Refactor realm tests to use single settings (#35362)
Many realm tests were written to use separate setting objects for "global settings" and "realm settings". Since #30241 there is no distinction between these settings, so these tests can be cleaned up to use a single Settings object.
This commit is contained in:
parent
66e3ca9724
commit
a9641960e1
|
@ -100,6 +100,8 @@ import static org.mockito.Mockito.when;
|
|||
|
||||
public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {
|
||||
|
||||
private static final String REALM_NAME = "saml1";
|
||||
|
||||
private SamlRealm samlRealm;
|
||||
private TokenService tokenService;
|
||||
private List<IndexRequest> indexRequests;
|
||||
|
@ -111,9 +113,16 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {
|
|||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
|
||||
final Settings settings = Settings.builder()
|
||||
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
|
||||
.put("path.home", createTempDir())
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ENTITY_ID), SamlRealmTestHelper.SP_ENTITY_ID)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ACS), SamlRealmTestHelper.SP_ACS_URL)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_LOGOUT), SamlRealmTestHelper.SP_LOGOUT_URL)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
|
||||
.build();
|
||||
|
||||
final ThreadContext threadContext = new ThreadContext(settings);
|
||||
|
@ -181,21 +190,12 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {
|
|||
final Realms realms = mock(Realms.class);
|
||||
action = new TransportSamlInvalidateSessionAction(transportService, mock(ActionFilters.class),tokenService, realms);
|
||||
|
||||
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
|
||||
final Environment env = TestEnvironment.newEnvironment(settings);
|
||||
final RealmIdentifier identifier = new RealmIdentifier("saml", "saml1");
|
||||
final Settings realmSettings = Settings.builder()
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_ENTITY_ID), SamlRealmTestHelper.SP_ENTITY_ID)
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_ACS), SamlRealmTestHelper.SP_ACS_URL)
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_LOGOUT), SamlRealmTestHelper.SP_LOGOUT_URL)
|
||||
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
|
||||
.build();
|
||||
|
||||
final RealmIdentifier realmId = new RealmIdentifier("saml", REALM_NAME);
|
||||
final RealmConfig realmConfig = new RealmConfig(
|
||||
identifier,
|
||||
mergeSettings(realmSettings, settings),
|
||||
realmId,
|
||||
settings,
|
||||
env, threadContext);
|
||||
samlRealm = SamlRealmTestHelper.buildRealm(realmConfig, null);
|
||||
when(realms.realm(realmConfig.name())).thenReturn(samlRealm);
|
||||
|
|
|
@ -84,6 +84,7 @@ import static org.mockito.Mockito.when;
|
|||
public class TransportSamlLogoutActionTests extends SamlTestCase {
|
||||
|
||||
private static final String SP_URL = "https://sp.example.net/saml";
|
||||
private static final String REALM_NAME = "saml1";
|
||||
|
||||
private SamlRealm samlRealm;
|
||||
private TokenService tokenService;
|
||||
|
@ -94,9 +95,15 @@ public class TransportSamlLogoutActionTests extends SamlTestCase {
|
|||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
|
||||
final Settings settings = Settings.builder()
|
||||
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
|
||||
.put("path.home", createTempDir())
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ENTITY_ID), SP_URL)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ACS), SP_URL)
|
||||
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
|
||||
.build();
|
||||
|
||||
final ThreadContext threadContext = new ThreadContext(settings);
|
||||
|
@ -194,20 +201,11 @@ public class TransportSamlLogoutActionTests extends SamlTestCase {
|
|||
final Realms realms = mock(Realms.class);
|
||||
action = new TransportSamlLogoutAction(transportService, mock(ActionFilters.class), realms, tokenService);
|
||||
|
||||
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
|
||||
final Environment env = TestEnvironment.newEnvironment(settings);
|
||||
|
||||
final RealmIdentifier realmIdentifier = new RealmIdentifier("saml", "saml1");
|
||||
final Settings realmSettings = Settings.builder()
|
||||
.put(getFullSettingKey("saml1", SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
|
||||
.put(getFullSettingKey("saml1", SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
|
||||
.put(getFullSettingKey("saml1", SamlRealmSettings.SP_ENTITY_ID), SP_URL)
|
||||
.put(getFullSettingKey("saml1", SamlRealmSettings.SP_ACS), SP_URL)
|
||||
.put(getFullSettingKey("saml1", SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
|
||||
.build();
|
||||
final RealmIdentifier realmIdentifier = new RealmIdentifier("saml", REALM_NAME);
|
||||
|
||||
final RealmConfig realmConfig = new RealmConfig(realmIdentifier, mergeSettings(realmSettings, settings),
|
||||
env, threadContext);
|
||||
final RealmConfig realmConfig = new RealmConfig(realmIdentifier, settings, env, threadContext);
|
||||
samlRealm = SamlRealm.create(realmConfig, mock(SSLService.class), mock(ResourceWatcherService.class), mock(UserRoleMapper.class));
|
||||
when(realms.realm(realmConfig.name())).thenReturn(samlRealm);
