From 2f6cae4ae5e4a53a51ef7b04018f5512c0fa1131 Mon Sep 17 00:00:00 2001 From: Jake Landis Date: Tue, 9 Apr 2024 17:34:25 -0500 Subject: [PATCH] WTF --- .../xpack/core/security/authz/RoleDescriptorTests.java | 2 +- .../org/elasticsearch/xpack/security/apikey/ApiKeyRestIT.java | 2 +- .../CrossClusterAccessHeadersForCcsRestIT.java | 1 + .../security/role/RoleWithRemoteIndicesPrivilegesRestIT.java | 1 + .../org/elasticsearch/xpack/security/authc/ApiKeyService.java | 1 + .../xpack/security/authz/AuthorizationServiceIntegTests.java | 2 +- .../xpack/security/authz/store/CompositeRolesStoreTests.java | 1 + .../xpack/security/authz/store/FileRolesStoreTests.java | 1 + .../xpack/security/authz/store/NativeRolesStoreTests.java | 2 +- .../elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java | 2 +- 10 files changed, 10 insertions(+), 5 deletions(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java index 06f5ff974808a..f631e1dc806d2 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java @@ -67,7 +67,7 @@ import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.core.Is.is; - +//TODO: add remote cluster tests here too (don't rely on NONE) public class RoleDescriptorTests extends ESTestCase { public void testIndexGroup() throws Exception { diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/ApiKeyRestIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/ApiKeyRestIT.java index 056df6c1df545..8871dd773375e 100644 --- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/ApiKeyRestIT.java +++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/ApiKeyRestIT.java @@ -1853,7 +1853,7 @@ private void createRole(String name, Collection clusterPrivileges, Strin null, new RoleDescriptor.RemoteIndicesPrivileges[] { RoleDescriptor.RemoteIndicesPrivileges.builder(remoteIndicesClusterAliases).indices("*").privileges("read").build() }, - null, + null, //TODO: add test here null ); getSecurityClient().putRole(role); diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/crossclusteraccess/CrossClusterAccessHeadersForCcsRestIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/crossclusteraccess/CrossClusterAccessHeadersForCcsRestIT.java index 63f701dd7925b..8d2c9488587e6 100644 --- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/crossclusteraccess/CrossClusterAccessHeadersForCcsRestIT.java +++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/crossclusteraccess/CrossClusterAccessHeadersForCcsRestIT.java @@ -83,6 +83,7 @@ import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; +//TODO: add more tests here public class CrossClusterAccessHeadersForCcsRestIT extends SecurityOnTrialLicenseRestTestCase { private static final String CLUSTER_A = "my_remote_cluster_a"; diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/role/RoleWithRemoteIndicesPrivilegesRestIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/role/RoleWithRemoteIndicesPrivilegesRestIT.java index 22dfe5f7a366d..551f7281fc4f0 100644 --- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/role/RoleWithRemoteIndicesPrivilegesRestIT.java +++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/role/RoleWithRemoteIndicesPrivilegesRestIT.java @@ -31,6 +31,7 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.notNullValue; +//TODO: add the remote cluster analog here too public class RoleWithRemoteIndicesPrivilegesRestIT extends SecurityOnTrialLicenseRestTestCase { private static final String REMOTE_SEARCH_USER = "remote_search_user"; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java index 59b39794109be..8e593f96159e0 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java @@ -359,6 +359,7 @@ && hasRemoteCluster(request.getRoleDescriptors())) { return; } + //TODO: test this ! final Set filteredUserRoleDescriptors = maybeRemoveRemotePrivileges( userRoleDescriptors, transportVersion, diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceIntegTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceIntegTests.java index 89b5b7c05b11b..d8c21d54dc108 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceIntegTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceIntegTests.java @@ -73,7 +73,7 @@ public void testGetRoleDescriptorsIntersectionForRemoteCluster() throws IOExcept .build(), randomNonEmptySubsetOf(List.of(concreteClusterAlias, "*")).toArray(new String[0]) ) }, - null, // TODO: maybe add tests here + null, // TODO: add tests here null ) ); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java index 5dabef2c8fcf2..3cae2e298965d 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java @@ -175,6 +175,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; +//TODO: more tests here public class CompositeRolesStoreTests extends ESTestCase { private static final Settings SECURITY_ENABLED_SETTINGS = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java index 0f9dd06983792..f23cc8d966ddc 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java @@ -705,6 +705,7 @@ public void testUsageStats() throws Exception { assertThat(usageStats.get("remote_indices"), is(1L)); assertThat(usageStats.get("fls"), is(flsDlsEnabled)); assertThat(usageStats.get("dls"), is(flsDlsEnabled)); + //TODO: add more tests here } public void testExists() throws Exception { diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java index 39653a31157f9..bef4b75067eb2 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java @@ -432,7 +432,7 @@ void innerPutRole(final PutRoleRequest request, final RoleDescriptor role, final null, new RoleDescriptor.RemoteIndicesPrivileges[] { RoleDescriptor.RemoteIndicesPrivileges.builder("remote").privileges("read").indices("index").build() }, - null, + null, //TODO: more tests here null ); PlainActionFuture future = new PlainActionFuture<>(); diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java index a02d4f14f3e72..3ad5ad3217555 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java @@ -426,7 +426,7 @@ private static RoleDescriptor randomRoleDescriptor(boolean includeRemoteIndices) RoleDescriptorTests.randomRoleDescriptorMetadata(false), Map.of(), includeRemoteIndices ? RoleDescriptorTests.randomRemoteIndicesPrivileges(1, 3, excludedPrivileges) : null, - null, // TODO: probably add test here + null, // TODO: add tests here null ); }