From 80b189f5df142d81591e57ba5b3e1570dacbc0db Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Wed, 29 Jan 2025 17:56:37 +0100 Subject: [PATCH] Clean up for 3.x - removed `/_opendistro` prefix from paths - removed `/kibanainfo` path Signed-off-by: Andrey Pleskach --- config/opensearch.yml.example | 2 +- .../org/opensearch/security/TlsTests.java | 2 +- .../api/AbstractApiIntegrationTest.java | 3 +- .../security/api/DashboardsInfoTest.java | 5 +- .../api/DashboardsInfoWithSettingsTest.java | 4 +- .../http/CommonProxyAuthenticationTests.java | 2 +- .../JwtAuthenticationWithUrlParamTests.java | 2 +- .../framework/cluster/TestRestClient.java | 4 +- .../http/saml/AuthTokenProcessorHandler.java | 2 +- .../auth/http/saml/HTTPSamlAuthenticator.java | 3 +- .../auth/http/saml/Saml2SettingsProvider.java | 4 +- .../security/OpenSearchSecurityPlugin.java | 1 - .../security/auditlog/impl/AuditMessage.java | 5 +- .../dlic/rest/api/AccountApiAction.java | 2 +- .../dlic/rest/api/AuditApiAction.java | 6 +-- .../dlic/rest/api/WhitelistApiAction.java | 10 ++-- .../security/dlic/rest/support/Utils.java | 9 +--- .../security/filter/SecurityRestFilter.java | 5 +- .../http/OnBehalfOfAuthenticator.java | 3 +- .../security/rest/DashboardsInfoAction.java | 4 -- .../security/rest/SecurityHealthAction.java | 2 - .../security/rest/SecurityInfoAction.java | 2 - .../security/rest/TenantInfoAction.java | 2 - .../impl/AllowlistingSettings.java | 4 +- .../impl/WhitelistingSettings.java | 4 +- .../ssl/rest/SecuritySSLInfoAction.java | 2 +- .../http/saml/HTTPSamlAuthenticatorTest.java | 2 +- .../dlic/auth/ldap/LdapBackendIntegTest.java | 2 +- .../auth/ldap2/LdapBackendIntegTest2.java | 2 +- .../EncryptionInTransitMigrationTests.java | 2 +- .../org/opensearch/security/HealthTests.java | 11 ++--- .../security/HttpIntegrationTests.java | 38 +++++++-------- .../InitializationIntegrationTests.java | 9 ++-- .../opensearch/security/IntegrationTests.java | 10 ++-- .../SecurityAdminInvalidConfigsTests.java | 16 +++---- .../security/SecurityAdminTests.java | 10 ++-- .../security/SecurityRolesTests.java | 8 ++-- .../security/SystemIntegratorsTests.java | 44 ++++++++--------- .../auditlog/AbstractAuditlogiUnitTest.java | 2 +- .../security/auditlog/AuditTestUtils.java | 2 +- .../RestApiComplianceAuditlogTest.java | 44 ++++++++--------- .../security/auditlog/impl/TracingTests.java | 8 ++-- .../integration/BasicAuditlogTest.java | 25 ++++------ .../security/cache/CachingTest.java | 29 ++++------- .../ccstest/CrossClusterSearchTests.java | 2 +- .../rest/api/AbstractRestApiUnitTest.java | 16 +++---- .../dlic/rest/api/RoleBasedAccessTest.java | 20 ++++---- .../api/legacy/LegacyAuditApiActionTests.java | 23 --------- .../LegacyGetConfigurationApiTests.java | 23 --------- .../api/legacy/LegacyIndexMissingTests.java | 23 --------- .../api/legacy/LegacyNodesDnApiTests.java | 23 --------- .../legacy/LegacyRoleBasedAccessTests.java | 23 --------- .../legacy/LegacySecurityApiAccessTests.java | 23 --------- .../legacy/LegacyTenantInfoActionTests.java | 23 --------- .../api/legacy/LegacyWhitelistApiTests.java | 23 --------- .../filter/SecurityRestFilterTests.java | 14 +++--- .../multitenancy/test/MultitenancyTests.java | 2 +- .../org/opensearch/security/ssl/SSLTest.java | 48 ++++++++----------- .../SecuritySSLReloadCertsActionTests.java | 6 +-- 59 files changed, 200 insertions(+), 450 deletions(-) delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyAuditApiActionTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyGetConfigurationApiTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyIndexMissingTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyNodesDnApiTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyRoleBasedAccessTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacySecurityApiAccessTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyTenantInfoActionTests.java delete mode 100644 src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyWhitelistApiTests.java diff --git a/config/opensearch.yml.example b/config/opensearch.yml.example index 3b4df645de..78f020780f 100644 --- a/config/opensearch.yml.example +++ b/config/opensearch.yml.example @@ -18,7 +18,7 @@ plugins.security.nodes_dn: # The nodes_dn_dynamic_config_enabled settings is geared towards cross_cluster usecases where there is a need to # manage the whitelisted nodes_dn without having to restart the nodes everytime a new cross_cluster remote is configured -# Setting nodes_dn_dynamic_config_enabled to true enables **super-admin callable** /_opendistro/_security/api/nodesdn APIs +# Setting nodes_dn_dynamic_config_enabled to true enables **super-admin callable** /_security/api/nodesdn APIs # which provide means to update/retrieve nodesdn dynamically. # # NOTE: The overall whitelisted nodes_dn evaluated comes from both the plugins.security.nodes_dn and the ones stored diff --git a/src/integrationTest/java/org/opensearch/security/TlsTests.java b/src/integrationTest/java/org/opensearch/security/TlsTests.java index 515d448728..51a58b278d 100644 --- a/src/integrationTest/java/org/opensearch/security/TlsTests.java +++ b/src/integrationTest/java/org/opensearch/security/TlsTests.java @@ -53,7 +53,7 @@ public class TlsTests { public static final String SUPPORTED_CIPHER_SUIT = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; public static final String NOT_SUPPORTED_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA"; - public static final String AUTH_INFO_ENDPOINT = "/_opendistro/_security/authinfo?pretty"; + public static final String AUTH_INFO_ENDPOINT = "/_security/authinfo?pretty"; @ClassRule public static final LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS) diff --git a/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java index a69ca83378..caa59145de 100644 --- a/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java @@ -55,7 +55,6 @@ import static org.hamcrest.Matchers.equalToIgnoringCase; import static org.hamcrest.Matchers.notNullValue; import static org.opensearch.security.CrossClusterSearchTests.PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.CERTS_INFO_ACTION; import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.ENDPOINTS_WITH_PERMISSIONS; @@ -270,7 +269,7 @@ protected void withUser( } protected String apiPathPrefix() { - return randomFrom(List.of(LEGACY_OPENDISTRO_PREFIX, PLUGINS_PREFIX)); + return PLUGINS_PREFIX; } protected String securityPath(String... path) { diff --git a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java index 635d9ecff4..04488b7a01 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java @@ -11,8 +11,6 @@ package org.opensearch.security.api; -import java.util.List; - import org.junit.Test; import org.opensearch.test.framework.TestSecurityConfig; @@ -20,7 +18,6 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; import static org.opensearch.security.rest.DashboardsInfoAction.DEFAULT_PASSWORD_MESSAGE; import static org.opensearch.security.rest.DashboardsInfoAction.DEFAULT_PASSWORD_REGEX; @@ -36,7 +33,7 @@ public class DashboardsInfoTest extends AbstractApiIntegrationTest { } private String apiPath() { - return randomFrom(List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo")); + return PLUGINS_PREFIX + "/dashboardsinfo"; } @Test diff --git a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java index af8eeb2c8a..ba473c2994 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoWithSettingsTest.java @@ -11,7 +11,6 @@ package org.opensearch.security.api; -import java.util.List; import java.util.Map; import org.junit.Test; @@ -22,7 +21,6 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; public class DashboardsInfoWithSettingsTest extends AbstractApiIntegrationTest { @@ -49,7 +47,7 @@ protected Map getClusterSettings() { } private String apiPath() { - return randomFrom(List.of(PLUGINS_PREFIX + "/dashboardsinfo", LEGACY_OPENDISTRO_PREFIX + "/kibanainfo")); + return PLUGINS_PREFIX + "/dashboardsinfo"; } @Test diff --git a/src/integrationTest/java/org/opensearch/security/http/CommonProxyAuthenticationTests.java b/src/integrationTest/java/org/opensearch/security/http/CommonProxyAuthenticationTests.java index 48ed08ac22..d9d5df3def 100644 --- a/src/integrationTest/java/org/opensearch/security/http/CommonProxyAuthenticationTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/CommonProxyAuthenticationTests.java @@ -30,7 +30,7 @@ */ abstract class CommonProxyAuthenticationTests { - protected static final String RESOURCE_AUTH_INFO = "_opendistro/_security/authinfo"; + protected static final String RESOURCE_AUTH_INFO = "_plugins/_security/authinfo"; protected static final TestSecurityConfig.User USER_ADMIN = new TestSecurityConfig.User("admin").roles(ALL_ACCESS); protected static final String ATTRIBUTE_DEPARTMENT = "department"; diff --git a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java index 43a342dcfd..7b7c138dd5 100644 --- a/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/JwtAuthenticationWithUrlParamTests.java @@ -112,7 +112,7 @@ public void shouldAuthenticateWithJwtTokenInUrl_positive() { Map expectedParams = Map.of("token", "REDACTED", "verbose", "true"); auditLogsRule.assertExactlyOne( - userAuthenticated(ADMIN_USER).withRestRequest(GET, "/_opendistro/_security/authinfo").withRestParams(expectedParams) + userAuthenticated(ADMIN_USER).withRestRequest(GET, "/_security/authinfo").withRestParams(expectedParams) ); } } diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java index f560ef713f..39e208da43 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java @@ -117,7 +117,7 @@ public HttpResponse getWithoutLeadingSlash(String path, Header... headers) { } public HttpResponse getAuthInfo(Header... headers) { - return executeRequest(new HttpGet(getHttpServerUri() + "/_opendistro/_security/authinfo?pretty"), headers); + return executeRequest(new HttpGet(getHttpServerUri() + "/_plugins/_security/authinfo?pretty"), headers); } public HttpResponse securityHealth(Header... headers) { @@ -127,7 +127,7 @@ public HttpResponse securityHealth(Header... headers) { public HttpResponse getAuthInfo(Map urlParams, Header... headers) { String urlParamsString = "?" + urlParams.entrySet().stream().map(e -> e.getKey() + "=" + e.getValue()).collect(Collectors.joining("&")); - return executeRequest(new HttpGet(getHttpServerUri() + "/_opendistro/_security/authinfo" + urlParamsString), headers); + return executeRequest(new HttpGet(getHttpServerUri() + "/_plugins/_security/authinfo" + urlParamsString), headers); } public void confirmCorrectCredentials(String expectedUserName) { diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java index 6abe934925..30bc679874 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java @@ -139,7 +139,7 @@ private AuthTokenProcessorAction.Response handleImpl( String acsEndpoint, Saml2Settings saml2Settings, String requestPath // the parameter will be removed in the future as soon as we will read of legacy paths aka - // /_opendistro/_security/... + // /_security/... ) { if (token_log.isDebugEnabled()) { try { diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java index c0b9b5b1a9..f49a315cfe 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java @@ -73,7 +73,6 @@ import org.w3c.dom.Element; import org.xml.sax.SAXException; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; public class HTTPSamlAuthenticator implements HTTPAuthenticator, Destroyable { @@ -85,7 +84,7 @@ public class HTTPSamlAuthenticator implements HTTPAuthenticator, Destroyable { public static final String API_AUTHTOKEN_SUFFIX = "api/authtoken"; private static final String AUTHINFO_SUFFIX = "authinfo"; - private static final String REGEX_PATH_PREFIX = "/(" + LEGACY_OPENDISTRO_PREFIX + "|" + PLUGINS_PREFIX + ")/" + "(.