Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds test for APIs related to security plugin and updates spec to add new APIs. #439

Merged
merged 57 commits into from
Aug 12, 2024
Merged

Adds test for APIs related to security plugin and updates spec to add new APIs. #439

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
af53f9c
Updates the missing item types for security API related schemas
DarshitChanpura Jul 15, 2024
f5220c1
Adds tests for some APIs
DarshitChanpura Jul 18, 2024
cd4709b
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Jul 18, 2024
ec97b6b
Merge remote-tracking branch 'upstream/main' into correct-security-sc…
DarshitChanpura Jul 18, 2024
4c51de4
Fixes schema path and lint error in a file
DarshitChanpura Jul 18, 2024
a35cfda
Adds version check for account API test
DarshitChanpura Jul 18, 2024
488e774
Adds a CHANGELOG entry
DarshitChanpura Jul 18, 2024
0439eb2
Fixes tests to expect status as integer
DarshitChanpura Jul 18, 2024
f65a6cf
Adds base tests for all APIs
DarshitChanpura Jul 23, 2024
a25b14f
Fixes linter errors and complete payloads and request bodies
DarshitChanpura Jul 23, 2024
dce0965
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Jul 23, 2024
ab976d4
Adds API spec for the new certificates API and adds tests
DarshitChanpura Jul 23, 2024
463401a
Adds missing new lines at the end of files and removes any extra line…
DarshitChanpura Jul 23, 2024
ee3f3b4
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Jul 31, 2024
092a1d6
Fixes lint errors
DarshitChanpura Jul 31, 2024
757b0ed
Fixes test spec lint
DarshitChanpura Jul 31, 2024
70e9f4c
Fixes without api prefix tests
DarshitChanpura Aug 1, 2024
456bc51
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Aug 5, 2024
588ff10
Merge remote-tracking branch 'origin/correct-security-schemas' into s…
DarshitChanpura Aug 5, 2024
c86e8fa
Fixes accounts tests
DarshitChanpura Aug 7, 2024
892561b
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Aug 7, 2024
7b34505
Fixes action-groups tests
DarshitChanpura Aug 7, 2024
0eac313
Fixes account, allowlist and audit tests
DarshitChanpura Aug 8, 2024
f16a75a
Fixes certificates tests
DarshitChanpura Aug 8, 2024
41c2edf
Fixes internal users test
DarshitChanpura Aug 8, 2024
7622f10
Fixes nodesdn test
DarshitChanpura Aug 8, 2024
d73694e
Fixes roles test
DarshitChanpura Aug 8, 2024
85612c0
Fixes rolesmapping test
DarshitChanpura Aug 8, 2024
6537422
Fixes securityconfig test
DarshitChanpura Aug 8, 2024
c87fa98
Fixes ssl_certs tests
DarshitChanpura Aug 8, 2024
f12ee76
Fixes tenancyconfig tests
DarshitChanpura Aug 8, 2024
48cbc7f
Fixes tenants tests
DarshitChanpura Aug 8, 2024
cb5fe80
Fixes tokens and upgrade tests
DarshitChanpura Aug 8, 2024
269b416
Fixes user tests
DarshitChanpura Aug 8, 2024
44160ab
Fixes validate tests and run linter
DarshitChanpura Aug 8, 2024
aa3f2f3
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Aug 8, 2024
a92aa5b
Fixes spec
DarshitChanpura Aug 8, 2024
ef92ce6
Adds missing new lines to EOFs
DarshitChanpura Aug 9, 2024
2e090ee
Address changes in CHANGELOG
DarshitChanpura Aug 9, 2024
688e69f
Updates parameter descriptions
DarshitChanpura Aug 9, 2024
a91e52c
Re-organize folder structure
DarshitChanpura Aug 9, 2024
2b3494f
Moved security tests inside plugins folder
DarshitChanpura Aug 9, 2024
833c82e
Updates test spec workflow to run security tests
DarshitChanpura Aug 9, 2024
451b179
Adds security test specific docker compose file
DarshitChanpura Aug 9, 2024
cb0547e
Cleans commented code and updates test-spec to run for 2.16 only
DarshitChanpura Aug 9, 2024
54f4cfa
Refactor s boolean to be true boolean
DarshitChanpura Aug 9, 2024
536cf04
Move security tests to default folder and updates spec file
DarshitChanpura Aug 9, 2024
87640ec
Fixes 1.3 tests
DarshitChanpura Aug 9, 2024
c4205c5
Fixes 2.0 test failures
DarshitChanpura Aug 9, 2024
4227e00
Fixes TLS cipher versiion payload issue
DarshitChanpura Aug 9, 2024
b393538
Merge remote-tracking branch 'upstream/main' into security-tests
DarshitChanpura Aug 12, 2024
2f30633
Re-verifies auth token fix
DarshitChanpura Aug 12, 2024
cc10600
Checks for newer images and pulls them before running tests
DarshitChanpura Aug 12, 2024
355cace
Updates the docker compose command
DarshitChanpura Aug 12, 2024
172328a
Removes sha ref for staging branches
DarshitChanpura Aug 12, 2024
7e6bf0c
Updates shas
DarshitChanpura Aug 12, 2024
705e6cf
Renames everything to match the API path
DarshitChanpura Aug 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .cspell
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,7 @@ subqueries
subschemas
subword
syserr
tcnative
tdigest
tenantinfo
termvectors
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Added test coverage ([#443](https://github.com/opensearch-project/opensearch-api-specification/pull/443))
- Added `--opensearch-version` to `merger` that excludes schema elements per semver ([#428](https://github.com/opensearch-project/opensearch-api-specification/pull/428))
- Added `retry` to `tester` to support asynchronous tasks ([453](https://github.com/opensearch-project/opensearch-api-specification/pull/453))
- Added tests for security APIs ([#439](https://github.com/opensearch-project/opensearch-api-specification/pull/439))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to mention tests as they are not external.

