Swap to InternalUser Attributes

Signed-off-by: Stephen Crawford <[email protected]>
opensearch-project · May 1, 2023 · b47a802 · b47a802
1 parent 1577af5
commit b47a802
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 16 deletions.
diff --git a/src/main/java/org/opensearch/security/user/UserService.java b/src/main/java/org/opensearch/security/user/UserService.java
@@ -33,7 +33,7 @@ >>>>>>> b07f0f8f0c2 (fix user service and add tests)
 package org.opensearch.security.user;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
@@ -167,7 +167,8 @@ public SecurityDynamicConfiguration<?> createOrUpdateAccount(ObjectNode contentA
             throw new UserServiceException(NO_ACCOUNT_NAME_MESSAGE);
         }
 
-        if (!securityJsonNode.get("attributes").get("owner").isNull() && !securityJsonNode.get("attributes").get("owner").asString().equals(accountName)) { // If this is a service account
+        if (!securityJsonNode.get("attributes").get("isService").isNull() && securityJsonNode.get("attributes").get("isService").asString().equalsIgnoreCase("true"))
+        { // If this is a service account
             verifyServiceAccount(securityJsonNode, accountName);
             String password = generatePassword();
             contentAsNode.put("hash", hash(password.toCharArray()));
@@ -192,6 +193,10 @@ public SecurityDynamicConfiguration<?> createOrUpdateAccount(ObjectNode contentA
             contentAsNode.remove("password");
         }
 
+        if (!securityJsonNode.get("attributes").get("isEnabled").isNull()) {
+            contentAsNode.put("isEnabled", securityJsonNode.get("isEnabled").asString());
+        }
+
         final boolean userExisted = internalUsersConfiguration.exists(accountName);
 
         // sanity checks, hash is mandatory for newly created users
@@ -284,7 +289,7 @@ public String generateAuthToken(String accountName) throws IOException {
             saveAndUpdateConfigs(getConfigName().toString(), client, CType.INTERNALUSERS, internalUsersConfiguration);
 
 
-            authToken = Base64.getUrlEncoder().encodeToString((accountName + ":" + plainTextPassword).getBytes(Charset.forName("UTF-8")));
+            authToken = Base64.getUrlEncoder().encodeToString((accountName + ":" + plainTextPassword).getBytes(StandardCharsets.UTF_8));
             return authToken;
 
         } catch (JsonProcessingException ex) {

diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java
@@ -45,28 +45,28 @@ protected String getEndpointPrefix() {
 
 
     private static final String ENABLED_SERVICE_ACCOUNT_BODY  =  "{"
-            + " \"attributes\": { \"owner\": \"test_owner\", "
+            + " \"attributes\": { \"isService\": \"true\", "
             + "\"isEnabled\": \"true\"}"
             + " }\n";
 
     private static final String DISABLED_SERVICE_ACCOUNT_BODY = "{"
-            + " \"attributes\": { \"owner\": \"test_owner\", "
+            + " \"attributes\": { \"isService\": \"true\", "
             + "\"isEnabled\": \"false\"}"
             + " }\n";
     private static final String ENABLED_NOT_SERVICE_ACCOUNT_BODY = "{"
-            + " \"attributes\": { \"owner\": \"user_is_owner_1\", "
+            + " \"attributes\": { \"isService\": \"false\", "
             + "\"isEnabled\": \"true\"}"
             + " }\n";
     private static final String PASSWORD_SERVICE = "{ \"password\" : \"test\","
-            + " \"attributes\": { \"owner\": \"test_owner\", "
+            + " \"attributes\": { \"isService\": \"true\", "
             + "\"isEnabled\": \"true\"}"
             + " }\n";
     private static final String HASH_SERVICE = "{ \"owner\" : \"test_owner\","
-            + " \"attributes\": { \"owner\": \"test_owner\", "
+            + " \"attributes\": { \"isService\": \"true\", "
             + "\"isEnabled\": \"true\"}"
             + " }\n";
     private static final String PASSWORD_HASH_SERVICE = "{ \"password\" : \"test\", \"hash\" : \"123\","
-            + " \"attributes\": { \"owner\": \"test_owner\", "
+            + " \"attributes\": { \"isService\": \"true\", "
             + "\"isEnabled\": \"true\"}"
             + " }\n";
 
@@ -87,7 +87,7 @@ public void testSecurityRoles() throws Exception {
                 .executeGetRequest(ENDPOINT + "/" + CType.INTERNALUSERS.toLCString());
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
         response = rh.executePatchRequest(ENDPOINT + "/internalusers", "[{ \"op\": \"add\", \"path\": \"/newuser\", \"value\": {\"password\": \"newuser\", \"opendistro_security_roles\": [\"opendistro_security_all_access\"] } }]", new Header[0]);
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
 
@@ -137,7 +137,7 @@ public void testUserApi() throws Exception {
         HttpResponse response = rh.executeGetRequest(ENDPOINT + "/" + CType.INTERNALUSERS.toLCString());
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
         verifyGet();
         verifyPut();
         verifyPatch(true);
@@ -152,7 +152,7 @@ private void verifyGet(final Header... header) throws Exception {
         HttpResponse response = rh.executeGetRequest(ENDPOINT + "/internalusers/admin", header);
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(7, settings.size());
+        Assert.assertEquals(9, settings.size());
         // hash must be filtered
         Assert.assertEquals("", settings.get("admin.hash"));
 
@@ -539,7 +539,7 @@ public void testUserApiWithRestAdminPermissions() throws Exception {
         HttpResponse response = rh.executeGetRequest(ENDPOINT + "/" + CType.INTERNALUSERS.toLCString(), restApiAdminHeader);
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
         verifyGet(restApiAdminHeader);
         verifyPut(restApiAdminHeader);
         verifyPatch(false, restApiAdminHeader);
@@ -557,7 +557,7 @@ public void testUserApiWithRestInternalUsersAdminPermissions() throws Exception
         HttpResponse response = rh.executeGetRequest(ENDPOINT + "/" + CType.INTERNALUSERS.toLCString(), restApiInternalUsersAdminHeader);
         Assert.assertEquals(response.getBody(), HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
         verifyGet(restApiInternalUsersAdminHeader);
         verifyPut(restApiInternalUsersAdminHeader);
         verifyPatch(false, restApiInternalUsersAdminHeader);
@@ -586,7 +586,7 @@ public void testPasswordRules() throws Exception {
                 .executeGetRequest("_plugins/_security/api/" + CType.INTERNALUSERS.toLCString());
         Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
 
         addUserWithPassword("tooshoort", "", HttpStatus.SC_BAD_REQUEST);
         addUserWithPassword("tooshoort", "123", HttpStatus.SC_BAD_REQUEST);
@@ -666,7 +666,7 @@ public void testUserApiWithDots() throws Exception {
                 .executeGetRequest(ENDPOINT + "/" + CType.INTERNALUSERS.toLCString());
         Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode());
         Settings settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build();
-        Assert.assertEquals(133, settings.size());
+        Assert.assertEquals(171, settings.size());
 
         addUserWithPassword(".my.dotuser0", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m",
                 HttpStatus.SC_CREATED);