*)"; + private static final String REGEX_PATH_PREFIX = "/(" + PLUGINS_PREFIX + ")/" + "(.*)"; private static final Pattern PATTERN_PATH_PREFIX = Pattern.compile(REGEX_PATH_PREFIX); private static boolean openSamlInitialized = false; diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/Saml2SettingsProvider.java b/src/main/java/com/amazon/dlic/auth/http/saml/Saml2SettingsProvider.java index 39496205d4..ba4286e5dc 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/Saml2SettingsProvider.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/Saml2SettingsProvider.java @@ -221,9 +221,9 @@ private SingleLogoutService findSingleLogoutService(IDPSSODescriptor idpSsoDescr private String buildAssertionConsumerEndpoint(String dashboardsRoot) { if (dashboardsRoot.endsWith("/")) { - return dashboardsRoot + "_opendistro/_security/saml/acs"; + return dashboardsRoot + "_security/saml/acs"; } else { - return dashboardsRoot + "/_opendistro/_security/saml/acs"; + return dashboardsRoot + "_security/saml/acs"; } } diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 13d0f79330..5424380e5e 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -246,7 +246,6 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin private static final Logger actionTrace = LogManager.getLogger("opendistro_security_action_trace"); private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(OpenSearchSecurityPlugin.class); - public static final String LEGACY_OPENDISTRO_PREFIX = "_opendistro/_security"; public static final String PLUGINS_PREFIX = "_plugins/_security"; private boolean sslCertReloadEnabled; diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java index 81695b702b..30a0b7a49e 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java @@ -56,7 +56,6 @@ import org.joda.time.format.DateTimeFormat; import org.joda.time.format.DateTimeFormatter; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; public final class AuditMessage { @@ -68,9 +67,7 @@ public final class AuditMessage { private static final String SENSITIVE_KEY = "password"; private static final String SENSITIVE_REPLACEMENT_VALUE = "__SENSITIVE__"; - private static final Pattern SENSITIVE_PATHS = Pattern.compile( - "/(" + LEGACY_OPENDISTRO_PREFIX + "|" + PLUGINS_PREFIX + ")/api/(account.*|internalusers.*|user.*)" - ); + private static final Pattern SENSITIVE_PATHS = Pattern.compile("/(" + PLUGINS_PREFIX + ")/api/(account.*|internalusers.*|user.*)"); @VisibleForTesting public static final String BCRYPT_REGEX = "\\$2[ayb]\\$.{56}"; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/AccountApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/AccountApiAction.java index ad9aa656da..2bf9fb21d4 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/AccountApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/AccountApiAction.java @@ -47,7 +47,7 @@ /** * Rest API action to fetch or update account details of the signed-in user. - * Currently this action serves GET and PUT request for /_opendistro/_security/api/account endpoint + * Currently this action serves GET and PUT request for /_security/api/account endpoint */ public class AccountApiAction extends AbstractApiAction { diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java index a5bf9c6b9b..ac1db80416 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java @@ -46,7 +46,7 @@ /** * Rest handler for fetching and updating audit configuration. * Supported REST endpoints - * GET _opendistro/_security/api/audit/ + * GET _security/api/audit/ * { * "config" : { * "audit" : { @@ -83,7 +83,7 @@ * } * } * - * PUT _opendistro/_security/api/audit/config + * PUT _security/api/audit/config * { * "audit":{ * "enable_rest":true, @@ -116,7 +116,7 @@ * } * } * - * PATCH _opendistro/_security/api/audit + * PATCH _security/api/audit * [{"op": "replace", "path": "/config/audit/enable_rest", "value": "true"}] * [{"op": "replace", "path": "/config/compliance/internal_config", "value": "true"}] */ diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/WhitelistApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/WhitelistApiAction.java index fd71312910..732e731bde 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/WhitelistApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/WhitelistApiAction.java @@ -36,23 +36,23 @@ * SuperAdmin certificate for the default superuser is stored as a kirk.pem file in config folder of OpenSearch *

* Example calling the PUT API as SuperAdmin using curl (if http basic auth is on): - * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPUT https://localhost:9200/_opendistro/_security/api/whitelist -H "Content-Type: application/json" -d’ + * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPUT https://localhost:9200/_security/api/whitelist -H "Content-Type: application/json" -d’ * { * "enabled" : false, - * "requests" : {"/_cat/nodes": ["GET"], "/_opendistro/_security/api/whitelist": ["GET"]} + * "requests" : {"/_cat/nodes": ["GET"], "/_security/api/whitelist": ["GET"]} * } * * Example using the PATCH API to change the requests as SuperAdmin: - * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPATCH https://localhost:9200/_opendistro/_security/api/whitelist -H "Content-Type: application/json" -d’ + * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPATCH https://localhost:9200/_security/api/whitelist -H "Content-Type: application/json" -d’ * { * "op":"replace", * "path":"/config/requests", - * "value": {"/_cat/nodes": ["GET"], "/_opendistro/_security/api/whitelist": ["GET"]} + * "value": {"/_cat/nodes": ["GET"], "/_security/api/whitelist": ["GET"]} * } * * To update enabled, use the "add" operation instead of the "replace" operation, since boolean variables are not recognized as valid paths when they are false. * eg: - * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPATCH https://localhost:9200/_opendistro/_security/api/whitelist -H "Content-Type: application/json" -d’ + * curl -v --cacert path_to_config/root-ca.pem --cert path_to_config/kirk.pem --key path_to_config/kirk-key.pem -XPATCH https://localhost:9200/_security/api/whitelist -H "Content-Type: application/json" -d’ * { * "op":"add", * "path":"/config/enabled", diff --git a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java index 2e900169db..2f752c3751 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java +++ b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java @@ -51,19 +51,14 @@ import org.opensearch.security.user.User; import static org.opensearch.core.xcontent.DeprecationHandler.THROW_UNSUPPORTED_OPERATION; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; public class Utils { public final static String PLUGIN_ROUTE_PREFIX = "/" + PLUGINS_PREFIX; - public final static String LEGACY_PLUGIN_ROUTE_PREFIX = "/" + LEGACY_OPENDISTRO_PREFIX; - public final static String PLUGIN_API_ROUTE_PREFIX = PLUGIN_ROUTE_PREFIX + "/api"; - public final static String LEGACY_PLUGIN_API_ROUTE_PREFIX = LEGACY_PLUGIN_ROUTE_PREFIX + "/api"; - private static final ObjectMapper internalMapper = new ObjectMapper(); public static Map convertJsonToxToStructuredMap(ToXContent jsonContent) { @@ -204,7 +199,7 @@ public static Set generateFieldResourcePaths(final Set fields, f *Total number of routes is expanded as twice as the number of routes passed in */ public static List addRoutesPrefix(List routes) { - return addRoutesPrefix(routes, LEGACY_PLUGIN_API_ROUTE_PREFIX, PLUGIN_API_ROUTE_PREFIX); + return addRoutesPrefix(routes, PLUGIN_API_ROUTE_PREFIX); } /** @@ -235,7 +230,7 @@ public static List addRoutesPrefix(List routes, final String... pr *Total number of routes is expanded as twice as the number of routes passed in */ public static List addDeprecatedRoutesPrefix(List deprecatedRoutes) { - return addDeprecatedRoutesPrefix(deprecatedRoutes, LEGACY_PLUGIN_API_ROUTE_PREFIX, PLUGIN_API_ROUTE_PREFIX); + return addDeprecatedRoutesPrefix(deprecatedRoutes, PLUGIN_API_ROUTE_PREFIX); } /** diff --git a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java index 12dd68d1f8..f7f7a662ed 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java +++ b/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java @@ -70,7 +70,6 @@ import org.greenrobot.eventbus.Subscribe; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; public class SecurityRestFilter { @@ -91,7 +90,7 @@ public class SecurityRestFilter { public static final String HEALTH_SUFFIX = "health"; public static final String WHO_AM_I_SUFFIX = "whoami"; - public static final String REGEX_PATH_PREFIX = "/(" + LEGACY_OPENDISTRO_PREFIX + "|" + PLUGINS_PREFIX + ")/" + "(.*)"; + public static final String REGEX_PATH_PREFIX = "/(" + PLUGINS_PREFIX + ")/" + "(.*)"; public static final Pattern PATTERN_PATH_PREFIX = Pattern.compile(REGEX_PATH_PREFIX); public SecurityRestFilter( @@ -202,7 +201,7 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c * If allowlisting is enabled, then Non-SuperAdmin is allowed to access only those APIs that are allowlisted in {@link #requests} * For example: if allowlisting is enabled and requests = ["/_cat/nodes"], then SuperAdmin can access all APIs, but non SuperAdmin * can only access "/_cat/nodes" - * Further note: Some APIs are only accessible by SuperAdmin, regardless of allowlisting. For example: /_opendistro/_security/api/whitelist is only accessible by SuperAdmin. + * Further note: Some APIs are only accessible by SuperAdmin, regardless of allowlisting. For example: /_security/api/whitelist is only accessible by SuperAdmin. * See {@link AllowlistApiAction} for the implementation of this API. * SuperAdmin is identified by credentials, which can be passed in the curl request. */ diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java index 111eff7a33..e796b0d282 100644 --- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java @@ -46,14 +46,13 @@ import io.jsonwebtoken.JwtParserBuilder; import io.jsonwebtoken.security.WeakKeyException; -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; import static org.opensearch.security.util.AuthTokenUtils.isAccessToRestrictedEndpoints; public class OnBehalfOfAuthenticator implements HTTPAuthenticator { private static final int MINIMUM_SIGNING_KEY_BIT_LENGTH = 512; - private static final String REGEX_PATH_PREFIX = "/(" + LEGACY_OPENDISTRO_PREFIX + "|" + PLUGINS_PREFIX + ")/" + "(.*)"; + private static final String REGEX_PATH_PREFIX = "/(" + PLUGINS_PREFIX + ")/" + "(.