honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename LDAP setting meta_data to metadata (elastic/x-pack-elasticsearch#1455) 

We don't hyphenate metadata anywhere else.
Also added tests for the LdapMetaDataResolver as they were completely absent.

Original commit: elastic/x-pack-elasticsearch@eec647ba93
This commit is contained in:
Tim Vernum 2017-05-30 13:38:40 +10:00 committed by GitHub
parent e977bdbf1f
commit da40720ef0
4 changed files with 204 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapMetaDataResolver.java
View File

@ -30,7 +30,7 @@ import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.sear
public class LdapMetaDataResolver {
public static final Setting<List<String>> ADDITIONAL_META_DATA_SETTING = Setting.listSetting(
"meta_data", Collections.emptyList(), Function.identity(), Setting.Property.NodeScope);
"metadata", Collections.emptyList(), Function.identity(), Setting.Property.NodeScope);
private final String[] attributeNames;
private final boolean ignoreReferralErrors;

51
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java
View File

@ -7,27 +7,16 @@ package org.elasticsearch.xpack.security.authc.ldap;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.LDAPURL;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.ssl.SSLService;
import org.elasticsearch.xpack.ssl.VerificationMode;
import org.junit.After;
import org.junit.Before;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.List;
@ -44,45 +33,7 @@ public abstract class GroupsResolverTestCase extends ESTestCase {
@Before
public void setUpLdapConnection() throws Exception {
Path truststore = getDataPath("../ldap/support/ldaptrust.jks");
boolean useGlobalSSL = randomBoolean();
Settings.Builder builder = Settings.builder().put("path.home", createTempDir());
if (useGlobalSSL) {
builder.put("xpack.ssl.truststore.path", truststore)
.put("xpack.ssl.truststore.password", "changeit");
// fake realm to load config with certificate verification mode
builder.put("xpack.security.authc.realms.bar.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
} else {
// fake realms so ssl will get loaded
builder.put("xpack.security.authc.realms.foo.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.foo.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.foo.ssl.verification_mode", VerificationMode.FULL);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
}
Settings settings = builder.build();
Environment env = new Environment(settings);
SSLService sslService = new SSLService(settings, env);
LDAPURL ldapurl = new LDAPURL(ldapUrl());
LDAPConnectionOptions options = new LDAPConnectionOptions();
options.setFollowReferrals(true);
options.setAllowConcurrentSocketFactoryUse(true);
options.setConnectTimeoutMillis(Math.toIntExact(SessionFactory.TIMEOUT_DEFAULT.millis()));
options.setResponseTimeoutMillis(SessionFactory.TIMEOUT_DEFAULT.millis());
Settings connectionSettings;
if (useGlobalSSL) {
connectionSettings = Settings.EMPTY;
} else {
connectionSettings = Settings.builder().put("truststore.path", truststore)
.put("truststore.password", "changeit").build();
}
ldapConnection = LdapUtils.privilegedConnect(() -> new LDAPConnection(sslService.sslSocketFactory(connectionSettings), options,
ldapurl.getHost(), ldapurl.getPort(), bindDN(), bindPassword()));
this.ldapConnection = LdapTestUtils.openConnection(ldapUrl(), bindDN(), bindPassword(), truststore);
}
@After

69
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapTestUtils.java Normal file
View File

@ -0,0 +1,69 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.authc.ldap;
import java.nio.file.Path;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPURL;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils;
import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
import org.elasticsearch.xpack.ssl.SSLService;
import org.elasticsearch.xpack.ssl.VerificationMode;
public class LdapTestUtils {
private LdapTestUtils() {
// Utility class
}
public static LDAPConnection openConnection(String url, String bindDN, String bindPassword, Path truststore) throws Exception {
boolean useGlobalSSL = ESTestCase.randomBoolean();
Settings.Builder builder = Settings.builder().put("path.home", LuceneTestCase.createTempDir());
if (useGlobalSSL) {
builder.put("xpack.ssl.truststore.path", truststore)
.put("xpack.ssl.truststore.password", "changeit");
// fake realm to load config with certificate verification mode
builder.put("xpack.security.authc.realms.bar.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
} else {
// fake realms so ssl will get loaded
builder.put("xpack.security.authc.realms.foo.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.foo.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.foo.ssl.verification_mode", VerificationMode.FULL);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.path", truststore);
builder.put("xpack.security.authc.realms.bar.ssl.truststore.password", "changeit");
builder.put("xpack.security.authc.realms.bar.ssl.verification_mode", VerificationMode.CERTIFICATE);
}
Settings settings = builder.build();
Environment env = new Environment(settings);
SSLService sslService = new SSLService(settings, env);
LDAPURL ldapurl = new LDAPURL(url);
LDAPConnectionOptions options = new LDAPConnectionOptions();
options.setFollowReferrals(true);
options.setAllowConcurrentSocketFactoryUse(true);
options.setConnectTimeoutMillis(Math.toIntExact(SessionFactory.TIMEOUT_DEFAULT.millis()));
options.setResponseTimeoutMillis(SessionFactory.TIMEOUT_DEFAULT.millis());
Settings connectionSettings;
if (useGlobalSSL) {
connectionSettings = Settings.EMPTY;
} else {
connectionSettings = Settings.builder().put("truststore.path", truststore)
.put("truststore.password", "changeit").build();
}
return LdapUtils.privilegedConnect(() -> new LDAPConnection(sslService.sslSocketFactory(connectionSettings), options,
ldapurl.getHost(), ldapurl.getPort(), bindDN, bindPassword));
}
}

