() throws Exception {
Collection<MarvelDoc> results = newClusterStateCollector().doCollect();
assertThat(results, hasSize(1));
@ -42,7 +42,6 @@ public class ClusterStateCollectorTests extends AbstractCollectorTestCase {
assertThat(clusterState.getRoutingTable().allShards(), hasSize(0));
}
@Test
public void testClusterStateCollectorOneIndex() throws Exception {
int nbShards = randomIntBetween(1, 5);
assertAcked(prepareCreate("test").setSettings(Settings.settingsBuilder()
@ -77,7 +76,6 @@ public class ClusterStateCollectorTests extends AbstractCollectorTestCase {
assertThat(clusterState.getRoutingTable().allShards("test"), hasSize(nbShards));
}
@Test
public void testClusterStateCollectorMultipleIndices() throws Exception {
int nbIndices = randomIntBetween(1, 5);
int[] docsPerIndex = new int[nbIndices];
@ -119,7 +117,6 @@ public class ClusterStateCollectorTests extends AbstractCollectorTestCase {
}
}
@Test
public void testClusterStateCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

9
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollectorTests.java
View File

@ -11,15 +11,15 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.junit.Test;
import java.util.Collection;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
public class ClusterStatsCollectorTests extends AbstractCollectorTestCase {
@Test
public void testClusterStatsCollector() throws Exception {
Collection<MarvelDoc> results = newClusterStatsCollector().doCollect();
assertThat(results, hasSize(1));
@ -37,7 +37,6 @@ public class ClusterStatsCollectorTests extends AbstractCollectorTestCase {
assertThat(clusterStatsMarvelDoc.getClusterStats().getNodesStats().getCounts().getTotal(), equalTo(internalCluster().getNodeNames().length));
}
@Test
public void testClusterStatsCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

13
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollectorTests.java
View File

@ -15,7 +15,6 @@ import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.Test;
import java.util.Collection;
import java.util.List;
@ -26,11 +25,16 @@ import static org.elasticsearch.cluster.metadata.IndexMetaData.SETTING_NUMBER_OF
import static org.elasticsearch.common.settings.Settings.settingsBuilder;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
@ClusterScope(numDataNodes = 0, numClientNodes = 0, transportClientRatio = 0.0)
public class IndexRecoveryCollectorTests extends AbstractCollectorTestCase {
private final boolean activeOnly = false;
private final String indexName = "test";
@ -43,9 +47,7 @@ public class IndexRecoveryCollectorTests extends AbstractCollectorTestCase {
.build();
}
@Test
public void testIndexRecoveryCollector() throws Exception {
logger.info("--> start first node");
final String node1 = internalCluster().startNode();
waitForNoBlocksOnNode(node1);
@ -116,7 +118,6 @@ public class IndexRecoveryCollectorTests extends AbstractCollectorTestCase {
}
}
@Test
public void testIndexRecoveryCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

12
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollectorTests.java
View File

@ -14,17 +14,20 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.Before;
import org.junit.Test;
import java.util.Collection;
import java.util.Iterator;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
@ClusterScope(numClientNodes = 0)
public class IndexStatsCollectorTests extends AbstractCollectorTestCase {
@Override
protected int numberOfReplicas() {
return 0;
@ -35,7 +38,6 @@ public class IndexStatsCollectorTests extends AbstractCollectorTestCase {
waitForNoBlocksOnNodes();
}
@Test
public void testIndexStatsCollectorOneIndex() throws Exception {
final String indexName = "one-index";
@ -74,7 +76,6 @@ public class IndexStatsCollectorTests extends AbstractCollectorTestCase {
assertThat(indexStats.getTotal().getIndexing().getTotal().getThrottleTimeInMillis(), equalTo(0L));
}
@Test
public void testIndexStatsCollectorMultipleIndices() throws Exception {
final String indexPrefix = "multi-indices-";
final int nbIndices = randomIntBetween(1, 5);
@ -133,7 +134,6 @@ public class IndexStatsCollectorTests extends AbstractCollectorTestCase {
}
}
@Test
public void testIndexStatsCollectorWithLicensing() {
try {
final int nbDocs = randomIntBetween(1, 20);

9
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java
View File

@ -18,19 +18,19 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.node.service.NodeService;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.Test;
import java.util.Collection;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
// numClientNodes is set to 0 in this test because the NodeStatsCollector never collects data on client nodes:
// the NodeStatsCollector.shouldCollect() method checks if the node has node files and client nodes don't have
// such files.
@ClusterScope(numClientNodes = 0)
public class NodeStatsCollectorTests extends AbstractCollectorTestCase {
@Test
public void testNodeStatsCollector() throws Exception {
String[] nodes = internalCluster().getNodeNames();
for (String node : nodes) {
@ -57,7 +57,6 @@ public class NodeStatsCollectorTests extends AbstractCollectorTestCase {
}
}
@Test
public void testNodeStatsCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

12
marvel/src/test/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollectorTests.java
View File

@ -14,17 +14,18 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.junit.Test;
import java.util.Collection;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
public class ShardsCollectorTests extends AbstractCollectorTestCase {
@Test
public void testShardsCollectorNoIndices() throws Exception {
Collection<MarvelDoc> results = newShardsCollector().doCollect();
assertThat(results, hasSize(0));
@ -38,7 +39,6 @@ public class ShardsCollectorTests extends AbstractCollectorTestCase {
.build();
}
@Test
public void testShardsCollectorOneIndex() throws Exception {
int nbDocs = randomIntBetween(1, 20);
for (int i = 0; i < nbDocs; i++) {
@ -87,7 +87,6 @@ public class ShardsCollectorTests extends AbstractCollectorTestCase {
assertThat(replicas, equalTo(expectedReplicas));
}
@Test
public void testShardsCollectorMultipleIndices() throws Exception {
final String indexPrefix = "test-shards-";
final int nbIndices = randomIntBetween(1, 3);
@ -154,7 +153,6 @@ public class ShardsCollectorTests extends AbstractCollectorTestCase {
}
}
@Test
public void testShardsCollectorWithLicensing() {
try {
String[] nodes = internalCluster().getNodeNames();

89
marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java
View File

@ -16,19 +16,31 @@ import org.elasticsearch.marvel.shield.SecuredClient;
import org.elasticsearch.node.settings.NodeSettingsService;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
import org.junit.Test;
import java.util.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasEntry;
import static org.hamcrest.Matchers.hasKey;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
/**
*
*/
public class ExportersTests extends ESTestCase {
private Exporters exporters;
private Map<String, Exporter.Factory> factories;
private MarvelSettingsFilter settingsFilter;
@ -51,8 +63,7 @@ public class ExportersTests extends ESTestCase {
exporters = new Exporters(Settings.EMPTY, factories, settingsFilter, clusterService, nodeSettingsService);
}
@Test
public void testInitExporters_Default() throws Exception {
public void testInitExportersDefault() throws Exception {
Exporter.Factory factory = new TestFactory("_type", true);
factories.put("_type", factory);
Exporters.CurrentExporters internalExporters = exporters.initExporters(Settings.builder()
@ -65,8 +76,7 @@ public class ExportersTests extends ESTestCase {
assertThat(internalExporters.exporters.get("default_" + LocalExporter.TYPE), instanceOf(LocalExporter.class));
}
@Test
public void testInitExporters_Single() throws Exception {
public void testInitExportersSingle() throws Exception {
Exporter.Factory factory = new TestFactory("_type", true);
factories.put("_type", factory);
Exporters.CurrentExporters internalExporters = exporters.initExporters(Settings.builder()
@ -82,8 +92,7 @@ public class ExportersTests extends ESTestCase {
assertThat(internalExporters.exporters.get("_name").type, is("_type"));
}
@Test
public void testInitExporters_Single_Disabled() throws Exception {
public void testInitExportersSingleDisabled() throws Exception {
Exporter.Factory factory = new TestFactory("_type", true);
factories.put("_type", factory);
Exporters.CurrentExporters internalExporters = exporters.initExporters(Settings.builder()
@ -101,22 +110,29 @@ public class ExportersTests extends ESTestCase {
assertThat(internalExporters.exporters.size(), is(0));
}
@Test(expected = SettingsException.class)
public void testInitExporters_Single_UnknownType() throws Exception {
exporters.initExporters(Settings.builder()
.put("_name.type", "unknown_type")
.build());
public void testInitExportersSingleUnknownType() throws Exception {
try {
exporters.initExporters(Settings.builder()
.put("_name.type", "unknown_type")
.build());
fail("Expected SettingsException");
} catch (SettingsException e) {
assertThat(e.getMessage(), containsString("unknown exporter type [unknown_type]"));
}
}
@Test(expected = SettingsException.class)
public void testInitExporters_Single_MissingExporterType() throws Exception {
exporters.initExporters(Settings.builder()
.put("_name.foo", "bar")
.build());
public void testInitExportersSingleMissingExporterType() throws Exception {
try {
exporters.initExporters(Settings.builder()
.put("_name.foo", "bar")
.build());
fail("Expected SettingsException");
} catch (SettingsException e) {
assertThat(e.getMessage(), containsString("missing exporter type for [_name]"));
}
}
@Test
public void testInitExporters_Multiple_SameType() throws Exception {
public void testInitExportersMultipleSameType() throws Exception {
Exporter.Factory factory = new TestFactory("_type", false);
factories.put("_type", factory);
Exporters.CurrentExporters internalExporters = exporters.initExporters(Settings.builder()
@ -137,17 +153,20 @@ public class ExportersTests extends ESTestCase {
assertThat(internalExporters.exporters.get("_name1").type, is("_type"));
}
@Test(expected = SettingsException.class)
public void testInitExporters_Multiple_SameType_Singletons() throws Exception {
public void testInitExportersMultipleSameTypeSingletons() throws Exception {
Exporter.Factory factory = new TestFactory("_type", true);
factories.put("_type", factory);
exporters.initExporters(Settings.builder()
.put("_name0.type", "_type")
.put("_name1.type", "_type")
.build());
try {
exporters.initExporters(Settings.builder()
.put("_name0.type", "_type")
.put("_name1.type", "_type")
.build());
fail("Expected SettingsException");
} catch (SettingsException e) {
assertThat(e.getMessage(), containsString("multiple [_type] exporters are configured. there can only be one"));
}
}
@Test
public void testSettingsUpdate() throws Exception {
Exporter.Factory factory = spy(new TestFactory("_type", false));
factories.put("_type", factory);
@ -188,8 +207,7 @@ public class ExportersTests extends ESTestCase {
assertThat(settings, hasEntry("_name1.foo", "bar"));
}
@Test
public void testOpenBulk_OnMaster() throws Exception {
public void testOpenBulkOnMaster() throws Exception {
Exporter.Factory factory = new MockFactory("mock", false);
Exporter.Factory masterOnlyFactory = new MockFactory("mock_master_only", true);
factories.put("mock", factory);
@ -213,8 +231,7 @@ public class ExportersTests extends ESTestCase {
verify(exporters.getExporter("_name1"), times(1)).openBulk();
}
@Test
public void testExport_NotOnMaster() throws Exception {
public void testExportNotOnMaster() throws Exception {
Exporter.Factory factory = new MockFactory("mock", false);
Exporter.Factory masterOnlyFactory = new MockFactory("mock_master_only", true);
factories.put("mock", factory);
@ -239,7 +256,6 @@ public class ExportersTests extends ESTestCase {
}
static class TestFactory extends Exporter.Factory<TestFactory.TestExporter> {
public TestFactory(String type, boolean singleton) {
super(type, singleton);
}
@ -250,7 +266,6 @@ public class ExportersTests extends ESTestCase {
}
static class TestExporter extends Exporter {
public TestExporter(String type, Config config) {
super(type, config);
}
@ -271,7 +286,6 @@ public class ExportersTests extends ESTestCase {
}
static class MockFactory extends Exporter.Factory<Exporter> {
private final boolean masterOnly;
public MockFactory(String type, boolean masterOnly) {
@ -291,7 +305,6 @@ public class ExportersTests extends ESTestCase {
}
static class TestNodeSettingsService extends NodeSettingsService {
private final List<Listener> listeners = new ArrayList<>();
public TestNodeSettingsService() {

9
marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTests.java
View File

@ -9,6 +9,7 @@ import com.squareup.okhttp.mockwebserver.MockResponse;
import com.squareup.okhttp.mockwebserver.MockWebServer;
import com.squareup.okhttp.mockwebserver.QueueDispatcher;
import com.squareup.okhttp.mockwebserver.RecordedRequest;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.Version;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthStatus;
@ -32,7 +33,6 @@ import org.hamcrest.Matchers;
import org.joda.time.format.DateTimeFormat;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.net.BindException;
@ -46,7 +46,6 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo;
@ESIntegTestCase.ClusterScope(scope = Scope.TEST, numDataNodes = 0, numClientNodes = 0, transportClientRatio = 0.0)
public class HttpExporterTests extends MarvelIntegTestCase {
private int webPort;
private MockWebServer webServer;
@ -73,7 +72,6 @@ public class HttpExporterTests extends MarvelIntegTestCase {
webServer.shutdown();
}
@Test
public void testExport() throws Exception {
enqueueGetClusterVersionResponse(Version.CURRENT);
enqueueResponse(404, "marvel template does not exist");
@ -111,7 +109,6 @@ public class HttpExporterTests extends MarvelIntegTestCase {
assertThat(recordedRequest.getPath(), equalTo("/_bulk"));
}
@Test
public void testDynamicHostChange() {
// disable exporting to be able to use non valid hosts
Settings.Builder builder = Settings.builder()
@ -136,7 +133,6 @@ public class HttpExporterTests extends MarvelIntegTestCase {
assertThat(getExporter(nodeName).hosts, Matchers.arrayContaining("test3"));
}
@Test
public void testHostChangeReChecksTemplate() throws Exception {
Settings.Builder builder = Settings.builder()
@ -237,9 +233,7 @@ public class HttpExporterTests extends MarvelIntegTestCase {
}
}
@Test
public void testDynamicIndexFormatChange() throws Exception {
Settings.Builder builder = Settings.builder()
.put(MarvelSettings.INTERVAL, "-1")
.put("marvel.agent.exporters._http.type", "http")
@ -334,7 +328,6 @@ public class HttpExporterTests extends MarvelIntegTestCase {
assertThat(index.get("_index"), equalTo(expectedMarvelIndex));
}
@Test
public void testLoadRemoteClusterVersion() throws IOException {
final String host = webServer.getHostName() + ":" + webServer.getPort();

8
marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterUtilsTests.java
View File

@ -10,7 +10,6 @@ import org.elasticsearch.marvel.agent.exporter.MarvelTemplateUtils;
import org.elasticsearch.marvel.support.VersionUtils;
import org.elasticsearch.test.ESTestCase;
import org.hamcrest.Matchers;
import org.junit.Test;
import java.io.IOException;
import java.net.MalformedURLException;
@ -24,15 +23,12 @@ import static org.hamcrest.CoreMatchers.equalTo;
public class HttpExporterUtilsTests extends ESTestCase {
@Test
public void testLoadTemplate() {
byte[] template = MarvelTemplateUtils.loadDefaultTemplate();
assertNotNull(template);
assertThat(template.length, Matchers.greaterThan(0));
}
@Test
public void testParseTemplateVersionFromByteArrayTemplate() throws IOException {
byte[] template = MarvelTemplateUtils.loadDefaultTemplate();
assertNotNull(template);
@ -41,7 +37,6 @@ public class HttpExporterUtilsTests extends ESTestCase {
assertNotNull(version);
}
@Test
public void testParseTemplateVersionFromStringTemplate() throws IOException {
List<String> templates = new ArrayList<>();
templates.add("{\"marvel_version\": \"1.4.0.Beta1\"}");
@ -60,7 +55,6 @@ public class HttpExporterUtilsTests extends ESTestCase {
assertNull(version);
}
@Test
public void testParseVersion() throws IOException {
assertNotNull(VersionUtils.parseVersion(MARVEL_VERSION_FIELD, "{\"marvel_version\": \"2.0.0-beta1\"}"));
assertNotNull(VersionUtils.parseVersion(MARVEL_VERSION_FIELD, "{\"marvel_version\": \"2.0.0\"}"));
@ -70,8 +64,6 @@ public class HttpExporterUtilsTests extends ESTestCase {
assertNull(VersionUtils.parseVersion(MARVEL_VERSION_FIELD + "unkown", "{\"marvel_version\": \"1.5.2\"}"));
}
@Test
public void testHostParsing() throws MalformedURLException, URISyntaxException {
URL url = HttpExporterUtils.parseHostWithPath("localhost:9200", "");
verifyUrl(url, "http", "localhost", 9200, "/");

23
marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/local/LocalExporterTests.java
View File

@ -37,7 +37,6 @@ import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.elasticsearch.test.InternalTestCluster;
import org.joda.time.format.DateTimeFormat;
import org.junit.After;
import org.junit.Test;
import java.util.ArrayList;
import java.util.Collections;
@ -48,12 +47,22 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import static org.elasticsearch.marvel.agent.exporter.Exporter.MIN_SUPPORTED_TEMPLATE_VERSION;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
@ClusterScope(scope = Scope.TEST, numDataNodes = 0, numClientNodes = 0, transportClientRatio = 0.0)
public class LocalExporterTests extends MarvelIntegTestCase {
private final static AtomicLong timeStampGenerator = new AtomicLong();
@Override
@ -70,7 +79,6 @@ public class LocalExporterTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testSimpleExport() throws Exception {
internalCluster().startNode(Settings.builder()
.put("marvel.agent.exporters._local.type", LocalExporter.TYPE)
@ -103,7 +111,6 @@ public class LocalExporterTests extends MarvelIntegTestCase {
}
}
@Test
public void testTemplateCreation() throws Exception {
internalCluster().startNode(Settings.builder()
.put("marvel.agent.exporters._local.type", LocalExporter.TYPE)
@ -126,7 +133,6 @@ public class LocalExporterTests extends MarvelIntegTestCase {
assertThat(getCurrentlyInstalledTemplateVersion(), is(Version.CURRENT));
}
@Test
public void testTemplateUpdate() throws Exception {
internalCluster().startNode(Settings.builder()
.put("marvel.agent.exporters._local.type", LocalExporter.TYPE)
@ -171,9 +177,7 @@ public class LocalExporterTests extends MarvelIntegTestCase {
awaitMarvelTemplateInstalled(Version.CURRENT);
}
@Test
public void testUnsupportedTemplateVersion() throws Exception {
Exporter.Config config = new Exporter.Config("_name", Settings.EMPTY, Settings.builder()
.put("type", "local").build());
Client client = mock(Client.class);
@ -209,7 +213,6 @@ public class LocalExporterTests extends MarvelIntegTestCase {
verify(exporter, times(1)).installedTemplateVersionIsSufficient(Version.CURRENT, unsupportedVersion);
}
@Test
public void testIndexTimestampFormat() throws Exception {
long time = System.currentTimeMillis();
String timeFormat = randomFrom("YY", "YYYY", "YYYY.MM", "YYYY-MM", "MM.YYYY", "MM");

9
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/cluster/ClusterInfoTests.java
View File

@ -17,18 +17,20 @@ import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.isEmptyOrNullString;
import static org.hamcrest.Matchers.not;
@ClusterScope(scope = TEST)
public class ClusterInfoTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -49,7 +51,6 @@ public class ClusterInfoTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testClusterInfo() throws Exception {
securedEnsureGreen();

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/cluster/ClusterStateRendererTests.java
View File

@ -16,13 +16,10 @@ import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
public class ClusterStateRendererTests extends ESSingleNodeTestCase {
private static final String SAMPLE_FILE = "/samples/cluster_state.json";
@Test
public void testClusterStateRenderer() throws Exception {
createIndex("my-index", Settings.settingsBuilder()
.put(IndexMetaData.SETTING_NUMBER_OF_SHARDS, 3)

4
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/cluster/ClusterStateTests.java
View File

@ -17,7 +17,6 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@ -27,7 +26,6 @@ import static org.hamcrest.Matchers.greaterThan;
@ClusterScope(scope = Scope.TEST)
public class ClusterStateTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -51,7 +49,6 @@ public class ClusterStateTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testClusterState() throws Exception {
logger.debug("--> waiting for documents to be collected");
awaitMarvelDocsCount(greaterThan(0L), ClusterStateCollector.TYPE);
@ -77,7 +74,6 @@ public class ClusterStateTests extends MarvelIntegTestCase {
* This test should fail if the mapping for the 'nodes' attribute
* in the 'cluster_state' document is NOT set to 'enable: false'
*/
@Test
public void testNoNodesIndexing() throws Exception {
logger.debug("--> waiting for documents to be collected");
awaitMarvelDocsCount(greaterThan(0L), ClusterStateCollector.TYPE);

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/cluster/ClusterStatsRendererTests.java
View File

@ -11,13 +11,10 @@ import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
public class ClusterStatsRendererTests extends ESSingleNodeTestCase {
private static final String SAMPLE_FILE = "/samples/cluster_stats.json";
@Test
public void testClusterStatsRenderer() throws Exception {
createIndex("index-0");

4
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/cluster/ClusterStatsTests.java
View File

@ -15,8 +15,6 @@ import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.util.Locale;
import java.util.Map;
@ -27,7 +25,6 @@ import static org.hamcrest.Matchers.greaterThan;
@ClusterScope(scope = Scope.TEST, numClientNodes = 0)
public class ClusterStatsTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -45,7 +42,6 @@ public class ClusterStatsTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testClusterStats() throws Exception {
logger.debug("--> creating some indices so that every data nodes will at least a shard");
ClusterStatsNodes.Counts counts = client().admin().cluster().prepareClusterStats().get().getNodesStats().getCounts();

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndexRecoveryRendererTests.java
View File

@ -16,7 +16,6 @@ import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
import java.util.ArrayList;
import java.util.HashMap;
@ -24,10 +23,8 @@ import java.util.List;
import java.util.Map;
public class IndexRecoveryRendererTests extends ESTestCase {
private static final String SAMPLE_FILE = "/samples/index_recovery.json";
@Test
public void testIndexRecoveryRenderer() throws Exception {
logger.debug("--> creating the index recovery marvel document");
String indexName = "index-0";

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndexRecoveryTests.java
View File

@ -14,7 +14,6 @@ import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.After;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@ -25,7 +24,6 @@ import static org.hamcrest.Matchers.is;
@ClusterScope(scope = TEST)
public class IndexRecoveryTests extends MarvelIntegTestCase {
private static final String INDEX_PREFIX = "test-index-recovery-";
@Override
@ -46,7 +44,6 @@ public class IndexRecoveryTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testIndexRecovery() throws Exception {
logger.debug("--> creating some indices so that index recovery collector reports data");
for (int i = 0; i < randomIntBetween(1, 10); i++) {

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndexStatsRendererTests.java
View File

@ -21,13 +21,10 @@ import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
public class IndexStatsRendererTests extends ESTestCase {
private static final String SAMPLE_FILE = "/samples/index_stats.json";
@Test
public void testIndexStatsRenderer() throws Exception {
logger.debug("--> creating the index stats marvel document");
IndexStatsMarvelDoc marvelDoc = new IndexStatsMarvelDoc("test", "index_stats", 1437580442979L,

