diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index a77ad02f0b..b22bd384d4 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -131,23 +131,20 @@ public void run() { try(StoredContext ctx = threadContext.stashContext()) { threadContext.putHeader(ConfigConstants.OPENDISTRO_SECURITY_CONF_REQUEST_HEADER, "true"); - final boolean isSecurityIndexCreated = createSecurityIndexIfAbsent(); + createSecurityIndexIfAbsent(); waitForSecurityIndexToBeAtLeastYellow(); - if (isSecurityIndexCreated) { - ConfigHelper.uploadFile(client, cd+"config.yml", securityIndex, CType.CONFIG, DEFAULT_CONFIG_VERSION); - ConfigHelper.uploadFile(client, cd+"roles.yml", securityIndex, CType.ROLES, DEFAULT_CONFIG_VERSION); - ConfigHelper.uploadFile(client, cd+"roles_mapping.yml", securityIndex, CType.ROLESMAPPING, DEFAULT_CONFIG_VERSION); - ConfigHelper.uploadFile(client, cd+"internal_users.yml", securityIndex, CType.INTERNALUSERS, DEFAULT_CONFIG_VERSION); - ConfigHelper.uploadFile(client, cd+"action_groups.yml", securityIndex, CType.ACTIONGROUPS, DEFAULT_CONFIG_VERSION); - if(DEFAULT_CONFIG_VERSION == 2) { - ConfigHelper.uploadFile(client, cd+"tenants.yml", securityIndex, CType.TENANTS, DEFAULT_CONFIG_VERSION); - } - final boolean populateEmptyIfFileMissing = true; - ConfigHelper.uploadFile(client, cd+"nodes_dn.yml", securityIndex, CType.NODESDN, DEFAULT_CONFIG_VERSION, populateEmptyIfFileMissing); - ConfigHelper.uploadFile(client, cd + "whitelist.yml", securityIndex, CType.WHITELIST, DEFAULT_CONFIG_VERSION, populateEmptyIfFileMissing); - LOGGER.info("Default config applied"); + ConfigHelper.uploadFile(client, cd+"config.yml", securityIndex, CType.CONFIG, DEFAULT_CONFIG_VERSION); + ConfigHelper.uploadFile(client, cd+"roles.yml", securityIndex, CType.ROLES, DEFAULT_CONFIG_VERSION); + ConfigHelper.uploadFile(client, cd+"roles_mapping.yml", securityIndex, CType.ROLESMAPPING, DEFAULT_CONFIG_VERSION); + ConfigHelper.uploadFile(client, cd+"internal_users.yml", securityIndex, CType.INTERNALUSERS, DEFAULT_CONFIG_VERSION); + ConfigHelper.uploadFile(client, cd+"action_groups.yml", securityIndex, CType.ACTIONGROUPS, DEFAULT_CONFIG_VERSION); + if(DEFAULT_CONFIG_VERSION == 2) { + ConfigHelper.uploadFile(client, cd+"tenants.yml", securityIndex, CType.TENANTS, DEFAULT_CONFIG_VERSION); } + final boolean populateEmptyIfFileMissing = true; + ConfigHelper.uploadFile(client, cd+"nodes_dn.yml", securityIndex, CType.NODESDN, DEFAULT_CONFIG_VERSION, populateEmptyIfFileMissing); + ConfigHelper.uploadFile(client, cd + "whitelist.yml", securityIndex, CType.WHITELIST, DEFAULT_CONFIG_VERSION, populateEmptyIfFileMissing); // audit.yml is not packaged by default final String auditConfigPath = cd + "audit.yml"; diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 972f0c1187..9d968df82f 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -30,6 +30,7 @@ package org.opensearch.security; +import java.io.File; import java.util.Iterator; import org.apache.http.Header; @@ -197,6 +198,33 @@ public void testDefaultConfig() throws Exception { Assert.assertEquals(HttpStatus.SC_OK, rh.executeGetRequest("", encodeBasicHeader("admin", "admin")).getStatusCode()); } + @Test + public void testInvalidDefaultConfig() throws Exception { + String defaultInitDirectory = System.getProperty("security.default_init.dir"); + try { + System.setProperty("security.default_init.dir", new File("./src/test/resources/invalid_config").getAbsolutePath()); + final Settings settings = Settings.builder() + .put(ConfigConstants.OPENDISTRO_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, true) + .build(); + setup(Settings.EMPTY, null, settings, false); + RestHelper rh = nonSslRestHelper(); + Thread.sleep(10000); + Assert.assertEquals(HttpStatus.SC_SERVICE_UNAVAILABLE, rh.executeGetRequest("", encodeBasicHeader("admin", "admin")).getStatusCode()); + + System.setProperty("security.default_init.dir", defaultInitDirectory); + restart(Settings.EMPTY, null, settings, false); + rh = nonSslRestHelper(); + Thread.sleep(10000); + Assert.assertEquals(HttpStatus.SC_OK, rh.executeGetRequest("", encodeBasicHeader("admin", "admin")).getStatusCode()); + } finally { + if (defaultInitDirectory != null) { + System.setProperty("security.default_init.dir", defaultInitDirectory); + } else { + System.clearProperty("security.default_init.dir"); + } + } + } + @Test public void testDisabled() throws Exception { diff --git a/src/test/java/org/opensearch/security/test/SingleClusterTest.java b/src/test/java/org/opensearch/security/test/SingleClusterTest.java index 7d28838f23..b1f2deb30a 100644 --- a/src/test/java/org/opensearch/security/test/SingleClusterTest.java +++ b/src/test/java/org/opensearch/security/test/SingleClusterTest.java @@ -71,6 +71,13 @@ protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig setup(initTransportClientSettings, dynamicSecuritySettings, nodeOverride, initSecurityIndex, ClusterConfiguration.DEFAULT); } + protected void restart(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initOpendistroSecurityIndex) throws Exception { + clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(ccs(nodeOverride)), ClusterConfiguration.DEFAULT); + if(initOpendistroSecurityIndex && dynamicSecuritySettings != null) { + initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings); + } + } + private Settings ccs(Settings nodeOverride) throws Exception { if(remoteClusterHelper != null) { Assert.assertNull("No remote clusters", remoteClusterInfo); diff --git a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java index 467f7dec96..6eeb088016 100644 --- a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java @@ -79,10 +79,12 @@ public final class ClusterHelper { protected final List opensearchNodes = new LinkedList<>(); private final String clustername; + private ClusterState clusterState; public ClusterHelper(String clustername) { super(); this.clustername = clustername; + this.clusterState = ClusterState.UNINITIALIZED; } public String getClusterName() { @@ -100,16 +102,22 @@ public final ClusterInfo startCluster(final NodeSettingsSupplier nodeSettingsSup return startCluster(nodeSettingsSupplier, clusterConfiguration, 10, null); } - public final synchronized ClusterInfo startCluster(final NodeSettingsSupplier nodeSettingsSupplier, ClusterConfiguration clusterConfiguration, int timeout, Integer nodes) throws Exception { + switch (clusterState) { + case UNINITIALIZED: + FileUtils.deleteDirectory(new File("./target/data/" + clustername)); + break; + case STARTED: + closeAllNodes(); + break; + } + if (!opensearchNodes.isEmpty()) { throw new RuntimeException("There are still " + opensearchNodes.size() + " nodes instantiated, close them first."); } - FileUtils.deleteDirectory(new File("./target/data/"+clustername)); - List internalNodeSettings = clusterConfiguration.getNodeSettings(); final String forkno = System.getProperty("forkno"); @@ -227,19 +235,23 @@ public void run() { throw new RuntimeException("Default template could not be created"); } + clusterState = ClusterState.STARTED; return cInfo; } public final void stopCluster() throws Exception { + closeAllNodes(); + FileUtils.deleteDirectory(new File("./target/data/"+clustername)); + } + private void closeAllNodes() throws Exception { //close non master nodes opensearchNodes.stream().filter(n->!n.isMasterEligible()).forEach(node->closeNode(node)); //close master nodes opensearchNodes.stream().filter(n->n.isMasterEligible()).forEach(node->closeNode(node)); opensearchNodes.clear(); - - FileUtils.deleteDirectory(new File("./target/data/"+clustername)); + clusterState = ClusterState.STOPPED; } private static void closeNode(Node node) { @@ -372,4 +384,10 @@ private Settings.Builder getMinimumNonSecurityNodeSettingsBuilder(final int node return (masterEligibleNodes/2) + 1; }*/ + + private enum ClusterState{ + UNINITIALIZED, + STARTED, + STOPPED + } } diff --git a/src/test/resources/invalid_config/config.yml b/src/test/resources/invalid_config/config.yml new file mode 100644 index 0000000000..08ce6826bf --- /dev/null +++ b/src/test/resources/invalid_config/config.yml @@ -0,0 +1,13 @@ +--- +_meta: + type: "config" + config_version: 2 + +INVALID_BLOB_HERE + +config: + dynamic: + filtered_alias_mode: "disallow" + disable_rest_auth: false + disable_intertransport_auth: false + respect_request_indices_options: false