From 18cd88320451df62ed1afb550363e82e6b86220a Mon Sep 17 00:00:00 2001 From: Prabhas Kurapati Date: Tue, 16 Jul 2024 07:47:13 -0700 Subject: [PATCH] test changes Signed-off-by: Prabhas Kurapati --- ...DefaultApiAvailabilityIntegrationTest.java | 18 ------ .../api/FlushCacheApiIntegrationTest.java | 57 +++++++++++++++++++ .../http/LdapAuthenticationCacheTest.java | 8 +-- .../dlic/rest/api/FlushCacheApiAction.java | 57 +++++++------------ 4 files changed, 77 insertions(+), 63 deletions(-) create mode 100644 src/integrationTest/java/org/opensearch/security/api/FlushCacheApiIntegrationTest.java diff --git a/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java index f3b701dc38..7ac2262899 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java @@ -16,7 +16,6 @@ import org.opensearch.test.framework.cluster.TestRestClient; import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.core.Is.is; import static org.opensearch.security.api.PatchPayloadHelper.patch; import static org.opensearch.security.api.PatchPayloadHelper.replaceOp; @@ -93,23 +92,6 @@ private void verifyAuthInfoApi(final TestRestClient client) throws Exception { } - @Test - public void flushCache() throws Exception { - withUser(NEW_USER, client -> { - forbidden(() -> client.get(apiPath("cache"))); - forbidden(() -> client.postJson(apiPath("cache"), EMPTY_BODY)); - forbidden(() -> client.putJson(apiPath("cache"), EMPTY_BODY)); - forbidden(() -> client.delete(apiPath("cache"))); - }); - withUser(ADMIN_USER_NAME, localCluster.getAdminCertificate(), client -> { - notImplemented(() -> client.get(apiPath("cache"))); - notImplemented(() -> client.postJson(apiPath("cache"), EMPTY_BODY)); - notImplemented(() -> client.putJson(apiPath("cache"), EMPTY_BODY)); - final var response = ok(() -> client.delete(apiPath("cache"))); - assertThat(response.getBody(), response.getTextFromJsonBody("/message"), is("Cache flushed successfully.")); - }); - } - @Test public void reloadSSLCertsNotAvailable() throws Exception { withUser(NEW_USER, client -> { diff --git a/src/integrationTest/java/org/opensearch/security/api/FlushCacheApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/FlushCacheApiIntegrationTest.java new file mode 100644 index 0000000000..048078badb --- /dev/null +++ b/src/integrationTest/java/org/opensearch/security/api/FlushCacheApiIntegrationTest.java @@ -0,0 +1,57 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package org.opensearch.security.api; + +import org.junit.Test; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; + +public class FlushCacheApiIntegrationTest extends AbstractApiIntegrationTest { + private final static String TEST_USER = "testuser"; + + private String cachePath() { + return super.apiPath("cache"); + } + + private String cachePath(String user) { + return super.apiPath("cache", "user", user); + } + + @Test + public void testFlushCache() throws Exception { + withUser(NEW_USER, client -> { + forbidden(() -> client.get(cachePath())); + forbidden(() -> client.postJson(cachePath(), EMPTY_BODY)); + forbidden(() -> client.putJson(cachePath(), EMPTY_BODY)); + forbidden(() -> client.delete(cachePath())); + forbidden(() -> client.delete(cachePath(TEST_USER))); + }); + withUser(ADMIN_USER_NAME, localCluster.getAdminCertificate(), client -> { + notImplemented(() -> client.get(cachePath())); + notImplemented(() -> client.postJson(cachePath(), EMPTY_BODY)); + notImplemented(() -> client.putJson(cachePath(), EMPTY_BODY)); + final var deleteAllCacheResponse = ok(() -> client.delete(cachePath())); + assertThat( + deleteAllCacheResponse.getBody(), + deleteAllCacheResponse.getTextFromJsonBody("/message"), + is("Cache flushed successfully.") + ); + final var deleteUserCacheResponse = ok(() -> client.delete(cachePath(TEST_USER))); + assertThat( + deleteUserCacheResponse.getBody(), + deleteAllCacheResponse.getTextFromJsonBody("/message"), + is("Cache invalidated for user: " + TEST_USER) + ); + }); + } +} diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java index a0376e93ac..2cc94b13e9 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java @@ -13,8 +13,6 @@ import java.util.Map; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; @@ -26,7 +24,6 @@ import org.opensearch.test.framework.AuthzDomain; import org.opensearch.test.framework.LdapAuthenticationConfigBuilder; import org.opensearch.test.framework.LdapAuthorizationConfigBuilder; -import org.opensearch.test.framework.RolesMapping; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AuthenticationBackend; @@ -67,8 +64,6 @@ @ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class LdapAuthenticationCacheTest { - private static final Logger log = LogManager.getLogger(LdapAuthenticationCacheTest.class); - private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); private static final TestCertificates TEST_CERTIFICATES = new TestCertificates(); @@ -114,10 +109,9 @@ public class LdapAuthenticationCacheTest { ) .authc(AUTHC_HTTPBASIC_INTERNAL) .users(ADMIN_USER) - .rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN)) + .rolesMapping(new TestSecurityConfig.RoleMapping(ALL_ACCESS.getName()).backendRoles(CN_GROUP_ADMIN)) .authz( new AuthzDomain("ldap_roles").httpEnabled(true) - .transportEnabled(true) .authorizationBackend( new AuthorizationBackend("ldap").config( () -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort())) diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java index aeba7c69d1..df673353f8 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/FlushCacheApiAction.java @@ -68,7 +68,7 @@ private void flushCacheApiRequestHandlers(RequestHandler.RequestHandlersBuilder // Extract the username from the request final String username = request.param("username"); if (username == null || username.isEmpty()) { - internalSeverError(channel, "No username provided for cache invalidation."); + internalServerError(channel, "No username provided for cache invalidation."); return; } // Validate and handle user-specific cache invalidation @@ -77,44 +77,25 @@ private void flushCacheApiRequestHandlers(RequestHandler.RequestHandlersBuilder configUpdateRequest = new ConfigUpdateRequest(CType.lcStringValues().toArray(new String[0])); } client.execute(ConfigUpdateAction.INSTANCE, configUpdateRequest, new ActionListener<>() { + @Override + public void onResponse(ConfigUpdateResponse configUpdateResponse) { + if (configUpdateResponse.hasFailures()) { + LOGGER.error("Cannot flush cache due to", configUpdateResponse.failures().get(0)); + internalServerError( + channel, + "Cannot flush cache due to " + configUpdateResponse.failures().get(0).getMessage() + "." + ); + return; + } + LOGGER.debug("cache flushed successfully"); + ok(channel, "Cache flushed successfully."); + } - @Override - public void onResponse(ConfigUpdateResponse configUpdateResponse) { - if (configUpdateResponse.hasFailures()) { - LOGGER.error("Cannot flush cache due to", configUpdateResponse.failures().get(0)); - internalSeverError( - channel, - "Cannot flush cache due to " + configUpdateResponse.failures().get(0).getMessage() + "." - ); - return; - } - LOGGER.debug("cache flushed successfully"); - ok(channel, "Cache flushed successfully."); - } - @Override - public void onResponse(ConfigUpdateResponse configUpdateResponse) { - if (configUpdateResponse.hasFailures()) { - LOGGER.error("Cannot flush cache due to", configUpdateResponse.failures().get(0)); - internalServerError( - channel, - "Cannot flush cache due to " + configUpdateResponse.failures().get(0).getMessage() + "." - ); - return; - } - LOGGER.debug("cache flushed successfully"); - ok(channel, "Cache flushed successfully."); - } - - @Override - public void onFailure(final Exception e) { - LOGGER.error("Cannot flush cache due to", e); - internalSeverError(channel, "Cannot flush cache due to " + e.getMessage() + "."); - } - @Override - public void onFailure(final Exception e) { - LOGGER.error("Cannot flush cache due to", e); - internalServerError(channel, "Cannot flush cache due to " + e.getMessage() + "."); - } + @Override + public void onFailure(final Exception e) { + LOGGER.error("Cannot flush cache due to", e); + internalServerError(channel, "Cannot flush cache due to " + e.getMessage() + "."); + } }); });