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndexStatsTests.java
View File

@ -15,7 +15,6 @@ import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@ -24,7 +23,6 @@ import static org.hamcrest.Matchers.greaterThan;
@ClusterScope(scope = Scope.TEST, numClientNodes = 0)
public class IndexStatsTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -42,7 +40,6 @@ public class IndexStatsTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testIndexStats() throws Exception {
logger.debug("--> creating some indices for future index stats");
final int nbIndices = randomIntBetween(1, 5);

5
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndicesStatsRendererTests.java
View File

@ -6,20 +6,15 @@
package org.elasticsearch.marvel.agent.renderer.indices;
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.marvel.agent.collector.indices.IndicesStatsMarvelDoc;
import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
public class IndicesStatsRendererTests extends ESSingleNodeTestCase {
private static final String SAMPLE_FILE = "/samples/indices_stats.json";
@Test
public void testIndexStatsRenderer() throws Exception {
createIndex("index-0");

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/indices/IndicesStatsTests.java
View File

@ -15,7 +15,6 @@ import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@ -24,7 +23,6 @@ import static org.hamcrest.Matchers.greaterThan;
@ClusterScope(scope = Scope.TEST, numClientNodes = 0)
public class IndicesStatsTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -42,7 +40,6 @@ public class IndicesStatsTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testIndicesStats() throws Exception {
logger.debug("--> creating some indices for future indices stats");
final int nbIndices = randomIntBetween(1, 5);

3
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/node/NodeStatsRendererTests.java
View File

@ -12,13 +12,10 @@ import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.node.service.NodeService;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
public class NodeStatsRendererTests extends ESSingleNodeTestCase {
private static final String SAMPLE_FILE = "/samples/node_stats.json";
@Test
public void testNodeStatsRenderer() throws Exception {
createIndex("index-0");

4
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/node/NodeStatsTests.java
View File

@ -12,11 +12,9 @@ import org.elasticsearch.marvel.agent.exporter.local.LocalExporter;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@ -25,7 +23,6 @@ import static org.hamcrest.Matchers.greaterThan;
@ClusterScope(scope = Scope.TEST)
public class NodeStatsTests extends MarvelIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -43,7 +40,6 @@ public class NodeStatsTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testNodeStats() throws Exception {
logger.debug("--> creating some indices for future node stats");
final int numDocs = between(50, 150);

4
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/shards/ShardsRendererTests.java
View File

@ -14,15 +14,12 @@ import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererTestUtils;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.test.StreamsUtils;
import org.junit.Test;
import java.io.IOException;
public class ShardsRendererTests extends ESSingleNodeTestCase {
private static final String SAMPLE_FILE = "/samples/shards.json";
@Test
public void testShardsRenderer() throws Exception {
createIndex("my-index", Settings.settingsBuilder()
.put(IndexMetaData.SETTING_NUMBER_OF_SHARDS, 1)
@ -47,7 +44,6 @@ public class ShardsRendererTests extends ESSingleNodeTestCase {
RendererTestUtils.assertJSONStructure(result, expected);
}
@Test
public void testNoShard() throws IOException {
String result = RendererTestUtils.renderAsJSON(new ShardMarvelDoc("my-index", "shards", "my-id", "cluster-uuid", 1437580442979L, null, "my-state-uuid"), new ShardsRenderer());
RendererTestUtils.assertJSONStructureAndValues(result, "{\"cluster_uuid\":\"my-cluster-uuid\",\"timestamp\":\"2015-07-22T15:54:02.979Z\",\"state_uuid\":\"my-state-uuid\"}");

9
marvel/src/test/java/org/elasticsearch/marvel/agent/renderer/shards/ShardsTests.java
View File

@ -20,17 +20,18 @@ import org.elasticsearch.search.aggregations.bucket.terms.StringTerms;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.junit.After;
import org.junit.Test;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.instanceOf;
@ClusterScope(scope = Scope.TEST)
public class ShardsTests extends MarvelIntegTestCase {
private static final String INDEX_PREFIX = "test-shards-";
@Override
@ -51,7 +52,6 @@ public class ShardsTests extends MarvelIntegTestCase {
wipeMarvelIndices();
}
@Test
public void testShards() throws Exception {
logger.debug("--> creating some indices so that shards collector reports data");
for (int i = 0; i < randomIntBetween(1, 5); i++) {
@ -87,7 +87,6 @@ public class ShardsTests extends MarvelIntegTestCase {
* This test uses a terms aggregation to check that the "not_analyzed"
* fields of the "shards" document type are indeed not analyzed
*/
@Test
public void testNotAnalyzedFields() throws Exception {
final String indexName = INDEX_PREFIX + randomInt();
assertAcked(prepareCreate(indexName).setSettings(IndexMetaData.SETTING_NUMBER_OF_SHARDS, 1, IndexMetaData.SETTING_NUMBER_OF_REPLICAS, 0));

6
marvel/src/test/java/org/elasticsearch/marvel/agent/settings/MarvelSettingTests.java
View File

@ -8,14 +8,11 @@ package org.elasticsearch.marvel.agent.settings;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.elasticsearch.common.settings.Settings.settingsBuilder;
import static org.hamcrest.Matchers.equalTo;
public class MarvelSettingTests extends ESTestCase {
@Test
public void testBooleanMarvelSetting() {
String name = randomAsciiOfLength(10);
String description = randomAsciiOfLength(20);
@ -36,7 +33,6 @@ public class MarvelSettingTests extends ESTestCase {
assertTrue(setting.getValue());
}
@Test
public void testTimeValueMarvelSetting() {
String name = randomAsciiOfLength(10);
String description = randomAsciiOfLength(20);
@ -66,7 +62,6 @@ public class MarvelSettingTests extends ESTestCase {
assertThat(setting.getValue().millis(), equalTo(updated.millis()));
}
@Test
public void testStringMarvelSetting() {
String name = randomAsciiOfLength(10);
String description = randomAsciiOfLength(20);
@ -96,7 +91,6 @@ public class MarvelSettingTests extends ESTestCase {
assertThat(setting.getValue(), equalTo(updated));
}
@Test
public void testStringArrayMarvelSetting() {
String name = randomAsciiOfLength(10);
String description = randomAsciiOfLength(20);

8
marvel/src/test/java/org/elasticsearch/marvel/agent/settings/MarvelSettingsTests.java
View File

@ -11,7 +11,6 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ESIntegTestCase;
import org.junit.Test;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.equalTo;
@ -19,7 +18,6 @@ import static org.hamcrest.Matchers.instanceOf;
@ESIntegTestCase.ClusterScope(scope = ESIntegTestCase.Scope.TEST, numDataNodes = 1, numClientNodes = 0)
public class MarvelSettingsTests extends MarvelIntegTestCase {
private final TimeValue interval = newRandomTimeValue();
private final TimeValue indexStatsTimeout = newRandomTimeValue();
private final TimeValue indicesStatsTimeout = newRandomTimeValue();
@ -29,7 +27,6 @@ public class MarvelSettingsTests extends MarvelIntegTestCase {
private final TimeValue recoveryTimeout = newRandomTimeValue();
private final Boolean recoveryActiveOnly = randomBoolean();
private final String[] collectors = randomStringArray();
private final TimeValue licenseGracePeriod = randomExpirationDelay();
@Override
protected Settings nodeSettings(int nodeOrdinal) {
@ -54,7 +51,6 @@ public class MarvelSettingsTests extends MarvelIntegTestCase {
.build();
}
@Test
public void testMarvelSettings() throws Exception {
logger.info("--> testing marvel settings service initialization");
for (final MarvelSettings marvelSettings : internalCluster().getInstances(MarvelSettings.class)) {
@ -173,8 +169,4 @@ public class MarvelSettingsTests extends MarvelIntegTestCase {
}
return items;
}
private TimeValue randomExpirationDelay() {
return randomBoolean() ? newRandomTimeValue() : TimeValue.timeValueHours(randomIntBetween(-10, 10) * 24);
}
}

10
marvel/src/test/java/org/elasticsearch/marvel/license/LicenseIntegrationTests.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.marvel.license;
import com.carrotsearch.randomizedtesting.RandomizedTest;
import com.carrotsearch.randomizedtesting.SysGlobals;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.common.inject.Inject;
@ -21,9 +22,12 @@ import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.junit.Test;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.hamcrest.Matchers.equalTo;
@ -32,7 +36,6 @@ import static org.hamcrest.Matchers.isOneOf;
@ClusterScope(scope = SUITE, transportClientRatio = 0, numClientNodes = 0)
public class LicenseIntegrationTests extends MarvelIntegTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
if (shieldEnabled) {
@ -48,7 +51,6 @@ public class LicenseIntegrationTests extends MarvelIntegTestCase {
.build();
}
@Test
public void testEnableDisableLicense() {
assertThat(getLicensee().getStatus().getLicenseState(), isOneOf(LicenseState.ENABLED, LicenseState.GRACE_PERIOD));
assertThat(getLicensee().collectionEnabled(), is(true));

3
qa/shield-audit-tests/src/test/java/org/elasticsearch/shield/audit/IndexAuditIT.java
View File

@ -14,7 +14,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import java.util.Collection;
import java.util.Collections;
@ -24,11 +23,9 @@ import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
public class IndexAuditIT extends ESIntegTestCase {
private static final String USER = "test_user";
private static final String PASS = "changeme";
@Test
public void testShieldIndexAuditTrailWorking() throws Exception {
HttpResponse response = httpClient().path("/_cluster/health")
.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))

8
qa/shield-client-tests/src/test/java/org/elasticsearch/shield/qa/ShieldTransportClientIT.java
View File

@ -16,20 +16,19 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.ESIntegTestCase;
import org.junit.Test;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
/**
* Integration tests that test a transport client with Shield being loaded that connect to an external cluster
*/
public class ShieldTransportClientIT extends ESIntegTestCase {
static final String ADMIN_USER_PW = "test_user:changeme";
static final String TRANSPORT_USER_PW = "transport:changeme";
@ -45,7 +44,6 @@ public class ShieldTransportClientIT extends ESIntegTestCase {
return Collections.singletonList(ShieldPlugin.class);
}
@Test
public void testThatTransportClientWithoutAuthenticationDoesNotWork() throws Exception {
try (TransportClient client = transportClient(Settings.EMPTY)) {
boolean connected = awaitBusy(() -> {
@ -56,7 +54,6 @@ public class ShieldTransportClientIT extends ESIntegTestCase {
}
}
@Test
public void testThatTransportClientAuthenticationWithTransportClientRole() throws Exception {
Settings settings = Settings.builder()
.put("shield.user", TRANSPORT_USER_PW)
@ -78,7 +75,6 @@ public class ShieldTransportClientIT extends ESIntegTestCase {
}
}
@Test
public void testTransportClientWithAdminUser() throws Exception {
final boolean useTransportUser = randomBoolean();
Settings settings = Settings.builder()

8
qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmIT.java
View File

@ -17,18 +17,16 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import java.util.Collection;
import java.util.Collections;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.is;
/**
* Integration test to test authentication with the custom realm
*/
public class CustomRealmIT extends ESIntegTestCase {
@Override
protected Settings externalClusterClientSettings() {
return Settings.builder()
@ -42,7 +40,6 @@ public class CustomRealmIT extends ESIntegTestCase {
return Collections.<Class<? extends Plugin>>singleton(ShieldPlugin.class);
}
@Test
public void testHttpConnectionWithNoAuthentication() throws Exception {
HttpResponse response = httpClient().path("/").execute();
assertThat(response.getStatusCode(), is(401));
@ -50,7 +47,6 @@ public class CustomRealmIT extends ESIntegTestCase {
assertThat(value, is("custom-challenge"));
}
@Test
public void testHttpAuthentication() throws Exception {
HttpResponse response = httpClient().path("/")
.addHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER)
@ -59,7 +55,6 @@ public class CustomRealmIT extends ESIntegTestCase {
assertThat(response.getStatusCode(), is(200));
}
@Test
public void testTransportClient() throws Exception {
NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().get();
NodeInfo[] nodes = nodeInfos.getNodes();
@ -79,7 +74,6 @@ public class CustomRealmIT extends ESIntegTestCase {
}
}
@Test
public void testTransportClientWrongAuthentication() throws Exception {
NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().get();
NodeInfo[] nodes = nodeInfos.getNodes();

8
qa/shield-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java
View File

@ -11,13 +11,12 @@ import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
public class CustomRealmTests extends ESTestCase {
@Test
public void testAuthenticate() {
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings));
@ -28,7 +27,6 @@ public class CustomRealmTests extends ESTestCase {
assertThat(user.principal(), equalTo(CustomRealm.KNOWN_USER));
}
@Test
public void testAuthenticateBadUser() {
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
CustomRealm realm = new CustomRealm(new RealmConfig("test", Settings.EMPTY, globalSettings));

19
qa/shield-tribe-node-tests/src/test/java/org/elasticsearch/shield/TribeRestTestCase.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.shield;
import com.carrotsearch.randomizedtesting.RandomizedTest;
import com.carrotsearch.randomizedtesting.annotations.TestGroup;
import com.carrotsearch.randomizedtesting.annotations.TimeoutSuite;
import org.apache.lucene.util.IOUtils;
import org.apache.lucene.util.LuceneTestCase.SuppressCodecs;
import org.apache.lucene.util.LuceneTestCase.SuppressFsync;
@ -16,12 +17,7 @@ import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.node.Node;
import org.elasticsearch.repositories.uri.URLRepository;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.rest.ESRestTestCase;
@ -41,7 +37,6 @@ import org.elasticsearch.test.rest.support.FileUtils;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.IOException;
import java.io.InputStream;
@ -50,7 +45,12 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.net.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
@ -228,13 +228,13 @@ public abstract class TribeRestTestCase extends ESTestCase {
@SuppressForbidden(reason = "proper use of URL, hack around a JDK bug")
static FileSystem getFileSystem() throws IOException {
// REST suite handling is currently complicated, with lots of filtering and so on
// For now, to work embedded in a jar, return a ZipFileSystem over the jar contents.
// For now, to work embedded in a jar, return a ZipFileSystem over the jar contents.
URL codeLocation = FileUtils.class.getProtectionDomain().getCodeSource().getLocation();
boolean loadPackaged = RandomizedTest.systemPropertyAsBoolean(REST_LOAD_PACKAGED_TESTS, true);
if (codeLocation.getFile().endsWith(".jar") && loadPackaged) {
try {
// hack around a bug in the zipfilesystem implementation before java 9,
// its checkWritable was incorrect and it won't work without write permissions.
// its checkWritable was incorrect and it won't work without write permissions.
// if we add the permission, it will open jars r/w, which is too scary! so copy to a safe r-w location.
Path tmp = Files.createTempFile(null, ".jar");
try (InputStream in = codeLocation.openStream()) {
@ -349,7 +349,6 @@ public abstract class TribeRestTestCase extends ESTestCase {
return messageBuilder.toString();
}
@Test
public void test() throws IOException {
//let's check that there is something to run, otherwise there might be a problem with the test section
if (testCandidate.getTestSection().getExecutableSections().size() == 0) {

4
qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.smoketest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.junit.Test;
import java.io.IOException;
@ -15,12 +14,10 @@ import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.containsString;
public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
super(testCandidate);
}
@Test
public void test() throws IOException {
try {
super.test();
@ -37,4 +34,3 @@ public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
return new String[]{"powerless_user", "changeme"};
}
}

4
qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.smoketest;
import com.carrotsearch.randomizedtesting.annotations.Name;
import org.elasticsearch.test.rest.RestTestCandidate;
import org.junit.Test;
import java.io.IOException;
@ -15,12 +14,10 @@ import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.containsString;
public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
super(testCandidate);
}
@Test
public void test() throws IOException {
try {
super.test();
@ -37,4 +34,3 @@ public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
return new String[]{"powerless_user", "changeme"};
}
}

21
shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
View File

@ -27,20 +27,27 @@ import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.BeforeClass;
import org.junit.Test;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.sameInstance;
/**
*
*/
public class ClearRealmsCacheTests extends ShieldIntegTestCase {
private static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
private static String[] usernames;
@ -211,28 +218,23 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
"r1:" + Strings.arrayToCommaDelimitedString(usernames);
}
@Test
public void testEvictAll() throws Exception {
testScenario(Scenario.EVICT_ALL);
}
@Test
public void testEvictSome() throws Exception {
testScenario(Scenario.EVICT_SOME);
}
@Test
public void testEvictAllHttp() throws Exception {
testScenario(Scenario.EVICT_ALL_HTTP);
}
@Test
public void testEvictSomeHttp() throws Exception {
testScenario(Scenario.EVICT_SOME_HTTP);
}
private void testScenario(Scenario scenario) throws Exception {
Map<String, UsernamePasswordToken> tokens = new HashMap<>();
for (String user : usernames) {
tokens.put(user, new UsernamePasswordToken(user, SecuredStringTests.build("passwd")));
@ -243,7 +245,6 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
realms.add(nodeRealms.realm("esusers"));
}
// we authenticate each user on each of the realms to make sure they're all cached
Map<String, Map<Realm, User>> users = new HashMap<>();
for (Realm realm : realms) {

15
shield/src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -35,19 +35,23 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.transport.Transport;
import org.junit.After;
import org.junit.Test;
import java.util.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*
*/
public class LicensingTests extends ShieldIntegTestCase {
public static final String ROLES =
ShieldSettingsSource.DEFAULT_ROLE + ":\n" +
" cluster: all\n" +
@ -112,7 +116,6 @@ public class LicensingTests extends ShieldIntegTestCase {
enableLicensing();
}
@Test
public void testEnableDisableBehaviour() throws Exception {
IndexResponse indexResponse = index("test", "type", jsonBuilder()
.startObject()
@ -187,7 +190,6 @@ public class LicensingTests extends ShieldIntegTestCase {
assertThat(nodeStats, notNullValue());
}
@Test
public void testRestAuthenticationByLicenseType() throws Exception {
// the default of the licensing tests is basic
assertThat(httpClient().path("/").execute().getStatusCode(), is(200));
@ -198,7 +200,6 @@ public class LicensingTests extends ShieldIntegTestCase {
assertThat(httpClient().path("/").execute().getStatusCode(), is(401));
}
@Test
public void testTransportClientAuthenticationByLicenseType() throws Exception {
Settings.Builder builder = Settings.builder()
.put(internalCluster().transportClient().settings());

6
shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
View File

@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.Test;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
@ -28,7 +27,6 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFa
import static org.hamcrest.Matchers.is;
public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
@Override
@ -64,7 +62,6 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
"role_b:user_ab\n";
}
@Test
public void testSingleRole() throws Exception {
IndexResponse indexResponse = index("test", "type", jsonBuilder()
.startObject()
@ -140,16 +137,13 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
assertHitCount(searchResponse, 1);
}
@Test
public void testMultipleRoles() throws Exception {
IndexResponse indexResponse = index("a", "type", jsonBuilder()
.startObject()
.field("name", "value_a")
.endObject());
assertThat(indexResponse.isCreated(), is(true));
indexResponse = index("b", "type", jsonBuilder()
.startObject()
.field("name", "value_b")

4
shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
View File

@ -15,7 +15,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Test;
import java.util.List;
@ -32,7 +31,6 @@ import static org.hamcrest.Matchers.hasSize;
* index template actions.
*/
public class PermissionPrecedenceTests extends ShieldIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));
@Override
@ -86,9 +84,7 @@ public class PermissionPrecedenceTests extends ShieldIntegTestCase {
return new SecuredString("test123".toCharArray());
}
@Test
public void testDifferentCombinationsOfIndices() throws Exception {
Client client = internalCluster().transportClient();
// first lets try with "admin"... all should work

13
shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
View File

@ -13,18 +13,17 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.crypto.CryptoService;
import org.elasticsearch.shield.crypto.InternalCryptoService;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Test;
import java.util.Locale;
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
public class ScrollIdSigningTests extends ShieldIntegTestCase {
@Test
public void testSearchAndClearScroll() throws Exception {
IndexRequestBuilder[] docs = new IndexRequestBuilder[randomIntBetween(20, 100)];
for (int i = 0; i < docs.length; i++) {
@ -54,8 +53,7 @@ public class ScrollIdSigningTests extends ShieldIntegTestCase {
}
}
@Test
public void testSearchScroll_WithTamperedScrollId() throws Exception {
public void testSearchScrollWithTamperedScrollId() throws Exception {
IndexRequestBuilder[] docs = new IndexRequestBuilder[randomIntBetween(20, 100)];
for (int i = 0; i < docs.length; i++) {
docs[i] = client().prepareIndex("idx", "type").setSource("field", "value");
@ -79,8 +77,7 @@ public class ScrollIdSigningTests extends ShieldIntegTestCase {
}
}
@Test
public void testClearScroll_WithTamperedScrollId() throws Exception {
public void testClearScrollWithTamperedScrollId() throws Exception {
IndexRequestBuilder[] docs = new IndexRequestBuilder[randomIntBetween(20, 100)];
for (int i = 0; i < docs.length; i++) {
docs[i] = client().prepareIndex("idx", "type").setSource("field", "value");

8
shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java
View File

@ -18,7 +18,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Test;
import static org.elasticsearch.client.Requests.searchRequest;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
@ -28,7 +27,6 @@ import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
@Override
@ -68,8 +66,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
/**
* testing both "search" and "suggest" privileges can execute the suggest API
*/
@Test
public void testSuggestAPI() throws Exception {
public void testSuggestAPI() throws Exception {
IndexResponse indexResponse = index("a", "type", jsonBuilder()
.startObject()
.field("name", "value")
@ -106,7 +103,6 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
/**
* testing that "search" privilege cannot execute the get API
*/
@Test
public void testGetAPI() throws Exception {
IndexResponse indexResponse = index("a", "type", jsonBuilder()
.startObject()
@ -133,7 +129,6 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
/**
* testing that "get" privilege can execute the mget API, and "search" privilege cannot execute mget
*/
@Test
public void testMultiGetAPI() throws Exception {
IndexResponse indexResponse = index("a", "type", jsonBuilder()
.startObject()
@ -167,7 +162,6 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
/**
* testing that "search" privilege can execute the msearch API
*/
@Test
public void testMultiSearchAPI() throws Exception {
IndexResponse indexResponse = index("a", "type", jsonBuilder()
.startObject()

5
shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java
View File

@ -16,12 +16,12 @@ import org.elasticsearch.node.Node;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.ssl.AbstractSSLService;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.After;
import org.junit.Test;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@ -30,7 +30,6 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
@ -38,7 +37,6 @@ import static org.hamcrest.Matchers.is;
@ClusterScope(scope = SUITE)
public class SettingsFilterTests extends ShieldIntegTestCase {
private CloseableHttpClient httpClient = HttpClients.createDefault();
@After
@ -109,7 +107,6 @@ public class SettingsFilterTests extends ShieldIntegTestCase {
return false;
}
@Test
public void testFiltering() throws Exception {
HttpResponse response = executeRequest("GET", "/_nodes", null, Collections.<String, String>emptyMap());
List<Settings> list = extractSettings(response.getBody());

4
shield/src/test/java/org/elasticsearch/integration/ShieldCachePermissionTests.java
View File