*)"; private static final Pattern PATTERN_PATH_PREFIX = Pattern.compile(REGEX_PATH_PREFIX); protected final Logger log = LogManager.getLogger(this.getClass()); diff --git a/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java b/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java index 3401ac71e8..30b3583858 100644 --- a/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java +++ b/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java @@ -50,7 +50,6 @@ import static org.opensearch.rest.RestRequest.Method.GET; import static org.opensearch.rest.RestRequest.Method.POST; -import static org.opensearch.security.dlic.rest.support.Utils.LEGACY_PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix; @@ -60,9 +59,6 @@ public class DashboardsInfoAction extends BaseRestHandler { .addAll( addRoutesPrefix(ImmutableList.of(new Route(GET, "/dashboardsinfo"), new Route(POST, "/dashboardsinfo")), PLUGIN_ROUTE_PREFIX) ) - .addAll( - addRoutesPrefix(ImmutableList.of(new Route(GET, "/kibanainfo"), new Route(POST, "/kibanainfo")), LEGACY_PLUGIN_ROUTE_PREFIX) - ) .build(); private final Logger log = LogManager.getLogger(this.getClass()); diff --git a/src/main/java/org/opensearch/security/rest/SecurityHealthAction.java b/src/main/java/org/opensearch/security/rest/SecurityHealthAction.java index 3c57773417..4797978477 100644 --- a/src/main/java/org/opensearch/security/rest/SecurityHealthAction.java +++ b/src/main/java/org/opensearch/security/rest/SecurityHealthAction.java @@ -44,14 +44,12 @@ import static org.opensearch.rest.RestRequest.Method.GET; import static org.opensearch.rest.RestRequest.Method.POST; -import static org.opensearch.security.dlic.rest.support.Utils.LEGACY_PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix; public class SecurityHealthAction extends BaseRestHandler { private static final List routes = addRoutesPrefix( ImmutableList.of(new Route(GET, "/health"), new Route(POST, "/health")), - LEGACY_PLUGIN_ROUTE_PREFIX, PLUGIN_ROUTE_PREFIX ); diff --git a/src/main/java/org/opensearch/security/rest/SecurityInfoAction.java b/src/main/java/org/opensearch/security/rest/SecurityInfoAction.java index 64075d5d0e..8a39fa0adf 100644 --- a/src/main/java/org/opensearch/security/rest/SecurityInfoAction.java +++ b/src/main/java/org/opensearch/security/rest/SecurityInfoAction.java @@ -57,14 +57,12 @@ import static org.opensearch.rest.RestRequest.Method.GET; import static org.opensearch.rest.RestRequest.Method.POST; -import static org.opensearch.security.dlic.rest.support.Utils.LEGACY_PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix; public class SecurityInfoAction extends BaseRestHandler { private static final List routes = addRoutesPrefix( ImmutableList.of(new Route(GET, "/authinfo"), new Route(POST, "/authinfo")), - LEGACY_PLUGIN_ROUTE_PREFIX, PLUGIN_ROUTE_PREFIX ); diff --git a/src/main/java/org/opensearch/security/rest/TenantInfoAction.java b/src/main/java/org/opensearch/security/rest/TenantInfoAction.java index d7b3ef3d1f..14070a9ef4 100644 --- a/src/main/java/org/opensearch/security/rest/TenantInfoAction.java +++ b/src/main/java/org/opensearch/security/rest/TenantInfoAction.java @@ -61,14 +61,12 @@ import static org.opensearch.rest.RestRequest.Method.GET; import static org.opensearch.rest.RestRequest.Method.POST; -import static org.opensearch.security.dlic.rest.support.Utils.LEGACY_PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.PLUGIN_ROUTE_PREFIX; import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix; public class TenantInfoAction extends BaseRestHandler { private static final List routes = addRoutesPrefix( ImmutableList.of(new Route(GET, "/tenantinfo"), new Route(POST, "/tenantinfo")), - LEGACY_PLUGIN_ROUTE_PREFIX, PLUGIN_ROUTE_PREFIX ); diff --git a/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java b/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java index 2a25ad8795..9ab68456a1 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/AllowlistingSettings.java @@ -106,8 +106,8 @@ private boolean requestIsAllowlisted(final SecurityRequest request) { * For SuperAdmin this function is bypassed. * In a future version, should add a regex check to improve the functionality. * Currently, each individual PUT/PATCH request needs to be allowlisted separately for the specific resource to be changed/added. - * This should be improved so that, for example if PUT /_opendistro/_security/api/rolesmapping is allowlisted, - * then all PUT /_opendistro/_security/api/rolesmapping/{resource_name} work. + * This should be improved so that, for example if PUT /_security/api/rolesmapping is allowlisted, + * then all PUT /_security/api/rolesmapping/{resource_name} work. * Currently, each resource_name has to be allowlisted separately */ public Optional checkRequestIsAllowed(final SecurityRequest request) { diff --git a/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java b/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java index 4cc16a7f00..dffbaa9c86 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/WhitelistingSettings.java @@ -103,8 +103,8 @@ private boolean requestIsWhitelisted(final SecurityRequest request) { * For SuperAdmin this function is bypassed. * In a future version, should add a regex check to improve the functionality. * Currently, each individual PUT/PATCH request needs to be whitelisted separately for the specific resource to be changed/added. - * This should be improved so that, for example if PUT /_opendistro/_security/api/rolesmapping is whitelisted, - * then all PUT /_opendistro/_security/api/rolesmapping/{resource_name} work. + * This should be improved so that, for example if PUT /_security/api/rolesmapping is whitelisted, + * then all PUT /_security/api/rolesmapping/{resource_name} work. * Currently, each resource_name has to be whitelisted separately */ @Override diff --git a/src/main/java/org/opensearch/security/ssl/rest/SecuritySSLInfoAction.java b/src/main/java/org/opensearch/security/ssl/rest/SecuritySSLInfoAction.java index 203a0c7965..7cff23809b 100644 --- a/src/main/java/org/opensearch/security/ssl/rest/SecuritySSLInfoAction.java +++ b/src/main/java/org/opensearch/security/ssl/rest/SecuritySSLInfoAction.java @@ -49,7 +49,7 @@ import io.netty.handler.ssl.OpenSsl; public class SecuritySSLInfoAction extends BaseRestHandler { - private static final List routes = Collections.singletonList(new Route(Method.GET, "/_opendistro/_security/sslinfo")); + private static final List routes = Collections.singletonList(new Route(Method.GET, "/_security/sslinfo")); private final Logger log = LogManager.getLogger(this.getClass()); private final SslSettingsManager sslSettingsManager; diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java b/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java index e7889aa825..e3eb5d2a6a 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java @@ -933,7 +933,7 @@ private RestRequest buildTokenExchangeRestRequest( + "\" }"; } - return new FakeRestRequest.Builder().withPath("/_opendistro/_security/api/authtoken") + return new FakeRestRequest.Builder().withPath("/_security/api/authtoken") .withMethod(Method.POST) .withContent(new BytesArray(authtokenPostJson)) .withHeaders(ImmutableMap.of("Content-Type", "application/json")) diff --git a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java index 863db60e82..56d77e806d 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java +++ b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java @@ -84,7 +84,7 @@ public void testAttributesWithImpersonation() throws Exception { HttpStatus.SC_OK, is( (res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "jacksonm"), encodeBasicHeader("spock", "spocksecret") )).getStatusCode() diff --git a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java index 4eaa78392f..fed534fae8 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java +++ b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java @@ -84,7 +84,7 @@ public void testAttributesWithImpersonation() throws Exception { HttpStatus.SC_OK, is( (res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "jacksonm"), encodeBasicHeader("spock", "spocksecret") )).getStatusCode() diff --git a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java index b26546f92e..1e12e7fee5 100644 --- a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java +++ b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java @@ -44,7 +44,7 @@ private void testSslOnlyMode(boolean dualModeEnabled) throws Exception { setupSslOnlyMode(settings); final RestHelper rh = nonSslRestHelper(); - HttpResponse res = rh.executeGetRequest("_opendistro/_security/sslinfo"); + HttpResponse res = rh.executeGetRequest("_security/sslinfo"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); res = rh.executePutRequest("/xyz/_doc/1", "{\"a\":5}"); diff --git a/src/test/java/org/opensearch/security/HealthTests.java b/src/test/java/org/opensearch/security/HealthTests.java index 03030aaec9..089d8f7d5e 100644 --- a/src/test/java/org/opensearch/security/HealthTests.java +++ b/src/test/java/org/opensearch/security/HealthTests.java @@ -46,12 +46,12 @@ public void testHealth() throws Exception { RestHelper rh = nonSslRestHelper(); HttpResponse res; - assertThat(HttpStatus.SC_OK, is((res = rh.executeGetRequest("_opendistro/_security/health?pretty&mode=lenient")).getStatusCode())); + assertThat(HttpStatus.SC_OK, is((res = rh.executeGetRequest("_security/health?pretty&mode=lenient")).getStatusCode())); assertContains(res, "*UP*"); assertNotContains(res, "*DOWN*"); assertNotContains(res, "*strict*"); - assertThat((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*UP*"); assertContains(res, "*strict*"); assertNotContains(res, "*DOWN*"); @@ -63,15 +63,12 @@ public void testHealthUnitialized() throws Exception { RestHelper rh = nonSslRestHelper(); HttpResponse res; - assertThat(HttpStatus.SC_OK, is((res = rh.executeGetRequest("_opendistro/_security/health?pretty&mode=lenient")).getStatusCode())); + assertThat(HttpStatus.SC_OK, is((res = rh.executeGetRequest("_security/health?pretty&mode=lenient")).getStatusCode())); assertContains(res, "*UP*"); assertNotContains(res, "*DOWN*"); assertNotContains(res, "*strict*"); - assertThat( - HttpStatus.SC_SERVICE_UNAVAILABLE, - is((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode()) - ); + assertThat(HttpStatus.SC_SERVICE_UNAVAILABLE, is((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode())); assertContains(res, "*DOWN*"); assertContains(res, "*strict*"); assertNotContains(res, "*UP*"); diff --git a/src/test/java/org/opensearch/security/HttpIntegrationTests.java b/src/test/java/org/opensearch/security/HttpIntegrationTests.java index 33a85ed2d6..197765f532 100644 --- a/src/test/java/org/opensearch/security/HttpIntegrationTests.java +++ b/src/test/java/org/opensearch/security/HttpIntegrationTests.java @@ -334,7 +334,7 @@ public void testHTTPBasic() throws Exception { Assert.assertTrue(res.getBody().contains("\"status\":201")); res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("security_tenant", "unittesttenant"), encodeBasicHeader("worf", "worf") ); @@ -344,7 +344,7 @@ public void testHTTPBasic() throws Exception { Assert.assertTrue(res.getBody().contains("\"kltentrw\":true")); Assert.assertTrue(res.getBody().contains("\"user_name\":\"worf\"")); - res = rh.executeGetRequest("_opendistro/_security/authinfo", encodeBasicHeader("worf", "worf")); + res = rh.executeGetRequest("_security/authinfo", encodeBasicHeader("worf", "worf")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); Assert.assertTrue(res.getBody().contains("tenant")); Assert.assertTrue(res.getBody().contains("\"user_requested_tenant\":null")); @@ -353,7 +353,7 @@ public void testHTTPBasic() throws Exception { Assert.assertTrue(res.getBody().contains("\"custom_attribute_names\":[]")); Assert.assertFalse(res.getBody().contains("attributes=")); - res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("custattr", "nagilum")); + res = rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("custattr", "nagilum")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); Assert.assertTrue(res.getBody().contains("tenants")); Assert.assertTrue(res.getBody().contains("\"user_requested_tenant\" : null")); @@ -385,7 +385,7 @@ public void testHTTPBasic() throws Exception { // rest impersonation res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "knuddel"), encodeBasicHeader("worf", "worf") ); @@ -395,14 +395,14 @@ public void testHTTPBasic() throws Exception { Assert.assertFalse(res.getBody().contains("worf")); res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "nonexists"), encodeBasicHeader("worf", "worf") ); assertThat(res.