From 006215483739b5dd539634af0e606b4ec0704bea Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Fri, 17 Aug 2018 12:29:22 +1000 Subject: [PATCH 1/3] Handle 6.4.0+ BWC for Application Privileges When the application privileges feature was backported to 6.x/6.4 the BWC version checks on the backport were updated to 6.4.0, but master was not updated. This commit updates all relevant version checks, and adds tests. --- .../security/action/role/PutRoleRequest.java | 4 +- .../action/user/HasPrivilegesRequest.java | 4 +- .../action/user/HasPrivilegesResponse.java | 4 +- .../core/security/authz/RoleDescriptor.java | 4 +- .../action/role/PutRoleRequestTests.java | 6 + .../user/HasPrivilegesRequestTests.java | 8 +- .../user/HasPrivilegesResponseTest.java | 90 ++++++++++++ .../security/authz/RoleDescriptorTests.java | 128 +++++++++--------- 8 files changed, 176 insertions(+), 72 deletions(-) create mode 100644 x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java index 96c9c817182ff..82863a6e8d155 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java @@ -167,7 +167,7 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indicesSize; i++) { indicesPrivileges.add(RoleDescriptor.IndicesPrivileges.createFrom(in)); } - if (in.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (in.getVersion().onOrAfter(Version.V_6_4_0)) { applicationPrivileges = in.readList(RoleDescriptor.ApplicationResourcePrivileges::createFrom); conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); } @@ -185,7 +185,7 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges index : indicesPrivileges) { index.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (out.getVersion().onOrAfter(Version.V_6_4_0)) { out.writeStreamableList(applicationPrivileges); ConditionalClusterPrivileges.writeArray(out, this.conditionalClusterPrivileges); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java index dc43db0115e0a..4f5aed012cb11 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java @@ -109,7 +109,7 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indexSize; i++) { indexPrivileges[i] = RoleDescriptor.IndicesPrivileges.createFrom(in); } - if (in.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (in.getVersion().onOrAfter(Version.V_6_4_0)) { applicationPrivileges = in.readArray(ApplicationResourcePrivileges::createFrom, ApplicationResourcePrivileges[]::new); } } @@ -123,7 +123,7 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges priv : indexPrivileges) { priv.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (out.getVersion().onOrAfter(Version.V_6_4_0)) { out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java index b0711fc1bc12f..8cd8b510c6499 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java @@ -66,7 +66,7 @@ public void readFrom(StreamInput in) throws IOException { super.readFrom(in); completeMatch = in.readBoolean(); index = readResourcePrivileges(in); - if (in.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (in.getVersion().onOrAfter(Version.V_6_4_0)) { application = in.readMap(StreamInput::readString, HasPrivilegesResponse::readResourcePrivileges); } } @@ -87,7 +87,7 @@ public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); out.writeBoolean(completeMatch); writeResourcePrivileges(out, index); - if (out.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (out.getVersion().onOrAfter(Version.V_6_4_0)) { out.writeMap(application, StreamOutput::writeString, HasPrivilegesResponse::writeResourcePrivileges); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java index 54fd8cc7974b2..38bd84888a886 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java @@ -252,7 +252,7 @@ public static RoleDescriptor readFrom(StreamInput in) throws IOException { final ApplicationResourcePrivileges[] applicationPrivileges; final ConditionalClusterPrivilege[] conditionalClusterPrivileges; - if (in.