@ -19,7 +19,6 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import java.util.Collections;
@ -28,7 +27,6 @@ import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
public class ShieldCachePermissionTests extends ShieldIntegTestCase {
static final String READ_ONE_IDX_USER = "read_user";
@Override
@ -75,7 +73,6 @@ public class ShieldCachePermissionTests extends ShieldIntegTestCase {
refresh();
}
@Test
public void testThatTermsFilterQueryDoesntLeakData() {
SearchResponse response = client().prepareSearch("data").setTypes("a").setQuery(QueryBuilders.constantScoreQuery(
QueryBuilders.termsLookupQuery("token", new TermsLookup("tokens", "tokens", "1", "tokens"))))
@ -96,7 +93,6 @@ public class ShieldCachePermissionTests extends ShieldIntegTestCase {
}
}
@Test
public void testThatScriptServiceDoesntLeakData() {
SearchResponse response = client().prepareSearch("data").setTypes("a")
.setTemplate(new Template("testTemplate", ScriptService.ScriptType.INDEXED, MustacheScriptEngineService.NAME, null, Collections.<String, Object>singletonMap("name", "token")))

4
shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
View File

@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.util.ArrayList;
import java.util.List;
@ -28,7 +27,6 @@ import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
public class ShieldClearScrollTests extends ShieldIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));
private List<String> scrollIds;
@ -84,7 +82,6 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
client().prepareClearScroll().addScrollId("_all").get();
}
@Test
public void testThatClearingAllScrollIdsWorks() throws Exception {
String shieldUser = "allowed_user:change_me";
String basicAuth = basicAuthHeaderValue("allowed_user", new SecuredString("change_me".toCharArray()));
@ -97,7 +94,6 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
assertThatScrollIdsDoNotExist(scrollIds);
}
@Test
public void testThatClearingAllScrollIdsRequirePermissions() throws Exception {
String shieldUser = "denied_user:change_me";
String basicAuth = basicAuthHeaderValue("denied_user", new SecuredString("change_me".toCharArray()));

4
shield/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.integration.ldap;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Test;
import java.io.IOException;
@ -16,14 +15,11 @@ import java.io.IOException;
*/
@Network
public class GroupMappingTests extends AbstractAdLdapRealmTestCase {
@Test
public void testAuthcAuthz() throws IOException {
String avenger = realmConfig.loginWithCommonName ? "Natasha Romanoff" : "blackwidow";
assertAccessAllowed(avenger, "avengers");
}
@Test
public void testGroupMapping() throws IOException {
String asgardian = "odin";
String shieldPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";

3
shield/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.integration.ldap;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Test;
import java.io.IOException;
@ -15,7 +14,6 @@ import java.io.IOException;
*/
@Network
public class MultiGroupMappingTests extends AbstractAdLdapRealmTestCase {
@Override
protected String configRoles() {
return super.configRoles() +
@ -39,7 +37,6 @@ public class MultiGroupMappingTests extends AbstractAdLdapRealmTestCase {
" - \"cn=Philanthropists,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com\"";
}
@Test
public void testGroupMapping() throws IOException {
String asgardian = "odin";
String shieldPhilanthropist = realmConfig.loginWithCommonName ? "Bruce Banner" : "hulk";

9
shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
View File

@ -27,19 +27,20 @@ import org.elasticsearch.transport.TransportService;
import org.hamcrest.Matcher;
import org.junit.After;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.IOException;
import static org.elasticsearch.rest.RestStatus.OK;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
/**
*
*/
public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
private static boolean enabled;
@BeforeClass
@ -84,7 +85,6 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
return LicensingTests.InternalLicensePlugin.NAME;
}
@Test
public void testTransportEnabledDisabled() throws Exception {
for (TransportService service : internalCluster().getInstances(TransportService.class)) {
Matcher<TransportService> matcher = instanceOf(ShieldServerTransportService.class);
@ -102,7 +102,6 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
}
}
@Test
public void testShieldInfoStatus() throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
OperationMode mode;

8
shield/src/test/java/org/elasticsearch/shield/ShieldPluginSettingsTests.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
@ -15,11 +14,9 @@ import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.Matchers.arrayContaining;
public class ShieldPluginSettingsTests extends ESTestCase {
private static final String TRIBE_T1_SHIELD_ENABLED = "tribe.t1." + ShieldPlugin.ENABLED_SETTING_NAME;
private static final String TRIBE_T2_SHIELD_ENABLED = "tribe.t2." + ShieldPlugin.ENABLED_SETTING_NAME;
@Test
public void testShieldIsMandatoryOnTribes() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.put("tribe.t2.cluster.name", "non_existing").build();
@ -33,7 +30,6 @@ public class ShieldPluginSettingsTests extends ESTestCase {
assertThat(additionalSettings.getAsArray("tribe.t2.plugin.mandatory", null), arrayContaining(ShieldPlugin.NAME));
}
@Test
public void testAdditionalMandatoryPluginsOnTribes() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.putArray("tribe.t1.plugin.mandatory", "test_plugin").build();
@ -50,7 +46,6 @@ public class ShieldPluginSettingsTests extends ESTestCase {
}
}
@Test
public void testMandatoryPluginsOnTribesShieldAlreadyMandatory() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.putArray("tribe.t1.plugin.mandatory", "test_plugin", ShieldPlugin.NAME).build();
@ -67,7 +62,6 @@ public class ShieldPluginSettingsTests extends ESTestCase {
assertThat(finalMandatoryPlugins[1], equalTo(ShieldPlugin.NAME));
}
@Test
public void testShieldIsEnabledByDefaultOnTribes() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.put("tribe.t2.cluster.name", "non_existing").build();
@ -80,7 +74,6 @@ public class ShieldPluginSettingsTests extends ESTestCase {
assertThat(additionalSettings.getAsBoolean(TRIBE_T2_SHIELD_ENABLED, null), equalTo(true));
}
@Test
public void testShieldDisabledOnATribe() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.put(TRIBE_T1_SHIELD_ENABLED, false)
@ -96,7 +89,6 @@ public class ShieldPluginSettingsTests extends ESTestCase {
}
}
@Test
public void testShieldDisabledOnTribesShieldAlreadyMandatory() {
Settings settings = Settings.builder().put("tribe.t1.cluster.name", "non_existing")
.put(TRIBE_T1_SHIELD_ENABLED, false)

7
shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java
View File

@ -15,17 +15,17 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import java.io.IOException;
import static org.elasticsearch.rest.RestStatus.OK;
import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
public class ShieldPluginTests extends ShieldIntegTestCase {
@Override
public Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -34,7 +34,6 @@ public class ShieldPluginTests extends ShieldIntegTestCase {
.build();
}
@Test
public void testThatPluginIsLoaded() throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {

14
shield/src/test/java/org/elasticsearch/shield/UserTests.java
View File

@ -9,15 +9,17 @@ import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.io.stream.ByteBufferStreamInput;
import org.elasticsearch.common.io.stream.BytesStreamOutput;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.util.Arrays;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.sameInstance;
public class UserTests extends ESTestCase {
@Test
public void testWriteToAndReadFrom() throws Exception {
User user = new User.Simple(randomAsciiOfLengthBetween(4, 30), generateRandomStringArray(20, 30, false));
BytesStreamOutput output = new BytesStreamOutput();
@ -31,7 +33,6 @@ public class UserTests extends ESTestCase {
assertThat(readFrom.runAs(), is(nullValue()));
}
@Test
public void testWriteToAndReadFromWithRunAs() throws Exception {
User runAs = new User.Simple(randomAsciiOfLengthBetween(4, 30), randomBoolean() ? generateRandomStringArray(20, 30, false) : null);
User user = new User.Simple(randomAsciiOfLengthBetween(4, 30), generateRandomStringArray(20, 30, false), runAs);
@ -50,7 +51,6 @@ public class UserTests extends ESTestCase {
assertThat(readFromRunAs.runAs(), is(nullValue()));
}
@Test
public void testSystemReadAndWrite() throws Exception {
BytesStreamOutput output = new BytesStreamOutput();
@ -63,7 +63,6 @@ public class UserTests extends ESTestCase {
assertThat(readFrom.runAs(), is(nullValue()));
}
@Test
public void testFakeSystemUserSerialization() throws Exception {
BytesStreamOutput output = new BytesStreamOutput();
output.writeBoolean(true);
@ -76,7 +75,6 @@ public class UserTests extends ESTestCase {
}
}
@Test
public void testCreateUserRunningAsSystemUser() throws Exception {
try {
new User.Simple(randomAsciiOfLengthBetween(3, 10), generateRandomStringArray(16, 30, false), User.SYSTEM);

4
shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java
View File

@ -6,9 +6,7 @@
package org.elasticsearch.shield;
import org.elasticsearch.Version;
import org.elasticsearch.shield.license.ShieldLicensee;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.CoreMatchers.is;
@ -25,8 +23,6 @@ import static org.hamcrest.CoreMatchers.is;
* helps keeping track of this and eventually making changes when needed.
*/
public class VersionCompatibilityTests extends ESTestCase {
@Test
public void testCompatibility() {
/**
* see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link ShieldLicensee}

22
shield/src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java
View File

@ -20,20 +20,25 @@ import org.elasticsearch.shield.crypto.CryptoService;
import org.elasticsearch.shield.license.ShieldLicenseState;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
import org.junit.Test;
import java.util.HashSet;
import static org.hamcrest.Matchers.equalTo;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
/**
*
*/
public class ShieldActionFilterTests extends ESTestCase {
private AuthenticationService authcService;
private AuthorizationService authzService;
private CryptoService cryptoService;
@ -53,7 +58,6 @@ public class ShieldActionFilterTests extends ESTestCase {
filter = new ShieldActionFilter(Settings.EMPTY, authcService, authzService, cryptoService, auditTrail, shieldLicenseState, new ShieldActionMapper(), new HashSet<RequestInterceptor>());
}
@Test
public void testApply() throws Exception {
ActionRequest request = mock(ActionRequest.class);
ActionListener listener = mock(ActionListener.class);
@ -66,8 +70,7 @@ public class ShieldActionFilterTests extends ESTestCase {
verify(chain).proceed(eq("_action"), eq(request), isA(ShieldActionFilter.SigningListener.class));
}
@Test
public void testAction_Process_Exception() throws Exception {
public void testActionProcessException() throws Exception {
ActionRequest request = mock(ActionRequest.class);
ActionListener listener = mock(ActionListener.class);
ActionFilterChain chain = mock(ActionFilterChain.class);
@ -80,8 +83,7 @@ public class ShieldActionFilterTests extends ESTestCase {
verifyNoMoreInteractions(chain);
}
@Test
public void testAction_Signature() throws Exception {
public void testActionSignature() throws Exception {
SearchScrollRequest request = new SearchScrollRequest("signed_scroll_id");
ActionListener listener = mock(ActionListener.class);
ActionFilterChain chain = mock(ActionFilterChain.class);
@ -95,8 +97,7 @@ public class ShieldActionFilterTests extends ESTestCase {
verify(chain).proceed(eq("_action"), eq(request), isA(ShieldActionFilter.SigningListener.class));
}
@Test
public void testAction_SignatureError() throws Exception {
public void testActionSignatureError() throws Exception {
SearchScrollRequest request = new SearchScrollRequest("scroll_id");
ActionListener listener = mock(ActionListener.class);
ActionFilterChain chain = mock(ActionFilterChain.class);
@ -111,7 +112,6 @@ public class ShieldActionFilterTests extends ESTestCase {
verifyNoMoreInteractions(chain);
}
@Test
public void testApplyUnlicensed() throws Exception {
ActionRequest request = mock(ActionRequest.class);
ActionListener listener = mock(ActionListener.class);

7
shield/src/test/java/org/elasticsearch/shield/action/ShieldActionMapperTests.java
View File

@ -11,7 +11,6 @@ import org.elasticsearch.action.search.ClearScrollAction;
import org.elasticsearch.action.search.ClearScrollRequest;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.KnownActionsTests;
import org.junit.Test;
import java.util.ArrayList;
import java.util.Collections;
@ -20,8 +19,6 @@ import java.util.List;
import static org.hamcrest.CoreMatchers.equalTo;
public class ShieldActionMapperTests extends ESTestCase {
@Test
public void testThatAllOrdinaryActionsRemainTheSame() {
List<String> actions = new ArrayList<>();
actions.addAll(KnownActionsTests.loadKnownActions());
@ -45,7 +42,6 @@ public class ShieldActionMapperTests extends ESTestCase {
}
}
@Test
public void testClearScroll() {
ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
ClearScrollRequest clearScrollRequest = new ClearScrollRequest();
@ -56,7 +52,6 @@ public class ShieldActionMapperTests extends ESTestCase {
assertThat(shieldActionMapper.action(ClearScrollAction.NAME, clearScrollRequest), equalTo(ClearScrollAction.NAME));
}
@Test
public void testClearScrollAll() {
ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
ClearScrollRequest clearScrollRequest = new ClearScrollRequest();
@ -71,7 +66,6 @@ public class ShieldActionMapperTests extends ESTestCase {
assertThat(shieldActionMapper.action(ClearScrollAction.NAME, clearScrollRequest), equalTo(ShieldActionMapper.CLUSTER_PERMISSION_SCROLL_CLEAR_ALL_NAME));
}
@Test
public void testIndicesAnalyze() {
ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
AnalyzeRequest analyzeRequest;
@ -84,7 +78,6 @@ public class ShieldActionMapperTests extends ESTestCase {
assertThat(shieldActionMapper.action(AnalyzeAction.NAME, analyzeRequest), equalTo(AnalyzeAction.NAME));
}
@Test
public void testClusterAnalyze() {
ShieldActionMapper shieldActionMapper = new ShieldActionMapper();
AnalyzeRequest analyzeRequest = new AnalyzeRequest(null).text("text");

11
shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java
View File

@ -16,16 +16,15 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPoolModule;
import org.elasticsearch.transport.TransportModule;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*
*/
public class AuditTrailModuleTests extends ESTestCase {
@Test
public void testEnabled() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node")
@ -36,7 +35,6 @@ public class AuditTrailModuleTests extends ESTestCase {
assertThat(auditTrail, is(AuditTrail.NOOP));
}
@Test
public void testDisabledByDefault() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node").build();
@ -45,7 +43,6 @@ public class AuditTrailModuleTests extends ESTestCase {
assertThat(auditTrail, is(AuditTrail.NOOP));
}
@Test
public void testLogfile() throws Exception {
Settings settings = Settings.builder()
.put("shield.audit.enabled", true)
@ -65,7 +62,6 @@ public class AuditTrailModuleTests extends ESTestCase {
}
}
@Test
public void testUnknownOutput() throws Exception {
Settings settings = Settings.builder()
.put("shield.audit.enabled", true)
@ -79,5 +75,4 @@ public class AuditTrailModuleTests extends ESTestCase {
// expected
}
}
}

23
shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailServiceTests.java
View File

@ -14,7 +14,6 @@ import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import org.junit.Test;
import java.net.InetAddress;
import java.util.HashSet;
@ -28,7 +27,6 @@ import static org.mockito.Mockito.verify;
*
*/
public class AuditTrailServiceTests extends ESTestCase {
private Set<AuditTrail> auditTrails;
private AuditTrailService service;
@ -49,7 +47,6 @@ public class AuditTrailServiceTests extends ESTestCase {
restRequest = mock(RestRequest.class);
}
@Test
public void testAuthenticationFailed() throws Exception {
service.authenticationFailed(token, "_action", message);
for (AuditTrail auditTrail : auditTrails) {
@ -57,47 +54,41 @@ public class AuditTrailServiceTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_No_Token() throws Exception {
public void testAuthenticationFailedNoToken() throws Exception {
service.authenticationFailed("_action", message);
for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed("_action", message);
}
}
@Test
public void testAuthenticationFailed_Rest_No_Token() throws Exception {
public void testAuthenticationFailedRestNoToken() throws Exception {
service.authenticationFailed(restRequest);
for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(restRequest);
}
}
@Test
public void testAuthenticationFailed_Rest() throws Exception {
public void testAuthenticationFailedRest() throws Exception {
service.authenticationFailed(token, restRequest);
for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(token, restRequest);
}
}
@Test
public void testAuthenticationFailed_Realm() throws Exception {
public void testAuthenticationFailedRealm() throws Exception {
service.authenticationFailed("_realm", token, "_action", message);
for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed("_realm", token, "_action", message);
}
}
@Test
public void testAuthenticationFailed_Rest_Realm() throws Exception {
public void testAuthenticationFailedRestRealm() throws Exception {
service.authenticationFailed("_realm", token, restRequest);
for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed("_realm", token, restRequest);
}
}
@Test
public void testAnonymousAccess() throws Exception {
service.anonymousAccessDenied("_action", message);
for (AuditTrail auditTrail : auditTrails) {
@ -105,7 +96,6 @@ public class AuditTrailServiceTests extends ESTestCase {
}
}
@Test
public void testAccessGranted() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
service.accessGranted(user, "_action", message);
@ -114,7 +104,6 @@ public class AuditTrailServiceTests extends ESTestCase {
}
}
@Test
public void testAccessDenied() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
service.accessDenied(user, "_action", message);
@ -123,7 +112,6 @@ public class AuditTrailServiceTests extends ESTestCase {
}
}
@Test
public void testConnectionGranted() throws Exception {
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = randomBoolean() ? ShieldIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
@ -133,7 +121,6 @@ public class AuditTrailServiceTests extends ESTestCase {
}
}
@Test
public void testConnectionDenied() throws Exception {
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");

9
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditLevelTests.java
View File

@ -6,16 +6,14 @@
package org.elasticsearch.shield.audit.index;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.util.EnumSet;
import java.util.Locale;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
public class IndexAuditLevelTests extends ESTestCase {
@Test
public void testAllIndexAuditLevel() {
EnumSet<IndexAuditLevel> enumSet = IndexAuditLevel.parse(new String[] { "_all" });
IndexAuditLevel[] levels = IndexAuditLevel.values();
@ -25,13 +23,11 @@ public class IndexAuditLevelTests extends ESTestCase {
}
}
@Test
public void testExcludeHasPreference() {
EnumSet<IndexAuditLevel> enumSet = IndexAuditLevel.parse(new String[] { "_all" }, new String[] { "_all" });
assertThat(enumSet.size(), is(0));
}
@Test
public void testExcludeHasPreferenceSingle() {
String excluded = randomFrom(IndexAuditLevel.values()).toString().toLowerCase(Locale.ROOT);
EnumSet<IndexAuditLevel> enumSet = IndexAuditLevel.parse(new String[] { "_all" }, new String[] { excluded });
@ -39,5 +35,4 @@ public class IndexAuditLevelTests extends ESTestCase {
expected.remove(IndexAuditLevel.valueOf(excluded.toUpperCase(Locale.ROOT)));
assertThat(enumSet, equalTo(expected));
}
}

4
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java
View File

@ -16,7 +16,6 @@ import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.Test;
import java.util.Collections;
import java.util.Set;
@ -25,7 +24,6 @@ import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.TEST, randomDynamicTemplates = false)
public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
IndexNameResolver.Rollover rollover = randomFrom(IndexNameResolver.Rollover.values());
@Override
@ -55,7 +53,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
// after the test has completed
}
@Test
public void testAuditTrailIndexAndTemplateExists() throws Exception {
awaitIndexTemplateCreation();
@ -63,7 +60,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
awaitIndexCreation();
}
@Test
public void testAuditTrailTemplateIsRecreatedAfterDelete() throws Exception {
// this is already "tested" by the test framework since we wipe the templates before and after, but lets be explicit about the behavior
awaitIndexTemplateCreation();

203
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -45,7 +45,6 @@ import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.format.ISODateTimeFormat;
import org.junit.After;
import org.junit.Test;
import java.io.IOException;
import java.net.InetAddress;
@ -78,7 +77,6 @@ import static org.mockito.Mockito.when;
*/
@ESIntegTestCase.ClusterScope(scope = SUITE, numDataNodes = 1)
public class IndexAuditTrailTests extends ShieldIntegTestCase {
public static final String SECOND_CLUSTER_NODE_PREFIX = "remote_" + SUITE_CLUSTER_NODE_PREFIX;
private static final IndexAuditUserHolder user = new IndexAuditUserHolder();
@ -227,9 +225,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
}
}
@Test
public void testAnonymousAccessDenied_Transport() throws Exception {
public void testAnonymousAccessDeniedTransport() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.anonymousAccessDenied("_action", message);
@ -253,17 +249,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testAnonymousAccessDenied_Transport_Muted() throws Exception {
public void testAnonymousAccessDeniedTransportMuted() throws Exception {
initialize("anonymous_access_denied");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.anonymousAccessDenied("_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAnonymousAccessDenied_Rest() throws Exception {
public void testAnonymousAccessDeniedRest() throws Exception {
initialize();
RestRequest request = mockRestRequest();
auditor.anonymousAccessDenied(request);
@ -278,17 +276,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@Test(expected = IndexNotFoundException.class)
public void testAnonymousAccessDenied_Rest_Muted() throws Exception {
public void testAnonymousAccessDeniedRestMuted() throws Exception {
initialize("anonymous_access_denied");
RestRequest request = mockRestRequest();
auditor.anonymousAccessDenied(request);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAuthenticationFailed_Transport() throws Exception {
public void testAuthenticationFailedTransport() throws Exception {
initialize();
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
auditor.authenticationFailed(new MockToken(), "_action", message);
@ -310,8 +310,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test
public void testAuthenticationFailed_Transport_NoToken() throws Exception {
public void testAuthenticationFailedTransportNoToken() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_action", message);
@ -337,25 +336,31 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Transport_Muted() throws Exception {
initialize("authentication_failed");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed(new MockToken(), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Transport_NoToken_Muted() throws Exception {
public void testAuthenticationFailedTransportNoTokenMuted() throws Exception {
initialize("authentication_failed");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAuthenticationFailed_Rest() throws Exception {
public void testAuthenticationFailedRest() throws Exception {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed(new MockToken(), request);
@ -371,8 +376,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@Test
public void testAuthenticationFailed_Rest_NoToken() throws Exception {
public void testAuthenticationFailedRestNoToken() throws Exception {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed(request);
@ -388,25 +392,31 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Rest_Muted() throws Exception {
public void testAuthenticationFailedRestMuted() throws Exception {
initialize("authentication_failed");
RestRequest request = mockRestRequest();
auditor.authenticationFailed(new MockToken(), request);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Rest_NoToken_Muted() throws Exception {
public void testAuthenticationFailedRestNoTokenMuted() throws Exception {
initialize("authentication_failed");
RestRequest request = mockRestRequest();
auditor.authenticationFailed(request);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAuthenticationFailed_Transport_Realm() throws Exception {
public void testAuthenticationFailedTransportRealm() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_realm", new MockToken(), "_action", message);
@ -433,17 +443,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Transport_Realm_Muted() throws Exception {
public void testAuthenticationFailedTransportRealmMuted() throws Exception {
initialize("authentication_failed");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_realm", new MockToken(), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAuthenticationFailed_Rest_Realm() throws Exception {
public void testAuthenticationFailedRestRealm() throws Exception {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed("_realm", new MockToken(), request);
@ -459,17 +471,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@Test(expected = IndexNotFoundException.class)
public void testAuthenticationFailed_Rest_Realm_Muted() throws Exception {
public void testAuthenticationFailedRestRealmMuted() throws Exception {
initialize("authentication_failed");
RestRequest request = mockRestRequest();
auditor.authenticationFailed("_realm", new MockToken(), request);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAccessGranted() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
final boolean runAs = randomBoolean();
@ -499,15 +513,18 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testAccessGranted_Muted() throws Exception {
public void testAccessGrantedMuted() throws Exception {
initialize("access_granted");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.accessGranted(new User.Simple("_username", new String[]{"r1"}), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testSystemAccessGranted() throws Exception {
initialize(new String[] { "system_access_granted" }, null);
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
@ -522,18 +539,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testSystemAccessGranted_Muted() throws Exception {
public void testSystemAccessGrantedMuted() throws Exception {
initialize();
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
auditor.accessGranted(User.SYSTEM, "internal:_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
awaitIndexCreation(resolveIndexName());
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testAccessDenied() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
final boolean runAs = randomBoolean();
@ -563,15 +581,18 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testAccessDenied_Muted() throws Exception {
initialize("access_denied");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.accessDenied(new User.Simple("_username", new String[]{"r1"}), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testTamperedRequest() throws Exception {
initialize();
TransportRequest message = new RemoteHostMockTransportRequest();
@ -587,9 +608,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test
public void testTamperedRequestWithUser() throws Exception {
initialize();
TransportRequest message = new RemoteHostMockTransportRequest();
final boolean runAs = randomBoolean();
@ -616,8 +635,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testTamperedRequest_Muted() throws Exception {
public void testTamperedRequestMuted() throws Exception {
initialize("tampered_request");
TransportRequest message = new RemoteHostMockTransportRequest();
if (randomBoolean()) {
@ -625,12 +643,15 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
} else {
auditor.tamperedRequest("_action", message);
}
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testConnectionGranted() throws Exception {
initialize();
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
@ -644,18 +665,20 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals("default", hit.field("transport_profile").getValue());
}
@Test(expected = IndexNotFoundException.class)
public void testConnectionGranted_Muted() throws Exception {
public void testConnectionGrantedMuted() throws Exception {
initialize("connection_granted");
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
auditor.connectionGranted(inetAddress, "default", rule);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testConnectionDenied() throws Exception {
initialize();
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
@ -669,16 +692,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals("default", hit.field("transport_profile").getValue());
}
@Test(expected = IndexNotFoundException.class)
public void testConnectionDenied_Muted() throws Exception {
public void testConnectionDeniedMuted() throws Exception {
initialize("connection_denied");
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
auditor.connectionDenied(inetAddress, "default", rule);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testRunAsGranted() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
@ -695,15 +721,18 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testRunAsGranted_Muted() throws Exception {
public void testRunAsGrantedMuted() throws Exception {
initialize("run_as_granted");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.runAsGranted(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
@Test
public void testRunAsDenied() throws Exception {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
@ -720,12 +749,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@Test(expected = IndexNotFoundException.class)
public void testRunAsDenied_Muted() throws Exception {
public void testRunAsDeniedMuted() throws Exception {
initialize("run_as_denied");
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.runAsDenied(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message);
getClient().prepareExists(resolveIndexName()).execute().actionGet();
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
private void assertAuditMessage(SearchHit hit, String layer, String type) {

10
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java
View File

@ -14,17 +14,19 @@ import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.test.*;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.rest.FakeRestRequest;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.util.Locale;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Mockito.mock;
@ -34,7 +36,6 @@ import static org.mockito.Mockito.when;
* This test checks to make sure that the index audit trail actually updates the mappings on startups
*/
public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase {
private ThreadPool threadPool;
@Before
@ -42,7 +43,6 @@ public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase {
threadPool = new ThreadPool("index audit trail update mapping tests");
}
@Test
public void testMappingIsUpdated() throws Exception {
// Setup
IndexNameResolver.Rollover rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY);

8
shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java
View File

@ -16,10 +16,13 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.util.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
@ -132,7 +135,6 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
}
}
@Test
public void testThatRemoteAuditInstancesAreStarted() throws Exception {
Iterable<IndexAuditTrail> auditTrails = remoteCluster.getInstances(IndexAuditTrail.class);
for (final IndexAuditTrail auditTrail : auditTrails) {

48
shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
View File

@ -11,9 +11,14 @@ import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.*;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.logfile.CapturingLogger.Level;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.rest.RemoteHostHeader;
import org.elasticsearch.shield.transport.filter.IPFilter;
@ -22,7 +27,6 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.net.InetAddress;
@ -30,7 +34,6 @@ import java.net.InetSocketAddress;
import java.util.List;
import java.util.Locale;
import static org.elasticsearch.shield.audit.logfile.CapturingLogger.Level;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.mock;
@ -40,9 +43,7 @@ import static org.mockito.Mockito.when;
*
*/
public class LoggingAuditTrailTests extends ESTestCase {
private static enum RestContent {
VALID() {
@Override
protected boolean hasContent() {
@ -113,8 +114,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
prefix = LoggingAuditTrail.resolvePrefix(settings, transport);
}
@Test
public void testAnonymousAccessDenied_Transport() throws Exception {
public void testAnonymousAccessDeniedTransport() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger);
@ -144,8 +144,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAnonymousAccessDenied_Rest() throws Exception {
public void testAnonymousAccessDeniedRest() throws Exception {
RestRequest request = mock(RestRequest.class);
InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1");
when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200));
@ -171,7 +170,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -200,8 +198,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_NoToken() throws Exception {
public void testAuthenticationFailedNoToken() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger);
@ -229,8 +226,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_Rest() throws Exception {
public void testAuthenticationFailedRest() throws Exception {
for (Level level : Level.values()) {
RestRequest request = mock(RestRequest.class);
InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1");
@ -253,8 +249,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_Rest_NoToken() throws Exception {
public void testAuthenticationFailedRestNoToken() throws Exception {
for (Level level : Level.values()) {
RestRequest request = mock(RestRequest.class);
InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1");
@ -277,8 +272,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_Realm() throws Exception {
public void testAuthenticationFailedRealm() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger);
@ -302,8 +296,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAuthenticationFailed_Realm_Rest() throws Exception {
public void testAuthenticationFailedRealmRest() throws Exception {
for (Level level : Level.values()) {
RestRequest request = mock(RestRequest.class);
InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1");
@ -326,7 +319,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAccessGranted() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -365,8 +357,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAccessGranted_InternalSystemAction() throws Exception {
public void testAccessGrantedInternalSystemAction() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger);
@ -390,8 +381,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAccessGranted_InternalSystemAction_NonSystemUser() throws Exception {
public void testAccessGrantedInternalSystemActionNonSystemUser() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger);
@ -429,7 +419,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testAccessDenied() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -466,7 +455,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testTamperedRequest() throws Exception {
String action = "_action";
TransportMessage message = randomBoolean() ? new MockMessage() : new MockIndicesRequest();
@ -496,7 +484,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testTamperedRequestWithUser() throws Exception {
String action = "_action";
TransportMessage message = randomBoolean() ? new MockMessage() : new MockIndicesRequest();
@ -534,7 +521,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testConnectionDenied() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -555,7 +541,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testConnectionGranted() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -578,7 +563,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testRunAsGranted() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -602,7 +586,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testRunAsDenied() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
@ -626,7 +609,6 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
}
@Test
public void testOriginAttributes() throws Exception {
MockMessage message = new MockMessage();
String text = LoggingAuditTrail.originAttributes(message, transport);;

13
shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserHolderTests.java
View File

@ -10,15 +10,16 @@ import org.elasticsearch.common.io.stream.BytesStreamOutput;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.nio.ByteBuffer;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
public class AnonymousUserHolderTests extends ESTestCase {
@Test
public void testResolveAnonymousUser() throws Exception {
Settings settings = Settings.builder()
.put("shield.authc.anonymous.username", "anonym1")
@ -38,7 +39,6 @@ public class AnonymousUserHolderTests extends ESTestCase {
assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3"));
}
@Test
public void testResolveAnonymousUser_NoSettings() throws Exception {
Settings settings = randomBoolean() ?
Settings.EMPTY :
@ -47,7 +47,6 @@ public class AnonymousUserHolderTests extends ESTestCase {
assertThat(user, nullValue());
}
@Test
public void testWhenAnonymousDisabled() {
AnonymousService anonymousService = new AnonymousService(Settings.EMPTY);
assertThat(anonymousService.enabled(), is(false));
@ -56,7 +55,6 @@ public class AnonymousUserHolderTests extends ESTestCase {
assertThat(anonymousService.authorizationExceptionsEnabled(), is(true));
}
@Test
public void testWhenAnonymousEnabled() throws Exception {
Settings settings = Settings.builder()
.putArray("shield.authc.anonymous.roles", "r1", "r2", "r3")
@ -74,7 +72,6 @@ public class AnonymousUserHolderTests extends ESTestCase {
assertThat(anonymousService.isAnonymous(anonymousSerialized), is(true));
}
@Test
public void testDisablingAuthorizationExceptions() {
Settings settings = Settings.builder()
.putArray("shield.authc.anonymous.roles", "r1", "r2", "r3")

9
shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java
View File

@ -16,16 +16,18 @@ import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Test;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Locale;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
public class AnonymousUserTests extends ShieldIntegTestCase {
private boolean authorizationExceptionsEnabled = randomBoolean();
@Override
@ -51,7 +53,6 @@ public class AnonymousUserTests extends ShieldIntegTestCase {
" '*': READ";
}
@Test
public void testAnonymousViaHttp() throws Exception {
try (CloseableHttpClient client = HttpClients.createDefault();
CloseableHttpResponse response = client.execute(new HttpGet(getNodeUrl() + "_nodes"))) {

13
shield/src/test/java/org/elasticsearch/shield/authc/AuthenticationModuleTests.java
View File

@ -23,16 +23,15 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPoolModule;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.notNullValue;
/**
* Unit tests for the AuthenticationModule
*/
public class AuthenticationModuleTests extends ESTestCase {
@Test
public void testAddingReservedRealmType() {
Settings settings = Settings.EMPTY;
AuthenticationModule module = new AuthenticationModule(settings);
@ -45,7 +44,6 @@ public class AuthenticationModuleTests extends ESTestCase {
}
}
@Test
public void testAddingNullOrEmptyType() {
Settings settings = Settings.EMPTY;
AuthenticationModule module = new AuthenticationModule(settings);
@ -58,7 +56,6 @@ public class AuthenticationModuleTests extends ESTestCase {
}
}
@Test
public void testAddingNullFactory() {
Settings settings = Settings.EMPTY;
AuthenticationModule module = new AuthenticationModule(settings);
@ -70,7 +67,6 @@ public class AuthenticationModuleTests extends ESTestCase {
}
}
@Test
public void testRegisteringCustomRealm() {
Settings settings = Settings.builder()
.put("name", "foo")
@ -92,7 +88,6 @@ public class AuthenticationModuleTests extends ESTestCase {
}
}
@Test
public void testDefaultFailureHandler() {
Settings settings = Settings.builder()
.put("name", "foo")
@ -120,7 +115,6 @@ public class AuthenticationModuleTests extends ESTestCase {
}
}
@Test
public void testSettingFailureHandler() {
Settings settings = Settings.builder()
.put("name", "foo")
@ -147,7 +141,6 @@ public class AuthenticationModuleTests extends ESTestCase {
// this class must be public for injection...
public static class NoOpFailureHandler implements AuthenticationFailureHandler {
@Override
public ElasticsearchSecurityException unsuccessfulAuthentication(RestRequest request, AuthenticationToken token) {
return null;

121
shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
View File

@ -24,7 +24,6 @@ import org.elasticsearch.test.rest.FakeRestRequest;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import java.util.Arrays;
@ -32,8 +31,23 @@ import java.util.Collections;
import static org.elasticsearch.shield.support.Exceptions.authenticationError;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.*;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.sameInstance;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
/**
@ -84,8 +98,8 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
service = new InternalAuthenticationService(Settings.EMPTY, realms, auditTrail, cryptoService, anonymousService, new DefaultAuthenticationFailureHandler());
}
@Test @SuppressWarnings("unchecked")
public void testToken_FirstMissing_SecondFound() throws Exception {
@SuppressWarnings("unchecked")
public void testTokenFirstMissingSecondFound() throws Exception {
when(firstRealm.token(message)).thenReturn(null);
when(secondRealm.token(message)).thenReturn(token);
@ -95,16 +109,14 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
verifyZeroInteractions(auditTrail);
}
@Test
public void testToken_Missing() throws Exception {
public void testTokenMissing() throws Exception {
AuthenticationToken token = service.token("_action", message);
assertThat(token, nullValue());
verifyNoMoreInteractions(auditTrail);
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_KEY), nullValue());
}
@Test @SuppressWarnings("unchecked")
public void testToken_Cached() throws Exception {
public void testTokenCached() throws Exception {
message.putInContext(InternalAuthenticationService.TOKEN_KEY, token);
AuthenticationToken result = service.token("_action", message);
assertThat(result, notNullValue());
@ -116,8 +128,8 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_KEY), is((Object) token));
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_BothSupport_SecondSucceeds() throws Exception {
@SuppressWarnings("unchecked")
public void testAuthenticateBothSupportSecondSucceeds() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
when(firstRealm.supports(token)).thenReturn(true);
when(firstRealm.authenticate(token)).thenReturn(null); // first fails
@ -138,8 +150,8 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_encoded_user"));
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_FirstNotSupporting_SecondSucceeds() throws Exception {
@SuppressWarnings("unchecked")
public void testAuthenticateFirstNotSupportingSecondSucceeds() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
when(firstRealm.supports(token)).thenReturn(false);
when(secondRealm.supports(token)).thenReturn(true);
@ -160,8 +172,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_encoded_user"));
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_Cached() throws Exception {
public void testAuthenticateCached() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
message.putInContext(InternalAuthenticationService.USER_KEY, user);
User result = service.authenticate("_action", message, null);
@ -175,8 +186,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), is((Object) user));
}
@Test
public void testAuthenticate_nonExistentRestRequestUserThrowsAuthenticationException() throws Exception {
public void testAuthenticateNonExistentRestRequestUserThrowsAuthenticationException() throws Exception {
when(firstRealm.token(restRequest)).thenReturn(new UsernamePasswordToken("idonotexist", new SecuredString("passwd".toCharArray())));
try {
service.authenticate(restRequest);
@ -186,8 +196,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testToken_Rest_Exists() throws Exception {
public void testTokenRestExists() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
when(firstRealm.token(restRequest)).thenReturn(null);
when(secondRealm.token(restRequest)).thenReturn(token);
@ -196,15 +205,13 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(restRequest.getFromContext(InternalAuthenticationService.TOKEN_KEY), equalTo((Object) token));
}
@Test
public void testToken_Rest_Missing() throws Exception {
public void testTokenRestMissing() throws Exception {
when(firstRealm.token(restRequest)).thenReturn(null);
when(secondRealm.token(restRequest)).thenReturn(null);
AuthenticationToken token = service.token(restRequest);
assertThat(token, nullValue());
}
@Test
public void testEncodeDecodeUser() throws Exception {
User user = new User.Simple("username", new String[] { "r1", "r2", "r3" });
String text = InternalAuthenticationService.encodeUser(user, null);
@ -216,7 +223,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(User.SYSTEM, sameInstance(user2));
}
@Test
public void testUserHeader() throws Exception {
User user = new User.Simple("_username", new String[] { "r1" });
when(firstRealm.token(message)).thenReturn(token);
@ -233,8 +239,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(userStr, equalTo("_signed_user"));
}
@Test
public void testAuthenticate_Transport_Anonymous() throws Exception {
public void testAuthenticateTransportAnonymous() throws Exception {
when(firstRealm.token(message)).thenReturn(null);
when(secondRealm.token(message)).thenReturn(null);
try {
@ -247,8 +252,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
verify(auditTrail).anonymousAccessDenied("_action", message);
}
@Test
public void testAuthenticate_Rest_Anonymous() throws Exception {
public void testAuthenticateRestAnonymous() throws Exception {
when(firstRealm.token(restRequest)).thenReturn(null);
when(secondRealm.token(restRequest)).thenReturn(null);
try {
@ -261,8 +265,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
verify(auditTrail).anonymousAccessDenied(restRequest);
}
@Test
public void testAuthenticate_Transport_Fallback() throws Exception {
public void testAuthenticateTransportFallback() throws Exception {
when(firstRealm.token(message)).thenReturn(null);
when(secondRealm.token(message)).thenReturn(null);
User.Simple user1 = new User.Simple("username", new String[] { "r1", "r2" });
@ -273,8 +276,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
}
@Test
public void testAuthenticate_Transport_Success_NoFallback() throws Exception {
public void testAuthenticateTransportSuccessNoFallback() throws Exception {
User.Simple user1 = new User.Simple("username", new String[] { "r1", "r2" });
when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true);
@ -286,8 +288,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
}
@Test
public void testAuthenticate_Transport_Success_WithFallback() throws Exception {
public void testAuthenticateTransportSuccessWithFallback() throws Exception {
User.Simple user1 = new User.Simple("username", new String[] { "r1", "r2" });
when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true);
@ -299,8 +300,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
}
@Test
public void testAuthenticate_Rest_Success() throws Exception {
public void testAuthenticateRestSuccess() throws Exception {
User.Simple user1 = new User.Simple("username", new String[] { "r1", "r2" });
when(firstRealm.token(restRequest)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true);
@ -310,8 +310,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(restRequest.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
}
@Test
public void testAutheticate_Transport_ContextAndHeader() throws Exception {
public void testAutheticateTransportContextAndHeader() throws Exception {
User user1 = new User.Simple("username", new String[] { "r1", "r2" });
when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true);
@ -345,8 +344,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
verifyZeroInteractions(firstRealm);
}
@Test
public void testAutheticate_Transport_ContextAndHeader_NoSigning() throws Exception {
public void testAutheticateTransportContextAndHeaderNoSigning() throws Exception {
Settings settings = Settings.builder().put(InternalAuthenticationService.SETTING_SIGN_USER_HEADER, false).build();
service = new InternalAuthenticationService(settings, realms, auditTrail, cryptoService, anonymousService, new DefaultAuthenticationFailureHandler());
@ -383,7 +381,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
verifyZeroInteractions(cryptoService);
}
@Test
public void testAuthenticateTamperedUser() throws Exception {
InternalMessage message = new InternalMessage();
message.putHeader(InternalAuthenticationService.USER_KEY, "_signed_user");
@ -398,8 +395,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testAttachIfMissing_Missing() throws Exception {
public void testAttachIfMissingMissing() throws Exception {
User user = new User.Simple("username", new String[] { "r1", "r2" });
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue());
@ -418,8 +414,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
}
@Test
public void testAttachIfMissing_Exists() throws Exception {
public void testAttachIfMissingExists() throws Exception {
User user = new User.Simple("username", new String[] { "r1", "r2" });
message.putInContext(InternalAuthenticationService.USER_KEY, user);
message.putHeader(InternalAuthenticationService.USER_KEY, "_signed_user");
@ -428,8 +423,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
}
@Test
public void testAnonymousUser_Rest() throws Exception {
public void testAnonymousUserRest() throws Exception {
String username = randomBoolean() ? AnonymousService.ANONYMOUS_USERNAME : "user1";
Settings.Builder builder = Settings.builder()
.putArray("shield.authc.anonymous.roles", "r1", "r2", "r3");
@ -450,8 +444,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3"));
}
@Test
public void testAnonymousUser_Transport_NoDefaultUser() throws Exception {
public void testAnonymousUserTransportNoDefaultUser() throws Exception {
Settings settings = Settings.builder()
.putArray("shield.authc.anonymous.roles", "r1", "r2", "r3")
.build();
@ -465,8 +458,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(user.roles(), arrayContainingInAnyOrder("r1", "r2", "r3"));
}
@Test
public void testAnonymousUser_Transport_WithDefaultUser() throws Exception {
public void testAnonymousUserTransportWithDefaultUser() throws Exception {
Settings settings = Settings.builder()
.putArray("shield.authc.anonymous.roles", "r1", "r2", "r3")
.build();
@ -479,7 +471,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(user, sameInstance(User.SYSTEM));
}
@Test
public void testRealmTokenThrowingException() throws Exception {
when(firstRealm.token(message)).thenThrow(authenticationError("realm doesn't like tokens"));
try {
@ -491,8 +482,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmTokenThrowingException_Rest() throws Exception {
public void testRealmTokenThrowingExceptionRest() throws Exception {
when(firstRealm.token(restRequest)).thenThrow(authenticationError("realm doesn't like tokens"));
try {
service.authenticate(restRequest);
@ -503,7 +493,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmSupportsMethodThrowingException() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
when(secondRealm.token(message)).thenReturn(token);
@ -517,8 +506,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmSupportsMethodThrowingException_Rest() throws Exception {
public void testRealmSupportsMethodThrowingExceptionRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
when(secondRealm.token(restRequest)).thenReturn(token);
when(secondRealm.supports(token)).thenThrow(authenticationError("realm doesn't like supports"));
@ -531,7 +519,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmAuthenticateThrowingException() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
when(secondRealm.token(message)).thenReturn(token);
@ -546,8 +533,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmAuthenticateThrowingException_Rest() throws Exception {
public void testRealmAuthenticateThrowingExceptionRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
when(secondRealm.token(restRequest)).thenReturn(token);
when(secondRealm.supports(token)).thenReturn(true);
@ -561,7 +547,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmLookupThrowingException() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
message.putHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as");
@ -580,8 +565,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRealmLookupThrowingException_Rest() throws Exception {
public void testRealmLookupThrowingExceptionRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
restRequest = new FakeRestRequest(Collections.singletonMap(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as"), Collections.<String, String>emptyMap());
when(secondRealm.token(restRequest)).thenReturn(token);
@ -599,7 +583,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsLookupSameRealm() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
message.putHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as");
@ -620,8 +603,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), sameInstance((Object) authenticated));
}
@Test
public void testRunAsLookupSameRealm_Rest() throws Exception {
public void testRunAsLookupSameRealmRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
restRequest = new FakeRestRequest(Collections.singletonMap(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as"), Collections.<String, String>emptyMap());
when(secondRealm.token(restRequest)).thenReturn(token);
@ -641,7 +623,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(restRequest.getContext().get(InternalAuthenticationService.USER_KEY), sameInstance((Object) authenticated));
}
@Test
public void testRunAsLookupDifferentRealm() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
message.putHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as");
@ -663,8 +644,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), sameInstance((Object) authenticated));
}
@Test
public void testRunAsLookupDifferentRealm_Rest() throws Exception {
public void testRunAsLookupDifferentRealmRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
restRequest = new FakeRestRequest(Collections.singletonMap(InternalAuthenticationService.RUN_AS_USER_HEADER, "run_as"), Collections.<String, String>emptyMap());
when(secondRealm.token(restRequest)).thenReturn(token);
@ -684,8 +664,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
assertThat(restRequest.getContext().get(InternalAuthenticationService.USER_KEY), sameInstance((Object) authenticated));
}
@Test
public void testRunAsWithEmptyRunAsUsername_Rest() throws Exception {
public void testRunAsWithEmptyRunAsUsernameRest() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
restRequest = new FakeRestRequest(Collections.singletonMap(InternalAuthenticationService.RUN_AS_USER_HEADER, ""), Collections.<String, String>emptyMap());
when(secondRealm.token(restRequest)).thenReturn(token);
@ -702,7 +681,6 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsWithEmptyRunAsUsername() throws Exception {
AuthenticationToken token = mock(AuthenticationToken.class);
message.putHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "");
@ -722,5 +700,4 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
private static class InternalMessage extends TransportMessage<InternalMessage> {
}
}

