-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add security tests and workflow plus minor fix #470
Conversation
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
.../notifications/src/main/kotlin/org/opensearch/notifications/index/NotificationConfigIndex.kt
Show resolved
Hide resolved
val error = sendResponse.get("error").asJsonObject | ||
Assert.assertNotNull(error.get("reason").asString) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we check the error explicitly since this is technically testing an expected INTERNAL_SERVER_ERROR
because the Slack channel doesn't exist.
Just want to make sure an actual issue presenting itself as an INTERNAL_SERVER_ERROR
doesn't slip by in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
Codecov Report
@@ Coverage Diff @@
## main #470 +/- ##
============================================
- Coverage 61.77% 61.43% -0.34%
Complexity 112 112
============================================
Files 73 73
Lines 2451 2466 +15
Branches 264 266 +2
============================================
+ Hits 1514 1515 +1
- Misses 761 773 +12
- Partials 176 178 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
The test and build dashboards CI is failing because it needs to build against 2.2 if we're using OSD branch If the bump to |
* @param block a function to process this [AutoCloseable] resource. | ||
* @return the result of [block] function invoked on this resource. | ||
*/ | ||
@Suppress("TooGenericExceptionCaught") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's see if we can get rid of these Suppress by having more specific exceptions raised. Unless it is breaking bwc.
val ALL_ACCESS_ROLE = "all_access" | ||
val NOTIFICATION_FULL_ACCESS_ROLE = "notifications_full_access" | ||
val NOTIFICATION_READ_ONLY_ACCESS = "notifications_read_access" | ||
val NOTIFICATION_NO_ACCESS_ROLE = "no_access" | ||
val NOTIFICATION_CREATE_CONFIG_ACCESS = "notifications_create_config_access" | ||
val NOTIFICATION_UPDATE_CONFIG_ACCESS = "notifications_update_config_access" | ||
val NOTIFICATION_DELETE_CONFIG_ACCESS = "notifications_delete_config_access" | ||
val NOTIFICATION_GET_CONFIG_ACCESS = "notifications_get_config_access" | ||
val NOTIFICATION_GET_PLUGIN_FEATURE_ACCESS = "notifications_get_plugin_access" | ||
val NOTIFICATION_GET_CHANNEL_ACCESS = "notifications_get_channel_access" | ||
val NOTIFICATION_TEST_SEND_ACCESS = "notifications_test_send_access" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to define these access roles separately/specifically for tests, and not import from the actual source for consistency ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is purely as a helper class. Only the ALL_ACCESS_ROLE
, NOTIFICATION_FULL_ACCESS_ROLE
, and NOTIFICATION_READ_ONLY_ACCESS
exist, but that is in the security plugin. We have set the others so it easier for the security integration tests to use them.
@@ -99,6 +101,68 @@ fun getStatusText(response: JsonObject): String { | |||
.get("status_text").asString | |||
} | |||
|
|||
private val charPool: List<Char> = ('a'..'z') + ('A'..'Z') + ('0'..'9') | |||
|
|||
fun getCreateRequestJsonString( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit : should we be more specific in naming such as getCreateNotificationRequestJsonString
ConfigType.SLACK -> """ | ||
"slack":{"url":"https://slack.domain.com/sample_slack_url#$randomString"} | ||
""".trimIndent() | ||
ConfigType.CHIME -> """ | ||
"chime":{"url":"https://chime.domain.com/sample_chime_url#$randomString"} | ||
""".trimIndent() | ||
ConfigType.WEBHOOK -> """ | ||
"webhook":{"url":"https://web.domain.com/sample_web_url#$randomString"} | ||
""".trimIndent() | ||
ConfigType.SMTP_ACCOUNT -> """ | ||
"smtp_account":{ | ||
"host":"smtp.domain.com", | ||
"port":"4321", | ||
"method":"ssl", | ||
"from_address":"$randomString@from.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if these all can be resolved via predefined Map <ConfigType, Value> for better maintainability and reusability ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that we need to pass in values to the config definition and abstracting this out would end up complicating the code as no other function currently needs this.
deleteUserWithCustomRole(user, NOTIFICATION_DELETE_CONFIG_ACCESS) | ||
} | ||
|
||
fun `test delete slack notification config without get Notification permission`() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if we should randomize on the channels; since all the scenarios will fit across different channels (slack/chime)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. In a future PR, we can make the tests run for each channel type
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets create a backlog.
Signed-off-by: Ashish Agrawal <ashisagr@amazon.com>
* Add security tests and workflow plus minor fix Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> * fix test and update workflow Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> * apply cleanup comments Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> (cherry picked from commit 7f3c6a8)
* Add security tests and workflow plus minor fix Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> * fix test and update workflow Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> * apply cleanup comments Signed-off-by: Ashish Agrawal <ashisagr@amazon.com> (cherry picked from commit 7f3c6a8) Co-authored-by: Ashish Agrawal <ashisagr@amazon.com>
Signed-off-by: Ashish Agrawal ashisagr@amazon.com
Description
Issues Resolved
#258
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.