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
|
||||
.thenAnswer(VERIFY_PASSWORD_ANSWER);
|
||||
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);
|
||||
PlainActionFuture<AuthenticationResult> future = new PlainActionFuture<>();
|
||||
realm.authenticate(new UsernamePasswordToken("user1", new SecureString("test123")), future);
|
||||
|
@ -87,15 +87,15 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
private RealmConfig getRealmConfig(Settings settings) {
|
||||
return new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(settings, globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), threadContext);
|
||||
return new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(settings), threadContext);
|
||||
}
|
||||
|
||||
public void testAuthenticateCaching() throws Exception {
|
||||
Settings settings = Settings.builder()
|
||||
.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "cache.hash_algo",
|
||||
Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT)).build();
|
||||
Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT))
|
||||
.put(globalSettings)
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(settings);
|
||||
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
|
||||
.thenAnswer(VERIFY_PASSWORD_ANSWER);
|
||||
|
@ -111,7 +111,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testAuthenticateCachingRefresh() throws Exception {
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
userPasswdStore = spy(new UserPasswdStore(config));
|
||||
userRolesStore = spy(new UserRolesStore(config));
|
||||
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
|
||||
|
@ -150,7 +150,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testToken() throws Exception {
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
|
||||
.thenAnswer(VERIFY_PASSWORD_ANSWER);
|
||||
when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"});
|
||||
|
@ -169,7 +169,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
public void testLookup() throws Exception {
|
||||
when(userPasswdStore.userExists("user1")).thenReturn(true);
|
||||
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);
|
||||
|
||||
PlainActionFuture<User> future = new PlainActionFuture<>();
|
||||
|
@ -186,7 +186,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
public void testLookupCaching() throws Exception {
|
||||
when(userPasswdStore.userExists("user1")).thenReturn(true);
|
||||
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);
|
||||
|
||||
PlainActionFuture<User> future = new PlainActionFuture<>();
|
||||
|
@ -201,7 +201,7 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testLookupCachingWithRefresh() throws Exception {
|
||||
RealmConfig config = getRealmConfig(Settings.EMPTY);
|
||||
RealmConfig config = getRealmConfig(globalSettings);
|
||||
userPasswdStore = spy(new UserPasswdStore(config));
|
||||
userRolesStore = spy(new UserRolesStore(config));
|
||||
doReturn(true).when(userPasswdStore).userExists("user1");
|
||||
|
@ -239,15 +239,16 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testUsageStats() throws Exception {
|
||||
int userCount = randomIntBetween(0, 1000);
|
||||
final int userCount = randomIntBetween(0, 1000);
|
||||
when(userPasswdStore.usersCount()).thenReturn(userCount);
|
||||
|
||||
Settings.Builder settings = Settings.builder();
|
||||
final int order = randomIntBetween(0, 10);
|
||||
Settings settings = Settings.builder()
|
||||
.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order)
|
||||
.put(globalSettings)
|
||||
.build();
|
||||
|
||||
int order = randomIntBetween(0, 10);
|
||||
settings.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order);
|
||||
|
||||
RealmConfig config = getRealmConfig(settings.build());
|
||||
RealmConfig config = getRealmConfig(settings);
|
||||
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);
|
||||
|
||||
PlainActionFuture<Map<String, Object>> future = new PlainActionFuture<>();
|
||||
|
@ -271,8 +272,4 @@ public class FileRealmTests extends ESTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
private Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -102,7 +102,10 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
public void testAuthenticateSubTreeGroupSearch() throws Exception {
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
|
||||
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
|
||||
|
@ -123,15 +126,15 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
}
|
||||
|
||||
private RealmConfig getRealmConfig(RealmConfig.RealmIdentifier identifier, Settings settings) {
|
||||
final Settings globalSettings = mergeSettings(settings, defaultGlobalSettings);
|
||||
final Environment env = TestEnvironment.newEnvironment(globalSettings);
|
||||
return new RealmConfig(identifier, globalSettings, env, new ThreadContext(globalSettings));
|
||||
final Environment env = TestEnvironment.newEnvironment(settings);
|
||||
return new RealmConfig(identifier, settings, env, new ThreadContext(settings));
|
||||
}
|
||||
|
||||
public void testAuthenticateOneLevelGroupSearch() throws Exception {
|
||||
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL))
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
|
||||
|
@ -158,6 +161,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
