From f65a6cf906123bf99576a78f4ffbcede2a1e595a Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Mon, 22 Jul 2024 23:10:41 -0400 Subject: [PATCH] Adds base tests for all APIs Signed-off-by: Darshit Chanpura --- tests/security/with-api-prefix/account.yaml | 8 +- .../with-api-prefix/action_groups.yaml | 75 +++++++++++++++++++ tests/security/with-api-prefix/allowlist.yaml | 28 ++++++- tests/security/with-api-prefix/audit.yaml | 48 +++++++++++- tests/security/with-api-prefix/authtoken.yaml | 6 -- tests/security/with-api-prefix/cache.yaml | 23 +++++- .../with-api-prefix/internal_users.yaml | 57 +++++++++++++- tests/security/with-api-prefix/migrate.yaml | 9 ++- tests/security/with-api-prefix/nodesdn.yaml | 61 ++++++++++++++- .../with-api-prefix/permissionsinfo.yaml | 9 ++- tests/security/with-api-prefix/roles.yaml | 68 ++++++++++++++++- .../with-api-prefix/rolesmapping.yaml | 62 ++++++++++++++- .../with-api-prefix/securityconfig.yaml | 40 +++++++++- tests/security/with-api-prefix/ssl.yaml | 6 -- tests/security/with-api-prefix/ssl_certs.yaml | 20 +++++ tests/security/with-api-prefix/tenancy.yaml | 6 -- .../with-api-prefix/tenancy_config.yaml | 23 ++++++ tests/security/with-api-prefix/tenants.yaml | 54 ++++++++++++- tests/security/with-api-prefix/tokens.yaml | 35 +++++++++ tests/security/with-api-prefix/user.yaml | 37 +++++++++ tests/security/with-api-prefix/validate.yaml | 11 ++- tests/security/without-api-prefix/health.yaml | 4 +- 22 files changed, 642 insertions(+), 48 deletions(-) delete mode 100644 tests/security/with-api-prefix/authtoken.yaml delete mode 100644 tests/security/with-api-prefix/ssl.yaml create mode 100644 tests/security/with-api-prefix/ssl_certs.yaml delete mode 100644 tests/security/with-api-prefix/tenancy.yaml create mode 100644 tests/security/with-api-prefix/tenancy_config.yaml create mode 100644 tests/security/with-api-prefix/tokens.yaml create mode 100644 tests/security/with-api-prefix/user.yaml diff --git a/tests/security/with-api-prefix/account.yaml b/tests/security/with-api-prefix/account.yaml index bbe4b063b..e8cd74628 100644 --- a/tests/security/with-api-prefix/account.yaml +++ b/tests/security/with-api-prefix/account.yaml @@ -4,7 +4,7 @@ description: Test account endpoint. version: '>= 2.12' # Should be removed once TODO referenced above is addressed prologues: - - path: _plugins/_security/api/internalusers/{username} + - path: /_plugins/_security/api/internalusers/{username} method: PUT parameters: username: test @@ -14,8 +14,7 @@ prologues: opendistro_security_roles: [] backend_roles: [] attributes: {} - response: - status: 200 + status: 200 chapters: - synopsis: Get account details. path: /_plugins/_security/api/account @@ -42,8 +41,7 @@ epilogues: payload: current_password: myWeakPassword123! password: myStrongPassword123! - response: - status: 200 + status: 200 - path: /_plugins/_security/api/internalusers/{username} method: DELETE parameters: diff --git a/tests/security/with-api-prefix/action_groups.yaml b/tests/security/with-api-prefix/action_groups.yaml index 60d28642b..0d9a4d624 100644 --- a/tests/security/with-api-prefix/action_groups.yaml +++ b/tests/security/with-api-prefix/action_groups.yaml @@ -1,6 +1,81 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test action_groups endpoints. + prologues: + - path: /_plugins/_security/api/actiongroups/{action_group} + method: PUT + parameters: + action_group: test + request_body: + payload: + reserved: + hidden: + allowed_actions: [] + type: + description: + static: + status: 200 chapters: + - synopsis: Get action groups bulk. + path: /_plugins/_security/api/actiongroups + method: GET + response: + status: 200 + - synopsis: Patch action groups bulk. + path: /_plugins/_security/api/actiongroups + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Get action group. + path: /_plugins/_security/api/actiongroups/{action_group} + method: GET + parameters: + action_group: test + response: + status: 200 + - synopsis: Create action group. + path: /_plugins/_security/api/actiongroups/{action_group} + method: PUT + parameters: + action_group: test2 + request_body: + payload: + reserved: + hidden: + allowed_actions: [] + type: + description: + static: + response: + status: 200 + - synopsis: Patch action group. + path: /_plugins/_security/api/actiongroups/{action_group} + method: PATCH + parameters: + action_group: test2 + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete action group. + path: /_plugins/_security/api/actiongroups/{action_group} + method: DELETE + parameters: + action_group: test2 + response: + status: 200 epilogues: + - path: /_plugins/_security/api/actiongroups/{action_group} + method: DELETE + parameters: + action_group: test + status: [200, 404] diff --git a/tests/security/with-api-prefix/allowlist.yaml b/tests/security/with-api-prefix/allowlist.yaml index 5799f23c8..53f54ab72 100644 --- a/tests/security/with-api-prefix/allowlist.yaml +++ b/tests/security/with-api-prefix/allowlist.yaml @@ -1,6 +1,30 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test allowlist endpoints. -prologues: + chapters: -epilogues: + - synopsis: Create an allowlist. + path: /_plugins/_security/api/allowlist + method: PUT + request_body: + payload: + config: + enabled: true, + requests: {} + response: + status: 200 + - synopsis: Get an allowlist. + path: /_plugins/_security/api/allowlist + method: GET + response: + status: 200 + - synopsis: Patch an allowlist. + path: /_plugins/_security/api/allowlist + method: PATCH + request_body: + payload: + op: + path: + value: + status: 200 + diff --git a/tests/security/with-api-prefix/audit.yaml b/tests/security/with-api-prefix/audit.yaml index 5d72508a1..82d9db89a 100644 --- a/tests/security/with-api-prefix/audit.yaml +++ b/tests/security/with-api-prefix/audit.yaml @@ -1,6 +1,50 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test audit endpoints. -prologues: + chapters: -epilogues: + - synopsis: Create an audit config. + path: /_plugins/_security/api/audit/config + method: PUT + request_body: + payload: + compliance: + enabled: + write_log_diffs: + read_watched_fields: {} + read_ignore_users: [] + write_watched_indices: [] + write_ignore_users: [] + read_metadata_only: + write_metadata_only: + external_config: + internal_config: + enabled: true + audit: + ignore_users: + ignore_requests: [] + disabled_rest_categories: [] + disabled_transport_categories: [] + log_request_body: + resolve_indices: + resolve_bulk_requests: + exclude_sensitive_headers: + enable_transport: + enable_rest: + response: + status: 200 + - synopsis: Get an audit config. + path: /_plugins/_security/api/audit + method: GET + response: + status: 200 + - synopsis: Patch an audit config. + path: /_plugins/_security/api/audit + method: PATCH + request_body: + payload: + op: + path: + value: + status: 200 + diff --git a/tests/security/with-api-prefix/authtoken.yaml b/tests/security/with-api-prefix/authtoken.yaml deleted file mode 100644 index 4ffb4f05e..000000000 --- a/tests/security/with-api-prefix/authtoken.yaml +++ /dev/null @@ -1,6 +0,0 @@ -$schema: ../../../json_schemas/test_story.schema.yaml - -description: Test authtoken endpoints. -prologues: -chapters: -epilogues: diff --git a/tests/security/with-api-prefix/cache.yaml b/tests/security/with-api-prefix/cache.yaml index d536220f7..b875fb75b 100644 --- a/tests/security/with-api-prefix/cache.yaml +++ b/tests/security/with-api-prefix/cache.yaml @@ -1,6 +1,25 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test cache