Fix tests

n1v0lg · Sep 30, 2024 · 19fe01a · 19fe01a
1 parent c8842fe
commit 19fe01a
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 15 deletions.
diff --git a/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/ClusterStateRoleMapper.java b/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/ClusterStateRoleMapper.java
@@ -28,7 +28,7 @@
  * A role mapper the reads the role mapping rules (i.e. {@link ExpressionRoleMapping}s) from the cluster state
  * (i.e. {@link RoleMappingMetadata}). This is not enabled by default.
  */
-public final class ClusterStateRoleMapper extends AbstractRoleMapperClearRealmCache implements ClusterStateListener {
+public class ClusterStateRoleMapper extends AbstractRoleMapperClearRealmCache implements ClusterStateListener {
 
     /**
      * This setting is never registered by the xpack security plugin - in order to enable the

diff --git a/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java b/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java
@@ -108,10 +108,6 @@ public class NativeRoleMappingStore extends AbstractRoleMapperClearRealmCache {
     private final boolean enabled;
     private final ReservedRoleMappings reservedRoleMappings;
 
-    public NativeRoleMappingStore(Settings settings, Client client, SecurityIndexManager securityIndex, ScriptService scriptService) {
-        this(settings, client, securityIndex, scriptService, new ReservedRoleMappings(null));
-    }
-
     public NativeRoleMappingStore(
         Settings settings,
         Client client,

diff --git a/.../src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java b/.../src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java
@@ -31,6 +31,7 @@
 import org.elasticsearch.xpack.core.security.user.User;
 import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
+import org.elasticsearch.xpack.security.authc.support.mapper.ReservedRoleMappings;
 import org.elasticsearch.xpack.security.support.SecurityIndexManager;
 import org.junit.After;
 import org.junit.Before;
@@ -182,7 +183,8 @@ protected NativeRoleMappingStore roleMappingStore(final List<String> userNames)
             Settings.EMPTY,
             mockClient,
             mock(SecurityIndexManager.class),
-            mock(ScriptService.class)
+            mock(ScriptService.class),
+            mock(ReservedRoleMappings.class)
         );
         final NativeRoleMappingStore roleMapper = spy(store);
 

diff --git a/.../src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectoryRealmTests.java b/.../src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectoryRealmTests.java
@@ -57,7 +57,9 @@
 import org.elasticsearch.xpack.security.authc.ldap.ActiveDirectorySessionFactory.UpnADAuthenticator;
 import org.elasticsearch.xpack.security.authc.ldap.support.LdapServerDebugLogging;
 import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
+import org.elasticsearch.xpack.security.authc.support.mapper.ClusterStateRoleMapper;
 import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
+import org.elasticsearch.xpack.security.authc.support.mapper.ReservedRoleMappings;
 import org.elasticsearch.xpack.security.support.SecurityIndexManager;
 import org.junit.After;
 import org.junit.Before;
@@ -74,6 +76,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 
 import static org.elasticsearch.test.ActionListenerUtils.anyActionListener;
 import static org.elasticsearch.xpack.core.security.authc.RealmSettings.getFullSettingKey;
@@ -118,6 +121,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
     private Settings globalSettings;
     private SSLService sslService;
     private XPackLicenseState licenseState;
+    private ReservedRoleMappings reservedRoleMappings;
     private LdapServerDebugLogging debugLogging = new LdapServerDebugLogging(logger);
 
     @BeforeClass
@@ -163,6 +167,9 @@ public void start() throws Exception {
         globalSettings = Settings.builder().put("path.home", createTempDir()).build();
         sslService = new SSLService(TestEnvironment.newEnvironment(globalSettings));
         licenseState = new TestUtils.UpdatableLicenseState();
+        final ClusterStateRoleMapper mock = mock(ClusterStateRoleMapper.class);
+        when(mock.getMappings()).thenReturn(Set.of());
+        reservedRoleMappings = new ReservedRoleMappings(mock);
 
         // Verify we can connect to each server. Tests will fail in strange ways if this isn't true
         Arrays.stream(directoryServers).forEachOrdered(ds -> tryConnect(ds));
@@ -438,7 +445,13 @@ public void testRealmWithTemplatedRoleMapping() throws Exception {
             ScriptModule.CORE_CONTEXTS,
             () -> 1L
         );
-        NativeRoleMappingStore roleMapper = new NativeRoleMappingStore(settings, mockClient, mockSecurityIndex, scriptService) {
+        NativeRoleMappingStore roleMapper = new NativeRoleMappingStore(
+            settings,
+            mockClient,
+            mockSecurityIndex,
+            scriptService,
+            reservedRoleMappings
+        ) {
             @Override
             protected void loadMappings(ActionListener<List<ExpressionRoleMapping>> listener) {
                 listener.onResponse(Arrays.asList(NativeRoleMappingStore.buildMapping("m1", new BytesArray("""

