Skip to content

Commit

Permalink
Refactor realm tests to use single settings (#35362)
Browse files Browse the repository at this point in the history 
Many realm tests were written to use separate setting objects for
"global settings" and "realm settings".
Since #30241 there is no distinction between these settings, so these
tests can be cleaned up to use a single Settings object.
  • Loading branch information
@tvernum
tvernum authored Nov 9, 2018
1 parent 66e3ca9 commit a964196
Show file tree
Hide file tree
Showing 12 changed files with 174 additions and 162 deletions.
30 changes: 15 additions & 15 deletions ...g/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@

public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {

private static final String REALM_NAME = "saml1";

private SamlRealm samlRealm;
private TokenService tokenService;
private List<IndexRequest> indexRequests;
Expand All @@ -111,10 +113,17 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {

@Before
public void setup() throws Exception {
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
final Settings settings = Settings.builder()
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
.put("path.home", createTempDir())
.build();
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
.put("path.home", createTempDir())
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ENTITY_ID), SamlRealmTestHelper.SP_ENTITY_ID)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ACS), SamlRealmTestHelper.SP_ACS_URL)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_LOGOUT), SamlRealmTestHelper.SP_LOGOUT_URL)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
.build();

final ThreadContext threadContext = new ThreadContext(settings);
final ThreadPool threadPool = mock(ThreadPool.class);
Expand Down Expand Up @@ -181,21 +190,12 @@ void doExecute(Action<Response> action, Request request, ActionListener<Response
final Realms realms = mock(Realms.class);
action = new TransportSamlInvalidateSessionAction(transportService, mock(ActionFilters.class),tokenService, realms);

final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
final Environment env = TestEnvironment.newEnvironment(settings);
final RealmIdentifier identifier = new RealmIdentifier("saml", "saml1");
final Settings realmSettings = Settings.builder()
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_ENTITY_ID), SamlRealmTestHelper.SP_ENTITY_ID)
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_ACS), SamlRealmTestHelper.SP_ACS_URL)
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.SP_LOGOUT), SamlRealmTestHelper.SP_LOGOUT_URL)
.put(getFullSettingKey(identifier.getName(), SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
.build();

final RealmIdentifier realmId = new RealmIdentifier("saml", REALM_NAME);
final RealmConfig realmConfig = new RealmConfig(
identifier,
mergeSettings(realmSettings, settings),
realmId,
settings,
env, threadContext);
samlRealm = SamlRealmTestHelper.buildRealm(realmConfig, null);
when(realms.realm(realmConfig.name())).thenReturn(samlRealm);
Expand Down
26 changes: 12 additions & 14 deletions ...est/java/org/elasticsearch/xpack/security/action/saml/TransportSamlLogoutActionTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
public class TransportSamlLogoutActionTests extends SamlTestCase {

private static final String SP_URL = "https://sp.example.net/saml";
private static final String REALM_NAME = "saml1";

private SamlRealm samlRealm;
private TokenService tokenService;
Expand All @@ -94,10 +95,16 @@ public class TransportSamlLogoutActionTests extends SamlTestCase {

@Before
public void setup() throws Exception {
final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
final Settings settings = Settings.builder()
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
.put("path.home", createTempDir())
.build();
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
.put("path.home", createTempDir())
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ENTITY_ID), SP_URL)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ACS), SP_URL)
.put(getFullSettingKey(REALM_NAME, SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
.build();

final ThreadContext threadContext = new ThreadContext(settings);
final ThreadPool threadPool = mock(ThreadPool.class);
Expand Down Expand Up @@ -194,20 +201,11 @@ public void setup() throws Exception {
final Realms realms = mock(Realms.class);
action = new TransportSamlLogoutAction(transportService, mock(ActionFilters.class), realms, tokenService);

final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI());
final Environment env = TestEnvironment.newEnvironment(settings);

