|
14 | 14 | import org.elasticsearch.script.ScriptService;
|
15 | 15 | import org.elasticsearch.script.ScriptType;
|
16 | 16 | import org.elasticsearch.script.TemplateScript;
|
| 17 | +import org.elasticsearch.script.mustache.MustacheScriptEngine; |
17 | 18 | import org.elasticsearch.test.ESTestCase;
|
18 | 19 | import org.elasticsearch.xpack.core.security.user.User;
|
19 | 20 | import org.junit.Before;
|
|
25 | 26 | import java.util.Map;
|
26 | 27 |
|
27 | 28 | import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
| 29 | +import static org.hamcrest.Matchers.arrayWithSize; |
28 | 30 | import static org.hamcrest.Matchers.equalTo;
|
29 | 31 | import static org.hamcrest.Matchers.sameInstance;
|
30 | 32 | import static org.mockito.Matchers.any;
|
@@ -80,7 +82,26 @@ public String execute() {
|
80 | 82 | userModel.put("roles", Arrays.asList(user.roles()));
|
81 | 83 | userModel.put("metadata", user.metadata());
|
82 | 84 | assertThat(usedScript.getParams().get("_user"), equalTo(userModel));
|
| 85 | + } |
| 86 | + |
| 87 | + public void testDocLevelSecurityTemplateWithOpenIdConnectStyleMetadata() throws Exception { |
| 88 | + User user = new User( randomAlphaOfLength( 8), generateRandomStringArray( 5, 5, false), randomAlphaOfLength( 9), "[email protected]", |
| 89 | + Map. of( "oidc(email)", "[email protected]"), true); |
| 90 | + |
| 91 | + final MustacheScriptEngine mustache = new MustacheScriptEngine(); |
| 92 | + |
| 93 | + when(scriptService.compile(any(Script.class), eq(TemplateScript.CONTEXT))).thenAnswer(inv -> { |
| 94 | + assertThat(inv.getArguments(), arrayWithSize(2)); |
| 95 | + Script script = (Script) inv.getArguments()[0]; |
| 96 | + TemplateScript.Factory factory = mustache.compile( |
| 97 | + script.getIdOrCode(), script.getIdOrCode(), TemplateScript.CONTEXT, script.getOptions()); |
| 98 | + return factory; |
| 99 | + }); |
| 100 | + |
| 101 | + String template = "{ \"template\" : { \"source\" : {\"term\":{\"field\":\"{{_user.metadata.oidc(email)}}\"}} } }"; |
83 | 102 |
|
| 103 | + String evaluated = SecurityQueryTemplateEvaluator.evaluateTemplate(template, scriptService, user); |
| 104 | + assertThat( evaluated, equalTo( "{\"term\":{\"field\":\"[email protected]\"}}")); |
84 | 105 | }
|
85 | 106 |
|
86 | 107 | public void testSkipTemplating() throws Exception {
|
|
0 commit comments