test: use toJSON inside a role

This commit adds a test that uses toJSON templating inside of a role with an array defined in the user's metadata. Originates from user discussion at: https://discuss.elastic.co/t/x-pack-security-role-definition-query-template-with-terms/62790 Original commit: elastic/x-pack-elasticsearch@196f7f597c
2016-11-07 07:21:41 -05:00 · 2016-11-07 07:21:41 -05:00 · bd522191b2
parent ecb5bc89dc
commit bd522191b2
1 changed files with 49 additions and 1 deletions
--- a/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml
+++ b/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml
@ -32,6 +32,17 @@ setup:
              "password": "changeme",
              "roles" : [ "file_template_role" ]
            }
+  - do:
+      xpack.security.put_user:
+        username: "terms_template_user"
+        body:  >
+            {
+              "password": "changeme",
+              "roles" : [ "terms_template_role" ],
+              "metadata": {
+                "groups": [ "inline_template_user", "file_template_user" ]
+              }
+            }

  - do:
      xpack.security.put_role:
@ -53,6 +64,24 @@ setup:
              ]
            }

+  - do:
+      xpack.security.put_role:
+        name: "terms_template_role"
+        body:  >
+            {
+              "indices": [
+                {
+                  "names": "foobar",
+                  "privileges": ["all"],
+                  "query" : {
+                    "template" : {
+                      "inline" : "{\"terms\" : { \"username\" : {{#toJson}}_user.metadata.groups{{/toJson}} } }"
+                    }
+                  }
+                }
+              ]
+            }
+
  - do:
      xpack.security.put_role:
        name: "stored_template_role"
@ -144,6 +173,10 @@ teardown:
      xpack.security.delete_user:
        username: "file_template_user"
        ignore: 404
+  - do:
+      xpack.security.delete_user:
+        username: "terms_template_user"
+        ignore: 404
  - do:
      xpack.security.delete_role:
        name: "inline_template_role"
@ -156,7 +189,10 @@ teardown:
      xpack.security.delete_role:
        name: "file_template_role"
        ignore: 404
-
+  - do:
+      xpack.security.delete_role:
+        name: "terms_template_role"
+        ignore: 404
 ---
 "Test inline template":
  - do:
@ -189,3 +225,15 @@ teardown:
        body: { "query" : { "match_all" : {} } }
  - match: { hits.total: 1}
  - match: { hits.hits.0._source.username: file_template_user}
+
+---
+"Test terms template":
+  - do:
+      headers:
+        Authorization: "Basic dGVybXNfdGVtcGxhdGVfdXNlcjpjaGFuZ2VtZQ=="
+      search:
+        index: foobar
+        body: { "query" : { "match_all" : {} } }
+  - match: { hits.total: 2}
+  - match: { hits.hits.0._source.username: inline_template_user}
+  - match: { hits.hits.1._source.username: file_template_user}