Example 16 with CreateIndexRequest
use of org.opensearch.action.admin.indices.create.CreateIndexRequest in project security by opensearch-project.
the class MultitenancyTests method testNoDnfof.
@Test
public void testNoDnfof() throws Exception {
final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_ROLES_MAPPING_RESOLUTION, "BOTH").build();
setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_nodnfof.yml"), settings);
final RestHelper rh = nonSslRestHelper();
try (Client tc = getClient()) {
tc.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
tc.index(new IndexRequest("indexa").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":\"indexa\"}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("indexb").id("0").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":\"indexb\"}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("vulcangov").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("starfleet").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("starfleet_academy").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("starfleet_library").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("klingonempire").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("public").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("spock").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("kirk").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.index(new IndexRequest("role01_role02").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
tc.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(AliasActions.add().indices("starfleet", "starfleet_academy", "starfleet_library").alias("sf"))).actionGet();
tc.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(AliasActions.add().indices("klingonempire", "vulcangov").alias("nonsf"))).actionGet();
tc.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(AliasActions.add().indices("public").alias("unrestricted"))).actionGet();
}
HttpResponse resc;
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("indexa,indexb/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("indexa,indexb/_search?pretty", encodeBasicHeader("user_b", "user_b"))).getStatusCode());
System.out.println(resc.getBody());
String msearchBody = "{\"index\":\"indexa\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"indexb\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator();
System.out.println("#### msearch a");
resc = rh.executePostRequest("_msearch?pretty", msearchBody, encodeBasicHeader("user_a", "user_a"));
Assert.assertEquals(200, resc.getStatusCode());
System.out.println(resc.getBody());
Assert.assertTrue(resc.getBody(), resc.getBody().contains("indexa"));
Assert.assertFalse(resc.getBody(), resc.getBody().contains("indexb"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("exception"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("permission"));
System.out.println("#### msearch b");
resc = rh.executePostRequest("_msearch?pretty", msearchBody, encodeBasicHeader("user_b", "user_b"));
Assert.assertEquals(200, resc.getStatusCode());
System.out.println(resc.getBody());
Assert.assertFalse(resc.getBody(), resc.getBody().contains("indexa"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("indexb"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("exception"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("permission"));
msearchBody = "{\"index\":\"indexc\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"indexd\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator();
System.out.println("#### msearch b2");
resc = rh.executePostRequest("_msearch?pretty", msearchBody, encodeBasicHeader("user_b", "user_b"));
System.out.println(resc.getBody());
Assert.assertEquals(200, resc.getStatusCode());
Assert.assertFalse(resc.getBody(), resc.getBody().contains("indexc"));
Assert.assertFalse(resc.getBody(), resc.getBody().contains("indexd"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("exception"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("permission"));
int count = resc.getBody().split("\"status\" : 403").length;
Assert.assertEquals(3, count);
String mgetBody = "{" + "\"docs\" : [" + "{" + "\"_index\" : \"indexa\"," + "\"_id\" : \"0\"" + " }," + " {" + "\"_index\" : \"indexb\"," + " \"_id\" : \"0\"" + "}" + "]" + "}";
resc = rh.executePostRequest("_mget?pretty", mgetBody, encodeBasicHeader("user_b", "user_b"));
Assert.assertEquals(200, resc.getStatusCode());
Assert.assertFalse(resc.getBody(), resc.getBody().contains("\"content\" : \"indexa\""));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("indexb"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("exception"));
Assert.assertTrue(resc.getBody(), resc.getBody().contains("permission"));
mgetBody = "{" + "\"docs\" : [" + "{" + "\"_index\" : \"indexx\"," + "\"_id\" : \"0\"" + " }," + " {" + "\"_index\" : \"indexy\"," + " \"_id\" : \"0\"" + "}" + "]" + "}";
resc = rh.executePostRequest("_mget?pretty", mgetBody, encodeBasicHeader("user_b", "user_b"));
Assert.assertEquals(200, resc.getStatusCode());
Assert.assertTrue(resc.getBody(), resc.getBody().contains("exception"));
count = resc.getBody().split("root_cause").length;
Assert.assertEquals(3, count);
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("index*/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
Assert.assertEquals(HttpStatus.SC_OK, (resc = rh.executeGetRequest("indexa/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("indexb/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("_all/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("notexists/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_NOT_FOUND, (resc = rh.executeGetRequest("indexanbh,indexabb*/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_FORBIDDEN, (resc = rh.executeGetRequest("starfleet/_search?pretty", encodeBasicHeader("user_a", "user_a"))).getStatusCode());
System.out.println(resc.getBody());
Assert.assertEquals(HttpStatus.SC_OK, (resc = rh.executeGetRequest("starfleet/_search?pretty", encodeBasicHeader("worf", "worf"))).getStatusCode());
System.out.println(resc.getBody());
}
Also used :
DynamicSecurityConfig(org.opensearch.security.test.DynamicSecurityConfig)
IndicesAliasesRequest(org.opensearch.action.admin.indices.alias.IndicesAliasesRequest)
HttpResponse(org.opensearch.security.test.helper.rest.RestHelper.HttpResponse)
Client(org.opensearch.client.Client)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
IndexRequest(org.opensearch.action.index.IndexRequest)
RestHelper(org.opensearch.security.test.helper.rest.RestHelper)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
SingleClusterTest(org.opensearch.security.test.SingleClusterTest)
Example 17 with CreateIndexRequest
use of org.opensearch.action.admin.indices.create.CreateIndexRequest in project security by opensearch-project.
the class MultitenancyTests method testMtMulti.
