"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "x-pack/plugin/security/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java" between
elasticsearch-6.8.14-src.tar.gz and elasticsearch-6.8.15-src.tar.gz

About: elasticsearch is a Distributed, RESTful, Search Engine built on top of Apache Lucene. Source package (GitHub).

DocumentLevelSecurityTests.java  (elasticsearch-6.8.14-src):DocumentLevelSecurityTests.java  (elasticsearch-6.8.15-src)
skipping to change at line 101 skipping to change at line 101
return nodePlugins(); return nodePlugins();
} }
@Override @Override
protected String configUsers() { protected String configUsers() {
final String usersPasswdHashed = new String(getFastStoredHashAlgoForTest s().hash(USERS_PASSWD)); final String usersPasswdHashed = new String(getFastStoredHashAlgoForTest s().hash(USERS_PASSWD));
return super.configUsers() + return super.configUsers() +
"user1:" + usersPasswdHashed + "\n" + "user1:" + usersPasswdHashed + "\n" +
"user2:" + usersPasswdHashed + "\n" + "user2:" + usersPasswdHashed + "\n" +
"user3:" + usersPasswdHashed + "\n" + "user3:" + usersPasswdHashed + "\n" +
"user4:" + usersPasswdHashed + "\n"; "user4:" + usersPasswdHashed + "\n" +
"user5:" + usersPasswdHashed + "\n";
} }
@Override @Override
protected String configUsersRoles() { protected String configUsersRoles() {
return super.configUsersRoles() + return super.configUsersRoles() +
"role1:user1,user2,user3\n" + "role1:user1,user2,user3\n" +
"role2:user1,user3\n" + "role2:user1,user3\n" +
"role3:user2,user3\n" + "role3:user2,user3\n" +
"role4:user4\n"; "role4:user4\n" +
"role5:user5\n";
} }
@Override @Override
protected String configRoles() { protected String configRoles() {
return super.configRoles() + return super.configRoles() +
"\nrole1:\n" + "\nrole1:\n" +
" cluster: [ none ]\n" + " cluster: [ none ]\n" +
" indices:\n" + " indices:\n" +
" - names: '*'\n" + " - names: '*'\n" +
" privileges: [ none ]\n" + " privileges: [ none ]\n" +
skipping to change at line 143 skipping to change at line 145
" indices:\n" + " indices:\n" +
" - names: '*'\n" + " - names: '*'\n" +
" privileges: [ ALL ]\n" + " privileges: [ ALL ]\n" +
" query: '{\"term\" : {\"field2\" : \"value2\"}}'\n" + // < -- query defined as json in a string " query: '{\"term\" : {\"field2\" : \"value2\"}}'\n" + // < -- query defined as json in a string
"role4:\n" + "role4:\n" +
" cluster: [ all ]\n" + " cluster: [ all ]\n" +
" indices:\n" + " indices:\n" +
" - names: '*'\n" + " - names: '*'\n" +
" privileges: [ ALL ]\n" + " privileges: [ ALL ]\n" +
// query that can match nested documents // query that can match nested documents
" query: '{\"bool\": { \"must_not\": { \"term\" : {\"field1 " query: '{\"bool\": { \"must_not\": { \"term\" : {\"field1
\" : \"value2\"}}}}'"; \" : \"value2\"}}}}'\n" +
"role5:\n" +
" cluster: [ all ]\n" +
" indices:\n" +
" - names: [ 'test' ]\n" +
" privileges: [ read ]\n" +
" query: '{\"term\" : {\"field2\" : \"value2\"}}'\n" +
" - names: [ 'fls-index' ]\n" +
" privileges: [ read ]\n" +
" field_security:\n" +
" grant: [ 'field1', 'other_field', 'suggest_field2' ]\n
";
} }
@Override @Override
public Settings nodeSettings(int nodeOrdinal) { public Settings nodeSettings(int nodeOrdinal) {
return Settings.builder() return Settings.builder()
.put(super.nodeSettings(nodeOrdinal)) .put(super.nodeSettings(nodeOrdinal))
.put(XPackSettings.DLS_FLS_ENABLED.getKey(), true) .put(XPackSettings.DLS_FLS_ENABLED.getKey(), true)
.put(XPackSettings.AUDIT_ENABLED.getKey(), false) // Just to mak e logs less noisy .put(XPackSettings.AUDIT_ENABLED.getKey(), false) // Just to mak e logs less noisy
