Run tests with custom user attribute serialization

cwperks · cwperks · commit 844204e4db55 · 2025-08-19T20:37:52.000-04:00
Signed-off-by: Craig Perkins &lt;cwperx@amazon.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -27,7 +27,7 @@ import java.util.concurrent.TimeUnit
 buildscript {
     ext {
         isSnapshot = "true" == System.getProperty("build.snapshot", "true")
-        opensearch_version = System.getProperty("opensearch.version", "3.2.0-SNAPSHOT")
+        opensearch_version = System.getProperty("opensearch.version", "3.3.0-SNAPSHOT")
         buildVersionQualifier = System.getProperty("build.version_qualifier", "")
         // 2.2.0-SNAPSHOT -> 2.2.0.0-SNAPSHOT
         version_tokens = opensearch_version.tokenize('-')
@@ -375,6 +375,7 @@ afterEvaluate {
             node.extraConfigFile("esnode.pem", file("build/resources/main/esnode.pem"))
             node.extraConfigFile("esnode-key.pem", file("build/resources/main/esnode-key.pem"))
             node.extraConfigFile("root-ca.pem", file("build/resources/main/root-ca.pem"))
+            node.extraConfigFile("opensearch-security/internal_users.yml", file("build/resources/test/security/internal_users.yml"))
             node.setting("plugins.security.ssl.transport.pemcert_filepath", "esnode.pem")
             node.setting("plugins.security.ssl.transport.pemkey_filepath", "esnode-key.pem")
             node.setting("plugins.security.ssl.transport.pemtrustedcas_filepath", "root-ca.pem")
@@ -391,6 +392,7 @@ afterEvaluate {
             node.setting("plugins.security.check_snapshot_restore_write_privileges", "true")
             node.setting("plugins.security.restapi.roles_enabled", "[\"all_access\", \"security_rest_api_access\"]")
             node.setting("plugins.security.system_indices.enabled", "true")
+            node.setting("plugins.security.user_attribute_serialization.enabled", "true")
             // node.setting("plugins.security.system_indices.indices", "[\".opendistro-ism-config\"]")
         }
     }
diff --git a/src/main/resources/mappings/opendistro-ism-config.json b/src/main/resources/mappings/opendistro-ism-config.json
@@ -644,6 +644,11 @@
                   "type" : "keyword"
                 }
               }
+            },
+            "custom_attributes": {
+              "type": "object",
+              "properties": {},
+              "dynamic": "true"
             }
           }
         }
diff --git a/src/main/resources/mappings/opensearch-control-center.json b/src/main/resources/mappings/opensearch-control-center.json
@@ -53,6 +53,11 @@
                   "type" : "keyword"
                 }
               }
+            },
+            "custom_attributes": {
+              "type": "object",
+              "properties": {},
+              "dynamic": "true"
             }
           }
         },
diff --git a/src/test/resources/security/internal_users.yml b/src/test/resources/security/internal_users.yml
@@ -0,0 +1,67 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+    - "admin"
+  description: "Demo admin user"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+
+anomalyadmin:
+  hash: "$2y$12$TRwAAJgnNo67w3rVUz4FIeLx9Dy/llB79zf9I15CKJ9vkM4ZzAd3."
+  reserved: false
+  opendistro_security_roles:
+    - "anomaly_full_access"
+  description: "Demo anomaly admin user, using internal role"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo OpenSearch Dashboards user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+    - "kibanauser"
+    - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo OpenSearch Dashboards read only user, using external role mapping"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+    - "logstash"
+  description: "Demo logstash user, using external role mapping"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+    - "readall"
+  description: "Demo readall user, using external role mapping"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+    - "snapshotrestore"
+  description: "Demo snapshotrestore user, using external role mapping"

Original file line number	Diff line number	Diff line change
`@@ -644,6 +644,11 @@`
`644`	`644`	`"type" : "keyword"`
`645`	`645`	`}`
`646`	`646`	`}`
	`647`	`+ },`
	`648`	`+ "custom_attributes": {`
	`649`	`+ "type": "object",`
	`650`	`+ "properties": {},`
	`651`	`+ "dynamic": "true"`
`647`	`652`	`}`
`648`	`653`	`}`
`649`	`654`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,11 @@`
`53`	`53`	`"type" : "keyword"`
`54`	`54`	`}`
`55`	`55`	`}`
	`56`	`+ },`
	`57`	`+ "custom_attributes": {`
	`58`	`+ "type": "object",`
	`59`	`+ "properties": {},`
	`60`	`+ "dynamic": "true"`
`56`	`61`	`}`
`57`	`62`	`}`
`58`	`63`	`},`