From b58a056aad707e95f57ee62aa2f379cc4510636f Mon Sep 17 00:00:00 2001 From: rs-eliatra <98745372+rs-eliatra@users.noreply.github.com> Date: Fri, 4 Mar 2022 14:46:04 +0100 Subject: [PATCH] tests: Replace TransportClient by NodeClient (#1660) * tests: Replace TransportClient by NodeClient Signed-off-by: rs-eliatra --- .../opensearch/security/AggregationTests.java | 4 +- .../security/HttpIntegrationTests.java | 23 +- .../security/IndexIntegrationTests.java | 24 +- .../InitializationIntegrationTests.java | 48 +- .../opensearch/security/IntegrationTests.java | 80 +- .../security/PrivilegesEvaluationTest.java | 2 +- .../opensearch/security/ResolveAPITests.java | 4 +- .../security/SnapshotRestoreTests.java | 12 +- .../org/opensearch/security/TracingTests.java | 12 +- .../TransportClientIntegrationTests.java | 780 ------------------ .../compliance/ComplianceAuditlogTest.java | 21 +- .../RestApiComplianceAuditlogTest.java | 1 - .../security/auditlog/impl/TracingTests.java | 11 +- .../integration/BasicAuditlogTest.java | 73 +- .../auditlog/integration/SSLAuditlogTest.java | 2 +- .../ccstest/CrossClusterSearchTests.java | 39 +- .../security/ccstest/RemoteReindexTests.java | 10 +- .../dlic/dlsfls/AbstractDlsFlsTest.java | 6 +- .../dlic/dlsfls/CCReplicationTest.java | 5 +- .../CustomFieldMaskedComplexMappingTest.java | 4 +- .../dlic/dlsfls/CustomFieldMaskedTest.java | 4 +- .../security/dlic/dlsfls/DateMathTest.java | 4 +- .../security/dlic/dlsfls/DlsDateMathTest.java | 4 +- .../dlsfls/DlsFlsCrossClusterSearchTest.java | 18 +- .../security/dlic/dlsfls/DlsNestedTest.java | 4 +- .../dlic/dlsfls/DlsPropsReplaceTest.java | 4 +- .../security/dlic/dlsfls/DlsScrollTest.java | 4 +- .../security/dlic/dlsfls/DlsTest.java | 4 +- .../security/dlic/dlsfls/FieldMaskedTest.java | 4 +- .../security/dlic/dlsfls/Fls983Test.java | 4 +- .../security/dlic/dlsfls/FlsDlsTestAB.java | 4 +- .../dlic/dlsfls/FlsDlsTestForbiddenField.java | 4 +- .../security/dlic/dlsfls/FlsDlsTestMulti.java | 4 +- .../dlic/dlsfls/FlsExistsFieldsTest.java | 4 +- .../security/dlic/dlsfls/FlsFieldsTest.java | 4 +- .../security/dlic/dlsfls/FlsFieldsWcTest.java | 4 +- .../security/dlic/dlsfls/FlsPerfTest.java | 4 +- .../security/dlic/dlsfls/FlsTest.java | 4 +- .../dlic/dlsfls/IndexPatternTest.java | 4 +- .../security/dlic/dlsfls/MFlsTest.java | 4 +- .../rest/api/AbstractRestApiUnitTest.java | 12 - .../dlic/rest/api/IndexMissingTest.java | 2 +- .../multitenancy/test/MultitenancyTests.java | 10 +- .../ProtectedIndicesTests.java | 14 +- .../opensearch/security/ssl/OpenSSLTest.java | 13 - .../org/opensearch/security/ssl/SSLTest.java | 147 +--- .../system_indices/SystemIndicesTests.java | 8 +- .../test/AbstractSecurityUnitTest.java | 146 ++-- .../security/test/SingleClusterTest.java | 13 +- 49 files changed, 283 insertions(+), 1337 deletions(-) delete mode 100644 src/test/java/org/opensearch/security/TransportClientIntegrationTests.java diff --git a/src/test/java/org/opensearch/security/AggregationTests.java b/src/test/java/org/opensearch/security/AggregationTests.java index 0a913ad3e0..37d6689dbb 100644 --- a/src/test/java/org/opensearch/security/AggregationTests.java +++ b/src/test/java/org/opensearch/security/AggregationTests.java @@ -36,7 +36,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -56,7 +56,7 @@ public void testBasicAggregations() throws Exception { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/HttpIntegrationTests.java b/src/test/java/org/opensearch/security/HttpIntegrationTests.java index 8740824309..ab0fe3c1a6 100644 --- a/src/test/java/org/opensearch/security/HttpIntegrationTests.java +++ b/src/test/java/org/opensearch/security/HttpIntegrationTests.java @@ -38,12 +38,13 @@ import org.apache.http.HttpStatus; import org.apache.http.NoHttpResponseException; import org.apache.http.message.BasicHeader; +import org.checkerframework.checker.units.qual.C; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -74,7 +75,7 @@ public void testHTTPBasic() throws Exception { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -155,7 +156,7 @@ public void testHTTPBasic() throws Exception { Assert.assertEquals(HttpStatus.SC_OK, rh.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode()); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".opendistro_security").type(getType()).id("roles").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("roles", FileHelper.readYamlContent("roles_deny.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); @@ -163,7 +164,7 @@ public void testHTTPBasic() throws Exception { Assert.assertEquals(HttpStatus.SC_FORBIDDEN, rh.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode()); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".opendistro_security").type(getType()).id("roles").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("roles", FileHelper.readYamlContent("roles.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); @@ -328,7 +329,7 @@ public void testHTTPAnon() throws Exception { Assert.assertFalse(resc.getBody().contains("opendistro_security_anonymous")); Assert.assertEquals(HttpStatus.SC_OK, resc.getStatusCode()); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".opendistro_security").type(getType()).id("config").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("config", FileHelper.readYamlContent("config.yml"))).actionGet(); tc.index(new IndexRequest(".opendistro_security").type(getType()).setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("internalusers").source("internalusers", FileHelper.readYamlContent("internal_users.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); @@ -358,7 +359,7 @@ public void testHTTPClientCert() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_clientcert.yml"), settings, true); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("vulcangov").type("type").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -442,7 +443,7 @@ public void testHTTPBasic2() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); @@ -580,7 +581,7 @@ public void test557() throws Exception { .build(); setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); @@ -611,7 +612,7 @@ public void testITT1635() throws Exception { .build(); setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_dnfof.yml").setSecurityRoles("roles_itt1635.yml"), settings); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.index(new IndexRequest("esb-prod-1").type("doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("esb-prod-2").type("doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); @@ -659,7 +660,7 @@ public void testTenantInfo() throws Exception { */ - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".kibana-6").type("doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest(".kibana_-1139640511_admin1").type("doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet(); @@ -740,7 +741,7 @@ public void testAll() throws Exception { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("abcdef").type("doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)) .actionGet(); } diff --git a/src/test/java/org/opensearch/security/IndexIntegrationTests.java b/src/test/java/org/opensearch/security/IndexIntegrationTests.java index afdf8e5ad4..9f68e29b1b 100644 --- a/src/test/java/org/opensearch/security/IndexIntegrationTests.java +++ b/src/test/java/org/opensearch/security/IndexIntegrationTests.java @@ -35,6 +35,7 @@ import java.util.Date; import java.util.TimeZone; +import org.opensearch.client.Client; import org.opensearch.security.support.SecurityUtils; import org.apache.http.HttpStatus; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; @@ -42,7 +43,6 @@ import org.opensearch.action.admin.indices.delete.DeleteIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.common.settings.Settings; import org.opensearch.common.unit.TimeValue; @@ -68,7 +68,7 @@ public void testComposite() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("composite_config.yml").setSecurityRoles("roles_composite.yml"), Settings.EMPTY, true); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("public").type("legends").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -97,7 +97,7 @@ public void testBulkShards() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles("roles_bs.yml"), Settings.EMPTY, true); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { //create indices and mapping upfront tc.index(new IndexRequest("test").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("lorem").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); @@ -170,7 +170,7 @@ public void testFilteredAlias() throws Exception { setup(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("theindex").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("otherindex").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -204,7 +204,7 @@ public void testIndexTypeEvaluation() throws Exception { setup(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("foo1").type("bar").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("foo2").type("bar").id("2").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("foo").type("baz").id("3").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet(); @@ -275,7 +275,7 @@ public void testIndices() throws Exception { setup(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("nopermindex").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("logstash-1").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -360,7 +360,7 @@ public void testAliases() throws Exception { setup(settings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("nopermindex").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("logstash-1").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -449,7 +449,7 @@ public void testCCSIndexResolve() throws Exception { setup(); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".abc-6").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -469,7 +469,7 @@ public void testCCSIndexResolve2() throws Exception { setup(); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".abc").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("xyz").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("noperm").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet(); @@ -531,7 +531,7 @@ public void testIndexResolveIgnoreUnavailable() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_respect_indices_options.yml").setSecurityRoles("roles_bs.yml"), Settings.EMPTY, true); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { //create indices and mapping upfront tc.index(new IndexRequest("test").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("lorem").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); @@ -552,7 +552,7 @@ public void testIndexResolveIndicesAlias() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY, true); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { //create indices and mapping upfront tc.index(new IndexRequest("foo-index").type("_doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); tc.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(AliasActions.add().indices("foo-index").alias("foo-alias"))).actionGet(); @@ -579,7 +579,7 @@ public void testIndexResolveMinus() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY, true); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { //create indices and mapping upfront tc.index(new IndexRequest("foo-abc").type("_doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 82b5f73238..dacf1fda33 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -33,6 +33,7 @@ import java.io.File; import java.util.Iterator; +import com.fasterxml.jackson.databind.JsonNode; import org.apache.http.Header; import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpGet; @@ -40,7 +41,10 @@ import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; +import org.opensearch.client.Request; +import org.opensearch.client.Response; +import org.opensearch.client.RestHighLevelClient; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.common.settings.Settings; import org.opensearch.common.transport.TransportAddress; @@ -51,9 +55,6 @@ import org.opensearch.security.action.configupdate.ConfigUpdateAction; import org.opensearch.security.action.configupdate.ConfigUpdateRequest; import org.opensearch.security.action.configupdate.ConfigUpdateResponse; -import org.opensearch.security.action.whoami.WhoAmIAction; -import org.opensearch.security.action.whoami.WhoAmIRequest; -import org.opensearch.security.action.whoami.WhoAmIResponse; import org.opensearch.security.ssl.util.SSLConfigConstants; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.test.DynamicSecurityConfig; @@ -111,27 +112,22 @@ public void testInitWithInjectedUser() throws Exception { @Test public void testWhoAmI() throws Exception { + final Settings settings = Settings.builder() + .put("plugins.security.ssl.http.enabled",true) + .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")) + .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")) + .build(); setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityInternalUsers("internal_empty.yml") - .setSecurityRoles("roles_deny.yml"), Settings.EMPTY, true); - - try (TransportClient tc = getUserTransportClient(clusterInfo, "spock-keystore.jks", Settings.EMPTY)) { - WhoAmIResponse wres = tc.