From 64bdf8718e56941a460b5a73317513e6c6912017 Mon Sep 17 00:00:00 2001 From: Stephen Crawford Date: Mon, 21 Aug 2023 10:02:23 -0400 Subject: [PATCH 1/4] PathMatches Signed-off-by: Stephen Crawford --- .../security/filter/RestPathMatchesTest.java | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java b/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java index 9a5335bdb7..920d640776 100644 --- a/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java +++ b/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java @@ -63,4 +63,25 @@ public void testDifferentPathSegments() throws InvocationTargetException, Illega String handlerPath = "_plugins/security/api/x/y"; assertFalse((Boolean) restPathMatches.invoke(securityRestFilter, requestPath, handlerPath)); } + + @Test + public void testRequestPathWithNamedParam() throws InvocationTargetException, IllegalAccessException { + String requestPath = "_plugins/security/api/123/y"; + String handlerPath = "_plugins/security/api/{id}/z"; + assertFalse((Boolean) restPathMatches.invoke(securityRestFilter, requestPath, handlerPath)); + } + + @Test + public void testRequestPathMismatch() throws InvocationTargetException, IllegalAccessException { + String requestPath = "_plugins/security/api/x/y"; + String handlerPath = "_plugins/security/api/z/y"; + assertFalse((Boolean) restPathMatches.invoke(securityRestFilter, requestPath, handlerPath)); + } + + @Test + public void testRequestPathWithExtraSegments() throws InvocationTargetException, IllegalAccessException { + String requestPath = "_plugins/security/api/x/y/z"; + String handlerPath = "_plugins/security/api/x/y"; + assertFalse((Boolean) restPathMatches.invoke(securityRestFilter, requestPath, handlerPath)); + } } From 8efb311d001bdddb66c30304a590a284d4615c9d Mon Sep 17 00:00:00 2001 From: Stephen Crawford Date: Mon, 21 Aug 2023 10:02:54 -0400 Subject: [PATCH 2/4] coverage Signed-off-by: Stephen Crawford --- .../RestLayerPrivilegesEvaluatorTest.java | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java index 3c8145c393..1e4f2a564d 100644 --- a/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java @@ -73,11 +73,11 @@ public void setUp() throws InstantiationException, IllegalAccessException { when(threadPool.getThreadContext()).thenReturn(context); privilegesEvaluator = new RestLayerPrivilegesEvaluator( - clusterService, - threadPool, - mock(AuditLog.class), - mock(ClusterInfoHolder.class), - namedXContentRegistry + clusterService, + threadPool, + mock(AuditLog.class), + mock(ClusterInfoHolder.class), + namedXContentRegistry ); privilegesEvaluator.onConfigModelChanged(configModel); privilegesEvaluator.onDynamicConfigModelChanged(dcm); @@ -128,7 +128,7 @@ public void testEvaluate_Successful_NewPermission() { when(securityRoles.impliesClusterPermissionPermission(action)).thenReturn(true); PrivilegesEvaluatorResponse response = privilegesEvaluator.evaluate(TEST_USER, Set.of(action)); - + assertTrue(privilegesEvaluator.isInitialized()); assertTrue(response.allowed); verify(securityRoles).impliesClusterPermissionPermission(any()); } @@ -160,4 +160,16 @@ public void testEvaluate_Unsuccessful() { assertFalse(response.allowed); verify(securityRoles).impliesClusterPermissionPermission(any()); } + + @Test + public void testIsInitialized_False() { + privilegesEvaluator = new RestLayerPrivilegesEvaluator( + clusterService, + threadPool, + mock(AuditLog.class), + mock(ClusterInfoHolder.class), + namedXContentRegistry + ); + assertFalse(privilegesEvaluator.isInitialized()); + } } From d4d15ec7df3d8d25a7f8579e2e8bf4a283fb0315 Mon Sep 17 00:00:00 2001 From: Stephen Crawford Date: Mon, 21 Aug 2023 10:03:16 -0400 Subject: [PATCH 3/4] Spotless Signed-off-by: Stephen Crawford --- .../RestLayerPrivilegesEvaluatorTest.