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "notallowed"), encodeBasicHeader("worf", "worf") ); @@ -420,7 +420,7 @@ public void testHTTPSCompressionEnabled() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), settings, true); final RestHelper rh = restHelper(); // ssl resthelper - HttpResponse res = rh.executeGetRequest("_opendistro/_security/sslinfo", encodeBasicHeader("nagilum", "nagilum")); + HttpResponse res = rh.executeGetRequest("_security/sslinfo", encodeBasicHeader("nagilum", "nagilum")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*ssl_protocol\":\"TLSv1.2*"); @@ -440,7 +440,7 @@ public void testHTTPSCompression() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), settings, true); final RestHelper rh = restHelper(); // ssl resthelper - HttpResponse res = rh.executeGetRequest("_opendistro/_security/sslinfo", encodeBasicHeader("nagilum", "nagilum")); + HttpResponse res = rh.executeGetRequest("_security/sslinfo", encodeBasicHeader("nagilum", "nagilum")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*ssl_protocol\":\"TLSv1.2*"); @@ -461,15 +461,15 @@ public void testHTTPAnon() throws Exception { assertThat(rh.executeGetRequest("", encodeBasicHeader("worf", "wrong")).getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); assertThat(rh.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode(), is(HttpStatus.SC_OK)); - HttpResponse resc = rh.executeGetRequest("_opendistro/_security/authinfo"); + HttpResponse resc = rh.executeGetRequest("_security/authinfo"); Assert.assertTrue(resc.getBody().contains("opendistro_security_anonymous")); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); - resc = rh.executeGetRequest("_opendistro/_security/authinfo?pretty=true"); + resc = rh.executeGetRequest("_security/authinfo?pretty=true"); Assert.assertTrue(resc.getBody().contains("\"remote_address\" : \"")); // check pretty print assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); - resc = rh.executeGetRequest("_opendistro/_security/authinfo", encodeBasicHeader("nagilum", "nagilum")); + resc = rh.executeGetRequest("_security/authinfo", encodeBasicHeader("nagilum", "nagilum")); Assert.assertTrue(resc.getBody().contains("nagilum")); Assert.assertFalse(resc.getBody().contains("opendistro_security_anonymous")); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -494,7 +494,7 @@ public void testHTTPAnon() throws Exception { } assertThat(rh.executeGetRequest("").getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); - assertThat(rh.executeGetRequest("_opendistro/_security/authinfo").getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); + assertThat(rh.executeGetRequest("_security/authinfo").getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); assertThat(rh.executeGetRequest("", encodeBasicHeader("worf", "wrong")).getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); assertThat(rh.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode(), is(HttpStatus.SC_OK)); } @@ -538,7 +538,7 @@ public void testHTTPClientCert() throws Exception { rh.keystore = "kirk-keystore.jks"; assertThat(rh.executePutRequest(".opendistro_security/_doc/y", "{}").getStatusCode(), is(HttpStatus.SC_CREATED)); - assertThat(rh.executeGetRequest("_opendistro/_security/authinfo").getStatusCode(), is(HttpStatus.SC_OK)); + assertThat(rh.executeGetRequest("_security/authinfo").getStatusCode(), is(HttpStatus.SC_OK)); } @Test @@ -651,7 +651,7 @@ public void testHTTPProxyRolesSeparator() throws Exception { RestHelper rh = nonSslRestHelper(); // separator is configured as ";" so separating roles with "," leads to one (wrong) backend role HttpResponse res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("user", "scotty"), new BasicHeader("roles", "starfleet,engineer") @@ -662,7 +662,7 @@ public void testHTTPProxyRolesSeparator() throws Exception { ); // correct separator, now we should see two backend roles res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("user", "scotty"), new BasicHeader("roles", "starfleet;engineer") @@ -1091,10 +1091,10 @@ public void testTenantInfo() throws Exception { final RestHelper rh = nonSslRestHelper(); - HttpResponse res = rh.executeGetRequest("_opendistro/_security/tenantinfo?pretty", encodeBasicHeader("itt1635", "nagilum")); + HttpResponse res = rh.executeGetRequest("_security/tenantinfo?pretty", encodeBasicHeader("itt1635", "nagilum")); assertThat(res.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); - res = rh.executeGetRequest("_opendistro/_security/tenantinfo?pretty", encodeBasicHeader("kibanaserver", "kibanaserver")); + res = rh.executeGetRequest("_security/tenantinfo?pretty", encodeBasicHeader("kibanaserver", "kibanaserver")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); Assert.assertTrue(res.getBody().contains("\".kibana_-1139640511_admin1\" : \"admin_1\"")); Assert.assertTrue(res.getBody().contains("\".kibana_-1386441176_praxisrw\" : \"praxisrw\"")); @@ -1117,7 +1117,7 @@ public void testRestImpersonation() throws Exception { // rest impersonation HttpResponse res = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "someotherusernotininternalusersfile"), encodeBasicHeader("worf", "worf") ); @@ -1132,7 +1132,7 @@ public void testSslOnlyMode() throws Exception { setupSslOnlyMode(settings); final RestHelper rh = nonSslRestHelper(); - HttpResponse res = rh.executeGetRequest("_opendistro/_security/sslinfo"); + HttpResponse res = rh.executeGetRequest("_security/sslinfo"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); res = rh.executePutRequest("/xyz/_doc/1", "{\"a\":5}"); diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 79a32aec63..31ceaebe4e 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -202,8 +202,7 @@ public void testConfigHotReload() throws Exception { + TransportAddress.getAddress() + ":" + TransportAddress.getPort() - + "/" - + "_opendistro/_security/authinfo?pretty=true" + + "/_plugins/_security/authinfo?pretty=true" ), spock ); @@ -235,8 +234,7 @@ public void testConfigHotReload() throws Exception { + TransportAddress.getAddress() + ":" + TransportAddress.getPort() - + "/" - + "_opendistro/_security/authinfo?pretty=true" + + "/_plugins/_security/authinfo?pretty=true" ), spock ); @@ -266,8 +264,7 @@ public void testConfigHotReload() throws Exception { + TransportAddress.getAddress() + ":" + TransportAddress.getPort() - + "/" - + "_opendistro/_security/authinfo?pretty=true" + + "/_plugins/_security/authinfo?pretty=true" ) ); log.debug(res.getBody()); diff --git a/src/test/java/org/opensearch/security/IntegrationTests.java b/src/test/java/org/opensearch/security/IntegrationTests.java index 6eeed4ef02..82a7986cf5 100644 --- a/src/test/java/org/opensearch/security/IntegrationTests.java +++ b/src/test/java/org/opensearch/security/IntegrationTests.java @@ -272,14 +272,14 @@ public void testRestImpersonation() throws Exception { HttpResponse resp; resp = rh.executeGetRequest( - "/_opendistro/_security/authinfo", + "/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "knuddel"), encodeBasicHeader("worf", "worf") ); assertThat(resp.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); resp = rh.executeGetRequest( - "/_opendistro/_security/authinfo", + "/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "knuddel"), encodeBasicHeader("spock", "spock") ); @@ -288,14 +288,14 @@ public void testRestImpersonation() throws Exception { Assert.assertFalse(resp.getBody().contains("spock")); resp = rh.executeGetRequest( - "/_opendistro/_security/authinfo", + "/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "userwhonotexists"), encodeBasicHeader("spock", "spock") ); assertThat(resp.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); resp = rh.executeGetRequest( - "/_opendistro/_security/authinfo", + "/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as", "invalid"), encodeBasicHeader("spock", "spock") ); @@ -352,7 +352,7 @@ public void testXff() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig().setConfig("config_xff.yml"), Settings.EMPTY, true); RestHelper rh = nonSslRestHelper(); HttpResponse resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader("x-forwarded-for", "10.0.0.7"), encodeBasicHeader("worf", "worf") ); diff --git a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java index 90af959830..5cf8ee1520 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java @@ -74,10 +74,10 @@ public void testSecurityAdminDuplicateKey() throws Exception { RestHelper rh = restHelper(); - assertThat((rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertThat( HttpStatus.SC_OK, - is(rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) + is(rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) ); assertThat(HttpStatus.SC_OK, is(rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode())); } @@ -105,10 +105,10 @@ public void testSecurityAdminDuplicateKeyReload() throws Exception { RestHelper rh = restHelper(); - assertThat((rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertThat( HttpStatus.SC_OK, - is(rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) + is(rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) ); assertThat(HttpStatus.SC_OK, is(rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode())); } @@ -144,10 +144,10 @@ public void testSecurityAdminDuplicateKeySingleFile() throws Exception { RestHelper rh = restHelper(); - assertThat((rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertThat( HttpStatus.SC_OK, - is(rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) + is(rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) ); assertThat(HttpStatus.SC_OK, is(rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode())); } @@ -175,10 +175,10 @@ public void testSecurityAdminDuplicateKeyReloadSingleFile() throws Exception { RestHelper rh = restHelper(); - assertThat((rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertThat( HttpStatus.SC_OK, - is(rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) + is(rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode()) ); assertThat(HttpStatus.SC_OK, is(rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("nagilum", "nagilum")).getStatusCode())); } diff --git a/src/test/java/org/opensearch/security/SecurityAdminTests.java b/src/test/java/org/opensearch/security/SecurityAdminTests.java index 45c5c0e2a1..2a4b68c934 