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet(); - System.out.println(wres); - Assert.assertEquals(wres.toString(), "CN=spock,OU=client,O=client,L=Test,C=DE", wres.getDn()); - Assert.assertFalse(wres.toString(), wres.isAdmin()); - Assert.assertFalse(wres.toString(), wres.isAuthenticated()); - Assert.assertFalse(wres.toString(), wres.isNodeCertificateRequest()); - - } - - try (TransportClient tc = getUserTransportClient(clusterInfo, "node-0-keystore.jks", Settings.EMPTY)) { - WhoAmIResponse wres = tc.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet(); - System.out.println(wres); - Assert.assertEquals(wres.toString(), "CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE", wres.getDn()); - Assert.assertFalse(wres.toString(), wres.isAdmin()); - Assert.assertFalse(wres.toString(), wres.isAuthenticated()); - Assert.assertTrue(wres.toString(), wres.isNodeCertificateRequest()); - + .setSecurityRoles("roles_deny.yml"), settings, true); + + try (RestHighLevelClient restHighLevelClient = getRestClient(clusterInfo, "spock-keystore.jks", "truststore.jks")) { + Response whoAmIRes = restHighLevelClient.getLowLevelClient().performRequest(new Request("GET", "/_plugins/_security/whoami")); + Assert.assertEquals(whoAmIRes.getStatusLine().getStatusCode(), 200); + JsonNode whoAmIResNode = DefaultObjectMapper.objectMapper.readTree(whoAmIRes.getEntity().getContent()); + String whoAmIResponsePayload = whoAmIResNode.toPrettyString(); + Assert.assertEquals(whoAmIResponsePayload, "CN=spock,OU=client,O=client,L=Test,C=DE", whoAmIResNode.get("dn").asText()); + Assert.assertFalse(whoAmIResponsePayload, whoAmIResNode.get("is_admin").asBoolean()); + Assert.assertFalse(whoAmIResponsePayload, whoAmIResNode.get("is_node_certificate_request").asBoolean()); } } @@ -150,7 +146,7 @@ public void testConfigHotReload() throws Exception { Assert.assertTrue(res.getBody().contains("vulcan")); } - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest(".opendistro_security").type(getType()).setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("internalusers").source("internalusers", FileHelper.readYamlContent("internal_users_spock_add_roles.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); @@ -167,7 +163,7 @@ public void testConfigHotReload() throws Exception { Assert.assertFalse(res.getBody().contains("starfleet")); } - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest(".opendistro_security").type(getType()).setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("config").source("config", FileHelper.readYamlContent("config_anon.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config"})).actionGet(); diff --git a/src/test/java/org/opensearch/security/IntegrationTests.java b/src/test/java/org/opensearch/security/IntegrationTests.java index 85fc622ce6..ada597402d 100644 --- a/src/test/java/org/opensearch/security/IntegrationTests.java +++ b/src/test/java/org/opensearch/security/IntegrationTests.java @@ -38,15 +38,13 @@ import org.apache.http.HttpStatus; import org.apache.http.message.BasicHeader; -import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.admin.cluster.reroute.ClusterRerouteRequest; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.opensearch.action.admin.indices.create.CreateIndexRequest; -import org.opensearch.action.admin.indices.mapping.put.PutMappingRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; + import org.opensearch.common.settings.Settings; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.common.xcontent.XContentType; @@ -58,9 +56,6 @@ import org.opensearch.security.action.configupdate.ConfigUpdateAction; import org.opensearch.security.action.configupdate.ConfigUpdateRequest; import org.opensearch.security.action.configupdate.ConfigUpdateResponse; -import org.opensearch.security.action.whoami.WhoAmIAction; -import org.opensearch.security.action.whoami.WhoAmIRequest; -import org.opensearch.security.action.whoami.WhoAmIResponse; import org.opensearch.security.http.HTTPClientCertAuthenticator; import org.opensearch.security.ssl.util.SSLConfigConstants; import org.opensearch.security.support.ConfigConstants; @@ -91,7 +86,7 @@ public void uncaughtException(Thread t, Throwable e) { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -113,56 +108,7 @@ public void uncaughtException(Thread t, Throwable e) { } - - @Test - public void testNotInsecure() throws Exception { - setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles("roles_deny.yml"), Settings.EMPTY, true); - final RestHelper rh = nonSslRestHelper(); - - try (TransportClient tc = getInternalTransportClient()) { - //create indices and mapping upfront - tc.index(new IndexRequest("test").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); - tc.index(new IndexRequest("lorem").type("type1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet(); - - WhoAmIResponse wres = tc.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet(); - System.out.println(wres); - Assert.assertEquals("CN=kirk,OU=client,O=client,L=Test,C=DE", wres.getDn()); - Assert.assertTrue(wres.isAdmin()); - Assert.assertTrue(wres.toString(), wres.isAuthenticated()); - Assert.assertFalse(wres.toString(), wres.isNodeCertificateRequest()); - } - - HttpResponse res = rh.executePutRequest("test/_mapping?pretty", "{\"properties\": {\"name\":{\"type\":\"text\"}}}", encodeBasicHeader("writer", "writer")); - Assert.assertEquals(HttpStatus.SC_FORBIDDEN, res.getStatusCode()); - - res = rh.executePostRequest("_cluster/reroute", "{}", encodeBasicHeader("writer", "writer")); - Assert.assertEquals(HttpStatus.SC_FORBIDDEN, res.getStatusCode()); - - try (TransportClient tc = getUserTransportClient(clusterInfo, "spock-keystore.jks", Settings.EMPTY)) { - //create indices and mapping upfront - try { - tc.admin().indices().putMapping(new PutMappingRequest("test").type("typex").source("fieldx","type=text")).actionGet(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.toString(),e.getMessage().contains("no permissions for")); - } - - try { - tc.admin().cluster().reroute(new ClusterRerouteRequest()).actionGet(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.toString(),e.getMessage().contains("no permissions for [cluster:admin/reroute]")); - } - - WhoAmIResponse wres = tc.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet(); - Assert.assertEquals("CN=spock,OU=client,O=client,L=Test,C=DE", wres.getDn()); - Assert.assertFalse(wres.isAdmin()); - Assert.assertTrue(wres.toString(), wres.isAuthenticated()); - Assert.assertFalse(wres.toString(), wres.isNodeCertificateRequest()); - } - } - @Test public void testDnParsingCertAuth() throws Exception { Settings settings = Settings.builder() @@ -255,7 +201,7 @@ public void testMultiget() throws Exception { setup(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("mindex1").type("type").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("mindex2").type("type").id("2").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); } @@ -321,7 +267,7 @@ public void testSingle() throws Exception { setup(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("shakespeare").type("type").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); @@ -369,7 +315,7 @@ public void testRegexExcludes() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.index(new IndexRequest("indexa").type("type01").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"indexa\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("indexb").type("type01").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"indexb\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("isallowed").type("type01").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"isallowed\":1}", XContentType.JSON)).actionGet(); @@ -391,7 +337,7 @@ public void testMultiRoleSpan() throws Exception { setup(); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("mindex_1").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("mindex_2").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); } @@ -402,7 +348,7 @@ public void testMultiRoleSpan() throws Exception { Assert.assertFalse(res.getBody().contains("\"content\":1")); Assert.assertFalse(res.getBody().contains("\"content\":2")); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest(".opendistro_security").type(getType()).id("config").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("config", FileHelper.readYamlContent("config_multirolespan.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config"})).actionGet(); @@ -423,7 +369,7 @@ public void testMultiRoleSpan2() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_multirolespan.yml"), Settings.EMPTY); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("mindex_1").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("mindex_2").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("mindex_3").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet(); @@ -463,7 +409,7 @@ public void testDeleteByQueryDnfof() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_dnfof.yml"), Settings.EMPTY); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) { tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -484,7 +430,7 @@ public void testUpdate() throws Exception { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("indexc").type("typec").id("0") .setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -507,7 +453,7 @@ public void testDnfof() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_dnfof.yml"), settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("indexa").type("doc").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":\"indexa\"}", XContentType.JSON)).actionGet(); @@ -682,7 +628,7 @@ public void testNoDnfof() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("indexa").type("doc").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":\"indexa\"}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/PrivilegesEvaluationTest.java b/src/test/java/org/opensearch/security/PrivilegesEvaluationTest.java index e1f45d3e29..6bc3e67847 100644 --- a/src/test/java/org/opensearch/security/PrivilegesEvaluationTest.java +++ b/src/test/java/org/opensearch/security/PrivilegesEvaluationTest.java @@ -18,7 +18,7 @@ public void resolveTestHidden() throws Exception { setup(); - try (Client client = getInternalTransportClient()) { + try (Client client = getClient()) { client.index(new IndexRequest("hidden_test_not_hidden").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source(XContentType.JSON, "index", "hidden_test_not_hidden", "b", "y", "date", "1985/01/01")).actionGet(); diff --git a/src/test/java/org/opensearch/security/ResolveAPITests.java b/src/test/java/org/opensearch/security/ResolveAPITests.java index d0934d41dc..0a82496313 100644 --- a/src/test/java/org/opensearch/security/ResolveAPITests.java +++ b/src/test/java/org/opensearch/security/ResolveAPITests.java @@ -16,6 +16,7 @@ package org.opensearch.security; import org.apache.http.HttpStatus; +import org.opensearch.client.Client; import org.slf4j.LoggerFactory; import org.slf4j.Logger; import org.junit.Assert; @@ -24,7 +25,6 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.opensearch.security.test.DynamicSecurityConfig; @@ -144,7 +144,7 @@ public void testResolveDnfofTrue() throws Exception { } private void setupIndices() { - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java index 380d15a4a2..316827fddd 100644 --- a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java +++ b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java @@ -38,7 +38,7 @@ import org.opensearch.action.admin.cluster.snapshots.create.CreateSnapshotRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -80,7 +80,7 @@ public void testSnapshotEnableSecurityIndexRestore() throws Exception { setup(settings, currentClusterConfig); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet(); @@ -141,7 +141,7 @@ public void testSnapshot() throws Exception { setup(settings, currentClusterConfig); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet(); @@ -193,7 +193,7 @@ public void testSnapshotCheckWritePrivileges() throws Exception { setup(settings, currentClusterConfig); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet(); @@ -259,7 +259,7 @@ public void testSnapshotRestore() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityActionGroups("action_groups_packaged.yml"), settings, true, currentClusterConfig); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("testsnap1").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("testsnap2").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("testsnap3").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -312,7 +312,7 @@ public void testNoSnapshotRestore() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityActionGroups("action_groups_packaged.yml"), settings, true, currentClusterConfig); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.index(new IndexRequest("testsnap1").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("testsnap2").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("testsnap3").