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java index 1e4f2a564d..9bf7b6d3a8 100644 --- a/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/RestLayerPrivilegesEvaluatorTest.java @@ -73,11 +73,11 @@ public void setUp() throws InstantiationException, IllegalAccessException { when(threadPool.getThreadContext()).thenReturn(context); privilegesEvaluator = new RestLayerPrivilegesEvaluator( - clusterService, - threadPool, - mock(AuditLog.class), - mock(ClusterInfoHolder.class), - namedXContentRegistry + clusterService, + threadPool, + mock(AuditLog.class), + mock(ClusterInfoHolder.class), + namedXContentRegistry ); privilegesEvaluator.onConfigModelChanged(configModel); privilegesEvaluator.onDynamicConfigModelChanged(dcm); @@ -164,11 +164,11 @@ public void testEvaluate_Unsuccessful() { @Test public void testIsInitialized_False() { privilegesEvaluator = new RestLayerPrivilegesEvaluator( - clusterService, - threadPool, - mock(AuditLog.class), - mock(ClusterInfoHolder.class), - namedXContentRegistry + clusterService, + threadPool, + mock(AuditLog.class), + mock(ClusterInfoHolder.class), + namedXContentRegistry ); assertFalse(privilegesEvaluator.isInitialized()); } From acb23d2a3125546687ac843142f0d40a0c2492fa Mon Sep 17 00:00:00 2001 From: Stephen Crawford Date: Tue, 22 Aug 2023 09:41:42 -0400 Subject: [PATCH 4/4] Fix naming Signed-off-by: Stephen Crawford --- .../{RestPathMatchesTest.java => RestPathMatchesTests.java} | 2 +- .../{SecurityFilterTest.java => SecurityFilterTests.java} | 4 ++-- ...curityRestFilterTest.java => SecurityRestFilterTests.java} | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename src/test/java/org/opensearch/security/filter/{RestPathMatchesTest.java => RestPathMatchesTests.java} (99%) rename src/test/java/org/opensearch/security/filter/{SecurityFilterTest.java => SecurityFilterTests.java} (97%) rename src/test/java/org/opensearch/security/filter/{SecurityRestFilterTest.java => SecurityRestFilterTests.java} (99%) diff --git a/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java b/src/test/java/org/opensearch/security/filter/RestPathMatchesTests.java similarity index 99% rename from src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java rename to src/test/java/org/opensearch/security/filter/RestPathMatchesTests.java index 920d640776..eed095c9b6 100644 --- a/src/test/java/org/opensearch/security/filter/RestPathMatchesTest.java +++ b/src/test/java/org/opensearch/security/filter/RestPathMatchesTests.java @@ -18,7 +18,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.mock; -public class RestPathMatchesTest { +public class RestPathMatchesTests { Method restPathMatches; SecurityRestFilter securityRestFilter; diff --git a/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityFilterTests.java similarity index 97% rename from src/test/java/org/opensearch/security/filter/SecurityFilterTest.java rename to src/test/java/org/opensearch/security/filter/SecurityFilterTests.java index ea2978302e..58a12a84a8 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityFilterTests.java @@ -47,12 +47,12 @@ import static org.mockito.Mockito.when; @RunWith(Parameterized.class) -public class SecurityFilterTest { +public class SecurityFilterTests { private final Settings settings; private final WildcardMatcher expected; - public SecurityFilterTest(Settings settings, WildcardMatcher expected) { + public SecurityFilterTests(Settings settings, WildcardMatcher expected) { this.settings = settings; this.expected = expected; } diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java similarity index 99% rename from src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java rename to src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java index 692a950fb1..5adcadb1f2 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java @@ -27,7 +27,7 @@ * Currently tests that the whitelisting functionality works correctly. * Uses the test/resources/restapi folder for setup. */ -public class SecurityRestFilterTest extends AbstractRestApiUnitTest { +public class SecurityRestFilterTests extends AbstractRestApiUnitTest { private RestHelper.HttpResponse response;