133
plugin/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapMetaDataResolverTests.java Normal file
View File

@ -0,0 +1,133 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.authc.ldap.support;
import javax.security.auth.DestroyFailedException;
import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import org.bouncycastle.operator.OperatorCreationException;
import org.elasticsearch.action.support.PlainActionFuture;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.elasticsearch.xpack.security.authc.ldap.LdapTestUtils;
import org.elasticsearch.xpack.security.authc.ldap.OpenLdapTests;
import org.junit.After;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.nullValue;
public class LdapMetaDataResolverTests extends ESTestCase {
private static final String HAWKEYE_DN = "uid=hawkeye,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
private LdapMetaDataResolver resolver;
private LDAPConnection connection;
public void testParseSettings() throws Exception {
resolver = new LdapMetaDataResolver(Settings.builder().putArray("metadata", "cn", "uid").build(), false);
assertThat(resolver.attributeNames(), arrayContaining("cn", "uid"));
}
public void testResolveSingleValuedAttributeFromCachedAttributes() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("cn", "uid"), true);
final Collection<Attribute> attributes = Arrays.asList(
new Attribute("cn", "Clint Barton"),
new Attribute("uid", "hawkeye"),
new Attribute("email", "clint.barton@shield.gov"),
new Attribute("memberOf", "cn=staff,ou=groups,dc=exmaple,dc=com", "cn=admin,ou=groups,dc=exmaple,dc=com")
);
final Map<String, Object> map = resolve(attributes);
assertThat(map.size(), equalTo(2));
assertThat(map.get("cn"), equalTo("Clint Barton"));
assertThat(map.get("uid"), equalTo("hawkeye"));
}
public void testResolveMultiValuedAttributeFromCachedAttributes() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("cn", "uid"), true);
final Collection<Attribute> attributes = Arrays.asList(
new Attribute("cn", "Clint Barton", "hawkeye"),
new Attribute("uid", "hawkeye")
);
final Map<String, Object> map = resolve(attributes);
assertThat(map.size(), equalTo(2));
assertThat(map.get("cn"), instanceOf(List.class));
assertThat((List<?>) map.get("cn"), contains("Clint Barton", "hawkeye"));
assertThat(map.get("uid"), equalTo("hawkeye"));
}
public void testResolveMissingAttributeFromCachedAttributes() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("cn", "uid"), true);
final Collection<Attribute> attributes = Collections.singletonList(new Attribute("uid", "hawkeye"));
final Map<String, Object> map = resolve(attributes);
assertThat(map.size(), equalTo(1));
assertThat(map.get("cn"), nullValue());
assertThat(map.get("uid"), equalTo("hawkeye"));
}
@Network
public void testResolveSingleValuedAttributeFromConnection() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("givenName", "sn"), true);
setupOpenLdapConnection();
final Map<String, Object> map = resolve(null);
assertThat(map.size(), equalTo(2));
assertThat(map.get("givenName"), equalTo("Clint"));
assertThat(map.get("sn"), equalTo("Barton"));
}
@Network
public void testResolveMultiValuedAttributeFromConnection() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("objectClass"), true);
setupOpenLdapConnection();
final Map<String, Object> map = resolve(null);
assertThat(map.size(), equalTo(1));
assertThat(map.get("objectClass"), instanceOf(List.class));
assertThat((List<?>) map.get("objectClass"), contains("top", "posixAccount", "inetOrgPerson"));
}
@Network
public void testResolveMissingAttributeFromConnection() throws Exception {
resolver = new LdapMetaDataResolver(Arrays.asList("alias"), true);
setupOpenLdapConnection();
final Map<String, Object> map = resolve(null);
assertThat(map.size(), equalTo(0));
}
private Map<String, Object> resolve(Collection<Attribute> attributes) throws Exception {
final PlainActionFuture<Map<String, Object>> future = new PlainActionFuture<>();
resolver.resolve(connection, HAWKEYE_DN, TimeValue.timeValueSeconds(1), logger, attributes, future);
return future.get();
}
private void setupOpenLdapConnection() throws Exception {
Path truststore = getDataPath("./ldaptrust.jks");
this.connection = LdapTestUtils.openConnection(OpenLdapTests.OPEN_LDAP_URL, HAWKEYE_DN, OpenLdapTests.PASSWORD, truststore);
}
@After
public void tearDownLdapConnection() throws Exception {
if (connection != null) {
connection.close();
}
}
}