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/TracingTests.java b/src/test/java/org/opensearch/security/TracingTests.java index ffdb72eb73..b82c9bb2a5 100644 --- a/src/test/java/org/opensearch/security/TracingTests.java +++ b/src/test/java/org/opensearch/security/TracingTests.java @@ -39,7 +39,7 @@ import org.opensearch.action.admin.indices.mapping.put.PutMappingRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -61,7 +61,7 @@ public class TracingTests extends SingleClusterTest { public void testAdvancedMapping() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY, true, ClusterConfiguration.DEFAULT); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("myindex1") .mapping("mytype1", FileHelper.loadFile("mapping1.json"), XContentType.JSON)).actionGet(); tc.admin().indices().create(new CreateIndexRequest("myindex2") @@ -98,7 +98,7 @@ public void testHTTPTraceNoSource() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY, true, ClusterConfiguration.DEFAULT); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("a")).actionGet(); tc.admin().indices().create(new CreateIndexRequest("c")).actionGet(); tc.admin().indices().create(new CreateIndexRequest("test")).actionGet(); @@ -267,7 +267,7 @@ public void uncaughtException(Thread t, Throwable e) { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -333,7 +333,7 @@ public void uncaughtException(Thread t, Throwable e) { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -361,7 +361,7 @@ public void testHTTPTrace() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY, true, ClusterConfiguration.DEFAULT); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { for(int i=0; i<50;i++) { tc.index(new IndexRequest("a").type("b").id(i+"").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":"+i+"}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/TransportClientIntegrationTests.java b/src/test/java/org/opensearch/security/TransportClientIntegrationTests.java deleted file mode 100644 index 986cfc8c77..0000000000 --- a/src/test/java/org/opensearch/security/TransportClientIntegrationTests.java +++ /dev/null @@ -1,780 +0,0 @@ -/* - * Copyright 2015-2018 _floragunn_ GmbH - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * Portions Copyright OpenSearch Contributors - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -package org.opensearch.security; - -import org.apache.http.Header; -import org.opensearch.OpenSearchSecurityException; -import org.opensearch.action.DocWriteResponse.Result; -import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; -import org.opensearch.action.admin.indices.create.CreateIndexRequest; -import org.opensearch.action.admin.indices.create.CreateIndexResponse; -import org.opensearch.action.get.GetResponse; -import org.opensearch.action.index.IndexRequest; -import org.opensearch.action.index.IndexResponse; -import org.opensearch.action.search.SearchRequest; -import org.opensearch.action.search.SearchResponse; -import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; -import org.opensearch.common.settings.Settings; -import org.opensearch.common.unit.TimeValue; -import org.opensearch.common.util.concurrent.ThreadContext.StoredContext; -import org.opensearch.common.xcontent.XContentType; -import org.junit.Assert; -import org.junit.Test; - -import org.opensearch.security.action.configupdate.ConfigUpdateAction; -import org.opensearch.security.action.configupdate.ConfigUpdateRequest; -import org.opensearch.security.action.configupdate.ConfigUpdateResponse; -import org.opensearch.security.ssl.util.ExceptionUtils; -import org.opensearch.security.ssl.util.SSLConfigConstants; -import org.opensearch.security.support.ConfigConstants; -import org.opensearch.security.test.DynamicSecurityConfig; -import org.opensearch.security.test.SingleClusterTest; -import org.opensearch.security.test.helper.file.FileHelper; - -public class TransportClientIntegrationTests extends SingleClusterTest { - - @Test - public void testTransportClient() throws Exception { - - final Settings settings = Settings.builder() - .putList(ConfigConstants.SECURITY_AUTHCZ_IMPERSONATION_DN+".CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") - .put("discovery.initial_state_timeout","8s") - .build(); - setup(settings); - - try (TransportClient tc = getInternalTransportClient()) { - tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); - } - - - Settings tcSettings = Settings.builder() - .put(settings) - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .build(); - - System.out.println("------- 0 ---------"); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - - System.out.println("------- 1 ---------"); - - CreateIndexResponse cir = tc.admin().indices().create(new CreateIndexRequest("vulcan")).actionGet(); - Assert.assertTrue(cir.isAcknowledged()); - - System.out.println("------- 2 ---------"); - - IndexResponse ir = tc.index(new IndexRequest("vulcan").type("secrets").id("s1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"secret\":true}", XContentType.JSON)).actionGet(); - Assert.assertTrue(ir.getResult() == Result.CREATED); - - System.out.println("------- 3 ---------"); - - GetResponse gr =tc.prepareGet("vulcan", "secrets", "s1").setRealtime(true).get(); - Assert.assertTrue(gr.isExists()); - - System.out.println("------- 4 ---------"); - - gr =tc.prepareGet("vulcan", "secrets", "s1").setRealtime(false).get(); - Assert.assertTrue(gr.isExists()); - - System.out.println("------- 5 ---------"); - - SearchResponse actionGet = tc.search(new SearchRequest("vulcan").types("secrets")).actionGet(); - Assert.assertEquals(1, actionGet.getHits().getHits().length); - System.out.println("------- 6 ---------"); - - gr =tc.prepareGet(".opendistro_security", "security", "config").setRealtime(false).get(); - Assert.assertFalse(gr.isExists()); - - System.out.println("------- 7 ---------"); - - gr =tc.prepareGet(".opendistro_security", "security", "config").setRealtime(true).get(); - Assert.assertFalse(gr.isExists()); - - System.out.println("------- 8 ---------"); - - actionGet = tc.search(new SearchRequest(".opendistro_security")).actionGet(); - Assert.assertEquals(0, actionGet.getHits().getHits().length); - - System.out.println("------- 9 ---------"); - - try { - tc.index(new IndexRequest(".opendistro_security").type(getType()).id("config").source("config", FileHelper.readYamlContent("config.yml"))).actionGet(); - Assert.fail(); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - System.out.println("------- 10 ---------"); - - //impersonation - try { - - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "worf"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - } finally { - ctx.close(); - } - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage(), e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - } - - System.out.println("------- 11 ---------"); - - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - } finally { - ctx.close(); - } - - System.out.println("------- 12 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf111"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - e.printStackTrace(); - //Assert.assertTrue(e.getCause().getMessage().contains("password does not match")); - } finally { - ctx.close(); - } - - System.out.println("------- 13 ---------"); - - //impersonation - try { - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "gkar"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } finally { - ctx.close(); - } - - } catch (OpenSearchSecurityException e) { - Assert.assertEquals("'CN=spock,OU=client,O=client,L=Test,C=DE' is not allowed to impersonate as 'gkar'", e.getMessage()); - } - - System.out.println("------- 12 ---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 13 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "config", "0").setRealtime(Boolean.FALSE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - System.out.println("------- 13.1 ---------"); - - String scrollId = null; - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - SearchResponse searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - scrollId = searchRes.getScrollId(); - } finally { - ctx.close(); - } - - System.out.println("------- 13.2 ---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - tc.prepareSearchScroll(scrollId).get(); - } finally { - ctx.close(); - } - - - System.out.println("------- 14 ---------"); - - boolean ok=false; - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - ok = true; - ctx.close(); - ctx = tc.threadPool().getThreadContext().stashContext(); - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - Assert.assertTrue(ok); - } finally { - ctx.close(); - } - - System.out.println("------- 15 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 15 0---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.fail(); - } catch (Exception e) { - Assert.assertTrue(e.getMessage().contains("no permissions for [indices:data/read/get] and User [name=worf")); - } - finally { - ctx.close(); - } - - - System.out.println("------- 15 1---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("nagilum", "nagilum"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 16---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.FALSE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - ctx = tc.threadPool().getThreadContext().stashContext(); - SearchResponse searchRes = null; - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - } finally { - ctx.close(); - } - - Assert.assertNotNull(searchRes.getScrollId()); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "worf"); - tc.prepareSearchScroll(searchRes.getScrollId()).get(); - Assert.fail(); - } catch (Exception e) { - Throwable root = ExceptionUtils.getRootCause(e); - e.printStackTrace(); - Assert.assertTrue(root.getMessage().contains("Wrong user in reader context")); - } - finally { - ctx.close(); - } - - - ctx = tc.threadPool().getThreadContext().stashContext(); - searchRes = null; - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - SearchResponse scrollRes = tc.prepareSearchScroll(searchRes.getScrollId()).get(); - Assert.assertEquals(0, scrollRes.getFailedShards()); - } finally { - ctx.close(); - } - - System.out.println("------- TRC end ---------"); - } - - System.out.println("------- CTC end ---------"); - } - - @Test - public void testTransportClientImpersonation() throws Exception { - - final Settings settings = Settings.builder() - .putList("plugins.security.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") - .build(); - - - setup(settings); - - try (TransportClient tc = getInternalTransportClient()) { - tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); - - ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); - Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); - - } - - Settings tcSettings = Settings.builder() - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .put("path.home", ".") - .put("request.headers.opendistro_security_impersonate_as", "worf") - .build(); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - NodesInfoRequest nir = new NodesInfoRequest(); - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); - } - } - - @Test - public void testTransportClientImpersonationWildcard() throws Exception { - - final Settings settings = Settings.builder() - .putList("plugins.security.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") - .build(); - - - setup(settings); - - Settings tcSettings = Settings.builder() - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .put("path.home", ".") - .put("request.headers.opendistro_security_impersonate_as", "worf") - .build(); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - NodesInfoRequest nir = new NodesInfoRequest(); - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); - } - } - - //--- - - @Test - public void testTransportClientUsernameAttribute() throws Exception { - - final Settings settings = Settings.builder() - .putList(ConfigConstants.SECURITY_AUTHCZ_IMPERSONATION_DN+".CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") - .put("discovery.initial_state_timeout","8s") - .build(); - - setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_transport_username.yml") - .setSecurityRolesMapping("roles_mapping_transport_username.yml") - .setSecurityInternalUsers("internal_users_transport_username.yml") - , settings); - - try (TransportClient tc = getInternalTransportClient()) { - tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); - } - - - Settings tcSettings = Settings.builder() - .put(settings) - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .build(); - - System.out.println("------- 0 ---------"); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - - System.out.println("------- 1 ---------"); - - CreateIndexResponse cir = tc.admin().indices().create(new CreateIndexRequest("vulcan")).actionGet(); - Assert.assertTrue(cir.isAcknowledged()); - - System.out.println("------- 2 ---------"); - - IndexResponse ir = tc.index(new IndexRequest("vulcan").type("secrets").id("s1").