.build(); .build();
} }
skipping to change at line 925 skipping to change at line 938
.endObject() .endObject()
.endObject()).get(); .endObject()).get();
// A document that is always included by role query of both roles: // A document that is always included by role query of both roles:
client().prepareIndex("test", "type1", "2") client().prepareIndex("test", "type1", "2")
.setSource(jsonBuilder().startObject() .setSource(jsonBuilder().startObject()
.field("field1", "value1") .field("field1", "value1")
.field("field2", "value2") .field("field2", "value2")
.endObject()).get(); .endObject()).get();
refresh("test"); refresh("test");
assertAcked(client().admin().indices().prepareCreate("fls-index")
.setSettings(Settings.builder()
.put("index.number_of_shards", 1)
.put("index.number_of_replicas", 0)
)
.addMapping("type1", "field1", "type=text", "suggest_field1", "t
ype=text", "suggest_field2", "type=completion",
"yet_another", "type=text")
);
// Term suggester: // Term suggester:
SearchResponse response = client() SearchResponse response = client()
.prepareSearch("test") .prepareSearch("test")
.suggest(new SuggestBuilder() .suggest(new SuggestBuilder()
.setGlobalText("valeu") .setGlobalText("valeu")
.addSuggestion("_name1", new TermSuggestionBuilder("sugg est_field1")) .addSuggestion("_name1", new TermSuggestionBuilder("sugg est_field1"))
).get(); ).get();
assertNoFailures(response); assertNoFailures(response);
TermSuggestion termSuggestion = response.getSuggest().getSuggestion("_na me1"); TermSuggestion termSuggestion = response.getSuggest().getSuggestion("_na me1");
assertThat(termSuggestion, notNullValue()); assertThat(termSuggestion, notNullValue());
assertThat(termSuggestion.getEntries().size(), equalTo(1)); assertThat(termSuggestion.getEntries().size(), equalTo(1));
assertThat(termSuggestion.getEntries().get(0).getOptions().size(), equal To(1)); assertThat(termSuggestion.getEntries().get(0).getOptions().size(), equal To(1));
assertThat(termSuggestion.getEntries().get(0).getOptions().get(0).getTex t().string(), equalTo("value")); assertThat(termSuggestion.getEntries().get(0).getOptions().get(0).getTex t().string(), equalTo("value"));
final String[] indices =
randomFrom(Arrays.asList(new String[] { "test" }, new String[] { "fl
s-index", "test" }, new String[] { "test", "fls-index" }));
Exception e = expectThrows(ElasticsearchSecurityException.class, () -> c lient() Exception e = expectThrows(ElasticsearchSecurityException.class, () -> c lient()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba
sicAuthHeaderValue("user2", USERS_PASSWD))) sicAuthHeaderValue("user5", USERS_PASSWD)))
.prepareSearch("test") .prepareSearch(indices)
.suggest(new SuggestBuilder() .suggest(new SuggestBuilder()
.setGlobalText("valeu") .setGlobalText("valeu")
.addSuggestion("_name1", new TermSuggestionBuilder("sugg est_field1")) .addSuggestion("_name1", new TermSuggestionBuilder("sugg est_field1"))
).get()); ).get());
assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled")); assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled"));
// Phrase suggester: // Phrase suggester:
response = client() response = client()
.prepareSearch("test") .prepareSearch("test")
.suggest(new SuggestBuilder() .suggest(new SuggestBuilder()
skipping to change at line 965 skipping to change at line 990
).get(); ).get();
assertNoFailures(response); assertNoFailures(response);
PhraseSuggestion phraseSuggestion = response.getSuggest().getSuggestion( "_name1"); PhraseSuggestion phraseSuggestion = response.getSuggest().getSuggestion( "_name1");
assertThat(phraseSuggestion, notNullValue()); assertThat(phraseSuggestion, notNullValue());
assertThat(phraseSuggestion.getEntries().size(), equalTo(1)); assertThat(phraseSuggestion.getEntries().size(), equalTo(1));
assertThat(phraseSuggestion.getEntries().get(0).getOptions().size(), equ alTo(1)); assertThat(phraseSuggestion.getEntries().get(0).getOptions().size(), equ alTo(1));
assertThat(phraseSuggestion.getEntries().get(0).getOptions().get(0).getT ext().string(), equalTo("value")); assertThat(phraseSuggestion.getEntries().get(0).getOptions().get(0).getT ext().string(), equalTo("value"));
e = expectThrows(ElasticsearchSecurityException.class, () -> client() e = expectThrows(ElasticsearchSecurityException.class, () -> client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba sicAuthHeaderValue("user2", USERS_PASSWD))) .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba sicAuthHeaderValue("user5", USERS_PASSWD)))
.prepareSearch("test") .prepareSearch("test")
.suggest(new SuggestBuilder() .suggest(new SuggestBuilder()
.setGlobalText("valeu") .setGlobalText("valeu")
.addSuggestion("_name1", new PhraseSuggestionBuilder("su ggest_field1")) .addSuggestion("_name1", new PhraseSuggestionBuilder("su ggest_field1"))
).get()); ).get());
assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled")); assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled"));
// Completion suggester: // Completion suggester:
response = client() response = client()
.prepareSearch("test") .prepareSearch("test")
skipping to change at line 989 skipping to change at line 1014
).get(); ).get();
assertNoFailures(response); assertNoFailures(response);
CompletionSuggestion completionSuggestion = response.getSuggest().getSug gestion("_name1"); CompletionSuggestion completionSuggestion = response.getSuggest().getSug gestion("_name1");
assertThat(completionSuggestion, notNullValue()); assertThat(completionSuggestion, notNullValue());
assertThat(completionSuggestion.getEntries().size(), equalTo(1)); assertThat(completionSuggestion.getEntries().size(), equalTo(1));
assertThat(completionSuggestion.getEntries().get(0).getOptions().size(), equalTo(1)); assertThat(completionSuggestion.getEntries().get(0).getOptions().size(), equalTo(1));
assertThat(completionSuggestion.getEntries().get(0).getOptions().get(0). getText().string(), equalTo("value")); assertThat(completionSuggestion.getEntries().get(0).getOptions().get(0). getText().string(), equalTo("value"));
e = expectThrows(ElasticsearchSecurityException.class, () -> client() e = expectThrows(ElasticsearchSecurityException.class, () -> client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba sicAuthHeaderValue("user2", USERS_PASSWD))) .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba sicAuthHeaderValue("user5", USERS_PASSWD)))
.prepareSearch("test") .prepareSearch("test")
.suggest(new SuggestBuilder() .suggest(new SuggestBuilder()
.setGlobalText("valeu") .setGlobalText("valeu")
.addSuggestion("_name1", new CompletionSuggestionBuilder ("suggest_field2")) .addSuggestion("_name1", new CompletionSuggestionBuilder ("suggest_field2"))
).get()); ).get());
assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled")); assertThat(e.getMessage(), equalTo("Suggest isn't supported if document level security is enabled"));
} }
public void testProfile() throws Exception { public void testProfile() throws Exception {
assertAcked(client().admin().indices().prepareCreate("test") assertAcked(client().admin().indices().prepareCreate("test")
skipping to change at line 1020 skipping to change at line 1045
.field("other_field", "value") .field("other_field", "value")
