honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add integration test for Delete-By-Query and Security 

Closes elastic/elasticsearch#2287

Original commit: elastic/x-pack-elasticsearch@4bbb2a6f73
This commit is contained in:
Tanguy Leroux 2016-05-19 17:12:53 +02:00
parent 40013378de
commit b25c401b3c
1 changed files with 230 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
elasticsearch/qa/shield-reindex-tests/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml Normal file
View File

@ -0,0 +1,230 @@
---
"Delete_by_query as same user works":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test" }
- do:
indices.refresh: {}
- do:
delete_by_query:
refresh: true
index: source
body:
query:
match_all: {}
- match: {deleted: 1}
- do:
count:
index: source
- match: {count: 0}
---
"Delete_by_query with runas user works":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test" }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: powerful_user}
delete_by_query:
refresh: true
index: source
body:
query:
match_all: {}
- match: {deleted: 1}
- do:
count:
index: source
- match: {count: 0}
---
"Delete_by_query with runas user with minimal privileges works":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test" }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: minimal_user}
delete_by_query:
refresh: true
index: source
body:
query:
match_all: {}
- match: {deleted: 1}
- do:
count:
index: source
- match: {count: 0}
---
"Delete_by_query as readonly user is forbidden":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test" }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: readonly_user}
catch: forbidden
delete_by_query:
refresh: true
index: source
body:
query:
match_all: {}
- do:
count:
index: source
- match: {count: 1}
---
"Delete_by_query as user that can't read from the source is forbidden":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test" }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: dest_only_user}
catch: forbidden
delete_by_query:
refresh: true
index: source
body:
query:
match_all: {}
- do:
count:
index: source
- match: {count: 1}
---
"Delete_by_query misses hidden docs":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test", "hidden": false }
- do:
index:
index: source
type: foo
id: 2
body: { "text": "test", "hidden": true }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
delete_by_query:
refresh: true
index: source
body:
query:
match:
text: "test"
- match: {deleted: 1}
# We only deleted one doc, presumably the one without the hidden field
- do:
search:
index: source
body:
query:
match:
text: "test"
- match: { hits.total: 1 }
# We didn't delete the doc with the hidden field set to "true"
- do:
search:
index: source
body:
query:
bool:
must:
- match:
text: "test"
- match:
hidden: true
- match: { hits.total: 1 }
# But the doc with the hidden field set to "false" must have been deleted
- do:
search:
index: source
body:
query:
bool:
must:
- match:
text: "test"
- match:
hidden: false
- match: { hits.total: 0 }
---
"Delete_by_query misses hidden fields":
- do:
index:
index: source
type: foo
id: 1
body: { "text": "test", "foo": "z", "bar": "z" }
- do:
indices.refresh: {}
- do:
headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
delete_by_query:
refresh: true
index: source
body:
query:
match:
text: "test"
- match: {deleted: 0}
# The "text" field was not visible to the user running the delete_by_query
# so the document survived.
- do:
count:
index: source
- match: {count: 1}