security: remove user/role deletion logic in XPackRestTestCase
Original commit: elastic/x-pack-elasticsearch@d6064e520a
This commit is contained in:
parent
67706a9a19
commit
d1b945d1f2
|
@ -1,3 +1,8 @@
|
|||
---
|
||||
teardown:
|
||||
- do:
|
||||
license.delete: {}
|
||||
|
||||
---
|
||||
"installing and getting license works":
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
|
@ -16,6 +17,13 @@ setup:
|
|||
"full_name" : "Authenticate User"
|
||||
}
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "authenticate_user"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test authenticate api":
|
||||
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
---
|
||||
"Test changing users password":
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
|
@ -15,9 +13,46 @@
|
|||
"password": "s3krit",
|
||||
"roles" : [ "superuser" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "user"
|
||||
body: >
|
||||
{
|
||||
"cluster": ["monitor"],
|
||||
"indices": [
|
||||
{
|
||||
"names": "*",
|
||||
"privileges": ["all"]
|
||||
}
|
||||
]
|
||||
}
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "unprivileged_user"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "user" ]
|
||||
}
|
||||
|
||||
# test that the role actually works
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "joe"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
name: "user"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "unprivileged_user"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test changing users password":
|
||||
# validate that the user actually works
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
|
@ -49,49 +84,17 @@
|
|||
|
||||
---
|
||||
"Test user changing their own password":
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "user"
|
||||
body: >
|
||||
{
|
||||
"cluster": ["monitor"],
|
||||
"indices": [
|
||||
{
|
||||
"names": "*",
|
||||
"privileges": ["all"]
|
||||
}
|
||||
]
|
||||
}
|
||||
- match: { role: { created: true } }
|
||||
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "user" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
|
||||
# test that the role actually works
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
|
||||
cluster.health: {}
|
||||
- match: { timed_out: false }
|
||||
|
||||
# change password as the current user. the power_user role only grants the ability to change their own password
|
||||
# change password as the current user. the user role only grants the ability to change their own password
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
|
||||
xpack.security.change_password:
|
||||
body: >
|
||||
{
|
||||
|
@ -102,61 +105,29 @@
|
|||
- do:
|
||||
catch: request
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
|
||||
cluster.health: {}
|
||||
|
||||
# login with new credentials
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdDI="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0Mg=="
|
||||
cluster.health: {}
|
||||
- match: { timed_out: false }
|
||||
|
||||
---
|
||||
"Test unauthorized user changing anothers password":
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "user"
|
||||
body: >
|
||||
{
|
||||
"cluster": ["monitor"],
|
||||
"indices": [
|
||||
{
|
||||
"names": "*",
|
||||
"privileges": ["all"]
|
||||
}
|
||||
]
|
||||
}
|
||||
- match: { role: { created: true } }
|
||||
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "user" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
|
||||
# test that the role actually works
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
|
||||
cluster.health: {}
|
||||
- match: { timed_out: false }
|
||||
|
||||
# attempt to change another users password
|
||||
- do:
|
||||
headers:
|
||||
Authorization: "Basic am9lOnMza3JpdA=="
|
||||
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
|
||||
catch: forbidden
|
||||
xpack.security.change_password:
|
||||
username: "anotheruser"
|
||||
|
|
|
@ -1,12 +1,37 @@
|
|||
---
|
||||
"Test put role api":
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "admin_role" ]
|
||||
}
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "joe"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
name: "admin_role"
|
||||
ignore: 404
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
name: "backwards_role"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test put role api":
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
name: "admin_role"
|
||||
|
@ -37,16 +62,6 @@
|
|||
}
|
||||
- match: { role: { created: true } }
|
||||
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
body: >
|
||||
{
|
||||
"password": "s3krit",
|
||||
"roles" : [ "admin_role" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
|
||||
# test that the role actually works
|
||||
- do:
|
||||
headers:
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
---
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_role:
|
||||
|
@ -24,8 +27,6 @@ teardown:
|
|||
|
||||
---
|
||||
"Test put role api using as array of index names":
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
- do:
|
||||
xpack.security.put_role:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
"Test put user api":
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
|
@ -7,6 +7,15 @@
|
|||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "joe"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test put user api":
|
||||
- do:
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
"Test overwriting a user":
|
||||
setup:
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
|
@ -15,8 +15,16 @@
|
|||
"password": "s3krit",
|
||||
"roles" : [ "superuser" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "joe"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test overwriting a user":
|
||||
- do:
|
||||
xpack.security.get_user:
|
||||
username: "joe"
|
||||
|
|
|
@ -1,24 +1,5 @@
|
|||
---
|
||||
"Test creating a user without password":
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
||||
- do:
|
||||
catch: request
|
||||
xpack.security.put_user:
|
||||
username: "joe"
|
||||
body: >
|
||||
{
|
||||
"roles" : [ "superuser" ]
|
||||
}
|
||||
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
|
||||
|
||||
---
|
||||
"Test create user and update without and with password":
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
setup:
|
||||
- do:
|
||||
cluster.health:
|
||||
wait_for_status: yellow
|
||||
|
@ -31,7 +12,30 @@
|
|||
"password": "s3krit",
|
||||
"roles" : [ "superuser" ]
|
||||
}
|
||||
- match: { user: { created: true } }
|
||||
|
||||
---
|
||||
teardown:
|
||||
- do:
|
||||
xpack.security.delete_user:
|
||||
username: "joe"
|
||||
ignore: 404
|
||||
|
||||
---
|
||||
"Test creating a user without password":
|
||||
- do:
|
||||
catch: request
|
||||
xpack.security.put_user:
|
||||
username: "no_password_user"
|
||||
body: >
|
||||
{
|
||||
"roles" : [ "superuser" ]
|
||||
}
|
||||
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
|
||||
|
||||
---
|
||||
"Test create user and update without and with password":
|
||||
- skip:
|
||||
features: headers
|
||||
|
||||
# test that the role actually works
|
||||
- do:
|
||||
|
|
|
@ -63,29 +63,6 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@After
|
||||
public void clearUsersAndRoles() throws Exception {
|
||||
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
|
||||
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
|
||||
RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
|
||||
@SuppressWarnings("unchecked")
|
||||
Map<String, Object> users = (Map<String, Object>) response.getBody();
|
||||
for (String user: users.keySet()) {
|
||||
if (ReservedRealm.isReserved(user) == false) {
|
||||
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
|
||||
}
|
||||
}
|
||||
|
||||
response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
|
||||
@SuppressWarnings("unchecked")
|
||||
Map<String, Object> roles = (Map<String, Object>) response.getBody();
|
||||
for (String role: roles.keySet()) {
|
||||
if (ReservedRolesStore.isReserved(role) == false) {
|
||||
getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restClientSettings() {
|
||||
return Settings.builder()
|
||||
|
|
Loading…
Reference in New Issue