@Test
public void testMtMulti() throws Exception {
final Settings settings = Settings.builder().build();
setup(settings);
final String dashboardsIndex = ".kibana_92668751_admin_1";
try (Client tc = getClient()) {
String body = "{" + "\"type\" : \"index-pattern\"," + "\"updated_at\" : \"2018-09-29T08:56:59.066Z\"," + "\"index-pattern\" : {" + "\"title\" : \"humanresources\"" + "}}";
Map indexSettings = new HashMap();
indexSettings.put("number_of_shards", 1);
indexSettings.put("number_of_replicas", 0);
tc.admin().indices().create(new CreateIndexRequest(dashboardsIndex).settings(indexSettings).alias(new Alias(".kibana_92668751_admin"))).actionGet();
tc.index(new IndexRequest(dashboardsIndex).id("index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source(body, XContentType.JSON)).actionGet();
}
final RestHelper rh = nonSslRestHelper();
System.out.println("#### search");
HttpResponse res;
String body = "{\"query\" : {\"term\" : { \"_id\" : \"index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b\"}}}";
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executePostRequest(".kibana/_search/?pretty", body, new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains("humanresources"));
Assert.assertTrue(res.getBody().contains("\"value\" : 1"));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
System.out.println("#### msearch");
body = "{\"index\":\".kibana\", \"ignore_unavailable\": false}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator();
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executePostRequest("_msearch/?pretty", body, new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains("humanresources"));
Assert.assertTrue(res.getBody().contains("\"value\" : 1"));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
System.out.println("#### get");
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executeGetRequest(".kibana/_doc/index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b?pretty", new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains("humanresources"));
Assert.assertTrue(res.getBody().contains("\"found\" : true"));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
System.out.println("#### mget");
body = "{\"docs\" : [{\"_index\" : \".kibana\",\"_id\" : \"index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b\"}]}";
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executePostRequest("_mget/?pretty", body, new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains("humanresources"));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
System.out.println("#### index");
body = "{" + "\"type\" : \"index-pattern\"," + "\"updated_at\" : \"2017-09-29T08:56:59.066Z\"," + "\"index-pattern\" : {" + "\"title\" : \"xyz\"" + "}}";
Assert.assertEquals(HttpStatus.SC_CREATED, (res = rh.executePutRequest(".kibana/_doc/abc?pretty", body, new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains("\"result\" : \"created\""));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
System.out.println("#### bulk");
body = "{ \"index\" : { \"_index\" : \".kibana\", \"_id\" : \"b1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \".kibana\", \"_id\" : \"b2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator();
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executePutRequest("_bulk?pretty", body, new BasicHeader("securitytenant", "__user__"), encodeBasicHeader("admin", "admin"))).getStatusCode());
// System.out.println(res.getBody());
Assert.assertFalse(res.getBody().contains("exception"));
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
Assert.assertTrue(res.getBody().contains("\"errors\" : false"));
Assert.assertTrue(res.getBody().contains("\"result\" : \"created\""));
Assert.assertEquals(HttpStatus.SC_OK, (res = rh.executeGetRequest("_cat/indices", encodeBasicHeader("admin", "admin"))).getStatusCode());
Assert.assertEquals(2, res.getBody().split(".kibana").length);
Assert.assertTrue(res.getBody().contains(dashboardsIndex));
}
Also used :
HashMap(java.util.HashMap)
Alias(org.opensearch.action.admin.indices.alias.Alias)
HttpResponse(org.opensearch.security.test.helper.rest.RestHelper.HttpResponse)
Client(org.opensearch.client.Client)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
IndexRequest(org.opensearch.action.index.IndexRequest)
HashMap(java.util.HashMap)
Map(java.util.Map)
RestHelper(org.opensearch.security.test.helper.rest.RestHelper)
Settings(org.opensearch.common.settings.Settings)
BasicHeader(org.apache.http.message.BasicHeader)
Test(org.junit.Test)
SingleClusterTest(org.opensearch.security.test.SingleClusterTest)
Example 18 with CreateIndexRequest
use of org.opensearch.action.admin.indices.create.CreateIndexRequest in project security by opensearch-project.
the class ProtectedIndicesTests method testNonAccessCreateDocumentPatternSetting.
