Open
Description
While zentity should run seamlessly with native Elasticsearch security features and has proven to do so in practice, it would be a good idea to write automated tests for zentity operating within the constraints of those security features. The tests will provide assurance that zentity functions as designed in a secured cluster, that zentity does not somehow circumvent those security features, and that zentity properly handles security exceptions.
Features to test
- TLS between the client and the cluster and between the nodes of the cluster.
- Basic authentication with either the native realm or file realm.
- Basic role-based access control with cluster- and index-level security:
- Setup API
- Home API
- Models API
- Resolution API