Skip to content

Commit

Permalink
fixed security tests (opensearch-project#484)
Browse files Browse the repository at this point in the history
* fixed security tests

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
  • Loading branch information
raj-chak authored Feb 10, 2023
1 parent 830dff1 commit c51940f
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 58 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1182,10 +1182,11 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
client().performRequest(request)
}

fun createIndexRoleWithDocLevelSecurity(name: String, index: String, dlsQuery: String) {
fun createIndexRoleWithDocLevelSecurity(name: String, index: String, dlsQuery: String, clusterPermissions: String? = "") {
val request = Request("PUT", "/_plugins/_security/api/roles/$name")
var entity = "{\n" +
"\"cluster_permissions\": [\n" +
"\"$clusterPermissions\"\n" +
"],\n" +
"\"index_permissions\": [\n" +
"{\n" +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class SecureDestinationRestApiIT : AlertingRestTestCase() {
}
}

val user = "userOne"
val user = "userA"
var userClient: RestClient? = null

@Before
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,15 @@ import org.junit.After
import org.junit.Before
import org.junit.BeforeClass
import org.opensearch.alerting.ALERTING_GET_EMAIL_ACCOUNT_ACCESS
import org.opensearch.alerting.ALERTING_NO_ACCESS_ROLE
import org.opensearch.alerting.ALERTING_SEARCH_EMAIL_ACCOUNT_ACCESS
import org.opensearch.alerting.AlertingPlugin
import org.opensearch.alerting.AlertingRestTestCase
import org.opensearch.alerting.TEST_HR_BACKEND_ROLE
import org.opensearch.alerting.TEST_HR_INDEX
import org.opensearch.alerting.TEST_HR_ROLE
import org.opensearch.alerting.makeRequest
import org.opensearch.client.ResponseException
import org.opensearch.client.RestClient
import org.opensearch.commons.rest.SecureRestClientBuilder
import org.opensearch.rest.RestStatus
Expand Down Expand Up @@ -50,7 +52,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
}
}

val user = "userOne"
val user = "userB"
var userClient: RestClient? = null

@Before
Expand Down Expand Up @@ -129,7 +131,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {

/*
TODO: https://github.com/opensearch-project/alerting/issues/300
*/
fun `test get email accounts with an user without get email account role`() {
createUserWithTestDataAndCustomRole(
user,
Expand All @@ -138,9 +140,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
listOf(TEST_HR_BACKEND_ROLE),
getClusterPermissionsFromCustomRole(ALERTING_NO_ACCESS_ROLE)
)
val emailAccount = createRandomEmailAccountWithGivenName(true, randomAlphaOfLength(5))
try {
userClient?.makeRequest(
"GET",
Expand All @@ -158,19 +158,15 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
}
fun `test search email accounts with an user without search email account role`() {
createUserWithTestDataAndCustomRole(
user,
TEST_HR_INDEX,
TEST_HR_ROLE,
listOf(TEST_HR_BACKEND_ROLE),
getClusterPermissionsFromCustomRole(ALERTING_NO_ACCESS_ROLE)
)
createRandomEmailAccountWithGivenName(true, randomAlphaOfLength(5))
try {
userClient?.makeRequest(
"POST",
Expand All @@ -185,6 +181,4 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
deleteRoleAndRoleMapping(TEST_HR_ROLE)
}
}
*/
}
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ class SecureEmailGroupsRestApiIT : AlertingRestTestCase() {
}
}

val user = "userOne"
val user = "userC"
var userClient: RestClient? = null

@Before
Expand Down
Loading

0 comments on commit c51940f

Please sign in to comment.