From a50938779984e8423d2c63894e2f9617b9d22ad6 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 10:17:08 +0200 Subject: [PATCH] Fix Rolling Upgrade tests Adds a number of api calls that use the deprecated endpoints so that these can be used in the `old_cluster` tests --- .../api/security.deprecated_authenticate.json | 17 +++++++++ .../security.deprecated_change_password.json | 38 +++++++++++++++++++ ...curity.deprecated_clear_cached_realms.json | 29 ++++++++++++++ ...ecurity.deprecated_clear_cached_roles.json | 23 +++++++++++ .../api/security.deprecated_disable_user.json | 34 +++++++++++++++++ .../api/security.deprecated_enable_user.json | 34 +++++++++++++++++ .../api/security.deprecated_get_token.json | 20 ++++++++++ .../api/security.deprecated_get_user.json | 24 ++++++++++++ .../api/security.deprecated_put_role.json | 37 ++++++++++++++++++ .../api/security.deprecated_put_user.json | 37 ++++++++++++++++++ .../test/old_cluster/20_security.yml | 18 ++++----- .../test/old_cluster/50_token_auth.yml | 6 +-- 12 files changed, 305 insertions(+), 12 deletions(-) create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json new file mode 100644 index 0000000000000..c075217f08359 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json @@ -0,0 +1,17 @@ +{ + "security.deprecated_authenticate": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", + "methods": [ + "GET" + ], + "url": { + "path": "/_xpack/security/_authenticate", + "paths": [ + "/_xpack/security/_authenticate" + ], + "parts": {}, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json new file mode 100644 index 0000000000000..f25c4e6d62058 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json @@ -0,0 +1,38 @@ +{ + "security.deprecated_change_password": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_password", + "paths": [ + "/_xpack/security/user/{username}/_password", + "/_xpack/security/user/_password" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to change the password for", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "the new password for the user", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json new file mode 100644 index 0000000000000..1fc2355d92308 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json @@ -0,0 +1,29 @@ +{ + "security.deprecated_clear_cached_realms": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/realm/{realms}/_clear_cache", + "paths": [ + "/_xpack/security/realm/{realms}/_clear_cache" + ], + "parts": { + "realms": { + "type": "list", + "description": "Comma-separated list of realms to clear", + "required": true + } + }, + "params": { + "usernames": { + "type": "list", + "description": "Comma-separated list of usernames to clear from the cache", + "required": false + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json new file mode 100644 index 0000000000000..e62121a3cad34 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json @@ -0,0 +1,23 @@ +{ + "security.deprecated_clear_cached_roles": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/role/{name}/_clear_cache", + "paths": [ + "/_xpack/security/role/{name}/_clear_cache" + ], + "parts": { + "name": { + "type": "list", + "description": "Role name", + "required": true + } + }, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json new file mode 100644 index 0000000000000..ee5d840b2e85e --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json @@ -0,0 +1,34 @@ +{ + "security.deprecated_disable_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_disable", + "paths": [ + "/_xpack/security/user/{username}/_disable" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to disable", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json new file mode 100644 index 0000000000000..21976d6f756c0 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json @@ -0,0 +1,34 @@ +{ + "security.deprecated_enable_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_enable", + "paths": [ + "/_xpack/security/user/{username}/_enable" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to enable", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json new file mode 100644 index 0000000000000..0c1da3ebe609c --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json @@ -0,0 +1,20 @@ +{ + "security.deprecated_get_token": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/oauth2/token", + "paths": [ + "/_xpack/security/oauth2/token" + ], + "parts": {}, + "params": {} + }, + "body": { + "description": "The token request to get", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json new file mode 100644 index 0000000000000..a63aa4cac002c --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json @@ -0,0 +1,24 @@ +{ + "security.deprecated_get_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", + "methods": [ + "GET" + ], + "url": { + "path": "/_xpack/security/user/{username}", + "paths": [ + "/_xpack/security/user/{username}", + "/_xpack/security/user" + ], + "parts": { + "username": { + "type": "list", + "description": "A comma-separated list of usernames", + "required": false + } + }, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json new file mode 100644 index 0000000000000..46c42bb10f21b --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json @@ -0,0 +1,37 @@ +{ + "security.deprecated_put_role": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/role/{name}", + "paths": [ + "/_xpack/security/role/{name}" + ], + "parts": { + "name": { + "type": "string", + "description": "Role name", + "required": true + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "The role to add", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json new file mode 100644 index 0000000000000..23de31673b26b --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json @@ -0,0 +1,37 @@ +{ + "security.deprecated_put_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}", + "paths": [ + "/_xpack/security/user/{username}" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the User", + "required": true + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "The user to add", + "required": true + } + } +} \ No newline at end of file diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml index 1cd4ead9db08e..fd986ecbe70ea 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml @@ -4,7 +4,7 @@ features: headers # create native user and role - do: - security.put_user: + security.deprecated_put_user: username: "native_user" body: > { @@ -14,7 +14,7 @@ - match: { created: true } - do: - security.put_role: + security.deprecated_put_role: name: "native_role" body: > { @@ -36,11 +36,11 @@ - match: { timed_out: false } - do: - security.clear_cached_roles: + security.deprecated_clear_cached_roles: name: "native_role" - do: - security.clear_cached_realms: + security.deprecated_clear_cached_realms: realms: "_all" - do: @@ -51,16 +51,16 @@ # Check that enabling a user in old cluster will not prevent the user from having a "default password" in the new cluster. # See: org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator.doConvertDefaultPasswords - do: - security.disable_user: + security.deprecated_disable_user: username: "kibana" - do: - security.get_user: + security.deprecated_get_user: username: "kibana" - match: { kibana.enabled: false } - do: - security.change_password: + security.deprecated_change_password: username: "logstash_system" body: > { @@ -68,10 +68,10 @@ } - do: - security.enable_user: + security.deprecated_enable_user: username: "logstash_system" - do: - security.get_user: + security.deprecated_get_user: username: "logstash_system" - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml index 02fa0f31ce37d..71e003858be82 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml @@ -8,7 +8,7 @@ wait_for_status: yellow - do: - security.put_user: + security.deprecated_put_user: username: "token_user" body: > { @@ -18,7 +18,7 @@ } - do: - security.get_token: + security.deprecated_get_token: body: grant_type: "password" username: "token_user" @@ -33,7 +33,7 @@ - do: headers: Authorization: Bearer ${token} - security.authenticate: {} + security.deprecated_authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" }