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (in.getVersion().onOrAfter(Version.V_6_4_0)) { applicationPrivileges = in.readArray(ApplicationResourcePrivileges::createFrom, ApplicationResourcePrivileges[]::new); conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); } else { @@ -276,7 +276,7 @@ public static void writeTo(RoleDescriptor descriptor, StreamOutput out) throws I if (out.getVersion().onOrAfter(Version.V_5_2_0)) { out.writeMap(descriptor.transientMetadata); } - if (out.getVersion().onOrAfter(Version.V_7_0_0_alpha1)) { + if (out.getVersion().onOrAfter(Version.V_6_4_0)) { out.writeArray(ApplicationResourcePrivileges::write, descriptor.applicationPrivileges); ConditionalClusterPrivileges.writeArray(out, descriptor.getConditionalClusterPrivileges()); } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java index ae458cbb2f5ed..a2b8d40e44c0b 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java @@ -58,11 +58,17 @@ public void testSerialization() throws IOException { final PutRoleRequest original = buildRandomRequest(); final BytesStreamOutput out = new BytesStreamOutput(); + if (randomBoolean()) { + final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.CURRENT); + logger.info("Serializing with version {}", version); + out.setVersion(version); + } original.writeTo(out); final PutRoleRequest copy = new PutRoleRequest(); final NamedWriteableRegistry registry = new NamedWriteableRegistry(new XPackClientPlugin(Settings.EMPTY).getNamedWriteables()); StreamInput in = new NamedWriteableAwareStreamInput(ByteBufferStreamInput.wrap(BytesReference.toBytes(out.bytes())), registry); + in.setVersion(out.getVersion()); copy.readFrom(in); assertThat(copy.roleDescriptor(), equalTo(original.roleDescriptor())); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java index f458311e68537..f6ad28ef40203 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges; import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.IndicesPrivileges; import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilege; @@ -28,9 +29,10 @@ public class HasPrivilegesRequestTests extends ESTestCase { - public void testSerializationV7() throws IOException { + public void testSerializationV64OrLater() throws IOException { final HasPrivilegesRequest original = randomRequest(); - final HasPrivilegesRequest copy = serializeAndDeserialize(original, Version.V_7_0_0_alpha1); + final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.CURRENT); + final HasPrivilegesRequest copy = serializeAndDeserialize(original, version); assertThat(copy.username(), equalTo(original.username())); assertThat(copy.clusterPrivileges(), equalTo(original.clusterPrivileges())); @@ -71,7 +73,7 @@ public void testValidateNoWildcardApplicationPrivileges() { final HasPrivilegesRequest request = new HasPrivilegesRequest(); request.clusterPrivileges(new String[0]); request.indexPrivileges(new IndicesPrivileges[0]); - request.applicationPrivileges(new ApplicationResourcePrivileges[] { + request.applicationPrivileges(new ApplicationResourcePrivileges[]{ ApplicationResourcePrivileges.builder().privileges("read").application("*").resources("item/1").build() }); final ActionRequestValidationException exception = request.validate(); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java new file mode 100644 index 0000000000000..8ee4910a1ce73 --- /dev/null +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java @@ -0,0 +1,90 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +package org.elasticsearch.xpack.core.security.action.user; + +import org.elasticsearch.Version; +import org.elasticsearch.common.Strings; +import org.elasticsearch.common.io.stream.BytesStreamOutput; +import org.elasticsearch.common.io.stream.StreamInput; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.VersionUtils; +import org.hamcrest.Matchers; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.nullValue; + +public class HasPrivilegesResponseTest extends ESTestCase { + + public void testSerializationV64OrLater() throws IOException { + final HasPrivilegesResponse original = randomResponse(); + final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.CURRENT); + final HasPrivilegesResponse copy = serializeAndDeserialize(original, version); + + assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); +// assertThat(copy.getClusterPrivileges(), equalTo(original.getClusterPrivileges())); + assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); + assertThat(copy.getApplicationPrivileges(), equalTo(original.getApplicationPrivileges())); + } + + public