@Test
public void testNonAccessCreateDocumentPatternSetting() throws Exception {
setupSettingsIndexPatterns();
try (Client tc = getClient()) {
for (String pattern : listOfIndexPatternsToTest) {
String index = pattern.replace("*", "1");
tc.admin().indices().create(new CreateIndexRequest(index)).actionGet();
}
}
// Create rest client
RestHelper rh = nonSslRestHelper();
for (String pattern : listOfIndexPatternsToTest) {
// Try to create documents
String doc = "{\"foo\": \"bar\"}";
String index = pattern.replace("*", "1");
RestHelper.HttpResponse response = rh.executePostRequest(index + "/_doc", doc, indexAccessNoRoleUserHeader);
assertTrue(response.getStatusCode() == RestStatus.FORBIDDEN.getStatus());
assertTrue(response.getBody().contains(generalErrorMessage));
}
}
Also used :
Client(org.opensearch.client.Client)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
RestHelper(org.opensearch.security.test.helper.rest.RestHelper)
Test(org.junit.Test)
SingleClusterTest(org.opensearch.security.test.SingleClusterTest)
Example 19 with CreateIndexRequest
use of org.opensearch.action.admin.indices.create.CreateIndexRequest in project security by opensearch-project.
the class FlsFieldsTest method populateData.
protected void populateData(Client tc) {
tc.admin().indices().create(new CreateIndexRequest("deals").simpleMapping("timestamp", "type=date", "@timestamp", "type=date")).actionGet();
try {
String doc = FileHelper.loadFile("dlsfls/doc1.json");
for (int i = 0; i < 10; i++) {
final String moddoc = doc.replace("<name>", "cust" + i).replace("<employees>", "" + i).replace("<date>", "1970-01-02");
tc.index(new IndexRequest("deals").id("0" + i).setRefreshPolicy(RefreshPolicy.IMMEDIATE).source(moddoc, XContentType.JSON)).actionGet();
}
} catch (IOException e) {
Assert.fail(e.toString());
}
}
Also used :
IOException(java.io.IOException)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
IndexRequest(org.opensearch.action.index.IndexRequest)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
Example 20 with CreateIndexRequest
use of org.opensearch.action.admin.indices.create.CreateIndexRequest in project security by opensearch-project.
the class TransportUserInjectorIntegTest method testSecurityUserInjectionWithConfigDisabled.
@Test
public void testSecurityUserInjectionWithConfigDisabled() throws Exception {
final Settings clusterNodeSettings = Settings.builder().put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, false).build();
setup(clusterNodeSettings, new DynamicSecurityConfig().setSecurityRolesMapping("roles_transport_inject_user.yml"), Settings.EMPTY);
final Settings tcSettings = Settings.builder().put(minimumSecuritySettings(Settings.EMPTY).get(0)).put("cluster.name", clusterInfo.clustername).put("node.data", false).put("node.master", false).put("node.ingest", false).put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data").put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs").put("path.home", "./target").put("node.name", "testclient").put("discovery.initial_state_timeout", "8s").put("plugins.security.allow_default_init_securityindex", "true").put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, false).putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort).build();
// 1. without user injection
try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, UserInjectorPlugin.class).start()) {
waitForInit(node.client());
CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-1")).actionGet();
Assert.assertTrue(cir.isAcknowledged());
}
// with invalid backend roles
UserInjectorPlugin.injectedUser = "ttt|kkk";
try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, UserInjectorPlugin.class).start()) {
waitForInit(node.client());
CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-2")).actionGet();
// Should pass as the user injection is disabled
Assert.assertTrue(cir.isAcknowledged());
}
}
Also used :
PluginAwareNode(org.opensearch.node.PluginAwareNode)
DynamicSecurityConfig(org.opensearch.security.test.DynamicSecurityConfig)
Netty4Plugin(org.opensearch.transport.Netty4Plugin)
Node(org.opensearch.node.Node)
PluginAwareNode(org.opensearch.node.PluginAwareNode)
CreateIndexResponse(org.opensearch.action.admin.indices.create.CreateIndexResponse)
CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
SingleClusterTest(org.opensearch.security.test.SingleClusterTest)
Aggregations
CreateIndexRequest (org.opensearch.action.admin.indices.create.CreateIndexRequest)79
IndexRequest (org.opensearch.action.index.IndexRequest)34
Settings (org.opensearch.common.settings.Settings)31
Client (org.opensearch.client.Client)29
Test (org.junit.Test)27
SingleClusterTest (org.opensearch.security.test.SingleClusterTest)22
RestHelper (org.opensearch.security.test.helper.rest.RestHelper)19
IOException (java.io.IOException)18
HttpResponse (org.opensearch.security.test.helper.rest.RestHelper.HttpResponse)15
CreateIndexResponse (org.opensearch.action.admin.indices.create.CreateIndexResponse)13
DynamicSecurityConfig (org.opensearch.security.test.DynamicSecurityConfig)13
IndicesAliasesRequest (org.opensearch.action.admin.indices.alias.IndicesAliasesRequest)12
ActionListener (org.opensearch.action.ActionListener)11
IndexMetadata (org.opensearch.cluster.metadata.IndexMetadata)10
ThreadPool (org.opensearch.threadpool.ThreadPool)10
Alias (org.opensearch.action.admin.indices.alias.Alias)9
ClusterState (org.opensearch.cluster.ClusterState)9
Map (java.util.Map)8
ArrayList (java.util.ArrayList)7
HashMap (java.util.HashMap)7
