Skip to content

Commit

Permalink
Fix AD / vagrant based tests for #30953
Browse files Browse the repository at this point in the history 
These tests were creating a SSL service that was not aware of the
realm that they were trying to test.
This no longer works.
  • Loading branch information
@tvernum
tvernum committed Jul 20, 2018
1 parent c32981d commit 6f2b7dc
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 27 deletions.
2 changes: 1 addition & 1 deletion ...java/org/elasticsearch/xpack/security/authc/ldap/ADLdapUserSearchSessionFactoryTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ public void testUserSearchWithActiveDirectory() throws Exception {
Settings.Builder builder = Settings.builder()
.put(globalSettings);
settings.keySet().forEach(k -> {
builder.copy("xpack.security.authc.realms.ldap." + k, k, settings);
builder.copy("xpack.security.authc.realms.ad-as-ldap-test." + k, k, settings);

});
Settings fullSettings = builder.build();
Expand Down
50 changes: 24 additions & 26 deletions .../java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.UncategorizedExecutionException;
import org.elasticsearch.env.Environment;
import org.elasticsearch.env.TestEnvironment;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
Expand Down Expand Up @@ -59,9 +60,7 @@ public boolean enableWarningsCheck() {

@SuppressWarnings("unchecked")
public void testAdAuth() throws Exception {
RealmConfig config = new RealmConfig("ad-test",
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
globalSettings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(Settings.EMPTY));
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false));
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String userName = "ironman";
Expand All @@ -82,11 +81,21 @@ public void testAdAuth() throws Exception {
}
}

private RealmConfig configureRealm(String name, Settings settings) {
final Environment env = TestEnvironment.newEnvironment(globalSettings);
final Settings mergedSettings = Settings.builder()
.put(settings)
.normalizePrefix("xpack.security.authc.realms." + name + ".")
.put(globalSettings)
.build();
this.sslService = new SSLService(mergedSettings, env);
return new RealmConfig(name, settings, globalSettings, env, new ThreadContext(globalSettings));
}

@SuppressWarnings("unchecked")
public void testNetbiosAuth() throws Exception {
final String adUrl = randomFrom(AD_LDAP_URL, AD_LDAP_GC_URL);
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false), globalSettings,
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false));
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String userName = "ades\\ironman";
Expand All @@ -108,8 +117,7 @@ public void testNetbiosAuth() throws Exception {
}

public void testAdAuthAvengers() throws Exception {
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings,
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false));
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String[] users = new String[]{"cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow"};
Expand All @@ -126,8 +134,7 @@ public void testAdAuthAvengers() throws Exception {
public void testAuthenticate() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String userName = "hulk";
Expand All @@ -151,8 +158,7 @@ public void testAuthenticate() throws Exception {
public void testAuthenticateBaseUserSearch() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Bruce Banner, CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.BASE, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String userName = "hulk";
Expand Down Expand Up @@ -180,8 +186,7 @@ public void testAuthenticateBaseGroupSearch() throws Exception {
"CN=Avengers,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
.put(ActiveDirectorySessionFactorySettings.AD_GROUP_SEARCH_SCOPE_SETTING, LdapSearchScope.BASE)
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

String userName = "hulk";
Expand All @@ -198,8 +203,7 @@ public void testAuthenticateBaseGroupSearch() throws Exception {
public void testAuthenticateWithUserPrincipalName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

//Login with the UserPrincipalName
Expand All @@ -220,8 +224,7 @@ public void testAuthenticateWithUserPrincipalName() throws Exception {
public void testAuthenticateWithSAMAccountName() throws Exception {
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
LdapSearchScope.ONE_LEVEL, false);
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

//login with sAMAccountName
Expand All @@ -247,8 +250,7 @@ public void testCustomUserFilter() throws Exception {
.put(ActiveDirectorySessionFactorySettings.AD_USER_SEARCH_FILTER_SETTING,
"(&(objectclass=user)(userPrincipalName={0}@ad.test.elasticsearch.com))")
.build();
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-test", settings);
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

//Login with the UserPrincipalName
Expand Down Expand Up @@ -284,8 +286,7 @@ public void testStandardLdapConnection() throws Exception {
.putList("ssl.certificate_authorities", certificatePaths)
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-as-ldap-test", settings);
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);

String user = "Bruce Banner";
Expand Down Expand Up @@ -348,8 +349,7 @@ public void testStandardLdapWithAttributeGroups() throws Exception {
.putList("ssl.certificate_authorities", certificatePaths)
.build();
}
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
new ThreadContext(globalSettings));
RealmConfig config = configureRealm("ad-as-ldap-test", settings);
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);

String user = "Bruce Banner";
Expand All @@ -366,9 +366,7 @@ public void testStandardLdapWithAttributeGroups() throws Exception {
}

public void testADLookup() throws Exception {
RealmConfig config = new RealmConfig("ad-test",
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true),
globalSettings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(Settings.EMPTY));
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true));
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {

List<String> users = randomSubsetOf(Arrays.asList("cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow",
Expand Down

0 comments on commit 6f2b7dc

Please sign in to comment.