|
||||
|
@ -185,6 +189,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(defaultGlobalSettings)
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
|
||||
|
||||
|
@ -218,6 +223,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, CachingUsernamePasswordRealmSettings.CACHE_TTL_SETTING), -1)
|
||||
.build();
|
||||
|
@ -287,6 +293,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
|
||||
.putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), userTemplate)
|
||||
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), groupSearchBase)
|
||||
|
@ -326,6 +333,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
final RealmConfig.RealmIdentifier identifier
|
||||
= new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search");
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
|
||||
.putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), "cn=foo")
|
||||
.put(getFullSettingKey(identifier.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), "cn=bar")
|
||||
|
@ -346,6 +354,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
final RealmConfig.RealmIdentifier identifier
|
||||
= new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search");
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
|
||||
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), "")
|
||||
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.SCOPE), LdapSearchScope.SUB_TREE)
|
||||
|
@ -364,6 +373,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING),
|
||||
getDataPath("/org/elasticsearch/xpack/security/authc/support/role_mapping.yml"))
|
||||
|
@ -395,7 +405,10 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
LDAPURL url = new LDAPURL("ldap", "..", 12345, null, null, null, null);
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = VALID_USER_TEMPLATE;
|
||||
Settings settings = buildLdapSettings(new String[] { url.toString() }, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
|
||||
Settings settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.put(buildLdapSettings(new String[]{url.toString()}, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
|
||||
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
|
||||
|
@ -416,6 +429,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
final RealmConfig.RealmIdentifier identifier = new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "ldap-realm");
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
Settings.Builder settings = Settings.builder()
|
||||
.put(defaultGlobalSettings)
|
||||
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
|
||||
.put(getFullSettingKey(identifier, PoolingSessionFactorySettings.BIND_DN),
|
||||
"cn=Thomas Masterman Hardy,ou=people,o=sevenSeas")
|
||||
|
|
|
@ -58,12 +58,13 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
String userTemplates = "cn={0},ou=people,o=sevenSeas";
|
||||
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrl, userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(RealmSettings.getFullSettingKey(REALM_IDENTIFIER, SessionFactorySettings.TIMEOUT_TCP_READ_SETTING), "1ms")
|
||||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, mergeSettings(settings, globalSettings),
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
String user = "Horatio Hornblower";
|
||||
|
@ -88,8 +89,11 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
"wrongname={0},ou=people,o=sevenSeas",
|
||||
"cn={0},ou=people,o=sevenSeas", //this last one should work
|
||||
};
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings),
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
@ -112,8 +116,11 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
"wrongname={0},ou=people,o=sevenSeas",
|
||||
"asdf={0},ou=people,o=sevenSeas", //none of these should work
|
||||
};
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings),
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
|
||||
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
@ -131,8 +138,11 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
public void testGroupLookupSubtree() throws Exception {
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings),
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
|
||||
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
@ -151,8 +161,11 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
public void testGroupLookupOneLevel() throws Exception {
|
||||
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
|
||||
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL), globalSettings),
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL))
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
|
||||
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
@ -170,8 +183,11 @@ public class LdapSessionFactoryTests extends LdapTestCase {
|
|||
public void testGroupLookupBase() throws Exception {
|
||||
String groupSearchBase = "cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas";
|
||||
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.BASE), globalSettings),
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.BASE))
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
|
||||
LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
|
|
@ -85,6 +85,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