30
shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java
View File

@ -16,11 +16,19 @@ import org.elasticsearch.shield.license.ShieldLicenseState;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import org.junit.Test;
import java.util.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@ -28,7 +36,6 @@ import static org.mockito.Mockito.when;
*
*/
public class RealmsTests extends ESTestCase {
private Map<String, Realm.Factory> factories;
private ShieldSettingsFilter settingsFilter;
private ShieldLicenseState shieldLicenseState;
@ -46,7 +53,6 @@ public class RealmsTests extends ESTestCase {
when(shieldLicenseState.customRealmsEnabled()).thenReturn(true);
}
@Test
public void testWithSettings() throws Exception {
Settings.Builder builder = Settings.builder()
.put("path.home", createTempDir());
@ -75,8 +81,7 @@ public class RealmsTests extends ESTestCase {
}
}
@Test(expected = IllegalArgumentException.class)
public void testWithSettings_WithMultipleInternalRealmsOfSameType() throws Exception {
public void testWithSettingsWithMultipleInternalRealmsOfSameType() throws Exception {
Settings settings = Settings.builder()
.put("shield.authc.realms.realm_1.type", ESUsersRealm.TYPE)
.put("shield.authc.realms.realm_1.order", 0)
@ -85,10 +90,14 @@ public class RealmsTests extends ESTestCase {
.put("path.home", createTempDir())
.build();
Environment env = new Environment(settings);
new Realms(settings, env, factories, settingsFilter, shieldLicenseState).start();
try {
new Realms(settings, env, factories, settingsFilter, shieldLicenseState).start();
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("multiple [esusers] realms are configured"));
}
}
@Test
public void testWithEmptySettings() throws Exception {
Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()),
factories, settingsFilter, shieldLicenseState);
@ -102,7 +111,6 @@ public class RealmsTests extends ESTestCase {
assertThat(iter.hasNext(), is(false));
}
@Test
public void testUnlicensedWithOnlyCustomRealms() throws Exception {
Settings.Builder builder = Settings.builder()
.put("path.home", createTempDir());
@ -140,7 +148,6 @@ public class RealmsTests extends ESTestCase {
assertThat(i, is(1));
}
@Test
public void testUnlicensedWithInternalRealms() throws Exception {
factories.put(LdapRealm.TYPE, new DummyRealm.Factory(LdapRealm.TYPE, false));
assertThat(factories.get("type_0"), notNullValue());
@ -172,7 +179,6 @@ public class RealmsTests extends ESTestCase {
assertThat(i, is(1));
}
@Test
public void testDisabledRealmsAreNotAdded() throws Exception {
Settings.Builder builder = Settings.builder()
.put("path.home", createTempDir());

11
shield/src/test/java/org/elasticsearch/shield/authc/RunAsIntegTests.java
View File

@ -20,15 +20,14 @@ import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
/**
*
*/
public class RunAsIntegTests extends ShieldIntegTestCase {
static final String RUN_AS_USER = "run_as_user";
static final String TRANSPORT_CLIENT_USER = "transport_user";
static final String ROLES =
@ -69,7 +68,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
+ "transport_client:" + TRANSPORT_CLIENT_USER;
}
@Test
public void testUserImpersonation() throws Exception {
try (TransportClient client = getTransportClient(Settings.builder().put("shield.user", TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
//ensure the client can connect
@ -102,7 +100,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
}
}
@Test
public void testUserImpersonationUsingHttp() throws Exception {
// use the transport client user and try to run as
HttpResponse response = httpClient().method("GET")
@ -128,7 +125,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
assertThat(response.getStatusCode(), is(200));
}
@Test
public void testEmptyUserImpersonationHeader() throws Exception {
try (TransportClient client = getTransportClient(Settings.builder().put("shield.user", TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
//ensure the client can connect
@ -147,7 +143,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
}
}
@Test
public void testEmptyHeaderUsingHttp() throws Exception {
HttpResponse response = httpClient().method("GET")
.path("/_nodes")
@ -157,7 +152,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
assertThat(response.getStatusCode(), is(401));
}
@Test
public void testNonExistentRunAsUser() throws Exception {
try (TransportClient client = getTransportClient(Settings.builder().put("shield.user", TRANSPORT_CLIENT_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD).build())) {
//ensure the client can connect
@ -176,7 +170,6 @@ public class RunAsIntegTests extends ShieldIntegTestCase {
}
}
@Test
public void testNonExistentRunAsUserUsingHttp() throws Exception {
HttpResponse response = httpClient().method("GET")
.path("/_nodes")

14
shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java
View File

@ -9,6 +9,7 @@ import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment;
@ -20,20 +21,22 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.nio.file.Path;
import java.util.List;
import java.util.regex.Pattern;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
@Network
public class ActiveDirectoryGroupsResolverTests extends ESTestCase {
public static final String BRUCE_BANNER_DN = "cn=Bruce Banner,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
private LDAPConnection ldapConnection;
@Override
@Before
public void setUp() throws Exception {
super.setUp();
@ -55,13 +58,13 @@ public class ActiveDirectoryGroupsResolverTests extends ESTestCase {
ldapConnection = new LDAPConnection(clientSSLService.sslSocketFactory(), options, ldapurl.getHost(), ldapurl.getPort(), BRUCE_BANNER_DN, ActiveDirectorySessionFactoryTests.PASSWORD);
}
@Override
@After
public void tearDown() throws Exception {
super.tearDown();
ldapConnection.close();
}
@Test
public void testResolveSubTree() throws Exception {
Settings settings = Settings.builder()
.put("scope", LdapSearchScope.SUB_TREE)
@ -78,7 +81,6 @@ public class ActiveDirectoryGroupsResolverTests extends ESTestCase {
containsString("Supers")));
}
@Test
public void testResolveOneLevel() throws Exception {
Settings settings = Settings.builder()
.put("scope", LdapSearchScope.ONE_LEVEL)
@ -89,7 +91,6 @@ public class ActiveDirectoryGroupsResolverTests extends ESTestCase {
assertThat(groups, hasItem(containsString("Users")));
}
@Test
public void testResolveBaseLevel() throws Exception {
Settings settings = Settings.builder()
.put("scope", LdapSearchScope.BASE)
@ -100,7 +101,6 @@ public class ActiveDirectoryGroupsResolverTests extends ESTestCase {
assertThat(groups, hasItem(containsString("CN=Users,CN=Builtin")));
}
@Test
public void testBuildGroupQuery() throws Exception {
//test a user with no assigned groups, other than the default groups
{

27
shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java
View File

@ -11,23 +11,34 @@ import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.schema.Schema;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.*;
import org.elasticsearch.shield.authc.support.CachingUsernamePasswordRealm;
import org.elasticsearch.shield.authc.support.DnRoleMapper;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.URLS_SETTING;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
/**
* Active Directory Realm tests that use the UnboundID In Memory Directory Server
@ -41,7 +52,6 @@ import static org.mockito.Mockito.*;
* additional bind DN with a password in the test setup since it really is not a DN in the ldif file
*/
public class ActiveDirectoryRealmTests extends ESTestCase {
private static final String PASSWORD = "password";
private InMemoryDirectoryServer directoryServer;
@ -76,7 +86,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
directoryServer.shutDown(true);
}
@Test
public void testAuthenticateUserPrincipleName() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateUserPrincipleName", settings, globalSettings);
@ -89,7 +98,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
assertThat(user.roles(), arrayContaining(containsString("Avengers")));
}
@Test
public void testAuthenticateSAMAccountName() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateSAMAccountName", settings, globalSettings);
@ -108,7 +116,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
return url.toString();
}
@Test
public void testAuthenticateCachesSuccesfulAuthentications() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateCachesSuccesfulAuthentications", settings, globalSettings);
@ -125,7 +132,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
verify(sessionFactory, times(1)).session(eq("CN=ironman"), any(SecuredString.class));
}
@Test
public void testAuthenticateCachingCanBeDisabled() throws Exception {
Settings settings = settings(Settings.builder().put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING, -1).build());
RealmConfig config = new RealmConfig("testAuthenticateCachingCanBeDisabled", settings, globalSettings);
@ -142,7 +148,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
verify(sessionFactory, times(count)).session(eq("CN=ironman"), any(SecuredString.class));
}
@Test
public void testAuthenticateCachingClearsCacheOnRoleMapperRefresh() throws Exception {
Settings settings = settings();
RealmConfig config = new RealmConfig("testAuthenticateCachingClearsCacheOnRoleMapperRefresh", settings, globalSettings);
@ -168,7 +173,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
verify(sessionFactory, times(2)).session(eq("CN=ironman"), any(SecuredString.class));
}
@Test
public void testRealmMapsGroupsToRoles() throws Exception {
Settings settings = settings(Settings.builder()
.put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml"))
@ -183,7 +187,6 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
assertThat(user.roles(), arrayContaining(equalTo("group_role")));
}
@Test
public void testRealmMapsUsersToRoles() throws Exception {
Settings settings = settings(Settings.builder()
.put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml"))

32
shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactoryTests.java
View File

@ -19,18 +19,19 @@ import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
@Network
public class ActiveDirectorySessionFactoryTests extends ESTestCase {
public static final String AD_LDAP_URL = "ldaps://54.213.145.20:636";
public static final String PASSWORD = "NickFuryHeartsES";
public static final String AD_DOMAIN = "ad.test.elasticsearch.com";
@ -56,7 +57,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testAdAuth() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings);
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, clientSSLService);
@ -77,7 +78,6 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test
@AwaitsFix(bugUrl = "https://github.com/elasticsearch/elasticsearch-shield/issues/499")
public void testTcpReadTimeout() throws Exception {
Settings settings = Settings.builder()
@ -98,8 +98,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test
public void testAdAuth_avengers() throws Exception {
public void testAdAuthAvengers() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings);
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, clientSSLService);
@ -111,7 +110,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testAuthenticate() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
@ -132,8 +131,8 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_baseUserSearch() throws Exception {
@SuppressWarnings("unchecked")
public void testAuthenticateBaseUserSearch() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Bruce Banner, CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.BASE, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, clientSSLService);
@ -153,8 +152,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
public void testAuthenticate_baseGroupSearch() throws Exception {
public void testAuthenticateBaseGroupSearch() throws Exception {
Settings settings = Settings.builder()
.put(buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.ONE_LEVEL, false))
.put(ActiveDirectorySessionFactory.AD_GROUP_SEARCH_BASEDN_SETTING, "CN=Avengers,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
@ -171,7 +169,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testAuthenticateWithUserPrincipalName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
@ -189,7 +187,6 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test
public void testAuthenticateWithSAMAccountName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings);
@ -208,7 +205,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testCustomUserFilter() throws Exception {
Settings settings = Settings.builder()
.put(buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", LdapSearchScope.SUB_TREE, false))
@ -228,7 +225,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testStandardLdapConnection() throws Exception {
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
@ -248,7 +245,7 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testStandardLdapWithAttributeGroups() throws Exception {
String userTemplate = "CN={0},CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
Settings settings = LdapTestCase.buildLdapSettings(AD_LDAP_URL, userTemplate, false);
@ -267,7 +264,6 @@ public class ActiveDirectorySessionFactoryTests extends ESTestCase {
}
}
@Test
public void testAdAuthWithHostnameVerification() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, true), globalSettings);
ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, clientSSLService);

17
shield/src/test/java/org/elasticsearch/shield/authc/esusers/ESUsersRealmTests.java
View File

@ -28,7 +28,6 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.Before;
import org.junit.Test;
import java.util.Locale;
@ -50,7 +49,6 @@ import static org.mockito.Mockito.when;
*
*/
public class ESUsersRealmTests extends ESTestCase {
private Client client;
private AdminClient adminClient;
private FileUserPasswdStore userPasswdStore;
@ -66,7 +64,6 @@ public class ESUsersRealmTests extends ESTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test
public void testAuthenticate() throws Exception {
when(userPasswdStore.verifyPassword("user1", SecuredStringTests.build("test123"))).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
@ -80,8 +77,7 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(user.roles(), arrayContaining("role1", "role2"));
}
@Test
public void testAuthenticate_Caching() throws Exception {
public void testAuthenticateCaching() throws Exception {
Settings settings = Settings.builder()
.put("cache.hash_algo", Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT))
.build();
@ -94,8 +90,7 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(user1, sameInstance(user2));
}
@Test
public void testAuthenticate_Caching_Refresh() throws Exception {
public void testAuthenticateCachingRefresh() throws Exception {
RealmConfig config = new RealmConfig("esusers-test", Settings.EMPTY, globalSettings);
userPasswdStore = spy(new UserPasswdStore(config));
userRolesStore = spy(new UserRolesStore(config));
@ -117,7 +112,6 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(user5, sameInstance(user6));
}
@Test
public void testToken() throws Exception {
RealmConfig config = new RealmConfig("esusers-test", Settings.EMPTY, globalSettings);
when(userPasswdStore.verifyPassword("user1", SecuredStringTests.build("test123"))).thenReturn(true);
@ -134,7 +128,6 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(new String(token.credentials().internalChars()), equalTo("test123"));
}
@Test
public void testLookup() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
@ -150,7 +143,6 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(user.roles(), arrayContaining("role1", "role2"));
}
@Test
public void testLookupCaching() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
@ -164,7 +156,6 @@ public class ESUsersRealmTests extends ESTestCase {
verify(userRolesStore).roles("user1");
}
@Test
public void testLookupCachingWithRefresh() throws Exception {
RealmConfig config = new RealmConfig("esusers-test", Settings.EMPTY, globalSettings);
userPasswdStore = spy(new UserPasswdStore(config));
@ -187,7 +178,7 @@ public class ESUsersRealmTests extends ESTestCase {
assertThat(user5, sameInstance(user6));
}
@Test @SuppressWarnings("unchecked")
@SuppressWarnings("unchecked")
public void testAuthorizationHeaderIsNotCopied() throws Exception {
RestController restController = mock(RestController.class);
RealmConfig config = new RealmConfig("esusers-test", Settings.EMPTY, globalSettings);
@ -221,14 +212,12 @@ public class ESUsersRealmTests extends ESTestCase {
}
static class UserPasswdStore extends FileUserPasswdStore {
public UserPasswdStore(RealmConfig config) {
super(config, mock(ResourceWatcherService.class));
}
}
static class UserRolesStore extends FileUserRolesStore {
public UserRolesStore(RealmConfig config) {
super(config, mock(ResourceWatcherService.class));
}

55
shield/src/test/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStoreTests.java
View File

@ -18,7 +18,6 @@ import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.io.BufferedWriter;
import java.nio.charset.StandardCharsets;
@ -26,19 +25,30 @@ import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
import java.util.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.contains;
import static org.mockito.Mockito.*;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Matchers.contains;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
/**
*
*/
public class FileUserRolesStoreTests extends ESTestCase {
private Settings settings;
private Environment env;
private ThreadPool threadPool;
@ -58,9 +68,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
terminate(threadPool);
}
@Test
public void testStore_ConfiguredWithUnreadableFile() throws Exception {
Path file = createTempFile();
List<String> lines = new ArrayList<>();
lines.add("aldlfkjldjdflkjd");
@ -78,8 +86,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
assertThat(store.entriesCount(), is(0));
}
@Test
public void testStore_AutoReload() throws Exception {
public void testStoreAutoReload() throws Exception {
Path users = getDataPath("users_roles");
Path tmp = createTempFile();
Files.copy(users, tmp, StandardCopyOption.REPLACE_EXISTING);
@ -122,8 +129,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
assertThat(roles, arrayContaining("role4", "role5"));
}
@Test
public void testStore_AutoReload_WithParseFailure() throws Exception {
public void testStoreAutoReloadWithParseFailure() throws Exception {
Path users = getDataPath("users_roles");
Path tmp = createTempFile();
Files.copy(users, tmp, StandardCopyOption.REPLACE_EXISTING);
@ -161,7 +167,6 @@ public class FileUserRolesStoreTests extends ESTestCase {
assertThat(store.entriesCount(), is(0));
}
@Test
public void testParseFile() throws Exception {
Path path = getDataPath("users_roles");
Map<String, String[]> usersRoles = FileUserRolesStore.parseFile(path, null);
@ -180,8 +185,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
assertThat(usersRoles.get("period.user"), arrayContaining("role4"));
}
@Test
public void testParseFile_Empty() throws Exception {
public void testParseFileEmpty() throws Exception {
Path empty = createTempFile();
ESLogger log = ESLoggerFactory.getLogger("test");
log = spy(log);
@ -189,8 +193,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
verify(log, times(1)).warn(contains("no entries found"), eq(empty.toAbsolutePath()));
}
@Test
public void testParseFile_WhenFileDoesNotExist() throws Exception {
public void testParseFileWhenFileDoesNotExist() throws Exception {
Path file = createTempDir().resolve(randomAsciiOfLength(10));
CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO);
Map<String, String[]> usersRoles = FileUserRolesStore.parseFile(file, logger);
@ -198,8 +201,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
assertThat(usersRoles.isEmpty(), is(true));
}
@Test
public void testParseFile_WhenCannotReadFile() throws Exception {
public void testParseFileWhenCannotReadFile() throws Exception {
Path file = createTempFile();
List<String> lines = new ArrayList<>();
lines.add("aldlfkjldjdflkjd");
@ -215,8 +217,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
}
}
@Test
public void testParseFile_EmptyRolesDoesNotCauseNPE() throws Exception {
public void testParseFileEmptyRolesDoesNotCauseNPE() throws Exception {
ThreadPool threadPool = null;
try {
threadPool = new ThreadPool("test");
@ -241,27 +242,23 @@ public class FileUserRolesStoreTests extends ESTestCase {
}
}
@Test
public void testParseFile_EmptyFileIsParsed() throws Exception {
public void testParseFileEmptyFileIsParsed() throws Exception {
assertInvalidInputIsSilentlyIgnored("");
assertInvalidInputIsSilentlyIgnored("#");
}
@Test
public void testParseFile_EmptyRoleNameDoesNotThrowException() throws Exception {
public void testParseFileEmptyRoleNameDoesNotThrowException() throws Exception {
assertInvalidInputIsSilentlyIgnored(":user1,user2");
assertInvalidInputIsSilentlyIgnored(" :user1,user2");
}
@Test
public void testParseFile_EmptyRoleDoesNotThrowException() throws Exception {
public void testParseFileEmptyRoleDoesNotThrowException() throws Exception {
assertInvalidInputIsSilentlyIgnored("role:");
assertInvalidInputIsSilentlyIgnored("role: ");
assertInvalidInputIsSilentlyIgnored("role: , ");
}
@Test
public void testParseFileLenient_WhenCannotReadFile() throws Exception {
public void testParseFileLenientWhenCannotReadFile() throws Exception {
Path file = createTempFile();
List<String> lines = new ArrayList<>();
lines.add("aldlfkjldjdflkjd");

156
shield/src/test/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersToolTests.java
View File

