Skip to content

Commit 8fc0eec

Browse files
ywangdywangd
authored
[Test] ensure workflow works across nodes (#96935)
This PR spreads the search application index shards to all nodes to show the workflow correctly works across nodes, i.e. the workflow header is recognized and role gets built on a data node the same way as on the coordinating node. Relates: #96744
1 parent 5b4bd79 commit 8fc0eec

File tree

1 file changed

+32
-6
lines changed

1 file changed

+32
-6
lines changed

x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/ApiKeyWorkflowsRestrictionRestIT.java

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import org.elasticsearch.client.Response;
1313
import org.elasticsearch.client.ResponseException;
1414
import org.elasticsearch.common.settings.SecureString;
15+
import org.elasticsearch.core.Strings;
1516
import org.elasticsearch.test.rest.ObjectPath;
1617
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
1718
import org.elasticsearch.xpack.security.SecurityOnTrialLicenseRestTestCase;
@@ -49,11 +50,32 @@ public void setup() throws IOException {
4950
}""");
5051
assertOK(adminClient().performRequest(putRoleRequest));
5152

52-
final Request indexDocRequestA = new Request("POST", "/index-a/_doc/doc1?refresh=true");
53-
indexDocRequestA.setJsonEntity("{\"foo\": \"bar\"}");
54-
assertOK(adminClient().performRequest(indexDocRequestA));
53+
// Create the index with 2 shards so each node has 1 shard
54+
final Request createIndexRequest = new Request("PUT", "index-a");
55+
createIndexRequest.setJsonEntity("""
56+
{
57+
"settings": {
58+
"number_of_shards": 2,
59+
"number_of_replicas": 0
60+
}
61+
}""");
62+
assertOK(adminClient().performRequest(createIndexRequest));
63+
final Request bulkRequest = new Request("POST", "/_bulk?refresh=true");
64+
bulkRequest.setJsonEntity(Strings.format("""
65+
{ "index": { "_index": "index-a", "_id": "doc1" } }
66+
{ "foo": "bar", "value": 1 }
67+
{ "index": { "_index": "index-a", "_id": "doc2" } }
68+
{ "foo": "bar", "value": 2 }
69+
{ "index": { "_index": "index-a", "_id": "doc3" } }
70+
{ "foo": "bar", "value": 3 }
71+
{ "index": { "_index": "index-a", "_id": "doc4" } }
72+
{ "foo": "bar", "value": 4 }
73+
{ "index": { "_index": "index-a", "_id": "doc5" } }
74+
{ "foo": "foo", "value": 5 }
75+
"""));
76+
assertOK(adminClient().performRequest(bulkRequest));
5577

56-
final Request indexDocRequestB = new Request("POST", "/index-b/_doc/doc2?refresh=true");
78+
final Request indexDocRequestB = new Request("POST", "/index-b/_doc/doc20?refresh=true");
5779
indexDocRequestB.setJsonEntity("{\"baz\": \"qux\"}");
5880
assertOK(adminClient().performRequest(indexDocRequestB));
5981
}
@@ -103,7 +125,8 @@ public void testWorkflowsRestrictionAllowsAccess() throws IOException {
103125
"term": {
104126
"{{field_name}}": "{{field_value}}"
105127
}
106-
}
128+
},
129+
"sort": [ "value" ]
107130
},
108131
"params": {
109132
"field_name": "foo",
@@ -117,8 +140,11 @@ public void testWorkflowsRestrictionAllowsAccess() throws IOException {
117140
ObjectPath queryResponseA = assertOKAndCreateObjectPath(
118141
performRequestWithApiKey(new Request("GET", "_application/search_application/my-app-a/_search"), apiKeyEncoded)
119142
);
120-
assertThat(queryResponseA.evaluate("hits.total.value"), equalTo(1));
143+
assertThat(queryResponseA.evaluate("hits.total.value"), equalTo(4));
121144
assertThat(queryResponseA.evaluate("hits.hits.0._id"), equalTo("doc1"));
145+
assertThat(queryResponseA.evaluate("hits.hits.1._id"), equalTo("doc2"));
146+
assertThat(queryResponseA.evaluate("hits.hits.2._id"), equalTo("doc3"));
147+
assertThat(queryResponseA.evaluate("hits.hits.3._id"), equalTo("doc4"));
122148

123149
// Check that access is rejected by workflow restriction after successful search application query call.
124150
// This test additionally proves that the permission check works correctly even after the API key's role is cached.

0 commit comments

Comments
 (0)