public void testSupportsUnauthenticatedSessions() throws Exception {
|
||||
final boolean useAttribute = randomBoolean();
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, "", LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), "")
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -97,7 +98,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
try {
|
||||
|
@ -109,10 +110,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
assertDeprecationWarnings(config.identifier(), useAttribute, useLegacyBindPassword);
|
||||
}
|
||||
|
||||
private RealmConfig getRealmConfig(Settings.Builder builder) {
|
||||
return new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(builder.build(), globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
private RealmConfig getRealmConfig(Settings settings) {
|
||||
return new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(settings), new ThreadContext(settings));
|
||||
}
|
||||
|
||||
public void testUserSearchSubTree() throws Exception {
|
||||
|
@ -121,6 +120,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
|
||||
final boolean useAttribute = randomBoolean();
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -132,7 +132,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -166,6 +166,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
|
||||
final boolean useAttribute = randomBoolean();
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -178,7 +179,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -200,6 +201,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String userSearchBase = "cn=William Bush,ou=people,o=sevenSeas";
|
||||
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -213,7 +215,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -246,6 +248,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String userSearchBase = "o=sevenSeas";
|
||||
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -260,7 +263,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -282,6 +285,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String userSearchBase = "ou=people,o=sevenSeas";
|
||||
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -296,7 +300,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -329,6 +333,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String userSearchBase = "o=sevenSeas";
|
||||
|
||||
Settings.Builder builder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -341,7 +346,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
} else {
|
||||
builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(uid1={0})");
|
||||
}
|
||||
RealmConfig config = getRealmConfig(builder);
|
||||
RealmConfig config = getRealmConfig(builder.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -363,13 +368,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String userSearchBase = "o=sevenSeas";
|
||||
|
||||
final Settings.Builder realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
"cn=Horatio Hornblower,ou=people,o=sevenSeas")
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), randomBoolean());
|
||||
final boolean useLegacyBindPassword = configureBindPassword(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings.build());
|
||||
|
||||
LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
||||
|
@ -401,12 +407,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
final Settings.Builder realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
"cn=Horatio Hornblower,ou=people,o=sevenSeas");
|
||||
configureBindPassword(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings.build());
|
||||
|
||||
LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost",
|
||||
randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE,
|
||||
|
@ -430,6 +437,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
final Settings.Builder realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN),
|
||||
|
@ -438,7 +446,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.POOL_SIZE), 12)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.HEALTH_CHECK_ENABLED), false);
|
||||
configureBindPassword(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings);
|
||||
RealmConfig config = getRealmConfig(realmSettings.build());
|
||||
|
||||
LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost",
|
||||
randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE,
|
||||
|
@ -457,10 +465,13 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
public void testThatEmptyBindDNWithHealthCheckEnabledDoesNotThrow() throws Exception {
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
RealmConfig config = getRealmConfig(Settings.builder()
|
||||
final Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass"));
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass")
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(settings);
|
||||
|
||||
LdapUserSearchSessionFactory searchSessionFactory = null;
|
||||
try {
|
||||
|
@ -477,11 +488,14 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
public void testThatEmptyBindDNAndDisabledPoolingDoesNotThrow() throws Exception {
|
||||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
RealmConfig config = getRealmConfig(Settings.builder()
|
||||
final Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), false)
