Search in sources :

Example 1 with IndicesExistsRequest

use of org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest in project OpenSearch by opensearch-project.

the class IndicesExistsIT method testIndicesExists.

// Indices exists never throws IndexMissingException, the indices options control its behaviour (return true or false)
public void testIndicesExists() throws Exception {
    assertFalse(client().admin().indices().prepareExists("foo").get().isExists());
    assertFalse(client().admin().indices().prepareExists("foo*").get().isExists());
    assertFalse(client().admin().indices().prepareExists("_all").get().isExists());
    createIndex("foo", "foobar", "bar", "barbaz");
    IndicesExistsRequestBuilder indicesExistsRequestBuilder = client().admin().indices().prepareExists("foo*").setExpandWildcardsOpen(false);
    IndicesExistsRequest request = indicesExistsRequestBuilder.request();
    // check that ignore unavailable and allow no indices are set to false. That is their only valid value as it can't be overridden
    assertFalse(request.indicesOptions().ignoreUnavailable());
    assertFalse(request.indicesOptions().allowNoIndices());
    assertThat(indicesExistsRequestBuilder.get().isExists(), equalTo(false));
    assertAcked(client().admin().indices().prepareClose("foobar").get());
    assertThat(client().admin().indices().prepareExists("foo*").get().isExists(), equalTo(true));
    assertThat(client().admin().indices().prepareExists("foo*").setExpandWildcardsOpen(false).setExpandWildcardsClosed(false).get().isExists(), equalTo(false));
    assertThat(client().admin().indices().prepareExists("foobar").get().isExists(), equalTo(true));
    assertThat(client().admin().indices().prepareExists("foob*").setExpandWildcardsClosed(false).get().isExists(), equalTo(false));
    assertThat(client().admin().indices().prepareExists("bar*").get().isExists(), equalTo(true));
    assertThat(client().admin().indices().prepareExists("bar").get().isExists(), equalTo(true));
    assertThat(client().admin().indices().prepareExists("_all").get().isExists(), equalTo(true));
}
Also used : IndicesExistsRequestBuilder(org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequestBuilder) IndicesExistsRequest(org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest)

Example 2 with IndicesExistsRequest

use of org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest in project security by opensearch-project.

the class RolesInjectorIntegTest method testRolesInject.

@Test
public void testRolesInject() throws Exception {
    setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles("roles.yml"), Settings.EMPTY);
    Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes());
    Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus());
    final Settings tcSettings = Settings.builder().put(minimumSecuritySettings(Settings.EMPTY).get(0)).put("cluster.name", clusterInfo.clustername).put("node.data", false).put("node.master", false).put("node.ingest", false).put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data").put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs").put("path.home", "./target").put("node.name", "testclient").put("discovery.initial_state_timeout", "8s").put("plugins.security.allow_default_init_securityindex", "true").putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort).build();
    // 1. Without roles injection.
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesInjectorPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-1")).actionGet();
        Assert.assertTrue(cir.isAcknowledged());
        IndicesExistsResponse ier = node.client().admin().indices().exists(new IndicesExistsRequest("captain-logs-1")).actionGet();
        Assert.assertTrue(ier.isExists());
    }
    // 2. With invalid roles, must throw security exception.
    RolesInjectorPlugin.injectedRoles = "invalid_user|invalid_role";
    Exception exception = null;
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesInjectorPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-2")).actionGet();
        Assert.assertTrue(cir.isAcknowledged());
    } catch (OpenSearchSecurityException ex) {
        exception = ex;
        log.warn(ex.toString());
    }
    Assert.assertNotNull(exception);
    Assert.assertTrue(exception.getMessage().contains("indices:admin/create"));
    // 3. With valid roles - which has permission to create index.
    RolesInjectorPlugin.injectedRoles = "valid_user|opendistro_security_all_access";
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesInjectorPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-3")).actionGet();
        Assert.assertTrue(cir.isAcknowledged());
        IndicesExistsResponse ier = node.client().admin().indices().exists(new IndicesExistsRequest("captain-logs-3")).actionGet();
        Assert.assertTrue(ier.isExists());
    }
}
Also used : OpenSearchSecurityException(org.opensearch.OpenSearchSecurityException) ClusterHealthRequest(org.opensearch.action.admin.cluster.health.ClusterHealthRequest) Netty4Plugin(org.opensearch.transport.Netty4Plugin) Node(org.opensearch.node.Node) PluginAwareNode(org.opensearch.node.PluginAwareNode) OpenSearchSecurityException(org.opensearch.OpenSearchSecurityException) PluginAwareNode(org.opensearch.node.PluginAwareNode) DynamicSecurityConfig(org.opensearch.security.test.DynamicSecurityConfig) IndicesExistsResponse(org.opensearch.action.admin.indices.exists.indices.IndicesExistsResponse) CreateIndexResponse(org.opensearch.action.admin.indices.create.CreateIndexResponse) CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest) Settings(org.opensearch.common.settings.Settings) IndicesExistsRequest(org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest) Test(org.junit.Test) SingleClusterTest(org.opensearch.security.test.SingleClusterTest)

