Skip to content

Commit

Permalink
limited security test workflows to run only security tests; moved sec…
Browse files Browse the repository at this point in the history
…urity tests into security package

Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
  • Loading branch information
petardz committed May 19, 2023
1 parent 3838886 commit d80fcd1
Show file tree
Hide file tree
Showing 7 changed files with 52 additions and 33 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/docker-security-test-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ jobs:
if [ $security -gt 0 ]
then
echo "Security plugin is available"
./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin
./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin -Dtests.class=“*SecurityBehaviorIT"
else
echo "Security plugin is NOT available skipping this run as tests without security have already been run"
fi
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/security-test-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
uses: actions/checkout@v2
- name: Run integration tests
run: |
./gradlew integTest -Dsecurity=true -Dhttps=true
./gradlew integTest -Dsecurity=true -Dhttps=true -Dtests.class=“*SecurityBehaviorIT"
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.indexmanagement
Expand Down Expand Up @@ -224,7 +218,8 @@ abstract class SecurityRestTestCase : IndexManagementRestTestCase() {
return entityAsMap(executeRequest(request, RestStatus.OK, client))
}

protected fun getExistingManagedIndexConfig(index: String) = IndexStateManagementRestTestCaseExt.getExistingManagedIndexConfigExt(index)
protected fun getExistingManagedIndexConfig(index: String) =
IndexStateManagementRestTestCaseExt.getExistingManagedIndexConfigExt(index)

protected fun createPolicyJson(
policyString: String,
Expand Down Expand Up @@ -356,7 +351,8 @@ abstract class SecurityRestTestCase : IndexManagementRestTestCase() {
client: RestClient
) = TransformRestTestCaseExt.getTransformExt(transformId, header, client)

protected fun getTransformMetadata(metadataId: String) = TransformRestTestCaseExt.getTransformMetadataExt(metadataId)
protected fun getTransformMetadata(metadataId: String) =
TransformRestTestCaseExt.getTransformMetadataExt(metadataId)

protected fun checkTransformExplain(transformId: String, userClient: RestClient, expectedStatus: RestStatus): Response {
val request = Request(RestRequest.Method.GET.name, IndexManagementPlugin.TRANSFORM_BASE_URI + "/$transformId/_explain")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,29 @@
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.indexmanagement
package org.opensearch.indexmanagement.security

import org.junit.After
import org.junit.Before
import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest
import org.opensearch.client.ResponseException
import org.opensearch.client.RestClient
import org.opensearch.commons.rest.SecureRestClientBuilder
import org.opensearch.indexmanagement.IndexManagementPlugin.Companion.INDEX_MANAGEMENT_INDEX
import org.opensearch.indexmanagement.BULK_WRITE_INDEX
import org.opensearch.indexmanagement.CREATE_INDEX
import org.opensearch.indexmanagement.GET_INDEX_MAPPING
import org.opensearch.indexmanagement.IndexManagementPlugin
import org.opensearch.indexmanagement.MANAGED_INDEX
import org.opensearch.indexmanagement.PUT_INDEX_MAPPING
import org.opensearch.indexmanagement.SEARCH_INDEX
import org.opensearch.indexmanagement.SecurityRestTestCase
import org.opensearch.indexmanagement.WRITE_INDEX
import org.opensearch.indexmanagement.indexstatemanagement.action.AliasAction
import org.opensearch.indexmanagement.indexstatemanagement.model.Policy
import org.opensearch.indexmanagement.indexstatemanagement.model.State
import org.opensearch.indexmanagement.indexstatemanagement.randomErrorNotification
import org.opensearch.indexmanagement.indexstatemanagement.transport.action.explain.ExplainAction
import org.opensearch.rest.RestStatus
import org.opensearch.test.OpenSearchTestCase
import org.opensearch.test.junit.annotations.TestLogging
import java.time.Instant
import java.time.temporal.ChronoUnit
Expand Down Expand Up @@ -65,13 +72,13 @@ class ExplainSecurityBehaviorIT : SecurityRestTestCase() {
deleteUser(ismUser)
deleteRole(HELPDESK_ROLE)