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"secret\":true}", XContentType.JSON)).actionGet(); - Assert.assertTrue(ir.getResult() == Result.CREATED); - - System.out.println("------- 3 ---------"); - - GetResponse gr =tc.prepareGet("vulcan", "secrets", "s1").setRealtime(true).get(); - Assert.assertTrue(gr.isExists()); - - System.out.println("------- 4 ---------"); - - gr =tc.prepareGet("vulcan", "secrets", "s1").setRealtime(false).get(); - Assert.assertTrue(gr.isExists()); - - System.out.println("------- 5 ---------"); - - SearchResponse actionGet = tc.search(new SearchRequest("vulcan").types("secrets")).actionGet(); - Assert.assertEquals(1, actionGet.getHits().getHits().length); - System.out.println("------- 6 ---------"); - - gr =tc.prepareGet(".opendistro_security", "security", "config").setRealtime(false).get(); - Assert.assertFalse(gr.isExists()); - - System.out.println("------- 7 ---------"); - - gr =tc.prepareGet(".opendistro_security", "security", "config").setRealtime(true).get(); - Assert.assertFalse(gr.isExists()); - - System.out.println("------- 8 ---------"); - - actionGet = tc.search(new SearchRequest(".opendistro_security")).actionGet(); - Assert.assertEquals(0, actionGet.getHits().getHits().length); - - System.out.println("------- 9 ---------"); - - try { - tc.index(new IndexRequest(".opendistro_security").type(getType()).id("config").source("config", FileHelper.readYamlContent("config.yml"))).actionGet(); - Assert.fail(); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - System.out.println("------- 10 ---------"); - - //impersonation - try { - - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "worf"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - } finally { - ctx.close(); - } - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage(), e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - } - - System.out.println("------- 11 ---------"); - - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - } finally { - ctx.close(); - } - - System.out.println("------- 12 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf111"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - e.printStackTrace(); - //Assert.assertTrue(e.getCause().getMessage().contains("password does not match")); - } finally { - ctx.close(); - } - - System.out.println("------- 13 ---------"); - - //impersonation - try { - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "gkar"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } finally { - ctx.close(); - } - - } catch (OpenSearchSecurityException e) { - Assert.assertEquals("'CN=spock,OU=client,O=client,L=Test,C=DE' is not allowed to impersonate as 'gkar'", e.getMessage()); - } - - System.out.println("------- 12 ---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 13 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "config", "0").setRealtime(Boolean.FALSE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - System.out.println("------- 13.1 ---------"); - - String scrollId = null; - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - SearchResponse searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - scrollId = searchRes.getScrollId(); - } finally { - ctx.close(); - } - - System.out.println("------- 13.2 ---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - tc.prepareSearchScroll(scrollId).get(); - } finally { - ctx.close(); - } - - - System.out.println("------- 14 ---------"); - - boolean ok=false; - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - ok = true; - ctx.close(); - ctx = tc.threadPool().getThreadContext().stashContext(); - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet("vulcan", "secrets", "s1").get(); - Assert.fail(); - } catch (OpenSearchSecurityException e) { - Assert.assertTrue(e.getMessage().startsWith("no permissions for [indices:data/read/get]")); - Assert.assertTrue(ok); - } finally { - ctx.close(); - } - - System.out.println("------- 15 ---------"); - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 15 0---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("worf", "worf"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.fail(); - } catch (Exception e) { - Assert.assertTrue(e.getMessage().contains("no permissions for [indices:data/read/get] and User [name=worf")); - } - finally { - ctx.close(); - } - - - System.out.println("------- 15 1---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("nagilum", "nagilum"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.TRUE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - System.out.println("------- 16---------"); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - gr = tc.prepareGet(".opendistro_security", "security", "config").setRealtime(Boolean.FALSE).get(); - Assert.assertFalse(gr.isExists()); - Assert.assertTrue(gr.isSourceEmpty()); - } finally { - ctx.close(); - } - - ctx = tc.threadPool().getThreadContext().stashContext(); - SearchResponse searchRes = null; - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - } finally { - ctx.close(); - } - - Assert.assertNotNull(searchRes.getScrollId()); - - ctx = tc.threadPool().getThreadContext().stashContext(); - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "worf"); - tc.prepareSearchScroll(searchRes.getScrollId()).get(); - Assert.fail(); - } catch (Exception e) { - Throwable root = ExceptionUtils.getRootCause(e); - e.printStackTrace(); - Assert.assertTrue(root.getMessage().contains("Wrong user in reader context")); - } - finally { - ctx.close(); - } - - - ctx = tc.threadPool().getThreadContext().stashContext(); - searchRes = null; - try { - tc.threadPool().getThreadContext().putHeader("opendistro_security_impersonate_as", "nagilum"); - searchRes = tc.prepareSearch("starfleet").setTypes("ships").setScroll(TimeValue.timeValueMinutes(5)).get(); - SearchResponse scrollRes = tc.prepareSearchScroll(searchRes.getScrollId()).get(); - Assert.assertEquals(0, scrollRes.getFailedShards()); - } finally { - ctx.close(); - } - - System.out.println("------- TRC end ---------"); - } - - System.out.println("------- CTC end ---------"); - } - - @Test - public void testTransportClientImpersonationUsernameAttribute() throws Exception { - - final Settings settings = Settings.builder() - .putList("plugins.security.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") - .build(); - - - setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_transport_username.yml") - .setSecurityRolesMapping("roles_mapping_transport_username.yml") - .setSecurityInternalUsers("internal_users_transport_username.yml") - , settings); - - try (TransportClient tc = getInternalTransportClient()) { - tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); - - ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); - Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); - - } - - Settings tcSettings = Settings.builder() - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .put("path.home", ".") - .put("request.headers.opendistro_security_impersonate_as", "worf") - .build(); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - NodesInfoRequest nir = new NodesInfoRequest(); - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); - } - } - - @Test - public void testTransportClientImpersonationWildcardUsernameAttribute() throws Exception { - - final Settings settings = Settings.builder() - .putList("plugins.security.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") - .build(); - - setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_transport_username.yml") - .setSecurityRolesMapping("roles_mapping_transport_username.yml") - .setSecurityInternalUsers("internal_users_transport_username.yml") - , settings); - - Settings tcSettings = Settings.builder() - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") - .put("path.home", ".") - .put("request.headers.opendistro_security_impersonate_as", "worf") - .build(); - - try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { - NodesInfoRequest nir = new NodesInfoRequest(); - Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); - } - } - -} diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java index 4f6d1444e8..b6be1924ef 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java @@ -15,6 +15,11 @@ package org.opensearch.security.auditlog.compliance; +import org.opensearch.action.get.GetRequest; +import org.opensearch.action.get.GetResponse; +import org.opensearch.client.Client; +import org.opensearch.client.RequestOptions; +import org.opensearch.client.RestHighLevelClient; import org.opensearch.security.auditlog.AuditTestUtils; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.compliance.ComplianceConfig; @@ -23,7 +28,6 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.junit.Assert; import org.junit.Test; @@ -216,18 +220,19 @@ public void testInternalConfig() throws Exception { TestAuditlogImpl.clear(); setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (RestHighLevelClient restHighLevelClient = getRestClient(clusterInfo, "kirk-keystore.jks", "truststore.jks")) { for(IndexRequest ir: new DynamicSecurityConfig().setSecurityRoles("roles_2.yml").getDynamicConfig(getResourceFolder())) { - tc.index(ir).actionGet(); + restHighLevelClient.index(ir, RequestOptions.DEFAULT); + GetResponse getDocumentResponse = restHighLevelClient.get(new GetRequest(ir.index(), ir.id()), RequestOptions.DEFAULT); + Assert.assertTrue("Document not found:" + getDocumentResponse, getDocumentResponse.isExists()); } - } HttpResponse response = rh.executeGetRequest("_search?pretty", encodeBasicHeader("admin", "admin")); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); Thread.sleep(1500); System.out.println(TestAuditlogImpl.sb.toString()); - Assert.assertTrue(TestAuditlogImpl.messages.size() > 25); + Assert.assertTrue(TestAuditlogImpl.messages.size() >= 15); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_READ")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_WRITE")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("anonymous_auth_enabled")); @@ -263,7 +268,7 @@ public void testExternalConfig() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(IndexRequest ir: new DynamicSecurityConfig().setSecurityRoles("roles_2.yml").getDynamicConfig(getResourceFolder())) { tc.index(ir).actionGet(); @@ -299,7 +304,7 @@ public void testUpdate() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.prepareIndex("humanresources", "employees", "100") .setRefreshPolicy(RefreshPolicy.IMMEDIATE) .setSource("Age", 456) @@ -384,7 +389,7 @@ public void testWriteHistory() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.prepareIndex("humanresources", "employees", "100") .setRefreshPolicy(RefreshPolicy.IMMEDIATE) .setSource("Age", 456) diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java index b1fb8e4af5..c7ce95e023 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java @@ -152,7 +152,6 @@ public void testAutoInit() throws Exception { Assert.assertTrue(TestAuditlogImpl.messages.size() > 2); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("audit_request_effective_user")); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_READ")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_WRITE")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_EXTERNAL_CONFIG")); Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages)); diff --git a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java index 2e114c4b82..4f628d481d 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java @@ -17,6 +17,7 @@ import java.lang.Thread.UncaughtExceptionHandler; +import org.opensearch.client.Client; import org.opensearch.security.auditlog.AuditTestUtils; import net.jcip.annotations.NotThreadSafe; @@ -63,7 +64,7 @@ public void testHTTPTrace() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest("_opendistro/_security/api/audit/config", AuditTestUtils.createAuditPayload(settings), encodeBasicHeader("admin", "admin")); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { for(int i=0; i<50;i++) { tc.index(new IndexRequest("a").type("b").id(i+"").