Skip to content

Commit aae20bd

Browse files
n1v0lgn1v0lg
committed
Tests
1 parent 37dd755 commit aae20bd

File tree

2 files changed

+50
-0
lines changed

2 files changed

+50
-0
lines changed

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
import org.elasticsearch.action.ActionRequestValidationException;
1010
import org.elasticsearch.action.support.WriteRequest;
11+
import org.elasticsearch.cluster.metadata.DataStream;
1112
import org.elasticsearch.test.ESTestCase;
1213
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges;
1314
import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissionGroup;
@@ -48,6 +49,22 @@ public void testValidationErrorWithUnknownClusterPrivilegeName() {
4849
assertValidationError("unknown cluster privilege [" + unknownClusterPrivilegeName.toLowerCase(Locale.ROOT) + "]", request);
4950
}
5051

52+
public void testValidationErrorWithFailureStorePrivilegeInRemoteIndices() {
53+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
54+
final PutRoleRequest request = new PutRoleRequest();
55+
request.name(randomAlphaOfLengthBetween(4, 9));
56+
request.addRemoteIndex(
57+
new String[] { "*" },
58+
new String[] { "index" },
59+
new String[] { "read_failure_store", "read", "indices:data/read" },
60+
null,
61+
null,
62+
null,
63+
randomBoolean()
64+
);
65+
assertValidationError("remote index privileges cannot contain privileges that grant access to the failure store", request);
66+
}
67+
5168
public void testValidationErrorWithTooLongRoleName() {
5269
final PutRoleRequest request = new PutRoleRequest();
5370
request.name(

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import org.elasticsearch.action.support.PlainActionFuture;
2424
import org.elasticsearch.client.internal.Client;
2525
import org.elasticsearch.cluster.health.ClusterHealthStatus;
26+
import org.elasticsearch.cluster.metadata.DataStream;
2627
import org.elasticsearch.cluster.metadata.IndexAbstraction;
2728
import org.elasticsearch.cluster.metadata.IndexMetadata;
2829
import org.elasticsearch.cluster.metadata.Metadata;
@@ -86,6 +87,7 @@
8687
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeTests;
8788
import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilegeResolver;
8889
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
90+
import org.elasticsearch.xpack.core.security.authz.privilege.IndexComponentSelectorPrivilege;
8991
import org.elasticsearch.xpack.core.security.authz.privilege.IndexPrivilege;
9092
import org.elasticsearch.xpack.core.security.authz.restriction.Workflow;
9193
import org.elasticsearch.xpack.core.security.authz.restriction.WorkflowResolver;
@@ -1531,6 +1533,7 @@ public void testBuildRoleWithMultipleRemoteClusterMerged() {
15311533
}
15321534

15331535
public void testBuildRoleWithReadFailureStorePrivilegeOnly() {
1536+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15341537
String indexPattern = randomAlphanumericOfLength(10);
15351538
final Role role = buildRole(
15361539
roleDescriptorWithIndicesPrivileges(
@@ -1542,6 +1545,7 @@ public void testBuildRoleWithReadFailureStorePrivilegeOnly() {
15421545
}
15431546

15441547
public void testBuildRoleWithReadFailureStorePrivilegeDuplicatesMerged() {
1548+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15451549
String indexPattern = randomAlphanumericOfLength(10);
15461550
final Role role = buildRole(
15471551
roleDescriptorWithIndicesPrivileges(
@@ -1555,6 +1559,7 @@ public void testBuildRoleWithReadFailureStorePrivilegeDuplicatesMerged() {
15551559
}
15561560

15571561
public void testBuildRoleWithReadFailureStoreAndReadPrivilegeSplit() {
1562+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15581563
String indexPattern = randomAlphanumericOfLength(10);
15591564
final Role role = buildRole(
15601565
roleDescriptorWithIndicesPrivileges(
@@ -1571,6 +1576,7 @@ public void testBuildRoleWithReadFailureStoreAndReadPrivilegeSplit() {
15711576
}
15721577

15731578
public void testBuildRoleWithMultipleReadFailureStoreAndReadPrivilegeSplit() {
1579+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15741580
String indexPattern = randomAlphanumericOfLength(10);
15751581
final Role role = buildRole(
15761582
roleDescriptorWithIndicesPrivileges(
@@ -1588,6 +1594,7 @@ public void testBuildRoleWithMultipleReadFailureStoreAndReadPrivilegeSplit() {
15881594
}
15891595

15901596
public void testBuildRoleWithAllPrivilegeIsNeverSplit() {
1597+
assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
15911598
String indexPattern = randomAlphanumericOfLength(10);
15921599
final Role role = buildRole(
15931600
roleDescriptorWithIndicesPrivileges(
@@ -1603,6 +1610,32 @@ public void testBuildRoleWithAllPrivilegeIsNeverSplit() {
16031610
);
16041611
}
16051612

1613+
public void testBuildRoleNeverSplitsWithoutFailureStoreRelatedPrivileges() {
1614+
String indexPattern = randomAlphanumericOfLength(10);
1615+
List<String> nonFailurePrivileges = IndexPrivilege.names()
1616+
.stream()
1617+
.filter(p -> IndexPrivilege.getNamedOrNull(p).getSelectorPrivilege() != IndexComponentSelectorPrivilege.FAILURES)
1618+
.toList();
1619+
Set<String> usedPrivileges = new HashSet<>();
1620+
1621+
int n = randomIntBetween(1, 5);
1622+
IndicesPrivileges[] indicesPrivileges = new IndicesPrivileges[n];
1623+
for (int i = 0; i < n; i++) {
1624+
IndicesPrivileges.Builder builder = IndicesPrivileges.builder();
1625+
// TODO this is due to an unrelated bug in index collation logic
1626+
List<String> privileges = randomValueOtherThanMany(
1627+
p -> p.get(0).equals("none"),
1628+
() -> randomNonEmptySubsetOf(nonFailurePrivileges)
1629+
);
1630+
usedPrivileges.addAll(privileges);
1631+
indicesPrivileges[i] = builder.indices(indexPattern).privileges(privileges).build();
1632+
}
1633+
1634+
final Role role = buildRole(roleDescriptorWithIndicesPrivileges("r1", indicesPrivileges));
1635+
final IndicesPermission actual = role.indices();
1636+
assertHasIndexGroups(actual, indexGroup(IndexPrivilege.getSingleSelector(usedPrivileges), false, indexPattern));
1637+
}
1638+
16061639
public void testCustomRolesProviderFailures() throws Exception {
16071640
final FileRolesStore fileRolesStore = mock(FileRolesStore.class);
16081641
doCallRealMethod().when(fileRolesStore).accept(anySet(), anyActionListener());

0 commit comments

Comments
 (0)