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminTests.java @@ -78,7 +78,7 @@ public void testSecurityAdmin() throws Exception { RestHelper rh = restHelper(); - assertThat((rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); } @Test @@ -274,7 +274,7 @@ public void testSecurityAdminRegularUpdate() throws Exception { RestHelper rh = restHelper(); HttpResponse res; - assertThat((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*UP*"); assertContains(res, "*strict*"); assertNotContains(res, "*DOWN*"); @@ -360,7 +360,7 @@ public void testSecurityAdminSingularV7Updates() throws Exception { RestHelper rh = restHelper(); HttpResponse res; - assertThat((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*UP*"); assertContains(res, "*strict*"); assertNotContains(res, "*DOWN*"); @@ -406,7 +406,7 @@ public void testSecurityAdminInvalidYml() throws Exception { RestHelper rh = restHelper(); HttpResponse res; - assertThat((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*UP*"); assertContains(res, "*strict*"); assertNotContains(res, "*DOWN*"); @@ -454,7 +454,7 @@ public void testSecurityAdminReloadInvalidConfig() throws Exception { HttpResponse res; - assertThat((res = rh.executeGetRequest("_opendistro/_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); + assertThat((res = rh.executeGetRequest("_security/health?pretty")).getStatusCode(), is(HttpStatus.SC_OK)); assertContains(res, "*UP*"); assertContains(res, "*strict*"); assertNotContains(res, "*DOWN*"); diff --git a/src/test/java/org/opensearch/security/SecurityRolesTests.java b/src/test/java/org/opensearch/security/SecurityRolesTests.java index e042fc6fa3..6d3f7bc3fc 100644 --- a/src/test/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/test/java/org/opensearch/security/SecurityRolesTests.java @@ -55,12 +55,12 @@ public void testSecurityRolesAnon() throws Exception { RestHelper rh = nonSslRestHelper(); - HttpResponse resc = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + HttpResponse resc = rh.executeGetRequest("_security/authinfo?pretty"); Assert.assertTrue(resc.getBody().contains("anonymous")); Assert.assertFalse(resc.getBody().contains("xyz_sr")); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); - resc = rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("sr_user", "nagilum")); + resc = rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("sr_user", "nagilum")); Assert.assertTrue(resc.getBody().contains("sr_user")); Assert.assertTrue(resc.getBody().contains("xyz_sr")); Assert.assertFalse(resc.getBody().contains("opendistro_security_kibana_server")); @@ -81,7 +81,7 @@ public void testSecurityRoles() throws Exception { RestHelper rh = nonSslRestHelper(); rh.sendAdminCertificate = false; - HttpResponse resc = rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("sr_user", "nagilum")); + HttpResponse resc = rh.executeGetRequest("_security/authinfo?pretty", encodeBasicHeader("sr_user", "nagilum")); Assert.assertTrue(resc.getBody().contains("sr_user")); Assert.assertTrue(resc.getBody().contains("xyz_sr")); @@ -110,7 +110,7 @@ public void testSecurityRolesImpersonation() throws Exception { RestHelper rh = nonSslRestHelper(); HttpResponse resc = rh.executeGetRequest( - "_opendistro/_security/authinfo?pretty", + "_security/authinfo?pretty", encodeBasicHeader("sr_user", "nagilum"), new BasicHeader("opendistro_security_impersonate_as", "sr_impuser") ); diff --git a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java index 896f477ca6..f140416c15 100644 --- a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java +++ b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java @@ -56,56 +56,50 @@ public void testInjectedUserMalformed() throws Exception { HttpResponse resc; - resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", - new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, null) - ); + resc = rh.executeGetRequest("_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, null)); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); - resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", - new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "|||") - ); + resc = rh.executeGetRequest("_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "|||")); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "||127.0.0:80|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "username||ip|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "username||ip:port|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "username||ip:80|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "username||127.0.x:80|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "username||127.0.0:80|key1,value1,key2") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "||127.0.0:80|key1,value1,key2,value2") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); @@ -125,7 +119,7 @@ public void testInjectedUser() throws Exception { HttpResponse resc; resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin||127.0.0:80|") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -135,7 +129,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin|role1|127.0.0:80|key1,value1") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -145,7 +139,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin|role1,role2||key1,value1") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -156,7 +150,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin|role1,role2|8.8.8.8:8|key1,value1,key2,value2") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -167,7 +161,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "nagilum|role1,role2|8.8.8.8:8|key1,value1,key2,value2") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -180,7 +174,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_OK)); @@ -194,7 +188,7 @@ public void testInjectedUser() throws Exception { // add requested tenant resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader( ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2|" @@ -210,7 +204,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader( ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2|mytenant" @@ -226,7 +220,7 @@ public void testInjectedUser() throws Exception { Assert.assertTrue(resc.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]")); resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader( ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "myuser|role1,vulcanadmin|8.8.8.8:8||mytenant with whitespace" @@ -257,7 +251,7 @@ public void testInjectedUserDisabled() throws Exception { HttpResponse resc; resc = rh.executeGetRequest( - "_opendistro/_security/authinfo", + "_security/authinfo", new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin|role1|127.0.0:80|key1,value1") ); assertThat(resc.getStatusCode(), is(HttpStatus.SC_UNAUTHORIZED)); diff --git a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java index b4965d60ad..23e1c4fb77 100644 --- a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java +++ b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java @@ -128,7 +128,7 @@ protected void updateAuditConfig(final String payload) { final String keystore = rh.keystore; rh.sendAdminCertificate = true; rh.keystore = "auditlog/kirk-keystore.jks"; - rh.executePutRequest("_opendistro/_security/api/audit/config", payload); + rh.executePutRequest("_security/api/audit/config", payload); rh.sendAdminCertificate = sendAdminCertificate; rh.keystore = keystore; } diff --git a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java index a832f9bf82..2ed8cdacae 100644 --- a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java +++ b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java @@ -40,7 +40,7 @@ public static void updateAuditConfig(final RestHelper rh, final String payload) final String keystore = rh.keystore; rh.sendAdminCertificate = true; rh.keystore = "auditlog/kirk-keystore.jks"; - RestHelper.HttpResponse response = rh.executePutRequest("_opendistro/_security/api/audit/config", payload); + RestHelper.HttpResponse response = rh.executePutRequest("_plugins/_security/api/audit/config", payload); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); rh.sendAdminCertificate = sendAdminCertificate; rh.keystore = keystore; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java index e07ff5e113..eaf78fe0fe 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java @@ -53,7 +53,7 @@ public void testRestApiRolesEnabled() throws Exception { final AuditMessage message = TestAuditlogImpl.doThenWaitForMessage(() -> { String body = "{ \"password\":\"some new password\",\"backend_roles\":[\"role1\",\"role2\"] }"; HttpResponse response = rh.executePutRequest( - "_opendistro/_security/api/internalusers/compuser?pretty", + "_security/api/internalusers/compuser?pretty", body, encodeBasicHeader("admin", "admin") ); @@ -87,7 +87,7 @@ public void testRestApiRolesDisabled() throws Exception { rh.keystore = "kirk-keystore.jks"; final AuditMessage message = TestAuditlogImpl.doThenWaitForMessage(() -> { - HttpResponse response = rh.executePutRequest("_opendistro/_security/api/internalusers/compuser?pretty", body); + HttpResponse response = rh.executePutRequest("_security/api/internalusers/compuser?pretty", body); assertThat(response.getStatusCode(), is(HttpStatus.SC_CREATED)); }); validateMsgs(List.of(message)); @@ -115,7 +115,7 @@ public void testRestApiRolesDisabledGet() throws Exception { rh.sendAdminCertificate = true; rh.keystore = "kirk-keystore.jks"; final AuditMessage message = TestAuditlogImpl.doThenWaitForMessage(() -> { - HttpResponse response = rh.executeGetRequest("_opendistro/_security/api/rolesmapping/opendistro_security_all_access?pretty"); + HttpResponse response = rh.executeGetRequest("_security/api/rolesmapping/opendistro_security_all_access?pretty"); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); }); validateMsgs(List.of(message)); @@ -164,7 +164,7 @@ public void testRestApiNewUser() throws Exception { final AuditMessage message = TestAuditlogImpl.doThenWaitForMessage(() -> { String body = "{ \"password\":\"some new password\",\"backend_roles\":[\"role1\",\"role2\"] }"; HttpResponse response = rh.executePutRequest( - "_opendistro/_security/api/internalusers/compuser?pretty", + "_security/api/internalusers/compuser?pretty", body, encodeBasicHeader("admin", "admin") ); @@ -198,7 +198,7 @@ public void testRestInternalConfigRead() throws Exception { rh.keystore = "kirk-keystore.jks"; final AuditMessage message = TestAuditlogImpl.doThenWaitForMessage(() -> { - HttpResponse response = rh.executeGetRequest("_opendistro/_security/api/internalusers/admin?pretty"); + HttpResponse response = rh.executeGetRequest("_security/api/internalusers/admin?pretty"); String auditLogImpl = TestAuditlogImpl.sb.toString(); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); Assert.assertTrue(auditLogImpl.contains("COMPLIANCE_INTERNAL_CONFIG_READ")); @@ -222,15 +222,15 @@ public void testBCryptHashRedaction() throws Exception { rh.keystore = "kirk-keystore.jks"; // read internal users and verify no BCrypt hash is present in audit logs - final AuditMessage message1 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers"); - }); + final AuditMessage message1 = TestAuditlogImpl.doThenWaitForMessage( + () -> { rh.executeGetRequest("/_security/api/internalusers"); } + ); Assert.assertFalse(AuditMessage.HASH_REGEX_PATTERN.matcher(message1.toString()).matches()); // read