diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d94a6a4eb5..dcfaf273f9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -226,7 +226,7 @@ jobs: security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g') security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1) test_qualifier=alpha2 - + echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV diff --git a/src/test/java/org/opensearch/security/SlowIntegrationTests.java b/src/test/java/org/opensearch/security/SlowIntegrationTests.java index 0f93d1f2fc..dac9ef34fc 100644 --- a/src/test/java/org/opensearch/security/SlowIntegrationTests.java +++ b/src/test/java/org/opensearch/security/SlowIntegrationTests.java @@ -62,27 +62,27 @@ public class SlowIntegrationTests extends SingleClusterTest { public void testCustomInterclusterRequestEvaluator() throws Exception { final Settings settings = Settings.builder() - .put( - ConfigConstants.SECURITY_INTERCLUSTER_REQUEST_EVALUATOR_CLASS, - "org.opensearch.security.AlwaysFalseInterClusterRequestEvaluator" - ) - .put("discovery.initial_state_timeout", "8s") - .build(); + .put( + ConfigConstants.SECURITY_INTERCLUSTER_REQUEST_EVALUATOR_CLASS, + "org.opensearch.security.AlwaysFalseInterClusterRequestEvaluator" + ) + .put("discovery.initial_state_timeout", "8s") + .build(); setup(Settings.EMPTY, null, settings, false, ClusterConfiguration.DEFAULT, 5, 1); assertThat( - 1, - is( - clusterHelper.nodeClient() - .admin() - .cluster() - .health(new ClusterHealthRequest().waitForGreenStatus()) - .actionGet() - .getNumberOfNodes() - ) + 1, + is( + clusterHelper.nodeClient() + .admin() + .cluster() + .health(new ClusterHealthRequest().waitForGreenStatus()) + .actionGet() + .getNumberOfNodes() + ) ); assertThat( - ClusterHealthStatus.GREEN, - is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) + ClusterHealthStatus.GREEN, + is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) ); } @@ -91,49 +91,49 @@ public void testCustomInterclusterRequestEvaluator() throws Exception { public void testNodeClientAllowedWithServerCertificate() throws Exception { setup(); assertThat( - clusterInfo.numNodes, - is( - clusterHelper.nodeClient() - .admin() - .cluster() - .health(new ClusterHealthRequest().waitForGreenStatus()) - .actionGet() - .getNumberOfNodes() - ) + clusterInfo.numNodes, + is( + clusterHelper.nodeClient() + .admin() + .cluster() + .health(new ClusterHealthRequest().waitForGreenStatus()) + .actionGet() + .getNumberOfNodes() + ) ); assertThat( - ClusterHealthStatus.GREEN, - is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) + ClusterHealthStatus.GREEN, + is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) ); final Settings tcSettings = AbstractSecurityUnitTest.nodeRolesSettings(Settings.builder(), false, false) - .put(minimumSecuritySettings(Settings.EMPTY).get(0)) - .put("cluster.name", clusterInfo.clustername) - .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") - .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") - .put("path.home", "./target") - .put("node.name", "transportclient") - .put("discovery.initial_state_timeout", "8s") - .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) - .build(); + .put(minimumSecuritySettings(Settings.EMPTY).get(0)) + .put("cluster.name", clusterInfo.clustername) + .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") + .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") + .put("path.home", "./target") + .put("node.name", "transportclient") + .put("discovery.initial_state_timeout", "8s") + .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) + .build(); log.debug("Start node client"); try ( - Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) - .start() + Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) + .start() ) { Assert.assertFalse( - node.client() - .admin() - .cluster() - .health(new ClusterHealthRequest().waitForNodes(String.valueOf(clusterInfo.numNodes + 1))) - .actionGet() - .isTimedOut() + node.client() + .admin() + .cluster() + .health(new ClusterHealthRequest().waitForNodes(String.valueOf(clusterInfo.numNodes + 1))) + .actionGet() + .isTimedOut() ); assertThat( - clusterInfo.numNodes + 1, - is(node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()) + clusterInfo.numNodes + 1, + is(node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()) ); } } @@ -143,39 +143,39 @@ public void testNodeClientAllowedWithServerCertificate() throws Exception { public void testNodeClientDisallowedWithNonServerCertificate() throws Exception { setup(); assertThat( - clusterInfo.numNodes, - is( - clusterHelper.nodeClient() - .admin() - .cluster() - .health(new ClusterHealthRequest().waitForGreenStatus()) - .actionGet() - .getNumberOfNodes() - ) + clusterInfo.numNodes, + is( + clusterHelper.nodeClient() + .admin() + .cluster() + .health(new ClusterHealthRequest().waitForGreenStatus()) + .actionGet() + .getNumberOfNodes() + ) ); assertThat( - ClusterHealthStatus.GREEN, - is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) + ClusterHealthStatus.GREEN, + is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) ); final Settings tcSettings = AbstractSecurityUnitTest.nodeRolesSettings(Settings.builder(), false, false) - .put(minimumSecuritySettings(Settings.EMPTY).get(0)) - .put("cluster.name", clusterInfo.clustername) - .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") - .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") - .put("path.home", "./target") - .put("node.name", "transportclient") - .put("discovery.initial_state_timeout", "8s") - .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("kirk-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "kirk") - .build(); + .put(minimumSecuritySettings(Settings.EMPTY).get(0)) + .put("cluster.name", clusterInfo.clustername) + .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") + .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") + .put("path.home", "./target") + .put("node.name", "transportclient") + .put("discovery.initial_state_timeout", "8s") + .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) + .