-
Notifications
You must be signed in to change notification settings - Fork 24.3k
/
50_token_auth.yml
130 lines (113 loc) · 3.26 KB
/
50_token_auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
"Create a token and reuse it across the upgrade":
- skip:
features: headers
- do:
cluster.health:
wait_for_status: yellow
- do:
security.put_user:
username: "token_user"
body: >
{
"password" : "x-pack-test-password",
"roles" : [ "superuser" ],
"full_name" : "Token User"
}
- do:
security.get_token:
body:
grant_type: "password"
username: "token_user"
password: "x-pack-test-password"
- match: { type: "Bearer" }
- is_true: access_token
- set: { access_token: token }
- is_true: refresh_token
- set: { refresh_token: refresh_token }
- match: { expires_in: 3600 }
- is_false: scope
- do:
headers:
Authorization: Bearer ${token}
security.authenticate: {}
- match: { username: "token_user" }
- match: { roles.0: "superuser" }
- match: { full_name: "Token User" }
- do:
indices.create:
index: token_index
wait_for_active_shards : all
body:
settings:
index:
number_of_replicas: 1
- do:
headers:
Authorization: Bearer ${token}
bulk:
refresh: true
body:
- '{"index": {"_index": "token_index", "_id" : "1"}}'
- '{"f1": "v1_old", "f2": 0}'
- '{"index": {"_index": "token_index", "_id" : "2"}}'
- '{"f1": "v2_old", "f2": 1}'
- '{"index": {"_index": "token_index", "_id" : "3"}}'
- '{"f1": "v3_old", "f2": 2}'
- '{"index": {"_index": "token_index", "_id" : "4"}}'
- '{"f1": "v4_old", "f2": 3}'
- '{"index": {"_index": "token_index", "_id" : "5"}}'
- '{"f1": "v5_old", "f2": 4}'
- do:
headers:
Authorization: Bearer ${token}
search:
rest_total_hits_as_int: true
index: token_index
- match: { hits.total: 5 }
# we do store the token in the index such that we can reuse it down the road once
# the cluster is upgraded
- do:
headers:
Authorization: Bearer ${token}
index:
index: token_index
id: "6"
body: { "token" : "${token}"}
# refresh token and store it as well
- do:
security.get_token:
body:
grant_type: "refresh_token"
refresh_token: "${refresh_token}"
- match: { type: "Bearer" }
- is_true: access_token
- set: { access_token: refreshed_access_token }
- is_true: refresh_token
- set: { refresh_token: refreshed_refresh_token }
- match: { expires_in: 3600 }
- is_false: scope
# test refresh token (use it)
- do:
headers:
Authorization: Bearer ${refreshed_access_token}
security.authenticate: {}
- match: { username: "token_user" }
- match: { roles.0: "superuser" }
- match: { full_name: "Token User" }
# store the new refreshed access token
- do:
headers:
Authorization: Bearer ${refreshed_access_token}
index:
index: token_index
id: "7"
body: { "token" : "${refreshed_access_token}"}
# store the refresh token
- do:
headers:
Authorization: Bearer ${refreshed_access_token}
index:
index: token_index
id: "8"
body: { "token" : "${refreshed_refresh_token}"}