endpoint. -prologues: + chapters: -epilogues: + - synopsis: Get cache. + path: /_plugins/_security/api/cache + method: GET + response: + status: 501 + - synopsis: Create cache. + path: /_plugins/_security/api/cache + method: POST + response: + status: 501 + - synopsis: Update cache. + path: /_plugins/_security/api/cache + method: PUT + response: + status: 501 + - synopsis: Flush cache. + path: /_plugins/_security/api/cache + method: DELETE + response: + status: 200 diff --git a/tests/security/with-api-prefix/internal_users.yaml b/tests/security/with-api-prefix/internal_users.yaml index b362e522a..9e0f69368 100644 --- a/tests/security/with-api-prefix/internal_users.yaml +++ b/tests/security/with-api-prefix/internal_users.yaml @@ -1,6 +1,59 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test internal users endpoints. -prologues: + chapters: -epilogues: + - synopsis: Get internal users bulk. + path: /_plugins/_security/api/internalusers + method: GET + response: + status: 200 + - synopsis: Patch internal users bulk. + path: /_plugins/_security/api/internalusers + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Create internal user. + path: /_plugins/_security/api/internalusers/{username} + method: PUT + parameters: + username: test2 + request_body: + payload: + password: myWeakPassword123! + opendistro_security_roles: [] + backend_roles: [] + attributes: {} + response: + status: 200 + - synopsis: Get internal user. + path: /_plugins/_security/api/internalusers/{username} + method: GET + parameters: + username: test + response: + status: 200 + - synopsis: Patch internal user. + path: /_plugins/_security/api/internalusers/{username} + method: PATCH + parameters: + username: test + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete internal user. + path: /_plugins/_security/api/internalusers/{username} + method: DELETE + parameters: + username: test + response: + status: 200 diff --git a/tests/security/with-api-prefix/migrate.yaml b/tests/security/with-api-prefix/migrate.yaml index 4d4d616dd..cc4a7486d 100644 --- a/tests/security/with-api-prefix/migrate.yaml +++ b/tests/security/with-api-prefix/migrate.yaml @@ -1,6 +1,11 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test migrate endpoint. -prologues: + chapters: -epilogues: + - synopsis: Migrate v6 to v7 config. + path: /_plugins/_security/api/migrate + method: POST + response: + status: 200 + diff --git a/tests/security/with-api-prefix/nodesdn.yaml b/tests/security/with-api-prefix/nodesdn.yaml index 14cdf254a..494975ce3 100644 --- a/tests/security/with-api-prefix/nodesdn.yaml +++ b/tests/security/with-api-prefix/nodesdn.yaml @@ -1,6 +1,63 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test nodesdn endpoints. -prologues: + chapters: -epilogues: + - synopsis: Get distinguished names. + path: /_plugins/_security/api/nodesdn + method: GET + parameters: + show_all: true + response: + status: 200 + - synopsis: Patch distinguished names. + path: /_plugins/_security/api/nodesdn + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Create distinguished name. + path: /_plugins/_security/api/nodesdn/{cluster_name} + method: PUT + parameters: + cluster_name: test + request_body: + payload: + reserved: + hidden: + allowed_actions: [] + type: + description: + static: + response: + status: 200 + - synopsis: Get distinguished name. + path: /_plugins/_security/api/nodesdn/{cluster_name} + method: GET + parameters: + cluster_name: test + response: + status: 200 + - synopsis: Patch distinguished name. + path: /_plugins/_security/api/nodesdn/{cluster_name} + method: PATCH + parameters: + cluster_name: test + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete distinguished name. + path: /_plugins/_security/api/nodesdn/{cluster_name} + method: DELETE + parameters: + cluster_name: test + response: + status: 200 diff --git a/tests/security/with-api-prefix/permissionsinfo.yaml b/tests/security/with-api-prefix/permissionsinfo.yaml index 8a5a0d07e..6ef3b5de3 100644 --- a/tests/security/with-api-prefix/permissionsinfo.yaml +++ b/tests/security/with-api-prefix/permissionsinfo.yaml @@ -1,6 +1,11 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test permissionsinfo endpoint. -prologues: + chapters: -epilogues: + - synopsis: Get evaluated permissions for currently logged in user. + path: /_plugins/_security/api/nodesdn + method: GET + response: + status: 200 + \ No newline at end of file diff --git a/tests/security/with-api-prefix/roles.yaml b/tests/security/with-api-prefix/roles.yaml index 2d62353de..0bc53e70f 100644 --- a/tests/security/with-api-prefix/roles.yaml +++ b/tests/security/with-api-prefix/roles.yaml @@ -1,6 +1,70 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test roles endpoints. -prologues: + chapters: -epilogues: + - synopsis: Get roles bulk. + path: /_plugins/_security/api/roles + method: GET + response: + status: 200 + - synopsis: Patch roles bulk. + path: /_plugins/_security/api/roles + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Create role. + path: /_plugins/_security/api/roles/{role} + method: PUT + parameters: + role: test + request_body: + payload: + reserved: + hidden: + description: + cluster_permissions: + index_permissions: + index_patterns: [] + dls: + fls: [] + masked_fields: [] + allowed_actions: [] + tenant_permissions: + tenant_patterns: [] + allowed_actions: [] + static: + response: + status: 200 + - synopsis: Get role. + path: /_plugins/_security/api/roles/{role} + method: GET + parameters: + role: test + response: + status: 200 + - synopsis: Patch role. + path: /_plugins/_security/api/roles/{role} + method: PATCH + parameters: + role: test + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete role. + path: /_plugins/_security/api/roles/{role} + method: DELETE + parameters: + role: test + response: + status: 200 + diff --git a/tests/security/with-api-prefix/rolesmapping.yaml b/tests/security/with-api-prefix/rolesmapping.yaml index 8a7e1de17..b65bc228d 100644 --- a/tests/security/with-api-prefix/rolesmapping.yaml +++ b/tests/security/with-api-prefix/rolesmapping.yaml @@ -1,6 +1,64 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test rolesmapping endpoint. -prologues: + chapters: -epilogues: + - synopsis: Get rolesmapping bulk. + path: /_plugins/_security/api/rolesmapping + method: GET + response: + status: 200 + - synopsis: Patch rolesmapping bulk. + path: /_plugins/_security/api/rolesmapping + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Create rolesmapping. + path: /_plugins/_security/api/rolesmapping/{role} + method: PUT + parameters: + role: test + request_body: + payload: + hosts: [] + users: [] + reserved: + hidden: + backend_roles: [] + and_backend_roles: [] + description: + response: + status: 200 + - synopsis: Get rolesmapping. + path: /_plugins/_security/api/rolesmapping/{role} + method: GET + parameters: + role: test + response: + status: 200 + - synopsis: Patch rolesmapping. + path: /_plugins/_security/api/rolesmapping/{role} + method: PATCH + parameters: + role: test + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete rolesmapping. + path: /_plugins/_security/api/rolesmapping/{role} + method: DELETE + parameters: + role: test + response: + status: 200 + + diff --git a/tests/security/with-api-prefix/securityconfig.yaml b/tests/security/with-api-prefix/securityconfig.yaml index b676f70b7..6c5ca19a8 100644 --- a/tests/security/with-api-prefix/securityconfig.yaml +++ b/tests/security/with-api-prefix/securityconfig.yaml @@ -1,6 +1,42 