Tests related to brute force attack prevention.

[lukasz-soszynski-eliatra]

Signed-off-by: Lukasz Soszynski lukasz.soszynski@eliatra.com

Description

[Describe what this change achieves]

• Category (Integration tests)
• Why these changes are required?
• What is the old behaviour before changes and new behaviour after changes?

Test related to brute-force attack prevention and a minor correction for TlsTests.

Issues Resolved

[List any issues this PR will resolve]

Is this a backport? If so, please add backport PR # and/or commits #

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

Bwc tests are broken on main. Tracking issue here: #2221

[codecov-commenter]

Codecov Report

Merging #2245 (3f4a665) into main (93fe633) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #2245      +/-   ##
============================================
- Coverage     61.02%   61.00%   -0.03%     
+ Complexity     3267     3265       -2     
============================================
  Files           259      259              
  Lines         18337    18336       -1     
  Branches       3248     3248              
============================================
- Hits          11191    11185       -6     
  Misses         5561     5561              
- Partials       1585     1590       +5     

Impacted Files	Coverage Δ
...urity/ssl/transport/SecuritySSLNettyTransport.java	62.36% <0.00%> (-4.31%)	⬇️
...earch/security/ssl/util/SSLConnectionTestUtil.java	93.18% <0.00%> (-2.28%)	⬇️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java	57.46% <0.00%> (-1.50%)	⬇️
...ensearch/security/compliance/ComplianceConfig.java	82.63% <0.00%> (-0.70%)	⬇️
...ecurity/ssl/rest/SecuritySSLReloadCertsAction.java	84.78% <0.00%> (-0.33%)	⬇️
...ecurity/configuration/ConfigurationRepository.java	74.31% <0.00%> (+2.18%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[DarshitChanpura]

Out of curiosity, how do you test that an IP is blocked after multiple failed logins? I mean, that end user will still see UNAUTHORIZED error but on server side how do we know that the IP is blocked?

[lukasz-soszynski-eliatra]

I added an explicit check of logs in the commit c95fbdb

[DarshitChanpura]

nice

[DarshitChanpura]

out of curiosity, why do we need routePlanner? i see it being used in TestRestClient, but couldn't understand the purpose completely

[lukasz-soszynski-eliatra]

In order to set the request source IP address, this is done by org.opensearch.test.framework.cluster.LocalAddressRoutePlanner which implements HttpRoutePlanner.

The Apache HTTP Client in version 4 contained a convenient method to set the request source IP address RequestConfig.custom().setLocalAddress(inetAddress).build();. But the method was removed in version 5 of Apache HTTP Client

[DarshitChanpura]

LGTM!

[cwperks]

Looks good to me!

[cwperks]

nit: Greater

[cwperks]

Same here.