Fix tests

Signed-off-by: Derek Ho <[email protected]>

src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java

@@ -53,7 +53,6 @@
 import org.mockito.Mockito;
 
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.privileges.PrivilegeEvaluatorResponseMatcher.isAllowed;
 import static org.opensearch.security.privileges.PrivilegeEvaluatorResponseMatcher.isForbidden;
 import static org.opensearch.security.privileges.PrivilegeEvaluatorResponseMatcher.isPartiallyOk;
@@ -64,6 +63,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
 
 /**
  * Unit tests for ActionPrivileges. As the ActionPrivileges provides quite a few different code paths for checking
@@ -1134,7 +1134,7 @@ static PrivilegesEvaluationContext ctxWithUserName(String userName, String... ro
             null,
             new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)),
             null,
-                mock(ApiTokenRepository.class)
+            mock(ApiTokenRepository.class)
         );
     }
 

src/integrationTest/java/org/opensearch/security/privileges/IndexPatternTest.java

@@ -27,12 +27,12 @@
 import org.opensearch.security.support.WildcardMatcher;
 import org.opensearch.security.user.User;
 
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.indices;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
 
 public class IndexPatternTest {
     final static int CURRENT_YEAR = ZonedDateTime.now().get(ChronoField.YEAR);
@@ -249,7 +249,7 @@ private static PrivilegesEvaluationContext ctx() {
             indexResolverReplacer,
             indexNameExpressionResolver,
             () -> CLUSTER_STATE,
-                mock(ApiTokenRepository.class)
+            mock(ApiTokenRepository.class)
         );
     }
 }

src/integrationTest/java/org/opensearch/security/privileges/RestEndpointPermissionTests.java

@@ -53,11 +53,11 @@
 import org.opensearch.security.securityconf.impl.v7.RoleV7;
 import org.opensearch.security.user.User;
 
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.CERTS_INFO_ACTION;
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.ENDPOINTS_WITH_PERMISSIONS;
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.RELOAD_CERTS_ACTION;
 import static org.opensearch.security.dlic.rest.api.RestApiAdminPrivilegesEvaluator.SECURITY_CONFIG_UPDATE;
+import static org.mockito.Mockito.mock;
 
 /**
  * Moved from https://github.com/opensearch-project/security/blob/54361468f5c4b3a57f3ecffaf1bbe8dccee562be/src/test/java/org/opensearch/security/securityconf/SecurityRolesPermissionsTest.java
@@ -253,7 +253,17 @@ static SecurityDynamicConfiguration<RoleV7> createRolesConfig() throws IOExcepti
     }
 
     static PrivilegesEvaluationContext ctx(String... roles) {
-        return new PrivilegesEvaluationContext(new User("test_user"), ImmutableSet.copyOf(roles), null, null, null, null, null, null, mock(ApiTokenRepository.class));
+        return new PrivilegesEvaluationContext(
+            new User("test_user"),
+            ImmutableSet.copyOf(roles),
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            mock(ApiTokenRepository.class)
+        );
     }
 
 }

src/integrationTest/java/org/opensearch/security/privileges/dlsfls/DlsFlsLegacyHeadersTest.java

@@ -48,7 +48,6 @@
 
 import org.mockito.Mockito;
 
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.Song.ARTIST_STRING;
 import static org.opensearch.security.Song.ARTIST_TWINS;
 import static org.opensearch.security.Song.FIELD_ARTIST;
@@ -57,6 +56,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
 
 public class DlsFlsLegacyHeadersTest {
     static NamedXContentRegistry xContentRegistry = new NamedXContentRegistry(
@@ -348,7 +348,7 @@ public void prepare_ccs() throws Exception {
             null,
             new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)),
             () -> clusterState,
-                mock(ApiTokenRepository.class)
+            mock(ApiTokenRepository.class)
         );
 
         DlsFlsLegacyHeaders.prepare(threadContext, ctx, dlsFlsProcessedConfig(exampleRolesConfig(), metadata), metadata, false);
@@ -368,7 +368,7 @@ static PrivilegesEvaluationContext ctx(Metadata metadata, String... roles) {
             null,
             new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)),
             () -> clusterState,
-                mock(ApiTokenRepository.class)
+            mock(ApiTokenRepository.class)
         );
     }
 

src/integrationTest/java/org/opensearch/security/privileges/dlsfls/DocumentPrivilegesTest.java