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass"));
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass")
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(settings);
|
||||
|
||||
LdapUserSearchSessionFactory searchSessionFactory = null;
|
||||
try {
|
||||
|
@ -502,11 +516,11 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
final Settings.Builder realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase);
|
||||
final boolean useLegacyBindPassword = configureBindPassword(realmSettings);
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(realmSettings.build(), globalSettings),
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, realmSettings.build(),
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
try (LdapUserSearchSessionFactory searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool)) {
|
||||
assertThat(searchSessionFactory.bindCredentials, notNullValue());
|
||||
|
@ -519,12 +533,12 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
String groupSearchBase = "o=sevenSeas";
|
||||
String userSearchBase = "o=sevenSeas";
|
||||
final Settings.Builder realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), "cn=ironman")
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase);
|
||||
final boolean useLegacyBindPassword = configureBindPassword(realmSettings);
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER,
|
||||
mergeSettings(realmSettings.build(), globalSettings),
|
||||
RealmConfig config = new RealmConfig(REALM_IDENTIFIER, realmSettings.build(),
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
|
||||
try (LdapUserSearchSessionFactory searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool)) {
|
||||
assertThat(searchSessionFactory.bindCredentials, notNullValue());
|
||||
|
@ -543,6 +557,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
inMemoryDirectoryServer.shutDown(true);
|
||||
|
||||
final Settings.Builder ldapSettingsBuilder = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put(LdapTestCase.buildLdapSettings(new String[]{ldapUrl}, Strings.EMPTY_ARRAY,
|
||||
groupSearchBase, LdapSearchScope.SUB_TREE))
|
||||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase)
|
||||
|
@ -554,7 +569,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), randomBoolean());
|
||||
|
||||
final boolean useLegacyBindPassword = configureBindPassword(ldapSettingsBuilder);
|
||||
RealmConfig config = getRealmConfig(ldapSettingsBuilder);
|
||||
RealmConfig config = getRealmConfig(ldapSettingsBuilder.build());
|
||||
LdapUserSearchSessionFactory searchSessionFactory = null;
|
||||
try {
|
||||
searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool);
|
||||
|
|
|
@ -22,7 +22,6 @@ import org.elasticsearch.common.unit.TimeValue;
|
|||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.TestEnvironment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
|
||||
import org.elasticsearch.xpack.core.security.authc.ldap.LdapSessionFactorySettings;
|
||||
|
@ -205,15 +204,4 @@ public abstract class LdapTestCase extends ESTestCase {
|
|||
}
|
||||
});
|
||||
}
|
||||
|
||||
protected Settings mergeSettings(Settings local, Settings global) {
|
||||
final Settings.Builder builder = Settings.builder()
|
||||
.put(global, true)
|
||||
.put(local, false);
|
||||
final Settings.Builder tmpLocal = Settings.builder().put(local, true);
|
||||
SecuritySettingsSource.addSecureSettings(builder,
|
||||
mainSecure -> SecuritySettingsSource.addSecureSettings(tmpLocal, localSecure -> mainSecure.merge(localSecure))
|
||||
);
|
||||
return builder.build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -124,10 +124,11 @@ public class SessionFactoryTests extends ESTestCase {
|
|||
private SessionFactory createSessionFactory() {
|
||||
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
||||
final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "_name");
|
||||
final RealmConfig realmConfig = new RealmConfig(realmIdentifier, mergeSettings(
|
||||
final RealmConfig realmConfig = new RealmConfig(realmIdentifier,
|
||||
Settings.builder()
|
||||
.put(getFullSettingKey(realmIdentifier, SessionFactorySettings.URLS_SETTING), "ldap://localhost:389")
|
||||
.build(), global),
|
||||
.put(global)
|
||||
.build(),
|
||||
TestEnvironment.newEnvironment(global), new ThreadContext(Settings.EMPTY));
|
||||
return new SessionFactory(realmConfig, null, threadPool) {
|
||||
|
||||
|
@ -137,8 +138,4 @@ public class SessionFactoryTests extends ESTestCase {
|
|||
}
|
||||
};
|
||||
}
|
||||
|
||||
private Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -109,7 +109,7 @@ public class PkiRealmTests extends ESTestCase {
|
|||
private void assertSuccessfulAuthentication(Set<String> roles) throws Exception {
|
||||
X509AuthenticationToken token = buildToken();
|
||||
UserRoleMapper roleMapper = buildRoleMapper(roles, token.dn());
|
||||
PkiRealm realm = buildRealm(roleMapper, Settings.EMPTY);
|
||||
PkiRealm realm = buildRealm(roleMapper, globalSettings);
|
||||
verify(roleMapper).refreshRealmOnChange(realm);
|
||||
|
||||
final String expectedUsername = token.principal();
|
||||
|
@ -159,8 +159,7 @@ public class PkiRealmTests extends ESTestCase {
|
|||
return roleMapper;
|
||||
}
|
||||
|
||||
private PkiRealm buildRealm(UserRoleMapper roleMapper, Settings realmSettings, Realm... otherRealms) {