final RealmIdentifier realmIdentifier = new RealmIdentifier("saml", "saml1");
final Settings realmSettings = Settings.builder()
.put(getFullSettingKey("saml1", SamlRealmSettings.IDP_METADATA_PATH), metadata.toString())
.put(getFullSettingKey("saml1", SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID)
.put(getFullSettingKey("saml1", SamlRealmSettings.SP_ENTITY_ID), SP_URL)
.put(getFullSettingKey("saml1", SamlRealmSettings.SP_ACS), SP_URL)
.put(getFullSettingKey("saml1", SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid")
.build();
final RealmIdentifier realmIdentifier = new RealmIdentifier("saml", REALM_NAME);

final RealmConfig realmConfig = new RealmConfig(realmIdentifier, mergeSettings(realmSettings, settings),
env, threadContext);
final RealmConfig realmConfig = new RealmConfig(realmIdentifier, settings, env, threadContext);
samlRealm = SamlRealm.create(realmConfig, mock(SSLService.class), mock(ResourceWatcherService.class), mock(UserRoleMapper.class));
when(realms.realm(realmConfig.name())).thenReturn(samlRealm);
}
Expand Down
37 changes: 17 additions & 20 deletions ...in/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public void testAuthenticate() throws Exception {
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
.thenAnswer(VERIFY_PASSWORD_ANSWER);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);
PlainActionFuture<AuthenticationResult> future = new PlainActionFuture<>();
realm.authenticate(new UsernamePasswordToken("user1", new SecureString("test123")), future);
Expand All @@ -87,15 +87,15 @@ public void testAuthenticate() throws Exception {
}

private RealmConfig getRealmConfig(Settings settings) {
return new RealmConfig(REALM_IDENTIFIER,
mergeSettings(settings, globalSettings),
TestEnvironment.newEnvironment(globalSettings), threadContext);
return new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(settings), threadContext);
}

public void testAuthenticateCaching() throws Exception {
Settings settings = Settings.builder()
.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "cache.hash_algo",
Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT)).build();
Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT))
.put(globalSettings)
.build();
RealmConfig config = getRealmConfig(settings);
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
.thenAnswer(VERIFY_PASSWORD_ANSWER);
Expand All @@ -111,7 +111,7 @@ public void testAuthenticateCaching() throws Exception {
}

public void testAuthenticateCachingRefresh() throws Exception {
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
userPasswdStore = spy(new UserPasswdStore(config));
userRolesStore = spy(new UserRolesStore(config));
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
Expand Down Expand Up @@ -150,7 +150,7 @@ public void testAuthenticateCachingRefresh() throws Exception {
}

public void testToken() throws Exception {
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class)))
.thenAnswer(VERIFY_PASSWORD_ANSWER);
when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"});
Expand All @@ -169,7 +169,7 @@ public void testToken() throws Exception {
public void testLookup() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);

PlainActionFuture<User> future = new PlainActionFuture<>();
Expand All @@ -186,7 +186,7 @@ public void testLookup() throws Exception {
public void testLookupCaching() throws Exception {
when(userPasswdStore.userExists("user1")).thenReturn(true);
when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" });
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);

PlainActionFuture<User> future = new PlainActionFuture<>();
Expand All @@ -201,7 +201,7 @@ public void testLookupCaching() throws Exception {
}

public void testLookupCachingWithRefresh() throws Exception {
RealmConfig config = getRealmConfig(Settings.EMPTY);
RealmConfig config = getRealmConfig(globalSettings);
userPasswdStore = spy(new UserPasswdStore(config));
userRolesStore = spy(new UserRolesStore(config));
doReturn(true).when(userPasswdStore).userExists("user1");
Expand Down Expand Up @@ -239,15 +239,16 @@ public void testLookupCachingWithRefresh() throws Exception {
}

public void testUsageStats() throws Exception {
int userCount = randomIntBetween(0, 1000);
final int userCount = randomIntBetween(0, 1000);
when(userPasswdStore.usersCount()).thenReturn(userCount);

Settings.Builder settings = Settings.builder();

int order = randomIntBetween(0, 10);
settings.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order);
final int order = randomIntBetween(0, 10);
Settings settings = Settings.builder()
.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order)
.put(globalSettings)
.build();

RealmConfig config = getRealmConfig(settings.build());
RealmConfig config = getRealmConfig(settings);
FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool);

