security: remove user/role deletion logic in XPackRestTestCase

Original commit: elastic/x-pack-elasticsearch@d6064e520a
This commit is contained in:
jaymode 2016-06-30 11:14:37 -04:00
parent 67706a9a19
commit d1b945d1f2
9 changed files with 145 additions and 147 deletions

View File

@ -1,3 +1,8 @@
---
teardown:
- do:
license.delete: {}
--- ---
"installing and getting license works": "installing and getting license works":

View File

@ -1,3 +1,4 @@
---
setup: setup:
- skip: - skip:
features: headers features: headers
@ -16,6 +17,13 @@ setup:
"full_name" : "Authenticate User" "full_name" : "Authenticate User"
} }
---
teardown:
- do:
xpack.security.delete_user:
username: "authenticate_user"
ignore: 404
--- ---
"Test authenticate api": "Test authenticate api":

View File

@ -1,12 +1,10 @@
--- ---
"Test changing users password": setup:
- skip: - skip:
features: headers features: headers
- do: - do:
cluster.health: cluster.health:
wait_for_status: yellow wait_for_status: yellow
- do: - do:
xpack.security.put_user: xpack.security.put_user:
username: "joe" username: "joe"
@ -15,9 +13,46 @@
"password": "s3krit", "password": "s3krit",
"roles" : [ "superuser" ] "roles" : [ "superuser" ]
} }
- match: { user: { created: true } } - do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- do:
xpack.security.put_user:
username: "unprivileged_user"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
# test that the role actually works ---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
- do:
xpack.security.delete_role:
name: "user"
ignore: 404
- do:
xpack.security.delete_user:
username: "unprivileged_user"
ignore: 404
---
"Test changing users password":
# validate that the user actually works
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic am9lOnMza3JpdA=="
@ -49,49 +84,17 @@
--- ---
"Test user changing their own password": "Test user changing their own password":
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
- match: { user: { created: true } }
# test that the role actually works # test that the role actually works
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {} cluster.health: {}
- match: { timed_out: false } - match: { timed_out: false }
# change password as the current user. the power_user role only grants the ability to change their own password # change password as the current user. the user role only grants the ability to change their own password
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
xpack.security.change_password: xpack.security.change_password:
body: > body: >
{ {
@ -102,61 +105,29 @@
- do: - do:
catch: request catch: request
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {} cluster.health: {}
# login with new credentials # login with new credentials
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdDI=" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0Mg=="
cluster.health: {} cluster.health: {}
- match: { timed_out: false } - match: { timed_out: false }
--- ---
"Test unauthorized user changing anothers password": "Test unauthorized user changing anothers password":
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
- match: { user: { created: true } }
# test that the role actually works # test that the role actually works
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {} cluster.health: {}
- match: { timed_out: false } - match: { timed_out: false }
# attempt to change another users password # attempt to change another users password
- do: - do:
headers: headers:
Authorization: "Basic am9lOnMza3JpdA==" Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
catch: forbidden catch: forbidden
xpack.security.change_password: xpack.security.change_password:
username: "anotheruser" username: "anotheruser"

View File

@ -1,12 +1,37 @@
--- ---
"Test put role api": setup:
- skip: - skip:
features: headers features: headers
- do: - do:
cluster.health: cluster.health:
wait_for_status: yellow wait_for_status: yellow
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "admin_role" ]
}
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
- do:
xpack.security.delete_role:
name: "admin_role"
ignore: 404
- do:
xpack.security.delete_role:
name: "backwards_role"
ignore: 404
---
"Test put role api":
- do: - do:
xpack.security.put_role: xpack.security.put_role:
name: "admin_role" name: "admin_role"
@ -37,16 +62,6 @@
} }
- match: { role: { created: true } } - match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "admin_role" ]
}
- match: { user: { created: true } }
# test that the role actually works # test that the role actually works
- do: - do:
headers: headers:

View File

@ -1,9 +1,12 @@
--- ---
setup: setup:
- skip:
features: headers
- do: - do:
cluster.health: cluster.health:
wait_for_status: yellow wait_for_status: yellow
---
teardown: teardown:
- do: - do:
xpack.security.delete_role: xpack.security.delete_role:
@ -24,8 +27,6 @@ teardown:
--- ---
"Test put role api using as array of index names": "Test put role api using as array of index names":
- skip:
features: headers
- do: - do:
xpack.security.put_role: xpack.security.put_role:

View File

@ -1,5 +1,5 @@
--- ---
"Test put user api": setup:
- skip: - skip:
features: headers features: headers
@ -7,6 +7,15 @@
cluster.health: cluster.health:
wait_for_status: yellow wait_for_status: yellow
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test put user api":
- do: - do:
xpack.security.put_user: xpack.security.put_user:
username: "joe" username: "joe"

View File

@ -1,5 +1,5 @@
--- ---
"Test overwriting a user": setup:
- skip: - skip:
features: headers features: headers
@ -15,8 +15,16 @@
"password": "s3krit", "password": "s3krit",
"roles" : [ "superuser" ] "roles" : [ "superuser" ]
} }
- match: { user: { created: true } }
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test overwriting a user":
- do: - do:
xpack.security.get_user: xpack.security.get_user:
username: "joe" username: "joe"

View File

@ -1,24 +1,5 @@
--- ---
"Test creating a user without password": setup:
- do:
cluster.health:
wait_for_status: yellow
- do:
catch: request
xpack.security.put_user:
username: "joe"
body: >
{
"roles" : [ "superuser" ]
}
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
---
"Test create user and update without and with password":
- skip:
features: headers
- do: - do:
cluster.health: cluster.health:
wait_for_status: yellow wait_for_status: yellow
@ -31,7 +12,30 @@
"password": "s3krit", "password": "s3krit",
"roles" : [ "superuser" ] "roles" : [ "superuser" ]
} }
- match: { user: { created: true } }
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test creating a user without password":
- do:
catch: request
xpack.security.put_user:
username: "no_password_user"
body: >
{
"roles" : [ "superuser" ]
}
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
---
"Test create user and update without and with password":
- skip:
features: headers
# test that the role actually works # test that the role actually works
- do: - do:

View File

@ -63,29 +63,6 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
} }
} }
@After
public void clearUsersAndRoles() throws Exception {
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> users = (Map<String, Object>) response.getBody();
for (String user: users.keySet()) {
if (ReservedRealm.isReserved(user) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
}
}
response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> roles = (Map<String, Object>) response.getBody();
for (String role: roles.keySet()) {
if (ReservedRolesStore.isReserved(role) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
}
}
}
@Override @Override
protected Settings restClientSettings() { protected Settings restClientSettings() {
return Settings.builder() return Settings.builder()