Mention additions here (e.g. "Added /_plugins/_security/api/certificates/{node_id}"), and fixes under fixes with some specifics (e.g. "Fixed /_plugins/_security/api/_upgrade_check").

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated changelog. I've also added an entry for specs that I added originally.


### Changed

Expand Down
123 changes: 104 additions & 19 deletions spec/namespaces/security.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,6 @@ paths:
x-operation-group: security.post_dashboards_info
x-version-added: '1.0'
description: Updates the current security-dashboards plugin configuration.
requestBody:
$ref: '#/components/requestBodies/security.post_dashboards_info'
responses:
'200':
$ref: '#/components/responses/security.post_dashboards_info@200'
Expand Down Expand Up @@ -101,6 +99,8 @@ paths:
responses:
'200':
$ref: '#/components/responses/security.tenant_info@200'
'403':
$ref: '#/components/responses/security.tenant_info@403'
'500':
$ref: '#/components/responses/security.tenant_info@500'
post:
Expand All @@ -111,6 +111,8 @@ paths:
responses:
'200':
$ref: '#/components/responses/security.tenant_info@200'
'403':
$ref: '#/components/responses/security.tenant_info@403'
'500':
$ref: '#/components/responses/security.tenant_info@500'
/_plugins/_security/whoami:
Expand Down Expand Up @@ -145,7 +147,7 @@ paths:
$ref: '#/components/responses/security.who_am_i_protected@200'
'500':
$ref: '#/components/responses/security.who_am_i_protected@500'
/_plugins/_security/_upgrade_check:
/_plugins/_security/api/_upgrade_check:
get:
operationId: security.config_upgrade_check.0
x-operation-group: security.config_upgrade_check
Expand All @@ -156,7 +158,7 @@ paths:
responses:
'200':
$ref: '#/components/responses/security.config_upgrade_check@200'
/_plugins/_security/_upgrade_perform:
/_plugins/_security/api/_upgrade_perform:
post:
operationId: security.config_upgrade_perform.0
x-operation-group: security.config_upgrade_perform
Expand Down Expand Up @@ -386,6 +388,35 @@ paths:
responses:
'200':
$ref: '#/components/responses/security.flush_cache@200'
/_plugins/_security/api/certificates:
get:
operationId: security.get_all_certificates.0
x-operation-group: security.get_all_certificates
x-version-added: '2.15'
description: Retrieves the cluster security certificates.
parameters:
- $ref: '#/components/parameters/security.get_all_certificates::query.cert_type'
- $ref: '#/components/parameters/security.get_all_certificates::query.timeout'
responses:
'200':
$ref: '#/components/responses/security.get_all_certificates@200'
'500':
$ref: '#/components/responses/security.get_all_certificates@500'
/_plugins/_security/api/certificates/{node_id}:
get:
operationId: security.get_node_certificates.0
x-operation-group: security.get_node_certificates
x-version-added: '2.15'
description: Retrieves the given node's security certificates.
parameters:
- $ref: '#/components/parameters/security.get_node_certificates::path.node_id'
- $ref: '#/components/parameters/security.get_node_certificates::query.cert_type'
- $ref: '#/components/parameters/security.get_node_certificates::query.timeout'
responses:
'200':
$ref: '#/components/responses/security.get_node_certificates@200'
'500':
$ref: '#/components/responses/security.get_node_certificates@500'
/_plugins/_security/api/generateonbehalfoftoken:
post:
operationId: security.generate_obo_token.0
Expand Down Expand Up @@ -1064,9 +1095,7 @@ components:
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig'
$ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig'
required: true
security.create_user:
content:
Expand Down Expand Up @@ -1203,12 +1232,6 @@ components:
