fix security IT failure caused by weak password (#951)

ylwu-amzn · web-flow · commit 0146dbd918cc · 2023-06-01T14:01:51.000-07:00
Signed-off-by: Yaliang Wu &lt;ylwu@amazon.com&gt;
diff --git a/plugin/src/test/java/org/opensearch/ml/rest/MLModelGroupRestIT.java b/plugin/src/test/java/org/opensearch/ml/rest/MLModelGroupRestIT.java
@@ -58,6 +58,7 @@ public class MLModelGroupRestIT extends MLCommonsRestTestCase {
     public ExpectedException exceptionRule = ExpectedException.none();
 
     private String modelGroupId;
+    private String password = "IntegTest@MLModelGroupRestIT123";
 
     @Before
     public void setup() throws IOException {
@@ -77,56 +78,43 @@ public void setup() throws IOException {
         }
         createSearchRole(indexSearchAccessRole, "*");
 
-        createUser(mlNoAccessUser, mlNoAccessUser, ImmutableList.of(opensearchBackendRole));
-        mlNoAccessClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlNoAccessUser,
-            mlNoAccessUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlNoAccessUser, password, ImmutableList.of(opensearchBackendRole));
+        mlNoAccessClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlNoAccessUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
-        createUser(mlReadOnlyUser, mlReadOnlyUser, ImmutableList.of(opensearchBackendRole));
-        mlReadOnlyClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlReadOnlyUser,
-            mlReadOnlyUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlReadOnlyUser, password, ImmutableList.of(opensearchBackendRole));
+        mlReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlReadOnlyUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
-        createUser(mlFullAccessNoIndexAccessUser, mlFullAccessNoIndexAccessUser, ImmutableList.of(opensearchBackendRole));
+        createUser(mlFullAccessNoIndexAccessUser, password, ImmutableList.of(opensearchBackendRole));
         mlFullAccessNoIndexAccessClient = new SecureRestClientBuilder(
             getClusterHosts().toArray(new HttpHost[0]),
             isHttps(),
             mlFullAccessNoIndexAccessUser,
-            mlFullAccessNoIndexAccessUser
+            password
         ).setSocketTimeout(60000).build();
 
-        createUser(mlFullAccessUser, mlFullAccessUser, ImmutableList.of(opensearchBackendRole));
-        mlFullAccessClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlFullAccessUser,
-            mlFullAccessUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlFullAccessUser, password, ImmutableList.of(opensearchBackendRole));
+        mlFullAccessClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlFullAccessUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
-        createUser(mlNonAdminFullAccessWithoutBackendRoleUser, mlNonAdminFullAccessWithoutBackendRoleUser, ImmutableList.of());
+        createUser(mlNonAdminFullAccessWithoutBackendRoleUser, password, ImmutableList.of());
         mlNonAdminFullAccessWithoutBackendRoleClient = new SecureRestClientBuilder(
             getClusterHosts().toArray(new HttpHost[0]),
             isHttps(),
             mlNonAdminFullAccessWithoutBackendRoleUser,
-            mlNonAdminFullAccessWithoutBackendRoleUser
+            password
         ).setSocketTimeout(60000).build();
 
-        createUser(
-            mlNonOwnerFullAccessWithBackendRoleUser,
-            mlNonOwnerFullAccessWithBackendRoleUser,
-            ImmutableList.of(opensearchBackendRole)
-        );
+        createUser(mlNonOwnerFullAccessWithBackendRoleUser, password, ImmutableList.of(opensearchBackendRole));
         mlNonOwnerFullAccessWithBackendRoleClient = new SecureRestClientBuilder(
             getClusterHosts().toArray(new HttpHost[0]),
             isHttps(),
             mlNonOwnerFullAccessWithBackendRoleUser,
-            mlNonOwnerFullAccessWithBackendRoleUser
+            password
         ).setSocketTimeout(60000).build();
 
         createRoleMapping("ml_read_access", ImmutableList.of(mlReadOnlyUser));
diff --git a/plugin/src/test/java/org/opensearch/ml/rest/SecureMLRestIT.java b/plugin/src/test/java/org/opensearch/ml/rest/SecureMLRestIT.java
@@ -57,6 +57,7 @@ public class SecureMLRestIT extends MLCommonsRestTestCase {
     public ExpectedException exceptionRule = ExpectedException.none();
 
     private String modelGroupId;
+    private String password = "IntegTest@SecureMLRestIT123";
 
     @Before
     public void setup() throws IOException {
@@ -76,37 +77,28 @@ public void setup() throws IOException {
         }
         createSearchRole(indexSearchAccessRole, "*");
 
-        createUser(mlNoAccessUser, mlNoAccessUser, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
-        mlNoAccessClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlNoAccessUser,
-            mlNoAccessUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlNoAccessUser, password, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
+        mlNoAccessClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlNoAccessUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
-        createUser(mlReadOnlyUser, mlReadOnlyUser, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
-        mlReadOnlyClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlReadOnlyUser,
-            mlReadOnlyUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlReadOnlyUser, password, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
+        mlReadOnlyClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlReadOnlyUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
-        createUser(mlFullAccessNoIndexAccessUser, mlFullAccessNoIndexAccessUser, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
+        createUser(mlFullAccessNoIndexAccessUser, password, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
         mlFullAccessNoIndexAccessClient = new SecureRestClientBuilder(
             getClusterHosts().toArray(new HttpHost[0]),
             isHttps(),
             mlFullAccessNoIndexAccessUser,
-            mlFullAccessNoIndexAccessUser
+            password
         ).setSocketTimeout(60000).build();
 
-        createUser(mlFullAccessUser, mlFullAccessUser, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
-        mlFullAccessClient = new SecureRestClientBuilder(
-            getClusterHosts().toArray(new HttpHost[0]),
-            isHttps(),
-            mlFullAccessUser,
-            mlFullAccessUser
-        ).setSocketTimeout(60000).build();
+        createUser(mlFullAccessUser, password, new ArrayList<>(Arrays.asList(opensearchBackendRole)));
+        mlFullAccessClient = new SecureRestClientBuilder(getClusterHosts().toArray(new HttpHost[0]), isHttps(), mlFullAccessUser, password)
+            .setSocketTimeout(60000)
+            .build();
 
         createRoleMapping("ml_read_access", new ArrayList<>(Arrays.asList(mlReadOnlyUser)));
         createRoleMapping("ml_full_access", new ArrayList<>(Arrays.asList(mlFullAccessNoIndexAccessUser, mlFullAccessUser)));