@ -14,7 +14,6 @@ import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.authc.esusers.FileUserRolesStore;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.junit.Test;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@ -25,15 +24,27 @@ import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasItems;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.startsWith;
/**
*
*/
public class ESUsersToolTests extends CliToolTestCase {
@Test
public void testUseradd_Parse_AllOptions() throws Exception {
public void testUseraddParseAllOptions() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("username -p changeme -r r1,r2,r3"));
assertThat(command, instanceOf(ESUsersTool.Useradd.class));
@ -44,7 +55,6 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.roles, arrayContaining("r1", "r2", "r3"));
}
@Test
public void testUseraddExtraArgs() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("username -p changeme -r r1,r2,r3 r4 r6"));
@ -53,8 +63,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testUseradd_Parse_InvalidUsername() throws Exception {
public void testUseraddParseInvalidUsername() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("$34dkl -p changeme -r r1,r2,r3"));
assertThat(command, instanceOf(CliTool.Command.Exit.class));
@ -62,7 +71,6 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), is(CliTool.ExitStatus.DATA_ERROR));
}
@Test
public void testUseradd_Parse_InvalidRoleName() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("username -p changeme -r $343,r2,r3"));
@ -71,8 +79,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), is(CliTool.ExitStatus.DATA_ERROR));
}
@Test
public void testUseradd_Parse_InvalidPassword() throws Exception {
public void testUseraddParseInvalidPassword() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("username -p 123 -r r1,r2,r3"));
assertThat(command, instanceOf(CliTool.Command.Exit.class));
@ -80,16 +87,14 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), is(CliTool.ExitStatus.DATA_ERROR));
}
@Test
public void testUseradd_Parse_NoUsername() throws Exception {
public void testUseraddParseNoUsername() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("useradd", args("-p test123"));
assertThat(command, instanceOf(CliTool.Command.Exit.class));
assertThat(((CliTool.Command.Exit) command).status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testUseradd_Parse_NoPassword() throws Exception {
public void testUseraddParseNoPassword() throws Exception {
ESUsersTool tool = new ESUsersTool(new MockTerminal() {
@Override
public char[] readSecret(String text, Object... args) {
@ -105,8 +110,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.roles.length, is(0));
}
@Test
public void testUseradd_Cmd_Create() throws Exception {
public void testUseraddCmdCreate() throws Exception {
Path userFile = createTempFile();
Path userRolesFile = createTempFile();
Settings settings = Settings.builder()
@ -137,8 +141,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines, containsInAnyOrder("r1:user1", "r2:user1"));
}
@Test
public void testUseradd_Cmd_Append() throws Exception {
public void testUseraddCmdAppend() throws Exception {
Path userFile = writeFile("user2:hash2");
Path userRolesFile = writeFile("r3:user2\nr4:user2");
Settings settings = Settings.builder()
@ -174,8 +177,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines, containsInAnyOrder("r1:user1", "r2:user1", "r3:user2", "r4:user2"));
}
@Test
public void testUseradd_Cmd_AddingUserWithoutRolesDoesNotAddEmptyRole() throws Exception {
public void testUseraddCmdAddingUserWithoutRolesDoesNotAddEmptyRole() throws Exception {
Path userFile = writeFile("user2:hash2");
Path userRolesFile = writeFile("r3:user2\nr4:user2");
Settings settings = Settings.builder()
@ -196,8 +198,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines, not(hasItem(containsString("user1"))));
}
@Test
public void testUseradd_Cmd_Append_UserAlreadyExists() throws Exception {
public void testUseraddCmdAppendUserAlreadyExists() throws Exception {
Path userFile = writeFile("user1:hash1");
Path userRolesFile = createTempFile();
Settings settings = Settings.builder()
@ -213,9 +214,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(status, is(CliTool.ExitStatus.CODE_ERROR));
}
@Test
public void testUseradd_CustomRole() throws Exception {
public void testUseraddCustomRole() throws Exception {
Path usersFile = createTempFile();
Path userRolesFile = createTempFile();
Path rolesFile = writeFile("plugin_admin:\n" +
@ -236,8 +235,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(terminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testUseradd_NonExistantRole() throws Exception {
public void testUseraddNonExistantRole() throws Exception {
Path usersFile = createTempFile();
Path userRolesFile = createTempFile();
Path rolesFile = writeFile("plugin_admin:\n" +
@ -259,8 +257,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(terminal.getTerminalOutput().get(0), containsString("[plugin_admin_2]"));
}
@Test
public void testUserdel_Parse() throws Exception {
public void testUserdelParse() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("userdel", args("username"));
assertThat(command, instanceOf(ESUsersTool.Userdel.class));
@ -268,8 +265,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(userdel.username, equalTo("username"));
}
@Test
public void testUserdel_Parse_MissingUsername() throws Exception {
public void testUserdelParseMissingUsername() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("userdel", args(null));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -277,8 +273,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), equalTo(CliTool.ExitStatus.USAGE));
}
@Test
public void testUserdel_Parse_ExtraArgs() throws Exception {
public void testUserdelParseExtraArgs() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("userdel", args("user1 user2"));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -286,8 +281,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(exit.status(), equalTo(CliTool.ExitStatus.USAGE));
}
@Test
public void testUserdel_Cmd() throws Exception {
public void testUserdelCmd() throws Exception {
Path userFile = writeFile("user1:hash2");
Path userRolesFile = writeFile("r3:user1\nr4:user1");
Settings settings = Settings.builder()
@ -311,8 +305,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines.size(), is(0));
}
@Test
public void testUserdel_Cmd_MissingUser() throws Exception {
public void testUserdelCmdMissingUser() throws Exception {
Path userFile = writeFile("user1:hash2");
Path userRolesFile = writeFile("r3:user1\nr4:user1");
Settings settings = Settings.builder()
@ -341,8 +334,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines, hasSize(2));
}
@Test
public void testUserdel_Cmd_MissingFiles() throws Exception {
public void testUserdelCmdMissingFiles() throws Exception {
Path dir = createTempDir();
Path userFile = dir.resolve("users");
Path userRolesFile = dir.resolve("users_roles");
@ -362,8 +354,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(Files.exists(userRolesFile), is(false));
}
@Test
public void testPasswd_Parse_AllOptions() throws Exception {
public void testPasswdParseAllOptions() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("passwd", args("user1 -p changeme"));
assertThat(command, instanceOf(ESUsersTool.Passwd.class));
@ -372,8 +363,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(new String(cmd.passwd.internalChars()), equalTo("changeme"));
}
@Test
public void testPasswd_Parse_MissingUsername() throws Exception {
public void testPasswdParseMissingUsername() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("passwd", args("-p changeme"));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -381,8 +371,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testPasswd_Parse_ExtraArgs() throws Exception {
public void testPasswdParseExtraArgs() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("passwd", args("user1 user2 -p changeme"));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -390,8 +379,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testPasswd_Parse_MissingPassword() throws Exception {
public void testPasswdParseMissingPassword() throws Exception {
final AtomicReference<Boolean> secretRequested = new AtomicReference<>(false);
Terminal terminal = new MockTerminal() {
@Override
@ -409,8 +397,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(secretRequested.get(), is(true));
}
@Test
public void testPasswd_Cmd() throws Exception {
public void testPasswdCmd() throws Exception {
Path userFile = writeFile("user1:hash2");
Settings settings = Settings.builder()
.put("shield.authc.realms.esusers.type", "esusers")
@ -432,8 +419,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(Hasher.BCRYPT.verify(SecuredStringTests.build("changeme"), hash.toCharArray()), is(true));
}
@Test
public void testPasswd_Cmd_UnknownUser() throws Exception {
public void testPasswdCmdUnknownUser() throws Exception {
Path userFile = writeFile("user1:hash2");
Settings settings = Settings.builder()
.put("shield.authc.realms.esusers.type", "esusers")
@ -446,8 +432,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(status, is(CliTool.ExitStatus.NO_USER));
}
@Test
public void testPasswd_Cmd_MissingFiles() throws Exception {
public void testPasswdCmdMissingFiles() throws Exception {
Path userFile = createTempFile();
Settings settings = Settings.builder()
.put("shield.authc.realms.esusers.type", "esusers")
@ -460,8 +445,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(status, is(CliTool.ExitStatus.NO_USER));
}
@Test
public void testRoles_Parse_AllOptions() throws Exception {
public void testRolesParseAllOptions() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("roles", args("someuser -a test1,test2,test3 -r test4,test5,test6"));
assertThat(command, instanceOf(ESUsersTool.Roles.class));
@ -471,8 +455,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(rolesCommand.removeRoles, arrayContaining("test4", "test5", "test6"));
}
@Test
public void testRoles_Parse_ExtraArgs() throws Exception {
public void testRolesParseExtraArgs() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("roles", args("someuser -a test1,test2,test3 foo -r test4,test5,test6 bar"));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -480,8 +463,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testRoles_Cmd_validatingRoleNames() throws Exception {
public void testRolesCmdValidatingRoleNames() throws Exception {
ESUsersTool tool = new ESUsersTool();
Path usersFile = writeFile("admin:hash");
Path usersRoleFile = writeFile("admin: admin\n");
@ -507,8 +489,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(execute(tool.parse("roles", args("admin -a role0")), settings), is(CliTool.ExitStatus.OK));
}
@Test
public void testRoles_Cmd_addingRoleWorks() throws Exception {
public void testRolesCmdAddingRoleWorks() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser: user\n");
Settings settings = Settings.builder()
@ -530,8 +511,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(userRoles.get("user"), arrayContainingInAnyOrder("user", "foo"));
}
@Test
public void testRoles_Cmd_removingRoleWorks() throws Exception {
public void testRolesCmdRemovingRoleWorks() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo: user\nbar: user\n");
Settings settings = Settings.builder()
@ -553,8 +533,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(userRoles.get("user"), arrayContainingInAnyOrder("user", "bar"));
}
@Test
public void testRoles_Cmd_addingAndRemovingRoleWorks() throws Exception {
public void testRolesCmdAddingAndRemovingRoleWorks() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser:user\nfoo:user\nbar:user\n");
Settings settings = Settings.builder()
@ -576,8 +555,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(userRoles.get("user"), arrayContainingInAnyOrder("user", "bar", "newrole"));
}
@Test
public void testRoles_Cmd_removingLastRoleRemovesEntryFromRolesFile() throws Exception {
public void testRolesCmdRemovingLastRoleRemovesEntryFromRolesFile() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser:user\nfoo:user\nbar:user\n");
Settings settings = Settings.builder()
@ -596,8 +574,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(usersRoleFileLines, not(hasItem(containsString("user"))));
}
@Test
public void testRoles_Cmd_userNotFound() throws Exception {
public void testRolesCmdUserNotFound() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Settings settings = Settings.builder()
@ -613,8 +590,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(status, is(CliTool.ExitStatus.NO_USER));
}
@Test
public void testRoles_Cmd_testNotAddingOrRemovingRolesShowsListingOfRoles() throws Exception {
public void testRolesCmdTestNotAddingOrRemovingRolesShowsListingOfRoles() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\nuser:user\nfoo:user\nbar:user\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
@ -634,8 +610,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("user"), containsString("user,foo,bar"))));
}
@Test
public void testRoles_cmd_testRoleCanBeAddedWhenUserIsNotInRolesFile() throws Exception {
public void testRolesCmdRoleCanBeAddedWhenUserIsNotInRolesFile() throws Exception {
Path usersFile = writeFile("admin:hash\nuser:hash");
Path usersRoleFile = writeFile("admin: admin\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nmyrole:\n cluster: all");
@ -658,8 +633,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(userRoles.get("user"), arrayContaining("myrole"));
}
@Test
public void testListUsersAndRoles_Cmd_parsingWorks() throws Exception {
public void testListUsersAndRolesCmdParsingWorks() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("list", args("someuser"));
assertThat(command, instanceOf(ESUsersTool.ListUsersAndRoles.class));
@ -667,8 +641,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(listUsersAndRolesCommand.username, is("someuser"));
}
@Test
public void testListUsersAndRoles_Cmd_parsingExtraArgs() throws Exception {
public void testListUsersAndRolesCmdParsingExtraArgs() throws Exception {
ESUsersTool tool = new ESUsersTool();
CliTool.Command command = tool.parse("list", args("someuser two"));
assertThat(command, instanceOf(ESUsersTool.Command.Exit.class));
@ -676,8 +649,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(cmd.status(), is(CliTool.ExitStatus.USAGE));
}
@Test
public void testListUsersAndRoles_Cmd_listAllUsers() throws Exception {
public void testListUsersAndRolesCmdListAllUsers() throws Exception {
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
Settings settings = Settings.builder()
@ -697,8 +669,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("user"), containsString("user,foo,bar"))));
}
@Test
public void testListUsersAndRoles_Cmd_listAllUsers_WithUnknownRoles() throws Exception {
public void testListUsersAndRolesCmdListAllUsersWithUnknownRoles() throws Exception {
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all");
Settings settings = Settings.builder()
@ -718,8 +689,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("user"), containsString("user,foo*,bar*"))));
}
@Test
public void testListUsersAndRoles_Cmd_listSingleUser() throws Exception {
public void testListUsersAndRolesCmdListSingleUser() throws Exception {
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Path usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all");
@ -741,8 +711,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(not(containsString("user"))));
}
@Test
public void testListUsersAndRoles_Cmd_NoUsers() throws Exception {
public void testListUsersAndRolesCmdNoUsers() throws Exception {
Path usersFile = writeFile("");
Path usersRoleFile = writeFile("");
Settings settings = Settings.builder()
@ -762,8 +731,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(output.get(0), equalTo("No users found" + System.lineSeparator()));
}
@Test
public void testListUsersAndRoles_Cmd_listSingleUserNotFound() throws Exception {
public void testListUsersAndRolesCmdListSingleUserNotFound() throws Exception {
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Settings settings = Settings.builder()
.put("shield.authc.realms.esusers.type", "esusers")
@ -778,8 +746,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(status, is(CliTool.ExitStatus.NO_USER));
}
@Test
public void testListUsersAndRoles_Cmd_testThatUsersWithAndWithoutRolesAreListed() throws Exception {
public void testListUsersAndRolesCmdUsersWithAndWithoutRolesAreListed() throws Exception {
Path usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
Path usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
@ -802,8 +769,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
}
@Test
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListed() throws Exception {
public void testListUsersAndRolesCmdUsersWithoutRolesAreListed() throws Exception {
Path usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
Path usersRoleFile = writeFile("");
Path rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
@ -826,8 +792,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
}
@Test
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListedForSingleUser() throws Exception {
public void testListUsersAndRolesCmdUsersWithoutRolesAreListedForSingleUser() throws Exception {
Path usersFile = writeFile("admin:{plain}changeme");
Path usersRoleFile = writeFile("");
Settings settings = Settings.builder()
@ -846,8 +811,7 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(loggingTerminal.getTerminalOutput(), hasItem(allOf(containsString("admin"), containsString("-"))));
}
@Test
public void testUseradd_UsernameWithPeriod() throws Exception {
public void testUseraddUsernameWithPeriod() throws Exception {
Path userFile = createTempFile();
Path userRolesFile = createTempFile();
Settings settings = Settings.builder()

31
shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java
View File

@ -19,18 +19,22 @@ import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.elasticsearch.shield.authc.ldap.LdapSessionFactory.USER_DN_TEMPLATES_SETTING;
import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING;
import static org.elasticsearch.shield.authc.ldap.support.SessionFactory.URLS_SETTING;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
public class LdapRealmTests extends LdapTestCase {
public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas";
public static final String VALID_USERNAME = "Thomas Masterman Hardy";
public static final String PASSWORD = "pass";
@ -52,8 +56,7 @@ public class LdapRealmTests extends LdapTestCase {
terminate(threadPool);
}
@Test
public void testAuthenticate_SubTreeGroupSearch() throws Exception {
public void testAuthenticateSubTreeGroupSearch() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = buildLdapSettings(ldapUrl(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
@ -66,8 +69,7 @@ public class LdapRealmTests extends LdapTestCase {
assertThat(user.roles(), arrayContaining("HMS Victory"));
}
@Test
public void testAuthenticate_OneLevelGroupSearch() throws Exception {
public void testAuthenticateOneLevelGroupSearch() throws Exception {
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
@ -83,8 +85,7 @@ public class LdapRealmTests extends LdapTestCase {
assertThat(user.roles(), arrayContaining("HMS Victory"));
}
@Test
public void testAuthenticate_Caching() throws Exception {
public void testAuthenticateCaching() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
@ -102,8 +103,7 @@ public class LdapRealmTests extends LdapTestCase {
verify(ldapFactory, times(1)).session(anyString(), any(SecuredString.class));
}
@Test
public void testAuthenticate_Caching_Refresh() throws Exception {
public void testAuthenticateCachingRefresh() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
@ -129,8 +129,7 @@ public class LdapRealmTests extends LdapTestCase {
verify(ldapFactory, times(2)).session(anyString(), any(SecuredString.class));
}
@Test
public void testAuthenticate_Noncaching() throws Exception {
public void testAuthenticateNoncaching() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
@ -149,7 +148,6 @@ public class LdapRealmTests extends LdapTestCase {
verify(ldapFactory, times(2)).session(anyString(), any(SecuredString.class));
}
@Test
public void testLdapRealmSelectsLdapSessionFactory() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
@ -165,7 +163,6 @@ public class LdapRealmTests extends LdapTestCase {
assertThat(sessionFactory, is(instanceOf(LdapSessionFactory.class)));
}
@Test
public void testLdapRealmSelectsLdapUserSearchSessionFactory() throws Exception {
String groupSearchBase = "o=sevenSeas";
Settings settings = Settings.builder()
@ -186,7 +183,6 @@ public class LdapRealmTests extends LdapTestCase {
}
}
@Test
public void testLdapRealmThrowsExceptionForUserTemplateAndSearchSettings() throws Exception {
Settings settings = Settings.builder()
.putArray(URLS_SETTING, ldapUrl())
@ -205,7 +201,6 @@ public class LdapRealmTests extends LdapTestCase {
}
}
@Test
public void testLdapRealmMapsUserDNToRole() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;

25
shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapSessionFactoryTests.java
View File

@ -16,15 +16,17 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.util.List;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.lessThan;
public class LdapSessionFactoryTests extends LdapTestCase {
private Settings globalSettings;
@Before
@ -32,7 +34,6 @@ public class LdapSessionFactoryTests extends LdapTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test
public void testBindWithReadTimeout() throws Exception {
String ldapUrl = ldapUrl();
String groupSearchBase = "o=sevenSeas";
@ -61,7 +62,6 @@ public class LdapSessionFactoryTests extends LdapTestCase {
}
}
@Test
@Network
@AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/767")
public void testConnectTimeout() {
@ -92,7 +92,6 @@ public class LdapSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testBindWithTemplates() throws Exception {
String groupSearchBase = "o=sevenSeas";
String[] userTemplates = new String[] {
@ -113,8 +112,6 @@ public class LdapSessionFactoryTests extends LdapTestCase {
}
}
@Test(expected = ElasticsearchSecurityException.class)
public void testBindWithBogusTemplates() throws Exception {
String groupSearchBase = "o=sevenSeas";
String[] userTemplates = new String[] {
@ -129,11 +126,13 @@ public class LdapSessionFactoryTests extends LdapTestCase {
String user = "Horatio Hornblower";
SecuredString userPass = SecuredStringTests.build("pass");
try (LdapSession ldapConnection = ldapFac.session(user, userPass)) {
fail("Expected ElasticsearchSecurityException");
} catch (ElasticsearchSecurityException e) {
assertThat(e.getMessage(), is("failed LDAP authentication"));
}
}
@Test
public void testGroupLookup_Subtree() throws Exception {
public void testGroupLookupSubtree() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrl(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings);
@ -149,8 +148,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testGroupLookup_OneLevel() throws Exception {
public void testGroupLookupOneLevel() throws Exception {
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrl(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL), globalSettings);
@ -164,8 +162,7 @@ public class LdapSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testGroupLookup_Base() throws Exception {
public void testGroupLookupBase() throws Exception {
String groupSearchBase = "cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas";
String userTemplate = "cn={0},ou=people,o=sevenSeas";
RealmConfig config = new RealmConfig("ldap_realm", buildLdapSettings(ldapUrl(), userTemplate, groupSearchBase, LdapSearchScope.BASE), globalSettings);

45
shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java
View File

@ -7,8 +7,14 @@ package org.elasticsearch.shield.authc.ldap;
import com.carrotsearch.randomizedtesting.ThreadFilter;
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
import com.unboundid.ldap.sdk.*;
import org.elasticsearch.*;
import com.unboundid.ldap.sdk.BindRequest;
import com.unboundid.ldap.sdk.GetEntryLDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.LDAPConnectionPool;
import com.unboundid.ldap.sdk.LDAPConnectionPoolHealthCheck;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.SingleServerSet;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.Version;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
@ -29,15 +35,22 @@ import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.shield.support.NoOpLogger;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Before;
import org.junit.Test;
import java.nio.file.Path;
import java.text.MessageFormat;
import java.util.*;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import static org.elasticsearch.common.settings.Settings.settingsBuilder;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.nullValue;
// thread leak filter for UnboundID's background connect threads. The background connect threads do not always respect the
// timeout and linger. Will be fixed in a new version of the library, see http://sourceforge.net/p/ldap-sdk/discussion/1001257/thread/154e3b71/
@ -45,7 +58,6 @@ import static org.hamcrest.Matchers.*;
LdapUserSearchSessionFactoryTests.BackgroundConnectThreadLeakFilter.class
})
public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
private ClientSSLService clientSSLService;
private Settings globalSettings;
@ -67,8 +79,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
globalSettings = settingsBuilder().put("path.home", createTempDir()).build();
}
@Test
public void supportsUnauthenticatedSessions() throws Exception {
public void testSupportsUnauthenticatedSessions() throws Exception {
RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder()
.put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, "", LdapSearchScope.SUB_TREE))
.put("user_search.base_dn", "")
@ -85,7 +96,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchSubTree() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -120,7 +130,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchBaseScopeFailsWithWrongBaseDN() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -158,7 +167,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchBaseScopePassesWithCorrectBaseDN() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "cn=William Bush,ou=people,o=sevenSeas";
@ -194,7 +202,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchOneLevelScopeFailsWithWrongBaseDN() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -232,7 +239,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchOneLevelScopePassesWithCorrectBaseDN() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "ou=people,o=sevenSeas";
@ -268,7 +274,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchWithBadAttributeFails() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -305,7 +310,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testUserSearchWithoutAttributePasses() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -339,7 +343,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test @Network
@Network
public void testUserSearchWithActiveDirectory() throws Exception {
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
String userSearchBase = "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
@ -381,7 +385,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test @Network
@Network
public void testUserSearchwithBindUserOpenLDAP() throws Exception {
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
String userSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
@ -413,7 +417,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testConnectionPoolDefaultSettings() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -437,7 +440,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testConnectionPoolSettings() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -462,7 +464,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testThatEmptyBindDNThrowsExceptionWithHealthCheckEnabled() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userSearchBase = "o=sevenSeas";
@ -479,13 +480,11 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
}
@Test
public void testEmptyBindDNReturnsNullBindRequest() {
BindRequest request = LdapUserSearchSessionFactory.bindRequest(settingsBuilder().put("bind_password", "password").build());
assertThat(request, is(nullValue()));
}
@Test
public void testThatBindRequestReturnsSimpleBindRequest() {
BindRequest request = LdapUserSearchSessionFactory.bindRequest(settingsBuilder()
.put("bind_password", "password")
@ -496,7 +495,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
assertThat(simpleBindRequest.getBindDN(), is("cn=ironman"));
}
@Test
@Network
public void testThatLDAPServerConnectErrorDoesNotPreventNodeFromStarting() {
String groupSearchBase = "DC=ad,DC=test,DC=elasticsearch,DC=com";
@ -523,7 +521,6 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
}
public static class BackgroundConnectThreadLeakFilter implements ThreadFilter {
@Override
public boolean reject(Thread thread) {
if (thread.getName().startsWith("Background connect thread for elastic.co")) {

6
shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java
View File

@ -18,7 +18,6 @@ import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import java.nio.file.Path;
@ -53,7 +52,6 @@ public class OpenLdapTests extends ESTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test
public void testConnect() throws Exception {
//openldap does not use cn as naming attributes by default
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
@ -69,7 +67,6 @@ public class OpenLdapTests extends ESTestCase {
}
}
@Test
public void testGroupSearchScopeBase() throws Exception {
//base search on a groups means that the user can be in just one group
@ -86,7 +83,6 @@ public class OpenLdapTests extends ESTestCase {
}
}
@Test
public void testCustomFilter() throws Exception {
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
@ -103,7 +99,6 @@ public class OpenLdapTests extends ESTestCase {
}
}
@Test
@AwaitsFix(bugUrl = "https://github.com/elasticsearch/elasticsearch-shield/issues/499")
public void testTcpTimeout() throws Exception {
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
@ -125,7 +120,6 @@ public class OpenLdapTests extends ESTestCase {
}
}
@Test
public void testStandardLdapConnectionHostnameVerification() throws Exception {
//openldap does not use cn as naming attributes by default
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";

18
shield/src/test/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolverTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.shield.authc.ldap;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
@ -20,12 +21,15 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.nio.file.Path;
import java.util.List;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
@Network
public class SearchGroupsResolverTests extends ESTestCase {
@ -55,13 +59,13 @@ public class SearchGroupsResolverTests extends ESTestCase {
ldapConnection = new LDAPConnection(clientSSLService.sslSocketFactory(), options, ldapurl.getHost(), ldapurl.getPort(), BRUCE_BANNER_DN, OpenLdapTests.PASSWORD);
}
@Override
@After
public void tearDown() throws Exception {
super.tearDown();
ldapConnection.close();
}
@Test
public void testResolveSubTree() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -76,7 +80,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
containsString("Philanthropists")));
}
@Test
public void testResolveOneLevel() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -92,7 +95,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
containsString("Philanthropists")));
}
@Test
public void testResolveBase() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "cn=Avengers,ou=People,dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -104,7 +106,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
assertThat(groups, hasItem(containsString("Avengers")));
}
@Test
public void testResolveCustomFilter() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -117,7 +118,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
assertThat(groups, hasItem(containsString("Geniuses")));
}
@Test
public void testCreateWithoutSpecifyingBaseDN() throws Exception {
Settings settings = Settings.builder()
.put("scope", LdapSearchScope.SUB_TREE)
@ -131,7 +131,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
}
}
@Test
public void testReadUserAttributeUid() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -140,7 +139,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
assertThat(resolver.readUserAttribute(ldapConnection, BRUCE_BANNER_DN, TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE), is("hulk"));
}
@Test
public void testReadUserAttributeCn() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -150,7 +148,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
assertThat(resolver.readUserAttribute(ldapConnection, BRUCE_BANNER_DN, TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE), is("Bruce Banner"));
}
@Test
public void testReadNonExistentUserAttribute() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")
@ -165,7 +162,6 @@ public class SearchGroupsResolverTests extends ESTestCase {
}
}
@Test
public void testReadBinaryUserAttribute() throws Exception {
Settings settings = Settings.builder()
.put("base_dn", "dc=oldap,dc=test,dc=elasticsearch,dc=com")