void testSerializationV63() throws IOException { + final HasPrivilegesResponse original = randomResponse(); + final HasPrivilegesResponse copy = serializeAndDeserialize(original, Version.V_6_3_0); + + assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); +// assertThat(copy.getClusterPrivileges(), equalTo(original.getClusterPrivileges())); + assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); + assertThat(copy.getApplicationPrivileges(), equalTo(Collections.emptyMap())); + } + + private HasPrivilegesResponse serializeAndDeserialize(HasPrivilegesResponse original, Version version) throws IOException { + logger.info("Test serialize/deserialize with version {}", version); + final BytesStreamOutput out = new BytesStreamOutput(); + out.setVersion(version); + original.writeTo(out); + + final HasPrivilegesResponse copy = new HasPrivilegesResponse(); + final StreamInput in = out.bytes().streamInput(); + in.setVersion(version); + copy.readFrom(in); + assertThat(in.read(), equalTo(-1)); + return copy; + } + + private HasPrivilegesResponse randomResponse() { + final Map cluster = new HashMap<>(); + for (String priv : randomArray(1, 6, String[]::new, () -> randomAlphaOfLengthBetween(3, 12))) { + cluster.put(priv, randomBoolean()); + } + final Collection index = randomResourcePrivileges(); + final Map> application = new HashMap<>(); + for (String app : randomArray(1, 3, String[]::new, () -> randomAlphaOfLengthBetween(3, 6).toLowerCase(Locale.ROOT))) { + application.put(app, randomResourcePrivileges()); + } + return new HasPrivilegesResponse(randomBoolean(), cluster, index, application); + } + + private Collection randomResourcePrivileges() { + final Collection list = new ArrayList<>(); + for (String resource : randomArray(1, 3, String[]::new, () -> randomAlphaOfLengthBetween(2, 6))) { + final Map privileges = new HashMap<>(); + for (String priv : randomArray(1, 5, String[]::new, () -> randomAlphaOfLengthBetween(3, 8))) { + privileges.put(priv, randomBoolean()); + } + list.add(new HasPrivilegesResponse.ResourcePrivileges(resource, privileges)); + } + return list; + } + +} diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java index 07686838ad0e2..3dcfc823663c4 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.authz; +import org.elasticsearch.Version; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; @@ -18,10 +19,11 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.XPackClientPlugin; import org.elasticsearch.xpack.core.security.authz.RoleDescriptor; -import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivileges; import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivilege; +import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivileges; import org.elasticsearch.xpack.core.security.support.MetadataUtils; import org.hamcrest.Matchers; @@ -44,22 +46,22 @@ public class RoleDescriptorTests extends ESTestCase { public void testIndexGroup() throws Exception { RoleDescriptor.IndicesPrivileges privs = RoleDescriptor.IndicesPrivileges.builder() - .indices("idx") - .privileges("priv") - .build(); + .indices("idx") + .privileges("priv") + .build(); XContentBuilder b = jsonBuilder(); privs.toXContent(b, ToXContent.EMPTY_PARAMS); assertEquals("{\"names\":[\"idx\"],\"privileges\":[\"priv\"]}", Strings.toString(b)); } public void testToString() throws Exception { - RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder() - .indices("i1", "i2") - .privileges("read") - .grantedFields("body", "title") - .query("{\"query\": {\"match_all\": {}}}") - .build() + RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[]{ + RoleDescriptor.IndicesPrivileges.builder() + .indices("i1", "i2") + .privileges("read") + .grantedFields("body", "title") + .query("{\"query\": {\"match_all\": {}}}") + .build() }; final RoleDescriptor.ApplicationResourcePrivileges[] applicationPrivileges = { RoleDescriptor.ApplicationResourcePrivileges.builder() @@ -73,25 +75,25 @@ public void testToString() throws Exception { new ConditionalClusterPrivileges.ManageApplicationPrivileges(new LinkedHashSet<>(Arrays.asList("app01", "app02"))) }; - RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all", "none" }, groups, applicationPrivileges, - conditionalClusterPrivileges, new