Ldap authentication #2212
Ldap authentication #2212
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2212 +/- ##
============================================
- Coverage 61.05% 61.05% -0.01%
+ Complexity 3270 3268 -2
============================================
Files 259 259
Lines 18337 18337
Branches 3248 3248
============================================
- Hits 11196 11195 -1
- Misses 5555 5557 +2
+ Partials 1586 1585 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
2 times, most recently
from
dc80aea
to
181ac13
Compare
There was a problem hiding this comment.
Ty @lukasz-soszynski-eliatra ! Added a few comments. Could you also add brief javadoc to the remaining new class that you have added as part of this PR?
| public static LocalCluster cluster = new LocalCluster.Builder() | ||
| .testCertificates(TEST_CERTIFICATES) | ||
| .clusterManager(ClusterManager.SINGLENODE).anonymousAuth(false) | ||
| .authc(new AuthcDomain("ldap", 2, true) |
There was a problem hiding this comment.
For my knowledge, why is order set to 2 here?
There was a problem hiding this comment.
In order to insert the LDAP authentication domain after LDAP basic auth. The domain AUTHC_HTTPBASIC_INTERNAL contains an order equal to 0. I will refactor this to increase code readability.
There was a problem hiding this comment.
Code refactored in order to get rid of "magic number".
src/integrationTest/java/org/opensearch/security/http/UntrustedLdapServerCertificateTest.java
Outdated
Show resolved
Hide resolved
src/integrationTest/java/org/opensearch/test/framework/ldap/EmbeddedLDAPServer.java
Outdated
Show resolved
Hide resolved
src/integrationTest/java/org/opensearch/test/framework/ldap/LdapServer.java
Show resolved
Hide resolved
src/integrationTest/java/org/opensearch/test/framework/ldap/LdapServer.java
Outdated
Show resolved
Hide resolved
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
from
931f25b
to
a948a63
Compare
|
I added tests related to LDAP and user impersonation: e0ceb8b |
|
Bwc tests are broken on main. Tracking issue here: #2221 |
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
from
e0ceb8b
to
ed14e20
Compare
| @@ -19,6 +19,10 @@ logger.testsecconfig.name=org.opensearch.test.framework.TestSecurityConfig | |||
| logger.testsecconfig.level = info | |||
| logger.localopensearchcluster.name=org.opensearch.test.framework.cluster.LocalOpenSearchCluster | |||
| logger.localopensearchcluster.level = info | |||
| <<<<<<< HEAD | |||
There was a problem hiding this comment.
Looks like a merge conflict was missed here
There was a problem hiding this comment.
Removed
|
|
||
| @RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) | ||
| @ThreadLeakScope(ThreadLeakScope.Scope.NONE) | ||
| public class LdapStartTlsAuthenticationTest { |
There was a problem hiding this comment.
Please add a comment on these test class for how its distinct from one another
There was a problem hiding this comment.
done
|
|
||
| HttpResponse response = client.getAuthInfo(); | ||
|
|
||
| response.assertStatusCode(401); |
There was a problem hiding this comment.
Similar to previous pull request, can we modify these test cases to verify the expected error message by inspecting the log output to differentiate behavior between tests?
There was a problem hiding this comment.
Sure, LogsRule is already merged into the main branch.
There was a problem hiding this comment.
Actually, I was wrong, the code used to verify log output in the tests is in the following PR https://github.com/opensearch-project/security/pull/2179/files#diff-d8906a1526f563012a51cf0203c4ed498a2299e41b91868b4b2658a59fcc7d26
I can move this code
There was a problem hiding this comment.
done
| response.assertStatusCode(200); | ||
| List<String> backendRoles = response.getTextArrayFromJsonBody(POINTER_BACKEND_ROLES); | ||
| assertThat(backendRoles, hasSize(2)); | ||
| //CN_GROUP_CREW is retrieved recursively: cn=Jean,ou=people,o=test.org -> cn=bridge,ou=groups,o=test.org -> cn=crew,ou=groups,o=test.org |
| TestRestClient.HttpResponse response = client.getAuthInfo(); | ||
|
|
||
| response.assertStatusCode(401); | ||
| //TODO try to verify logs when JWT authentication tests are merged to main. Log should contain message like the below one |
There was a problem hiding this comment.
Here I was waiting to merge PR https://github.com/opensearch-project/security/pull/2179/files#diff-d8906a1526f563012a51cf0203c4ed498a2299e41b91868b4b2658a59fcc7d26
But I can also move the code for logs verification :)
There was a problem hiding this comment.
done
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
2 times, most recently
from
29c3283
to
b9f5d4b
Compare
src/integrationTest/java/org/opensearch/test/framework/log/LogMessage.java
Show resolved
Hide resolved
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
from
16af4cf
to
4e83093
Compare
Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com> Tests for roles recursive search for LDAP. Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com> User impersonation tests for LDAP authentication. Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com>
lukasz-soszynski-eliatra
force-pushed
the
ldap-authentication
branch
from
4e83093
to
20cc9de
Compare
Description
[Describe what this change achieves]
Integration tests related to LDAP authentication.
Issues Resolved
[List any issues this PR will resolve]
Is this a backport? If so, please add backport PR # and/or commits #
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.