|
||||
final Settings settings = mergeSettings(realmSettings, globalSettings);
|
||||
private PkiRealm buildRealm(UserRoleMapper roleMapper, Settings settings, Realm... otherRealms) {
|
||||
final RealmConfig config = new RealmConfig(new RealmConfig.RealmIdentifier("pki", REALM_NAME), settings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(settings));
|
||||
PkiRealm realm = new PkiRealm(config, roleMapper);
|
||||
|
@ -183,15 +182,15 @@ public class PkiRealmTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testCustomUsernamePattern() throws Exception {
|
||||
ThreadContext threadContext = new ThreadContext(globalSettings);
|
||||
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
|
||||
UserRoleMapper roleMapper = mock(UserRoleMapper.class);
|
||||
final Settings realmSettings = Settings.builder()
|
||||
final Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put("xpack.security.authc.realms.pki.my_pki.username_pattern", "OU=(.*?),")
|
||||
.build();
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"),
|
||||
mergeSettings(realmSettings, globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper);
|
||||
ThreadContext threadContext = new ThreadContext(settings);
|
||||
X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"));
|
||||
UserRoleMapper roleMapper = mock(UserRoleMapper.class);
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), settings,
|
||||
TestEnvironment.newEnvironment(settings), threadContext), roleMapper);
|
||||
realm.initialize(Collections.emptyList(), licenseState);
|
||||
Mockito.doAnswer(invocation -> {
|
||||
ActionListener<Set<String>> listener = (ActionListener<Set<String>>) invocation.getArguments()[1];
|
||||
|
@ -217,13 +216,13 @@ public class PkiRealmTests extends ESTestCase {
|
|||
MockSecureSettings secureSettings = new MockSecureSettings();
|
||||
secureSettings.setString("xpack.security.authc.realms.pki.my_pki.truststore.secure_password", "testnode");
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put("xpack.security.authc.realms.pki.my_pki.truststore.path",
|
||||
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"))
|
||||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
ThreadContext threadContext = new ThreadContext(globalSettings);
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"),
|
||||
mergeSettings(settings, globalSettings),
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), settings,
|
||||
TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper);
|
||||
realm.initialize(Collections.emptyList(), licenseState);
|
||||
Mockito.doAnswer(invocation -> {
|
||||
|
@ -250,14 +249,14 @@ public class PkiRealmTests extends ESTestCase {
|
|||
MockSecureSettings secureSettings = new MockSecureSettings();
|
||||
secureSettings.setString("xpack.security.authc.realms.pki.mypki.truststore.secure_password", "testnode-client-profile");
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put("xpack.security.authc.realms.pki.mypki.truststore.path",
|
||||
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
|
||||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
final ThreadContext threadContext = new ThreadContext(globalSettings);
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"),
|
||||
mergeSettings(settings, globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper);
|
||||
final ThreadContext threadContext = new ThreadContext(settings);
|
||||
PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings,
|
||||
TestEnvironment.newEnvironment(settings), threadContext), roleMapper);
|
||||
realm.initialize(Collections.emptyList(), licenseState);
|
||||
Mockito.doAnswer(invocation -> {
|
||||
ActionListener<Set<String>> listener = (ActionListener<Set<String>>) invocation.getArguments()[1];
|
||||
|
@ -276,13 +275,13 @@ public class PkiRealmTests extends ESTestCase {
|
|||
|
||||
public void testTruststorePathWithoutPasswordThrowsException() throws Exception {
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put("xpack.security.authc.realms.pki.mypki.truststore.path",
|
||||
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
|
||||
.build();
|
||||
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () ->
|
||||
new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"),
|
||||
mergeSettings(settings, globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)), mock(UserRoleMapper.class))
|
||||
new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(settings)), mock(UserRoleMapper.class))
|
||||
);
|
||||
assertThat(e.getMessage(), containsString("Neither [xpack.security.authc.realms.pki.mypki.truststore.secure_password] or [" +
|
||||
"xpack.security.authc.realms.pki.mypki.truststore.password] is configured"));
|
||||
|
@ -290,13 +289,13 @@ public class PkiRealmTests extends ESTestCase {
|
|||
|
||||
public void testTruststorePathWithLegacyPasswordDoesNotThrow() throws Exception {
|
||||
Settings settings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.put("xpack.security.authc.realms.pki.mypki.truststore.path",
|
||||
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks"))
|
||||
.put("xpack.security.authc.realms.pki.mypki.truststore.password", "testnode-client-profile")
|
||||
.build();
|
||||
