Fixing version upgrade test

opendistro-for-elasticsearch · Dec 6, 2019 · fd8f81d · fd8f81d
1 parent 8cf60f2
commit fd8f81d
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 22 deletions.
diff --git a/.../java/com/amazon/opendistroforelasticsearch/security/dlic/rest/api/ValidateApiAction.java b/.../java/com/amazon/opendistroforelasticsearch/security/dlic/rest/api/ValidateApiAction.java
@@ -83,10 +83,10 @@ protected void handleGet(RestChannel channel, RestRequest request, Client client
 
         try {
             final SecurityDynamicConfiguration<ConfigV6> configV6 = (SecurityDynamicConfiguration<ConfigV6>) loadedConfig;
-            final SecurityDynamicConfiguration<ActionGroupsV6> actionGroupsV6 = (SecurityDynamicConfiguration<ActionGroupsV6>) load(CType.ACTIONGROUPS, true);
-            final SecurityDynamicConfiguration<InternalUserV6> internalUsersV6 = (SecurityDynamicConfiguration<InternalUserV6>) load(CType.INTERNALUSERS, true);
-            final SecurityDynamicConfiguration<RoleV6> rolesV6 = (SecurityDynamicConfiguration<RoleV6>) load(CType.ROLES, true);
-            final SecurityDynamicConfiguration<RoleMappingsV6> rolesmappingV6 = (SecurityDynamicConfiguration<RoleMappingsV6>) load(CType.ROLESMAPPING, true);
+            final SecurityDynamicConfiguration<ActionGroupsV6> actionGroupsV6 = (SecurityDynamicConfiguration<ActionGroupsV6>) load(CType.ACTIONGROUPS, true, acceptInvalid);
+            final SecurityDynamicConfiguration<InternalUserV6> internalUsersV6 = (SecurityDynamicConfiguration<InternalUserV6>) load(CType.INTERNALUSERS, true, acceptInvalid);
+            final SecurityDynamicConfiguration<RoleV6> rolesV6 = (SecurityDynamicConfiguration<RoleV6>) load(CType.ROLES, true, acceptInvalid);
+            final SecurityDynamicConfiguration<RoleMappingsV6> rolesmappingV6 = (SecurityDynamicConfiguration<RoleMappingsV6>) load(CType.ROLESMAPPING, true, acceptInvalid);
 
             final SecurityDynamicConfiguration<ActionGroupsV7> actionGroupsV7 = Migration.migrateActionGroups(actionGroupsV6);
             final SecurityDynamicConfiguration<ConfigV7> configV7 = Migration.migrateConfig(configV6);

diff --git a/...est/java/com/amazon/opendistroforelasticsearch/security/dlic/rest/api/MigrationTests.java b/...est/java/com/amazon/opendistroforelasticsearch/security/dlic/rest/api/MigrationTests.java
@@ -35,8 +35,8 @@ public void testSecurityMigrate() throws Exception {
 
         final Settings settings = Settings.builder().put(SSLConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_CLIENTAUTH_MODE, "REQUIRE")
                 .put("opendistro_security.ssl.http.enabled", true)
-                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks"))
-                .put("opendistro_security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).build();
+                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/node-0-keystore.jks"))
+                .put("opendistro_security.ssl.http.truststore_filepath",FileHelper.getAbsoluteFilePathFromClassPath("migration/truststore.jks")).build();
         setup(Settings.EMPTY, new DynamicSecurityConfig().setLegacy(), settings, true);
         final RestHelper rh = restHelper(); //ssl resthelper
 
@@ -62,28 +62,28 @@ public void testSecurityMigrate() throws Exception {
     @Test
     public void testSecurityMigrateInvalid() throws Exception {
         final Settings settings = Settings.builder().put(SSLConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_CLIENTAUTH_MODE, "REQUIRE")
-                .put("searchguard.ssl.http.enabled", true)
-                .put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks"))
-                .put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks"))
+                .put("opendistro_security.ssl.http.enabled", true)
+                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/node-0-keystore.jks"))
+                .put("opendistro_security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/truststore.jks"))
                 .put(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_ACCEPT_INVALID_CONFIG, true)
                 .build();
-        setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityInternalUsers("security_internal_users2.yml").setLegacy(), settings, true);
+        setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityInternalUsers("internal_users2.yml").setLegacy(), settings, true);
         final RestHelper rh = restHelper(); //ssl resthelper
 
         rh.enableHTTPClientSSL = true;
         rh.trustHTTPServerCertificate = true;
         rh.sendHTTPClientCertificate = true;
         rh.keystore = "kirk-keystore.jks";
 
-        HttpResponse res = rh.executePostRequest("_searchguard/api/migrate?pretty", "");
+        HttpResponse res = rh.executePostRequest("_opendistro/_security/api/migrate?pretty", "");
         assertContains(res, "*Migration completed*");
         Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode());
 
-        res = rh.executePostRequest("_searchguard/api/migrate?pretty", "");
+        res = rh.executePostRequest("_opendistro/_security/api/migrate?pretty", "");
         assertContains(res, "*it was already migrated*");
         Assert.assertEquals(HttpStatus.SC_BAD_REQUEST, res.getStatusCode());
 
