Skip to content

Commit 481da2a

Browse files
n1v0lgn1v0lg
committed
Tests
1 parent 4a44748 commit 481da2a

File tree

2 files changed

+59
-17
lines changed

2 files changed

+59
-17
lines changed

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ public void testGetWithSingleSelectorAccess() {
106106
}
107107

108108
public void testGetWithSingleSelectorAccessFailuresSelector() {
109-
assumeTrue("This test requires the failure store to be enabled", DataStream.isFailureStoreFeatureFlagEnabled());
109+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
110110
{
111111
IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("read_failure_store"));
112112
assertThat(actual, equalTo(IndexPrivilege.READ_FAILURE_STORE));
@@ -147,7 +147,7 @@ public void testGetWithSingleSelectorAccessFailuresSelector() {
147147
}
148148

149149
public void testGetSplitBySelectorAccess() {
150-
assumeTrue("This test requires the failure store to be enabled", DataStream.isFailureStoreFeatureFlagEnabled());
150+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
151151
{
152152
Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(Set.of("read_failure_store"));
153153
assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE));

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java

Lines changed: 57 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1535,78 +1535,120 @@ public void testBuildRoleWithMultipleRemoteClusterMerged() {
15351535
public void testBuildRoleWithReadFailureStorePrivilegeOnly() {
15361536
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15371537
String indexPattern = randomAlphanumericOfLength(10);
1538+
boolean allowRestrictedIndices = randomBoolean();
15381539
final Role role = buildRole(
15391540
roleDescriptorWithIndicesPrivileges(
15401541
"r1",
1541-
new IndicesPrivileges[] { IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
1542+
new IndicesPrivileges[] {
1543+
IndicesPrivileges.builder()
1544+
.indices(indexPattern)
1545+
.privileges("read_failure_store")
1546+
.allowRestrictedIndices(allowRestrictedIndices)
1547+
.build() }
15421548
)
15431549
);
1544-
assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern));
1550+
assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, allowRestrictedIndices, indexPattern));
15451551
}
15461552

15471553
public void testBuildRoleWithReadFailureStorePrivilegeDuplicatesMerged() {
15481554
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15491555
String indexPattern = randomAlphanumericOfLength(10);
1556+
boolean allowRestrictedIndices = randomBoolean();
15501557
final Role role = buildRole(
15511558
roleDescriptorWithIndicesPrivileges(
15521559
"r1",
15531560
new IndicesPrivileges[] {
1554-
IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build(),
1555-
IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
1561+
IndicesPrivileges.builder()
1562+
.indices(indexPattern)
1563+
.privileges("read_failure_store")
1564+
.allowRestrictedIndices(allowRestrictedIndices)
1565+
.build(),
1566+
IndicesPrivileges.builder()
1567+
.indices(indexPattern)
1568+
.privileges("read_failure_store")
1569+
.allowRestrictedIndices(allowRestrictedIndices)
1570+
.build() }
15561571
)
15571572
);
1558-
assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern));
1573+
assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, allowRestrictedIndices, indexPattern));
15591574
}
15601575

15611576
public void testBuildRoleWithReadFailureStoreAndReadPrivilegeSplit() {
15621577
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15631578
String indexPattern = randomAlphanumericOfLength(10);
1579+
boolean allowRestrictedIndices = randomBoolean();
15641580
final Role role = buildRole(
15651581
roleDescriptorWithIndicesPrivileges(
15661582
"r1",
15671583
new IndicesPrivileges[] {
1568-
IndicesPrivileges.builder().indices(indexPattern).privileges("read", "read_failure_store").build() }
1584+
IndicesPrivileges.builder()
1585+
.indices(indexPattern)
1586+
.privileges("read", "read_failure_store")
1587+
.allowRestrictedIndices(allowRestrictedIndices)
1588+
.build() }
15691589
)
15701590
);
15711591
assertHasIndexGroups(
15721592
role.indices(),
1573-
indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern),
1574-
indexGroup(IndexPrivilege.READ, false, indexPattern)
1593+
indexGroup(IndexPrivilege.READ_FAILURE_STORE, allowRestrictedIndices, indexPattern),
1594+
indexGroup(IndexPrivilege.READ, allowRestrictedIndices, indexPattern)
15751595
);
15761596
}
15771597

15781598
public void testBuildRoleWithMultipleReadFailureStoreAndReadPrivilegeSplit() {
15791599
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15801600
String indexPattern = randomAlphanumericOfLength(10);
1601+
boolean allowRestrictedIndices = randomBoolean();
15811602
final Role role = buildRole(
15821603
roleDescriptorWithIndicesPrivileges(
15831604
"r1",
15841605
new IndicesPrivileges[] {
1585-
IndicesPrivileges.builder().indices(indexPattern).privileges("read").build(),
1586-
IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
1606+
IndicesPrivileges.builder()
1607+
.indices(indexPattern)
1608+
.privileges("read")
1609+
.allowRestrictedIndices(allowRestrictedIndices)
1610+
.build(),
1611+
IndicesPrivileges.builder()
1612+
.indices(indexPattern)
1613+
.privileges("read_failure_store")
1614+
.allowRestrictedIndices(allowRestrictedIndices)
1615+
.build() }
15871616
)
15881617
);
15891618
assertHasIndexGroups(
15901619
role.indices(),
1591-
indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern),
1592-
indexGroup(IndexPrivilege.READ, false, indexPattern)
1620+
indexGroup(IndexPrivilege.READ_FAILURE_STORE, allowRestrictedIndices, indexPattern),
1621+
indexGroup(IndexPrivilege.READ, allowRestrictedIndices, indexPattern)
15931622
);
15941623
}
15951624

15961625
public void testBuildRoleWithAllPrivilegeIsNeverSplit() {
15971626
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15981627
String indexPattern = randomAlphanumericOfLength(10);
1628+
boolean allowRestrictedIndices = randomBoolean();
15991629
final Role role = buildRole(
16001630
roleDescriptorWithIndicesPrivileges(
16011631
"r1",
16021632
new IndicesPrivileges[] {
1603-
IndicesPrivileges.builder().indices(indexPattern).privileges("read", "read_failure_store", "all").build(),
1604-
IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
1633+
IndicesPrivileges.builder()
1634+
.indices(indexPattern)
1635+
.privileges("read", "read_failure_store", "all")
1636+
.allowRestrictedIndices(allowRestrictedIndices)
1637+
.build(),
1638+
IndicesPrivileges.builder()
1639+
.indices(indexPattern)
1640+
.privileges("read_failure_store")
1641+
.allowRestrictedIndices(allowRestrictedIndices)
1642+
.build() }
16051643
)
16061644
);
16071645
assertHasIndexGroups(
16081646
role.indices(),
1609-
indexGroup(IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "read_failure_store", "all")), false, indexPattern)
1647+
indexGroup(
1648+
IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "read_failure_store", "all")),
1649+
allowRestrictedIndices,
1650+
indexPattern
1651+
)
16101652
);
16111653
}
16121654

0 commit comments

Comments
 (0)