internal user worf and verify no BCrypt hash is present in audit logs final AuditMessage message2 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers/worf"); + rh.executeGetRequest("/_security/api/internalusers/worf"); Assert.assertFalse(AuditMessage.HASH_REGEX_PATTERN.matcher(TestAuditlogImpl.sb.toString()).matches()); }); @@ -238,7 +238,7 @@ public void testBCryptHashRedaction() throws Exception { // create internal user and verify no BCrypt hash is present in audit logs final AuditMessage message3 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executePutRequest("/_opendistro/_security/api/internalusers/test", "{ \"password\":\"some new user password\"}"); + rh.executePutRequest("/_security/api/internalusers/test", "{ \"password\":\"some new user password\"}"); }); Assert.assertFalse(AuditMessage.HASH_REGEX_PATTERN.matcher(message3.toString()).matches()); @@ -261,9 +261,9 @@ public void testPBKDF2HashRedaction() { rh.keystore = "kirk-keystore.jks"; // read internal users and verify no PBKDF2 hash is present in audit logs - final AuditMessage message1 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers"); - }); + final AuditMessage message1 = TestAuditlogImpl.doThenWaitForMessage( + () -> { rh.executeGetRequest("/_security/api/internalusers"); } + ); Assert.assertFalse( message1.toString() @@ -274,9 +274,9 @@ public void testPBKDF2HashRedaction() { Assert.assertTrue(message1.toString().contains("__HASH__")); // read internal user and verify no PBKDF2 hash is present in audit logs - final AuditMessage message2 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers/user1"); - }); + final AuditMessage message2 = TestAuditlogImpl.doThenWaitForMessage( + () -> { rh.executeGetRequest("/_security/api/internalusers/user1"); } + ); Assert.assertFalse( message2.toString() @@ -288,7 +288,7 @@ public void testPBKDF2HashRedaction() { // create internal user and verify no PBKDF2 hash is present in audit logs final AuditMessage message3 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executePutRequest("/_opendistro/_security/api/internalusers/test", "{ \"password\":\"some new user password\"}"); + rh.executePutRequest("/_security/api/internalusers/test", "{ \"password\":\"some new user password\"}"); }); Assert.assertFalse( @@ -301,7 +301,7 @@ public void testPBKDF2HashRedaction() { // test with various users and different PBKDF2 hash formats to make sure they all get redacted final AuditMessage message4 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers", encodeBasicHeader("user1", "user1")); + rh.executeGetRequest("/_security/api/internalusers", encodeBasicHeader("user1", "user1")); }); Assert.assertFalse( @@ -313,7 +313,7 @@ public void testPBKDF2HashRedaction() { Assert.assertTrue(message4.toString().contains("__HASH__")); final AuditMessage message5 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers", encodeBasicHeader("user2", "user2")); + rh.executeGetRequest("/_security/api/internalusers", encodeBasicHeader("user2", "user2")); }); Assert.assertFalse( @@ -325,7 +325,7 @@ public void testPBKDF2HashRedaction() { Assert.assertTrue(message5.toString().contains("__HASH__")); final AuditMessage message6 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers", encodeBasicHeader("user3", "user3")); + rh.executeGetRequest("/_security/api/internalusers", encodeBasicHeader("user3", "user3")); }); Assert.assertFalse( @@ -337,7 +337,7 @@ public void testPBKDF2HashRedaction() { Assert.assertTrue(message6.toString().contains("__HASH__")); final AuditMessage message7 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers", encodeBasicHeader("user4", "user4")); + rh.executeGetRequest("/_security/api/internalusers", encodeBasicHeader("user4", "user4")); }); Assert.assertFalse( @@ -349,7 +349,7 @@ public void testPBKDF2HashRedaction() { Assert.assertTrue(message7.toString().contains("__HASH__")); final AuditMessage message8 = TestAuditlogImpl.doThenWaitForMessage(() -> { - rh.executeGetRequest("/_opendistro/_security/api/internalusers", encodeBasicHeader("user5", "user5")); + rh.executeGetRequest("/_security/api/internalusers", encodeBasicHeader("user5", "user5")); }); Assert.assertFalse( diff --git a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java index 9853581960..c31265a7c9 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java @@ -55,7 +55,7 @@ public void testHTTPTrace() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest( - "_opendistro/_security/api/audit/config", + "_security/api/audit/config", AuditTestUtils.createAuditPayload(settings), encodeBasicHeader("admin", "admin") ); @@ -80,7 +80,7 @@ public void testHTTPTrace() throws Exception { rh.executeGetRequest("_cat/shards?v", encodeBasicHeader("admin", "admin")); // check shards - rh.executeGetRequest("_opendistro/_security/authinfo", encodeBasicHeader("admin", "admin")); + rh.executeGetRequest("_security/authinfo", encodeBasicHeader("admin", "admin")); // _bulk String bulkBody = "{ \"index\" : { \"_index\" : \"test\", \"_id\" : \"1\" } }" @@ -368,7 +368,7 @@ public void testAdvancedMapping() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest( - "_opendistro/_security/api/audit/config", + "_security/api/audit/config", AuditTestUtils.createAuditPayload(settings), encodeBasicHeader("admin", "admin") ); @@ -437,7 +437,7 @@ public void testImmutableIndex() throws Exception { RestHelper rh = nonSslRestHelper(); rh.executePutRequest( - "_opendistro/_security/api/audit/config", + "_security/api/audit/config", AuditTestUtils.createAuditPayload(Settings.EMPTY), encodeBasicHeader("admin", "admin") ); diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 5420793789..2881cd593d 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -227,7 +227,7 @@ public void testGrantedPrivilegesRest() throws Exception { setup(additionalSettings); setupStarfleetIndex(); - testPrivilegeRest(HttpStatus.SC_OK, "/_opendistro/_security/api/roles", AuditCategory.GRANTED_PRIVILEGES); + testPrivilegeRest(HttpStatus.SC_OK, "/_security/api/roles", AuditCategory.GRANTED_PRIVILEGES); } @Test @@ -240,7 +240,7 @@ public void testMissingPrivilegesRest() throws Exception { setup(additionalSettings); setupStarfleetIndex(); - testPrivilegeRest(HttpStatus.SC_FORBIDDEN, "/_opendistro/_security/api/roles", AuditCategory.MISSING_PRIVILEGES); + testPrivilegeRest(HttpStatus.SC_FORBIDDEN, "/_security/api/roles", AuditCategory.MISSING_PRIVILEGES); } private void testPrivilegeRest(final int expectedStatus, final String endpoint, final AuditCategory category) throws Exception { @@ -916,15 +916,12 @@ public void testRestMethod() throws Exception { assertThat(messages.get(0).getRequestMethod(), is(POST)); // test PATCH - messages = TestAuditlogImpl.doThenWaitForMessages(() -> { rh.executePatchRequest("/_opendistro/_security/api/audit", "[]"); }, 1); + messages = TestAuditlogImpl.doThenWaitForMessages(() -> { rh.executePatchRequest("/_security/api/audit", "[]"); }, 1); assertThat(messages.get(0).getRequestMethod(), is(PATCH)); // test MISSING_PRIVILEGES // admin does not have REST role here - messages = TestAuditlogImpl.doThenWaitForMessages( - () -> { rh.executePatchRequest("/_opendistro/_security/api/audit", "[]", adminHeader); }, - 2 - ); + messages = TestAuditlogImpl.doThenWaitForMessages(() -> { rh.executePatchRequest("/_security/api/audit", "[]", adminHeader); }, 2); // The intital request is authenicated assertThat(messages.get(0).getRequestMethod(), is(PATCH)); assertThat(messages.get(0).getCategory(), is(AuditCategory.AUTHENTICATED)); @@ -967,23 +964,20 @@ public void testSensitiveMethodRedaction() throws Exception { // test PUT accounts API TestAuditlogImpl.clear(); - rh.executePutRequest("/_opendistro/_security/api/account", "{\"password\":\"new-pass\", \"current_password\":\"curr-passs\"}"); + rh.executePutRequest("/_security/api/account", "{\"password\":\"new-pass\", \"current_password\":\"curr-passs\"}"); assertThat(TestAuditlogImpl.messages.size(), is(1)); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains(expectedRequestBody)); // test PUT internal users API TestAuditlogImpl.clear(); - rh.executePutRequest( - "/_opendistro/_security/api/internalusers/test1", - "{\"password\":\"new-pass\", \"backend_roles\":[], \"attributes\": {}}" - ); + rh.executePutRequest("/_security/api/internalusers/test1", "{\"password\":\"new-pass\", \"backend_roles\":[], \"attributes\": {}}"); assertThat(TestAuditlogImpl.messages.size(), is(1)); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains(expectedRequestBody)); // test PATCH internal users API TestAuditlogImpl.clear(); rh.executePatchRequest( - "/_opendistro/_security/api/internalusers/test1", + "/_security/api/internalusers/test1", "[{\"op\":\"add\", \"path\":\"/password\", \"value\": \"test-pass\"}]" ); assertThat(TestAuditlogImpl.messages.size(), is(1)); @@ -991,10 +985,7 @@ public void testSensitiveMethodRedaction() throws Exception { // test PUT users API TestAuditlogImpl.clear(); - rh.executePutRequest( - "/_opendistro/_security/api/user/test2", - "{\"password\":\"new-pass\", \"backend_roles\":[], \"attributes\": {}}" - ); + rh.executePutRequest("/_security/api/user/test2", "{\"password\":\"new-pass\", \"backend_roles\":[], \"attributes\": {}}"); assertThat(TestAuditlogImpl.messages.size(), is(1)); Assert.assertTrue(TestAuditlogImpl.sb.toString().contains(expectedRequestBody)); } diff --git a/src/test/java/org/opensearch/security/cache/CachingTest.java b/src/test/java/org/opensearch/security/cache/CachingTest.java index 04bf303896..3b94a9974a 100644 --- a/src/test/java/org/opensearch/security/cache/CachingTest.java +++ b/src/test/java/org/opensearch/security/cache/CachingTest.java @@ -44,11 +44,11 @@ public void reset() { public void testRestCaching() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), Settings.EMPTY); final RestHelper rh = nonSslRestHelper(); - HttpResponse res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + HttpResponse res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); assertThat(DummyHTTPAuthenticator.getCount(), is(3L)); @@ -62,11 +62,11 @@ public void testRestNoCaching() throws Exception { final Settings settings = Settings.builder().put("plugins.security.cache.ttl_minutes", 0).build(); setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); final RestHelper rh = nonSslRestHelper(); - HttpResponse res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + HttpResponse res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest("_opendistro/_security/authinfo?pretty"); + res = rh.executeGetRequest("_security/authinfo?pretty"); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); assertThat(DummyHTTPAuthenticator.getCount(), is(3L)); @@ -81,24 +81,15 @@ public void testRestCachingWithImpersonation() throws Exception { setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); final RestHelper rh = nonSslRestHelper(); HttpResponse res = rh.executeGetRequest( - "_opendistro/_security/authinfo?pretty", + "_security/authinfo?pretty", new BasicHeader("opendistro_security_impersonate_as", "impuser") ); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest( - "_opendistro/_security/authinfo?pretty", - new