diff --git a/build.gradle b/build.gradle index 950b0decbc..0dba47f322 100644 --- a/build.gradle +++ b/build.gradle @@ -560,10 +560,6 @@ allprojects { afterEvaluate { if (project.configurations.findByName('integrationTestImplementation')) { dependencies { - //integration test framework: - integrationTestImplementation('com.carrotsearch.randomizedtesting:randomizedtesting-runner:2.8.3') { - exclude(group: 'junit', module: 'junit') - } integrationTestImplementation 'junit:junit:4.13.2' integrationTestImplementation("org.opensearch.plugin:reindex-client:${opensearch_version}"){ exclude(group: 'org.slf4j', module: 'slf4j-api') diff --git a/sample-resource-plugin/build.gradle b/sample-resource-plugin/build.gradle index fec9d1c835..df28d4af7a 100644 --- a/sample-resource-plugin/build.gradle +++ b/sample-resource-plugin/build.gradle @@ -81,6 +81,8 @@ configurations { force "com.google.protobuf:protobuf-java:${versions.protobuf}" force "com.google.guava:guava:${guava_version}" force "com.google.guava:failureaccess:1.0.3" + force "io.projectreactor:reactor-core:3.8.1" + } } } @@ -100,7 +102,9 @@ dependencies { integrationTestImplementation rootProject.sourceSets.main.output integrationTestImplementation "org.opensearch.client:opensearch-rest-high-level-client:${opensearch_version}" integrationTestImplementation 'org.ldaptive:ldaptive:1.2.3' - + integrationTestImplementation('com.carrotsearch.randomizedtesting:randomizedtesting-runner:2.8.3') { + exclude(group: 'junit', module: 'junit') + } // To be removed once integration test framework supports extended plugins integrationTestImplementation project(path: ":${rootProject.name}-spi", configuration: 'shadow') } diff --git a/src/integrationTest/java/org/opensearch/security/AbstractDefaultConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/AbstractDefaultConfigurationTests.java index ba29209ea2..f8961c4eab 100644 --- a/src/integrationTest/java/org/opensearch/security/AbstractDefaultConfigurationTests.java +++ b/src/integrationTest/java/org/opensearch/security/AbstractDefaultConfigurationTests.java @@ -14,12 +14,10 @@ import java.util.Map; import java.util.Set; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.fasterxml.jackson.databind.JsonNode; import org.apache.http.HttpStatus; import org.awaitility.Awaitility; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.LocalCluster; @@ -34,8 +32,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public abstract class AbstractDefaultConfigurationTests { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin"); private static final TestSecurityConfig.User NEW_USER = new TestSecurityConfig.User("new-user"); diff --git a/src/integrationTest/java/org/opensearch/security/CrossClusterSearchTests.java b/src/integrationTest/java/org/opensearch/security/CrossClusterSearchTests.java index a59d986c79..91fbbcba48 100644 --- a/src/integrationTest/java/org/opensearch/security/CrossClusterSearchTests.java +++ b/src/integrationTest/java/org/opensearch/security/CrossClusterSearchTests.java @@ -10,16 +10,17 @@ package org.opensearch.security; import java.io.IOException; +import java.util.Collection; import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.commons.lang3.tuple.Pair; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.search.SearchResponse; @@ -65,8 +66,7 @@ * option is enabled or disabled. Method {@link #parameters()} is a source of parameters values. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class CrossClusterSearchTests { private static final String SONG_INDEX_NAME = "song_lyrics"; @@ -155,8 +155,8 @@ public class CrossClusterSearchTests { .users(ADMIN_USER, LIMITED_USER, DLS_USER_ROCK, DLS_USER_JAZZ, FLS_INCLUDE_TITLE_USER, FLS_EXCLUDE_LYRICS_USER) .build(); - @ParametersFactory(shuffle = false) - public static Iterable parameters() { + @Parameters(name = "ccsMinimizeRoundtrips={0}") + public static Collection parameters() { return List.of(new Object[] { true }, new Object[] { false }); } diff --git a/src/integrationTest/java/org/opensearch/security/DefaultConfigurationSingleNodeClusterTests.java b/src/integrationTest/java/org/opensearch/security/DefaultConfigurationSingleNodeClusterTests.java index 9b546c258d..1c633a48ed 100644 --- a/src/integrationTest/java/org/opensearch/security/DefaultConfigurationSingleNodeClusterTests.java +++ b/src/integrationTest/java/org/opensearch/security/DefaultConfigurationSingleNodeClusterTests.java @@ -14,17 +14,13 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.commons.io.FileUtils; import org.junit.AfterClass; import org.junit.ClassRule; -import org.junit.runner.RunWith; import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class DefaultConfigurationSingleNodeClusterTests extends AbstractDefaultConfigurationTests { static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory(); diff --git a/src/integrationTest/java/org/opensearch/security/DlsIntegrationTests.java b/src/integrationTest/java/org/opensearch/security/DlsIntegrationTests.java index 4da26903c2..013380f0e5 100644 --- a/src/integrationTest/java/org/opensearch/security/DlsIntegrationTests.java +++ b/src/integrationTest/java/org/opensearch/security/DlsIntegrationTests.java @@ -18,12 +18,10 @@ import java.util.function.BiFunction; import java.util.stream.Collectors; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.commons.lang3.tuple.Pair; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.get.GetRequest; @@ -72,8 +70,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitContainsFieldWithValue; import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentsInAnyOrder; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class DlsIntegrationTests { static final String FIRST_INDEX_ID_SONG_1 = "INDEX_1_S1"; diff --git a/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java b/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java index e65fa8094c..ac008e47fc 100644 --- a/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java +++ b/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java @@ -16,12 +16,10 @@ import java.util.List; import java.util.stream.Collectors; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.hamcrest.Matchers; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.fieldcaps.FieldCapabilitiesRequest; @@ -91,8 +89,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitContainsFieldWithValue; import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentWithId; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class DoNotFailOnForbiddenTests { /** diff --git a/src/integrationTest/java/org/opensearch/security/EncryptionInTransitMigrationTests.java b/src/integrationTest/java/org/opensearch/security/EncryptionInTransitMigrationTests.java index ef9406d76a..e3087d2c1c 100644 --- a/src/integrationTest/java/org/opensearch/security/EncryptionInTransitMigrationTests.java +++ b/src/integrationTest/java/org/opensearch/security/EncryptionInTransitMigrationTests.java @@ -11,10 +11,8 @@ import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.cluster.ClusterManager; @@ -31,8 +29,6 @@ * Therefore, the plugin does not perform authentication and authorization. Moreover, the REST resources (e.g. /_plugins/_security/whoami, * /_plugins/_security/authinfo, etc.) provided by the plugin are not available. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class EncryptionInTransitMigrationTests { @ClassRule diff --git a/src/integrationTest/java/org/opensearch/security/FlsAndFieldMaskingTests.java b/src/integrationTest/java/org/opensearch/security/FlsAndFieldMaskingTests.java index b46b01efac..abcc634797 100644 --- a/src/integrationTest/java/org/opensearch/security/FlsAndFieldMaskingTests.java +++ b/src/integrationTest/java/org/opensearch/security/FlsAndFieldMaskingTests.java @@ -20,13 +20,11 @@ import java.util.stream.IntStream; import java.util.stream.Stream; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.hamcrest.Matcher; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.admin.indices.create.CreateIndexRequest; @@ -112,8 +110,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitDoesNotContainField; import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentWithId; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class FlsAndFieldMaskingTests { static final String FIRST_INDEX_ID_SONG_1 = "INDEX_1_S1"; diff --git a/src/integrationTest/java/org/opensearch/security/InternalAuditLogTest.java b/src/integrationTest/java/org/opensearch/security/InternalAuditLogTest.java index e2dacaa277..9cabca2977 100644 --- a/src/integrationTest/java/org/opensearch/security/InternalAuditLogTest.java +++ b/src/integrationTest/java/org/opensearch/security/InternalAuditLogTest.java @@ -9,13 +9,11 @@ */ package org.opensearch.security; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.awaitility.Awaitility; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AuditCompliance; import org.opensearch.test.framework.AuditConfiguration; @@ -28,8 +26,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class InternalAuditLogTest { private static final Logger log = LogManager.getLogger(InternalAuditLogTest.class); diff --git a/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java b/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java index 45ce33a346..c08a0b229e 100644 --- a/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java +++ b/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionTests.java @@ -13,10 +13,8 @@ import java.util.Map; import java.util.concurrent.TimeUnit; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AuthFailureListeners; import org.opensearch.test.framework.RateLimiting; @@ -38,8 +36,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.cluster.TestRestClientConfiguration.userWithSourceIp; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class IpBruteForceAttacksPreventionTests { protected static final User USER_1 = new User("simple-user-1").roles(ALL_ACCESS); protected static final User USER_2 = new User("simple-user-2").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionWithDomainChallengeTests.java b/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionWithDomainChallengeTests.java index 61d5a651b8..149b0ba3ae 100644 --- a/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionWithDomainChallengeTests.java +++ b/src/integrationTest/java/org/opensearch/security/IpBruteForceAttacksPreventionWithDomainChallengeTests.java @@ -12,17 +12,12 @@ import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.junit.runner.RunWith; - import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; import static org.opensearch.security.support.ConfigConstants.SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class IpBruteForceAttacksPreventionWithDomainChallengeTests extends IpBruteForceAttacksPreventionTests { @Override public LocalCluster createCluster() { diff --git a/src/integrationTest/java/org/opensearch/security/ParentChildRelationTests.java b/src/integrationTest/java/org/opensearch/security/ParentChildRelationTests.java index 32b81d4158..bd554719d8 100644 --- a/src/integrationTest/java/org/opensearch/security/ParentChildRelationTests.java +++ b/src/integrationTest/java/org/opensearch/security/ParentChildRelationTests.java @@ -12,12 +12,10 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.fasterxml.jackson.databind.JsonNode; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.index.query.QueryBuilders; import org.opensearch.indices.TermsLookup; @@ -37,8 +35,6 @@ import static org.opensearch.test.framework.matcher.RestMatchers.isInternalServerError; import static org.opensearch.test.framework.matcher.RestMatchers.isOk; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ParentChildRelationTests { public static final String INDEX_NAME = "dlstest"; public static final String TERM_LOOKUP_INDEX_NAME = "term_lookup_index"; diff --git a/src/integrationTest/java/org/opensearch/security/PointInTimeOperationTest.java b/src/integrationTest/java/org/opensearch/security/PointInTimeOperationTest.java index 0320025d62..38d861d7c6 100644 --- a/src/integrationTest/java/org/opensearch/security/PointInTimeOperationTest.java +++ b/src/integrationTest/java/org/opensearch/security/PointInTimeOperationTest.java @@ -11,14 +11,11 @@ import java.io.IOException; -import com.carrotsearch.randomizedtesting.RandomizedRunner; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.commons.lang3.tuple.Pair; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.indices.alias.IndicesAliasesRequest; import org.opensearch.action.index.IndexRequest; @@ -58,8 +55,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.isSuccessfulSearchResponse; import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentsInAnyOrder; -@RunWith(RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class PointInTimeOperationTest { private static final String FIRST_SONG_INDEX = "song-index-1"; diff --git a/src/integrationTest/java/org/opensearch/security/ResourceFocusedTests.java b/src/integrationTest/java/org/opensearch/security/ResourceFocusedTests.java index 2e6b0de331..a5280a4919 100644 --- a/src/integrationTest/java/org/opensearch/security/ResourceFocusedTests.java +++ b/src/integrationTest/java/org/opensearch/security/ResourceFocusedTests.java @@ -19,7 +19,6 @@ import java.util.stream.IntStream; import java.util.zip.GZIPOutputStream; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.client5.http.classic.methods.HttpPost; import org.apache.hc.core5.http.ContentType; import org.apache.hc.core5.http.io.entity.ByteArrayEntity; @@ -30,7 +29,6 @@ import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.index.IndexRequest; import org.opensearch.test.framework.AsyncActions; @@ -47,8 +45,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ResourceFocusedTests { private final static Logger LOG = LogManager.getLogger(AsyncActions.class); private static final User ADMIN_USER = new User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/RolloverTest.java b/src/integrationTest/java/org/opensearch/security/RolloverTest.java index 0d809120a7..a5b9b3d756 100644 --- a/src/integrationTest/java/org/opensearch/security/RolloverTest.java +++ b/src/integrationTest/java/org/opensearch/security/RolloverTest.java @@ -11,12 +11,10 @@ import java.io.IOException; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.core.rest.RestStatus; import org.opensearch.test.framework.AuditCompliance; @@ -34,8 +32,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class RolloverTest { private static final Logger log = LogManager.getLogger(RolloverTest.class); diff --git a/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java b/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java index 948eea47c8..95f79756c6 100644 --- a/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java +++ b/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java @@ -16,7 +16,6 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.base.Stopwatch; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -27,7 +26,6 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.cluster.health.ClusterHealthRequest; import org.opensearch.action.admin.cluster.health.ClusterHealthResponse; @@ -199,8 +197,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentWithId; import static org.opensearch.test.framework.matcher.UpdateResponseMatchers.isSuccessfulUpdateResponse; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SearchOperationTest { private static final Logger log = LogManager.getLogger(SearchOperationTest.class); @@ -2058,6 +2054,7 @@ public void checkIfIndexExists_negative() throws IOException { USER_ALLOWED_TO_PERFORM_INDEX_OPERATIONS_ON_SELECTED_INDICES ) ) { + assertThatThrownBy( () -> restHighLevelClient.indices().exists(new GetIndexRequest(indexThatUserHasNoAccessTo), DEFAULT), statusException(FORBIDDEN) @@ -2496,6 +2493,7 @@ public void getIndexSettings_negative() throws IOException { USER_ALLOWED_TO_PERFORM_INDEX_OPERATIONS_ON_SELECTED_INDICES ) ) { + assertThatThrownBy( () -> restHighLevelClient.indices().getSettings(new GetSettingsRequest().indices(indexThatUserHasNoAccessTo), DEFAULT), statusException(FORBIDDEN) @@ -2613,7 +2611,7 @@ public void createIndexMappings_negative() throws IOException { } @Test - // required permissions: indices:admin/mappings/get + // required permissions: "indices:admin/mappings/get" public void getIndexMappings_positive() throws IOException { String indexName = INDICES_ON_WHICH_USER_CAN_PERFORM_INDEX_OPERATIONS_PREFIX.concat("get_index_mappings_positive"); Map indexMapping = Map.of("properties", Map.of("message", Map.of("type", "text"))); diff --git a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationBootstrapTests.java b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationBootstrapTests.java index e6af5d58bb..dec52950ec 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationBootstrapTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationBootstrapTests.java @@ -15,13 +15,11 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableMap; import org.apache.commons.io.FileUtils; import org.awaitility.Awaitility; import org.junit.AfterClass; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.cluster.health.ClusterHealthRequest; import org.opensearch.security.securityconf.impl.CType; @@ -45,8 +43,6 @@ import static org.opensearch.security.support.ConfigConstants.SECURITY_UNSUPPORTED_DELAY_INITIALIZATION_SECONDS; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SecurityConfigurationBootstrapTests { private final static Path configurationFolder = ConfigurationFiles.createConfigurationDirectory(); diff --git a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java index 0e58f0fe07..518cbaa640 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java @@ -18,7 +18,6 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.awaitility.Awaitility; import org.junit.BeforeClass; @@ -26,7 +25,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; -import org.junit.runner.RunWith; import org.opensearch.security.securityconf.impl.CType; import org.opensearch.test.framework.AsyncActions; @@ -49,8 +47,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SecurityConfigurationTests { private static final User USER_ADMIN = new User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java index ce2376c616..b1f95f4690 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java @@ -11,11 +11,9 @@ package org.opensearch.security; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.TestSecurityConfig.Role; @@ -28,8 +26,6 @@ import static org.hamcrest.Matchers.equalTo; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SecurityRolesTests { protected final static TestSecurityConfig.User USER_SR = new TestSecurityConfig.User("sr_user").roles( diff --git a/src/integrationTest/java/org/opensearch/security/SecuritySettingsTests.java b/src/integrationTest/java/org/opensearch/security/SecuritySettingsTests.java index a7d42bc94e..4d454bf84c 100644 --- a/src/integrationTest/java/org/opensearch/security/SecuritySettingsTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecuritySettingsTests.java @@ -8,11 +8,9 @@ */ package org.opensearch.security; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.awaitility.Awaitility; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.cluster.ClusterManager; @@ -24,8 +22,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SecuritySettingsTests { @ClassRule diff --git a/src/integrationTest/java/org/opensearch/security/SslOnlyTests.java b/src/integrationTest/java/org/opensearch/security/SslOnlyTests.java index 2ea5b4c0b2..26e8003176 100644 --- a/src/integrationTest/java/org/opensearch/security/SslOnlyTests.java +++ b/src/integrationTest/java/org/opensearch/security/SslOnlyTests.java @@ -11,10 +11,8 @@ import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.cluster.ClusterManager; @@ -29,8 +27,6 @@ * Therefore, the plugin does not perform authentication and authorization. Moreover, the REST resources (e.g. /_plugins/_security/whoami, * /_plugins/_security/authinfo, etc.) provided by the plugin are not available. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SslOnlyTests { @ClassRule diff --git a/src/integrationTest/java/org/opensearch/security/StoredFieldsTests.java b/src/integrationTest/java/org/opensearch/security/StoredFieldsTests.java index f2c0d91d94..81868a25e7 100644 --- a/src/integrationTest/java/org/opensearch/security/StoredFieldsTests.java +++ b/src/integrationTest/java/org/opensearch/security/StoredFieldsTests.java @@ -9,13 +9,11 @@ */ package org.opensearch.security; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.admin.indices.create.CreateIndexResponse; import org.opensearch.test.framework.TestSecurityConfig; @@ -27,8 +25,6 @@ import static org.opensearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class StoredFieldsTests { static final TestSecurityConfig.User TEST_USER_MASKED_FIELDS = new TestSecurityConfig.User("test_user_masked_fields").roles( new TestSecurityConfig.Role("role_masked_fields").clusterPermissions("cluster_composite_ops_ro") diff --git a/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java b/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java index 10aaab0f73..b3bb67cb88 100644 --- a/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java +++ b/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java @@ -13,10 +13,8 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.common.xcontent.XContentFactory; import org.opensearch.core.rest.RestStatus; @@ -35,8 +33,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ThreadPoolTests { public static final AuthcDomain AUTHC_DOMAIN = new AuthcDomain("basic", 0).httpAuthenticatorWithChallenge("basic").backend("internal"); diff --git a/src/integrationTest/java/org/opensearch/security/TlsHostnameVerificationTests.java b/src/integrationTest/java/org/opensearch/security/TlsHostnameVerificationTests.java index dfa214bfef..3316888029 100644 --- a/src/integrationTest/java/org/opensearch/security/TlsHostnameVerificationTests.java +++ b/src/integrationTest/java/org/opensearch/security/TlsHostnameVerificationTests.java @@ -11,11 +11,9 @@ import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.Assert; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.certificate.TestCertificates; @@ -25,8 +23,6 @@ import static org.opensearch.common.network.NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_KEY; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class TlsHostnameVerificationTests { @Rule diff --git a/src/integrationTest/java/org/opensearch/security/TlsTests.java b/src/integrationTest/java/org/opensearch/security/TlsTests.java index 515d448728..e2f5cd2e30 100644 --- a/src/integrationTest/java/org/opensearch/security/TlsTests.java +++ b/src/integrationTest/java/org/opensearch/security/TlsTests.java @@ -14,7 +14,6 @@ import java.util.Map; import javax.net.ssl.SSLHandshakeException; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.client5.http.classic.methods.HttpGet; import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; @@ -23,7 +22,6 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.auditlog.impl.AuditCategory; import org.opensearch.test.framework.AuditCompliance; @@ -45,8 +43,6 @@ import static org.opensearch.test.framework.cluster.TestRestClientConfiguration.getBasicAuthHeader; import static org.opensearch.test.framework.matcher.ExceptionMatcherAssert.assertThatThrownBy; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class TlsTests { private static final User USER_ADMIN = new User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/UserBruteForceAttacksPreventionTests.java b/src/integrationTest/java/org/opensearch/security/UserBruteForceAttacksPreventionTests.java index cb61950ada..2e84b46388 100644 --- a/src/integrationTest/java/org/opensearch/security/UserBruteForceAttacksPreventionTests.java +++ b/src/integrationTest/java/org/opensearch/security/UserBruteForceAttacksPreventionTests.java @@ -11,11 +11,9 @@ import java.util.concurrent.TimeUnit; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AuthFailureListeners; import org.opensearch.test.framework.RateLimiting; @@ -31,8 +29,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class UserBruteForceAttacksPreventionTests { private static final User USER_1 = new User("simple-user-1").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java index dc201cef22..1863815c68 100644 --- a/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java @@ -18,8 +18,6 @@ import java.util.Map; import java.util.StringJoiner; -import com.carrotsearch.randomizedtesting.RandomizedTest; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.commons.io.FileUtils; import org.apache.http.HttpStatus; import org.apache.logging.log4j.LogManager; @@ -27,7 +25,6 @@ import org.awaitility.Awaitility; import org.junit.AfterClass; import org.junit.Before; -import org.junit.runner.RunWith; import org.opensearch.common.CheckedConsumer; import org.opensearch.common.CheckedSupplier; @@ -66,12 +63,41 @@ import static org.opensearch.security.support.ConfigConstants.SECURITY_ALLOW_DEFAULT_INIT_USE_CLUSTER_STATE; import static org.opensearch.test.framework.TestSecurityConfig.REST_ADMIN_REST_API_ACCESS; -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -public abstract class AbstractApiIntegrationTest extends RandomizedTest { +public abstract class AbstractApiIntegrationTest { private static final Logger LOGGER = LogManager.getLogger(TestSecurityConfig.class); + // Simple random helpers (replacement for randomizedtesting utilities) + private static final java.util.Random RAND = new java.util.Random(); + + private static T randomFrom(final java.util.List list) { + if (list == null || list.isEmpty()) throw new IllegalArgumentException("List must not be empty"); + return list.get(RAND.nextInt(list.size())); + } + + private static T randomFrom(final T[] arr) { + if (arr == null || arr.length == 0) throw new IllegalArgumentException("Array must not be empty"); + return arr[RAND.nextInt(arr.length)]; + } + + private static boolean randomBoolean() { + return RAND.nextBoolean(); + } + + private static int randomIntBetween(final int min, final int max) { + if (max < min) throw new IllegalArgumentException("max < min"); + return RAND.nextInt(max - min + 1) + min; + } + + private static String randomAsciiAlphanumOfLength(final int length) { + final String chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + final StringBuilder sb = new StringBuilder(length); + for (int i = 0; i < length; i++) { + sb.append(chars.charAt(RAND.nextInt(chars.length()))); + } + return sb.toString(); + } + public static final String NEW_USER = "new-user"; public static final String REST_ADMIN_USER = "rest-api-admin"; diff --git a/src/integrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java index a6d6902359..a8322444a6 100644 --- a/src/integrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java @@ -121,7 +121,7 @@ public void availableForAdminUser() throws Exception { withUser(ADMIN_USER_NAME, client -> { verifyNoHiddenEntities(() -> client.get(apiPath())); creationOfReadOnlyEntityForbidden( - randomAsciiAlphanumOfLength(10), + "str1234567", client, (builder, params) -> testDescriptor.hiddenEntityPayload().toXContent(builder, params), (builder, params) -> testDescriptor.reservedEntityPayload().toXContent(builder, params), @@ -135,8 +135,8 @@ public void availableForAdminUser() throws Exception { } Pair predefinedHiddenAndReservedConfigEntities() throws Exception { - final var hiddenEntityName = randomAsciiAlphanumOfLength(10); - final var reservedEntityName = randomAsciiAlphanumOfLength(10); + final var hiddenEntityName = "str_hidden"; + final var reservedEntityName = "str_reserved"; withUser( ADMIN_USER_NAME, localCluster.getAdminCertificate(), @@ -165,7 +165,7 @@ public void availableForRESTAdminUser() throws Exception { void availableForSuperAdminUser(final TestRestClient client) throws Exception { creationOfReadOnlyEntityForbidden( - randomAsciiAlphanumOfLength(10), + randomAlphanumericString(), client, (builder, params) -> testDescriptor.staticEntityPayload().toXContent(builder, params) ); @@ -177,6 +177,10 @@ void availableForSuperAdminUser(final TestRestClient client) throws Exception { forbiddenToUpdateAndDeleteExistingEntityWithRestAdminPermissions(client); } + protected String randomAlphanumericString() { + return "str_" + java.util.UUID.randomUUID().toString().replace("-", "").substring(0, 10); + } + void verifyNoHiddenEntities(final CheckedSupplier endpointCallback) throws Exception { final var body = ok(endpointCallback).bodyAsJsonNode(); final var pretty = body.toPrettyString(); @@ -194,7 +198,7 @@ void creationOfReadOnlyEntityForbidden(final String entityName, final TestRestCl badRequest(() -> client.putJson(apiPath(entityName), configEntity)), is(oneOf("static", "hidden", "reserved")) ); - badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(10), configEntity)))); + badRequest(() -> client.patch(apiPath(), patch(addOp("str1234567", configEntity)))); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/ActionGroupsRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/ActionGroupsRestApiIntegrationTest.java index 174c2b4ea6..f4e8618b65 100644 --- a/src/integrationTest/java/org/opensearch/security/api/ActionGroupsRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/ActionGroupsRestApiIntegrationTest.java @@ -87,7 +87,7 @@ static ToXContentObject actionGroup( return (builder, params) -> { builder.startObject(); // TODO exclude in checking null value for the type - builder.field("type", randomType()); + builder.field("type", TestSecurityConfig.ActionGroup.Type.CLUSTER.type()); if (allowedActions != null) { builder.field("allowed_actions"); configJsonArray(allowedActions).toXContent(builder, params); @@ -107,10 +107,6 @@ static ToXContentObject actionGroup( }; } - static String randomType() { - return randomFrom(List.of(TestSecurityConfig.ActionGroup.Type.CLUSTER.type(), TestSecurityConfig.ActionGroup.Type.INDEX.type())); - } - @Override void forbiddenToCreateEntityWithRestAdminPermissions(final TestRestClient client) throws Exception { forbidden(() -> client.putJson(apiPath("new_rest_admin_action_group"), actionGroup(randomRestAdminPermission()))); @@ -189,7 +185,7 @@ void verifyBadRequestOperations(final TestRestClient client) throws Exception { assertInvalidKeys(badRequest(() -> client.putJson(apiPath("some_action_group"), unknownJsonFields)), "a,c"); assertNullValuesInArray(badRequest(() -> client.putJson(apiPath("some_action_group"), (builder, params) -> { - builder.startObject().field("type", randomType()).field("allowed_actions"); + builder.startObject().field("type", TestSecurityConfig.ActionGroup.Type.CLUSTER.type()).field("allowed_actions"); configJsonArray("g", null, "f").toXContent(builder, params); return builder.endObject(); }))); @@ -231,7 +227,7 @@ void verifyBadRequestOperations(final TestRestClient client) throws Exception { })))); assertNullValuesInArray( badRequest(() -> client.patch(apiPath(), patch(addOp("some_action_group", (ToXContentObject) (builder, params) -> { - builder.startObject().field("type", randomType()).field("allowed_actions"); + builder.startObject().field("type", TestSecurityConfig.ActionGroup.Type.CLUSTER.type()).field("allowed_actions"); configJsonArray("g", null, "f").toXContent(builder, params); return builder.endObject(); })))) diff --git a/src/integrationTest/java/org/opensearch/security/api/CertificatesRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/CertificatesRestApiIntegrationTest.java index 748b036d16..85a9b88160 100644 --- a/src/integrationTest/java/org/opensearch/security/api/CertificatesRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/CertificatesRestApiIntegrationTest.java @@ -15,10 +15,10 @@ import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Random; import java.util.StringJoiner; import java.util.stream.Collectors; -import com.carrotsearch.randomizedtesting.RandomizedContext; import com.fasterxml.jackson.databind.JsonNode; import org.junit.Test; @@ -121,12 +121,13 @@ private CheckedConsumer verifySSLCertsInfo(List testRestClient.get(sslCertsPath(nodeIds)))); } - final var randomCertType = randomFrom(expectCerts); - assertSSLCertsInfo( - localCluster.nodes(), - List.of(randomCertType), - ok(() -> testRestClient.get(String.format("%s?cert_type=%s", sslCertsPath(), randomCertType))) - ); + for (CertType certType : expectCerts) { + assertSSLCertsInfo( + localCluster.nodes(), + List.of(certType), + ok(() -> testRestClient.get(String.format("%s?cert_type=%s", sslCertsPath(), certType))) + ); + } } catch (Exception e) { fail("Verify SSLCerts info failed with exception: " + e.getMessage()); } @@ -188,7 +189,7 @@ private void verifyCertsJson(final int nodeNumber, final JsonNode jsonNode) { private List randomNodes() { final var nodes = localCluster.nodes(); - int leaveElements = randomIntBetween(1, nodes.size() - 1); + int leaveElements = new Random().nextInt(1, nodes.size() - 1); return randomSubsetOf(leaveElements, nodes); } @@ -199,7 +200,7 @@ public List randomSubsetOf(int size, Collection collection) { ); } List tempList = new ArrayList<>(collection); - Collections.shuffle(tempList, RandomizedContext.current().getRandom()); + Collections.shuffle(tempList); return tempList.subList(0, size); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/CreateResetPasswordTest.java b/src/integrationTest/java/org/opensearch/security/api/CreateResetPasswordTest.java index 8a7795e90f..643a6d0bee 100644 --- a/src/integrationTest/java/org/opensearch/security/api/CreateResetPasswordTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/CreateResetPasswordTest.java @@ -12,10 +12,8 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.dlic.rest.validation.RequestContentValidator; import org.opensearch.security.support.ConfigConstants; @@ -36,8 +34,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class CreateResetPasswordTest { private static final User USER_ADMIN = new User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java index 635d9ecff4..59e48b3f06 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java @@ -35,16 +35,18 @@ public class DashboardsInfoTest extends AbstractApiIntegrationTest { ); } - private String apiPath() { - return randomFrom(List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo")); + private List apiPaths() { + return List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo"); } @Test public void testDashboardsInfoValidationMessage() throws Exception { withUser("dashboards_user", client -> { - final var response = ok(() -> client.get(apiPath())); - assertThat(response.getTextFromJsonBody("/password_validation_error_message"), equalTo(DEFAULT_PASSWORD_MESSAGE)); - assertThat(response.getTextFromJsonBody("/password_validation_regex"), equalTo(DEFAULT_PASSWORD_REGEX)); + for (String path : apiPaths()) { + final var response = ok(() -> client.get(path)); + assertThat(response.getTextFromJsonBody("/password_validation_error_message"), equalTo(DEFAULT_PASSWORD_MESSAGE)); + assertThat(response.getTextFromJsonBody("/password_validation_regex"), equalTo(DEFAULT_PASSWORD_REGEX)); + } }); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java index af8eeb2c8a..16a4b11a72 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java @@ -48,17 +48,19 @@ protected Map getClusterSettings() { return clusterSettings; } - private String apiPath() { - return randomFrom(List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo")); + private List apiPaths() { + return List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo"); } @Test public void testDashboardsInfoValidationMessageWithCustomMessage() throws Exception { withUser("dashboards_user", client -> { - final var response = ok(() -> client.get(apiPath())); - assertThat(response.getTextFromJsonBody("/password_validation_error_message"), equalTo(CUSTOM_PASSWORD_MESSAGE)); - assertThat(response.getTextFromJsonBody("/password_validation_regex"), equalTo(CUSTOM_PASSWORD_REGEX)); + for (String path : apiPaths()) { + final var response = ok(() -> client.get(path)); + assertThat(response.getTextFromJsonBody("/password_validation_error_message"), equalTo(CUSTOM_PASSWORD_MESSAGE)); + assertThat(response.getTextFromJsonBody("/password_validation_regex"), equalTo(CUSTOM_PASSWORD_REGEX)); + } }); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java index 7ac2262899..baf97bb6df 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DefaultApiAvailabilityIntegrationTest.java @@ -11,6 +11,8 @@ package org.opensearch.security.api; +import java.util.List; + import org.junit.Test; import org.opensearch.test.framework.cluster.TestRestClient; @@ -66,30 +68,29 @@ public void securityAuthInfo() throws Exception { } private void verifyAuthInfoApi(final TestRestClient client) throws Exception { - final var verbose = randomBoolean(); - - final TestRestClient.HttpResponse response; - if (verbose) response = ok(() -> client.get(securityPath("authinfo?verbose=" + verbose))); - else response = ok(() -> client.get(securityPath("authinfo"))); - final var body = response.bodyAsJsonNode(); - assertThat(response.getBody(), body.has("user")); - assertThat(response.getBody(), body.has("user_name")); - assertThat(response.getBody(), body.has("user_requested_tenant")); - assertThat(response.getBody(), body.has("remote_address")); - assertThat(response.getBody(), body.has("backend_roles")); - assertThat(response.getBody(), body.has("custom_attribute_names")); - assertThat(response.getBody(), body.has("roles")); - assertThat(response.getBody(), body.has("tenants")); - assertThat(response.getBody(), body.has("principal")); - assertThat(response.getBody(), body.has("peer_certificates")); - assertThat(response.getBody(), body.has("sso_logout_url")); - - if (verbose) { - assertThat(response.getBody(), body.has("size_of_user")); - assertThat(response.getBody(), body.has("size_of_custom_attributes")); - assertThat(response.getBody(), body.has("size_of_backendroles")); + for (boolean verbose : List.of(true, false)) { + final TestRestClient.HttpResponse response; + if (verbose) response = ok(() -> client.get(securityPath("authinfo?verbose=" + verbose))); + else response = ok(() -> client.get(securityPath("authinfo"))); + final var body = response.bodyAsJsonNode(); + assertThat(response.getBody(), body.has("user")); + assertThat(response.getBody(), body.has("user_name")); + assertThat(response.getBody(), body.has("user_requested_tenant")); + assertThat(response.getBody(), body.has("remote_address")); + assertThat(response.getBody(), body.has("backend_roles")); + assertThat(response.getBody(), body.has("custom_attribute_names")); + assertThat(response.getBody(), body.has("roles")); + assertThat(response.getBody(), body.has("tenants")); + assertThat(response.getBody(), body.has("principal")); + assertThat(response.getBody(), body.has("peer_certificates")); + assertThat(response.getBody(), body.has("sso_logout_url")); + + if (verbose) { + assertThat(response.getBody(), body.has("size_of_user")); + assertThat(response.getBody(), body.has("size_of_custom_attributes")); + assertThat(response.getBody(), body.has("size_of_backendroles")); + } } - } @Test diff --git a/src/integrationTest/java/org/opensearch/security/api/InternalUsersRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/InternalUsersRestApiIntegrationTest.java index a87121297f..080596fb7b 100644 --- a/src/integrationTest/java/org/opensearch/security/api/InternalUsersRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/InternalUsersRestApiIntegrationTest.java @@ -18,6 +18,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.Random; import java.util.concurrent.Executors; import java.util.concurrent.Future; @@ -72,7 +73,7 @@ public InternalUsersRestApiIntegrationTest() { @Override public ToXContentObject entityPayload(Boolean hidden, Boolean reserved, Boolean _static) { - return internalUser(hidden, reserved, _static, randomAsciiAlphanumOfLength(10), null, null, null); + return internalUser(hidden, reserved, _static, "rv2fR924a149ava32", null, null, null); } @Override @@ -262,12 +263,9 @@ void invalidJson(final TestRestClient client, final String predefinedUserName) t ); // patch badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(10), EMPTY_BODY)))); - badRequest( - () -> client.patch( - apiPath(predefinedUserName), - patch(replaceOp(randomFrom(List.of("opendistro_security_roles", "backend_roles", "attributes")), EMPTY_BODY)) - ) - ); + for (String field : List.of("opendistro_security_roles", "backend_roles", "attributes")) { + badRequest(() -> client.patch(apiPath(predefinedUserName), patch(replaceOp(field, EMPTY_BODY)))); + } badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(5), (ToXContentObject) (builder, params) -> { builder.startObject(); builder.field("unknown_json_property"); @@ -328,6 +326,20 @@ void invalidJson(final TestRestClient client, final String predefinedUserName) t @Override void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient client) throws Exception { + for (ToXContentObject attributes : attributesOptions()) { + for (ToXContentObject securityRoles : securityRolesOptions()) { + verifyCrudOperationsForCombination(hidden, reserved, client, attributes, securityRoles); + } + } + } + + void verifyCrudOperationsForCombination( + Boolean hidden, + Boolean reserved, + TestRestClient client, + ToXContentObject attributes, + ToXContentObject securityRoles + ) throws Exception { // put final var usernamePut = randomAsciiAlphanumOfLength(10); final var newUserJsonPut = internalUser( @@ -335,8 +347,8 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien reserved, randomAsciiAlphanumOfLength(10), randomConfigArray(false), - randomAttributes(), - randomSecurityRoles() + attributes, + securityRoles ); created(() -> client.putJson(apiPath(usernamePut), newUserJsonPut)); assertInternalUser( @@ -350,8 +362,8 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien reserved, randomAsciiAlphanumOfLength(10), randomConfigArray(false), - randomAttributes(), - randomSecurityRoles() + attributes, + securityRoles ); ok(() -> client.putJson(apiPath(usernamePut), updatedUserJsonPut)); assertInternalUser( @@ -392,17 +404,15 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien ); } - ToXContentObject randomAttributes() { - return randomFrom( - List.of( - (builder, params) -> builder.startObject().endObject(), - (builder, params) -> builder.startObject().field("a", "b").field("c", "d").endObject() - ) + List attributesOptions() { + return List.of( + (builder, params) -> builder.startObject().endObject(), + (builder, params) -> builder.startObject().field("a", "b").field("c", "d").endObject() ); } - ToXContentObject randomSecurityRoles() { - return randomFrom(List.of(configJsonArray(), configJsonArray(SOME_ROLE, RESERVED_ROLE))); + List securityRolesOptions() { + return List.of(configJsonArray(), configJsonArray(SOME_ROLE, RESERVED_ROLE)); } void assertInternalUser( @@ -801,4 +811,15 @@ public void serviceUsers() throws Exception { ); }); } + + private String randomAsciiAlphanumOfLength(int length) { + final var characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + final var random = new Random(); + final var sb = new StringBuilder(length); + for (int i = 0; i < length; i++) { + final var randomIndex = random.nextInt(characters.length()); + sb.append(characters.charAt(randomIndex)); + } + return sb.toString(); + } } diff --git a/src/integrationTest/java/org/opensearch/security/api/InternalUsersScoreBasedPasswordRulesRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/InternalUsersScoreBasedPasswordRulesRestApiIntegrationTest.java index b18a0c6fd6..e7c99652e2 100644 --- a/src/integrationTest/java/org/opensearch/security/api/InternalUsersScoreBasedPasswordRulesRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/InternalUsersScoreBasedPasswordRulesRestApiIntegrationTest.java @@ -60,7 +60,7 @@ public void canNotCreateUsersWithPassword() throws Exception { RequestContentValidator.ValidationError.WEAK_PASSWORD.message() ); badRequestWithReason( - () -> client.putJson(internalUsers("admin"), internalUserWithPassword(randomAsciiAlphanumOfLengthBetween(2, 8))), + () -> client.putJson(internalUsers("admin"), internalUserWithPassword("str123")), RequestContentValidator.ValidationError.INVALID_PASSWORD_TOO_SHORT.message() ); }); @@ -69,18 +69,8 @@ public void canNotCreateUsersWithPassword() throws Exception { @Test public void canCreateUserWithPassword() throws Exception { withUser(ADMIN_USER_NAME, client -> { - created( - () -> client.putJson( - internalUsers(randomAsciiAlphanumOfLength(10)), - internalUserWithPassword(randomAsciiAlphanumOfLength(9)) - ) - ); - ok( - () -> client.patch( - internalUsers(), - patch(addOp(randomAsciiAlphanumOfLength(10), internalUserWithPassword(randomAsciiAlphanumOfLength(9)))) - ) - ); + created(() -> client.putJson(internalUsers("str1234567"), internalUserWithPassword("s5tRx2r4bwex"))); + ok(() -> client.patch(internalUsers(), patch(addOp("str1234567", internalUserWithPassword("s5tRx2r4bwex"))))); }); } diff --git a/src/integrationTest/java/org/opensearch/security/api/RolesMappingRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/RolesMappingRestApiIntegrationTest.java index 7255007271..b2521ecc35 100644 --- a/src/integrationTest/java/org/opensearch/security/api/RolesMappingRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/RolesMappingRestApiIntegrationTest.java @@ -169,8 +169,8 @@ String rolesApiPath(final String roleName) { @Override Pair predefinedHiddenAndReservedConfigEntities() throws Exception { - final var hiddenEntityName = randomAsciiAlphanumOfLength(10); - final var reservedEntityName = randomAsciiAlphanumOfLength(10); + final var hiddenEntityName = "str_hidden"; + final var reservedEntityName = "str_reserved"; withUser( ADMIN_USER_NAME, localCluster.getAdminCertificate(), @@ -212,42 +212,19 @@ void creationOfReadOnlyEntityForbidden(String entityName, TestRestClient client, @Override void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient client) throws Exception { - final String roleName = randomAsciiAlphanumOfLength(10); + final String roleName = randomAlphanumericString(); created(() -> client.putJson(rolesApiPath(roleName), roleJson())); - // put - final var newPutRoleMappingJson = roleMapping( - hidden, - reserved, - randomArray(false), - randomArray(false), - randomArray(false), - randomArray(false) - ); - created(() -> client.putJson(apiPath(roleName), newPutRoleMappingJson)); - assertRoleMapping( - ok(() -> client.get(apiPath(roleName))).bodyAsJsonNode().get(roleName), - hidden, - reserved, - Strings.toString(XContentType.JSON, newPutRoleMappingJson) - ); - final var updatePutRoleMappingJson = roleMapping( - hidden, - reserved, - randomArray(false), - randomArray(false), - randomArray(false), - randomArray(false) - ); - ok(() -> client.putJson(apiPath(roleName), updatePutRoleMappingJson)); - assertRoleMapping( - ok(() -> client.get(apiPath(roleName))).bodyAsJsonNode().get(roleName), - hidden, - reserved, - Strings.toString(XContentType.JSON, updatePutRoleMappingJson) - ); - ok(() -> client.delete(apiPath(roleName))); - notFound(() -> client.get(apiPath(roleName))); + for (ToXContentObject backendRoles : arrayOptions(false)) { + for (ToXContentObject hosts : arrayOptions(false)) { + for (ToXContentObject users : arrayOptions(false)) { + for (ToXContentObject andBackendRoles : arrayOptions(false)) { + verifyCrudOperationsForCombination(hidden, reserved, client, roleName, backendRoles, hosts, users, andBackendRoles); + } + } + } + } + // patch // TODO related to issue #4426 final var newPatchRoleMappingJson = roleMapping( @@ -276,6 +253,38 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien notFound(() -> client.get(apiPath(roleName))); } + void verifyCrudOperationsForCombination( + Boolean hidden, + Boolean reserved, + TestRestClient client, + String roleName, + ToXContentObject backendRoles, + ToXContentObject hosts, + ToXContentObject users, + ToXContentObject andBackendRoles + ) throws Exception { + // put + final var newPutRoleMappingJson = roleMapping(hidden, reserved, backendRoles, hosts, users, andBackendRoles); + created(() -> client.putJson(apiPath(roleName), newPutRoleMappingJson)); + assertRoleMapping( + ok(() -> client.get(apiPath(roleName))).bodyAsJsonNode().get(roleName), + hidden, + reserved, + Strings.toString(XContentType.JSON, newPutRoleMappingJson) + ); + final var updatePutRoleMappingJson = roleMapping(hidden, reserved, backendRoles, hosts, users, andBackendRoles); + ok(() -> client.putJson(apiPath(roleName), updatePutRoleMappingJson)); + assertRoleMapping( + ok(() -> client.get(apiPath(roleName))).bodyAsJsonNode().get(roleName), + hidden, + reserved, + Strings.toString(XContentType.JSON, updatePutRoleMappingJson) + ); + + ok(() -> client.delete(apiPath(roleName))); + notFound(() -> client.get(apiPath(roleName))); + } + void assertRoleMapping(final JsonNode actualObjectNode, final Boolean hidden, final Boolean reserved, final String expectedRoleJson) throws IOException { final var expectedObjectNode = DefaultObjectMapper.readTree(expectedRoleJson); @@ -315,31 +324,32 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { // put badRequestWithReason( - () -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), EMPTY_BODY), + () -> client.putJson(apiPath(randomAlphanumericString()), EMPTY_BODY), "Request body required for this action." ); badRequestWithReason( () -> client.putJson( - apiPath(randomAsciiAlphanumOfLength(5)), + apiPath(randomAlphanumericString()), (builder, params) -> builder.startObject().field("users", configJsonArray()).field("users", configJsonArray()).endObject() ), "Could not parse content of request." ); assertInvalidKeys( - badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), unparseableJsonRequest)), + badRequest(() -> client.putJson(apiPath(randomAlphanumericString()), unparseableJsonRequest)), "unknown_json_property" ); - final var randomPropertyForPut = randomJsonProperty(); - assertWrongDataType( - client.putJson( - apiPath(randomAsciiAlphanumOfLength(5)), - (builder, params) -> builder.startObject().field(randomPropertyForPut).value("something").endObject() - ), - Map.of(randomPropertyForPut, "Array expected") - ); + for (String randomPropertyForPut : jsonProperties()) { + assertWrongDataType( + client.putJson( + apiPath(randomAlphanumericString()), + (builder, params) -> builder.startObject().field(randomPropertyForPut).value("something").endObject() + ), + Map.of(randomPropertyForPut, "Array expected") + ); + } assertNullValuesInArray( client.putJson( - apiPath(randomAsciiAlphanumOfLength(5)), + apiPath(randomAlphanumericString()), roleMapping( configJsonArray(generateArrayValues(true)), configJsonArray(generateArrayValues(true)), @@ -349,7 +359,7 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { ) ); // patch - final var predefinedRole = randomAsciiAlphanumOfLength(5); + final var predefinedRole = randomAlphanumericString(); created(() -> client.putJson(rolesApiPath(predefinedRole), roleJson())); created( () -> client.putJson( @@ -357,34 +367,35 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { roleMapping(configJsonArray("a", "b"), configJsonArray(), configJsonArray(), configJsonArray()) ) ); - badRequest(() -> client.patch(apiPath(randomAsciiAlphanumOfLength(5)), EMPTY_BODY)); + badRequest(() -> client.patch(apiPath(randomAlphanumericString()), EMPTY_BODY)); badRequest( () -> client.patch( - apiPath(randomAsciiAlphanumOfLength(5)), + apiPath(randomAlphanumericString()), (builder, params) -> builder.startObject().field("users", configJsonArray()).field("users", configJsonArray()).endObject() ) ); assertInvalidKeys( - badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(5), unparseableJsonRequest)))), + badRequest(() -> client.patch(apiPath(), patch(addOp(randomAlphanumericString(), unparseableJsonRequest)))), "unknown_json_property" ); badRequest(() -> client.patch(apiPath(predefinedRole), patch(replaceOp("users", unparseableJsonRequest)))); - final var randomPropertyForPatch = randomJsonProperty(); - assertWrongDataType( - client.patch( - apiPath(), - patch( - addOp( - randomAsciiAlphanumOfLength(5), - (ToXContentObject) (builder, params) -> builder.startObject() - .field(randomPropertyForPatch) - .value("something") - .endObject() + for (String randomPropertyForPatch : jsonProperties()) { + assertWrongDataType( + client.patch( + apiPath(), + patch( + addOp( + randomAlphanumericString(), + (ToXContentObject) (builder, params) -> builder.startObject() + .field(randomPropertyForPatch) + .value("something") + .endObject() + ) ) - ) - ), - Map.of(randomPropertyForPatch, "Array expected") - ); + ), + Map.of(randomPropertyForPatch, "Array expected") + ); + } // TODO related to issue #4426 assertWrongDataType( client.patch(apiPath(predefinedRole), patch(replaceOp("backend_roles", "something"))), @@ -401,7 +412,7 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { apiPath(), patch( addOp( - randomAsciiAlphanumOfLength(5), + randomAlphanumericString(), roleMapping( configJsonArray(generateArrayValues(true)), configJsonArray(generateArrayValues(true)), @@ -420,40 +431,46 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { @Override void forbiddenToCreateEntityWithRestAdminPermissions(TestRestClient client) throws Exception { - forbidden(() -> client.putJson(apiPath(REST_ADMIN_ROLE), roleMappingWithUsers(randomArray(false)))); - forbidden(() -> client.patch(apiPath(), patch(addOp(REST_ADMIN_ROLE, roleMappingWithUsers(randomArray(false)))))); - + for (ToXContentObject users : arrayOptions(false)) { + forbidden(() -> client.putJson(apiPath(REST_ADMIN_ROLE), roleMappingWithUsers(users))); + forbidden(() -> client.patch(apiPath(), patch(addOp(REST_ADMIN_ROLE, roleMappingWithUsers(users))))); + } } @Override void forbiddenToUpdateAndDeleteExistingEntityWithRestAdminPermissions(TestRestClient client) throws Exception { // update - forbidden( - () -> client.putJson( - apiPath(REST_ADMIN_ROLE_WITH_MAPPING), - roleMapping(randomArray(false), randomArray(false), randomArray(false), randomArray(false)) - ) - ); - forbidden( - () -> client.patch( - apiPath(), - patch( - replaceOp( - REST_ADMIN_ROLE_WITH_MAPPING, - roleMapping(randomArray(false), randomArray(false), randomArray(false), randomArray(false)) - ) - ) - ) - ); - forbidden(() -> client.patch(apiPath(REST_ADMIN_ROLE_WITH_MAPPING), patch(replaceOp("users", randomArray(false))))); + for (ToXContentObject backendRoles : arrayOptions(false)) { + for (ToXContentObject hosts : arrayOptions(false)) { + for (ToXContentObject users : arrayOptions(false)) { + for (ToXContentObject andBackendRoles : arrayOptions(false)) { + forbidden( + () -> client.putJson( + apiPath(REST_ADMIN_ROLE_WITH_MAPPING), + roleMapping(backendRoles, hosts, users, andBackendRoles) + ) + ); + forbidden( + () -> client.patch( + apiPath(), + patch(replaceOp(REST_ADMIN_ROLE_WITH_MAPPING, roleMapping(backendRoles, hosts, users, andBackendRoles))) + ) + ); + } + } + } + } + for (ToXContentObject users : arrayOptions(false)) { + forbidden(() -> client.patch(apiPath(REST_ADMIN_ROLE_WITH_MAPPING), patch(replaceOp("users", users)))); + } // remove forbidden(() -> client.patch(apiPath(), patch(removeOp(REST_ADMIN_ROLE_WITH_MAPPING)))); forbidden(() -> client.patch(apiPath(REST_ADMIN_ROLE_WITH_MAPPING), patch(removeOp("users")))); forbidden(() -> client.delete(apiPath(REST_ADMIN_ROLE_WITH_MAPPING))); } - String randomJsonProperty() { - return randomFrom(List.of("backend_roles", "hosts", "users", "and_backend_roles")); + List jsonProperties() { + return List.of("backend_roles", "hosts", "users", "and_backend_roles"); } ToXContentObject roleJson() { @@ -474,10 +491,10 @@ ToXContentObject roleJson(final Boolean hidden, final Boolean reserved) { }; } - ToXContentObject randomArray(final boolean useNulls) { + List arrayOptions(final boolean useNulls) { return useNulls - ? configJsonArray(generateArrayValues(useNulls)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray())); + ? List.of(configJsonArray(generateArrayValues(useNulls))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray()); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/RolesRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/RolesRestApiIntegrationTest.java index f52fe5fbfd..d8e7f0d4be 100644 --- a/src/integrationTest/java/org/opensearch/security/api/RolesRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/RolesRestApiIntegrationTest.java @@ -61,7 +61,7 @@ public ToXContentObject entityPayload(Boolean hidden, Boolean reserved, Boolean @Override public ToXContentObject jsonPropertyPayload() { - return randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray())); + return configJsonArray(); } @Override @@ -73,16 +73,33 @@ public Optional restAdminLimitedUser() { @Override void verifyCrudOperations(final Boolean hidden, final Boolean reserved, final TestRestClient client) throws Exception { + for (ToXContentObject clusterPermissions : clusterPermissionsOptions(false)) { + for (ToXContentObject indexPermissions : indexPermissionsOptions(false)) { + for (ToXContentObject tenantPermissions : tenantPermissionsOptions(false)) { + verifyCrudOperationsForCombination(hidden, reserved, client, clusterPermissions, indexPermissions, tenantPermissions); + } + } + } + } + + void verifyCrudOperationsForCombination( + final Boolean hidden, + final Boolean reserved, + final TestRestClient client, + ToXContentObject clusterPermissions, + ToXContentObject indexPermissions, + ToXContentObject tenantPermissions + ) throws Exception { final var newRoleJson = Strings.toString( XContentType.JSON, - role(hidden, reserved, randomClusterPermissions(false), randomIndexPermissions(false), randomTenantPermissions(false)) + role(hidden, reserved, clusterPermissions, indexPermissions, tenantPermissions) ); created(() -> client.putJson(apiPath("new_role"), newRoleJson)); assertRole(ok(() -> client.get(apiPath("new_role"))), "new_role", hidden, reserved, newRoleJson); final var updatedRoleJson = Strings.toString( XContentType.JSON, - role(hidden, reserved, randomClusterPermissions(false), randomIndexPermissions(false), randomTenantPermissions(false)) + role(hidden, reserved, clusterPermissions, indexPermissions, tenantPermissions) ); ok(() -> client.putJson(apiPath("new_role"), updatedRoleJson)); assertRole(ok(() -> client.get(apiPath("new_role"))), "new_role", hidden, reserved, updatedRoleJson); @@ -109,8 +126,8 @@ void verifyCrudOperations(final Boolean hidden, final Boolean reserved, final Te () -> client.patch(apiPath("new_role_for_patch"), patch(replaceOp("cluster_permissions", configJsonArray("a", "b", "c")))), "'new_role_for_patch' updated." ); - ok(() -> client.patch(apiPath("new_role_for_patch"), patch(addOp("index_permissions", randomIndexPermissions(false))))); - ok(() -> client.patch(apiPath("new_role_for_patch"), patch(addOp("tenant_permissions", randomTenantPermissions(false))))); + ok(() -> client.patch(apiPath("new_role_for_patch"), patch(addOp("index_permissions", indexPermissions)))); + ok(() -> client.patch(apiPath("new_role_for_patch"), patch(addOp("tenant_permissions", tenantPermissions)))); ok(() -> client.patch(apiPath(), patch(removeOp("new_role_for_patch")))); notFound(() -> client.get(apiPath("new_role_for_patch"))); @@ -119,24 +136,24 @@ void verifyCrudOperations(final Boolean hidden, final Boolean reserved, final Te @Override void verifyBadRequestOperations(TestRestClient client) throws Exception { // put - badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), EMPTY_BODY)); - badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), (builder, params) -> { + badRequest(() -> client.putJson(apiPath(randomAlphanumericString()), EMPTY_BODY)); + badRequest(() -> client.putJson(apiPath(randomAlphanumericString()), (builder, params) -> { builder.startObject(); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); return builder.endObject(); })); - assertInvalidKeys(badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), (builder, params) -> { + assertInvalidKeys(badRequest(() -> client.putJson(apiPath(randomAlphanumericString()), (builder, params) -> { builder.startObject(); builder.field("unknown_json_property"); configJsonArray("a", "b").toXContent(builder, params); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); return builder.endObject(); })), "unknown_json_property"); - assertWrongDataType(badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(5)), (builder, params) -> { + assertWrongDataType(badRequest(() -> client.putJson(apiPath(randomAlphanumericString()), (builder, params) -> { builder.startObject(); builder.field("cluster_permissions").value("a"); builder.field("index_permissions").value("b"); @@ -144,45 +161,42 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { })), Map.of("cluster_permissions", "Array expected", "index_permissions", "Array expected")); assertNullValuesInArray( client.putJson( - apiPath(randomAsciiAlphanumOfLength(5)), - role(randomClusterPermissions(true), randomIndexPermissions(true), randomTenantPermissions(true)) + apiPath(randomAlphanumericString()), + role(clusterPermissionsOptions(true).get(0), indexPermissionsOptions(true).get(0), tenantPermissionsOptions(true).get(0)) ) ); // patch - final var predefinedRoleName = randomAsciiAlphanumOfLength(4); + final var predefinedRoleName = randomAlphanumericString(); created(() -> client.putJson(apiPath(predefinedRoleName), role(configJsonArray("a", "b"), configJsonArray(), configJsonArray()))); badRequest(() -> client.patch(apiPath(), patch(addOp("some_new_role", EMPTY_BODY)))); - badRequest( - () -> client.patch( - apiPath(predefinedRoleName), - patch(replaceOp(randomFrom(List.of("cluster_permissions", "index_permissions", "tenant_permissions")), EMPTY_BODY)) - ) - ); + for (String field : List.of("cluster_permissions", "index_permissions", "tenant_permissions")) { + badRequest(() -> client.patch(apiPath(predefinedRoleName), patch(replaceOp(field, EMPTY_BODY)))); + } badRequest( () -> client.patch( - apiPath(randomAsciiAlphanumOfLength(5)), - patch(addOp(randomAsciiAlphanumOfLength(5), (ToXContentObject) (builder, params) -> { + apiPath(randomAlphanumericString()), + patch(addOp(randomAlphanumericString(), (ToXContentObject) (builder, params) -> { builder.startObject(); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); return builder.endObject(); })) ) ); - badRequest(() -> client.patch(apiPath(randomAsciiAlphanumOfLength(5)), (builder, params) -> { + badRequest(() -> client.patch(apiPath(randomAlphanumericString()), (builder, params) -> { builder.startObject(); builder.field("unknown_json_property"); configJsonArray("a", "b").toXContent(builder, params); builder.field("cluster_permissions"); - randomClusterPermissions(false).toXContent(builder, params); + clusterPermissionsOptions(false).get(0).toXContent(builder, params); return builder.endObject(); })); assertWrongDataType( - badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(5), (ToXContentObject) (builder, params) -> { + badRequest(() -> client.patch(apiPath(), patch(addOp(randomAlphanumericString(), (ToXContentObject) (builder, params) -> { builder.startObject(); builder.field("cluster_permissions").value("a"); builder.field("index_permissions").value("b"); @@ -199,15 +213,19 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { apiPath(), patch( addOp( - randomAsciiAlphanumOfLength(5), - role(randomClusterPermissions(true), randomIndexPermissions(true), randomTenantPermissions(true)) + randomAlphanumericString(), + role( + clusterPermissionsOptions(true).get(0), + indexPermissionsOptions(true).get(0), + tenantPermissionsOptions(true).get(0) + ) ) ) ) ); // TODO related to issue #4426 assertNullValuesInArray( - client.patch(apiPath(predefinedRoleName), patch(replaceOp("cluster_permissions", randomClusterPermissions(true)))) + client.patch(apiPath(predefinedRoleName), patch(replaceOp("cluster_permissions", clusterPermissionsOptions(true).get(0)))) ); } @@ -228,7 +246,7 @@ void forbiddenToUpdateAndDeleteExistingEntityWithRestAdminPermissions(final Test forbidden( () -> client.putJson( apiPath(REST_ADMIN_PERMISSION_ROLE), - role(randomClusterPermissions(false), randomIndexPermissions(false), randomTenantPermissions(false)) + role(clusterPermissionsOptions(false).get(0), indexPermissionsOptions(false).get(0), tenantPermissionsOptions(false).get(0)) ) ); forbidden( @@ -237,7 +255,11 @@ void forbiddenToUpdateAndDeleteExistingEntityWithRestAdminPermissions(final Test patch( replaceOp( REST_ADMIN_PERMISSION_ROLE, - role(randomClusterPermissions(false), randomIndexPermissions(false), randomTenantPermissions(false)) + role( + clusterPermissionsOptions(false).get(0), + indexPermissionsOptions(false).get(0), + tenantPermissionsOptions(false).get(0) + ) ) ) ) @@ -245,7 +267,7 @@ void forbiddenToUpdateAndDeleteExistingEntityWithRestAdminPermissions(final Test forbidden( () -> client.patch( apiPath(REST_ADMIN_PERMISSION_ROLE), - patch(replaceOp("cluster_permissions", randomClusterPermissions(false))) + patch(replaceOp("cluster_permissions", clusterPermissionsOptions(false).get(0))) ) ); // remove @@ -378,21 +400,30 @@ static ToXContentObject role( }; } - ToXContentObject randomClusterPermissions(final boolean useNulls) { + List clusterPermissionsOptions(final boolean useNulls) { return useNulls - ? configJsonArray(generateArrayValues(useNulls)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray())); + ? List.of(configJsonArray(generateArrayValues(useNulls))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray()); } - ToXContentObject randomIndexPermissions(final boolean useNulls) { - return (builder, params) -> { - final var possibleJson = useNulls - ? randomIndexPermission(useNulls) - : randomFrom(List.of(randomIndexPermission(false), (b, p) -> b)); - builder.startArray(); - possibleJson.toXContent(builder, params); - return builder.endArray(); - }; + List indexPermissionsOptions(final boolean useNulls) { + if (useNulls) { + return List.of((builder, params) -> { + builder.startArray(); + randomIndexPermission(useNulls).toXContent(builder, params); + return builder.endArray(); + }); + } else { + return List.of((builder, params) -> { + builder.startArray(); + randomIndexPermission(false).toXContent(builder, params); + return builder.endArray(); + }, (builder, params) -> { + builder.startArray(); + builder.endArray(); + return builder; + }); + } } ToXContentObject randomIndexPermission(final boolean useNulls) { @@ -400,70 +431,82 @@ ToXContentObject randomIndexPermission(final boolean useNulls) { builder.startObject(); builder.field("index_patterns"); - randomIndexPatterns(useNulls).toXContent(builder, params); + indexPatternsOptions(useNulls).get(0).toXContent(builder, params); builder.field("dls"); - randomDls().toXContent(builder, params); + dlsOptions().get(0).toXContent(builder, params); builder.field("fls"); - randomFls(useNulls).toXContent(builder, params); + flsOptions(useNulls).get(0).toXContent(builder, params); builder.field("masked_fields"); - randomMaskedFields(useNulls).toXContent(builder, params); + maskedFieldsOptions(useNulls).get(0).toXContent(builder, params); builder.field("allowed_actions"); - randomAllowedActions(useNulls).toXContent(builder, params); + allowedActionsOptions(useNulls).get(0).toXContent(builder, params); return builder.endObject(); }; } - ToXContentObject randomIndexPatterns(final boolean useNulls) { + List indexPatternsOptions(final boolean useNulls) { return useNulls - ? configJsonArray(generateArrayValues(useNulls)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray())); + ? List.of(configJsonArray(generateArrayValues(useNulls))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray()); } - ToXContentObject randomTenantPermissions(final boolean useNulls) { - return (builder, params) -> { - final var possibleJson = useNulls ? tenantPermission(useNulls) : randomFrom(List.of(tenantPermission(false), (b, p) -> b)); - builder.startArray(); - possibleJson.toXContent(builder, params); - return builder.endArray(); - }; + List tenantPermissionsOptions(final boolean useNulls) { + if (useNulls) { + return List.of((builder, params) -> { + builder.startArray(); + tenantPermission(useNulls).toXContent(builder, params); + return builder.endArray(); + }); + } else { + return List.of((builder, params) -> { + builder.startArray(); + tenantPermission(false).toXContent(builder, params); + return builder.endArray(); + }, (builder, params) -> { + builder.startArray(); + builder.endArray(); + return builder; + }); + } } ToXContentObject tenantPermission(final boolean useNulls) { return (builder, params) -> { builder.startObject().field("tenant_patterns"); - randomFrom(List.of(configJsonArray(generateArrayValues(useNulls)), configJsonArray())).toXContent(builder, params); + List patterns = useNulls + ? List.of(configJsonArray(generateArrayValues(useNulls))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray()); + patterns.get(0).toXContent(builder, params); builder.field("allowed_actions"); - randomAllowedActions(useNulls).toXContent(builder, params); + allowedActionsOptions(useNulls).get(0).toXContent(builder, params); return builder.endObject(); }; } - ToXContentObject randomDls() { - return randomFrom( - List.of((builder, params) -> builder.value(randomAsciiAlphanumOfLength(10)), (builder, params) -> builder.nullValue()) - ); + List dlsOptions() { + return List.of((builder, params) -> builder.value("str1234567"), (builder, params) -> builder.nullValue()); } - ToXContentObject randomFls(final boolean useNullValues) { + List flsOptions(final boolean useNullValues) { return useNullValues - ? configJsonArray(generateArrayValues(useNullValues)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray(), (builder, params) -> builder.nullValue())); + ? List.of(configJsonArray(generateArrayValues(useNullValues))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray(), (builder, params) -> builder.nullValue()); } - ToXContentObject randomMaskedFields(final boolean useNullValues) { + List maskedFieldsOptions(final boolean useNullValues) { return useNullValues - ? configJsonArray(generateArrayValues(useNullValues)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray(), (builder, params) -> builder.nullValue())); + ? List.of(configJsonArray(generateArrayValues(useNullValues))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray(), (builder, params) -> builder.nullValue()); } - ToXContentObject randomAllowedActions(final boolean useNullValues) { + List allowedActionsOptions(final boolean useNullValues) { return useNullValues - ? configJsonArray(generateArrayValues(useNullValues)) - : randomFrom(List.of(configJsonArray(generateArrayValues(false)), configJsonArray())); + ? List.of(configJsonArray(generateArrayValues(useNullValues))) + : List.of(configJsonArray(generateArrayValues(false)), configJsonArray()); } } diff --git a/src/integrationTest/java/org/opensearch/security/api/TenantsRestApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/TenantsRestApiIntegrationTest.java index cb3431be79..5eb366a081 100644 --- a/src/integrationTest/java/org/opensearch/security/api/TenantsRestApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/TenantsRestApiIntegrationTest.java @@ -48,7 +48,7 @@ public ToXContentObject entityPayload(Boolean hidden, Boolean reserved, Boolean @Override public ToXContentObject jsonPropertyPayload() { - return (builder, params) -> builder.value(randomAsciiAlphanumOfLength(10)); + return (builder, params) -> builder.value("str1234567"); } @Override @@ -63,7 +63,7 @@ static ToXContentObject tenant(final Boolean hidden, final Boolean reserved, fin } static ToXContentObject tenant(final Boolean hidden, final Boolean reserved, final Boolean _static) { - return tenant(hidden, reserved, _static, randomAsciiAlphanumOfLength(10)); + return tenant(hidden, reserved, _static, "str1234567"); } static ToXContentObject tenant(final Boolean hidden, final Boolean reserved, final Boolean _static, String description) { @@ -86,16 +86,16 @@ static ToXContentObject tenant(final Boolean hidden, final Boolean reserved, fin @Override void verifyBadRequestOperations(TestRestClient client) throws Exception { // put - badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(4)), EMPTY_BODY)); + badRequest(() -> client.putJson(apiPath("str12"), EMPTY_BODY)); badRequest( () -> client.putJson( - apiPath(randomAsciiAlphanumOfLength(4)), + apiPath("str12"), (builder, params) -> builder.startObject().field("description", "a").field("description", "b").endObject() ) ); assertInvalidKeys( client.putJson( - apiPath(randomAsciiAlphanumOfLength(10)), + apiPath("str1234567"), (builder, params) -> builder.startObject().field("a", "b").field("c", "d").field("description", "e").endObject() ), "a,c" @@ -107,7 +107,7 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { apiPath(), patch( addOp( - randomAsciiAlphanumOfLength(4), + "str12", (ToXContentObject) (builder, params) -> builder.startObject() .field("description", "a") .field("description", "b") @@ -121,7 +121,7 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { apiPath(), patch( addOp( - randomAsciiAlphanumOfLength(10), + "str1234567", (ToXContentObject) (builder, params) -> builder.startObject() .field("a", "b") .field("c", "d") @@ -138,12 +138,12 @@ void verifyBadRequestOperations(TestRestClient client) throws Exception { @Override void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient client) throws Exception { // put - final var putDescription = randomAsciiAlphanumOfLength(10); - final var putTenantName = randomAsciiAlphanumOfLength(4); + final var putDescription = "str1234567"; + final var putTenantName = "str12"; created(() -> client.putJson(apiPath(putTenantName), tenant(hidden, reserved, putDescription))); assertTenant(ok(() -> client.get(apiPath(putTenantName))).bodyAsJsonNode().get(putTenantName), hidden, reserved, putDescription); - final var putUpdatedDescription = randomAsciiAlphanumOfLength(10); + final var putUpdatedDescription = "str1234567"; ok(() -> client.putJson(apiPath(putTenantName), tenant(hidden, reserved, putUpdatedDescription))); assertTenant( ok(() -> client.get(apiPath(putTenantName))).bodyAsJsonNode().get(putTenantName), @@ -154,8 +154,8 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien ok(() -> client.delete(apiPath(putTenantName))); notFound(() -> client.get(apiPath(putTenantName))); // patch - final var patchTenantName = randomAsciiAlphanumOfLength(4); - final var patchDescription = randomAsciiAlphanumOfLength(10); + final var patchTenantName = "str12"; + final var patchDescription = "str1234567"; ok(() -> client.patch(apiPath(), patch(addOp(patchTenantName, tenant(hidden, reserved, patchDescription))))); assertTenant( ok(() -> client.get(apiPath(patchTenantName))).bodyAsJsonNode().get(patchTenantName), @@ -164,7 +164,7 @@ void verifyCrudOperations(Boolean hidden, Boolean reserved, TestRestClient clien patchDescription ); - final var patchUpdatedDescription = randomAsciiAlphanumOfLength(10); + final var patchUpdatedDescription = "str1234567"; ok(() -> client.patch(apiPath(patchTenantName), patch(replaceOp("description", patchUpdatedDescription)))); assertTenant( ok(() -> client.get(apiPath(patchTenantName))).bodyAsJsonNode().get(patchTenantName), diff --git a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthNoneTests.java b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthNoneTests.java index 53162ce896..1af4b0dc6b 100644 --- a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthNoneTests.java +++ b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthNoneTests.java @@ -12,10 +12,8 @@ import java.io.IOException; import java.util.UUID; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.protobufs.BulkResponse; import org.opensearch.protobufs.SearchResponse; @@ -35,8 +33,6 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class GrpcClientAuthNoneTests { @ClassRule public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) diff --git a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthOptionalTests.java b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthOptionalTests.java index ed0dd2ece1..6b2a4159b2 100644 --- a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthOptionalTests.java +++ b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthOptionalTests.java @@ -11,10 +11,8 @@ import java.io.IOException; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; @@ -31,8 +29,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThrows; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class GrpcClientAuthOptionalTests { @ClassRule public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) diff --git a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthRequireTests.java b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthRequireTests.java index 578c228fdb..3a32ec046c 100644 --- a/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthRequireTests.java +++ b/src/integrationTest/java/org/opensearch/security/grpc/GrpcClientAuthRequireTests.java @@ -11,10 +11,8 @@ import java.io.IOException; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; @@ -31,8 +29,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThrows; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class GrpcClientAuthRequireTests { @ClassRule public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) diff --git a/src/integrationTest/java/org/opensearch/security/grpc/GrpcHelpers.java b/src/integrationTest/java/org/opensearch/security/grpc/GrpcHelpers.java index 849de94e16..8f291608d5 100644 --- a/src/integrationTest/java/org/opensearch/security/grpc/GrpcHelpers.java +++ b/src/integrationTest/java/org/opensearch/security/grpc/GrpcHelpers.java @@ -11,6 +11,7 @@ import java.io.IOException; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import java.util.Map; @@ -41,7 +42,6 @@ import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; -import static com.carrotsearch.randomizedtesting.RandomizedTest.randomFrom; import static io.grpc.internal.GrpcUtil.NOOP_PROXY_DETECTOR; public class GrpcHelpers { @@ -91,7 +91,8 @@ public static TransportAddress getSecureGrpcEndpoint(LocalCluster cluster) { ); transportAddresses.add(boundAddress); } - return randomFrom(transportAddresses); + Collections.shuffle(transportAddresses); + return transportAddresses.get(0); } /* diff --git a/src/integrationTest/java/org/opensearch/security/hash/Argon2CustomConfigHashingTests.java b/src/integrationTest/java/org/opensearch/security/hash/Argon2CustomConfigHashingTests.java index 8579993cd6..8691631a1a 100644 --- a/src/integrationTest/java/org/opensearch/security/hash/Argon2CustomConfigHashingTests.java +++ b/src/integrationTest/java/org/opensearch/security/hash/Argon2CustomConfigHashingTests.java @@ -11,13 +11,18 @@ package org.opensearch.security.hash; +import java.util.Arrays; +import java.util.Collection; import java.util.List; import java.util.Map; import org.apache.http.HttpStatus; import org.awaitility.Awaitility; -import org.junit.BeforeClass; +import org.junit.After; +import org.junit.Before; import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.TestSecurityConfig; @@ -29,24 +34,44 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; +@RunWith(Parameterized.class) public class Argon2CustomConfigHashingTests extends HashingTests { - public static LocalCluster cluster; + public LocalCluster cluster; private static final String PASSWORD = "top$ecret1234!"; - private static String type; - private static int memory, iterations, parallelism, length, version; + private final String type; + private final int memory; + private final int iterations; + private final int parallelism; + private final int length; + private final int version; + + public Argon2CustomConfigHashingTests(String type, int memory, int iterations, int parallelism, int length, int version) { + this.type = type; + this.memory = memory; + this.iterations = iterations; + this.parallelism = parallelism; + this.length = length; + this.version = version; + } - @BeforeClass - public static void startCluster() { + @Parameterized.Parameters(name = "type={0}, memory={1}, iterations={2}, parallelism={3}, length={4}, version={5}") + public static Collection data() { + return Arrays.asList( + new Object[][] { + { "argon2id", 65536, 2, 1, 16, 19 }, + { "argon2id", 131072, 3, 2, 32, 16 }, + { "argon2i", 65536, 2, 1, 16, 19 }, + { "argon2i", 131072, 3, 2, 32, 16 }, + { "argon2d", 65536, 2, 1, 16, 19 }, + { "argon2d", 131072, 3, 2, 32, 16 } } + ); + } - type = randomFrom(List.of("argon2id", "argon2i", "argon2d")); - iterations = randomFrom(List.of(2, 3, 4)); - memory = randomFrom(List.of(65536, 131072)); - parallelism = randomFrom(List.of(1, 2)); - length = randomFrom(List.of(16, 32, 64)); - version = randomFrom(List.of(16, 19)); + @Before + public void startCluster() { TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS) .hash(generateArgon2Hash("secret", memory, iterations, parallelism, length, type, version)); @@ -84,6 +109,13 @@ public static void startCluster() { } } + @After + public void stopCluster() { + if (cluster != null) { + cluster.close(); + } + } + @Test public void shouldAuthenticateWithCorrectPassword() { String hash = generateArgon2Hash(PASSWORD, memory, iterations, parallelism, length, type, version); diff --git a/src/integrationTest/java/org/opensearch/security/hash/BCryptCustomConfigHashingTests.java b/src/integrationTest/java/org/opensearch/security/hash/BCryptCustomConfigHashingTests.java index 95f05a7c0d..344b4ad37d 100644 --- a/src/integrationTest/java/org/opensearch/security/hash/BCryptCustomConfigHashingTests.java +++ b/src/integrationTest/java/org/opensearch/security/hash/BCryptCustomConfigHashingTests.java @@ -11,13 +11,18 @@ package org.opensearch.security.hash; +import java.util.Arrays; +import java.util.Collection; import java.util.List; import java.util.Map; import org.apache.http.HttpStatus; import org.awaitility.Awaitility; -import org.junit.BeforeClass; +import org.junit.After; +import org.junit.Before; import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.TestSecurityConfig; @@ -29,19 +34,27 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; +@RunWith(Parameterized.class) public class BCryptCustomConfigHashingTests extends HashingTests { - private static LocalCluster cluster; + private LocalCluster cluster; - private static String minor; + private final String minor; - private static int rounds; + private final int rounds; - @BeforeClass - public static void startCluster() { - minor = randomFrom(List.of("A", "B", "Y")); - rounds = randomIntBetween(4, 10); + public BCryptCustomConfigHashingTests(String minor, int rounds) { + this.minor = minor; + this.rounds = rounds; + } + + @Parameterized.Parameters(name = "minor={0}, rounds={1}") + public static Collection data() { + return Arrays.asList(new Object[][] { { "A", 4 }, { "B", 6 }, { "Y", 10 }, { "A", 10 }, { "B", 4 }, { "Y", 6 } }); + } + @Before + public void startCluster() { TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS) .hash(generateBCryptHash("secret", minor, rounds)); cluster = new LocalCluster.Builder().clusterManager(ClusterManager.SINGLENODE) @@ -70,6 +83,13 @@ public static void startCluster() { } } + @After + public void stopCluster() { + if (cluster != null) { + cluster.close(); + } + } + @Test public void shouldAuthenticateWithCorrectPassword() { String hash = generateBCryptHash(PASSWORD, minor, rounds); diff --git a/src/integrationTest/java/org/opensearch/security/hash/HashingTests.java b/src/integrationTest/java/org/opensearch/security/hash/HashingTests.java index 7cfbe1cddd..c66677a5ec 100644 --- a/src/integrationTest/java/org/opensearch/security/hash/HashingTests.java +++ b/src/integrationTest/java/org/opensearch/security/hash/HashingTests.java @@ -13,10 +13,7 @@ import java.nio.CharBuffer; -import com.carrotsearch.randomizedtesting.RandomizedTest; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.LocalCluster; @@ -33,9 +30,7 @@ import static org.hamcrest.Matchers.equalTo; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) -public class HashingTests extends RandomizedTest { +public class HashingTests { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/hash/PBKDF2CustomConfigHashingTests.java b/src/integrationTest/java/org/opensearch/security/hash/PBKDF2CustomConfigHashingTests.java index 9f2ceb2e93..e402db2293 100644 --- a/src/integrationTest/java/org/opensearch/security/hash/PBKDF2CustomConfigHashingTests.java +++ b/src/integrationTest/java/org/opensearch/security/hash/PBKDF2CustomConfigHashingTests.java @@ -11,13 +11,18 @@ package org.opensearch.security.hash; +import java.util.Arrays; +import java.util.Collection; import java.util.List; import java.util.Map; import org.apache.http.HttpStatus; import org.awaitility.Awaitility; -import org.junit.BeforeClass; +import org.junit.After; +import org.junit.Before; import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.TestSecurityConfig; @@ -29,21 +34,37 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; +@RunWith(Parameterized.class) public class PBKDF2CustomConfigHashingTests extends HashingTests { - public static LocalCluster cluster; + private LocalCluster cluster; private static final String PASSWORD = "top$ecret1234!"; - private static String function; - private static int iterations, length; + private final String function; + private final int iterations; + private final int length; - @BeforeClass - public static void startCluster() { + public PBKDF2CustomConfigHashingTests(String function, int iterations, int length) { + this.function = function; + this.iterations = iterations; + this.length = length; + } + + @Parameterized.Parameters(name = "function={0}, iterations={1}, length={2}") + public static Collection data() { + return Arrays.asList( + new Object[][] { + { "SHA224", 32000, 128 }, + { "SHA256", 64000, 256 }, + { "SHA384", 128000, 512 }, + { "SHA512", 256000, 256 }, + { "SHA256", 32000, 512 } } + ); + } - function = randomFrom(List.of("SHA224", "SHA256", "SHA384", "SHA512")); - iterations = randomFrom(List.of(32000, 64000, 128000, 256000)); - length = randomFrom(List.of(128, 256, 512)); + @Before + public void startCluster() { TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS) .hash(generatePBKDF2Hash("secret", function, iterations, length)); @@ -75,6 +96,13 @@ public static void startCluster() { } } + @After + public void stopCluster() { + if (cluster != null) { + cluster.close(); + } + } + @Test public void shouldAuthenticateWithCorrectPassword() { String hash = generatePBKDF2Hash(PASSWORD, function, iterations, length); diff --git a/src/integrationTest/java/org/opensearch/security/http/AnonymousAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/AnonymousAuthenticationTest.java index 99f96a388e..0e2fe0b918 100644 --- a/src/integrationTest/java/org/opensearch/security/http/AnonymousAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/AnonymousAuthenticationTest.java @@ -11,11 +11,8 @@ import java.util.List; -import com.carrotsearch.randomizedtesting.RandomizedRunner; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.ClusterManager; @@ -29,8 +26,6 @@ import static org.hamcrest.Matchers.hasSize; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; -@RunWith(RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class AnonymousAuthenticationTest { private static final String DEFAULT_ANONYMOUS_USER_NAME = "opendistro_security_anonymous"; diff --git a/src/integrationTest/java/org/opensearch/security/http/AsyncTests.java b/src/integrationTest/java/org/opensearch/security/http/AsyncTests.java index 514d2c45d1..5db439304f 100644 --- a/src/integrationTest/java/org/opensearch/security/http/AsyncTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/AsyncTests.java @@ -17,11 +17,9 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.security.IndexOperationsHelper; import org.opensearch.security.support.ConfigConstants; @@ -34,8 +32,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class AsyncTests { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").backendRoles("admin"); diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java index a9888d281e..3bc6107ca6 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java @@ -11,12 +11,10 @@ import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpHeaders; import org.hamcrest.Matchers; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; import org.opensearch.test.framework.TestSecurityConfig.User; @@ -34,8 +32,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class BasicAuthTests { static final User TEST_USER = new User("test_user").password("s3cret"); diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java index d602d0920b..f2939be001 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java @@ -9,11 +9,9 @@ */ package org.opensearch.security.http; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpHeaders; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; @@ -24,8 +22,6 @@ import static org.hamcrest.Matchers.equalTo; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL_WITHOUT_CHALLENGE; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class BasicAuthWithoutChallengeTests { @ClassRule diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicWithAnonymousAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicWithAnonymousAuthTests.java index 842d5c4dd5..4b5fd51477 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicWithAnonymousAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicWithAnonymousAuthTests.java @@ -11,10 +11,8 @@ import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; import org.opensearch.test.framework.TestSecurityConfig.User; @@ -29,8 +27,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class BasicWithAnonymousAuthTests { static final User TEST_USER = new User("test_user").password("s3cret"); diff --git a/src/integrationTest/java/org/opensearch/security/http/CertificateAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/CertificateAuthenticationTest.java index 4c1fef6e71..581254346f 100644 --- a/src/integrationTest/java/org/opensearch/security/http/CertificateAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/CertificateAuthenticationTest.java @@ -13,10 +13,8 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; @@ -37,8 +35,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class CertificateAuthenticationTest { private static final User USER_ADMIN = new User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java index 1ae3322a1e..d11d440467 100644 --- a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java @@ -9,10 +9,8 @@ */ package org.opensearch.security.http; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.cluster.ClusterManager; import org.opensearch.test.framework.cluster.LocalCluster; @@ -24,8 +22,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.DISABLED_AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.JWT_AUTH_DOMAIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class DisabledBasicAuthTests { @ClassRule diff --git a/src/integrationTest/java/org/opensearch/security/http/ExtendedProxyAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/ExtendedProxyAuthenticationTest.java index 91c6064910..4f324983c4 100644 --- a/src/integrationTest/java/org/opensearch/security/http/ExtendedProxyAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/ExtendedProxyAuthenticationTest.java @@ -15,11 +15,9 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AuthenticationBackend; @@ -44,8 +42,6 @@ /** * Class used to run tests defined in supper class and adds tests specific for extended-proxy authentication. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ExtendedProxyAuthenticationTest extends CommonProxyAuthenticationTests { public static final String ID_ONE_1 = "one#1"; diff --git a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationNestedClaimsTests.java b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationNestedClaimsTests.java index b51d21d586..5afc12ac8d 100644 --- a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationNestedClaimsTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationNestedClaimsTests.java @@ -15,12 +15,10 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.Header; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.JwtConfigBuilder; import org.opensearch.test.framework.TestSecurityConfig; @@ -42,8 +40,6 @@ import static org.opensearch.security.http.JwtAuthenticationTests.POINTER_USERNAME; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.BASIC_AUTH_DOMAIN_ORDER; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class JwtAuthenticationNestedClaimsTests { public static final List USERNAME_CLAIM = List.of("preferred-username"); diff --git a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationTests.java b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationTests.java index 3f2f8f7db5..246f7ef007 100644 --- a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationTests.java @@ -15,14 +15,12 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.message.BasicHeader; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.search.SearchResponse; @@ -64,8 +62,6 @@ import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitContainsFieldWithValue; import static org.opensearch.test.framework.matcher.SearchResponseMatchers.searchHitsContainDocumentWithId; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class JwtAuthenticationTests { public static final List CLAIM_USERNAME = List.of("preferred-username"); diff --git a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java index d30643f758..dbdf82f2fe 100644 --- a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java @@ -14,12 +14,10 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.Header; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AuditCompliance; import org.opensearch.test.framework.AuditConfiguration; @@ -46,8 +44,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.audit.AuditMessagePredicate.userAuthenticated; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class JwtAuthenticationWithUrlParamTests { public static final List CLAIM_USERNAME = List.of("preferred-username"); diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java index 2cc94b13e9..4463b3de51 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationCacheTest.java @@ -12,12 +12,10 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.AuthorizationBackend; @@ -60,8 +58,6 @@ /** * Test uses plain (non TLS) connection between OpenSearch and LDAP server. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class LdapAuthenticationCacheTest { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java index 61d68cfcaf..772876ac6b 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java @@ -12,7 +12,6 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -20,7 +19,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; -import org.junit.runner.RunWith; import org.opensearch.security.support.ConfigConstants; import org.opensearch.test.framework.AuthorizationBackend; @@ -64,8 +62,6 @@ /** * Test uses plain (non TLS) connection between OpenSearch and LDAP server. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class LdapAuthenticationTest { private static final Logger log = LogManager.getLogger(LdapAuthenticationTest.class); diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapStartTlsAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapStartTlsAuthenticationTest.java index 7216864287..2fde12f1fd 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapStartTlsAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapStartTlsAuthenticationTest.java @@ -11,12 +11,10 @@ import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; -import org.junit.runner.RunWith; import org.opensearch.test.framework.LdapAuthenticationConfigBuilder; import org.opensearch.test.framework.TestSecurityConfig; @@ -47,8 +45,6 @@ * Test initiates plain (non-TLS) connection between OpenSearch and LDAP server and then in the course of the test connection is upgraded * to TLS. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class LdapStartTlsAuthenticationTest { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java index 3ef41a009e..fe41601876 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java @@ -13,14 +13,12 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.message.BasicHeader; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; -import org.junit.runner.RunWith; import org.opensearch.action.search.SearchRequest; import org.opensearch.action.search.SearchResponse; @@ -86,8 +84,6 @@ /** * Test uses plain TLS connection between OpenSearch and LDAP server. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class LdapTlsAuthenticationTest { private static final String SONG_INDEX_NAME = "song_lyrics"; diff --git a/src/integrationTest/java/org/opensearch/security/http/OnBehalfOfJwtAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/OnBehalfOfJwtAuthenticationTest.java index 4edb3a74a2..e120186ccf 100644 --- a/src/integrationTest/java/org/opensearch/security/http/OnBehalfOfJwtAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/OnBehalfOfJwtAuthenticationTest.java @@ -20,7 +20,6 @@ import java.util.stream.Collectors; import javax.crypto.SecretKey; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.http.HttpStatus; @@ -53,8 +52,7 @@ import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(org.junit.runners.JUnit4.class) public class OnBehalfOfJwtAuthenticationTest { public static final String POINTER_USERNAME = "/user_name"; diff --git a/src/integrationTest/java/org/opensearch/security/http/ProxyAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/ProxyAuthenticationTest.java index 8d9ede8e5a..c694a92cc1 100644 --- a/src/integrationTest/java/org/opensearch/security/http/ProxyAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/ProxyAuthenticationTest.java @@ -12,10 +12,8 @@ import java.io.IOException; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain; import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.AuthenticationBackend; @@ -29,8 +27,6 @@ /** * Class used to run tests defined in the supper class against OpenSearch cluster with configured proxy authentication. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ProxyAuthenticationTest extends CommonProxyAuthenticationTests { private static final Map PROXY_AUTHENTICATOR_CONFIG = Map.of( diff --git a/src/integrationTest/java/org/opensearch/security/http/RolesMappingTests.java b/src/integrationTest/java/org/opensearch/security/http/RolesMappingTests.java index 828790e47b..1a930ae0bb 100644 --- a/src/integrationTest/java/org/opensearch/security/http/RolesMappingTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/RolesMappingTests.java @@ -11,10 +11,8 @@ import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.ClusterManager; @@ -28,8 +26,6 @@ import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.notNullValue; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class RolesMappingTests { static final TestSecurityConfig.User USER_A = new TestSecurityConfig.User("userA").password("s3cret").backendRoles("mapsToRoleA"); static final TestSecurityConfig.User USER_B = new TestSecurityConfig.User("userB").password("P@ssw0rd").backendRoles("mapsToRoleB"); diff --git a/src/integrationTest/java/org/opensearch/security/http/ServiceAccountAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/ServiceAccountAuthenticationTest.java index 34857ea2a7..c26edca790 100644 --- a/src/integrationTest/java/org/opensearch/security/http/ServiceAccountAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/ServiceAccountAuthenticationTest.java @@ -14,11 +14,9 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.ClusterManager; @@ -35,8 +33,6 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class ServiceAccountAuthenticationTest { public static final String SERVICE_ATTRIBUTE = "service"; diff --git a/src/integrationTest/java/org/opensearch/security/http/UntrustedLdapServerCertificateTest.java b/src/integrationTest/java/org/opensearch/security/http/UntrustedLdapServerCertificateTest.java index 2138214b92..9a29151830 100644 --- a/src/integrationTest/java/org/opensearch/security/http/UntrustedLdapServerCertificateTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/UntrustedLdapServerCertificateTest.java @@ -11,12 +11,10 @@ import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; -import org.junit.runner.RunWith; import org.opensearch.test.framework.LdapAuthenticationConfigBuilder; import org.opensearch.test.framework.TestSecurityConfig; @@ -46,8 +44,6 @@ * Negative test case related to LDAP server certificate. Connection between OpenSearch and LDAP server should not be established if * OpenSearch "does not trust" LDAP server certificate. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class UntrustedLdapServerCertificateTest { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 94a10233e0..e90d4d9ee5 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -11,11 +11,9 @@ package org.opensearch.security.privileges; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.script.mustache.MustacheModulePlugin; import org.opensearch.script.mustache.RenderSearchTemplateAction; @@ -35,8 +33,6 @@ * org.opensearch.security.privileges.PrivilegesEvaluatorTest to the new test * framework for direct comparison */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class PrivilegesEvaluatorTest { protected final static TestSecurityConfig.User NEGATIVE_LOOKAHEAD = new TestSecurityConfig.User("negative_lookahead_user").roles( diff --git a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsFmIntegrationTests.java b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsFmIntegrationTests.java index abee5eb844..1c6dcd6e60 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsFmIntegrationTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsFmIntegrationTests.java @@ -19,12 +19,12 @@ import java.util.function.Function; import java.util.function.Predicate; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableMap; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.bouncycastle.util.encoders.Hex; import org.opensearch.plugin.mapper.MapperSizePlugin; @@ -62,8 +62,7 @@ *