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":"+i+"}", XContentType.JSON)).actionGet(); @@ -241,7 +242,7 @@ public void uncaughtException(Thread t, Throwable e) { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -307,7 +308,7 @@ public void uncaughtException(Thread t, Throwable e) { setup(settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -341,7 +342,7 @@ public void testAdvancedMapping() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest("_opendistro/_security/api/audit/config", AuditTestUtils.createAuditPayload(settings), encodeBasicHeader("admin", "admin")); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("myindex1") .mapping("mytype1", FileHelper.loadFile("mapping1.json"), XContentType.JSON)).actionGet(); tc.admin().indices().create(new CreateIndexRequest("myindex2") @@ -394,7 +395,7 @@ public void testImmutableIndex() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest("_opendistro/_security/api/audit/config", AuditTestUtils.createAuditPayload(Settings.EMPTY), encodeBasicHeader("admin", "admin")); - try (TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("myindex1") .mapping("mytype1", FileHelper.loadFile("mapping1.json"), XContentType.JSON)).actionGet(); tc.admin().indices().create(new CreateIndexRequest("myindex2") diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 9c436849ae..ca30281617 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -15,6 +15,9 @@ package org.opensearch.security.auditlog.integration; +import org.opensearch.client.Client; +import org.opensearch.client.RequestOptions; +import org.opensearch.client.RestHighLevelClient; import org.opensearch.security.auditlog.AuditTestUtils; import org.opensearch.security.auditlog.config.AuditConfig; import org.opensearch.security.auditlog.impl.AuditCategory; @@ -44,7 +47,10 @@ import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.rest.RestHelper.HttpResponse; +import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.Collections; +import java.util.Objects; public class BasicAuditlogTest extends AbstractAuditlogiUnitTest { @@ -136,48 +142,6 @@ public void testSSLPlainText() throws Exception { Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages)); } - @Test - public void testSimpleTransportAuthenticated() throws Exception { - - Settings additionalSettings = Settings.builder() - .put("plugins.security.audit.type", TestAuditlogImpl.class.getName()) - .put(ConfigConstants.OPENDISTRO_SECURITY_AUDIT_ENABLE_TRANSPORT, true) - .put(ConfigConstants.OPENDISTRO_SECURITY_AUDIT_ENABLE_REST, false) - .put(ConfigConstants.OPENDISTRO_SECURITY_AUDIT_RESOLVE_BULK_REQUESTS, true) - .put(ConfigConstants.OPENDISTRO_SECURITY_AUDIT_CONFIG_DISABLED_TRANSPORT_CATEGORIES, "NONE") - .put(ConfigConstants.OPENDISTRO_SECURITY_AUDIT_CONFIG_DISABLED_REST_CATEGORIES, "NONE") - .build(); - - setup(additionalSettings); - setupStarfleetIndex(); - TestAuditlogImpl.clear(); - - System.out.println("#### testSimpleAuthenticated"); - try (TransportClient tc = getUserTransportClient(clusterInfo, "spock-keystore.jks", Settings.EMPTY)) { - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("admin", "admin"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - SearchResponse res = tc.search(new SearchRequest()).actionGet(); - System.out.println(res); - } finally { - ctx.close(); - } - } - - Thread.sleep(1500); - System.out.println(TestAuditlogImpl.sb.toString()); - Assert.assertTrue("Was "+TestAuditlogImpl.messages.size(), TestAuditlogImpl.messages.size() >= 2); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("GRANTED_PRIVILEGES")); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED")); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search")); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("TRANSPORT")); - Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"audit_request_effective_user\" : \"admin\"")); - Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("REST")); - Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization")); - Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages)); - } - @Test public void testTaskId() throws Exception { @@ -191,17 +155,8 @@ public void testTaskId() throws Exception { setupStarfleetIndex(); TestAuditlogImpl.clear(); - try (TransportClient tc = getUserTransportClient(clusterInfo, "spock-keystore.jks", Settings.EMPTY)) { - StoredContext ctx = tc.threadPool().getThreadContext().stashContext(); - try { - Header header = encodeBasicHeader("admin", "admin"); - tc.threadPool().getThreadContext().putHeader(header.getName(), header.getValue()); - SearchResponse res = tc.search(new SearchRequest()).actionGet(); - System.out.println(res); - } finally { - ctx.close(); - } - } + HttpResponse response = rh.executeGetRequest("_search", encodeBasicHeader("admin", "admin")); + Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); Thread.sleep(1500); System.out.println(TestAuditlogImpl.sb.toString()); @@ -211,7 +166,7 @@ public void testTaskId() throws Exception { Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("TRANSPORT")); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"audit_request_effective_user\" : \"admin\"")); - Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("REST")); + Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("REST")); Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization")); Assert.assertEquals(TestAuditlogImpl.messages.get(1).getAsMap().get(AuditMessage.TASK_ID), TestAuditlogImpl.messages.get(1).getAsMap().get(AuditMessage.TASK_ID)); @@ -580,7 +535,7 @@ public void testAliases() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); @@ -624,7 +579,7 @@ public void testScroll() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } @@ -666,7 +621,7 @@ public void testAliasResolution() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); tc.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(AliasActions.add().alias("thealias").index("vulcangov"))).actionGet(); @@ -723,7 +678,7 @@ public void testIndexCloseDelete() throws Exception { setup(additionalSettings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("index1")).actionGet(); tc.admin().indices().create(new CreateIndexRequest("index2")).actionGet(); } @@ -754,7 +709,7 @@ public void testDeleteByQuery() throws Exception { .build(); setup(settings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for(int i=0; i<3; i++) tc.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java index 910607af9a..e79bbe0311 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java @@ -53,7 +53,7 @@ public void tearDown() { private void setupMonitoring() throws Exception { Assert.assertNull("No monitoring cluster", monitoringClusterInfo); monitoringClusterInfo = monitoringCluster.startCluster(minimumSecuritySettings(defaultNodeSettings(Settings.EMPTY)), ClusterConfiguration.DEFAULT); - initialize(monitoringClusterInfo, Settings.EMPTY, new DynamicSecurityConfig()); + initialize(monitoringCluster, monitoringClusterInfo, new DynamicSecurityConfig()); rhMon = new RestHelper(monitoringClusterInfo, getResourceFolder()); } diff --git a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java index 90e5010b4b..fa98cd5e0c 100644 --- a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java +++ b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java @@ -49,7 +49,6 @@ import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.collect.Tuple; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; @@ -151,7 +150,7 @@ private void setupCcs(DynamicSecurityConfig dynamicSecurityConfig, private Tuple setupCluster(ClusterHelper ch, ClusterTransportClientSettings cluster, DynamicSecurityConfig dynamicSecurityConfig) throws Exception { NodeSettingsSupplier settings = minimumSecuritySettings(cluster.clusterSettings()); ClusterInfo clusterInfo = ch.startCluster(settings, ClusterConfiguration.DEFAULT); - initialize(clusterInfo, cluster.transportClientSettings(), dynamicSecurityConfig); + initialize(ch, clusterInfo, dynamicSecurityConfig); boolean httpsEnabled = settings.get(0).getAsBoolean(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLED, false); RestHelper rh = new RestHelper(clusterInfo, httpsEnabled, httpsEnabled, getResourceFolder()); rh.sendAdminCertificate = httpsEnabled; @@ -173,7 +172,7 @@ public void testCcs() throws Exception { final String cl1BodyMain = new RestHelper(cl1Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("nagilum","nagilum")).getBody(); Assert.assertTrue(cl1BodyMain.contains("crl1")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -183,7 +182,7 @@ public void testCcs() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("nagilum","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -232,7 +231,7 @@ public void testCcsNonadmin() throws Exception { final String cl1BodyMain = new RestHelper(cl1Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl1BodyMain.contains("crl1")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -244,7 +243,7 @@ public void testCcsNonadmin() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -403,7 +402,7 @@ public void testCcsNonadminDnfof() throws Exception { final String cl1BodyMain = new RestHelper(cl1Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl1BodyMain.contains("crl1")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -415,7 +414,7 @@ public void testCcsNonadminDnfof() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -584,7 +583,7 @@ public void testCcsEmptyCoord() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); } @@ -612,7 +611,7 @@ public void testCcsDashboardsAggregations() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("coordinating").type("coordinating").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("abc").type("abc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -620,7 +619,7 @@ public void testCcsDashboardsAggregations() throws Exception { } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("remote").type("remote").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); } @@ -692,7 +691,7 @@ public void testCcsDashboardsAggregationsNonAdminDnfof() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("coordinating").type("coordinating").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("abc").type("abc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -702,7 +701,7 @@ public void testCcsDashboardsAggregationsNonAdminDnfof() throws Exception { } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("remote").type("remote").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); @@ -782,7 +781,7 @@ public void testCcsAggregations() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("coordinating").type("coordinating").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("abc").type("abc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -790,7 +789,7 @@ public void testCcsAggregations() throws Exception { } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("remote").type("remote").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); } @@ -847,7 +846,7 @@ public void testCcsAggregationsDnfof() throws Exception { final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("coordinating").type("coordinating").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("abc").type("abc").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -857,7 +856,7 @@ public void testCcsAggregationsDnfof() throws Exception { } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("remote").type("remote").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); @@ -923,12 +922,12 @@ private void populateBaseData(ClusterTransportClientSettings cluster1, ClusterTr final String cl2BodyMain = rh2.executeGetRequest("", encodeBasicHeader("twitter","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl1Info, cluster1.transportClientSettings())) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); } - try (TransportClient tc = getInternalTransportClient(cl2Info, cluster2.transportClientSettings())) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); } @@ -1032,7 +1031,7 @@ public void testCcsWithRoleInjection() throws Exception { Assert.assertEquals(ClusterHealthStatus.GREEN, cl2.nodeClient().admin().cluster(). health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java index 049ae9924c..78c1380ef6 100644 --- a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java +++ b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java @@ -30,12 +30,12 @@ package org.opensearch.security.ccstest; +import org.opensearch.client.Client; import org.opensearch.security.test.AbstractSecurityUnitTest; import org.apache.http.HttpStatus; import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.After; @@ -60,10 +60,10 @@ private void setupReindex() throws Exception { System.setProperty("security.display_lic_none","true"); cl2Info = cl2.startCluster(minimumSecuritySettings(Settings.EMPTY), ClusterConfiguration.DEFAULT); - initialize(cl2Info); + initialize(cl2, cl2Info); cl1Info = cl1.startCluster(minimumSecuritySettings(crossClusterNodeSettings(cl2Info)), ClusterConfiguration.DEFAULT); - initialize(cl1Info); + initialize(cl1, cl1Info); } @After @@ -88,14 +88,14 @@ public void testNonSSLReindex() throws Exception { final String cl1BodyMain = new RestHelper(cl1Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("nagilum","nagilum")).getBody(); Assert.assertTrue(cl1BodyMain.contains("crl1")); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.admin().indices().create(new CreateIndexRequest("twutter")).actionGet(); } final String cl2BodyMain = new RestHelper(cl2Info, false, false, getResourceFolder()).executeGetRequest("", encodeBasicHeader("nagilum","nagilum")).getBody(); Assert.assertTrue(cl2BodyMain.contains("crl2")); - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/AbstractDlsFlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/AbstractDlsFlsTest.java index a33e42d7a0..eb7d48f67d 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/AbstractDlsFlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/AbstractDlsFlsTest.java @@ -15,7 +15,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.security.support.ConfigConstants; @@ -48,12 +48,12 @@ protected final void setup(Settings override, DynamicSecurityConfig dynamicSecur Settings settings = Settings.builder().put(ConfigConstants.SECURITY_AUDIT_TYPE_DEFAULT, "debug").put(override).build(); setup(Settings.EMPTY, dynamicSecurityConfig, settings, true); - try(TransportClient tc = getInternalTransportClient(this.clusterInfo, Settings.EMPTY)) { + try(Client tc = getClient()) { populateData(tc); } rh = nonSslRestHelper(); } - abstract void populateData(TransportClient tc); + abstract void populateData(Client tc); } \ No newline at end of file diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java index d501a2fbdf..428dc84c00 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CCReplicationTest.java @@ -21,6 +21,8 @@ import java.util.Collection; import java.util.List; import java.util.function.Supplier; + +import org.checkerframework.checker.units.qual.C; import org.opensearch.OpenSearchSecurityException; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.common.io.stream.StreamInput; @@ -43,7 +45,6 @@ import org.opensearch.action.support.master.AcknowledgedRequest; import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Client; -import org.opensearch.client.transport.TransportClient; import org.opensearch.cluster.metadata.IndexNameExpressionResolver; import org.opensearch.cluster.service.ClusterService; import org.opensearch.common.inject.Inject; @@ -176,7 +177,7 @@ private void waitOrThrow(Client client, String index) throws Exception { } } - void populateData(TransportClient tc) { + void populateData(Client tc) { tc.index(new IndexRequest("hr-dls").type("config").