String[] { "sudo" }, Collections.emptyMap(), Collections.emptyMap()); + RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, + conditionalClusterPrivileges, new String[]{ "sudo" }, Collections.emptyMap(), Collections.emptyMap()); assertThat(descriptor.toString(), is("Role[name=test, cluster=[all,none]" + - ", global=[{APPLICATION:manage:applications=app01,app02}]" + - ", indicesPrivileges=[IndicesPrivileges[indices=[i1,i2], privileges=[read]" + - ", field_security=[grant=[body,title], except=null], query={\"query\": {\"match_all\": {}}}],]" + - ", applicationPrivileges=[ApplicationResourcePrivileges[application=my_app, privileges=[read,write], resources=[*]],]" + - ", runAs=[sudo], metadata=[{}]]")); + ", global=[{APPLICATION:manage:applications=app01,app02}]" + + ", indicesPrivileges=[IndicesPrivileges[indices=[i1,i2], privileges=[read]" + + ", field_security=[grant=[body,title], except=null], query={\"query\": {\"match_all\": {}}}],]" + + ", applicationPrivileges=[ApplicationResourcePrivileges[application=my_app, privileges=[read,write], resources=[*]],]" + + ", runAs=[sudo], metadata=[{}]]")); } public void testToXContent() throws Exception { - RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder() - .indices("i1", "i2") - .privileges("read") - .grantedFields("body", "title") - .query("{\"query\": {\"match_all\": {}}}") - .build() + RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[]{ + RoleDescriptor.IndicesPrivileges.builder() + .indices("i1", "i2") + .privileges("read") + .grantedFields("body", "title") + .query("{\"query\": {\"match_all\": {}}}") + .build() }; final RoleDescriptor.ApplicationResourcePrivileges[] applicationPrivileges = { RoleDescriptor.ApplicationResourcePrivileges.builder() @@ -105,7 +107,7 @@ public void testToXContent() throws Exception { }; Map metadata = randomBoolean() ? MetadataUtils.DEFAULT_RESERVED_METADATA : null; - RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all", "none" }, groups, applicationPrivileges, + RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, conditionalClusterPrivileges, new String[]{ "sudo" }, metadata, Collections.emptyMap()); XContentBuilder builder = descriptor.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS); RoleDescriptor parsed = RoleDescriptor.parse("test", BytesReference.bytes(builder), false, XContentType.JSON); @@ -117,42 +119,42 @@ public void testParse() throws Exception { String q = "{\"cluster\":[\"a\", \"b\"]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); assertArrayEquals(Strings.EMPTY_ARRAY, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": \"idx1\", \"privileges\": [\"p1\", " + - "\"p2\"]}, {\"names\": \"idx2\", \"privileges\": [\"p3\"], \"field_security\": " + - "{\"grant\": [\"f1\", \"f2\"]}}, {\"names\": " + - "\"idx2\", " + - "\"privileges\": [\"p3\"], \"field_security\": {\"grant\": [\"f1\", \"f2\"]}, \"query\": \"{\\\"match_all\\\": {}}\"}]}"; + "\"p2\"]}, {\"names\": \"idx2\", \"privileges\": [\"p3\"], \"field_security\": " + + "{\"grant\": [\"f1\", \"f2\"]}}, {\"names\": " + + "\"idx2\", " + + "\"privileges\": [\"p3\"], \"field_security\": {\"grant\": [\"f1\", \"f2\"]}, \"query\": \"{\\\"match_all\\\": {}}\"}]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(3, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": " + - "[\"p1\", \"p2\"]}]}"; + "[\"p1\", \"p2\"]}]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); q = "{\"cluster\":[\"a\", \"b\"], \"metadata\":{\"foo\":\"bar\"}}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); assertArrayEquals(Strings.EMPTY_ARRAY, rd.getRunAs()); assertNotNull(rd.getMetadata()); @@ -160,13 +162,13 @@ public void testParse() throws Exception { assertThat(rd.getMetadata().get("foo"), is("bar")); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"]," + - " \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": [\"p1\", \"p2\"]}]," + - " \"applications\": [" + - " {\"resources\": [\"object-123\",\"object-456\"], \"privileges\":[\"read\", \"delete\"], \"application\":\"app1\"}," + - " {\"resources\": [\"*\"], \"privileges\":[\"admin\"], \"application\":\"app2\" }" + - " ]," + - " \"global\": { \"application\": { \"manage\": { \"applications\" : [ \"kibana\", \"logstash\" ] } } }" + - "}"; + " \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": [\"p1\", \"p2\"]}]," + + " \"applications\": [" + + " {\"resources\": [\"object-123\",\"object-456\"], \"privileges\":[\"read\", \"delete\"], \"application\":\"app1\"}," + + " {\"resources\": [\"*\"], \"privileges\":[\"admin\"], \"application\":\"app2\" }" + + " ]," + + " \"global\": { \"application\": { \"manage\": { \"applications\" : [ \"kibana\", \"logstash\" ] } } }" + + "}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertThat(rd.getName(), equalTo("test")); assertThat(rd.getClusterPrivileges(), arrayContaining("a", "b")); @@ -201,14 +203,17 @@ public void testParse() throws Exception { assertThat(rd.getConditionalClusterPrivileges(), Matchers.arrayWithSize(0)); final String badJson - = "{\"applications\":[{\"not_supported\": true, \"resources\": [\"*\"], \"privileges\": [\"my-app:login\" ]}] }"; + = "{\"applications\":[{\"not_supported\": true, \"resources\": [\"*\"], \"privileges\": [\"my-app:login\" ]}] }"; final IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, - () -> RoleDescriptor.parse("test", new BytesArray(badJson), false, XContentType.JSON)); + () -> RoleDescriptor.parse("test", new BytesArray(badJson), false, XContentType.JSON)); assertThat(ex.getMessage(), containsString("not_supported")); } public void testSerialization() throws Exception { + final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, null); + logger.info("Testing serialization with version {}", version); BytesStreamOutput output = new BytesStreamOutput(); + output.setVersion(version); RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[] { RoleDescriptor.IndicesPrivileges.builder() .indices("i1", "i2") @@ -229,43 +234,44 @@ public void testSerialization() throws Exception { }; Map metadata = randomBoolean() ? MetadataUtils.DEFAULT_RESERVED_METADATA : null; - final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{"all", "none"}, groups, applicationPrivileges, - conditionalClusterPrivileges, new String[] { "sudo" }, metadata, null); + final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, + conditionalClusterPrivileges, new String[]{ "sudo" }, metadata, null); RoleDescriptor.writeTo(descriptor, output); final NamedWriteableRegistry registry = new NamedWriteableRegistry(new XPackClientPlugin(Settings.EMPTY).getNamedWriteables()); StreamInput streamInput = new NamedWriteableAwareStreamInput(ByteBufferStreamInput.wrap(BytesReference.toBytes(output.bytes())), registry); + streamInput.setVersion(version); final RoleDescriptor serialized = RoleDescriptor.readFrom(streamInput); assertEquals(descriptor, serialized); } public void testParseEmptyQuery() throws Exception { String json = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": [\"idx1\",\"idx2\"], " + - "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; + "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(json), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); } public void testParseEmptyQueryUsingDeprecatedIndicesField() throws Exception { String json = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"indices\": [{\"names\": [\"idx1\",\"idx2\"], " + - "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; + "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(json), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); } public void testParseIgnoresTransientMetadata() throws Exception { - final RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all" }, null, null, - Collections.singletonMap("_unlicensed_feature", true), Collections.singletonMap("foo", "bar")); + final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all" }, null, null, + Collections.singletonMap("_unlicensed_feature", true), Collections.singletonMap("foo", "bar")); XContentBuilder b = jsonBuilder(); descriptor.toXContent(b, ToXContent.EMPTY_PARAMS); RoleDescriptor parsed = RoleDescriptor.parse("test", BytesReference.bytes(b), false, XContentType.JSON); From b6dd1544c09a1305478b492b808bd6186455b187 Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Fri, 17 Aug 