-
Notifications
You must be signed in to change notification settings - Fork 274
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add backend filtering for legacy internal user and service accounts (#…
…2786) ### Description Update UserAPIAction to Filter internal accounts and Service accounts. Dashboards Plugin changes via PR opensearch-project/security-dashboards-plugin#1502 ### Issues Resolved - Resolves #2704 ### Testing Unit Tests created ### Check List - [x] New functionality includes testing - [ ] New functionality has been documented - [x] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: scosta <samuel.costa@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com> Signed-off-by: Sam <samuel.costa@eliatra.com> Co-authored-by: Ryan Liang <jiallian@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com>
- Loading branch information
1 parent
737b531
commit 7f6944c
Showing
7 changed files
with
276 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
src/main/java/org/opensearch/security/user/UserFilterType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
* Modifications Copyright OpenSearch Contributors. See | ||
* GitHub history for details. | ||
*/ | ||
|
||
package org.opensearch.security.user; | ||
|
||
/** | ||
* Filter types to be used when requesting the list of users. | ||
* 'Service' refers to accounts used by other services like Dashboards | ||
* 'Internal' refers the standard user accounts | ||
* 'Any' refers to both types of accounts | ||
*/ | ||
public enum UserFilterType { | ||
|
||
ANY("any"), | ||
INTERNAL("internal"), | ||
SERVICE("service"); | ||
|
||
private String name; | ||
|
||
UserFilterType(String name) { | ||
this.name = name; | ||
} | ||
|
||
public static UserFilterType fromString(String name) { | ||
for (UserFilterType b : UserFilterType.values()) { | ||
if (b.name.equalsIgnoreCase(name)) { | ||
return b; | ||
} | ||
} | ||
return UserFilterType.ANY; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100 changes: 100 additions & 0 deletions
100
src/test/java/org/opensearch/security/UserServiceUnitTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
* Modifications Copyright OpenSearch Contributors. See | ||
* GitHub history for details. | ||
*/ | ||
|
||
package org.opensearch.security; | ||
|
||
import com.fasterxml.jackson.databind.JsonNode; | ||
import com.fasterxml.jackson.databind.ObjectMapper; | ||
import org.junit.Assert; | ||
import org.junit.Before; | ||
import org.junit.Test; | ||
import org.mockito.Mock; | ||
import org.opensearch.client.Client; | ||
import org.opensearch.cluster.service.ClusterService; | ||
import org.opensearch.common.settings.Settings; | ||
import org.opensearch.security.configuration.ConfigurationRepository; | ||
import org.opensearch.security.securityconf.impl.CType; | ||
import org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration; | ||
import org.opensearch.security.user.UserFilterType; | ||
import org.opensearch.security.user.UserService; | ||
|
||
import java.io.File; | ||
import java.nio.charset.StandardCharsets; | ||
import java.nio.file.Files; | ||
|
||
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; | ||
|
||
public class UserServiceUnitTests { | ||
SecurityDynamicConfiguration<?> config; | ||
@Mock | ||
ClusterService clusterService; | ||
@Mock | ||
ConfigurationRepository configurationRepository; | ||
@Mock | ||
Client client; | ||
UserService userService; | ||
|
||
final int SERVICE_ACCOUNTS_IN_SETTINGS = 1; | ||
final int INTERNAL_ACCOUNTS_IN_SETTINGS = 66; | ||
String serviceAccountUsername = "bug.99"; | ||
String internalAccountUsername = "sarek"; | ||
|
||
@Before | ||
public void setup() throws Exception { | ||
String usersYmlFile = "./internal_users.yml"; | ||
Settings.Builder builder = Settings.builder(); | ||
userService = new UserService(clusterService, configurationRepository, builder.build(), client); | ||
config = readConfigFromYml(usersYmlFile, CType.INTERNALUSERS); | ||
} | ||
|
||
@Test | ||
public void testServiceUserTypeFilter() { | ||
|
||
userService.includeAccountsIfType(config, UserFilterType.SERVICE); | ||
Assert.assertEquals(SERVICE_ACCOUNTS_IN_SETTINGS, config.getCEntries().size()); | ||
Assert.assertEquals(config.getCEntries().containsKey(serviceAccountUsername), true); | ||
Assert.assertEquals(config.getCEntries().containsKey(internalAccountUsername), false); | ||
|
||
} | ||
|
||
@Test | ||
public void testInternalUserTypeFilter() { | ||
userService.includeAccountsIfType(config, UserFilterType.INTERNAL); | ||
Assert.assertEquals(INTERNAL_ACCOUNTS_IN_SETTINGS, config.getCEntries().size()); | ||
Assert.assertEquals(config.getCEntries().containsKey(serviceAccountUsername), false); | ||
Assert.assertEquals(config.getCEntries().containsKey(internalAccountUsername), true); | ||
|
||
} | ||
|
||
@Test | ||
public void testAnyUserTypeFilter() { | ||
userService.includeAccountsIfType(config, UserFilterType.ANY); | ||
Assert.assertEquals(INTERNAL_ACCOUNTS_IN_SETTINGS + SERVICE_ACCOUNTS_IN_SETTINGS, config.getCEntries().size()); | ||
Assert.assertEquals(config.getCEntries().containsKey(serviceAccountUsername), true); | ||
Assert.assertEquals(config.getCEntries().containsKey(internalAccountUsername), true); | ||
} | ||
|
||
private SecurityDynamicConfiguration<?> readConfigFromYml(String file, CType cType) throws Exception { | ||
final ObjectMapper YAML = new ObjectMapper(new YAMLFactory()); | ||
final String TEST_RESOURCE_RELATIVE_PATH = "../../resources/test/"; | ||
|
||
final String adjustedFilePath = TEST_RESOURCE_RELATIVE_PATH + file; | ||
JsonNode jsonNode = YAML.readTree(Files.readString(new File(adjustedFilePath).toPath(), StandardCharsets.UTF_8)); | ||
int configVersion = 1; | ||
|
||
if (jsonNode.get("_meta") != null) { | ||
Assert.assertEquals(jsonNode.get("_meta").get("type").asText(), cType.toLCString()); | ||
configVersion = jsonNode.get("_meta").get("config_version").asInt(); | ||
} | ||
return SecurityDynamicConfiguration.fromNode(jsonNode, cType, configVersion, 0, 0); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters