github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

Support audit ignore policy by index privileges

Browse source 
Addressing review comments + changing approach:
- use permission check instead of simple "checkIfGrants"
- adding more testing
This commit is contained in:
BigPandaToo 2021-02-15 23:42:36 +01:00
parent 79649e9a6a
commit 152821e742
1 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java
View file

@ -108,19 +108,21 @@ public class AuditTrailSettingsUpdateTests extends SecurityIntegTestCase {
assertThat(e.getMessage(), containsString("invalid pattern [/invalid]"));
}
public void testInvalidPrivilegesFilterSettings() throws Exception {
final Settings.Builder settingsBuilder1 = Settings.builder();
settingsBuilder1.putList("xpack.security.audit.logfile.events.ignore_filters.invalid.index_privileges", "hkrgbkj");
public void testInvalidIndexPrivilegesFilterSettings() throws Exception {
final Settings.Builder settingsBuilder = Settings.builder();
settingsBuilder.putList("xpack.security.audit.logfile.events.ignore_filters.invalid.index_privileges", "hkrgbkj");
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
() -> updateSettings(settingsBuilder1.build(), randomBoolean()));
() -> updateSettings(settingsBuilder.build(), randomBoolean()));
assertThat(e.getMessage(), containsString("illegal value can't update"));
}
final Settings.Builder settingsBuilder2 = Settings.builder();
settingsBuilder1.putList("xpack.security.audit.logfile.events.ignore_filters.invalid.index_privileges", "hkrgbkj");
public void testInvalidlusterPrivilegesFilterSettings() throws Exception {
final Settings.Builder settingsBuilder = Settings.builder();
settingsBuilder.putList("xpack.security.audit.logfile.events.ignore_filters.invalid.index_privileges", "hkrgbkj");
e = expectThrows(IllegalArgumentException.class,
() -> updateSettings(settingsBuilder2.build(), randomBoolean()));
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
() -> updateSettings(settingsBuilder.build(), randomBoolean()));
assertThat(e.getMessage(), containsString("illegal value can't update"));
}