2018 12:38:56 +1000 Subject: [PATCH 2/3] Revert accidental formmatting changes --- .../user/HasPrivilegesRequestTests.java | 2 +- .../security/authz/RoleDescriptorTests.java | 120 +++++++++--------- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java index f6ad28ef40203..a6706542e9613 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java @@ -73,7 +73,7 @@ public void testValidateNoWildcardApplicationPrivileges() { final HasPrivilegesRequest request = new HasPrivilegesRequest(); request.clusterPrivileges(new String[0]); request.indexPrivileges(new IndicesPrivileges[0]); - request.applicationPrivileges(new ApplicationResourcePrivileges[]{ + request.applicationPrivileges(new ApplicationResourcePrivileges[] { ApplicationResourcePrivileges.builder().privileges("read").application("*").resources("item/1").build() }); final ActionRequestValidationException exception = request.validate(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java index 3dcfc823663c4..08e4b1123c70a 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java @@ -46,22 +46,22 @@ public class RoleDescriptorTests extends ESTestCase { public void testIndexGroup() throws Exception { RoleDescriptor.IndicesPrivileges privs = RoleDescriptor.IndicesPrivileges.builder() - .indices("idx") - .privileges("priv") - .build(); + .indices("idx") + .privileges("priv") + .build(); XContentBuilder b = jsonBuilder(); privs.toXContent(b, ToXContent.EMPTY_PARAMS); assertEquals("{\"names\":[\"idx\"],\"privileges\":[\"priv\"]}", Strings.toString(b)); } public void testToString() throws Exception { - RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[]{ - RoleDescriptor.IndicesPrivileges.builder() - .indices("i1", "i2") - .privileges("read") - .grantedFields("body", "title") - .query("{\"query\": {\"match_all\": {}}}") - .build() + RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[] { + RoleDescriptor.IndicesPrivileges.builder() + .indices("i1", "i2") + .privileges("read") + .grantedFields("body", "title") + .query("{\"query\": {\"match_all\": {}}}") + .build() }; final RoleDescriptor.ApplicationResourcePrivileges[] applicationPrivileges = { RoleDescriptor.ApplicationResourcePrivileges.builder() @@ -75,25 +75,25 @@ public void testToString() throws Exception { new ConditionalClusterPrivileges.ManageApplicationPrivileges(new LinkedHashSet<>(Arrays.asList("app01", "app02"))) }; - RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, - conditionalClusterPrivileges, new String[]{ "sudo" }, Collections.emptyMap(), Collections.emptyMap()); + RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all", "none" }, groups, applicationPrivileges, + conditionalClusterPrivileges, new String[] { "sudo" }, Collections.emptyMap(), Collections.emptyMap()); assertThat(descriptor.toString(), is("Role[name=test, cluster=[all,none]" + - ", global=[{APPLICATION:manage:applications=app01,app02}]" + - ", indicesPrivileges=[IndicesPrivileges[indices=[i1,i2], privileges=[read]" + - ", field_security=[grant=[body,title], except=null], query={\"query\": {\"match_all\": {}}}],]" + - ", applicationPrivileges=[ApplicationResourcePrivileges[application=my_app, privileges=[read,write], resources=[*]],]" + - ", runAs=[sudo], metadata=[{}]]")); + ", global=[{APPLICATION:manage:applications=app01,app02}]" + + ", indicesPrivileges=[IndicesPrivileges[indices=[i1,i2], privileges=[read]" + + ", field_security=[grant=[body,title], except=null], query={\"query\": {\"match_all\": {}}}],]" + + ", applicationPrivileges=[ApplicationResourcePrivileges[application=my_app, privileges=[read,write], resources=[*]],]" + + ", runAs=[sudo], metadata=[{}]]")); } public void testToXContent() throws Exception { - RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[]{ - RoleDescriptor.IndicesPrivileges.builder() - .indices("i1", "i2") - .privileges("read") - .grantedFields("body", "title") - .query("{\"query\": {\"match_all\": {}}}") - .build() + RoleDescriptor.IndicesPrivileges[] groups = new RoleDescriptor.IndicesPrivileges[] { + RoleDescriptor.IndicesPrivileges.builder() + .indices("i1", "i2") + .privileges("read") + .grantedFields("body", "title") + .query("{\"query\": {\"match_all\": {}}}") + .build() }; final RoleDescriptor.ApplicationResourcePrivileges[] applicationPrivileges = { RoleDescriptor.ApplicationResourcePrivileges.builder() @@ -107,7 +107,7 @@ public void testToXContent() throws Exception { }; Map metadata = randomBoolean() ? MetadataUtils.DEFAULT_RESERVED_METADATA : null; - RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, + RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all", "none" }, groups, applicationPrivileges, conditionalClusterPrivileges, new String[]{ "sudo" }, metadata, Collections.emptyMap()); XContentBuilder builder = descriptor.