.endObject()).get(); .endObject()).get();
// A document that is always included by role query of both roles: // A document that is always included by role query of both roles:
client().prepareIndex("test", "type1", "2") client().prepareIndex("test", "type1", "2")
.setSource(jsonBuilder().startObject() .setSource(jsonBuilder().startObject()
.field("field1", "value1") .field("field1", "value1")
.field("field2", "value2") .field("field2", "value2")
.endObject()).get(); .endObject()).get();
refresh("test"); refresh("test");
assertAcked(client().admin().indices().prepareCreate("fls-index")
.setSettings(Settings.builder()
.put("index.number_of_shards", 1)
.put("index.number_of_replicas", 0)
)
.addMapping("type1", "field1", "type=text", "suggest_field1", "type=
text", "suggest_field2", "type=completion",
"yet_another", "type=text")
);
SearchResponse response = client() SearchResponse response = client()
.prepareSearch("test") .prepareSearch("test")
.setProfile(true) .setProfile(true)
.setQuery(new FuzzyQueryBuilder("other_field", "valeu")) .setQuery(new FuzzyQueryBuilder("other_field", "valeu"))
.get(); .get();
assertNoFailures(response); assertNoFailures(response);
assertThat(response.getProfileResults().size(), equalTo(1)); assertThat(response.getProfileResults().size(), equalTo(1));
ProfileShardResult shardResult = response.getProfileResults().get(respon se.getProfileResults().keySet().toArray()[0]); ProfileShardResult shardResult = response.getProfileResults().get(respon se.getProfileResults().keySet().toArray()[0]);
assertThat(shardResult.getQueryProfileResults().size(), equalTo(1)); assertThat(shardResult.getQueryProfileResults().size(), equalTo(1));
QueryProfileShardResult queryProfileShardResult = shardResult.getQueryPr ofileResults().get(0); QueryProfileShardResult queryProfileShardResult = shardResult.getQueryPr ofileResults().get(0);
assertThat(queryProfileShardResult.getQueryResults().size(), equalTo(1)) ; assertThat(queryProfileShardResult.getQueryResults().size(), equalTo(1)) ;
logger.info("queryProfileShardResult=" + Strings.toString(queryProfileSh ardResult)); logger.info("queryProfileShardResult=" + Strings.toString(queryProfileSh ardResult));
// ProfileResult profileResult = queryProfileShardResult.getQueryResults( ).get(0); // ProfileResult profileResult = queryProfileShardResult.getQueryResults( ).get(0);
// assertThat(profileResult.getLuceneDescription(), equalTo("(other_field :value)^0.8")); // assertThat(profileResult.getLuceneDescription(), equalTo("(other_field :value)^0.8"));
final String[] indices =
randomFrom(Arrays.asList(new String[] { "test" }, new String[] { "fl
s-index", "test" }, new String[] { "test", "fls-index" }));
Exception e = expectThrows(ElasticsearchSecurityException.class, () -> c lient() Exception e = expectThrows(ElasticsearchSecurityException.class, () -> c lient()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, ba
sicAuthHeaderValue("user2", USERS_PASSWD))) sicAuthHeaderValue("user5", USERS_PASSWD)))
.prepareSearch("test") .prepareSearch(indices)
.setProfile(true) .setProfile(true)
.setQuery(new FuzzyQueryBuilder("other_field", "valeu")) .setQuery(new FuzzyQueryBuilder("other_field", "valeu"))
.get()); .get());
assertThat(e.getMessage(), equalTo("A search request cannot be profiled if document level security is enabled")); assertThat(e.getMessage(), equalTo("A search request cannot be profiled if document level security is enabled"));
} }
} }
 End of changes. 11 change blocks. 
12 lines changed or deleted 53 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)