BasicHeader("opendistro_security_impersonate_as", "impuser") - ); + res = rh.executeGetRequest("_security/authinfo?pretty", new BasicHeader("opendistro_security_impersonate_as", "impuser")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest( - "_opendistro/_security/authinfo?pretty", - new BasicHeader("opendistro_security_impersonate_as", "impuser") - ); + res = rh.executeGetRequest("_security/authinfo?pretty", new BasicHeader("opendistro_security_impersonate_as", "impuser")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); - res = rh.executeGetRequest( - "_opendistro/_security/authinfo?pretty", - new BasicHeader("opendistro_security_impersonate_as", "impuser2") - ); + res = rh.executeGetRequest("_security/authinfo?pretty", new BasicHeader("opendistro_security_impersonate_as", "impuser2")); assertThat(res.getStatusCode(), is(HttpStatus.SC_OK)); assertThat(DummyHTTPAuthenticator.getCount(), is(4L)); diff --git a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java index d6a427e581..1bf3d50ba0 100644 --- a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java +++ b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java @@ -1400,7 +1400,7 @@ public void testCcsWithDiffCertsWithNodesDnDynamicallyAdded() throws Exception { setupCcs(new DynamicSecurityConfig().setSecurityNodesDn("nodes_dn_empty.yml"), cluster1, cluster2); HttpResponse response = rh2.executePutRequest( - "_opendistro/_security/api/nodesdn/connection1", + "_plugins/_security/api/nodesdn/connection1", "{\"nodes_dn\": [\"CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE\"]}", encodeBasicHeader("sarek", "sarek") ); diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java index 989e9933e9..c65fdee318 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java @@ -116,7 +116,7 @@ protected Settings rolesSettings() { protected void deleteUser(String username) throws Exception { boolean sendAdminCertificate = rh.sendAdminCertificate; rh.sendAdminCertificate = true; - HttpResponse response = rh.executeDeleteRequest("/_opendistro/_security/api/internalusers/" + username, new Header[0]); + HttpResponse response = rh.executeDeleteRequest("_plugins/_security/api/internalusers/" + username, new Header[0]); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); rh.sendAdminCertificate = sendAdminCertificate; } @@ -129,7 +129,7 @@ protected void addUserWithPassword(String username, String password, int status, boolean sendAdminCertificate = rh.sendAdminCertificate; rh.sendAdminCertificate = true; HttpResponse response = rh.executePutRequest( - "/_opendistro/_security/api/internalusers/" + username, + "_plugins/_security/api/internalusers/" + username, "{\"password\": \"" + password + "\"}", new Header[0] ); @@ -151,7 +151,7 @@ protected void addUserWithPassword(String username, String password, String[] ro } } payload += "]}"; - HttpResponse response = rh.executePutRequest("/_opendistro/_security/api/internalusers/" + username, payload, new Header[0]); + HttpResponse response = rh.executePutRequest("_plugins/_security/api/internalusers/" + username, payload, new Header[0]); assertThat(response.getStatusCode(), is(status)); rh.sendAdminCertificate = sendAdminCertificate; } @@ -167,7 +167,7 @@ protected void addUserWithoutPasswordOrHash(String username, String[] roles, int } } payload += "]}"; - HttpResponse response = rh.executePutRequest("/_opendistro/_security/api/internalusers/" + username, payload, new Header[0]); + HttpResponse response = rh.executePutRequest("_plugins/_security/api/internalusers/" + username, payload, new Header[0]); assertThat(response.getStatusCode(), is(status)); rh.sendAdminCertificate = sendAdminCertificate; } @@ -180,7 +180,7 @@ protected void addUserWithHash(String username, String hash, int status) throws boolean sendAdminCertificate = rh.sendAdminCertificate; rh.sendAdminCertificate = true; HttpResponse response = rh.executePutRequest( - "/_opendistro/_security/api/internalusers/" + username, + "_plugins/_security/api/internalusers/" + username, "{\"hash\": \"" + hash + "\"}", new Header[0] ); @@ -192,7 +192,7 @@ protected void addUserWithPasswordAndHash(String username, String password, Stri boolean sendAdminCertificate = rh.sendAdminCertificate; rh.sendAdminCertificate = true; HttpResponse response = rh.executePutRequest( - "/_opendistro/_security/api/internalusers/" + username, + "_plugins/_security/api/internalusers/" + username, "{\"hash\": \"" + hash + "\", \"password\": \"" + password + "\"}", new Header[0] ); @@ -239,10 +239,10 @@ protected void setupStarfleetIndex() throws Exception { } protected void assertHealthy() throws Exception { - assertThat(rh.executeGetRequest("_opendistro/_security/health?pretty").getStatusCode(), is(HttpStatus.SC_OK)); + assertThat(rh.executeGetRequest("_plugins/_security/health?pretty").getStatusCode(), is(HttpStatus.SC_OK)); assertThat( HttpStatus.SC_OK, - is(rh.executeGetRequest("_opendistro/_security/authinfo?pretty", encodeBasicHeader("admin", "admin")).getStatusCode()) + is(rh.executeGetRequest("_plugins/_security/authinfo?pretty", encodeBasicHeader("admin", "admin")).getStatusCode()) ); assertThat(HttpStatus.SC_OK, is(rh.executeGetRequest("*/_search?pretty", encodeBasicHeader("admin", "admin")).getStatusCode())); } diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java index 535bbb247e..100aac9643 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java @@ -106,7 +106,7 @@ public void testActionGroupsApi() throws Exception { assertThat("", "bug108", is(settings.getAsList("opendistro_security_zdummy_all.users").get(0))); // Deprecated get configuration API, acessible for sarek - // response = rh.executeGetRequest("_opendistro/_security/api/configuration/internalusers", encodeBasicHeader("sarek", "sarek")); + // response = rh.executeGetRequest("_security/api/configuration/internalusers", encodeBasicHeader("sarek", "sarek")); // settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build(); // assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); // assertThat(settings.get("admin.hash"), is("")); @@ -114,7 +114,7 @@ public void testActionGroupsApi() throws Exception { // assertThat(settings.get("worf.hash"), is("")); // Deprecated get configuration API, acessible for sarek - // response = rh.executeGetRequest("_opendistro/_security/api/configuration/actiongroups", encodeBasicHeader("sarek", "sarek")); + // response = rh.executeGetRequest("_security/api/configuration/actiongroups", encodeBasicHeader("sarek", "sarek")); // settings = Settings.builder().loadFromSource(response.getBody(), XContentType.JSON).build(); // assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); // assertThat("indices:*", is("", settings.getAsList("ALL").get(0))); @@ -123,17 +123,17 @@ public void testActionGroupsApi() throws Exception { // assertThat("READ_UT", is("", settings.getAsList("CRUD.permissions").get(0))); // configuration API, not accessible for worf - // response = rh.executeGetRequest("_opendistro/_security/api/configuration/actiongroups", encodeBasicHeader("worf", "worf")); + // response = rh.executeGetRequest("_security/api/configuration/actiongroups", encodeBasicHeader("worf", "worf")); // assertThat(response.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); // Assert.assertTrue(response.getBody().contains("does not have any access to endpoint CONFIGURATION")); // cache API, not accessible for worf since it's disabled globally - response = rh.executeDeleteRequest("_opendistro/_security/api/cache", encodeBasicHeader("worf", "worf")); + response = rh.executeDeleteRequest(ENDPOINT + "/cache", encodeBasicHeader("worf", "worf")); assertThat(response.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); Assert.assertTrue(response.getBody().contains("does not have any access to endpoint CACHE")); // cache API, not accessible for sarek since it's disabled globally - response = rh.executeDeleteRequest("_opendistro/_security/api/cache", encodeBasicHeader("sarek", "sarek")); + response = rh.executeDeleteRequest(ENDPOINT + "/cache", encodeBasicHeader("sarek", "sarek")); assertThat(response.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); Assert.assertTrue(response.getBody().contains("does not have any access to endpoint CACHE")); @@ -243,11 +243,11 @@ public void testActionGroupsApi() throws Exception { assertThat(settings.get("admin.hash"), is("")); // worf and config - // response = rh.executeGetRequest("_opendistro/_security/api/configuration/actiongroups", encodeBasicHeader("bla", "fasel")); + // response = rh.executeGetRequest("_security/api/configuration/actiongroups", encodeBasicHeader("bla", "fasel")); // assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); // cache - response = rh.executeDeleteRequest("_opendistro/_security/api/cache", encodeBasicHeader("wrong", "wrong")); + response = rh.executeDeleteRequest(ENDPOINT + "/cache", encodeBasicHeader("wrong", "wrong")); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); // -- test user, does not have any endpoints disabled, but has access to API, i.e. full access @@ -255,14 +255,14 @@ public void testActionGroupsApi() throws Exception { rh.sendAdminCertificate = false; // GET actiongroups - // response = rh.executeGetRequest("_opendistro/_security/api/configuration/actiongroups", encodeBasicHeader("test", "test")); + // response = rh.executeGetRequest("_security/api/configuration/actiongroups", encodeBasicHeader("test", "test")); // assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); - response = rh.executeGetRequest("_opendistro/_security/api/actiongroups", encodeBasicHeader("test", "test")); + response = rh.executeGetRequest(ENDPOINT + "/actiongroups", encodeBasicHeader("test", "test")); assertThat(response.getStatusCode(), is(HttpStatus.SC_OK)); // clear cache - globally disabled, has to fail - response = rh.executeDeleteRequest("_opendistro/_security/api/cache", encodeBasicHeader("test", "test")); + response = rh.executeDeleteRequest(ENDPOINT + "/cache", encodeBasicHeader("test", "test")); assertThat(response.getStatusCode(), is(HttpStatus.SC_FORBIDDEN)); // PUT roles diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyAuditApiActionTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyAuditApiActionTests.java deleted file mode 100644 index fbde68e911..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyAuditApiActionTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.AuditApiActionTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyAuditApiActionTests extends AuditApiActionTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyGetConfigurationApiTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyGetConfigurationApiTests.java deleted file mode 100644 index 07983bad0d..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyGetConfigurationApiTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.GetConfigurationApiTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyGetConfigurationApiTests extends GetConfigurationApiTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyIndexMissingTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyIndexMissingTests.java deleted file mode 100644 index fef436f4d7..