opensearch-project · willyborankin · Oct 28, 2024 · Oct 25, 2024 · Oct 25, 2024 · Oct 25, 2024
@@ -570,6 +570,11 @@ task integrationTest(type: Test) {
     }
 }
 
+tasks.named("integrationTest") {
+    minHeapSize = "512m"
+    maxHeapSize = "2g"
+}
+
 tasks.integTest.dependsOn(integrationTest)
 tasks.integrationTest.finalizedBy(jacocoTestReport) // report is always generated after integration tests run
 

@@ -266,7 +266,7 @@ public void testParallelTenantPutRequests() throws Exception {
                 assertThat(
                     response.getBody(),
                     response.getStatusCode(),
-                    anyOf(equalTo(HttpStatus.SC_CREATED), equalTo(HttpStatus.SC_CONFLICT))
+                    anyOf(equalTo(HttpStatus.SC_CREATED), equalTo(HttpStatus.SC_OK), equalTo(HttpStatus.SC_CONFLICT))
                 );
                 if (response.getStatusCode() == HttpStatus.SC_CREATED) numCreatedResponses.getAndIncrement();
             });

@@ -13,19 +13,20 @@
 
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.StringJoiner;
 
 import com.carrotsearch.randomizedtesting.RandomizedTest;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
-import com.google.common.collect.ImmutableMap;
 import org.apache.commons.io.FileUtils;
 import org.apache.http.HttpStatus;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.awaitility.Awaitility;
 import org.junit.AfterClass;
-import org.junit.BeforeClass;
+import org.junit.Before;
 import org.junit.runner.RunWith;
 
 import org.opensearch.common.CheckedConsumer;
@@ -86,22 +87,22 @@ public abstract class AbstractApiIntegrationTest extends RandomizedTest {
 
     public static Path configurationFolder;
 
-    public static ImmutableMap.Builder<String, Object> clusterSettings = ImmutableMap.builder();
-
     protected static TestSecurityConfig testSecurityConfig = new TestSecurityConfig();
 
     public static LocalCluster localCluster;
 
-    @BeforeClass
-    public static void startCluster() throws IOException {
+    private Class<? extends AbstractApiIntegrationTest> testClass;
+
+    @Before
+    public void startCluster() throws IOException {
+        if (this.getClass().equals(testClass)) {
+            return;
+        }
         configurationFolder = ConfigurationFiles.createConfigurationDirectory();
         extendConfiguration();
-        clusterSettings.put(SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, true)
-            .put(PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED, List.of("user_admin__all_access", REST_ADMIN_REST_API_ACCESS))
-            .put(SECURITY_ALLOW_DEFAULT_INIT_USE_CLUSTER_STATE, randomBoolean());
         final var clusterManager = randomFrom(List.of(ClusterManager.THREE_CLUSTER_MANAGERS, ClusterManager.SINGLENODE));
         final var localClusterBuilder = new LocalCluster.Builder().clusterManager(clusterManager)
-            .nodeSettings(clusterSettings.buildKeepingLast())
+            .nodeSettings(getClusterSettings())
             .defaultConfigurationInitDirectory(configurationFolder.toString())
             .loadConfigurationIntoIndex(false);
         localCluster = localClusterBuilder.build();
@@ -111,6 +112,15 @@ public static void startCluster() throws IOException {
                 .alias("Load default configuration")
                 .until(() -> client.securityHealth().getTextFromJsonBody("/status"), equalTo("UP"));
         }
+        testClass = this.getClass();
+    }
+
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = new HashMap<>();
+        clusterSettings.put(SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, true);
+        clusterSettings.put(PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED, List.of("user_admin__all_access", REST_ADMIN_REST_API_ACCESS));
+        clusterSettings.put(SECURITY_ALLOW_DEFAULT_INIT_USE_CLUSTER_STATE, randomBoolean());
+        return clusterSettings;
     }
 
     private static void extendConfiguration() throws IOException {

@@ -39,10 +39,16 @@
 public abstract class AbstractConfigEntityApiIntegrationTest extends AbstractApiIntegrationTest {
 
     static {
-        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
         testSecurityConfig.withRestAdminUser(REST_ADMIN_USER, allRestAdminPermissions());
     }
 
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+        return clusterSettings;
+    }
+
     interface TestDescriptor {
 
         String entityJsonProperty();

@@ -14,6 +14,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.StringJoiner;
 import java.util.stream.Collectors;
@@ -43,7 +44,6 @@ public class CertificatesRestApiIntegrationTest extends AbstractApiIntegrationTe
     final static String REGULAR_USER = "regular_user";
 
     static {
-        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
         testSecurityConfig.roles(
             new TestSecurityConfig.Role("simple_user_role").clusterPermissions("cluster:admin/security/certificates/info")
         )
@@ -53,6 +53,13 @@ public class CertificatesRestApiIntegrationTest extends AbstractApiIntegrationTe
             .withRestAdminUser(REST_API_ADMIN_SSL_INFO, restAdminPermission(Endpoint.SSL, CERTS_INFO_ACTION));
     }
 
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+        return clusterSettings;
+    }
+
     @Override
     protected String apiPathPrefix() {
         return PLUGINS_PREFIX;

@@ -10,6 +10,7 @@
  */
 package org.opensearch.security.api;
 