diff --git a/...in/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java b/...in/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
@@ -51,7 +51,9 @@
 import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
 import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
 import org.elasticsearch.xpack.security.authc.support.MockLookupRealm;
+import org.elasticsearch.xpack.security.authc.support.mapper.ClusterStateRoleMapper;
 import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
+import org.elasticsearch.xpack.security.authc.support.mapper.ReservedRoleMappings;
 import org.elasticsearch.xpack.security.support.SecurityIndexManager;
 import org.junit.After;
 import org.junit.Before;
@@ -61,6 +63,7 @@
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
@@ -537,11 +540,15 @@ public void testLdapRealmWithTemplatedRoleMapping() throws Exception {
             ScriptModule.CORE_CONTEXTS,
             () -> 1L
         );
+        final ClusterStateRoleMapper mock = mock(ClusterStateRoleMapper.class);
+        when(mock.getMappings()).thenReturn(Set.of());
+        final ReservedRoleMappings reservedRoleMappings = new ReservedRoleMappings(mock);
         NativeRoleMappingStore roleMapper = new NativeRoleMappingStore(
             defaultGlobalSettings,
             mockClient,
             mockSecurityIndex,
-            scriptService
+            scriptService,
+            reservedRoleMappings
         ) {
             @Override
             protected void loadMappings(ActionListener<List<ExpressionRoleMapping>> listener) {

diff --git a/...va/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStoreTests.java b/...va/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStoreTests.java
@@ -82,6 +82,7 @@ public class NativeRoleMappingStoreTests extends ESTestCase {
 
     private ScriptService scriptService;
     private SecurityIndexManager securityIndex;
+    private ReservedRoleMappings reservedRoleMappings;
 
     @Before
     public void setup() {
@@ -92,6 +93,9 @@ public void setup() {
             () -> 1L
         );
         securityIndex = mockHealthySecurityIndex();
+        final ClusterStateRoleMapper mock = mock(ClusterStateRoleMapper.class);
+        when(mock.getMappings()).thenReturn(Set.of());
+        reservedRoleMappings = new ReservedRoleMappings(mock);
     }
 
     public void testResolveRoles() throws Exception {
@@ -148,8 +152,13 @@ public void testResolveRoles() throws Exception {
         );
 
         final Client client = mock(Client.class);
-
-        final NativeRoleMappingStore store = new NativeRoleMappingStore(Settings.EMPTY, client, securityIndex, scriptService) {
+        final NativeRoleMappingStore store = new NativeRoleMappingStore(
+            Settings.EMPTY,
+            client,
+            securityIndex,
+            scriptService,
+            reservedRoleMappings
+        ) {
             @Override
             protected void loadMappings(ActionListener<List<ExpressionRoleMapping>> listener) {
                 final List<ExpressionRoleMapping> mappings = Arrays.asList(mapping1, mapping2, mapping3, mapping4);
@@ -203,7 +212,8 @@ public void testResolveRolesDoesNotUseLastLoadCacheWhenSecurityIndexAvailable()
             Settings.builder().put("xpack.security.authz.store.role_mappings.last_load_cache.enabled", "true").build(),
             client,
             securityIndex,
-            scriptService
+            scriptService,
+            reservedRoleMappings
         );
 
         final UserRoleMapper.UserData user = new UserRoleMapper.UserData(
@@ -245,7 +255,8 @@ public void testResolveRolesUsesLastLoadCacheWhenSecurityIndexUnavailable() thro
             Settings.builder().put("xpack.security.authz.store.role_mappings.last_load_cache.enabled", "true").build(),
             client,
             securityIndex,
-            scriptService
+            scriptService,
+            reservedRoleMappings
         );
 
         final UserRoleMapper.UserData user = new UserRoleMapper.UserData(
@@ -307,7 +318,8 @@ public void testResolveRolesDoesNotUseLastLoadCacheWhenSecurityIndexDoesNotExist
             Settings.builder().put("xpack.security.authz.store.role_mappings.last_load_cache.enabled", "true").build(),
             client,
             securityIndex,
-            scriptService
+            scriptService,
+            reservedRoleMappings
         );
 
         final UserRoleMapper.UserData user = new UserRoleMapper.UserData(
@@ -508,7 +520,8 @@ public void testPutRoleMappingWillValidateTemplateRoleNamesBeforeSave() {
             Settings.EMPTY,
             mock(Client.class),
             mock(SecurityIndexManager.class),
-            scriptService
+            scriptService,
+            reservedRoleMappings
         );
         expectThrows(IllegalArgumentException.class, () -> nativeRoleMappingStore.putRoleMapping(putRoleMappingRequest, null));
     }
@@ -545,7 +558,8 @@ private NativeRoleMappingStore buildRoleMappingStoreForInvalidationTesting(
             Settings.EMPTY,
             client,
             mock(SecurityIndexManager.class),
-            mock(ScriptService.class)
+            mock(ScriptService.class),
+            reservedRoleMappings
         );
 
         if (attachRealm) {