Skip to content

Commit 35b214b

Browse files
n1v0lgn1v0lg
committed
More tests
1 parent 20061fc commit 35b214b

File tree

2 files changed

+80
-5
lines changed

2 files changed

+80
-5
lines changed

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java

Lines changed: 69 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -229,6 +229,70 @@ public void testResolveBySelectorAccess() {
229229
List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
230230
assertThat(actualPredicates, containsInAnyOrder(IndexComponentSelectorPredicate.ALL));
231231
}
232+
{
233+
Set<IndexPrivilege> actual = IndexPrivilege.resolveBySelectorAccess(
234+
Set.of("manage", "all", "read", "indices:data/read/search", "view_index_metadata")
235+
);
236+
assertThat(
237+
actual,
238+
containsInAnyOrder(
239+
resolvePrivilegeAndAssertSingleton(Set.of("manage", "all", "read", "indices:data/read/search", "view_index_metadata"))
240+
)
241+
);
242+
List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
243+
assertThat(actualPredicates, containsInAnyOrder(IndexComponentSelectorPredicate.ALL));
244+
}
245+
{
246+
Set<IndexPrivilege> actual = IndexPrivilege.resolveBySelectorAccess(
247+
Set.of("manage", "read", "indices:data/read/search", "read_failure_store")
248+
);
249+
assertThat(
250+
actual,
251+
containsInAnyOrder(
252+
IndexPrivilege.MANAGE,
253+
IndexPrivilege.READ_FAILURE_STORE,
254+
resolvePrivilegeAndAssertSingleton(Set.of("read", "indices:data/read/search"))
255+
)
256+
);
257+
List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
258+
assertThat(
259+
actualPredicates,
260+
containsInAnyOrder(
261+
IndexComponentSelectorPredicate.DATA,
262+
IndexComponentSelectorPredicate.FAILURES,
263+
IndexComponentSelectorPredicate.DATA_AND_FAILURES
264+
)
265+
);
266+
}
267+
{
268+
Set<IndexPrivilege> actual = IndexPrivilege.resolveBySelectorAccess(Set.of("manage", "read", "indices:data/read/search"));
269+
assertThat(
270+
actual,
271+
containsInAnyOrder(IndexPrivilege.MANAGE, resolvePrivilegeAndAssertSingleton(Set.of("read", "indices:data/read/search")))
272+
);
273+
List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
274+
assertThat(
275+
actualPredicates,
276+
containsInAnyOrder(IndexComponentSelectorPredicate.DATA, IndexComponentSelectorPredicate.DATA_AND_FAILURES)
277+
);
278+
}
279+
{
280+
Set<IndexPrivilege> actual = IndexPrivilege.resolveBySelectorAccess(
281+
Set.of("manage", "read", "manage_data_stream_lifecycle", "indices:admin/*")
282+
);
283+
assertThat(
284+
actual,
285+
containsInAnyOrder(
286+
resolvePrivilegeAndAssertSingleton(Set.of("manage_data_stream_lifecycle", "manage")),
287+
resolvePrivilegeAndAssertSingleton(Set.of("read", "indices:admin/*"))
288+
)
289+
);
290+
List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
291+
assertThat(
292+
actualPredicates,
293+
containsInAnyOrder(IndexComponentSelectorPredicate.DATA, IndexComponentSelectorPredicate.DATA_AND_FAILURES)
294+
);
295+
}
232296
}
233297

234298
public void testPrivilegesForRollupFieldCapsAction() {
@@ -289,7 +353,11 @@ public void testCrossClusterReplicationPrivileges() {
289353
assertThat(
290354
Automatons.subsetOf(
291355
crossClusterReplication.automaton,
292-
resolvePrivilegeAndAssertSingleton(Set.of("manage", "read", "monitor")).automaton
356+
IndexPrivilege.resolveBySelectorAccess(Set.of("manage", "read", "monitor"))
357+
.stream()
358+
.map(p -> p.automaton)
359+
.reduce((a1, a2) -> Automatons.unionAndMinimize(List.of(a1, a2)))
360+
.get()
293361
),
294362
is(true)
295363
);

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2023,11 +2023,18 @@ public void testBuildRoleWithFailureStorePrivilegeCollatesToKeepDlsFlsFromAnothe
20232023
);
20242024
}
20252025

2026-
public void testBuildRoleNeverSplitsWithoutFailureStoreRelatedPrivileges() {
2026+
public void testBuildRoleDoesNotSplitIfAllPrivilegesHaveTheSameSelector() {
20272027
String indexPattern = randomAlphanumericOfLength(10);
2028-
List<String> nonFailurePrivileges = IndexPrivilege.names()
2028+
IndexComponentSelectorPredicate predicate = randomFrom(
2029+
IndexComponentSelectorPredicate.ALL,
2030+
IndexComponentSelectorPredicate.DATA,
2031+
IndexComponentSelectorPredicate.FAILURES,
2032+
IndexComponentSelectorPredicate.DATA_AND_FAILURES
2033+
);
2034+
2035+
List<String> privilegesWithSelector = IndexPrivilege.names()
20292036
.stream()
2030-
.filter(p -> IndexPrivilege.getNamedOrNull(p).getSelectorPredicate() != IndexComponentSelectorPredicate.FAILURES)
2037+
.filter(p -> IndexPrivilege.getNamedOrNull(p).getSelectorPredicate() == predicate)
20312038
.toList();
20322039
Set<String> usedPrivileges = new HashSet<>();
20332040

@@ -2038,7 +2045,7 @@ public void testBuildRoleNeverSplitsWithoutFailureStoreRelatedPrivileges() {
20382045
// TODO this is due to an unrelated bug in index collation logic
20392046
List<String> privileges = randomValueOtherThanMany(
20402047
p -> p.get(0).equals("none"),
2041-
() -> randomNonEmptySubsetOf(nonFailurePrivileges)
2048+
() -> randomNonEmptySubsetOf(privilegesWithSelector)
20422049
);
20432050
usedPrivileges.addAll(privileges);
20442051
indicesPrivileges[i] = builder.indices(indexPattern).privileges(privileges).build();

0 commit comments

Comments
 (0)