Skip to content

Commit

Permalink
security implementation for security-analytics (#78) (#120)
Browse files Browse the repository at this point in the history 
Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
Signed-off-by: Subhobrata Dey <sbcd90@gmail.com>
  • Loading branch information
@opensearch-trigger-bot
opensearch-trigger-bot[bot] committed Nov 7, 2022
1 parent 81a9124 commit ee4ab74
Show file tree
Hide file tree
Showing 55 changed files with 1,797 additions and 130 deletions.
88 changes: 88 additions & 0 deletions .github/workflows/security-test-workflow.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Security Test Workflow
# This workflow is triggered on pull requests and pushes to main or an OpenSearch release branch
on:
pull_request:
branches:
- "*"
push:
branches:
- "*"

jobs:
build:
strategy:
matrix:
java: [ 11, 17 ]
# Job name
name: Build and test SecurityAnalytics
# This job runs on Linux
runs-on: ubuntu-latest
steps:
# This step uses the setup-java Github action: https://github.com/actions/setup-java
- name: Set Up JDK ${{ matrix.java }}
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java }}
# This step uses the checkout Github action: https://github.com/actions/checkout
- name: Checkout Branch
uses: actions/checkout@v2
# This step uses the setup-java Github action: https://github.com/actions/setup-java
- name: Set Up JDK ${{ matrix.java }}
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java }}
- name: Build SecurityAnalytics
# Only assembling since the full build is governed by other workflows
run: ./gradlew assemble

- name: Pull and Run Docker
run: |
plugin=`basename $(ls build/distributions/*.zip)`
list_of_files=`ls`
list_of_all_files=`ls build/distributions/`
version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-3`
plugin_version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-4`
qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1`
candidate_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1`
docker_version=$version
[[ -z $candidate_version ]] && candidate_version=$qualifier && qualifier=""
echo plugin version plugin_version qualifier candidate_version docker_version
echo "($plugin) ($version) ($plugin_version) ($qualifier) ($candidate_version) ($docker_version)"
echo $ls $list_of_all_files
if docker pull opensearchstaging/opensearch:$docker_version
then
echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile
echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-security-analytics ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security-analytics; fi" >> Dockerfile
echo "ADD build/distributions/$plugin /tmp/" >> Dockerfile
echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile
docker build -t opensearch-security-analytics:test .
echo "imagePresent=true" >> $GITHUB_ENV
else
echo "imagePresent=false" >> $GITHUB_ENV
fi
- name: Run Docker Image
if: env.imagePresent == 'true'
run: |
cd ..
docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-security-analytics:test
sleep 120
- name: Run SecurityAnalytics Test for security enabled test cases
if: env.imagePresent == 'true'
run: |
cluster_running=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure`
echo $cluster_running
security=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure |grep opensearch-security|wc -l`
echo $security
if [ $security -gt 0 ]
then
echo "Security plugin is available"
./gradlew :integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin
else
echo "Security plugin is NOT available skipping this run as tests without security have already been run"
fi
26 changes: 25 additions & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,24 @@ integTest {
systemProperty 'java.io.tmpdir', es_tmp_dir.absolutePath

systemProperty "https", System.getProperty("https")
systemProperty "security", System.getProperty("security")
systemProperty "user", System.getProperty("user")
systemProperty "password", System.getProperty("password")

if (System.getProperty("https") == null || System.getProperty("https") == "false") {
filter {
excludeTestsMatching "org.opensearch.securityanalytics.resthandler.Secure*RestApiIT"
excludeTestsMatching "org.opensearch.securityanalytics.findings.Secure*RestApiIT"
excludeTestsMatching "org.opensearch.securityanalytics.alerts.Secure*RestApiIT"
}
}

if (System.getProperty("https") != null || System.getProperty("https") == "true") {
filter {
excludeTestsMatching "org.opensearch.securityanalytics.*TransportIT"
}
}

// Tell the test JVM if the cluster JVM is running under a debugger so that tests can use longer timeouts for
// requests. The 'doFirst' delays reading the debug setting on the cluster till execution time.
doFirst {
Expand Down Expand Up @@ -299,7 +315,15 @@ task integTestRemote(type: RestIntegTestTask) {

if (System.getProperty("tests.rest.cluster") != null) {
filter {
includeTestsMatching "org.opensearch.securityanalytics.*RestIT"
includeTestsMatching "org.opensearch.securityanalytics.*RestApiIT"
}
}

