Skip to content

Commit

Permalink
Add Alias Permission in Security Tests (#1245)
Browse files Browse the repository at this point in the history
The SecureADRestIT.testCreateAnomalyDetectorWithCustomResultIndex test failed because the cat user did not have the necessary permissions to create an alias, as the current custom index name is an alias. This PR addresses this issue by adding the required alias permission.

Additionally, this PR includes other tests to improve test coverage.

Testing:
* Verified that all security tests pass.

Signed-off-by: Kaituo Li <[email protected]>
  • Loading branch information
kaituo authored Jun 13, 2024
1 parent 16a6b49 commit b9eff78
Show file tree
Hide file tree
Showing 13 changed files with 457 additions and 29 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ public void setup() throws Exception {
ActionListener<GetResponse> listener = (ActionListener<GetResponse>) args[1];

if (request.index().equals(CommonName.JOB_INDEX)) {
Job job = TestHelpers.randomAnomalyDetectorJob(true);
Job job = TestHelpers.randomJob(true);
listener.onResponse(TestHelpers.createGetResponse(job, randomAlphaOfLength(5), CommonName.JOB_INDEX));
}
return null;
Expand Down Expand Up @@ -788,7 +788,7 @@ public void testMarkResultIndexQueried() throws IOException {

doAnswer(invocation -> {
ActionListener<Optional<Job>> listener = invocation.getArgument(1);
listener.onResponse(Optional.of(TestHelpers.randomAnomalyDetectorJob(true, Instant.ofEpochMilli(1602401500000L), null)));
listener.onResponse(Optional.of(TestHelpers.randomJob(true, Instant.ofEpochMilli(1602401500000L), null)));
return null;
}).when(nodeStateManager).getJob(any(String.class), any(ActionListener.class));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -147,11 +147,11 @@ private void setUpClientGet(
listener.onFailure(new IndexNotFoundException(CommonName.JOB_INDEX));
break;
case DISABLED:
job = TestHelpers.randomAnomalyDetectorJob(false, jobEnabledTime, null);
job = TestHelpers.randomJob(false, jobEnabledTime, null);
listener.onResponse(TestHelpers.createGetResponse(job, detector.getId(), CommonName.JOB_INDEX));
break;
case ENABLED:
job = TestHelpers.randomAnomalyDetectorJob(true, jobEnabledTime, null);
job = TestHelpers.randomJob(true, jobEnabledTime, null);
listener.onResponse(TestHelpers.createGetResponse(job, detector.getId(), CommonName.JOB_INDEX));
break;
default:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -485,7 +485,8 @@ public Response createIndexRole(String role, String index) throws IOException {
+ "\"masked_fields\": [],\n"
+ "\"allowed_actions\": [\n"
+ "\"crud\",\n"
+ "\"indices:admin/create\"\n"
+ "\"indices:admin/create\",\n"
+ "\"indices:admin/aliases\"\n"
+ "]\n"
+ "}\n"
+ "],\n"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ public void setUp() throws Exception {

categoryField = "a";
detector = TestHelpers.randomAnomalyDetectorUsingCategoryFields(detectorId, Arrays.asList(categoryField));
job = TestHelpers.randomAnomalyDetectorJob(true);
job = TestHelpers.randomJob(true);

requiredSamples = 128;
client = mock(Client.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ public void setUp() throws Exception {
detectorId = "A69pa3UBHuCbh-emo9oR";
detector = TestHelpers.randomAnomalyDetectorUsingCategoryFields(detectorId, Arrays.asList("a"));
result = new DetectorInternalState.Builder().lastUpdateTime(Instant.now());
job = TestHelpers.randomAnomalyDetectorJob(true);
job = TestHelpers.randomJob(true);
adTaskManager = mock(ADTaskManager.class);
transportService = mock(TransportService.class);
doAnswer(invocation -> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ protected NamedWriteableRegistry writableRegistry() {
}

public void testParseAnomalyDetectorJob() throws IOException {
Job anomalyDetectorJob = TestHelpers.randomAnomalyDetectorJob();
Job anomalyDetectorJob = TestHelpers.randomJob();
String anomalyDetectorJobString = TestHelpers
.xContentBuilderToString(anomalyDetectorJob.toXContent(TestHelpers.builder(), ToXContent.EMPTY_PARAMS));
anomalyDetectorJobString = anomalyDetectorJobString
Expand All @@ -50,7 +50,7 @@ public void testParseAnomalyDetectorJob() throws IOException {
}

public void testSerialization() throws IOException {
Job anomalyDetectorJob = TestHelpers.randomAnomalyDetectorJob();
Job anomalyDetectorJob = TestHelpers.randomJob();
BytesStreamOutput output = new BytesStreamOutput();
anomalyDetectorJob.writeTo(output);
NamedWriteableAwareStreamInput input = new NamedWriteableAwareStreamInput(output.bytes().streamInput(), writableRegistry());
Expand Down
6 changes: 5 additions & 1 deletion src/test/java/org/opensearch/ad/rest/SecureADRestIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -409,7 +409,11 @@ public void testCreateAnomalyDetectorWithCustomResultIndex() throws IOException
AnomalyDetector detector = cloneDetector(anomalyDetector, resultIndex);
// User goat has no permission to create index
Exception exception = expectThrows(IOException.class, () -> { createAnomalyDetector(detector, true, goatClient); });
Assert.assertTrue(exception.getMessage().contains("no permissions for [indices:admin/create]"));
Assert
.assertTrue(
"got " + exception.getMessage(),
exception.getMessage().contains("no permissions for [indices:admin/aliases, indices:admin/create]")
);

// User cat has permission to create index
resultIndex = ADCommonName.CUSTOM_RESULT_INDEX_PREFIX + "test2";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ private GetAnomalyDetectorResponse createGetAnomalyDetectorResponse(boolean retu
randomLong(),
randomLong(),
TestHelpers.randomAnomalyDetector(ImmutableList.of(), ImmutableMap.of(), Instant.now().truncatedTo(ChronoUnit.SECONDS)),
TestHelpers.randomAnomalyDetectorJob(),
TestHelpers.randomJob(),
returnJob,
TestHelpers.randomAdTask(),
TestHelpers.randomAdTask(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ public void testGetAnomalyDetectorRequestNoEntityValue() throws IOException {
public void testGetAnomalyDetectorResponse() throws IOException {
BytesStreamOutput out = new BytesStreamOutput();
AnomalyDetector detector = TestHelpers.randomAnomalyDetector(ImmutableMap.of("testKey", "testValue"), Instant.now());
Job adJob = TestHelpers.randomAnomalyDetectorJob();
Job adJob = TestHelpers.randomJob();
GetAnomalyDetectorResponse response = new GetAnomalyDetectorResponse(
4321,
"1234",
Expand Down Expand Up @@ -205,7 +205,7 @@ public void testGetAnomalyDetectorResponse() throws IOException {
public void testGetAnomalyDetectorProfileResponse() throws IOException {
BytesStreamOutput out = new BytesStreamOutput();
AnomalyDetector detector = TestHelpers.randomAnomalyDetector(ImmutableMap.of("testKey", "testValue"), Instant.now());
Job adJob = TestHelpers.randomAnomalyDetectorJob();
Job adJob = TestHelpers.randomJob();
InitProgressProfile initProgress = new InitProgressProfile("99%", 2L, 2);
EntityProfile entityProfile = new EntityProfile.Builder().initProgress(initProgress).build();
GetAnomalyDetectorResponse response = new GetAnomalyDetectorResponse(
Expand Down
Loading

0 comments on commit b9eff78

Please sign in to comment.