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"User\": \"testuser\",\"Date\":\"2021-01-18T17:27:20Z\",\"Designation\":\"HR\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("hr-fls").type("config").id("1").setRefreshPolicy(RefreshPolicy.IMMEDIATE) diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java index 5f60cfad92..dfaacc299d 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java @@ -21,7 +21,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.bulk.BulkRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -33,7 +33,7 @@ public class CustomFieldMaskedComplexMappingTest extends AbstractDlsFlsTest{ @Override - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { try { tc.admin().indices().create(new CreateIndexRequest("logs").mapping("_doc", FileHelper.loadFile("dlsfls/masked_field_mapping.json"), XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java index bc2551b15d..ce06fc80b9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -27,7 +27,7 @@ public class CustomFieldMaskedTest extends AbstractDlsFlsTest { - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\", \"street\":\"testroad\"}, \"ip_source\": \"100.100.1.1\",\"ip_dest\": \"123.123.1.1\",\"amount\": 10, \"mynum\": 1000000000000000000}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java index 88613bb050..ea1131b4ad 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java @@ -22,7 +22,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -33,7 +33,7 @@ public class DateMathTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { SimpleDateFormat sdf = new SimpleDateFormat("yyyy.MM.dd", SecurityUtils.EN_Locale); sdf.setTimeZone(TimeZone.getTimeZone("UTC")); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java index 2b85828141..82e9500a56 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java @@ -22,7 +22,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -35,7 +35,7 @@ public class DlsDateMathTest extends AbstractDlsFlsTest{ @Override - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java index aee4a9dd87..d7f5b27aee 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.After; @@ -64,13 +64,13 @@ private void setupCcs(String remoteRoles) throws Exception { System.setProperty("security.display_lic_none","true"); cl2Info = cl2.startCluster(minimumSecuritySettings(Settings.EMPTY), ClusterConfiguration.DEFAULT); - initialize(cl2Info, Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles(remoteRoles)); + initialize(cl2, cl2Info, new DynamicSecurityConfig().setSecurityRoles(remoteRoles)); System.out.println("### cl2 complete ###"); //cl1 is coordinating cl1Info = cl1.startCluster(minimumSecuritySettings(crossClusterNodeSettings(cl2Info)), ClusterConfiguration.DEFAULT); System.out.println("### cl1 start ###"); - initialize(cl1Info, Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles("roles_983.yml")); + initialize(cl1, cl1Info, new DynamicSecurityConfig().setSecurityRoles("roles_983.yml")); System.out.println("### cl1 initialized ###"); } @@ -90,12 +90,12 @@ private Settings crossClusterNodeSettings(ClusterInfo remote) { public void testCcs() throws Exception { setupCcs("roles_983.yml"); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("humanresources").type("hr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -147,12 +147,12 @@ public void testCcs() throws Exception { public void testCcsDifferentConfig() throws Exception { setupCcs("roles_ccs2.yml"); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("humanresources").type("hr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") @@ -205,7 +205,7 @@ public void testCcsDifferentConfig() throws Exception { public void testCcsDifferentConfigBoth() throws Exception { setupCcs("roles_ccs2.yml"); - try (TransportClient tc = getInternalTransportClient(cl1Info, Settings.EMPTY)) { + try (Client tc = cl1.nodeClient()) { tc.index(new IndexRequest("twitter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl1Info.clustername+"\"}", XContentType.JSON)).actionGet(); @@ -232,7 +232,7 @@ public void testCcsDifferentConfigBoth() throws Exception { + "}", XContentType.JSON)).actionGet(); } - try (TransportClient tc = getInternalTransportClient(cl2Info, Settings.EMPTY)) { + try (Client tc = cl2.nodeClient()) { tc.index(new IndexRequest("twutter").type("tweet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") .source("{\"cluster\": \""+cl2Info.clustername+"\"}", XContentType.JSON)).actionGet(); tc.index(new IndexRequest("humanresources").type("hr").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("0") diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java index 721ac0e9f5..9322bba604 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java @@ -19,7 +19,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -30,7 +30,7 @@ public class DlsNestedTest extends AbstractDlsFlsTest{ @Override - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { String mapping = "{" + " \"mytype\" : {" + diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java index 87aa2ddb4d..76d6ada18e 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class DlsPropsReplaceTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("prop1").type("_doc").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"prop_replace\": \"yes\", \"amount\": 1010}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java index 73d09431dd..7a47b897aa 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -29,7 +29,7 @@ public class DlsScrollTest extends AbstractDlsFlsTest{ @Override - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"amount\": 3}", XContentType.JSON)).actionGet(); //not in diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java index c4e43fc71d..29da82e6d6 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java @@ -19,7 +19,7 @@ import org.opensearch.action.index.IndexRequest; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.Strings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -31,7 +31,7 @@ public class DlsTest extends AbstractDlsFlsTest{ @Override - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java index 5f646697da..26798cd29c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class FieldMaskedTest extends AbstractDlsFlsTest { - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\"}, \"ip_source\": \"100.100.1.1\",\"ip_dest\": \"123.123.1.1\",\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java index 0de5f1c101..709402ad3e 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -29,7 +29,7 @@ public class Fls983Test extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest(".kibana").type("config").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java index e117ccbb7b..19752f360a 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java @@ -20,7 +20,7 @@ import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -30,7 +30,7 @@ public class FlsDlsTestAB extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { //aaa tc.index(new IndexRequest("aaa").type("aaa").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java index ddf9c2f1bb..dcdd51ff80 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class FlsDlsTestForbiddenField extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\"}, \"zip\": \"12345\",\"secret\": \"tellnoone\",\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java index 98e670db6e..d61532cb81 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class FlsDlsTestMulti extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\"}, \"zip\": \"12345\",\"secret\": \"tellnoone\",\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java index 72305c19df..0a523293fb 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java @@ -19,7 +19,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class FlsExistsFieldsTest extends AbstractDlsFlsTest { - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.admin().indices().create(new CreateIndexRequest("data").mapping("doc", "@timestamp", "type=date", diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java index 9f788f5d1f..d1bee1cbd6 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java @@ -21,7 +21,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -32,7 +32,7 @@ public class FlsFieldsTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.admin().indices().create(new CreateIndexRequest("deals") .mapping("deals", "timestamp","type=date","@timestamp","type=date")).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java index ba7a13fb7b..a461749ea3 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java @@ -21,7 +21,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -32,7 +32,7 @@ public class FlsFieldsWcTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.admin().indices().create(new CreateIndexRequest("deals") .mapping("deals", "timestamp","type=date","@timestamp","type=date")).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java index 7ba807a5d2..aeb3f44ab7 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java @@ -23,7 +23,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.admin.indices.refresh.RefreshRequest; import org.opensearch.action.index.IndexRequest; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.StopWatch; import org.opensearch.common.xcontent.XContentBuilder; import org.opensearch.common.xcontent.json.JsonXContent; @@ -37,7 +37,7 @@ public class FlsPerfTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { Map indexSettings = new HashMap<>(3); indexSettings.put("index.mapping.total_fields.limit",50000); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java index 37c7deca63..3317e94233 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class FlsTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\"}, \"zip\": \"12345\",\"secret\": \"tellnoone\",\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java index 0e5bdb0177..197b2a9ff9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class IndexPatternTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("logstash-2016").type("logs").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"message\":\"mymsg1a\", \"ipaddr\": \"10.0.0.0\",\"msgid\": \"12\"}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java index 9113922e0d..bf6e8c8074 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java @@ -18,7 +18,7 @@ import org.apache.http.HttpStatus; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; import org.junit.Test; @@ -28,7 +28,7 @@ public class MFlsTest extends AbstractDlsFlsTest{ - protected void populateData(TransportClient tc) { + protected void populateData(Client tc) { tc.index(new IndexRequest("deals").type("deals").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE) .source("{\"customer\": {\"name\":\"cust1\"}, \"zip\": \"12345\",\"secret\": \"tellnoone\",\"amount\": 10}", XContentType.JSON)).actionGet(); diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java index b9e62cd7cd..17e55a99d6 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java @@ -25,7 +25,6 @@ import org.opensearch.security.auditlog.AuditTestUtils; import org.apache.http.Header; import org.apache.http.HttpStatus; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.plugins.Plugin; import org.junit.Assert; @@ -262,17 +261,6 @@ protected Map jsonStringToMap(String json) throws JsonParseExcep return DefaultObjectMapper.objectMapper.readValue(json, typeRef); } - protected static class TransportClientImpl extends TransportClient { - - public TransportClientImpl(Settings settings, Collection> plugins) { - super(settings, plugins); - } - - public TransportClientImpl(Settings settings, Settings defaultSettings, Collection> plugins) { - super(settings, defaultSettings, plugins, null); - } - } - protected static Collection> asCollection(Class... plugins) { return Arrays.asList(plugins); } diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java index b978664618..2ec01dbf97 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java @@ -103,7 +103,7 @@ protected void testHttpOperations() throws Exception { Assert.assertEquals(HttpStatus.SC_INTERNAL_SERVER_ERROR, response.getStatusCode()); // setup index now - initialize(this.clusterInfo); + initialize(this.clusterHelper, this.clusterInfo); // GET configuration response = rh.executeGetRequest(ENDPOINT + "/roles"); diff --git a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java index 97f878f371..fae49acd23 100644 --- a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java +++ b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java @@ -26,7 +26,7 @@ import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.XContentType; import org.junit.Assert; @@ -57,7 +57,7 @@ public void testNoDnfof() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_nodnfof.yml"), settings); final RestHelper rh = nonSslRestHelper(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet(); tc.index(new IndexRequest("indexa").type("doc").