Skip to content

Commit 51be855

Browse files
n1v0lgn1v0lg
committed
Test concrete index access
1 parent c194cd3 commit 51be855

File tree

1 file changed

+27
-4
lines changed

1 file changed

+27
-4
lines changed

x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/FailureStoreSecurityRestIT.java

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,15 @@
1313
import org.elasticsearch.client.Response;
1414
import org.elasticsearch.client.ResponseException;
1515
import org.elasticsearch.common.settings.SecureString;
16+
import org.elasticsearch.common.xcontent.support.XContentMapValues;
1617
import org.elasticsearch.core.Strings;
1718
import org.elasticsearch.search.SearchHit;
1819
import org.elasticsearch.search.SearchResponseUtils;
1920

2021
import java.io.IOException;
2122
import java.util.ArrayList;
2223
import java.util.Arrays;
24+
import java.util.Collections;
2325
import java.util.List;
2426
import java.util.Map;
2527

@@ -33,6 +35,7 @@ public class FailureStoreSecurityRestIT extends SecurityOnTrialLicenseRestTestCa
3335
private static final String FAILURE_STORE_ACCESS_USER = "failure_store_access_user";
3436
private static final SecureString PASSWORD = new SecureString("elastic-password");
3537

38+
@SuppressWarnings("unchecked")
3639
public void testFailureStoreAccess() throws IOException {
3740
String dataAccessRole = "data_access";
3841
String failureStoreAccessRole = "failure_store_access";
@@ -54,18 +57,37 @@ public void testFailureStoreAccess() throws IOException {
5457
}"""), failureStoreAccessRole);
5558

5659
createTemplates();
57-
List<String> ids = populateDataStreamWithBulkRequest();
58-
assertThat(ids.size(), equalTo(2));
59-
assertThat(ids, hasItem("1"));
60+
List<String> docIds = populateDataStreamWithBulkRequest();
61+
assertThat(docIds.size(), equalTo(2));
62+
assertThat(docIds, hasItem("1"));
6063
String successDocId = "1";
61-
String failedDocId = ids.stream().filter(id -> false == id.equals(successDocId)).findFirst().get();
64+
String failedDocId = docIds.stream().filter(id -> false == id.equals(successDocId)).findFirst().get();
65+
66+
Request dataStream = new Request("GET", "/_data_stream/test1");
67+
Response response = adminClient().performRequest(dataStream);
68+
Map<String, Object> dataStreams = entityAsMap(response);
69+
assertEquals(Collections.singletonList("test1"), XContentMapValues.extractValue("data_streams.name", dataStreams));
70+
List<String> dataIndexNames = (List<String>) XContentMapValues.extractValue("data_streams.indices.index_name", dataStreams);
71+
assertThat(dataIndexNames.size(), equalTo(1));
72+
List<String> failureIndexNames = (List<String>) XContentMapValues.extractValue(
73+
"data_streams.failure_store.indices.index_name",
74+
dataStreams
75+
);
76+
assertThat(failureIndexNames.size(), equalTo(1));
77+
78+
String dataIndexName = dataIndexNames.get(0);
79+
String failureIndexName = failureIndexNames.get(0);
6280

6381
// user with access to failures index
6482
assertContainsDocIds(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test1::failures/_search")), failedDocId);
6583
assertContainsDocIds(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test*::failures/_search")), failedDocId);
6684
assertContainsDocIds(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/*1::failures/_search")), failedDocId);
6785
assertContainsDocIds(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/*::failures/_search")), failedDocId);
6886
assertContainsDocIds(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/.fs*/_search")), failedDocId);
87+
assertContainsDocIds(
88+
performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/" + failureIndexName + "/_search")),
89+
failedDocId
90+
);
6991

7092
expectThrows404(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test12::failures/_search")));
7193
expectThrows404(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test2::failures/_search")));
@@ -75,6 +97,7 @@ public void testFailureStoreAccess() throws IOException {
7597
expectThrows403(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test1/_search")));
7698
expectThrows403(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test2::data/_search")));
7799
expectThrows403(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/test2/_search")));
100+
expectThrows403(() -> performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/" + dataIndexName + "/_search")));
78101

79102
// empty result
80103
assertEmpty(performRequest(FAILURE_STORE_ACCESS_USER, new Request("GET", "/*1::data/_search")));

0 commit comments

Comments
 (0)