deleteIndexByName("$INDEX_MANAGEMENT_INDEX")
deleteIndexByName("${IndexManagementPlugin.INDEX_MANAGEMENT_INDEX}")
}

fun `test managed index explain indices permission check`() {

val notPermittedIndexPrefix = OpenSearchTestCase.randomAlphaOfLength(10).lowercase(Locale.getDefault())
val policyId = OpenSearchTestCase.randomAlphaOfLength(10)
val notPermittedIndexPrefix = randomAlphaOfLength(10).lowercase(Locale.getDefault())
val policyId = randomAlphaOfLength(10)

val permittedindices = mutableListOf<String>()
val notPermittedindices = mutableListOf<String>()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,20 +1,27 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.indexmanagement
package org.opensearch.indexmanagement.security

import org.junit.After
import org.junit.Before
import org.opensearch.client.RestClient
import org.opensearch.commons.rest.SecureRestClientBuilder
import org.opensearch.indexmanagement.BULK_WRITE_INDEX
import org.opensearch.indexmanagement.CREATE_INDEX
import org.opensearch.indexmanagement.DELETE_ROLLUP
import org.opensearch.indexmanagement.EXPLAIN_ROLLUP
import org.opensearch.indexmanagement.GET_INDEX_MAPPING
import org.opensearch.indexmanagement.GET_ROLLUP
import org.opensearch.indexmanagement.INDEX_ROLLUP
import org.opensearch.indexmanagement.MANAGED_INDEX
import org.opensearch.indexmanagement.PUT_INDEX_MAPPING
import org.opensearch.indexmanagement.SEARCH_INDEX
import org.opensearch.indexmanagement.SecurityRestTestCase
import org.opensearch.indexmanagement.UPDATE_ROLLUP
import org.opensearch.indexmanagement.WRITE_INDEX
import org.opensearch.indexmanagement.common.model.dimension.DateHistogram
import org.opensearch.indexmanagement.indexstatemanagement.settings.ManagedIndexSettings
import org.opensearch.indexmanagement.rollup.model.Rollup
Expand All @@ -26,6 +33,7 @@ import org.opensearch.indexmanagement.rollup.model.metric.Min
import org.opensearch.indexmanagement.rollup.model.metric.Sum
import org.opensearch.indexmanagement.rollup.model.metric.ValueCount
import org.opensearch.indexmanagement.rollup.randomRollup
import org.opensearch.indexmanagement.waitFor
import org.opensearch.jobscheduler.spi.schedule.IntervalSchedule
import org.opensearch.rest.RestStatus
import org.opensearch.test.junit.annotations.TestLogging
Expand Down
Original file line number Diff line number Diff line change
@@ -1,21 +1,29 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

package org.opensearch.indexmanagement
package org.opensearch.indexmanagement.security

import org.junit.After
import org.junit.Before
import org.opensearch.client.RestClient
import org.opensearch.commons.rest.SecureRestClientBuilder
import org.opensearch.indexmanagement.BULK_WRITE_INDEX
import org.opensearch.indexmanagement.CREATE_INDEX
import org.opensearch.indexmanagement.EXPLAIN_INDEX
import org.opensearch.indexmanagement.GET_INDEX_MAPPING
import org.opensearch.indexmanagement.GET_POLICIES
import org.opensearch.indexmanagement.GET_POLICY
import org.opensearch.indexmanagement.MANAGED_INDEX
import org.opensearch.indexmanagement.PUT_INDEX_MAPPING
import org.opensearch.indexmanagement.SEARCH_INDEX
import org.opensearch.indexmanagement.SecurityRestTestCase
import org.opensearch.indexmanagement.WRITE_INDEX
import org.opensearch.indexmanagement.WRITE_POLICY
import org.opensearch.indexmanagement.indexstatemanagement.settings.ManagedIndexSettings
import org.opensearch.indexmanagement.makeRequest
import org.opensearch.indexmanagement.waitFor
import org.opensearch.rest.RestStatus
import org.opensearch.test.junit.annotations.TestLogging

Expand Down

0 comments on commit d80fcd1

Please sign in to comment.