zentity
zentity copied to clipboard
Add integration tests for Elasticsearch security features
While zentity should run seamlessly with native Elasticsearch security features and has proven to do so in practice, it would be a good idea to write automated tests for zentity operating within the constraints of those security features. The tests will provide assurance that zentity functions as designed in a secured cluster, that zentity does not somehow circumvent those security features, and that zentity properly handles security exceptions.
Features to test
- [ ] TLS between the client and the cluster and between the nodes of the cluster.
- [ ] Basic authentication with either the native realm or file realm.
- [ ] Basic role-based access control with cluster- and index-level security:
- [ ] Setup API
- [ ] Home API
- [ ] Models API
- [ ] Resolution API
what about alternative security plugins like Search Guard and OpenDistro for Elasticsearch (note: the latter will not continue to support Elasticsearch and will instead be fully integrated into OpenSearch - see also #90 for that)?
@rursprung My intent is to test compatibility with security features only from the official distribution of Elasticsearch. It's possible that zentity might work with other security frameworks, but I haven't tested those and I don't have plans to test and support them officially.