+import java.util.Map;
 import java.util.StringJoiner;
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -30,11 +31,18 @@ public class ConfigRestApiIntegrationTest extends AbstractApiIntegrationTest {
     final static String REST_API_ADMIN_CONFIG_UPDATE = "rest-api-admin-config-update";
 
     static {
-        clusterSettings.put(SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION, true).put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
         testSecurityConfig.withRestAdminUser(REST_ADMIN_USER, allRestAdminPermissions())
             .withRestAdminUser(REST_API_ADMIN_CONFIG_UPDATE, restAdminPermission(Endpoint.CONFIG, SECURITY_CONFIG_UPDATE));
     }
 
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION, true);
+        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+        return clusterSettings;
+    }
+
     private String securityConfigPath(final String... path) {
         final var fullPath = new StringJoiner("/").add(super.apiPath("securityconfig"));
         if (path != null) for (final var p : path)
@@ -80,6 +88,7 @@ void verifyUpdate(final TestRestClient client) throws Exception {
         badRequest(() -> client.putJson(securityConfigPath("xxx"), EMPTY_BODY));
         verifyNotAllowedMethods(client);
 
+        TestRestClient.HttpResponse resp = client.get(securityConfigPath());
         final var configJson = ok(() -> client.get(securityConfigPath())).bodyAsJsonNode();
         final var authFailureListeners = DefaultObjectMapper.objectMapper.createObjectNode();
         authFailureListeners.set(

@@ -12,6 +12,7 @@
 package org.opensearch.security.api;
 
 import java.util.List;
+import java.util.Map;
 
 import org.junit.Test;
 
@@ -32,15 +33,21 @@ public class DashboardsInfoWithSettingsTest extends AbstractApiIntegrationTest {
         "Password must be minimum 5 characters long and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character.";
 
     static {
-        clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, CUSTOM_PASSWORD_REGEX)
-            .put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, CUSTOM_PASSWORD_MESSAGE);
         testSecurityConfig.user(
             new TestSecurityConfig.User("dashboards_user").roles(
                 new Role("dashboards_role").indexPermissions("read").on("*").clusterPermissions("cluster_composite_ops")
             )
         );
     }
 
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, CUSTOM_PASSWORD_REGEX);
+        clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, CUSTOM_PASSWORD_MESSAGE);
+        return clusterSettings;
+    }
+
     private String apiPath() {
         return randomFrom(List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo"));
     }

@@ -11,6 +11,7 @@
 
 package org.opensearch.security.api;
 
+import java.util.Map;
 import java.util.StringJoiner;
 
 import org.junit.Test;
@@ -27,10 +28,19 @@ public class InternalUsersRegExpPasswordRulesRestApiIntegrationTest extends Abst
 
     final static String PASSWORD_VALIDATION_ERROR_MESSAGE = "xxxxxxxx";
 
-    static {
-        clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, PASSWORD_VALIDATION_ERROR_MESSAGE)
-            .put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, "(?=.*[A-Z])(?=.*[^a-zA-Z\\\\d])(?=.*[0-9])(?=.*[a-z]).{8,}")
-            .put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_SCORE_BASED_VALIDATION_STRENGTH, PasswordValidator.ScoreStrength.FAIR.name());
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, PASSWORD_VALIDATION_ERROR_MESSAGE);
+        clusterSettings.put(
+            ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX,
+            "(?=.*[A-Z])(?=.*[^a-zA-Z\\\\d])(?=.*[0-9])(?=.*[a-z]).{8,}"
+        );
+        clusterSettings.put(
+            ConfigConstants.SECURITY_RESTAPI_PASSWORD_SCORE_BASED_VALIDATION_STRENGTH,
+            PasswordValidator.ScoreStrength.FAIR.name()
+        );
+        return clusterSettings;
     }
 
     String internalUsers(String... path) {

@@ -11,6 +11,7 @@
 
 package org.opensearch.security.api;
 
+import java.util.Map;
 import java.util.StringJoiner;
 
 import org.junit.Test;
@@ -24,8 +25,11 @@
 
 public class InternalUsersScoreBasedPasswordRulesRestApiIntegrationTest extends AbstractApiIntegrationTest {
 
-    static {
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
         clusterSettings.put(ConfigConstants.SECURITY_RESTAPI_PASSWORD_MIN_LENGTH, 9);
+        return clusterSettings;
     }
 
     String internalUsers(String... path) {

@@ -10,6 +10,8 @@
  */
 package org.opensearch.security.api;
 
+import java.util.Map;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import org.junit.Test;
 
@@ -26,11 +28,17 @@ public class SslCertsRestApiIntegrationTest extends AbstractApiIntegrationTest {
     final static String REST_API_ADMIN_SSL_INFO = "rest-api-admin-ssl-info";
 
     static {
-        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
         testSecurityConfig.withRestAdminUser(REST_ADMIN_USER, allRestAdminPermissions())
             .withRestAdminUser(REST_API_ADMIN_SSL_INFO, restAdminPermission(Endpoint.SSL, CERTS_INFO_ACTION));
     }
 
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+        return clusterSettings;
+    }
+
     protected String sslCertsPath() {
         return super.apiPath("ssl", "certs");
     }