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":\"indexa\"}", XContentType.JSON)).actionGet(); @@ -239,7 +239,7 @@ public void testMtMulti() throws Exception { setup(settings); final String dashboardsIndex = ".kibana_92668751_admin_1"; - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { String body = "{"+ "\"type\" : \"index-pattern\","+ "\"updated_at\" : \"2018-09-29T08:56:59.066Z\","+ @@ -339,7 +339,7 @@ public void testDashboardsAlias() throws Exception { .build(); setup(settings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { String body = "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}"; Map indexSettings = new HashMap(); indexSettings.put("number_of_shards", 1); @@ -368,7 +368,7 @@ public void testDashboardsAlias65() throws Exception { .build(); setup(settings); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { String body = "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}"; Map indexSettings = new HashMap(); indexSettings.put("number_of_shards", 1); diff --git a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java index 5be3512618..8866a248da 100644 --- a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java +++ b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java @@ -34,6 +34,7 @@ import java.util.Arrays; import java.util.List; +import org.opensearch.client.Client; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.test.DynamicSecurityConfig; import org.opensearch.security.test.SingleClusterTest; @@ -48,7 +49,6 @@ import org.opensearch.action.index.IndexRequest; import org.opensearch.action.search.SearchResponse; import org.opensearch.action.support.WriteRequest; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.LoggingDeprecationHandler; import org.opensearch.common.xcontent.NamedXContentRegistry; @@ -162,7 +162,7 @@ public void setupSettingsEnabledSnapshot() throws Exception { * @throws Exception */ public void createTestIndicesAndDocs() { - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().indices().create(new CreateIndexRequest(index)).actionGet(); tc.index(new IndexRequest(index).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("document1").source("{ \"foo\": \"bar\" }", XContentType.JSON)).actionGet(); @@ -171,7 +171,7 @@ public void createTestIndicesAndDocs() { } public void createSnapshots() { - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().cluster().putRepository(new PutRepositoryRequest(index).type("fs").settings(Settings.builder().put("location", repositoryPath.getRoot().getAbsolutePath() + "/" + index))).actionGet(); tc.admin().cluster().createSnapshot(new CreateSnapshotRequest(index, index + "_1").indices(index).includeGlobalState(true).waitForCompletion(true)).actionGet(); @@ -268,7 +268,7 @@ public void testNoResultsAlias() throws Exception { createTestIndicesAndDocs(); int i = 0; - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { IndicesAliasesRequest request = new IndicesAliasesRequest(); IndicesAliasesRequest.AliasActions aliasAction = @@ -342,7 +342,7 @@ public void testNonAccessCreateDocument() throws Exception { public void testNonAccessCreateDocumentPatternSetting() throws Exception { setupSettingsIndexPatterns(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String pattern : listOfIndexPatternsToTest) { String index = pattern.replace("*", "1"); tc.admin().indices().create(new CreateIndexRequest(index)).actionGet(); @@ -612,7 +612,7 @@ public void testResultsAlias() throws Exception { createTestIndicesAndDocs(); int i = 0; - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { IndicesAliasesRequest request = new IndicesAliasesRequest(); IndicesAliasesRequest.AliasActions aliasAction = @@ -830,7 +830,7 @@ public void testAccessSnapshot() throws Exception { createTestIndicesAndDocs(); createSnapshots(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().indices().close(new CloseIndexRequest(index)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java b/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java index 3474901274..f0ce3b6e6c 100644 --- a/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/OpenSSLTest.java @@ -117,12 +117,6 @@ public void testHttpsV3Fail() throws Exception { super.testHttpsV3Fail(); } - @Override - @Test(timeout=40000) - public void testTransportClientSSL() throws Exception { - Assume.assumeTrue(OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED && OpenSsl.isAvailable()); - super.testTransportClientSSL(); - } @Override @Test(timeout=40000) @@ -130,13 +124,6 @@ public void testNodeClientSSL() throws Exception { Assume.assumeTrue(OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED && OpenSsl.isAvailable()); super.testNodeClientSSL(); } - - @Override - @Test(timeout=40000) - public void testTransportClientSSLFail() throws Exception { - Assume.assumeTrue(OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED && OpenSsl.isAvailable()); - super.testTransportClientSSLFail(); - } @Override @Test diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index e19b68bd5f..a8f7b39f5b 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -34,7 +34,7 @@ import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.TrustManagerFactory; - +import org.opensearch.client.Client; import org.opensearch.security.OpenSearchSecurityPlugin; import org.apache.http.NoHttpResponseException; import org.apache.lucene.util.Constants; @@ -45,9 +45,7 @@ import org.opensearch.action.index.IndexRequest; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; -import org.opensearch.common.transport.TransportAddress; import org.opensearch.common.unit.TimeValue; import org.opensearch.common.xcontent.XContentType; import org.opensearch.node.Node; @@ -483,111 +481,6 @@ public void testHttpsV3Fail() throws Exception { Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); } - // transport - @Test - public void testTransportClientSSL() throws Exception { - - final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true) - .put(ConfigConstants.SECURITY_SSL_ONLY, true) - .put(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "node-0") - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/truststore.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.resolve_hostname", false).build(); - - setupSslOnlyMode(settings); - - log.debug("OpenSearch started"); - - final Settings tcSettings = Settings.builder().put("cluster.name", clusterInfo.clustername).put(settings).build(); - - try (TransportClient tc = new TransportClientImpl(tcSettings, asCollection(OpenSearchSecurityPlugin.class))) { - - log.debug("TransportClient built, connect now to {}:{}", clusterInfo.nodeHost, clusterInfo.nodePort); - - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(clusterInfo.nodeHost, clusterInfo.nodePort))); - Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - log.debug("TransportClient connected"); - Assert.assertEquals("test", tc.index(new IndexRequest("test","test").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"a\":5}", XContentType.JSON)).actionGet().getIndex()); - log.debug("Index created"); - Assert.assertEquals(1L, tc.search(new SearchRequest("test")).actionGet().getHits().getTotalHits().value); - log.debug("Search done"); - Assert.assertEquals(3, tc.admin().cluster().health(new ClusterHealthRequest("test")).actionGet().getNumberOfNodes()); - log.debug("ClusterHealth done"); - Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - log.debug("NodesInfoRequest asserted"); - } - } - - @Test - public void testTransportClientSSLExternalContext() throws Exception { - - final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true) - .put(ConfigConstants.SECURITY_SSL_ONLY, true) - .put(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "node-0") - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/truststore.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.resolve_hostname", false).build(); - - setupSslOnlyMode(settings); - - log.debug("OpenSearch started"); - - final Settings tcSettings = Settings.builder() - .put("cluster.name", clusterInfo.clustername) - .put("path.home", ".") - .put("plugins.security.ssl.client.external_context_id", "abcx") - .build(); - - final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory - .getDefaultAlgorithm()); - final KeyStore trustStore = KeyStore.getInstance("JKS"); - trustStore.load(this.getClass().getResourceAsStream("/truststore.jks"), "changeit".toCharArray()); - tmf.init(trustStore); - - final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory - .getDefaultAlgorithm()); - final KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(this.getClass().getResourceAsStream("/node-0-keystore.jks"), "changeit".toCharArray()); - kmf.init(keyStore, "changeit".toCharArray()); - - - SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); - sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - ExternalSecurityKeyStore.registerExternalSslContext("abcx", sslContext); - - try (TransportClient tc = new TransportClientImpl(tcSettings, asCollection(OpenSearchSecurityPlugin.class))) { - - log.debug("TransportClient built, connect now to {}:{}", clusterInfo.nodeHost, clusterInfo.nodePort); - - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(clusterInfo.nodeHost, clusterInfo.nodePort))); - - log.debug("TransportClient connected"); - - Assert.assertEquals("test", tc.index(new IndexRequest("test","test").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"a\":5}", XContentType.JSON)).actionGet().getIndex()); - - log.debug("Index created"); - - Assert.assertEquals(1L, tc.search(new SearchRequest("test")).actionGet().getHits().getTotalHits().value); - - log.debug("Search done"); - - Assert.assertEquals(3, tc.admin().cluster().health(new ClusterHealthRequest("test")).actionGet().getNumberOfNodes()); - - log.debug("ClusterHealth done"); - - //Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().length); - - //log.debug("NodesInfoRequest asserted"); - - } - } - @Test public void testNodeClientSSL() throws Exception { @@ -632,35 +525,6 @@ public void testNodeClientSSL() throws Exception { Assert.assertFalse(rh.executeSimpleRequest("_nodes/stats?pretty").contains("\"tx_count\" : 0")); } - @Test - public void testTransportClientSSLFail() throws Exception { - thrown.expect(IllegalStateException.class); - - final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true) - .put(ConfigConstants.SECURITY_SSL_ONLY, true) - .put(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "node-0") - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/truststore.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.resolve_hostname", false).build(); - - setupSslOnlyMode(settings); - - final Settings tcSettings = Settings.builder().put("cluster.name", clusterInfo.clustername) - .put("path.home", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks").getParent()) - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/truststore_fail.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.resolve_hostname", false).build(); - - try (TransportClient tc = new TransportClientImpl(tcSettings, asCollection(OpenSearchSecurityPlugin.class))) { - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(clusterInfo.nodeHost, clusterInfo.nodePort))); - Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - } - } - @Test public void testAvailCiphers() throws Exception { final SSLContext serverContext = SSLContext.getInstance("TLS"); @@ -720,13 +584,12 @@ public void testCustomPrincipalExtractor() throws Exception { final Settings tcSettings = Settings.builder().put("cluster.name", clusterInfo.clustername).put("path.home", ".").put(settings).build(); - try (TransportClient tc = new TransportClientImpl(tcSettings, asCollection(OpenSearchSecurityPlugin.class))) { + try (Client tc = getClient()) { - log.debug("TransportClient built, connect now to {}:{}", clusterInfo.nodeHost, clusterInfo.nodePort); + log.debug("Client built, connect now to {}:{}", clusterInfo.nodeHost, clusterInfo.httpPort); - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(clusterInfo.nodeHost, clusterInfo.nodePort))); - Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); - log.debug("TransportClient connected"); + Assert.assertEquals(3, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); + log.debug("Client connected"); TestPrincipalExtractor.reset(); Assert.assertEquals("test", tc.index(new IndexRequest("test","test").