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test securityconfig endpoints. -prologues: + chapters: -epilogues: + - synopsis: Update a security config. + path: /_plugins/_security/api/securityconfig/config + method: PUT + request_body: + payload: + dynamic: + filteredAliasMode: + disableRestAuth: + disableIntertransportAuth: + respectRequestIndicesOptions: + kibana: {} + http: {} + authc: {} + authz: {} + authFailureListeners: {} + doNotFailOnForbidden: + multiRolespanEnabled: + hostsResolverMode: + doNotFailOnForbiddenEmpty: + response: + status: 200 + - synopsis: Get a security config. + path: /_plugins/_security/api/securityconfig + method: GET + response: + status: 200 + - synopsis: Patch a security config. + path: /_plugins/_security/api/securityconfig + method: PATCH + request_body: + payload: + op: + path: + value: + status: 200 + + diff --git a/tests/security/with-api-prefix/ssl.yaml b/tests/security/with-api-prefix/ssl.yaml deleted file mode 100644 index fa63c4100..000000000 --- a/tests/security/with-api-prefix/ssl.yaml +++ /dev/null @@ -1,6 +0,0 @@ -$schema: ../../../json_schemas/test_story.schema.yaml - -description: Test ssl endpoints. -prologues: -chapters: -epilogues: diff --git a/tests/security/with-api-prefix/ssl_certs.yaml b/tests/security/with-api-prefix/ssl_certs.yaml new file mode 100644 index 000000000..c61607408 --- /dev/null +++ b/tests/security/with-api-prefix/ssl_certs.yaml @@ -0,0 +1,20 @@ +$schema: ../../../json_schemas/test_story.schema.yaml + +description: Test ssl endpoints. + +chapters: + - synopsis: Get ssl certificates. + path: /_plugins/_security/api/ssl/certs + method: GET + response: + status: 200 + - synopsis: Reload http certs. + path: /_plugins/_security/api/ssl/http/reloadcerts + method: PUT + response: + status: 200 + - synopsis: Reload transport certs. + path: /_plugins/_security/api/ssl/transport/reloadcerts + method: PUT + response: + status: 200 diff --git a/tests/security/with-api-prefix/tenancy.yaml b/tests/security/with-api-prefix/tenancy.yaml deleted file mode 100644 index 7997800db..000000000 --- a/tests/security/with-api-prefix/tenancy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -$schema: ../../../json_schemas/test_story.schema.yaml - -description: Test tenancy endpoint. -prologues: -chapters: -epilogues: diff --git a/tests/security/with-api-prefix/tenancy_config.yaml b/tests/security/with-api-prefix/tenancy_config.yaml new file mode 100644 index 000000000..8a4f4de89 --- /dev/null +++ b/tests/security/with-api-prefix/tenancy_config.yaml @@ -0,0 +1,23 @@ +$schema: ../../../json_schemas/test_story.schema.yaml + +description: Test tenancy config endpoint. +version: '>= 2.7' + +chapters: + - synopsis: Get tenancy config. + path: /_plugins/_security/api/tenancy/config + method: GET + response: + status: 200 + - synopsis: Create or Update tenancy config. + path: /_plugins/_security/api/tenancy/config + method: PUT + request_body: + payload: + default_tenant: + private_tenant_enabled: + multitenancy_enabled: + sign_in_options: [] + response: + status: 200 + diff --git a/tests/security/with-api-prefix/tenants.yaml b/tests/security/with-api-prefix/tenants.yaml index 6ac9d3f13..7057238fa 100644 --- a/tests/security/with-api-prefix/tenants.yaml +++ b/tests/security/with-api-prefix/tenants.yaml @@ -1,6 +1,56 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test tenants endpoints. -prologues: + chapters: -epilogues: + - synopsis: Get tenants bulk. + path: /_plugins/_security/api/tenants + method: GET + response: + status: 200 + - synopsis: Patch tenants bulk. + path: /_plugins/_security/api/tenants + method: PATCH + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Create tenant. + path: /_plugins/_security/api/tenants/{tenant} + method: PUT + parameters: + tenant: test + request_body: + payload: + description: + response: + status: 200 + - synopsis: Get tenant. + path: /_plugins/_security/api/tenants/{tenant} + method: GET + parameters: + tenant: test + response: + status: 200 + - synopsis: Patch tenant. + path: /_plugins/_security/api/tenants/{tenant} + method: PATCH + parameters: + tenant: test + request_body: + payload: + op: + path: + value: + response: + status: 200 + - synopsis: Delete tenant. + path: /_plugins/_security/api/tenants/{tenant} + method: DELETE + parameters: + tenant: test + response: + status: 200 diff --git a/tests/security/with-api-prefix/tokens.yaml b/tests/security/with-api-prefix/tokens.yaml new file mode 100644 index 000000000..4596fc724 --- /dev/null +++ b/tests/security/with-api-prefix/tokens.yaml @@ -0,0 +1,35 @@ +$schema: ../../../json_schemas/test_story.schema.yaml + +description: Test authtoken endpoints. + +chapters: + - synopsis: Create an auth token. + path: /_plugins/_security/api/authtoken + method: POST + response: + status: 200 + - synopsis: Create an On-Behalf-Of token. + version: '>= 2.12' + path: /_plugins/_security/api/generateonbehalfoftoken + method: POST + request_body: + payload: + description: Auth token for admin + service: "" + duration: 60 + response: + status: 200 + - synopsis: Create internal user token. + path: /_plugins/_security/api/internalusers/{username}/authtoken + method: POST + parameters: + username: admin + response: + status: 200 + - synopsis: Create user token. + path: /_plugins/_security/api/user/{username}/authtoken + method: POST + parameters: + username: admin + response: + status: 200 diff --git a/tests/security/with-api-prefix/user.yaml b/tests/security/with-api-prefix/user.yaml new file mode 100644 index 000000000..d3d875622 --- /dev/null +++ b/tests/security/with-api-prefix/user.yaml @@ -0,0 +1,37 @@ +$schema: ../../../json_schemas/test_story.schema.yaml + +description: Test user endpoints. + +chapters: + - synopsis: Get user bulk. + path: /_plugins/_security/api/user + method: GET + response: + status: 200 + - synopsis: Create user. + path: /_plugins/_security/api/user/{username} + method: PUT + parameters: + username: test2 + request_body: + payload: + password: myWeakPassword123! + opendistro_security_roles: [] + backend_roles: [] + attributes: {} + response: + status: 200 + - synopsis: Get user. + path: /_plugins/_security/api/user/{username} + method: GET + parameters: + username: test + response: + status: 200 + - synopsis: Delete user. + path: /_plugins/_security/api/user/{username} + method: DELETE + parameters: + username: test + response: + status: 200 diff --git a/tests/security/with-api-prefix/validate.yaml b/tests/security/with-api-prefix/validate.yaml index 2dd4f3765..37d4660ee 100644 --- a/tests/security/with-api-prefix/validate.yaml +++ b/tests/security/with-api-prefix/validate.yaml @@ -1,6 +1,13 @@ $schema: ../../../json_schemas/test_story.schema.yaml description: Test validate endpoint. -prologues: + chapters: -epilogues: + - synopsis: Check whether v6 configuration is valid. + path: /_plugins/_security/api/validate + method: GET + parameters: + accept_invalid: false + response: + status: 200 + diff --git a/tests/security/without-api-prefix/health.yaml b/tests/security/without-api-prefix/health.yaml index ba3e387dd..636eafb03 100644 --- a/tests/security/without-api-prefix/health.yaml +++ b/tests/security/without-api-prefix/health.yaml @@ -9,10 +9,12 @@ chapters: mode: strict response: status: 200 + message: - synopsis: Get security health info via POST. path: /_plugins/_security/health method: POST parameters: mode: strict response: - status: 200 \ No newline at end of file + status: 200 + message: \ No newline at end of file