PlainActionFuture<Map<String, Object>> future = new PlainActionFuture<>();
Expand All @@ -271,8 +272,4 @@ static class UserRolesStore extends FileUserRolesStore {
}
}

private Settings mergeSettings(Settings local, Settings global) {
return Settings.builder().put(global).put(local).build();
}

}
24 changes: 19 additions & 5 deletions ...in/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,10 @@ public void shutdown() throws InterruptedException {
public void testAuthenticateSubTreeGroupSearch() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.build();
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool);
LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
Expand All @@ -123,15 +126,15 @@ public void testAuthenticateSubTreeGroupSearch() throws Exception {
}

private RealmConfig getRealmConfig(RealmConfig.RealmIdentifier identifier, Settings settings) {
final Settings globalSettings = mergeSettings(settings, defaultGlobalSettings);
final Environment env = TestEnvironment.newEnvironment(globalSettings);
return new RealmConfig(identifier, globalSettings, env, new ThreadContext(globalSettings));
final Environment env = TestEnvironment.newEnvironment(settings);
return new RealmConfig(identifier, settings, env, new ThreadContext(settings));
}

public void testAuthenticateOneLevelGroupSearch() throws Exception {
String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL))
.build();
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
Expand All @@ -158,6 +161,7 @@ public void testAuthenticateCaching() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.build();
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
Expand Down Expand Up @@ -185,6 +189,7 @@ public void testAuthenticateCachingRefresh() throws Exception {
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.put(defaultGlobalSettings)
.build();
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);

Expand Down Expand Up @@ -218,6 +223,7 @@ public void testAuthenticateNoncaching() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.put(getFullSettingKey(REALM_IDENTIFIER, CachingUsernamePasswordRealmSettings.CACHE_TTL_SETTING), -1)
.build();
Expand Down Expand Up @@ -287,6 +293,7 @@ public void testLdapRealmSelectsLdapSessionFactory() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
.putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), userTemplate)
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), groupSearchBase)
Expand Down Expand Up @@ -326,6 +333,7 @@ public void testLdapRealmThrowsExceptionForUserTemplateAndSearchSettings() throw
final RealmConfig.RealmIdentifier identifier
= new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search");
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
.putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), "cn=foo")
.put(getFullSettingKey(identifier.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), "cn=bar")
Expand All @@ -346,6 +354,7 @@ public void testLdapRealmThrowsExceptionWhenNeitherUserTemplateNorSearchSettings
final RealmConfig.RealmIdentifier identifier
= new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search");
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), "")
.put(getFullSettingKey(identifier, SearchGroupsResolverSettings.SCOPE), LdapSearchScope.SUB_TREE)
Expand All @@ -364,6 +373,7 @@ public void testLdapRealmMapsUserDNToRole() throws Exception {
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.put(getFullSettingKey(REALM_IDENTIFIER, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING),
getDataPath("/org/elasticsearch/xpack/security/authc/support/role_mapping.yml"))
Expand Down Expand Up @@ -395,7 +405,10 @@ public void testLdapConnectionFailureIsTreatedAsAuthenticationFailure() throws E
LDAPURL url = new LDAPURL("ldap", "..", 12345, null, null, null, null);
String groupSearchBase = "o=sevenSeas";
String userTemplate = VALID_USER_TEMPLATE;
Settings settings = buildLdapSettings(new String[] { url.toString() }, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE);
Settings settings = Settings.builder()
.put(defaultGlobalSettings)
.put(buildLdapSettings(new String[]{url.toString()}, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE))
.build();
RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings);
LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool);
LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService),
Expand All @@ -416,6 +429,7 @@ public void testUsageStats() throws Exception {
final RealmConfig.RealmIdentifier identifier = new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "ldap-realm");
String groupSearchBase = "o=sevenSeas";
Settings.Builder settings = Settings.builder()
.put(defaultGlobalSettings)
.putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls())
.put(getFullSettingKey(identifier, PoolingSessionFactorySettings.BIND_DN),
"cn=Thomas Masterman Hardy,ou=people,o=sevenSeas")
Expand Down
Loading

0 comments on commit a964196

Please sign in to comment.