-        res = rh.executeGetRequest("_searchguard/api/validate?pretty");
+        res = rh.executeGetRequest("_opendistro/_security/api/validate?pretty");
         assertContains(res, "*it was already migrated*");
         Assert.assertEquals(HttpStatus.SC_BAD_REQUEST, res.getStatusCode());
 
@@ -93,8 +93,8 @@ public void testSecurityMigrateInvalid() throws Exception {
     public void testSecurityValidate() throws Exception {
         final Settings settings = Settings.builder().put(SSLConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_CLIENTAUTH_MODE, "REQUIRE")
                 .put("opendistro_security.ssl.http.enabled", true)
-                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks"))
-                .put("opendistro_security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).build();
+                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/node-0-keystore.jks"))
+                .put("opendistro_security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/truststore.jks")).build();
         setup(Settings.EMPTY, new DynamicSecurityConfig().setLegacy(), settings, true);
         final RestHelper rh = restHelper(); //ssl resthelper
 
@@ -110,26 +110,26 @@ public void testSecurityValidate() throws Exception {
     }
 
     @Test
-    public void testSgValidateWithInvalidConfig() throws Exception {
+    public void testSecurityValidateWithInvalidConfig() throws Exception {
         final Settings settings = Settings.builder().put(SSLConfigConstants.OPENDISTRO_SECURITY_SSL_HTTP_CLIENTAUTH_MODE, "REQUIRE")
-                .put("searchguard.ssl.http.enabled", true)
-                .put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks"))
-                .put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks"))
+                .put("opendistro_security.ssl.http.enabled", true)
+                .put("opendistro_security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/node-0-keystore.jks"))
+                .put("opendistro_security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("migration/truststore.jks"))
                 .put(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_ACCEPT_INVALID_CONFIG, true)
                 .build();
-        setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityInternalUsers("security_internal_users2.yml").setLegacy(), settings, true);
+        setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityInternalUsers("internal_users2.yml").setLegacy(), settings, true);
         final RestHelper rh = restHelper(); //ssl resthelper
 
         rh.enableHTTPClientSSL = true;
         rh.trustHTTPServerCertificate = true;
         rh.sendHTTPClientCertificate = true;
         rh.keystore = "kirk-keystore.jks";
 
-        HttpResponse res = rh.executeGetRequest("_searchguard/api/validate?accept_invalid=true&pretty");
+        HttpResponse res = rh.executeGetRequest("_opendistro/_security/api/validate?accept_invalid=true&pretty");
         assertContains(res, "*OK*");
         Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode());
 
-        res = rh.executeGetRequest("_searchguard/api/validate?pretty");
+        res = rh.executeGetRequest("_opendistro/_security/api/validate?pretty");
         assertContains(res, "*Configuration is not valid*");
         Assert.assertEquals(HttpStatus.SC_INTERNAL_SERVER_ERROR, res.getStatusCode());
 

diff --git a/...g_v6/migration/security_action_groups.yml → ...rityconfig_v6/migration/action_groups.yml b/...g_v6/migration/security_action_groups.yml → ...rityconfig_v6/migration/action_groups.yml
diff --git a/...tyconfig_v6/migration/security_config.yml → ...cy/securityconfig_v6/migration/config.yml b/...tyconfig_v6/migration/security_config.yml → ...cy/securityconfig_v6/migration/config.yml
diff --git a/src/test/resources/legacy/securityconfig_v6/migration/internal_users.yml b/src/test/resources/legacy/securityconfig_v6/migration/internal_users.yml
@@ -0,0 +1,45 @@
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+#password is: admin
+admin:
+  readonly: true
+  hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG
+  roles:
+    - admin
+  attributes:
+    #no dots allowed in attribute names
+    attribute1: value1
+    attribute2: value2
+    attribute3: value3
+
+#password is: logstash
+logstash:
+  hash: $2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2
+  roles:
+    - logstash
+
+#password is: kibanaserver
+kibanaserver:
+  readonly: true
+  hash: $2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.
+
+#password is: kibanaro
+kibanaro:
+  hash: $2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC
+  roles:
+    - kibanauser
+    - readall
+
+#password is: readall
+readall:
+  hash: $2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2
+  #password is: readall
+  roles:
+    - readall
+
+#password is: snapshotrestore
+snapshotrestore:
+  hash: $2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W
+  roles:
+    - snapshotrestore
diff --git a/...v6/migration/security_internal_users2.yml → ...tyconfig_v6/migration/internal_users2.yml b/...v6/migration/security_internal_users2.yml → ...tyconfig_v6/migration/internal_users2.yml
diff --git a/...ityconfig_v6/migration/security_roles.yml → ...acy/securityconfig_v6/migration/roles.yml b/...ityconfig_v6/migration/security_roles.yml → ...acy/securityconfig_v6/migration/roles.yml
diff --git a/...g_v6/migration/security_roles_mapping.yml → ...rityconfig_v6/migration/roles_mapping.yml b/...g_v6/migration/security_roles_mapping.yml → ...rityconfig_v6/migration/roles_mapping.yml