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"a\":5}", XContentType.JSON)).actionGet().getIndex()); log.debug("Index created"); diff --git a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java index 389d3c4922..897a59e5b3 100644 --- a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java +++ b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java @@ -15,6 +15,7 @@ package org.opensearch.security.system_indices; +import org.opensearch.client.Client; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.test.DynamicSecurityConfig; import org.opensearch.security.test.SingleClusterTest; @@ -29,7 +30,6 @@ import org.opensearch.action.index.IndexRequest; import org.opensearch.action.search.SearchResponse; import org.opensearch.action.support.WriteRequest; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.common.xcontent.LoggingDeprecationHandler; import org.opensearch.common.xcontent.NamedXContentRegistry; @@ -104,7 +104,7 @@ private void setupSystemIndicesEnabledWithSsl() throws Exception { * @throws Exception */ private void createTestIndicesAndDocs() { - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().indices().create(new CreateIndexRequest(index)).actionGet(); tc.index(new IndexRequest(index).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("document1").source("{ \"foo\": \"bar\" }", XContentType.JSON)).actionGet(); @@ -113,7 +113,7 @@ private void createTestIndicesAndDocs() { } private void createSnapshots() { - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().cluster().putRepository(new PutRepositoryRequest(index).type("fs").settings(Settings.builder().put("location", repositoryPath.getRoot().getAbsolutePath() + "/" + index))).actionGet(); tc.admin().cluster().createSnapshot(new CreateSnapshotRequest(index, index + "_1").indices(index).includeGlobalState(true).waitForCompletion(true)).actionGet(); @@ -530,7 +530,7 @@ public void testSnapshotWithSystemIndices() throws Exception { createTestIndicesAndDocs(); createSnapshots(); - try (TransportClient tc = getInternalTransportClient()) { + try (Client tc = getClient()) { for (String index : listOfIndexesToTest) { tc.admin().indices().close(new CloseIndexRequest(index)).actionGet(); } diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index 5fe9669f9a..a9ed1e07ec 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -30,11 +30,28 @@ package org.opensearch.security.test; +import com.fasterxml.jackson.databind.JsonNode; +import com.google.common.base.Joiner; +import com.google.common.collect.Iterators; +import org.apache.http.HttpHost; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; +import org.opensearch.action.admin.indices.create.CreateIndexRequest; +import org.opensearch.client.*; +import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.OpenSearchSecurityPlugin; import io.netty.handler.ssl.OpenSsl; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.net.InetSocketAddress; import java.nio.charset.StandardCharsets; +import java.security.KeyStore; import java.util.Arrays; import java.util.Base64; import java.util.Collection; @@ -44,21 +61,19 @@ import org.apache.http.Header; import org.apache.http.message.BasicHeader; +import org.opensearch.security.action.configupdate.ConfigUpdateAction; +import org.opensearch.security.action.configupdate.ConfigUpdateRequest; +import org.opensearch.security.action.configupdate.ConfigUpdateResponse; +import org.opensearch.security.test.helper.cluster.ClusterHelper; import org.slf4j.LoggerFactory; import org.slf4j.Logger; -import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; -import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.get.GetRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.search.SearchResponse; -import org.opensearch.client.transport.TransportClient; import org.opensearch.common.settings.Settings; import org.opensearch.common.transport.TransportAddress; import org.opensearch.plugins.Plugin; -import org.opensearch.security.action.configupdate.ConfigUpdateAction; -import org.opensearch.security.action.configupdate.ConfigUpdateRequest; -import org.opensearch.security.action.configupdate.ConfigUpdateResponse; import org.opensearch.security.ssl.util.SSLConfigConstants; import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.support.WildcardMatcher; @@ -76,6 +91,8 @@ import org.opensearch.security.securityconf.impl.CType; +import javax.net.ssl.SSLContext; + public abstract class AbstractSecurityUnitTest { protected static final AtomicLong num = new AtomicLong(); @@ -118,71 +135,47 @@ public static Header encodeBasicHeader(final String username, final String passw (username + ":" + Objects.requireNonNull(password)).getBytes(StandardCharsets.UTF_8))); } - protected static class TransportClientImpl extends TransportClient { - - public TransportClientImpl(Settings settings, Collection> plugins) { - super(settings, plugins); - } - - public TransportClientImpl(Settings settings, Settings defaultSettings, Collection> plugins) { - super(settings, defaultSettings, plugins, null); - } - } - - @SafeVarargs - protected static Collection> asCollection(Class... plugins) { - return Arrays.asList(plugins); - } - - - protected TransportClient getInternalTransportClient(ClusterInfo info, Settings initTransportClientSettings) { - - final String prefix = getResourceFolder()==null?"":getResourceFolder()+"/"; - - Settings tcSettings = Settings.builder() - .put("cluster.name", info.clustername) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, - FileHelper.getAbsoluteFilePathFromClassPath(prefix+"truststore.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.keystore_filepath", - FileHelper.getAbsoluteFilePathFromClassPath(prefix+"kirk-keystore.jks")) - .put(initTransportClientSettings) - .build(); - - TransportClient tc = new TransportClientImpl(tcSettings, asCollection(Netty4Plugin.class, OpenSearchSecurityPlugin.class)); - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(info.nodeHost, info.nodePort))); - return tc; - } - - protected TransportClient getUserTransportClient(ClusterInfo info, String keyStore, Settings initTransportClientSettings) { - + protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreName, String trustStoreName) { final String prefix = getResourceFolder()==null?"":getResourceFolder()+"/"; - Settings tcSettings = Settings.builder() - .put("cluster.name", info.clustername) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, - FileHelper.getAbsoluteFilePathFromClassPath(prefix+"truststore.jks")) - .put("plugins.security.ssl.transport.enforce_hostname_verification", false) - .put("plugins.security.ssl.transport.keystore_filepath", - FileHelper.getAbsoluteFilePathFromClassPath(prefix+keyStore)) - .put(initTransportClientSettings) - .build(); - - TransportClient tc = new TransportClientImpl(tcSettings, asCollection(Netty4Plugin.class, OpenSearchSecurityPlugin.class)); - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(info.nodeHost, info.nodePort))); - return tc; + try { + SSLContextBuilder sslContextBuilder = SSLContexts.custom(); + File keyStoreFile = FileHelper.getAbsoluteFilePathFromClassPath(prefix + keyStoreName).toFile(); + KeyStore keyStore = KeyStore.getInstance(keyStoreName.endsWith(".jks")?"JKS":"PKCS12"); + keyStore.load(new FileInputStream(keyStoreFile), null); + sslContextBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); + + KeyStore trustStore = KeyStore.getInstance(trustStoreName.endsWith(".jks")?"JKS":"PKCS12"); + File trustStoreFile = FileHelper.getAbsoluteFilePathFromClassPath(prefix + trustStoreName).toFile(); + trustStore.load(new FileInputStream(trustStoreFile), + "changeit".toCharArray()); + + sslContextBuilder.loadTrustMaterial(trustStore, null); + SSLContext sslContext = sslContextBuilder.build(); + + HttpHost httpHost = new HttpHost(info.httpHost, info.httpPort, "https"); + + RestClientBuilder restClientBuilder = RestClient.builder(httpHost) + .setHttpClientConfigCallback( + builder -> builder.setSSLStrategy( + new SSLIOSessionStrategy(sslContext, + new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}, + null, + NoopHostnameVerifier.INSTANCE))); + return new RestHighLevelClient(restClientBuilder); + } catch (Exception e) { + log.error("Cannot create client", e); + throw new RuntimeException("Cannot create client", e); + } } - protected void initialize(ClusterInfo info, Settings initTransportClientSettings, DynamicSecurityConfig securityConfig) { - - try (TransportClient tc = getInternalTransportClient(info, initTransportClientSettings)) { - - tc.addTransportAddress(new TransportAddress(new InetSocketAddress(info.nodeHost, info.nodePort))); - Assert.assertEquals(info.numNodes, + protected void initialize(ClusterHelper clusterHelper, ClusterInfo clusterInfo, DynamicSecurityConfig securityConfig) throws IOException { + try (Client tc = clusterHelper.nodeClient()) { + Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); try { - tc.admin().indices().create(new CreateIndexRequest("security")).actionGet(); + tc.admin().indices().create(new CreateIndexRequest(".opendistro_security")).actionGet(); } catch (Exception e) { //ignore } @@ -196,7 +189,7 @@ protected void initialize(ClusterInfo info, Settings initTransportClientSettings .execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(CType.lcStringValues().toArray(new String[0]))) .actionGet(); Assert.assertFalse(cur.failures().toString(), cur.hasFailures()); - Assert.assertEquals(info.numNodes, cur.getNodes().size()); + Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); SearchResponse sr = tc.search(new SearchRequest(".opendistro_security")).actionGet(); //Assert.assertEquals(5L, sr.getHits().getTotalHits()); @@ -205,17 +198,12 @@ protected void initialize(ClusterInfo info, Settings initTransportClientSettings //Assert.assertEquals(5L, sr.getHits().getTotalHits()); String type=securityConfig.getType(); - - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type, "config")).actionGet().isExists()); - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"internalusers")).actionGet().isExists()); - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"roles")).actionGet().isExists()); - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"rolesmapping")).actionGet().isExists()); - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"actiongroups")).actionGet().isExists()); - Assert.assertFalse(tc.get(new GetRequest(".opendistro_security", type,"rolesmapping_xcvdnghtu165759i99465")).actionGet().isExists()); - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"config")).actionGet().isExists()); - if (indexRequests.stream().anyMatch(i -> CType.NODESDN.toLCString().equals(i.id()))) { - Assert.assertTrue(tc.get(new GetRequest(".opendistro_security", type,"nodesdn")).actionGet().isExists()); + try { + Thread.sleep(10000); + } catch (InterruptedException e) { + e.printStackTrace(); } + } } @@ -291,12 +279,8 @@ protected NodeSettingsSupplier genericMinimumSecuritySettings(List oth }; } - protected void initialize(ClusterInfo info) { - initialize(info, Settings.EMPTY, new DynamicSecurityConfig()); - } - - protected void initialize(ClusterInfo info, DynamicSecurityConfig DynamicSecurityConfig) { - initialize(info, Settings.EMPTY, DynamicSecurityConfig); + protected void initialize(ClusterHelper clusterHelper, ClusterInfo info) throws IOException { + initialize(clusterHelper, info, new DynamicSecurityConfig()); } protected final void assertContains(HttpResponse res, String pattern) { diff --git a/src/test/java/org/opensearch/security/test/SingleClusterTest.java b/src/test/java/org/opensearch/security/test/SingleClusterTest.java index 81ac6b3705..172a91ce24 100644 --- a/src/test/java/org/opensearch/security/test/SingleClusterTest.java +++ b/src/test/java/org/opensearch/security/test/SingleClusterTest.java @@ -30,7 +30,7 @@ package org.opensearch.security.test; -import org.opensearch.client.transport.TransportClient; +import org.opensearch.client.Client; import org.opensearch.common.settings.Settings; import org.junit.After; import org.junit.Assert; @@ -76,7 +76,7 @@ protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig protected void restart(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initOpendistroSecurityIndex) throws Exception { clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(ccs(nodeOverride)), ClusterConfiguration.DEFAULT); if(initOpendistroSecurityIndex && dynamicSecuritySettings != null) { - initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings); + initialize(clusterHelper, clusterInfo, dynamicSecuritySettings); } } @@ -98,7 +98,7 @@ protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig Assert.assertNull("No cluster", clusterInfo); clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(ccs(nodeOverride)), clusterConfiguration); if(initSecurityIndex && dynamicSecuritySettings != null) { - initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings); + initialize(clusterHelper, clusterInfo, dynamicSecuritySettings); } } @@ -107,7 +107,7 @@ protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig Assert.assertNull("No cluster", clusterInfo); clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(ccs(nodeOverride)), clusterConfiguration, timeout, nodes); if(initSecurityIndex) { - initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings); + initialize(clusterHelper, clusterInfo, dynamicSecuritySettings); } } @@ -142,10 +142,11 @@ protected RestHelper nonSslRestHelper() { return new RestHelper(clusterInfo, false, false, getResourceFolder()); } - protected TransportClient getInternalTransportClient() { - return getInternalTransportClient(clusterInfo, Settings.EMPTY); + protected Client getClient() { + return clusterHelper.nodeClient(); } + @After public void tearDown() {