new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"),
|
||||
mergeSettings(settings, globalSettings),
|
||||
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)), mock(UserRoleMapper.class));
|
||||
new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(settings)), mock(UserRoleMapper.class));
|
||||
assertSettingDeprecationsAndWarnings(new Setting[]{
|
||||
PkiRealmSettings.LEGACY_TRUST_STORE_PASSWORD.getConcreteSettingForNamespace("mypki")
|
||||
});
|
||||
|
@ -363,6 +362,7 @@ public class PkiRealmTests extends ESTestCase {
|
|||
otherRealm.registerUser(lookupUser);
|
||||
|
||||
final Settings realmSettings = Settings.builder()
|
||||
.put(globalSettings)
|
||||
.putList("xpack.security.authc.realms.pki." + REALM_NAME + ".authorization_realms", "other_realm")
|
||||
.build();
|
||||
final UserRoleMapper roleMapper = buildRoleMapper(Collections.emptySet(), token.dn());
|
||||
|
@ -387,9 +387,4 @@ public class PkiRealmTests extends ESTestCase {
|
|||
return (X509Certificate) factory.generateCertificate(in);
|
||||
}
|
||||
}
|
||||
|
||||
private static Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -11,7 +11,6 @@ import org.elasticsearch.ElasticsearchSecurityException;
|
|||
import org.elasticsearch.ExceptionsHelper;
|
||||
import org.elasticsearch.common.collect.Tuple;
|
||||
import org.elasticsearch.common.io.PathUtils;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||
|
@ -136,8 +135,4 @@ public abstract class SamlTestCase extends ESTestCase {
|
|||
assertThat("Exception " + exception + " should be a SAML exception", SamlUtils.isSamlException(exception), is(true));
|
||||
return exception;
|
||||
}
|
||||
|
||||
protected Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -282,9 +282,10 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
Path file = getDataPath("role_mapping.yml");
|
||||
final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap1");
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(realmIdentifier, mergeSettings(ldapSettings, settings),
|
||||
RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
@ -298,10 +299,10 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
public void testRelativeDN() {
|
||||
final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap1");
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), true)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(realmIdentifier,
|
||||
mergeSettings(ldapSettings, settings),
|
||||
RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
@ -314,10 +315,11 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap-userdn-role");
|
||||
Path file = getDataPath("role_mapping.yml");
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), file.toAbsolutePath())
|
||||
.put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), false)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig(realmIdentifier, mergeSettings(ldapSettings, settings),
|
||||
RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings,
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
@ -335,9 +337,4 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
RealmConfig config = new RealmConfig(identifier, mergedSettings, env, new ThreadContext(Settings.EMPTY));
|
||||
return new DnRoleMapper(config, watcherService);
|
||||
}
|
||||
|
||||
private Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -45,6 +45,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
public void testBootstrapCheckOfValidFile() {
|
||||
Path file = getDataPath("role_mapping.yml");
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(ldapSettings);
|
||||
|
@ -54,15 +55,15 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
assertFalse(check.check(new BootstrapContext(settings, null)).isFailure());
|
||||
}
|
||||
|
||||
private RealmConfig getRealmConfig(Settings realmSettings) {
|
||||
return new RealmConfig(REALM_ID, mergeSettings(realmSettings, settings),
|
||||
TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY));
|
||||
private static RealmConfig getRealmConfig(Settings settings) {
|
||||
return new RealmConfig(REALM_ID, settings, TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY));
|
||||
}
|
||||
|
||||
public void testBootstrapCheckOfMissingFile() {
|
||||
final String fileName = randomAlphaOfLength(10);
|
||||
Path file = createTempDir().resolve(fileName);
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(ldapSettings);
|
||||
|
@ -82,6 +83,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Files.write(file, Collections.singletonList("junk"), StandardCharsets.UTF_16);
|
||||
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(ldapSettings);
|
||||
|
@ -101,6 +103,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Files.write(file, Collections.singletonList("role: not-a-dn"));
|
||||
|
||||
Settings ldapSettings = Settings.builder()
|
||||
.put(settings)
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = getRealmConfig(ldapSettings);
|
||||
|
@ -115,7 +118,4 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
assertThat(result.getMessage(), containsString("not-a-dn"));
|
||||
}
|
||||
|
||||
private Settings mergeSettings(Settings local, Settings global) {
|
||||
return Settings.builder().put(global).put(local).build();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue