honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: remove user/role deletion logic in XPackRestTestCase 

Original commit: elastic/x-pack-elasticsearch@d6064e520a
This commit is contained in:
jaymode 2016-06-30 11:14:37 -04:00
parent 67706a9a19
commit d1b945d1f2
9 changed files with 145 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/test/license/20_put_license.yaml
View File

@ -1,3 +1,8 @@
---
teardown:
- do:
license.delete: {}
---
"installing and getting license works":

8
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml
View File

@ -1,3 +1,4 @@
---
setup:
- skip:
features: headers
@ -16,6 +17,13 @@ setup:
"full_name" : "Authenticate User"
}
---
teardown:
- do:
xpack.security.delete_user:
username: "authenticate_user"
ignore: 404
---
"Test authenticate api":

131
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml
View File

@ -1,23 +1,58 @@
---
"Test changing users password":
setup:
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "superuser" ]
}
- match: { user: { created: true } }
{
"password": "s3krit",
"roles" : [ "superuser" ]
}
- do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- do:
xpack.security.put_user:
username: "unprivileged_user"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
# test that the role actually works
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
- do:
xpack.security.delete_role:
name: "user"
ignore: 404
- do:
xpack.security.delete_user:
username: "unprivileged_user"
ignore: 404
---
"Test changing users password":
# validate that the user actually works
- do:
headers:
Authorization: "Basic am9lOnMza3JpdA=="
@ -49,49 +84,17 @@
---
"Test user changing their own password":
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
- match: { user: { created: true } }
# test that the role actually works
- do:
headers:
Authorization: "Basic am9lOnMza3JpdA=="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {}
- match: { timed_out: false }
# change password as the current user. the power_user role only grants the ability to change their own password
# change password as the current user. the user role only grants the ability to change their own password
- do:
headers:
Authorization: "Basic am9lOnMza3JpdA=="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
xpack.security.change_password:
body: >
{
@ -102,61 +105,29 @@
- do:
catch: request
headers:
Authorization: "Basic am9lOnMza3JpdA=="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {}
# login with new credentials
- do:
headers:
Authorization: "Basic am9lOnMza3JpdDI="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0Mg=="
cluster.health: {}
- match: { timed_out: false }
---
"Test unauthorized user changing anothers password":
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
xpack.security.put_role:
name: "user"
body: >
{
"cluster": ["monitor"],
"indices": [
{
"names": "*",
"privileges": ["all"]
}
]
}
- match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "user" ]
}
- match: { user: { created: true } }
# test that the role actually works
- do:
headers:
Authorization: "Basic am9lOnMza3JpdA=="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
cluster.health: {}
- match: { timed_out: false }
# attempt to change another users password
- do:
headers:
Authorization: "Basic am9lOnMza3JpdA=="
Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
catch: forbidden
xpack.security.change_password:
username: "anotheruser"

39
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml
View File

@ -1,12 +1,37 @@
---
"Test put role api":
setup:
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
wait_for_status: yellow
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "admin_role" ]
}
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
- do:
xpack.security.delete_role:
name: "admin_role"
ignore: 404
- do:
xpack.security.delete_role:
name: "backwards_role"
ignore: 404
---
"Test put role api":
- do:
xpack.security.put_role:
name: "admin_role"
@ -37,16 +62,6 @@
}
- match: { role: { created: true } }
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "admin_role" ]
}
- match: { user: { created: true } }
# test that the role actually works
- do:
headers:

5
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml
View File

@ -1,9 +1,12 @@
---
setup:
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
---
teardown:
- do:
xpack.security.delete_role:
@ -24,8 +27,6 @@ teardown:
---
"Test put role api using as array of index names":
- skip:
features: headers
- do:
xpack.security.put_role:

13
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/10_basic.yaml
View File

@ -1,12 +1,21 @@
---
"Test put user api":
setup:
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
wait_for_status: yellow
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test put user api":
- do:
xpack.security.put_user:
username: "joe"

22
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml
View File

@ -1,22 +1,30 @@
---
"Test overwriting a user":
setup:
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
wait_for_status: yellow
- do:
xpack.security.put_user:
username: "joe"
body: >
{
"password": "s3krit",
"roles" : [ "superuser" ]
}
- match: { user: { created: true } }
{
"password": "s3krit",
"roles" : [ "superuser" ]
}
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test overwriting a user":
- do:
xpack.security.get_user:
username: "joe"

46
elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/16_update_user.yaml
View File

@ -1,24 +1,5 @@
---
"Test creating a user without password":
- do:
cluster.health:
wait_for_status: yellow
- do:
catch: request
xpack.security.put_user:
username: "joe"
body: >
{
"roles" : [ "superuser" ]
}
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
---
"Test create user and update without and with password":
- skip:
features: headers
setup:
- do:
cluster.health:
wait_for_status: yellow
@ -31,7 +12,30 @@
"password": "s3krit",
"roles" : [ "superuser" ]
}
- match: { user: { created: true } }
---
teardown:
- do:
xpack.security.delete_user:
username: "joe"
ignore: 404
---
"Test creating a user without password":
- do:
catch: request
xpack.security.put_user:
username: "no_password_user"
body: >
{
"roles" : [ "superuser" ]
}
- match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
---
"Test create user and update without and with password":
- skip:
features: headers
# test that the role actually works
- do:

23
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java
View File

@ -63,29 +63,6 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
}
}
@After
public void clearUsersAndRoles() throws Exception {
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> users = (Map<String, Object>) response.getBody();
for (String user: users.keySet()) {
if (ReservedRealm.isReserved(user) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
}
}
response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> roles = (Map<String, Object>) response.getBody();
for (String role: roles.keySet()) {
if (ReservedRolesStore.isReserved(role) == false) {
getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
}
}
}
@Override
protected Settings restClientSettings() {
return Settings.builder()