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("kirk-keystore.jks")) + .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "kirk") + .build(); log.debug("Start node client"); try ( - Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) - .start() + Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) + .start() ) { Thread.sleep(10000); assertThat(node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size(), is(1)); @@ -190,39 +190,39 @@ public void testNodeClientDisallowedWithNonServerCertificate() throws Exception public void testNodeClientDisallowedWithNonServerCertificate2() throws Exception { setup(); assertThat( - clusterInfo.numNodes, - is( - clusterHelper.nodeClient() - .admin() - .cluster() - .health(new ClusterHealthRequest().waitForGreenStatus()) - .actionGet() - .getNumberOfNodes() - ) + clusterInfo.numNodes, + is( + clusterHelper.nodeClient() + .admin() + .cluster() + .health(new ClusterHealthRequest().waitForGreenStatus()) + .actionGet() + .getNumberOfNodes() + ) ); assertThat( - ClusterHealthStatus.GREEN, - is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) + ClusterHealthStatus.GREEN, + is(clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()) ); final Settings tcSettings = AbstractSecurityUnitTest.nodeRolesSettings(Settings.builder(), false, false) - .put(minimumSecuritySettings(Settings.EMPTY).get(0)) - .put("cluster.name", clusterInfo.clustername) - .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") - .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") - .put("path.home", "./target") - .put("node.name", "transportclient") - .put("discovery.initial_state_timeout", "8s") - .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) - .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) - .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "spock") - .build(); + .put(minimumSecuritySettings(Settings.EMPTY).get(0)) + .put("cluster.name", clusterInfo.clustername) + .put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data") + .put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs") + .put("path.home", "./target") + .put("node.name", "transportclient") + .put("discovery.initial_state_timeout", "8s") + .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost + ":" + clusterInfo.nodePort) + .put("plugins.security.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) + .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS, "spock") + .build(); log.debug("Start node client"); try ( - Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) - .start() + Node node = new PluginAwareNode(false, tcSettings, Lists.newArrayList(Netty4Plugin.class, OpenSearchSecurityPlugin.class)) + .start() ) { Thread.sleep(10000); assertThat(node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size(), is(1)); @@ -234,37 +234,37 @@ public void testNodeClientDisallowedWithNonServerCertificate2() throws Exception @Test public void testDelayInSecurityIndexInitialization() throws Exception { final Settings settings = Settings.builder() - .put(ConfigConstants.SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, true) - .put("cluster.routing.allocation.exclude._ip", "127.0.0.1") - .build(); + .put(ConfigConstants.SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, true) + .put("cluster.routing.allocation.exclude._ip", "127.0.0.1") + .build(); assertThrows(IOException.class, () -> { setup(Settings.EMPTY, null, settings, false); clusterHelper.nodeClient() - .admin() - .indices() - .create(new CreateIndexRequest("test-index").timeout(TimeValue.timeValueSeconds(10))) - .actionGet(); + .admin() + .indices() + .create(new CreateIndexRequest("test-index").timeout(TimeValue.timeValueSeconds(10))) + .actionGet(); clusterHelper.waitForCluster(ClusterHealthStatus.GREEN, TimeValue.timeValueSeconds(5), ClusterConfiguration.DEFAULT.getNodes()); }); // Ideally, we would want to remove this cluster setting, but default settings cannot be removed. So overriding with a reserved // IP address clusterHelper.nodeClient() - .admin() - .cluster() - .updateSettings( - new ClusterUpdateSettingsRequest().transientSettings( - Settings.builder().put("cluster.routing.allocation.exclude._ip", "192.0.2.0").build() - ) - ); + .admin() + .cluster() + .updateSettings( + new ClusterUpdateSettingsRequest().transientSettings( + Settings.builder().put("cluster.routing.allocation.exclude._ip", "192.0.2.0").build() + ) + ); this.clusterInfo = clusterHelper.waitForCluster(ClusterHealthStatus.GREEN, TimeValue.timeValueSeconds(10), 3); RestHelper rh = nonSslRestHelper(); Awaitility.await() - .alias("Wait until Security is initialized") - .until( - () -> rh.executeGetRequest("/_plugins/_security/health", encodeBasicHeader("admin", "admin")) - .getTextFromJsonBody("/status"), - equalTo("UP") - ); + .alias("Wait until Security is initialized") + .until( + () -> rh.executeGetRequest("/_plugins/_security/health", encodeBasicHeader("admin", "admin")) + .getTextFromJsonBody("/status"), + equalTo("UP") + ); } -} \ No newline at end of file +} diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/RenameFieldResponseProcessorTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/RenameFieldResponseProcessorTest.java index 28d9ed27ab..5024a3ca7b 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/RenameFieldResponseProcessorTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/RenameFieldResponseProcessorTest.java @@ -11,16 +11,16 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.hc.core5.http.Header; -import org.opensearch.client.Client; -import org.apache.hc.core5.http.HttpStatus; +import org.apache.http.Header; +import org.apache.http.HttpStatus; import org.junit.Test; import org.opensearch.action.index.IndexRequest; -import org.opensearch.security.test.DynamicSecurityConfig; import org.opensearch.action.support.WriteRequest.RefreshPolicy; +import org.opensearch.client.Client; import org.opensearch.common.xcontent.XContentType; +import org.opensearch.security.test.DynamicSecurityConfig; import org.opensearch.security.test.helper.cluster.ClusterConfiguration; import org.opensearch.security.test.helper.rest.RestHelper.HttpResponse;