if (System.getProperty("https") == null || System.getProperty("https") == "false") {
filter {
excludeTestsMatching "org.opensearch.securityanalytics.resthandler.Secure*RestApiIT"
excludeTestsMatching "org.opensearch.securityanalytics.findings.Secure*RestApiIT"
excludeTestsMatching "org.opensearch.securityanalytics.alerts.Secure*RestApiIT"
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,14 +171,14 @@ public List<NamedXContentRegistry.Entry> getNamedXContent() {
public List<Setting<?>> getSettings() {
return List.of(
SecurityAnalyticsSettings.INDEX_TIMEOUT,
SecurityAnalyticsSettings.FILTER_BY_BACKEND_ROLES,
SecurityAnalyticsSettings.ALERT_HISTORY_ENABLED,
SecurityAnalyticsSettings.ALERT_HISTORY_ROLLOVER_PERIOD,
SecurityAnalyticsSettings.ALERT_HISTORY_INDEX_MAX_AGE,
SecurityAnalyticsSettings.ALERT_HISTORY_MAX_DOCS,
SecurityAnalyticsSettings.ALERT_HISTORY_RETENTION_PERIOD,
SecurityAnalyticsSettings.REQUEST_TIMEOUT,
SecurityAnalyticsSettings.MAX_ACTION_THROTTLE_VALUE,
SecurityAnalyticsSettings.FILTER_BY_BACKEND_ROLES,
SecurityAnalyticsSettings.FINDING_HISTORY_ENABLED,
SecurityAnalyticsSettings.FINDING_HISTORY_MAX_DOCS,
SecurityAnalyticsSettings.FINDING_HISTORY_INDEX_MAX_AGE,
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/AckAlertsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import org.opensearch.action.ActionType;

public class AckAlertsAction extends ActionType<AckAlertsResponse> {
public static final String NAME = "cluster:admin/opendistro/securityanalytics/alerts/ack";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/alerts/ack";
public static final AckAlertsAction INSTANCE = new AckAlertsAction();

public AckAlertsAction() {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/CreateIndexMappingsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

public class CreateIndexMappingsAction extends ActionType<AcknowledgedResponse>{

public static final String NAME = "cluster:admin/opendistro/securityanalytics/mapping/create";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/mapping/create";
public static final CreateIndexMappingsAction INSTANCE = new CreateIndexMappingsAction();


Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/DeleteDetectorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class DeleteDetectorAction extends ActionType<DeleteDetectorResponse> {

public static final DeleteDetectorAction INSTANCE = new DeleteDetectorAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/detector/delete";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/detector/delete";

public DeleteDetectorAction() {
super(NAME, DeleteDetectorResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/DeleteRuleAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class DeleteRuleAction extends ActionType<DeleteRuleResponse> {

public static final DeleteRuleAction INSTANCE = new DeleteRuleAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/rule/delete";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/rule/delete";

public DeleteRuleAction() {
super(NAME, DeleteRuleResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/GetAlertsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class GetAlertsAction extends ActionType<GetAlertsResponse> {

public static final GetAlertsAction INSTANCE = new GetAlertsAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/alerts/get";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/alerts/get";

public GetAlertsAction() {
super(NAME, GetAlertsResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/GetDetectorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class GetDetectorAction extends ActionType<GetDetectorResponse> {

public static final GetDetectorAction INSTANCE = new GetDetectorAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/detector/get";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/detector/get";

public GetDetectorAction() {
super(NAME, GetDetectorResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/GetFindingsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class GetFindingsAction extends ActionType<GetFindingsResponse> {

public static final GetFindingsAction INSTANCE = new GetFindingsAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/findings/get";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/findings/get";

public GetFindingsAction() {
super(NAME, GetFindingsResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/GetIndexMappingsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

public class GetIndexMappingsAction extends ActionType<GetIndexMappingsResponse>{

public static final String NAME = "cluster:admin/opendistro/securityanalytics/mapping/get";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/mapping/get";
public static final GetIndexMappingsAction INSTANCE = new GetIndexMappingsAction();


Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/GetMappingsViewAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

public class GetMappingsViewAction extends ActionType<GetMappingsViewResponse>{

public static final String NAME = "cluster:admin/opendistro/securityanalytics/mapping/view/get";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/mapping/view/get";
public static final GetMappingsViewAction INSTANCE = new GetMappingsViewAction();


Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/IndexDetectorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class IndexDetectorAction extends ActionType<IndexDetectorResponse> {

public static final IndexDetectorAction INSTANCE = new IndexDetectorAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/detector/write";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/detector/write";

public IndexDetectorAction() {
super(NAME, IndexDetectorResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/IndexRuleAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
public class IndexRuleAction extends ActionType<IndexRuleResponse> {

public static final IndexRuleAction INSTANCE = new IndexRuleAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/rule/write";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/rule/write";

public IndexRuleAction() {
super(NAME, IndexRuleResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/SearchDetectorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
public class SearchDetectorAction extends ActionType<SearchResponse> {

public static final SearchDetectorAction INSTANCE = new SearchDetectorAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/detector/search";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/detector/search";

public SearchDetectorAction() {
super(NAME, SearchResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/SearchRuleAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
public class SearchRuleAction extends ActionType<SearchResponse> {

public static final SearchRuleAction INSTANCE = new SearchRuleAction();
public static final String NAME = "cluster:admin/opendistro/securityanalytics/rule/search";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/rule/search";

public SearchRuleAction() {
super(NAME, SearchResponse::new);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/action/UpdateIndexMappingsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

public class UpdateIndexMappingsAction extends ActionType<AcknowledgedResponse>{

public static final String NAME = "cluster:admin/opendistro/securityanalytics/mapping/update";
public static final String NAME = "cluster:admin/opensearch/securityanalytics/mapping/update";
public static final UpdateIndexMappingsAction INSTANCE = new UpdateIndexMappingsAction();


Expand Down
6 changes: 4 additions & 2 deletions src/main/java/org/opensearch/securityanalytics/alerts/AlertsService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchStatusException;
import org.opensearch.action.ActionListener;
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.action.support.WriteRequest;
Expand All @@ -17,6 +18,7 @@
import org.opensearch.commons.alerting.action.GetAlertsRequest;
import org.opensearch.commons.alerting.model.Alert;
import org.opensearch.commons.alerting.model.Table;
import org.opensearch.rest.RestStatus;
import org.opensearch.securityanalytics.action.AckAlertsResponse;
import org.opensearch.securityanalytics.action.AlertDto;
import org.opensearch.securityanalytics.action.GetAlertsResponse;
Expand Down Expand Up @@ -102,7 +104,7 @@ public void onFailure(Exception e) {

@Override
public void onFailure(Exception e) {
listener.onFailure(SecurityAnalyticsException.wrap(e));
listener.onFailure(e);
}
});
}
Expand Down Expand Up @@ -172,7 +174,7 @@ public void getAlerts(
ActionListener<GetAlertsResponse> listener
) {
if (detectors.size() == 0) {
throw SecurityAnalyticsException.wrap(new IllegalArgumentException("detector list is empty!"));
throw new OpenSearchStatusException("detector list is empty!", RestStatus.NOT_FOUND);
}

List<String> allMonitorIds = new ArrayList<>();
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchStatusException;
import org.opensearch.action.ActionListener;
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.client.Client;
Expand Down Expand Up @@ -51,7 +52,7 @@ public FindingsService(Client client) {
* @param table group of search related parameters
* @param listener ActionListener to get notified on response or error
*/
public void getFindingsByDetectorId(String detectorId, Table table, ActionListener<GetFindingsResponse> listener) {
public void getFindingsByDetectorId(String detectorId, Table table, ActionListener<GetFindingsResponse> listener ) {
this.client.execute(GetDetectorAction.INSTANCE, new GetDetectorRequest(detectorId, -3L), new ActionListener<>() {

@Override
Expand Down Expand Up @@ -102,7 +103,7 @@ public void onFailure(Exception e) {

@Override
public void onFailure(Exception e) {
listener.onFailure(SecurityAnalyticsException.wrap(e));
listener.onFailure(e);
}
});
}
Expand Down Expand Up @@ -167,7 +168,7 @@ public void getFindings(
ActionListener<GetFindingsResponse> listener
) {
if (detectors.size() == 0) {
throw SecurityAnalyticsException.wrap(new IllegalArgumentException("detector list is empty!"));
throw new OpenSearchStatusException("detector list is empty!", RestStatus.NOT_FOUND);
}

List<String> allMonitorIds = new ArrayList<>();
Expand Down
7 changes: 6 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/model/Detector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,8 @@ public enum DetectorType {
APACHE_ACCESS("apache_access"),
CLOUDTRAIL("cloudtrail"),
DNS("dns"),
S3("s3");
S3("s3"),
TEST_WINDOWS("test_windows");

private String type;

Expand Down Expand Up @@ -516,6 +517,10 @@ public List<String> getMonitorIds() {
return monitorIds;
}

public void setUser(User user) {
this.user = user;
}

public void setId(String id) {
this.id = id;
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/securityanalytics/settings/SecurityAnalyticsSettings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ public class SecurityAnalyticsSettings {
Setting.Property.NodeScope, Setting.Property.Dynamic
);

public static final Setting FILTER_BY_BACKEND_ROLES = Setting.boolSetting(
public static final Setting<Boolean> FILTER_BY_BACKEND_ROLES = Setting.boolSetting(
"plugins.security_analytics.filter_by_backend_roles",
false,
Setting.Property.NodeScope, Setting.Property.Dynamic
Expand Down
Loading

0 comments on commit ee4ab74

Please sign in to comment.