From a25b14f7608fe221050b75af109f801d381ef01a Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Tue, 23 Jul 2024 00:21:19 -0400 Subject: [PATCH] Fixes linter errors and complete payloads and request bodies Signed-off-by: Darshit Chanpura --- spec/namespaces/security.yaml | 4 +- spec/schemas/security._common.yaml | 1 - .../with-api-prefix/action_groups.yaml | 40 +++++++------- tests/security/with-api-prefix/allowlist.yaml | 13 ++--- tests/security/with-api-prefix/audit.yaml | 52 +++++++++++-------- .../with-api-prefix/internal_users.yaml | 17 +++--- tests/security/with-api-prefix/nodesdn.yaml | 22 ++++---- tests/security/with-api-prefix/roles.yaml | 47 +++++++++-------- .../with-api-prefix/rolesmapping.yaml | 30 +++++------ .../with-api-prefix/securityconfig.yaml | 52 ++++++++++++------- .../with-api-prefix/tenancy_config.yaml | 6 +-- tests/security/with-api-prefix/tenants.yaml | 22 ++++---- tests/security/with-api-prefix/tokens.yaml | 2 +- tests/security/without-api-prefix/health.yaml | 4 +- 14 files changed, 171 insertions(+), 141 deletions(-) diff --git a/spec/namespaces/security.yaml b/spec/namespaces/security.yaml index 0b706146f..c099ddb7b 100644 --- a/spec/namespaces/security.yaml +++ b/spec/namespaces/security.yaml @@ -1062,9 +1062,7 @@ components: content: application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' required: true security.create_user: content: diff --git a/spec/schemas/security._common.yaml b/spec/schemas/security._common.yaml index 2fcce2ec2..d9286c1d9 100644 --- a/spec/schemas/security._common.yaml +++ b/spec/schemas/security._common.yaml @@ -419,7 +419,6 @@ components: type: array items: type: string - description: Value in seconds. OBOToken: type: object diff --git a/tests/security/with-api-prefix/action_groups.yaml b/tests/security/with-api-prefix/action_groups.yaml index 0d9a4d624..c4915d59c 100644 --- a/tests/security/with-api-prefix/action_groups.yaml +++ b/tests/security/with-api-prefix/action_groups.yaml @@ -9,12 +9,12 @@ prologues: action_group: test request_body: payload: - reserved: - hidden: + reserved: false + hidden: false allowed_actions: [] - type: - description: - static: + type: index + description: Test action group + static: false status: 200 chapters: - synopsis: Get action groups bulk. @@ -26,10 +26,13 @@ chapters: path: /_plugins/_security/api/actiongroups method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: add + path: /test + value: + allowed_actions: ['indices:admin/create', 'indices:admin/mapping/put'] + + response: status: 200 - synopsis: Get action group. @@ -46,12 +49,12 @@ chapters: action_group: test2 request_body: payload: - reserved: - hidden: + reserved: false + hidden: false allowed_actions: [] - type: - description: - static: + type: index + description: Test action group + static: false response: status: 200 - synopsis: Patch action group. @@ -60,10 +63,11 @@ chapters: parameters: action_group: test2 request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /allowed_actions + value: + allowed_actions: ['indices:admin/create', 'indices:admin/mapping/put'] response: status: 200 - synopsis: Delete action group. diff --git a/tests/security/with-api-prefix/allowlist.yaml b/tests/security/with-api-prefix/allowlist.yaml index 53f54ab72..50e8d148f 100644 --- a/tests/security/with-api-prefix/allowlist.yaml +++ b/tests/security/with-api-prefix/allowlist.yaml @@ -10,7 +10,8 @@ chapters: payload: config: enabled: true, - requests: {} + requests: + /_cat/nodes: [GET] response: status: 200 - synopsis: Get an allowlist. @@ -22,9 +23,9 @@ chapters: path: /_plugins/_security/api/allowlist method: PATCH request_body: - payload: - op: - path: - value: - status: 200 + op: remove + path: /config/requests + + response: + status: 200 diff --git a/tests/security/with-api-prefix/audit.yaml b/tests/security/with-api-prefix/audit.yaml index 82d9db89a..116dc22e2 100644 --- a/tests/security/with-api-prefix/audit.yaml +++ b/tests/security/with-api-prefix/audit.yaml @@ -8,29 +8,37 @@ chapters: method: PUT request_body: payload: - compliance: - enabled: - write_log_diffs: + enabled: true + audit: + ignore_users: [] + ignore_requests: [] + disabled_rest_categories: + - AUTHENTICATED + - GRANTED_PRIVILEGES + + disabled_transport_categories: + - AUTHENTICATED + - GRANTED_PRIVILEGES + + log_request_body: false + resolve_indices: false + resolve_bulk_requests: false + exclude_sensitive_headers: true + enable_transport: false + enable_rest: true + + compliance: + enabled: true + write_log_diffs: false read_watched_fields: {} read_ignore_users: [] write_watched_indices: [] write_ignore_users: [] - read_metadata_only: - write_metadata_only: - external_config: - internal_config: - enabled: true - audit: - ignore_users: - ignore_requests: [] - disabled_rest_categories: [] - disabled_transport_categories: [] - log_request_body: - resolve_indices: - resolve_bulk_requests: - exclude_sensitive_headers: - enable_transport: - enable_rest: + read_metadata_only: true + write_metadata_only: true + external_config: false + internal_config: true + response: status: 200 - synopsis: Get an audit config. @@ -43,8 +51,8 @@ chapters: method: PATCH request_body: payload: - op: - path: - value: + op: add + path: /config/enabled + value: 'true' status: 200 diff --git a/tests/security/with-api-prefix/internal_users.yaml b/tests/security/with-api-prefix/internal_users.yaml index 9e0f69368..def22b59e 100644 --- a/tests/security/with-api-prefix/internal_users.yaml +++ b/tests/security/with-api-prefix/internal_users.yaml @@ -12,17 +12,18 @@ chapters: path: /_plugins/_security/api/internalusers method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: add + path: /test + value: + backend_roles: [admin] response: status: 200 - synopsis: Create internal user. path: /_plugins/_security/api/internalusers/{username} method: PUT parameters: - username: test2 + username: test request_body: payload: password: myWeakPassword123! @@ -45,9 +46,9 @@ chapters: username: test request_body: payload: - op: - path: - value: + op: replace + path: /opendistro_security_roles + value: [ship_manager] response: status: 200 - synopsis: Delete internal user. diff --git a/tests/security/with-api-prefix/nodesdn.yaml b/tests/security/with-api-prefix/nodesdn.yaml index 494975ce3..1d8f668e1 100644 --- a/tests/security/with-api-prefix/nodesdn.yaml +++ b/tests/security/with-api-prefix/nodesdn.yaml @@ -14,10 +14,10 @@ chapters: path: /_plugins/_security/api/nodesdn method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /cluster1/nodes_dn/0 + value: [''] response: status: 200 - synopsis: Create distinguished name. @@ -27,12 +27,8 @@ chapters: cluster_name: test request_body: payload: - reserved: - hidden: - allowed_actions: [] - type: - description: - static: + nodes_dn: + - CN=cluster3.example.com response: status: 200 - synopsis: Get distinguished name. @@ -49,9 +45,9 @@ chapters: cluster_name: test request_body: payload: - op: - path: - value: + op: replace + path: /test/nodes_dn/0 + value: [CN=cluster2.example.com] response: status: 200 - synopsis: Delete distinguished name. diff --git a/tests/security/with-api-prefix/roles.yaml b/tests/security/with-api-prefix/roles.yaml index 0bc53e70f..c1d12628c 100644 --- a/tests/security/with-api-prefix/roles.yaml +++ b/tests/security/with-api-prefix/roles.yaml @@ -12,10 +12,12 @@ chapters: path: /_plugins/_security/api/roles method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /test/index_permissions/0/fls + value: ['random*', ~random1] + - op: remove + path: /test/index_permissions/0/dls response: status: 200 - synopsis: Create role. @@ -25,20 +27,22 @@ chapters: role: test request_body: payload: - reserved: - hidden: - description: - cluster_permissions: - index_permissions: - index_patterns: [] - dls: - fls: [] - masked_fields: [] - allowed_actions: [] - tenant_permissions: - tenant_patterns: [] - allowed_actions: [] - static: + cluster_permissions: + - cluster_composite_ops + - indices_monitor + index_permissions: + - index_patterns: + - 'movies*' + dls: '' + fls: [] + masked_fields: [] + allowed_actions: + - read + tenant_permissions: + - tenant_patterns: + - human_resources + allowed_actions: + - kibana_all_read response: status: 200 - synopsis: Get role. @@ -55,9 +59,10 @@ chapters: role: test request_body: payload: - op: - path: - value: + op: replace + path: /index_permissions/0/fls + value: [random1, random2] + response: status: 200 - synopsis: Delete role. diff --git a/tests/security/with-api-prefix/rolesmapping.yaml b/tests/security/with-api-prefix/rolesmapping.yaml index b65bc228d..8aceeb770 100644 --- a/tests/security/with-api-prefix/rolesmapping.yaml +++ b/tests/security/with-api-prefix/rolesmapping.yaml @@ -12,10 +12,12 @@ chapters: path: /_plugins/_security/api/rolesmapping method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: add + path: /all_access + value: + users: [test] + backend_roles: [admin] response: status: 200 - synopsis: Create rolesmapping. @@ -25,13 +27,11 @@ chapters: role: test request_body: payload: - hosts: [] - users: [] - reserved: - hidden: - backend_roles: [] - and_backend_roles: [] - description: + backend_roles: [captains] + hosts: + - '*.example.com' + + users: [test] response: status: 200 - synopsis: Get rolesmapping. @@ -47,10 +47,10 @@ chapters: parameters: role: test request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /backend_roles + value: [admin] response: status: 200 - synopsis: Delete rolesmapping. diff --git a/tests/security/with-api-prefix/securityconfig.yaml b/tests/security/with-api-prefix/securityconfig.yaml index 6c5ca19a8..e0a817315 100644 --- a/tests/security/with-api-prefix/securityconfig.yaml +++ b/tests/security/with-api-prefix/securityconfig.yaml @@ -8,20 +8,35 @@ chapters: method: PUT request_body: payload: - dynamic: - filteredAliasMode: - disableRestAuth: - disableIntertransportAuth: - respectRequestIndicesOptions: - kibana: {} - http: {} - authc: {} - authz: {} - authFailureListeners: {} - doNotFailOnForbidden: - multiRolespanEnabled: - hostsResolverMode: - doNotFailOnForbiddenEmpty: + dynamic: + filtered_alias_mode: warn + disable_rest_auth: false + disable_intertransport_auth: false + respect_request_indices_options: false + opensearch-dashboards: + multitenancy_enabled: true + server_username: kibanaserver + index: .opensearch-dashboards + http: + anonymous_auth_enabled: false + authc: + basic_internal_auth_domain: + http_enabled: true + transport_enabled: true + order: 0 + http_authenticator: + challenge: true + type: basic + config: {} + authentication_backend: + type: intern + config: {} + description: Authenticate via HTTP Basic against internal users database + auth_failure_listeners: {} + do_not_fail_on_forbidden: false + multi_rolespan_enabled: true + hosts_resolver_mode: ip-only + do_not_fail_on_forbidden_empty: false response: status: 200 - synopsis: Get a security config. @@ -34,9 +49,10 @@ chapters: method: PATCH request_body: payload: - op: - path: - value: - status: 200 + op: replace + path: /config/dynamic/authc/basic_internal_auth_domain/transport_enabled + value: 'true' + response: + status: 200 diff --git a/tests/security/with-api-prefix/tenancy_config.yaml b/tests/security/with-api-prefix/tenancy_config.yaml index 8a4f4de89..eef62871e 100644 --- a/tests/security/with-api-prefix/tenancy_config.yaml +++ b/tests/security/with-api-prefix/tenancy_config.yaml @@ -14,9 +14,9 @@ chapters: method: PUT request_body: payload: - default_tenant: - private_tenant_enabled: - multitenancy_enabled: + default_tenant: custom tenant 1 + private_tenant_enabled: false + multitenancy_enabled: true sign_in_options: [] response: status: 200 diff --git a/tests/security/with-api-prefix/tenants.yaml b/tests/security/with-api-prefix/tenants.yaml index 7057238fa..c223614cd 100644 --- a/tests/security/with-api-prefix/tenants.yaml +++ b/tests/security/with-api-prefix/tenants.yaml @@ -12,10 +12,12 @@ chapters: path: /_plugins/_security/api/tenants method: PATCH request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /test/description + value: A very good description + + response: status: 200 - synopsis: Create tenant. @@ -25,7 +27,7 @@ chapters: tenant: test request_body: payload: - description: + description: A test tenant. response: status: 200 - synopsis: Get tenant. @@ -41,10 +43,12 @@ chapters: parameters: tenant: test request_body: - payload: - op: - path: - value: + payload: + - op: replace + path: /description + value: An updated description + + response: status: 200 - synopsis: Delete tenant. diff --git a/tests/security/with-api-prefix/tokens.yaml b/tests/security/with-api-prefix/tokens.yaml index 4596fc724..6b2423ea0 100644 --- a/tests/security/with-api-prefix/tokens.yaml +++ b/tests/security/with-api-prefix/tokens.yaml @@ -15,7 +15,7 @@ chapters: request_body: payload: description: Auth token for admin - service: "" + service: '' duration: 60 response: status: 200 diff --git a/tests/security/without-api-prefix/health.yaml b/tests/security/without-api-prefix/health.yaml index 636eafb03..ba3e387dd 100644 --- a/tests/security/without-api-prefix/health.yaml +++ b/tests/security/without-api-prefix/health.yaml @@ -9,12 +9,10 @@ chapters: mode: strict response: status: 200 - message: - synopsis: Get security health info via POST. path: /_plugins/_security/health method: POST parameters: mode: strict response: - status: 200 - message: \ No newline at end of file + status: 200 \ No newline at end of file