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyIndexMissingTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.IndexMissingTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyIndexMissingTests extends IndexMissingTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyNodesDnApiTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyNodesDnApiTests.java deleted file mode 100644 index a316785f02..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyNodesDnApiTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.NodesDnApiTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyNodesDnApiTests extends NodesDnApiTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyRoleBasedAccessTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyRoleBasedAccessTests.java deleted file mode 100644 index 329404dfe7..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyRoleBasedAccessTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.RoleBasedAccessTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyRoleBasedAccessTests extends RoleBasedAccessTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacySecurityApiAccessTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacySecurityApiAccessTests.java deleted file mode 100644 index 85428d645d..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacySecurityApiAccessTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.SecurityApiAccessTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacySecurityApiAccessTests extends SecurityApiAccessTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyTenantInfoActionTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyTenantInfoActionTests.java deleted file mode 100644 index 49963d7d55..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyTenantInfoActionTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.TenantInfoActionTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyTenantInfoActionTests extends TenantInfoActionTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyWhitelistApiTests.java b/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyWhitelistApiTests.java deleted file mode 100644 index 689981aa2a..0000000000 --- a/src/test/java/org/opensearch/security/dlic/rest/api/legacy/LegacyWhitelistApiTests.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.dlic.rest.api.legacy; - -import org.opensearch.security.dlic.rest.api.WhitelistApiTest; - -import static org.opensearch.security.OpenSearchSecurityPlugin.LEGACY_OPENDISTRO_PREFIX; - -public class LegacyWhitelistApiTests extends WhitelistApiTest { - @Override - protected String getEndpointPrefix() { - return LEGACY_OPENDISTRO_PREFIX; - } -} diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java index b46c5a6e32..9e60bd5565 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTests.java @@ -52,12 +52,12 @@ public void checkWhitelistedApisAreAccessible() throws Exception { rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cat/nodes\": [\"GET\"],\"/_cat/indices\": [\"GET\"] }}", adminCredsHeader ); - log.warn("the response is:" + rh.executeGetRequest("_opendistro/_security/api/whitelist", adminCredsHeader)); + log.warn("the response is:" + rh.executeGetRequest("_security/api/whitelist", adminCredsHeader)); // NON ADMIN TRIES ACCESSING A WHITELISTED API - OK rh.sendAdminCertificate = false; @@ -127,7 +127,7 @@ public void checkNonWhitelistedApisAccessibleOnlyBySuperAdmin() throws Exception rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cat/nodes\": [\"GET\"],\"/_cat/indices\": [\"GET\"] }}", nonAdminCredsHeader ); @@ -193,7 +193,7 @@ public void checkAllApisWhenWhitelistingNotEnabled() throws Exception { rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": false, \"requests\": {\"/_cat/nodes\": [\"GET\"],\"/_cat/indices\": [\"GET\"] }}", nonAdminCredsHeader ); @@ -276,7 +276,7 @@ public void checkSpecificRequestMethodWhitelisting() throws Exception { rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader ); @@ -389,7 +389,7 @@ public void testWhitelistedApiWithExtraSlash() throws Exception { rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings/\": [\"GET\"]}}", nonAdminCredsHeader ); @@ -487,7 +487,7 @@ public void testWhitelistedApiWithoutExtraSlash() throws Exception { rh.keystore = "restapi/kirk-keystore.jks"; rh.sendAdminCertificate = true; response = rh.executePutRequest( - "_opendistro/_security/api/whitelist", + "_security/api/whitelist", "{\"enabled\": true, \"requests\": {\"/_cluster/settings\": [\"GET\"]}}", nonAdminCredsHeader ); diff --git a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java index d1422e61eb..eb6e65afc7 100644 --- a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java +++ b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java @@ -729,7 +729,7 @@ private static void verifyTenantActions( ); assertThat(adminIndexDocToCreateTenant.getBody(), adminIndexDocToCreateTenant.getStatusCode(), equalTo(HttpStatus.SC_CREATED)); - final HttpResponse authInfo = rh.executeGetRequest("/_opendistro/_security/authinfo?pretty", inTenant, asUser); + final HttpResponse authInfo = rh.executeGetRequest("/_security/authinfo?pretty", inTenant, asUser); assertThat(authInfo.getBody(), authInfo.findValueInJson("tenants." + tenant), equalTo(tenantExpectation.isTenantWritable)); final HttpResponse search = rh.executeGetRequest(".kibana/_search", inTenant, asUser); diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index 20887fccdf..14814deb7f 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -114,19 +114,17 @@ public void testHttps() throws Exception { rh.sendAdminCertificate = true; rh.keystore = "node-untspec5-keystore.p12"; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty&show_dn=true"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty&show_dn=true"); Assert.assertTrue(res.contains("EMAILADDRESS=unt@tst.com")); Assert.assertTrue(res.contains("local_certificates_list")); - Assert.assertFalse( - rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty&show_dn=false").contains("local_certificates_list") - ); - Assert.assertFalse(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("local_certificates_list")); + Assert.assertFalse(rh.executeSimpleRequest("_security/sslinfo?pretty&show_dn=false").contains("local_certificates_list")); + Assert.assertFalse(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("local_certificates_list")); res = rh.executeSimpleRequest("_nodes/settings?pretty"); Assert.assertTrue(res.contains(clusterInfo.clustername)); Assert.assertFalse(res.contains("\"opendistro_security\"")); Assert.assertFalse(res.contains("keystore_filepath")); - // Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); + // Assert.assertTrue(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @@ -266,7 +264,7 @@ public void testHttpsOptionalAuth() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); @@ -316,7 +314,7 @@ public void testHttpsAndNodeSSL() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); String res2 = rh.executeSimpleRequest("_nodes/settings?pretty"); @@ -368,10 +366,10 @@ public void testHttpsAndNodeSSLPKCS8Pem() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); - // Assert.assertTrue(!executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("null")); + // Assert.assertTrue(!executeSimpleRequest("_security/sslinfo?pretty").contains("null")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @@ -418,7 +416,7 @@ public void testHttpsAndNodeSSLPKCS1Pem() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); @@ -471,10 +469,10 @@ public void testHttpsAndNodeSSLPemEnc() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); - // Assert.assertTrue(!executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("null")); + // Assert.assertTrue(!executeSimpleRequest("_security/sslinfo?pretty").contains("null")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @@ -523,9 +521,7 @@ public void testSSLPemEncWithInsecureSettings() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - Assert.assertTrue( - rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE") - ); + Assert.assertTrue(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @Test @@ -603,9 +599,7 @@ public void testHttpPlainFail() throws Exception { rh.sendAdminCertificate = false; Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); - Assert.assertTrue( - rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE") - ); + Assert.assertTrue(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @Test @@ -637,9 +631,7 @@ public void testHttpsNoEnforce() throws Exception { rh.sendAdminCertificate = false; Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); - Assert.assertFalse( - rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE") - ); + Assert.assertFalse(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); } @Test @@ -872,7 +864,7 @@ public void testCustomPrincipalExtractor() throws Exception { log.debug("NodesInfoRequest asserted"); } - rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + rh.executeSimpleRequest("_security/sslinfo?pretty"); // we need to test this in SG itself because in the SSL only plugin the info is not longer propagated // Assert.assertTrue(TestPrincipalExtractor.getTransportCount() > 0); @@ -921,7 +913,7 @@ public void testCRLPem() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("TLS")); + Assert.assertTrue(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("TLS")); } @Test @@ -1106,7 +1098,7 @@ public void testHttpsAndNodeSSLKeyPass() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); @@ -1172,7 +1164,7 @@ public void testHttpsAndNodeSSLKeyStoreExtendedUsageEnabled() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); @@ -1230,7 +1222,7 @@ public void testHttpsAndNodeSSLKeyPassFail() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("TLS")); + Assert.assertTrue(rh.executeSimpleRequest("_security/sslinfo?pretty").contains("TLS")); } @@ -1287,7 +1279,7 @@ public void testHttpsAndNodeSSLPemExtendedUsageEnabled() throws Exception { rh.trustHTTPServerCertificate = true; rh.sendAdminCertificate = true; - String res = rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty"); + String res = rh.executeSimpleRequest("_security/sslinfo?pretty"); Assert.assertTrue(res.contains("TLS")); Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); diff --git a/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java b/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java index 86d1e45133..0a83b4b40d 100644 --- a/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java +++ b/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java @@ -38,9 +38,9 @@ public class SecuritySSLReloadCertsActionTests extends SingleClusterTest { private final ClusterConfiguration clusterConfiguration = ClusterConfiguration.DEFAULT; - private final String GET_CERT_DETAILS_ENDPOINT = "_opendistro/_security/api/ssl/certs"; - private final String RELOAD_TRANSPORT_CERTS_ENDPOINT = "_opendistro/_security/api/ssl/transport/reloadcerts"; - private final String RELOAD_HTTP_CERTS_ENDPOINT = "_opendistro/_security/api/ssl/http/reloadcerts"; + private final String GET_CERT_DETAILS_ENDPOINT = "_plugins/_security/api/ssl/certs"; + private final String RELOAD_TRANSPORT_CERTS_ENDPOINT = "_plugins/_security/api/ssl/transport/reloadcerts"; + private final String RELOAD_HTTP_CERTS_ENDPOINT = "_plugins/_security/api/ssl/http/reloadcerts"; @Rule public TemporaryFolder testFolder = new TemporaryFolder();