  • On the test method level, different operations (get, search, aggregation, terms vectors) are used with the defined users. * */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class FlsFmIntegrationTests { static final TestData TEST_DATA = TestData.DEFAULT; @@ -937,7 +936,7 @@ public FlsFmIntegrationTests(TestSecurityConfig.User user) { this.user = user; } - @ParametersFactory(shuffle = false) + @Parameters(name = "user={0}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/CrossClusterAuthorizationIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/CrossClusterAuthorizationIntTests.java index 1255444c25..be24358308 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/CrossClusterAuthorizationIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/CrossClusterAuthorizationIntTests.java @@ -15,13 +15,13 @@ import java.util.Collection; import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.junit.AfterClass; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.certificate.TestCertificates; @@ -40,8 +40,7 @@ import static org.opensearch.test.framework.matcher.RestMatchers.isForbidden; import static org.opensearch.test.framework.matcher.RestMatchers.isOk; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class CrossClusterAuthorizationIntTests { // ------------------------------------------------------------------------------------------------------- @@ -464,7 +463,7 @@ public void field_caps_localIndexPattern_remoteIndexPattern() throws Exception { } } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {1}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DashboardMultiTenancyIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DashboardMultiTenancyIntTests.java index 25b8da7cd5..cc7ab237c1 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DashboardMultiTenancyIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DashboardMultiTenancyIntTests.java @@ -16,12 +16,12 @@ import java.util.List; import java.util.UUID; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.core5.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.ClusterManager; @@ -45,8 +45,7 @@ /** * An integration test matrix for Dashboards multi-tenancy. Verifies both read and write operations */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class DashboardMultiTenancyIntTests { // ------------------------------------------------------------------------------------------------------- @@ -747,7 +746,7 @@ public void createIndex_withTenantHeader_finance() { } } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {2}") public static Collection params() { List result = new ArrayList<>(); for (ClusterConfig clusterConfig : ClusterConfig.values()) { diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadOnlyIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadOnlyIntTests.java index 10a107d057..2eaf0b5012 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadOnlyIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadOnlyIntTests.java @@ -15,11 +15,11 @@ import java.util.Collection; import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.test.framework.TestSecurityConfig; import org.opensearch.test.framework.cluster.LocalCluster; @@ -55,8 +55,7 @@ * To cope with the huge space of tests, this class uses test oracles to verify the result of the operations. * These are defined with the "indexMatcher()" method of TestSecurityConfig.User. See there and the class IndexApiMatchers. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class DataStreamAuthorizationReadOnlyIntTests { // ------------------------------------------------------------------------------------------------------- @@ -861,7 +860,7 @@ public void field_caps_staticIndices_negation_backingIndices() throws Exception } } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {2}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadWriteIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadWriteIntTests.java index 11a341f726..a378609ff4 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadWriteIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadWriteIntTests.java @@ -17,13 +17,13 @@ import java.util.List; import javax.annotation.concurrent.NotThreadSafe; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.junit.After; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.action.admin.indices.refresh.RefreshRequest; import org.opensearch.test.framework.TestSecurityConfig; @@ -63,8 +63,7 @@ * To cope with the huge space of tests, this class uses test oracles to verify the result of the operations. * These are defined with the "indexMatcher()" method of TestSecurityConfig.User. See there and the class IndexApiMatchers. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) @NotThreadSafe public class DataStreamAuthorizationReadWriteIntTests { @@ -587,7 +586,7 @@ public void refresh() { cluster.getInternalNodeClient().admin().indices().refresh(new RefreshRequest("*")).actionGet(); } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {1}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadOnlyIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadOnlyIntTests.java index 5182f6fb53..75c35ebbf5 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadOnlyIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadOnlyIntTests.java @@ -18,12 +18,12 @@ import java.util.List; import java.util.stream.Stream; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.common.settings.Settings; import org.opensearch.indices.SystemIndexDescriptor; @@ -67,8 +67,7 @@ * To cope with the huge space of tests, this class uses test oracles to verify the result of the operations. * These are defined with the "indexMatcher()" method of TestSecurityConfig.User. See there and the class IndexApiMatchers. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class IndexAuthorizationReadOnlyIntTests { // ------------------------------------------------------------------------------------------------------- @@ -1864,7 +1863,7 @@ public void pit_catSegments_all() throws Exception { } } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {1}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadWriteIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadWriteIntTests.java index fe685bc2a0..1dbbee4a78 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadWriteIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadWriteIntTests.java @@ -16,13 +16,13 @@ import java.util.Map; import javax.annotation.concurrent.NotThreadSafe; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.junit.After; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.action.admin.indices.open.OpenIndexRequest; import org.opensearch.action.admin.indices.refresh.RefreshRequest; @@ -64,8 +64,7 @@ * To cope with the huge space of tests, this class uses test oracles to verify the result of the operations. * These are defined with the "indexMatcher()" method of TestSecurityConfig.User. See there and the class IndexApiMatchers. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) @NotThreadSafe public class IndexAuthorizationReadWriteIntTests { @@ -1143,7 +1142,7 @@ public void refresh() { cluster.getInternalNodeClient().admin().indices().refresh(new RefreshRequest("*")).actionGet(); } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {2}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationWithClosedIndicesIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationWithClosedIndicesIntTests.java index 6b7acbbaa1..e94d377704 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationWithClosedIndicesIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationWithClosedIndicesIntTests.java @@ -15,8 +15,6 @@ import java.util.Collection; import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +22,8 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.script.mustache.MustacheModulePlugin; import org.opensearch.test.framework.TestSecurityConfig; @@ -47,8 +47,7 @@ * affecting some threads and losing access to the RandomizedContext. Therefore, we isolate * these tests to avoid interference with other tests. */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class IndexAuthorizationWithClosedIndicesIntTests { private static final Logger log = LogManager.getLogger(IndexAuthorizationWithClosedIndicesIntTests.class); @@ -145,7 +144,7 @@ static LocalCluster.Builder clusterBuilder() { private final LocalCluster cluster; private final ClusterConfig clusterConfig; - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {2}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/SnapshotAuthorizationIntTests.java b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/SnapshotAuthorizationIntTests.java index 65ec63c271..3f999cbc69 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/int_tests/SnapshotAuthorizationIntTests.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/int_tests/SnapshotAuthorizationIntTests.java @@ -15,14 +15,14 @@ import java.util.Collection; import java.util.List; -import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.google.common.collect.ImmutableList; import org.apache.hc.core5.http.HttpEntity; import org.junit.After; import org.junit.AfterClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; import org.opensearch.action.admin.indices.refresh.RefreshRequest; import org.opensearch.test.framework.TestSecurityConfig; @@ -45,8 +45,7 @@ /** * TODO requests on non cm node */ -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) +@RunWith(Parameterized.class) public class SnapshotAuthorizationIntTests { static final TestIndex index_a1 = TestIndex.name("index_ar1").documentCount(10).seed(1).build(); static final TestIndex index_a2 = TestIndex.name("index_ar2").documentCount(11).seed(2).build(); @@ -341,7 +340,7 @@ public void refresh() { cluster.getInternalNodeClient().admin().indices().refresh(new RefreshRequest("*")).actionGet(); } - @ParametersFactory(shuffle = false, argumentFormatting = "%1$s, %3$s") + @Parameters(name = "{0}, {2}") public static Collection params() { List result = new ArrayList<>(); diff --git a/src/integrationTest/java/org/opensearch/security/rest/AuthZinRestLayerTests.java b/src/integrationTest/java/org/opensearch/security/rest/AuthZinRestLayerTests.java index 8e0f14baf9..b0efc30f7b 100644 --- a/src/integrationTest/java/org/opensearch/security/rest/AuthZinRestLayerTests.java +++ b/src/integrationTest/java/org/opensearch/security/rest/AuthZinRestLayerTests.java @@ -11,12 +11,10 @@ package org.opensearch.security.rest; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AuditCompliance; import org.opensearch.test.framework.AuditConfiguration; @@ -42,8 +40,6 @@ import static org.opensearch.test.framework.audit.AuditMessagePredicate.privilegePredicateRESTLayer; import static org.opensearch.test.framework.audit.AuditMessagePredicate.privilegePredicateTransportLayer; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class AuthZinRestLayerTests { protected final static TestSecurityConfig.User REST_ONLY = new TestSecurityConfig.User("rest_only").roles( new Role("rest_only_role").clusterPermissions("security:dummy_protected/get").clusterPermissions("cluster:admin/dummy_plugin/dummy") diff --git a/src/integrationTest/java/org/opensearch/security/rest/CompressionTests.java b/src/integrationTest/java/org/opensearch/security/rest/CompressionTests.java index bcbbc37400..21760706e8 100644 --- a/src/integrationTest/java/org/opensearch/security/rest/CompressionTests.java +++ b/src/integrationTest/java/org/opensearch/security/rest/CompressionTests.java @@ -17,7 +17,6 @@ import java.util.concurrent.TimeUnit; import java.util.zip.GZIPOutputStream; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.hc.client5.http.classic.methods.HttpPost; import org.apache.hc.core5.http.ContentType; import org.apache.hc.core5.http.io.entity.ByteArrayEntity; @@ -25,7 +24,6 @@ import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.test.framework.AsyncActions; import org.opensearch.test.framework.TestSecurityConfig; @@ -41,8 +39,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.cluster.TestRestClientConfiguration.getBasicAuthHeader; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class CompressionTests { private static final TestSecurityConfig.User ADMIN_USER = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); diff --git a/src/integrationTest/java/org/opensearch/security/rest/WhoAmITests.java b/src/integrationTest/java/org/opensearch/security/rest/WhoAmITests.java index 22363ef023..c0ac25ce38 100644 --- a/src/integrationTest/java/org/opensearch/security/rest/WhoAmITests.java +++ b/src/integrationTest/java/org/opensearch/security/rest/WhoAmITests.java @@ -21,12 +21,10 @@ import java.util.Set; import java.util.stream.Collectors; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.apache.http.HttpStatus; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.core.common.Strings; import org.opensearch.security.auditlog.impl.AuditMessage; @@ -53,8 +51,6 @@ import static org.opensearch.test.framework.audit.AuditMessagePredicate.userAuthenticatedPredicate; import static org.junit.Assert.assertTrue; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class WhoAmITests { protected final static TestSecurityConfig.User WHO_AM_I = new TestSecurityConfig.User("who_am_i_user").roles( new Role("who_am_i_role").clusterPermissions("security:whoamiprotected") diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexDisabledTests.java b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexDisabledTests.java index 6fd48fe8f0..d010eafb2f 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexDisabledTests.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexDisabledTests.java @@ -12,10 +12,8 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.core.rest.RestStatus; import org.opensearch.security.systemindex.sampleplugin.SystemIndexPlugin1; @@ -34,8 +32,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SystemIndexDisabledTests { public static final AuthcDomain AUTHC_DOMAIN = new AuthcDomain("basic", 0).httpAuthenticatorWithChallenge("basic").backend("internal"); diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java index e8fdd9d7d4..8b978e8c56 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java @@ -12,12 +12,10 @@ import java.util.List; import java.util.Map; -import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; import com.fasterxml.jackson.databind.JsonNode; import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; -import org.junit.runner.RunWith; import org.opensearch.core.rest.RestStatus; import org.opensearch.security.systemindex.sampleplugin.SystemIndexPlugin1; @@ -39,8 +37,6 @@ import static org.opensearch.test.framework.TestSecurityConfig.Role.ALL_ACCESS; import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN; -@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) -@ThreadLeakScope(ThreadLeakScope.Scope.NONE) public class SystemIndexTests { public static final AuthcDomain AUTHC_DOMAIN = new AuthcDomain("basic", 0).httpAuthenticatorWithChallenge("basic").backend("internal");