better random and bwc

jakelandis · Apr 15, 2024 · 8125008 · 8125008
1 parent 772a8e9
commit 8125008
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/...n/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java b/...n/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java
@@ -1155,12 +1155,9 @@ public static RoleDescriptor randomRoleDescriptor(boolean allowReservedMetadata,
 
         RemoteClusterPermissions remoteClusters = RemoteClusterPermissions.NONE;
         if (allowRemoteClusters && randomBoolean()) {
-            remoteClusters = new RemoteClusterPermissions().addGroup(
-                new RemoteClusterPermissionGroup(new String[] { "monitor_enrich" }, new String[] { "*" })
-            );
+            randomRemoteClusterPermissions(randomIntBetween(1, 5));
         }
 
-
         return new RoleDescriptor(
             randomAlphaOfLengthBetween(3, 90),
             randomSubsetOf(ClusterPrivilegeResolver.names()).toArray(String[]::new),
@@ -1239,6 +1236,20 @@ public static ApplicationResourcePrivileges[] randomApplicationPrivileges() {
         return applicationPrivileges;
     }
 
+    public static RemoteClusterPermissions randomRemoteClusterPermissions(int maxGroups){
+        final RemoteClusterPermissions remoteClusterPermissions = new RemoteClusterPermissions();
+        final String[] supportedPermissions = RemoteClusterPermissions.getSupportRemoteClusterPermissions().toArray(new String[0]);
+         for (int i = 0; i <  maxGroups; i++) {
+            remoteClusterPermissions.addGroup(
+                new RemoteClusterPermissionGroup(
+                    randomNonEmptySubsetOf(Arrays.asList(supportedPermissions)).toArray(new String[0]),
+                    generateRandomStringArray(5, randomIntBetween(3, 9), false, false)
+                )
+            );
+        }
+        return remoteClusterPermissions;
+    }
+
     public static RoleDescriptor.RemoteIndicesPrivileges[] randomRemoteIndicesPrivileges(int min, int max) {
         return randomRemoteIndicesPrivileges(min, max, Set.of());
     }

diff --git a/...ling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java b/...ling-upgrade/src/test/java/org/elasticsearch/upgrades/ApiKeyBackwardsCompatibilityIT.java
@@ -27,6 +27,7 @@
 import org.elasticsearch.xpack.core.security.authc.Authentication;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptorTests;
+import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissions;
 import org.elasticsearch.xpack.core.security.user.User;
 import org.elasticsearch.xpack.test.SecuritySettingsSourceField;
 
@@ -334,9 +335,9 @@ private String getApiKeyAuthorizationHeaderValue(String id, String key) {
         return "ApiKey " + Base64.getEncoder().encodeToString((id + ":" + key).getBytes(StandardCharsets.UTF_8));
     }
 
-    private static String randomRoleDescriptors(boolean includeRemoteIndices) {
+    private static String randomRoleDescriptors(boolean includeRemoteDescriptors) {
         try {
-            return XContentTestUtils.convertToXContent(Map.of("my_role", randomRoleDescriptor(includeRemoteIndices)), XContentType.JSON)
+            return XContentTestUtils.convertToXContent(Map.of("my_role", randomRoleDescriptor(includeRemoteDescriptors)), XContentType.JSON)
                 .utf8ToString();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
@@ -410,7 +411,7 @@ private Map<Boolean, RestClient> getRestClientByCapability() throws IOException
         return clientsByCapability;
     }
 
-    private static RoleDescriptor randomRoleDescriptor(boolean includeRemoteIndices) {
+    private static RoleDescriptor randomRoleDescriptor(boolean includeRemoteDescriptors) {
         final Set<String> excludedPrivileges = Set.of(
             "cross_cluster_replication",
             "cross_cluster_replication_internal",
@@ -425,8 +426,10 @@ private static RoleDescriptor randomRoleDescriptor(boolean includeRemoteIndices)
             generateRandomStringArray(5, randomIntBetween(2, 8), false, true),
             RoleDescriptorTests.randomRoleDescriptorMetadata(false),
             Map.of(),
-            includeRemoteIndices ? RoleDescriptorTests.randomRemoteIndicesPrivileges(1, 3, excludedPrivileges) : null,
-            null, // TODO: add tests here
+            includeRemoteDescriptors ? RoleDescriptorTests.randomRemoteIndicesPrivileges(1, 3, excludedPrivileges) : null,
+            includeRemoteDescriptors
+                ? RoleDescriptorTests.randomRemoteClusterPermissions(randomIntBetween(1, 3))
+                : RemoteClusterPermissions.NONE,
             null
         );
     }