Example 3 with IndicesExistsRequest

use of org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest in project security by opensearch-project.

the class RolesValidationIntegTest method testRolesValidation.

@Test
public void testRolesValidation() throws Exception {
    setup(Settings.EMPTY, new DynamicSecurityConfig().setSecurityRoles("roles.yml"), Settings.EMPTY);
    final Settings tcSettings = Settings.builder().put(minimumSecuritySettings(Settings.EMPTY).get(0)).put("cluster.name", clusterInfo.clustername).put("node.data", false).put("node.master", false).put("node.ingest", false).put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data").put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs").put("path.home", "./target").put("node.name", "testclient").put("discovery.initial_state_timeout", "8s").put("plugins.security.allow_default_init_securityindex", "true").putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort).build();
    // 1. Without roles validation
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesValidationPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-1")).actionGet();
        Assert.assertTrue(cir.isAcknowledged());
        IndicesExistsResponse ier = node.client().admin().indices().exists(new IndicesExistsRequest("captain-logs-1")).actionGet();
        Assert.assertTrue(ier.isExists());
    }
    OpenSearchSecurityException exception = null;
    // 2. with roles invalid to the user
    RolesValidationPlugin.rolesValidation = "invalid_role";
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesValidationPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-2")).actionGet();
    } catch (OpenSearchSecurityException ex) {
        exception = ex;
    }
    Assert.assertNotNull(exception);
    Assert.assertTrue(exception.getMessage().contains("No mapping for"));
    // 3. with roles valid to the user
    RolesValidationPlugin.rolesValidation = "opendistro_security_all_access";
    try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, OpenSearchSecurityPlugin.class, RolesValidationPlugin.class).start()) {
        waitForInit(node.client());
        CreateIndexResponse cir = node.client().admin().indices().create(new CreateIndexRequest("captain-logs-3")).actionGet();
        Assert.assertTrue(cir.isAcknowledged());
    }
}
Also used : OpenSearchSecurityException(org.opensearch.OpenSearchSecurityException) PluginAwareNode(org.opensearch.node.PluginAwareNode) DynamicSecurityConfig(org.opensearch.security.test.DynamicSecurityConfig) Netty4Plugin(org.opensearch.transport.Netty4Plugin) Node(org.opensearch.node.Node) PluginAwareNode(org.opensearch.node.PluginAwareNode) IndicesExistsResponse(org.opensearch.action.admin.indices.exists.indices.IndicesExistsResponse) CreateIndexResponse(org.opensearch.action.admin.indices.create.CreateIndexResponse) CreateIndexRequest(org.opensearch.action.admin.indices.create.CreateIndexRequest) Settings(org.opensearch.common.settings.Settings) IndicesExistsRequest(org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest) Test(org.junit.Test) SingleClusterTest(org.opensearch.security.test.SingleClusterTest)

Aggregations

IndicesExistsRequest (org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequest)3 Test (org.junit.Test)2 OpenSearchSecurityException (org.opensearch.OpenSearchSecurityException)2 CreateIndexRequest (org.opensearch.action.admin.indices.create.CreateIndexRequest)2 CreateIndexResponse (org.opensearch.action.admin.indices.create.CreateIndexResponse)2 IndicesExistsResponse (org.opensearch.action.admin.indices.exists.indices.IndicesExistsResponse)2 Settings (org.opensearch.common.settings.Settings)2 Node (org.opensearch.node.Node)2 PluginAwareNode (org.opensearch.node.PluginAwareNode)2 DynamicSecurityConfig (org.opensearch.security.test.DynamicSecurityConfig)2 SingleClusterTest (org.opensearch.security.test.SingleClusterTest)2 Netty4Plugin (org.opensearch.transport.Netty4Plugin)2 ClusterHealthRequest (org.opensearch.action.admin.cluster.health.ClusterHealthRequest)1 IndicesExistsRequestBuilder (org.opensearch.action.admin.indices.exists.indices.IndicesExistsRequestBuilder)1