12
shield/src/test/java/org/elasticsearch/shield/authc/ldap/UserAttributeGroupsResolverTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.shield.authc.ldap;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPURL;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment;
@ -19,18 +20,21 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import java.nio.file.Path;
import java.util.List;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.hasItems;
@Network
public class UserAttributeGroupsResolverTests extends ESTestCase {
public static final String BRUCE_BANNER_DN = "cn=Bruce Banner,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com";
private LDAPConnection ldapConnection;
@Override
@Before
public void setUp() throws Exception {
super.setUp();
@ -53,13 +57,13 @@ public class UserAttributeGroupsResolverTests extends ESTestCase {
ldapConnection = new LDAPConnection(clientSSLService.sslSocketFactory(), options, ldapurl.getHost(), ldapurl.getPort(), BRUCE_BANNER_DN, ActiveDirectorySessionFactoryTests.PASSWORD);
}
@Override
@After
public void tearDown() throws Exception {
super.tearDown();
ldapConnection.close();
}
@Test
public void testResolve() throws Exception {
//falling back on the 'memberOf' attribute
UserAttributeGroupsResolver resolver = new UserAttributeGroupsResolver(Settings.EMPTY);
@ -71,7 +75,6 @@ public class UserAttributeGroupsResolverTests extends ESTestCase {
containsString("Philanthropists")));
}
@Test
public void testResolveCustomGroupAttribute() throws Exception {
Settings settings = Settings.builder()
.put("user_group_attribute", "seeAlso")
@ -81,7 +84,6 @@ public class UserAttributeGroupsResolverTests extends ESTestCase {
assertThat(groups, hasItems(containsString("Avengers"))); //seeAlso only has Avengers
}
@Test
public void testResolveInvalidGroupAttribute() throws Exception {
Settings settings = Settings.builder()
.put("user_group_attribute", "doesntExist")

32
shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/LDAPServersTests.java
View File

@ -6,15 +6,13 @@
package org.elasticsearch.shield.authc.ldap.support;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
public class LDAPServersTests extends ESTestCase {
@Test
public void testConfigure_1ldaps() {
public void testConfigure1ldaps() {
String[] urls = new String[] { "ldaps://example.com:636" };
SessionFactory.LDAPServers servers = new SessionFactory.LDAPServers(urls);
@ -25,8 +23,7 @@ public class LDAPServersTests extends ESTestCase {
assertThat(servers.ssl(), is(equalTo(true)));
}
@Test
public void testConfigure_2ldaps() {
public void testConfigure2ldaps() {
String[] urls = new String[] { "ldaps://primary.example.com:636", "LDAPS://secondary.example.com:10636" };
SessionFactory.LDAPServers servers = new SessionFactory.LDAPServers(urls);
@ -39,8 +36,7 @@ public class LDAPServersTests extends ESTestCase {
assertThat(servers.ssl(), is(equalTo(true)));
}
@Test
public void testConfigure_2ldap() {
public void testConfigure2ldap() {
String[] urls = new String[] { "ldap://primary.example.com:392", "LDAP://secondary.example.com:10392" };
SessionFactory.LDAPServers servers = new SessionFactory.LDAPServers(urls);
@ -53,17 +49,25 @@ public class LDAPServersTests extends ESTestCase {
assertThat(servers.ssl(), is(equalTo(false)));
}
@Test(expected = IllegalArgumentException.class)
public void testConfigure_1ldaps_1ldap() {
public void testConfigure1ldaps1ldap() {
String[] urls = new String[] { "LDAPS://primary.example.com:636", "ldap://secondary.example.com:392" };
new SessionFactory.LDAPServers(urls);
try {
new SessionFactory.LDAPServers(urls);
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("configured LDAP protocols are not all equal"));
}
}
@Test(expected = IllegalArgumentException.class)
public void testConfigure_1ldap_1ldaps() {
public void testConfigure1ldap1ldaps() {
String[] urls = new String[] { "ldap://primary.example.com:392", "ldaps://secondary.example.com:636" };
new SessionFactory.LDAPServers(urls);
try {
new SessionFactory.LDAPServers(urls);
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("configured LDAP protocols are not all equal"));
}
}
}

20
shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryTests.java
View File

@ -8,19 +8,19 @@ package org.elasticsearch.shield.authc.ldap.support;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import com.unboundid.util.ssl.TrustAllSSLSocketVerifier;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.elasticsearch.common.settings.Settings.settingsBuilder;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
public class SessionFactoryTests extends ESTestCase {
@Test
public void connectionFactoryReturnsCorrectLDAPConnectionOptionsWithDefaultSettings() {
public void testConnectionFactoryReturnsCorrectLDAPConnectionOptionsWithDefaultSettings() {
SessionFactory factory = createSessionFactory();
LDAPConnectionOptions options = SessionFactory.connectionOptions(Settings.EMPTY);
assertThat(options.followReferrals(), is(equalTo(true)));
@ -30,8 +30,7 @@ public class SessionFactoryTests extends ESTestCase {
assertThat(options.getSSLSocketVerifier(), is(instanceOf(HostNameSSLSocketVerifier.class)));
}
@Test
public void connectionFactoryReturnsCorrectLDAPConnectionOptions() {
public void testConnectionFactoryReturnsCorrectLDAPConnectionOptions() {
Settings settings = settingsBuilder()
.put(SessionFactory.TIMEOUT_TCP_CONNECTION_SETTING, "10ms")
.put(SessionFactory.HOSTNAME_VERIFICATION_SETTING, "false")
@ -47,13 +46,11 @@ public class SessionFactoryTests extends ESTestCase {
assertThat(options.getSSLSocketVerifier(), is(instanceOf(TrustAllSSLSocketVerifier.class)));
}
@Test
public void sessionFactoryDoesNotSupportUnauthenticated() {
public void testSessionFactoryDoesNotSupportUnauthenticated() {
assertThat(createSessionFactory().supportsUnauthenticatedSession(), is(false));
}
@Test
public void unauthenticatedSessionThrowsUnsupportedOperationException() throws Exception {
public void testUnauthenticatedSessionThrowsUnsupportedOperationException() throws Exception {
try {
createSessionFactory().unauthenticatedSession(randomAsciiOfLength(5));
fail("session factory should throw an unsupported operation exception");
@ -61,6 +58,7 @@ public class SessionFactoryTests extends ESTestCase {
// expected...
}
}
private SessionFactory createSessionFactory() {
Settings global = settingsBuilder().put("path.home", createTempDir()).build();
return new SessionFactory(new RealmConfig("_name", Settings.EMPTY, global)) {

19
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java
View File

@ -25,11 +25,7 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.transport.Transport;
import org.junit.Test;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
@ -37,14 +33,19 @@ import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Locale;
import static org.hamcrest.Matchers.*;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
/**
* Test authentication via PKI on both REST and Transport layers
*/
@ClusterScope(numClientNodes = 0, numDataNodes = 1)
public class PkiAuthenticationTests extends ShieldIntegTestCase {
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder()
@ -67,7 +68,6 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
return true;
}
@Test
public void testTransportClientCanAuthenticateViaPki() {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
try (TransportClient client = createTransportClient(settings)) {
@ -81,16 +81,16 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
* Test uses the testclient cert which is trusted by the SSL layer BUT it is not trusted by the PKI authentication
* realm
*/
@Test(expected = NoNodeAvailableException.class)
public void testTransportClientAuthenticationFailure() {
try (TransportClient client = createTransportClient(Settings.EMPTY)) {
client.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
client.prepareIndex("foo", "bar").setSource("pki", "auth").get();
fail("transport client should not have been able to authenticate");
} catch (NoNodeAvailableException e) {
assertThat(e.getMessage(), containsString("None of the configured nodes are available: [{#transport#"));
}
}
@Test
public void testRestAuthenticationViaPki() throws Exception {
SSLContext context = getRestSSLContext("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
try (CloseableHttpClient client = HttpClients.custom().setSslcontext(context).build()) {
@ -102,7 +102,6 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
}
}
@Test
public void testRestAuthenticationFailure() throws Exception {
SSLContext context = getRestSSLContext("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.jks", "testclient");
try (CloseableHttpClient client = HttpClients.custom().setSslcontext(context).build()) {

8
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java
View File

@ -23,10 +23,7 @@ import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.transport.Transport;
import org.junit.BeforeClass;
import org.junit.Test;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.InputStream;
import java.net.InetAddress;
import java.nio.file.Files;
@ -34,6 +31,9 @@ import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
import static org.hamcrest.Matchers.is;
@ -74,7 +74,6 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
return true;
}
@Test
public void testRestClientWithoutClientCertificate() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
@ -94,7 +93,6 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
}
}
@Test
public void testTransportClientWithoutClientCertificate() {
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
int port = ((InetSocketTransportAddress) randomFrom(transport.profileBoundAddresses().get("want_client_auth").boundAddresses())).address().getPort();

46
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiRealmTests.java
View File

@ -17,9 +17,7 @@ import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.rest.FakeRestRequest;
import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import org.junit.Test;
import javax.security.auth.x500.X500Principal;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
@ -28,11 +26,18 @@ import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.regex.Pattern;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.*;
import javax.security.auth.x500.X500Principal;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Matchers.anyList;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class PkiRealmTests extends ESTestCase {
private Settings globalSettings;
@Before
@ -40,7 +45,6 @@ public class PkiRealmTests extends ESTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test
public void testTokenSupport() {
RealmConfig config = new RealmConfig("", Settings.EMPTY, globalSettings);
PkiRealm realm = new PkiRealm(config, mock(DnRoleMapper.class));
@ -50,8 +54,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(realm.supports(new X509AuthenticationToken(new X509Certificate[0], "", "")), is(true));
}
@Test
public void extractTokenFromRestRequest() throws Exception {
public void testExtractTokenFromRestRequest() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
RestRequest restRequest = new FakeRestRequest();
restRequest.putInContext(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[] { certificate });
@ -63,8 +66,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(token.principal(), is("Elasticsearch Test Node"));
}
@Test
public void extractTokenFromTransportMessage() throws Exception {
public void testExtractTokenFromTransportMessage() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
Message message = new Message();
message.putInContext(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[]{certificate});
@ -76,8 +78,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(token.principal(), is("Elasticsearch Test Node"));
}
@Test
public void authenticateBasedOnCertToken() throws Exception {
public void testAuthenticateBasedOnCertToken() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
X509AuthenticationToken token = new X509AuthenticationToken(new X509Certificate[] { certificate }, "Elasticsearch Test Node", "CN=Elasticsearch Test Node,");
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
@ -91,8 +92,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(user.roles().length, is(0));
}
@Test
public void customUsernamePattern() throws Exception {
public void testCustomUsernamePattern() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.builder().put("username_pattern", "OU=(.*?),").build(), globalSettings), roleMapper);
@ -108,8 +108,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(user.roles().length, is(0));
}
@Test
public void verificationUsingATruststore() throws Exception {
public void testVerificationUsingATruststore() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
Settings settings = Settings.builder()
@ -130,8 +129,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(user.roles().length, is(0));
}
@Test
public void verificationFailsUsingADifferentTruststore() throws Exception {
public void testVerificationFailsUsingADifferentTruststore() throws Exception {
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.cert"));
DnRoleMapper roleMapper = mock(DnRoleMapper.class);
Settings settings = Settings.builder()
@ -149,8 +147,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(user, is(nullValue()));
}
@Test
public void truststorePathWithoutPasswordThrowsException() throws Exception {
public void testTruststorePathWithoutPasswordThrowsException() throws Exception {
Settings settings = Settings.builder()
.put("truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.jks"))
.build();
@ -162,8 +159,7 @@ public class PkiRealmTests extends ESTestCase {
}
}
@Test
public void certificateWithOnlyCnExtractsProperly() throws Exception {
public void testCertificateWithOnlyCnExtractsProperly() throws Exception {
X509Certificate certificate = mock(X509Certificate.class);
X500Principal principal = new X500Principal("CN=PKI Client");
when(certificate.getSubjectX500Principal()).thenReturn(principal);
@ -174,8 +170,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(token.dn(), is("CN=PKI Client"));
}
@Test
public void certificateWithCnAndOuExtractsProperly() throws Exception {
public void testCertificateWithCnAndOuExtractsProperly() throws Exception {
X509Certificate certificate = mock(X509Certificate.class);
X500Principal principal = new X500Principal("CN=PKI Client, OU=Shield");
when(certificate.getSubjectX500Principal()).thenReturn(principal);
@ -186,8 +181,7 @@ public class PkiRealmTests extends ESTestCase {
assertThat(token.dn(), is("CN=PKI Client, OU=Shield"));
}
@Test
public void certificateWithCnInMiddle() throws Exception {
public void testCertificateWithCnInMiddle() throws Exception {
X509Certificate certificate = mock(X509Certificate.class);
X500Principal principal = new X500Principal("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Shield");
when(certificate.getSubjectX500Principal()).thenReturn(principal);

14
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java
View File

@ -23,29 +23,31 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Locale;
import static org.hamcrest.Matchers.is;
@ClusterScope(numClientNodes = 0, numDataNodes = 1)
public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
@ -69,13 +71,11 @@ public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
.build();
}
@Test
public void testThatTransportClientWorks() {
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
@Test
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
SSLContext sc = SSLContext.getInstance("SSL");

4
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java
View File

@ -18,13 +18,11 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import static org.hamcrest.Matchers.is;
@ClusterScope(numClientNodes = 0, numDataNodes = 1)
public class PkiWithoutSSLTests extends ShieldIntegTestCase {
@Override
public boolean sslTransportEnabled() {
return false;
@ -40,13 +38,11 @@ public class PkiWithoutSSLTests extends ShieldIntegTestCase {
.build();
}
@Test
public void testThatTransportClientWorks() {
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
@Test
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {

4
shield/src/test/java/org/elasticsearch/shield/authc/support/BCryptTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.shield.authc.support;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.util.ArrayList;
import java.util.List;
@ -22,8 +21,6 @@ import static org.hamcrest.Matchers.is;
* Tests for the Bcrypt implementation specifically around modifications we have made
*/
public class BCryptTests extends ESTestCase {
/*
* This test checks that the BCrypt implementation can verify passwords correctly when being invoked from multiple
* threads all the time. This attempts to simulate authentication of many clients at once (without a cache).
@ -32,7 +29,6 @@ public class BCryptTests extends ESTestCase {
* 100% reliable unless memory parameters are changed such as lowering the heap size to something really small like
* 16M and the test is really slow since the issue depends on garbage collection and object finalization.
*/
@Test
@AwaitsFix(bugUrl = "need a better way to test this")
public void testUnderLoad() throws Exception {
final String password = randomAsciiOfLengthBetween(10, 32);

19
shield/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java
View File

@ -12,14 +12,16 @@ import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
import org.junit.Test;
import java.util.concurrent.atomic.AtomicInteger;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.sameInstance;
public class CachingUsernamePasswordRealmTests extends ESTestCase {
private Settings globalSettings;
@Before
@ -27,9 +29,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}
@Test
public void testSettings() throws Exception {
String hashAlgo = randomFrom("bcrypt", "bcrypt4", "bcrypt5", "bcrypt6", "bcrypt7", "bcrypt8", "bcrypt9", "sha1", "ssha256", "md5", "clear_text", "noop");
int maxUsers = randomIntBetween(10, 100);
TimeValue ttl = TimeValue.timeValueMinutes(randomIntBetween(10, 20));
@ -60,7 +60,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(realm.hasher, sameInstance(Hasher.resolve(hashAlgo)));
}
@Test
public void testAuthCache() {
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(globalSettings);
SecuredString pass = SecuredStringTests.build("pass");
@ -77,7 +76,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(realm.lookupInvocationCounter.intValue(), is(0));
}
@Test
public void testLookupCache() {
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(globalSettings);
realm.lookupUser("a");
@ -93,7 +91,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(realm.lookupInvocationCounter.intValue(), is(3));
}
@Test
public void testLookupAndAuthCache() {
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(globalSettings);
// lookup first
@ -121,8 +118,7 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(user, sameInstance(lookedUp));
}
@Test
public void testCache_changePassword(){
public void testCacheChangePassword(){
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(globalSettings);
String user = "testUser";
@ -140,7 +136,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(realm.authInvocationCounter.intValue(), is(2));
}
@Test
public void testAuthenticateContract() throws Exception {
Realm<UsernamePasswordToken> realm = new FailingAuthenticationRealm(Settings.EMPTY, globalSettings);
User user = realm.authenticate(new UsernamePasswordToken("user", SecuredStringTests.build("pass")));
@ -151,7 +146,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(user , nullValue());
}
@Test
public void testLookupContract() throws Exception {
Realm<UsernamePasswordToken> realm = new FailingAuthenticationRealm(Settings.EMPTY, globalSettings);
User user = realm.lookupUser("user");
@ -162,7 +156,6 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
assertThat(user , nullValue());
}
@Test
public void testThatLookupIsNotCalledIfNotSupported() throws Exception {
LookupNotSupportedRealm realm = new LookupNotSupportedRealm(globalSettings);
assertThat(realm.userLookupSupported(), is(false));

18
shield/src/test/java/org/elasticsearch/shield/authc/support/HasherTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.shield.authc.support;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.Matchers.sameInstance;
@ -14,9 +13,7 @@ import static org.hamcrest.Matchers.sameInstance;
*
*/
public class HasherTests extends ESTestCase {
@Test
public void testBcryptFamily_SelfGenerated() throws Exception {
public void testBcryptFamilySelfGenerated() throws Exception {
testHasherSelfGenerated(Hasher.BCRYPT);
testHasherSelfGenerated(Hasher.BCRYPT4);
testHasherSelfGenerated(Hasher.BCRYPT5);
@ -26,27 +23,22 @@ public class HasherTests extends ESTestCase {
testHasherSelfGenerated(Hasher.BCRYPT9);
}
@Test
public void testMd5_SelfGenerated() throws Exception {
public void testMd5SelfGenerated() throws Exception {
testHasherSelfGenerated(Hasher.MD5);
}
@Test
public void testSha1_SelfGenerated() throws Exception {
public void testSha1SelfGenerated() throws Exception {
testHasherSelfGenerated(Hasher.SHA1);
}
@Test
public void testSSHA256_SelfGenerated() throws Exception {
public void testSSHA256SelfGenerated() throws Exception {
testHasherSelfGenerated(Hasher.SSHA256);
}
@Test
public void testNoop_SelfGenerated() throws Exception {
public void testNoopSelfGenerated() throws Exception {
testHasherSelfGenerated(Hasher.NOOP);
}
@Test
public void testResolve() throws Exception {
assertThat(Hasher.resolve("bcrypt"), sameInstance(Hasher.BCRYPT));
assertThat(Hasher.resolve("bcrypt4"), sameInstance(Hasher.BCRYPT4));

12
shield/src/test/java/org/elasticsearch/shield/authc/support/SecuredStringTests.java
View File

@ -6,18 +6,18 @@
package org.elasticsearch.shield.authc.support;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import java.nio.charset.StandardCharsets;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.sameInstance;
public class SecuredStringTests extends ESTestCase {
public static SecuredString build(String password){
return new SecuredString(password.toCharArray());
}
@Test
public void testAccessAfterClear(){
SecuredString password = new SecuredString("password".toCharArray());
SecuredString password2 = new SecuredString("password".toCharArray());
@ -47,7 +47,6 @@ public class SecuredStringTests extends ESTestCase {
assertNotEquals(password, password2);
}
@Test
public void testEqualsHashCode(){
SecuredString password = new SecuredString("password".toCharArray());
SecuredString password2 = new SecuredString("password".toCharArray());
@ -56,7 +55,6 @@ public class SecuredStringTests extends ESTestCase {
assertEquals(password.hashCode(), password2.hashCode());
}
@Test
public void testsEqualsCharSequence(){
SecuredString password = new SecuredString("password".toCharArray());
StringBuffer password2 = new StringBuffer("password");
@ -66,7 +64,6 @@ public class SecuredStringTests extends ESTestCase {
assertEquals(password, password3);
}
@Test
public void testConcat() {
SecuredString password = new SecuredString("password".toCharArray());
SecuredString password2 = new SecuredString("password".toCharArray());
@ -76,7 +73,6 @@ public class SecuredStringTests extends ESTestCase {
assertThat(password3.internalChars(), equalTo("passwordpassword".toCharArray()));
}
@Test
public void testSubsequence(){
SecuredString password = new SecuredString("password".toCharArray());
SecuredString password2 = password.subSequence(4, 8);
@ -87,7 +83,6 @@ public class SecuredStringTests extends ESTestCase {
assertThat("ensure original is unmodified", password.internalChars(), equalTo("password".toCharArray()));
}
@Test
public void testUFT8(){
String password = "эластичный поиск-弾性検索";
SecuredString securePass = new SecuredString(password.toCharArray());
@ -96,7 +91,6 @@ public class SecuredStringTests extends ESTestCase {
assertThat(password2, equalTo(password));
}
@Test
public void testCopyChars() throws Exception {
String password = "эластичный поиск-弾性検索";
SecuredString securePass = new SecuredString(password.toCharArray());

