Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TEST] Add some security access control yaml tests for Rollup #33035

Merged
merged 1 commit into from
Aug 23, 2018
Merged

[TEST] Add some security access control yaml tests for Rollup #33035

merged 1 commit into from
Aug 23, 2018

Conversation

polyfractal
Copy link
Contributor

No need for review, these tests were just sufficiently complicated that I wanted a CI run on them first before merging :)

These two tests compliment the existing unit tests which check Rollup's ACL/security integration.

The first test creates to indices, puts a document in each one, and then assigns a role to the test user that can only access one of the indices. A rollup job is created with a pattern that would match both indices, and we verify that only the allowed document was rolled up (e.g. verifying that the unpermissioned index stays hidden).

The second test creates a single index with two documents tagged by the keyword "public"/"private". An attribute-based role is created that only allows viewing "public" documents. We then verify the rollup job only rolled the "public" doc, and not the "private" one.

@polyfractal
[TEST] Add some ACL yaml tests for Rollup
1ced969 
These two tests compliment the existing unit tests which check Rollup's
ACL/security integration.

The first test creates to indices, puts a document in each one, and then
assigns a role to the test user that can only access one of the indices.
A rollup job is created with a pattern that would match both indices,
and we verify that only the allowed document was rolled up (e.g. verifying
that the unpermissioned index stays hidden).

The second test creates a single index with two documents tagged by
the keyword "public"/"private".  An attribute-based role is created
that only allows viewing "public" documents.  We then verify the rollup
job only rolled the "public" doc, and not the "private" one.
@polyfractal polyfractal added >test Issues or PRs that are addressing/adding tests v7.0.0 :StorageEngine/Rollup Turn fine-grained time-based data into coarser-grained data v6.5.0 labels Aug 21, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search-aggs

@polyfractal polyfractal merged commit 0da981a into elastic:master Aug 23, 2018
polyfractal added a commit that referenced this pull request Aug 23, 2018
@polyfractal
[TEST] Add some ACL yaml tests for Rollup (#33035)
f473869 
These two tests compliment the existing unit tests which check Rollup's
ACL/security integration.

The first test creates to indices, puts a document in each one, and then
assigns a role to the test user that can only access one of the indices.
A rollup job is created with a pattern that would match both indices,
and we verify that only the allowed document was rolled up (e.g. verifying
that the unpermissioned index stays hidden).

The second test creates a single index with two documents tagged by
the keyword "public"/"private".  An attribute-based role is created
that only allows viewing "public" documents.  We then verify the rollup
job only rolled the "public" doc, and not the "private" one.
martijnvg added a commit that referenced this pull request Aug 24, 2018
@martijnvg
Merge remote-tracking branch 'es/master' into ccr
82592dd 
* es/master: (62 commits)
  [DOCS] Add docs for Application Privileges (#32635)
  Add versions 5.6.12 and 6.4.1
  Do NOT allow termvectors on nested fields (#32728)
  [Rollup] Return empty response when aggs are missing (#32796)
  [TEST] Add some ACL yaml tests for Rollup (#33035)
  Move non duplicated actions back into xpack core (#32952)
  Test fix - GraphExploreResponseTests should not randomise array elements Closes #33086
  Use `addIfAbsent` instead of checking if an element is contained
  TESTS: Fix Random Fail in MockTcpTransportTests (#33061)
  HLRC: Fix Compile Error From Missing Throws (#33083)
  [DOCS] Remove reload password from docs cf. #32889
  HLRC: Add ML Get Buckets API (#33056)
  Watcher: Improve error messages for CronEvalTool (#32800)
  Search: Support of wildcard on docvalue_fields (#32980)
  Change query field expansion (#33020)
  INGEST: Cleanup Redundant Put Method (#33034)
  SQL: skip uppercasing/lowercasing function tests for AZ locales as well (#32910)
  Fix the default pom file name (#33063)
  Switch ml basic tests to new style Requests (#32483)
  Switch some watcher tests to new style Requests (#33044)
  ...
martijnvg added a commit that referenced this pull request Aug 24, 2018
@martijnvg
Merge remote-tracking branch 'es/6.x' into ccr-6.x
943caaf 
* es/6.x: (58 commits)
  [DOCS] Add docs for Application Privileges (#32635)
  Add versions 5.6.12 and 6.4.1
  [Rollup] Return empty response when aggs are missing (#32796)
  [TEST] Add some ACL yaml tests for Rollup (#33035)
  Test fix - GraphExploreResponseTests should not randomise array elements Closes #33086
  Use `addIfAbsent` instead of checking if an element is contained
  HLRC: Fix Compile Error From Missing Throws (#33083)
  [DOCS] Remove reload password from docs cf. #32889
  Use a dedicated ConnectionManger for RemoteClusterConnection (#32988)
  Watcher: Improve error messages for CronEvalTool (#32800)
  HLRC: Add ML Get Buckets API (#33056)
  Change query field expansion (#33020)
  Search: Support of wildcard on docvalue_fields (#32980)
  Add beta label to MSI on install Elasticsearch page (#28126)
  SQL: skip uppercasing/lowercasing function tests for AZ locales as well (#32910)
  [DOCS] Drafts Elasticsearch 6.4.0 release notes (#33039)
  Fix the default pom file name (#33063)
  Fix backport of switch ml basic tests to new style Requests (#32483)
  Switch ml basic tests to new style Requests (#32483)
  Switch some watcher tests to new style Requests (#33044)
  ...
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Aug 24, 2018
@jasontedor
Merge branch 'ccr' into ccr-fetch-exceptions
3efdf20 
* ccr: (71 commits)
  Make CCR QA tests build again (elastic#33113)
  Add hook to skip asserting x-content equivalence (elastic#33114)
  Muted testListenersThrowingExceptionsDoNotCauseOtherListenersToBeSkipped
  [Rollup] Move getMetadata() methods out of rollup config objects (elastic#32579)
  fixed not returning response instance
  Muted testEmptyAuthorizedIndicesSearchForAllDisallowNoIndices
  Update Google Cloud Storage Library for Java (elastic#32940)
  Remove unsupported Version.V_5_* (elastic#32937)
  Required changes after merging in master branch.
  [DOCS] Add docs for Application Privileges (elastic#32635)
  Add versions 5.6.12 and 6.4.1
  Do NOT allow termvectors on nested fields (elastic#32728)
  [Rollup] Return empty response when aggs are missing (elastic#32796)
  [TEST] Add some ACL yaml tests for Rollup (elastic#33035)
  Move non duplicated actions back into xpack core (elastic#32952)
  Test fix - GraphExploreResponseTests should not randomise array elements Closes elastic#33086
  Use `addIfAbsent` instead of checking if an element is contained
  TESTS: Fix Random Fail in MockTcpTransportTests (elastic#33061)
  HLRC: Fix Compile Error From Missing Throws (elastic#33083)
  [DOCS] Remove reload password from docs cf. elastic#32889
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
:StorageEngine/Rollup Turn fine-grained time-based data into coarser-grained data >test Issues or PRs that are addressing/adding tests v6.5.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@polyfractal @elasticmachine @colings86