Skip to content

Commit 6f2b7dc

Browse files
tvernumtvernum
committed
Fix AD / vagrant based tests for #30953
These tests were creating a SSL service that was not aware of the realm that they were trying to test. This no longer works.
1 parent c32981d commit 6f2b7dc

File tree

2 files changed

+25
-27
lines changed

2 files changed

+25
-27
lines changed

x-pack/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ADLdapUserSearchSessionFactoryTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ public void testUserSearchWithActiveDirectory() throws Exception {
8585
Settings.Builder builder = Settings.builder()
8686
.put(globalSettings);
8787
settings.keySet().forEach(k -> {
88-
builder.copy("xpack.security.authc.realms.ldap." + k, k, settings);
88+
builder.copy("xpack.security.authc.realms.ad-as-ldap-test." + k, k, settings);
8989

9090
});
9191
Settings fullSettings = builder.build();

x-pack/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java

Lines changed: 24 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import org.elasticsearch.common.settings.Settings;
1313
import org.elasticsearch.common.util.concurrent.ThreadContext;
1414
import org.elasticsearch.common.util.concurrent.UncategorizedExecutionException;
15+
import org.elasticsearch.env.Environment;
1516
import org.elasticsearch.env.TestEnvironment;
1617
import org.elasticsearch.threadpool.TestThreadPool;
1718
import org.elasticsearch.threadpool.ThreadPool;
@@ -59,9 +60,7 @@ public boolean enableWarningsCheck() {
5960

6061
@SuppressWarnings("unchecked")
6162
public void testAdAuth() throws Exception {
62-
RealmConfig config = new RealmConfig("ad-test",
63-
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
64-
globalSettings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(Settings.EMPTY));
63+
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false));
6564
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
6665

6766
String userName = "ironman";
@@ -82,11 +81,21 @@ public void testAdAuth() throws Exception {
8281
}
8382
}
8483

84+
private RealmConfig configureRealm(String name, Settings settings) {
85+
final Environment env = TestEnvironment.newEnvironment(globalSettings);
86+
final Settings mergedSettings = Settings.builder()
87+
.put(settings)
88+
.normalizePrefix("xpack.security.authc.realms." + name + ".")
89+
.put(globalSettings)
90+
.build();
91+
this.sslService = new SSLService(mergedSettings, env);
92+
return new RealmConfig(name, settings, globalSettings, env, new ThreadContext(globalSettings));
93+
}
94+
8595
@SuppressWarnings("unchecked")
8696
public void testNetbiosAuth() throws Exception {
8797
final String adUrl = randomFrom(AD_LDAP_URL, AD_LDAP_GC_URL);
88-
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false), globalSettings,
89-
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
98+
RealmConfig config = configureRealm("ad-test", buildAdSettings(adUrl, AD_DOMAIN, false));
9099
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
91100

92101
String userName = "ades\\ironman";
@@ -108,8 +117,7 @@ public void testNetbiosAuth() throws Exception {
108117
}
109118

110119
public void testAdAuthAvengers() throws Exception {
111-
RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings,
112-
TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings));
120+
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false));
113121
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
114122

115123
String[] users = new String[]{"cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow"};
@@ -126,8 +134,7 @@ public void testAdAuthAvengers() throws Exception {
126134
public void testAuthenticate() throws Exception {
127135
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
128136
LdapSearchScope.ONE_LEVEL, false);
129-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
130-
new ThreadContext(globalSettings));
137+
RealmConfig config = configureRealm("ad-test", settings);
131138
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
132139

133140
String userName = "hulk";
@@ -151,8 +158,7 @@ public void testAuthenticate() throws Exception {
151158
public void testAuthenticateBaseUserSearch() throws Exception {
152159
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Bruce Banner, CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
153160
LdapSearchScope.BASE, false);
154-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
155-
new ThreadContext(globalSettings));
161+
RealmConfig config = configureRealm("ad-test", settings);
156162
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
157163

158164
String userName = "hulk";
@@ -180,8 +186,7 @@ public void testAuthenticateBaseGroupSearch() throws Exception {
180186
"CN=Avengers,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com")
181187
.put(ActiveDirectorySessionFactorySettings.AD_GROUP_SEARCH_SCOPE_SETTING, LdapSearchScope.BASE)
182188
.build();
183-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
184-
new ThreadContext(globalSettings));
189+
RealmConfig config = configureRealm("ad-test", settings);
185190
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
186191

187192
String userName = "hulk";
@@ -198,8 +203,7 @@ public void testAuthenticateBaseGroupSearch() throws Exception {
198203
public void testAuthenticateWithUserPrincipalName() throws Exception {
199204
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
200205
LdapSearchScope.ONE_LEVEL, false);
201-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
202-
new ThreadContext(globalSettings));
206+
RealmConfig config = configureRealm("ad-test", settings);
203207
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
204208

205209
//Login with the UserPrincipalName
@@ -220,8 +224,7 @@ public void testAuthenticateWithUserPrincipalName() throws Exception {
220224
public void testAuthenticateWithSAMAccountName() throws Exception {
221225
Settings settings = buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com",
222226
LdapSearchScope.ONE_LEVEL, false);
223-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
224-
new ThreadContext(globalSettings));
227+
RealmConfig config = configureRealm("ad-test", settings);
225228
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
226229

227230
//login with sAMAccountName
@@ -247,8 +250,7 @@ public void testCustomUserFilter() throws Exception {
247250
.put(ActiveDirectorySessionFactorySettings.AD_USER_SEARCH_FILTER_SETTING,
248251
"(&(objectclass=user)(userPrincipalName={0}@ad.test.elasticsearch.com))")
249252
.build();
250-
RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
251-
new ThreadContext(globalSettings));
253+
RealmConfig config = configureRealm("ad-test", settings);
252254
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
253255

254256
//Login with the UserPrincipalName
@@ -284,8 +286,7 @@ public void testStandardLdapConnection() throws Exception {
284286
.putList("ssl.certificate_authorities", certificatePaths)
285287
.build();
286288
}
287-
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
288-
new ThreadContext(globalSettings));
289+
RealmConfig config = configureRealm("ad-as-ldap-test", settings);
289290
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
290291

291292
String user = "Bruce Banner";
@@ -348,8 +349,7 @@ public void testStandardLdapWithAttributeGroups() throws Exception {
348349
.putList("ssl.certificate_authorities", certificatePaths)
349350
.build();
350351
}
351-
RealmConfig config = new RealmConfig("ad-as-ldap-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings),
352-
new ThreadContext(globalSettings));
352+
RealmConfig config = configureRealm("ad-as-ldap-test", settings);
353353
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
354354

355355
String user = "Bruce Banner";
@@ -366,9 +366,7 @@ public void testStandardLdapWithAttributeGroups() throws Exception {
366366
}
367367

368368
public void testADLookup() throws Exception {
369-
RealmConfig config = new RealmConfig("ad-test",
370-
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true),
371-
globalSettings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(Settings.EMPTY));
369+
RealmConfig config = configureRealm("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true));
372370
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
373371

374372
List<String> users = randomSubsetOf(Arrays.asList("cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow",

0 commit comments

Comments
 (0)