26
shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java
View File

@ -11,13 +11,15 @@ import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.TransportRequest;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import java.nio.charset.StandardCharsets;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@ -25,11 +27,9 @@ import static org.mockito.Mockito.when;
*
*/
public class UsernamePasswordTokenTests extends ESTestCase {
@Rule
public ExpectedException thrown = ExpectedException.none();
@Test
public void testPutToken() throws Exception {
TransportRequest request = new TransportRequest() {};
UsernamePasswordToken.putTokenHeader(request, new UsernamePasswordToken("user1", SecuredStringTests.build("test123")));
@ -46,7 +46,6 @@ public class UsernamePasswordTokenTests extends ESTestCase {
assertThat(password, equalTo("test123"));
}
@Test
public void testExtractToken() throws Exception {
TransportRequest request = new TransportRequest() {};
String header = "Basic " + Base64.encodeBytes("user1:test123".getBytes(StandardCharsets.UTF_8));
@ -57,8 +56,7 @@ public class UsernamePasswordTokenTests extends ESTestCase {
assertThat(new String(token.credentials().internalChars()), equalTo("test123"));
}
@Test
public void testExtractToken_Invalid() throws Exception {
public void testExtractTokenInvalid() throws Exception {
String[] invalidValues = { "Basic", "Basic ", "Basic f" };
for (String value : invalidValues) {
TransportRequest request = new TransportRequest() {};
@ -73,7 +71,6 @@ public class UsernamePasswordTokenTests extends ESTestCase {
}
}
@Test
public void testThatAuthenticationExceptionContainsResponseHeaders() {
TransportRequest request = new TransportRequest() {};
String header = "BasicBroken";
@ -86,7 +83,6 @@ public class UsernamePasswordTokenTests extends ESTestCase {
}
}
@Test
public void testExtractTokenRest() throws Exception {
RestRequest request = mock(RestRequest.class);
UsernamePasswordToken token = new UsernamePasswordToken("username", SecuredStringTests.build("changeme"));
@ -94,44 +90,38 @@ public class UsernamePasswordTokenTests extends ESTestCase {
assertThat(UsernamePasswordToken.extractToken(request, null), equalTo(token));
}
@Test
public void testExtractTokenRest_Missing() throws Exception {
public void testExtractTokenRestMissing() throws Exception {
RestRequest request = mock(RestRequest.class);
when(request.header(UsernamePasswordToken.BASIC_AUTH_HEADER)).thenReturn(null);
assertThat(UsernamePasswordToken.extractToken(request, null), nullValue());
}
@Test
public void testExtractTokenRest_WithInvalidToken1() throws Exception {
public void testExtractTokenRestWithInvalidToken1() throws Exception {
thrown.expect(ElasticsearchSecurityException.class);
RestRequest request = mock(RestRequest.class);
when(request.header(UsernamePasswordToken.BASIC_AUTH_HEADER)).thenReturn("invalid");
UsernamePasswordToken.extractToken(request, null);
}
@Test
public void testExtractTokenRest_WithInvalidToken2() throws Exception {
public void testExtractTokenRestWithInvalidToken2() throws Exception {
thrown.expect(ElasticsearchSecurityException.class);
RestRequest request = mock(RestRequest.class);
when(request.header(UsernamePasswordToken.BASIC_AUTH_HEADER)).thenReturn("Basic");
UsernamePasswordToken.extractToken(request, null);
}
@Test
public void testEqualsWithDifferentPasswords() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username", new SecuredString("new password".toCharArray()));
assertThat(token1, not(equalTo(token2)));
}
@Test
public void testEqualsWithDifferentUsernames() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username1", new SecuredString("password".toCharArray()));
assertThat(token1, not(equalTo(token2)));
}
@Test
public void testEquals() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));

4
shield/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java
View File

@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -17,7 +16,6 @@ import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationExcepti
import static org.hamcrest.CoreMatchers.containsString;
public class AnalyzeTests extends ShieldIntegTestCase {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));
@Override
@ -46,7 +44,6 @@ public class AnalyzeTests extends ShieldIntegTestCase {
" - cluster:admin/analyze\n";
}
@Test
public void testAnalyzeWithIndices() {
//this test tries to execute different analyze api variants from a user that has analyze privileges only on a specific index namespace
@ -74,7 +71,6 @@ public class AnalyzeTests extends ShieldIntegTestCase {
}
}
@Test
public void testAnalyzeWithoutIndices() {
//this test tries to execute different analyze api variants from a user that has analyze privileges only at cluster level

32
shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java
View File

@ -15,13 +15,14 @@ import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.junit.Before;
import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.CoreMatchers.*;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
public class IndexAliasesTests extends ShieldIntegTestCase {
@ -82,7 +83,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexThenAliasesCreateOnlyPermission() {
//user has create permission only: allows to create indices, manage_aliases is required to add/remove aliases
assertAcked(client().admin().indices().prepareCreate("test_1")
@ -105,7 +105,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexAndAliasesCreateOnlyPermission() {
//user has create permission only: allows to create indices, manage_aliases is required to add aliases although they are part of the same create index request
try {
@ -117,7 +116,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testDeleteAliasesCreateOnlyPermission() {
//user has create permission only: allows to create indices, manage_aliases is required to add/remove aliases
try {
@ -145,7 +143,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testGetAliasesCreateOnlyPermission() {
//user has create permission only: allows to create indices, manage_aliases is required to retrieve aliases though
try {
@ -189,7 +186,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexThenAliasesCreateAndAliasesPermission() {
//user has create and manage_aliases permission on test_*. manage_aliases is required to add/remove aliases on both aliases and indices
assertAcked(client().admin().indices().prepareCreate("test_1")
@ -213,7 +209,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexAndAliasesCreateAndAliasesPermission() {
//user has create and manage_aliases permission on test_*. manage_aliases is required to add/remove aliases on both aliases and indices
//ok: user has manage_aliases on test_*
@ -230,7 +225,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testDeleteAliasesCreateAndAliasesPermission() {
//user has create and manage_aliases permission on test_*. manage_aliases is required to add/remove aliases on both aliases and indices
//ok: user has manage_aliases on test_*
@ -284,7 +278,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testGetAliasesCreateAndAliasesPermission() {
//user has create and manage_aliases permission on test_*. manage_aliases is required to retrieve aliases on both aliases and indices
@ -350,7 +343,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexThenAliasesCreateAndAliasesPermission2() {
//user has create permission on test_* and manage_aliases permission on alias_*. manage_aliases is required to add/remove aliases on both aliases and indices
assertAcked(client().admin().indices().prepareCreate("test_1")
@ -384,7 +376,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexAndAliasesCreateAndAliasesPermission2() {
//user has create permission on test_* and manage_aliases permission on alias_*. manage_aliases is required to add/remove aliases on both aliases and indices
try {
@ -406,7 +397,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testDeleteAliasesCreateAndAliasesPermission2() {
//user has create permission on test_* and manage_aliases permission on alias_*. manage_aliases is required to add/remove aliases on both aliases and indices
try {
@ -437,7 +427,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testGetAliasesCreateAndAliasesPermission2() {
//user has create permission on test_* and manage_aliases permission on alias_*. manage_aliases is required to retrieve aliases on both aliases and indices
assertAcked(client().admin().indices().prepareCreate("test_1")
@ -507,7 +496,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testCreateIndexThenAliasesCreateAndAliasesPermission3() {
//user has create permission on test_* and manage_aliases permission on test_*,alias_*. All good.
assertAcked(client().admin().indices().prepareCreate("test_1")
@ -523,7 +511,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue("create_test_aliases_test_alias", new SecuredString("test123".toCharArray()))));
}
@Test
public void testCreateIndexAndAliasesCreateAndAliasesPermission3() {
//user has create permission on test_* and manage_aliases permission on test_*,alias_*. All good.
assertAcked(client().admin().indices().prepareCreate("test_1").addAlias(new Alias("test_alias"))
@ -533,7 +520,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue("create_test_aliases_test_alias", new SecuredString("test123".toCharArray()))));
}
@Test
public void testDeleteAliasesCreateAndAliasesPermission3() {
//user has create permission on test_* and manage_aliases permission on test_*,alias_*. All good.
assertAcked(client().admin().indices().prepareCreate("test_1").addAlias(new Alias("test_alias")).addAlias(new Alias("alias_1"))
@ -566,7 +552,6 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
}
}
@Test
public void testGetAliasesCreateAndAliasesPermission3() {
//user has create permission on test_* and manage_aliases permission on test_*,alias_*. All good.
assertAcked(client().admin().indices().prepareCreate("test_1").addAlias(new Alias("test_alias")).addAlias(new Alias("alias_1"))
@ -609,13 +594,16 @@ public class IndexAliasesTests extends ShieldIntegTestCase {
"test_1", "alias_1");
}
@Test(expected = ElasticsearchSecurityException.class)
public void testCreateIndexAliasesOnlyPermission() {
client().admin().indices().prepareCreate("test_1")
.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue("aliases_only", new SecuredString("test123".toCharArray()))).get();
try {
client().admin().indices().prepareCreate("test_1")
.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue("aliases_only", new SecuredString("test123".toCharArray()))).get();
fail("Expected ElasticsearchSecurityException");
} catch (ElasticsearchSecurityException e) {
assertThat(e.getMessage(), is("action [indices:admin/create] is unauthorized for user [aliases_only]"));
}
}
@Test
public void testGetAliasesAliasesOnlyPermission() {
//user has manage_aliases only permissions on both alias_* and test_*

39
shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java
View File

@ -12,7 +12,11 @@ import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction;
import org.elasticsearch.action.admin.indices.create.CreateIndexAction;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest;
import org.elasticsearch.action.search.*;
import org.elasticsearch.action.search.ClearScrollAction;
import org.elasticsearch.action.search.ClearScrollRequest;
import org.elasticsearch.action.search.SearchAction;
import org.elasticsearch.action.search.SearchScrollAction;
import org.elasticsearch.action.search.SearchScrollRequest;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.metadata.AliasMetaData;
@ -28,17 +32,22 @@ import org.elasticsearch.shield.authz.store.RolesStore;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.TransportRequest;
import org.junit.Before;
import org.junit.Test;
import java.util.List;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.*;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
public class InternalAuthorizationServiceTests extends ESTestCase {
private AuditTrail auditTrail;
private RolesStore rolesStore;
private ClusterService clusterService;
@ -53,7 +62,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
internalAuthorizationService = new InternalAuthorizationService(Settings.EMPTY, rolesStore, clusterService, auditTrail, anonymousService, new DefaultAuthenticationFailureHandler());
}
@Test
public void testActionsSystemUserIsAuthorized() {
TransportRequest request = mock(TransportRequest.class);
@ -66,7 +74,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
verifyNoMoreInteractions(auditTrail);
}
@Test
public void testIndicesActionsAreNotAuthorized() {
TransportRequest request = mock(TransportRequest.class);
try {
@ -79,7 +86,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testClusterAdminActionsAreNotAuthorized() {
TransportRequest request = mock(TransportRequest.class);
try {
@ -92,7 +98,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testClusterAdminSnapshotStatusActionIsNotAuthorized() {
TransportRequest request = mock(TransportRequest.class);
try {
@ -105,7 +110,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testNoRolesCausesDenial() {
TransportRequest request = mock(TransportRequest.class);
User user = new User.Simple("test user", null);
@ -119,7 +123,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testUnknownRoleCausesDenial() {
TransportRequest request = mock(TransportRequest.class);
User user = new User.Simple("test user", new String[] { "non-existent-role" });
@ -133,7 +136,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testThatNonIndicesAndNonClusterActionIsDenied() {
TransportRequest request = mock(TransportRequest.class);
User user = new User.Simple("test user", new String[] { "a_all" });
@ -149,7 +151,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testThatRoleWithNoIndicesIsDenied() {
TransportRequest request = new IndicesExistsRequest("a");
User user = new User.Simple("test user", new String[] { "no_indices" });
@ -165,7 +166,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testScrollRelatedRequestsAllowed() {
User user = new User.Simple("test user", new String[] { "a_all" });
when(rolesStore.role("a_all")).thenReturn(Permission.Global.Role.builder("a_role").add(Privilege.Index.ALL, "a").build());
@ -197,7 +197,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
verifyNoMoreInteractions(auditTrail);
}
@Test
public void testAuthorizeIndicesFailures() {
TransportRequest request = new IndicesExistsRequest("b");
ClusterState state = mock(ClusterState.class);
@ -218,7 +217,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testCreateIndexWithAliasWithoutPermissions() {
CreateIndexRequest request = new CreateIndexRequest("a");
request.alias(new Alias("a2"));
@ -240,7 +238,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testCreateIndexWithAlias() {
CreateIndexRequest request = new CreateIndexRequest("a");
request.alias(new Alias("a2"));
@ -258,7 +255,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
verify(state, times(2)).metaData();
}
@Test
public void testIndicesAliasesWithNoRolesUser() {
User user = new User.Simple("test user", null);
@ -266,7 +262,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
assertThat(list.isEmpty(), is(true));
}
@Test
public void testIndicesAliasesWithUserHavingRoles() {
User user = new User.Simple("test user", new String[] { "a_star", "b" });
ClusterState state = mock(ClusterState.class);
@ -294,7 +289,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
assertThat(list.contains("ba"), is(false));
}
@Test
public void testDenialForAnonymousUser() {
TransportRequest request = new IndicesExistsRequest("b");
ClusterState state = mock(ClusterState.class);
@ -317,7 +311,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testDenialForAnonymousUserAuthorizationExceptionDisabled() {
TransportRequest request = new IndicesExistsRequest("b");
ClusterState state = mock(ClusterState.class);
@ -343,7 +336,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsRequestWithNoRolesUser() {
TransportRequest request = mock(TransportRequest.class);
User user = new User.Simple("test user", null, new User.Simple("run as me", new String[] { "admin" }));
@ -358,7 +350,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsRequestRunningAsUnAllowedUser() {
TransportRequest request = mock(TransportRequest.class);
User user = new User.Simple("test user", new String[] { "can run as" }, new User.Simple("run as me", new String[] { "doesn't exist" }));
@ -379,7 +370,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsRequestWithRunAsUserWithoutPermission() {
TransportRequest request = new IndicesExistsRequest("a");
User user = new User.Simple("test user", new String[] { "can run as" }, new User.Simple("run as me", new String[] { "b" }));
@ -415,7 +405,6 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
}
}
@Test
public void testRunAsRequestWithValidPermissions() {
TransportRequest request = new IndicesExistsRequest("b");
User user = new User.Simple("test user", new String[] { "can run as" }, new User.Simple("run as me", new String[] { "b" }));

15
shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java
View File

@ -6,16 +6,15 @@
package org.elasticsearch.shield.authz;
import org.elasticsearch.action.get.GetAction;
import org.elasticsearch.shield.authz.Privilege.Cluster;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
import org.junit.Test;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.function.Predicate;
import static org.elasticsearch.shield.authz.Privilege.Index.Cluster;
import static org.elasticsearch.shield.authz.Privilege.Index.MONITOR;
import static org.elasticsearch.shield.authz.Privilege.Index.READ;
import static org.elasticsearch.shield.authz.Privilege.Index.SEARCH;
@ -28,7 +27,6 @@ import static org.hamcrest.Matchers.notNullValue;
*
*/
public class PermissionTests extends ESTestCase {
private Permission.Global.Role permission;
@Before
@ -40,19 +38,16 @@ public class PermissionTests extends ESTestCase {
permission = builder.build();
}
@Test
public void testAllowedIndicesMatcher_Action() throws Exception {
public void testAllowedIndicesMatcherAction() throws Exception {
testAllowedIndicesMatcher(permission.indices().allowedIndicesMatcher(GetAction.NAME));
}
@Test
public void testAllowedIndicesMatcher_Action_Caching() throws Exception {
public void testAllowedIndicesMatcherActionCaching() throws Exception {
Predicate<String> matcher1 = permission.indices().allowedIndicesMatcher(GetAction.NAME);
Predicate<String> matcher2 = permission.indices().allowedIndicesMatcher(GetAction.NAME);
assertThat(matcher1, is(matcher2));
}
@Test
public void testIndicesGlobalsIterator() {
Permission.Global.Role.Builder builder = Permission.Global.Role.builder("tc_role");
builder.cluster(Cluster.action("cluster:monitor/nodes/info"));
@ -69,8 +64,7 @@ public class PermissionTests extends ESTestCase {
assertThat(count, is(equalTo(permission.indices().groups().length)));
}
@Test
public void buildEmptyRole() {
public void testBuildEmptyRole() {
Permission.Global.Role.Builder permission = Permission.Global.Role.builder("some_role");
Permission.Global.Role role = permission.build();
assertThat(role, notNullValue());
@ -79,7 +73,6 @@ public class PermissionTests extends ESTestCase {
assertThat(role.runAs(), notNullValue());
}
@Test
public void testRunAs() {
Permission.Global.Role permission = Permission.Global.Role.builder("some_role")
.runAs(new Privilege.General("name", "user1", "run*"))

75
shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java
View File

@ -14,11 +14,11 @@ import org.elasticsearch.shield.support.AutomatonPredicate;
import org.elasticsearch.shield.support.Automatons;
import org.elasticsearch.test.ESTestCase;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import java.util.function.Predicate;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
@ -27,11 +27,9 @@ import static org.hamcrest.Matchers.notNullValue;
*
*/
public class PrivilegeTests extends ESTestCase {
@Rule
public ExpectedException thrown = ExpectedException.none();
@Test
public void testName() throws Exception {
Privilege.Name name12 = new Privilege.Name("name1", "name2");
Privilege.Name name34 = new Privilege.Name("name3", "name4");
@ -48,7 +46,6 @@ public class PrivilegeTests extends ESTestCase {
assertThat(none, is(Privilege.Name.NONE));
}
@Test
public void testSubActionPattern() throws Exception {
AutomatonPredicate predicate = new AutomatonPredicate(Automatons.patterns("foo" + Privilege.SUB_ACTION_SUFFIX_PATTERN));
assertThat(predicate.test("foo[n][nodes]"), is(true));
@ -57,9 +54,7 @@ public class PrivilegeTests extends ESTestCase {
assertThat(predicate.test("[n][nodes]"), is(false));
}
@Test
public void testCluster() throws Exception {
Privilege.Name name = new Privilege.Name("monitor");
Privilege.Cluster cluster = Privilege.Cluster.get(name);
assertThat(cluster, is(Privilege.Cluster.MONITOR));
@ -78,9 +73,7 @@ public class PrivilegeTests extends ESTestCase {
assertThat(cluster, is(cluster2));
}
@Test
public void testCluster_TemplateActions() throws Exception {
public void testClusterTemplateActions() throws Exception {
Privilege.Name name = new Privilege.Name("indices:admin/template/delete");
Privilege.Cluster cluster = Privilege.Cluster.get(name);
assertThat(cluster, notNullValue());
@ -97,14 +90,12 @@ public class PrivilegeTests extends ESTestCase {
assertThat(cluster.predicate().test("indices:admin/template/put"), is(true));
}
@Test
public void testCluster_InvalidName() throws Exception {
public void testClusterInvalidName() throws Exception {
thrown.expect(IllegalArgumentException.class);
Privilege.Name actionName = new Privilege.Name("foobar");
Privilege.Cluster.get(actionName);
}
@Test
public void testClusterAction() throws Exception {
Privilege.Name actionName = new Privilege.Name("cluster:admin/snapshot/delete");
Privilege.Cluster cluster = Privilege.Cluster.get(actionName);
@ -113,8 +104,7 @@ public class PrivilegeTests extends ESTestCase {
assertThat(cluster.predicate().test("cluster:admin/snapshot/dele"), is(false));
}
@Test
public void testCluster_AddCustom() throws Exception {
public void testClusterAddCustom() throws Exception {
Privilege.Cluster.addCustom("foo", "cluster:bar");
boolean found = false;
for (Privilege.Cluster cluster : Privilege.Cluster.values()) {
@ -130,17 +120,26 @@ public class PrivilegeTests extends ESTestCase {
assertThat(cluster.predicate().test("cluster:bar"), is(true));
}
@Test(expected = IllegalArgumentException.class)
public void testCluster_AddCustom_InvalidPattern() throws Exception {
Privilege.Cluster.addCustom("foo", "bar");
public void testClusterAddCustomInvalidPattern() throws Exception {
try {
Privilege.Cluster.addCustom("foo", "bar");
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("cannot register custom cluster privilege [foo]"));
assertThat(e.getMessage(), containsString("must follow the 'cluster:*' format"));
}
}
@Test(expected = IllegalArgumentException.class)
public void testCluster_AddCustom_AlreadyExists() throws Exception {
Privilege.Cluster.addCustom("all", "bar");
public void testClusterAddCustomAlreadyExists() throws Exception {
try {
Privilege.Cluster.addCustom("all", "bar");
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("cannot register custom cluster privilege [all]"));
assertThat(e.getMessage(), containsString("must follow the 'cluster:*' format"));
}
}
@Test
public void testIndexAction() throws Exception {
Privilege.Name actionName = new Privilege.Name("indices:admin/mapping/delete");
Privilege.Index index = Privilege.Index.get(actionName);
@ -149,8 +148,7 @@ public class PrivilegeTests extends ESTestCase {
assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false));
}
@Test
public void testIndex_Collapse() throws Exception {
public void testIndexCollapse() throws Exception {
Privilege.Index[] values = Privilege.Index.values().toArray(new Privilege.Index[Privilege.Index.values().size()]);
Privilege.Index first = values[randomIntBetween(0, values.length-1)];
Privilege.Index second = values[randomIntBetween(0, values.length-1)];
@ -167,8 +165,7 @@ public class PrivilegeTests extends ESTestCase {
}
}
@Test
public void testIndex_Implies() throws Exception {
public void testIndexImplies() throws Exception {
Privilege.Index[] values = Privilege.Index.values().toArray(new Privilege.Index[Privilege.Index.values().size()]);
Privilege.Index first = values[randomIntBetween(0, values.length-1)];
Privilege.Index second = values[randomIntBetween(0, values.length-1)];
@ -200,8 +197,7 @@ public class PrivilegeTests extends ESTestCase {
}
}
@Test
public void testIndex_AddCustom() throws Exception {
public void testIndexAddCustom() throws Exception {
Privilege.Index.addCustom("foo", "indices:bar");
boolean found = false;
for (Privilege.Index index : Privilege.Index.values()) {
@ -217,17 +213,26 @@ public class PrivilegeTests extends ESTestCase {
assertThat(index.predicate().test("indices:bar"), is(true));
}
@Test(expected = IllegalArgumentException.class)
public void testIndex_AddCustom_InvalidPattern() throws Exception {
Privilege.Index.addCustom("foo", "bar");
public void testIndexAddCustomInvalidPattern() throws Exception {
try {
Privilege.Index.addCustom("foo", "bar");
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("cannot register custom index privilege [foo]"));
assertThat(e.getMessage(), containsString("must follow the 'indices:*' format"));
}
}
@Test(expected = IllegalArgumentException.class)
public void testIndex_AddCustom_AlreadyExists() throws Exception {
Privilege.Index.addCustom("all", "bar");
public void testIndexAddCustomAlreadyExists() throws Exception {
try {
Privilege.Index.addCustom("all", "bar");
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("cannot register custom index privilege [all]"));
assertThat(e.getMessage(), containsString("must follow the 'indices:*' format"));
}
}
@Test
public void testSystem() throws Exception {
Predicate<String> predicate = Privilege.SYSTEM.predicate();
assertThat(predicate.test("indices:monitor/whatever"), is(true));
@ -244,7 +249,6 @@ public class PrivilegeTests extends ESTestCase {
assertThat(predicate.test("indices:admin/mapping/whatever"), is(false));
}
@Test
public void testSearchPrivilege() throws Exception {
Predicate<String> predicate = Privilege.Index.SEARCH.predicate();
assertThat(predicate.test(SearchAction.NAME), is(true));
@ -260,7 +264,6 @@ public class PrivilegeTests extends ESTestCase {
assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false));
}
@Test
public void testGetPrivilege() throws Exception {
Predicate<String> predicate = Privilege.Index.GET.predicate();
assertThat(predicate.test(GetAction.NAME), is(true));

3
shield/src/test/java/org/elasticsearch/shield/authz/SystemRoleTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.shield.authz;
import org.elasticsearch.test.ESTestCase;
import org.junit.Test;
import static org.hamcrest.Matchers.is;
@ -14,8 +13,6 @@ import static org.hamcrest.Matchers.is;
*
*/
public class SystemRoleTests extends ESTestCase {
@Test
public void testCheck() throws Exception {
assertThat(SystemRole.INSTANCE.check("indices:monitor/whatever"), is(true));
assertThat(SystemRole.INSTANCE.check("cluster:monitor/whatever"), is(true));

Some files were not shown because too many files have changed in this diff Show More