items:
$ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation'
required: true
security.post_dashboards_info:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo'
required: false
security.update_audit_configuration:
content:
application/json:
Expand Down Expand Up @@ -1346,7 +1369,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.delete_role@200:
description: ''
content:
Expand Down Expand Up @@ -1461,12 +1484,36 @@ components:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/GetCertificates'
security.get_all_certificates@200:
description: ''
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/GetCertificatesNew'
security.get_node_certificates@200:
description: ''
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/GetCertificatesNew'
security.get_certificates@400:
description: ''
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/BadRequest'
security.get_all_certificates@500:
description: ''
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError'
security.get_node_certificates@500:
description: ''
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError'
security.get_configuration@200:
description: ''
content:
Expand Down Expand Up @@ -1496,7 +1543,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.get_distinguished_names@200:
description: ''
content:
Expand All @@ -1508,7 +1555,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.get_permissions_info@200:
description: ''
content:
Expand Down Expand Up @@ -1670,7 +1717,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.patch_distinguished_names@200:
description: ''
content:
Expand All @@ -1682,7 +1729,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.patch_role@200:
description: ''
content:
Expand Down Expand Up @@ -1809,6 +1856,14 @@ components:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/TenantInfo'
security.tenant_info@403:
description: ''
content:
text/plain:
type: string
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.tenant_info@500:
description: ''
content:
Expand Down Expand Up @@ -1838,7 +1893,7 @@ components:
content:
application/json:
schema:
$ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
$ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
security.validate@200:
description: ''
content:
Expand Down Expand Up @@ -1992,6 +2047,36 @@ components:
type: string
description: Action group to retrieve.
required: true
security.get_node_certificates::path.node_id:
name: node_id
in: path
schema:
type: string
required: true
security.get_all_certificates::query.cert_type:
name: cert_type
in: query
schema:
type: string
required: false
security.get_node_certificates::query.cert_type:
name: cert_type
in: query
schema:
type: string
required: false
security.get_all_certificates::query.timeout:
name: timeout
in: query
schema:
type: string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these strings or one of the duration types?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is expected as a string to be utilized here: https://github.com/opensearch-project/security/blob/cc26b94ca84b562ae75ed8e2958a343831682042/src/main/java/org/opensearch/security/dlic/rest/api/CertificatesApiAction.java#L89

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean should this be

      schema:
        $ref: '../schemas/_common.yaml#/components/schemas/Duration'

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i see, I have replaced it.

required: false
security.get_node_certificates::query.timeout:
name: timeout
in: query
schema:
type: string
required: false
security.get_distinguished_name::path.cluster_name:
name: cluster_name
in: path
Expand Down
Loading
Loading