[TEST] Add some security access control yaml tests for Rollup #33035
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These two tests compliment the existing unit tests which check Rollup's ACL/security integration. The first test creates to indices, puts a document in each one, and then assigns a role to the test user that can only access one of the indices. A rollup job is created with a pattern that would match both indices, and we verify that only the allowed document was rolled up (e.g. verifying that the unpermissioned index stays hidden). The second test creates a single index with two documents tagged by the keyword "public"/"private". An attribute-based role is created that only allows viewing "public" documents. We then verify the rollup job only rolled the "public" doc, and not the "private" one.
polyfractal
added
>test
|
Pinging @elastic/es-search-aggs |
polyfractal
added a commit
that referenced
this pull request
Aug 23, 2018
These two tests compliment the existing unit tests which check Rollup's ACL/security integration. The first test creates to indices, puts a document in each one, and then assigns a role to the test user that can only access one of the indices. A rollup job is created with a pattern that would match both indices, and we verify that only the allowed document was rolled up (e.g. verifying that the unpermissioned index stays hidden). The second test creates a single index with two documents tagged by the keyword "public"/"private". An attribute-based role is created that only allows viewing "public" documents. We then verify the rollup job only rolled the "public" doc, and not the "private" one.
martijnvg
added a commit
that referenced
this pull request
Aug 24, 2018
* es/master: (62 commits) [DOCS] Add docs for Application Privileges (#32635) Add versions 5.6.12 and 6.4.1 Do NOT allow termvectors on nested fields (#32728) [Rollup] Return empty response when aggs are missing (#32796) [TEST] Add some ACL yaml tests for Rollup (#33035) Move non duplicated actions back into xpack core (#32952) Test fix - GraphExploreResponseTests should not randomise array elements Closes #33086 Use `addIfAbsent` instead of checking if an element is contained TESTS: Fix Random Fail in MockTcpTransportTests (#33061) HLRC: Fix Compile Error From Missing Throws (#33083) [DOCS] Remove reload password from docs cf. #32889 HLRC: Add ML Get Buckets API (#33056) Watcher: Improve error messages for CronEvalTool (#32800) Search: Support of wildcard on docvalue_fields (#32980) Change query field expansion (#33020) INGEST: Cleanup Redundant Put Method (#33034) SQL: skip uppercasing/lowercasing function tests for AZ locales as well (#32910) Fix the default pom file name (#33063) Switch ml basic tests to new style Requests (#32483) Switch some watcher tests to new style Requests (#33044) ...
martijnvg
added a commit
that referenced
this pull request
Aug 24, 2018
* es/6.x: (58 commits) [DOCS] Add docs for Application Privileges (#32635) Add versions 5.6.12 and 6.4.1 [Rollup] Return empty response when aggs are missing (#32796) [TEST] Add some ACL yaml tests for Rollup (#33035) Test fix - GraphExploreResponseTests should not randomise array elements Closes #33086 Use `addIfAbsent` instead of checking if an element is contained HLRC: Fix Compile Error From Missing Throws (#33083) [DOCS] Remove reload password from docs cf. #32889 Use a dedicated ConnectionManger for RemoteClusterConnection (#32988) Watcher: Improve error messages for CronEvalTool (#32800) HLRC: Add ML Get Buckets API (#33056) Change query field expansion (#33020) Search: Support of wildcard on docvalue_fields (#32980) Add beta label to MSI on install Elasticsearch page (#28126) SQL: skip uppercasing/lowercasing function tests for AZ locales as well (#32910) [DOCS] Drafts Elasticsearch 6.4.0 release notes (#33039) Fix the default pom file name (#33063) Fix backport of switch ml basic tests to new style Requests (#32483) Switch ml basic tests to new style Requests (#32483) Switch some watcher tests to new style Requests (#33044) ...
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Aug 24, 2018
* ccr: (71 commits) Make CCR QA tests build again (elastic#33113) Add hook to skip asserting x-content equivalence (elastic#33114) Muted testListenersThrowingExceptionsDoNotCauseOtherListenersToBeSkipped [Rollup] Move getMetadata() methods out of rollup config objects (elastic#32579) fixed not returning response instance Muted testEmptyAuthorizedIndicesSearchForAllDisallowNoIndices Update Google Cloud Storage Library for Java (elastic#32940) Remove unsupported Version.V_5_* (elastic#32937) Required changes after merging in master branch. [DOCS] Add docs for Application Privileges (elastic#32635) Add versions 5.6.12 and 6.4.1 Do NOT allow termvectors on nested fields (elastic#32728) [Rollup] Return empty response when aggs are missing (elastic#32796) [TEST] Add some ACL yaml tests for Rollup (elastic#33035) Move non duplicated actions back into xpack core (elastic#32952) Test fix - GraphExploreResponseTests should not randomise array elements Closes elastic#33086 Use `addIfAbsent` instead of checking if an element is contained TESTS: Fix Random Fail in MockTcpTransportTests (elastic#33061) HLRC: Fix Compile Error From Missing Throws (elastic#33083) [DOCS] Remove reload password from docs cf. elastic#32889 ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No need for review, these tests were just sufficiently complicated that I wanted a CI run on them first before merging :)
These two tests compliment the existing unit tests which check Rollup's ACL/security integration.
The first test creates to indices, puts a document in each one, and then assigns a role to the test user that can only access one of the indices. A rollup job is created with a pattern that would match both indices, and we verify that only the allowed document was rolled up (e.g. verifying that the unpermissioned index stays hidden).
The second test creates a single index with two documents tagged by the keyword "public"/"private". An attribute-based role is created that only allows viewing "public" documents. We then verify the rollup job only rolled the "public" doc, and not the "private" one.