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS); RoleDescriptor parsed = RoleDescriptor.parse("test", BytesReference.bytes(builder), false, XContentType.JSON); @@ -119,42 +119,42 @@ public void testParse() throws Exception { String q = "{\"cluster\":[\"a\", \"b\"]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); assertArrayEquals(Strings.EMPTY_ARRAY, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": \"idx1\", \"privileges\": [\"p1\", " + - "\"p2\"]}, {\"names\": \"idx2\", \"privileges\": [\"p3\"], \"field_security\": " + - "{\"grant\": [\"f1\", \"f2\"]}}, {\"names\": " + - "\"idx2\", " + - "\"privileges\": [\"p3\"], \"field_security\": {\"grant\": [\"f1\", \"f2\"]}, \"query\": \"{\\\"match_all\\\": {}}\"}]}"; + "\"p2\"]}, {\"names\": \"idx2\", \"privileges\": [\"p3\"], \"field_security\": " + + "{\"grant\": [\"f1\", \"f2\"]}}, {\"names\": " + + "\"idx2\", " + + "\"privileges\": [\"p3\"], \"field_security\": {\"grant\": [\"f1\", \"f2\"]}, \"query\": \"{\\\"match_all\\\": {}}\"}]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(3, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": " + - "[\"p1\", \"p2\"]}]}"; + "[\"p1\", \"p2\"]}]}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); q = "{\"cluster\":[\"a\", \"b\"], \"metadata\":{\"foo\":\"bar\"}}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(0, rd.getIndicesPrivileges().length); assertArrayEquals(Strings.EMPTY_ARRAY, rd.getRunAs()); assertNotNull(rd.getMetadata()); @@ -162,13 +162,13 @@ public void testParse() throws Exception { assertThat(rd.getMetadata().get("foo"), is("bar")); q = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"]," + - " \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": [\"p1\", \"p2\"]}]," + - " \"applications\": [" + - " {\"resources\": [\"object-123\",\"object-456\"], \"privileges\":[\"read\", \"delete\"], \"application\":\"app1\"}," + - " {\"resources\": [\"*\"], \"privileges\":[\"admin\"], \"application\":\"app2\" }" + - " ]," + - " \"global\": { \"application\": { \"manage\": { \"applications\" : [ \"kibana\", \"logstash\" ] } } }" + - "}"; + " \"index\": [{\"names\": [\"idx1\",\"idx2\"], \"privileges\": [\"p1\", \"p2\"]}]," + + " \"applications\": [" + + " {\"resources\": [\"object-123\",\"object-456\"], \"privileges\":[\"read\", \"delete\"], \"application\":\"app1\"}," + + " {\"resources\": [\"*\"], \"privileges\":[\"admin\"], \"application\":\"app2\" }" + + " ]," + + " \"global\": { \"application\": { \"manage\": { \"applications\" : [ \"kibana\", \"logstash\" ] } } }" + + "}"; rd = RoleDescriptor.parse("test", new BytesArray(q), false, XContentType.JSON); assertThat(rd.getName(), equalTo("test")); assertThat(rd.getClusterPrivileges(), arrayContaining("a", "b")); @@ -203,9 +203,9 @@ public void testParse() throws Exception { assertThat(rd.getConditionalClusterPrivileges(), Matchers.arrayWithSize(0)); final String badJson - = "{\"applications\":[{\"not_supported\": true, \"resources\": [\"*\"], \"privileges\": [\"my-app:login\" ]}] }"; + = "{\"applications\":[{\"not_supported\": true, \"resources\": [\"*\"], \"privileges\": [\"my-app:login\" ]}] }"; final IllegalArgumentException ex = expectThrows(IllegalArgumentException.class, - () -> RoleDescriptor.parse("test", new BytesArray(badJson), false, XContentType.JSON)); + () -> RoleDescriptor.parse("test", new BytesArray(badJson), false, XContentType.JSON)); assertThat(ex.getMessage(), containsString("not_supported")); } @@ -234,8 +234,8 @@ public void testSerialization() throws Exception { }; Map metadata = randomBoolean() ? MetadataUtils.DEFAULT_RESERVED_METADATA : null; - final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all", "none" }, groups, applicationPrivileges, - conditionalClusterPrivileges, new String[]{ "sudo" }, metadata, null); + final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{"all", "none"}, groups, applicationPrivileges, + conditionalClusterPrivileges, new String[] { "sudo" }, metadata, null); RoleDescriptor.writeTo(descriptor, output); final NamedWriteableRegistry registry = new NamedWriteableRegistry(new XPackClientPlugin(Settings.EMPTY).getNamedWriteables()); StreamInput streamInput = new NamedWriteableAwareStreamInput(ByteBufferStreamInput.wrap(BytesReference.toBytes(output.bytes())), @@ -247,31 +247,31 @@ public void testSerialization() throws Exception { public void testParseEmptyQuery() throws Exception { String json = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"index\": [{\"names\": [\"idx1\",\"idx2\"], " + - "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; + "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(json), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); } public void testParseEmptyQueryUsingDeprecatedIndicesField() throws Exception { String json = "{\"cluster\":[\"a\", \"b\"], \"run_as\": [\"m\", \"n\"], \"indices\": [{\"names\": [\"idx1\",\"idx2\"], " + - "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; + "\"privileges\": [\"p1\", \"p2\"], \"query\": \"\"}]}"; RoleDescriptor rd = RoleDescriptor.parse("test", new BytesArray(json), false, XContentType.JSON); assertEquals("test", rd.getName()); - assertArrayEquals(new String[]{ "a", "b" }, rd.getClusterPrivileges()); + assertArrayEquals(new String[] { "a", "b" }, rd.getClusterPrivileges()); assertEquals(1, rd.getIndicesPrivileges().length); - assertArrayEquals(new String[]{ "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); - assertArrayEquals(new String[]{ "m", "n" }, rd.getRunAs()); + assertArrayEquals(new String[] { "idx1", "idx2" }, rd.getIndicesPrivileges()[0].getIndices()); + assertArrayEquals(new String[] { "m", "n" }, rd.getRunAs()); assertNull(rd.getIndicesPrivileges()[0].getQuery()); } public void testParseIgnoresTransientMetadata() throws Exception { - final RoleDescriptor descriptor = new RoleDescriptor("test", new String[]{ "all" }, null, null, - Collections.singletonMap("_unlicensed_feature", true), Collections.singletonMap("foo", "bar")); + final RoleDescriptor descriptor = new RoleDescriptor("test", new String[] { "all" }, null, null, + Collections.singletonMap("_unlicensed_feature", true), Collections.singletonMap("foo", "bar")); XContentBuilder b = jsonBuilder(); descriptor.toXContent(b, ToXContent.EMPTY_PARAMS); RoleDescriptor parsed = RoleDescriptor.parse("test", BytesReference.bytes(b), false, XContentType.JSON); From c71354d3f36b34506ab2d4a120e645314c74dd3c Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Fri, 17 Aug 2018 17:55:43 +1000 Subject: [PATCH 3/3] Fix checkstyle --- ...egesResponseTest.java => HasPrivilegesResponseTests.java} | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) rename x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/{HasPrivilegesResponseTest.java => HasPrivilegesResponseTests.java} (95%) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTests.java similarity index 95% rename from x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java rename to x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTests.java index 8ee4910a1ce73..89c58945badd0 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTest.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponseTests.java @@ -7,12 +7,10 @@ package org.elasticsearch.xpack.core.security.action.user; import org.elasticsearch.Version; -import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.VersionUtils; -import org.hamcrest.Matchers; import java.io.IOException; import java.util.ArrayList; @@ -23,9 +21,8 @@ import java.util.Map; import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.nullValue; -public class HasPrivilegesResponseTest extends ESTestCase { +public class HasPrivilegesResponseTests extends ESTestCase { public void testSerializationV64OrLater() throws IOException { final HasPrivilegesResponse original = randomResponse();