@@ -62,14 +62,14 @@
 import org.opensearch.test.framework.TestSecurityConfig;
 
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.dataStreams;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.indices;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
 
 /**
  * Unit tests for the DocumentPrivileges class and the underlying AbstractRuleBasedPrivileges class. As these classes
@@ -529,7 +529,7 @@ public IndicesAndAliases_getRestriction(
                 null,
                 null,
                 () -> CLUSTER_STATE,
-                    mock(ApiTokenRepository.class)
+                mock(ApiTokenRepository.class)
             );
             this.statefulness = statefulness;
             this.dfmEmptyOverridesAll = dfmEmptyOverridesAll == DfmEmptyOverridesAll.DFM_EMPTY_OVERRIDES_ALL_TRUE;
@@ -845,7 +845,7 @@ public IndicesRequest indices(String... strings) {
                 RESOLVER_REPLACER,
                 INDEX_NAME_EXPRESSION_RESOLVER,
                 () -> CLUSTER_STATE,
-                    mock(ApiTokenRepository.class)
+                mock(ApiTokenRepository.class)
             );
             this.statefulness = statefulness;
             this.dfmEmptyOverridesAll = dfmEmptyOverridesAll == DfmEmptyOverridesAll.DFM_EMPTY_OVERRIDES_ALL_TRUE;
@@ -1131,7 +1131,7 @@ public DataStreams_getRestriction(
                 null,
                 null,
                 () -> CLUSTER_STATE,
-                    mock(ApiTokenRepository.class)
+                mock(ApiTokenRepository.class)
             );
             this.statefulness = statefulness;
             this.dfmEmptyOverridesAll = dfmEmptyOverridesAll == DfmEmptyOverridesAll.DFM_EMPTY_OVERRIDES_ALL_TRUE;
@@ -1151,7 +1151,19 @@ public void invalidQuery() throws Exception {
         @Test(expected = PrivilegesEvaluationException.class)
         public void invalidTemplatedQuery() throws Exception {
             DocumentPrivileges.DlsQuery.create("{\"invalid\": \"totally ${attr.foo}\"}", xContentRegistry)
-                .evaluate(new PrivilegesEvaluationContext(new User("test_user"), ImmutableSet.of(), null, null, null, null, null, null, mock(ApiTokenRepository.class)));
+                .evaluate(
+                    new PrivilegesEvaluationContext(
+                        new User("test_user"),
+                        ImmutableSet.of(),
+                        null,
+                        null,
+                        null,
+                        null,
+                        null,
+                        null,
+                        mock(ApiTokenRepository.class)
+                    )
+                );
         }
 
         @Test

src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldMaskingTest.java

@@ -31,12 +31,12 @@
 import org.opensearch.security.user.User;
 import org.opensearch.test.framework.TestSecurityConfig;
 
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.indices;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
 
 /**
  * Unit tests on the FieldMasking class - top-level functionality is tested in FieldMaskingTest.Basic. The inner classes FieldMasking.Field
@@ -126,7 +126,7 @@ static PrivilegesEvaluationContext ctx(String... roles) {
                 null,
                 null,
                 () -> CLUSTER_STATE,
-                    mock(ApiTokenRepository.class)
+                mock(ApiTokenRepository.class)
             );
         }
     }

src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FieldPrivilegesTest.java

@@ -30,11 +30,11 @@
 import org.opensearch.security.user.User;
 import org.opensearch.test.framework.TestSecurityConfig;
 
-import static org.mockito.Mockito.mock;
 import static org.opensearch.security.util.MockIndexMetadataBuilder.indices;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
 
 /**
  * Unit tests on the FieldMasking class - top-level functionality is tested in FieldMaskingTest.Basic. The inner classes FieldMasking.Field
@@ -161,7 +161,7 @@ static PrivilegesEvaluationContext ctx(String... roles) {
                 null,
                 null,
                 () -> CLUSTER_STATE,
-                    mock(ApiTokenRepository.class)
+                mock(ApiTokenRepository.class)
             );
         }
     }

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -1126,7 +1126,7 @@ public Collection<Object> createComponents(
             cih,
             irr,
             namedXContentRegistry.get(),
-                ar
+            ar
         );
 
         dlsFlsBaseContext = new DlsFlsBaseContext(evaluator, threadPool.getThreadContext(), adminDns);

src/main/java/org/opensearch/security/action/apitokens/ApiTokenAction.java

@@ -23,9 +23,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import org.opensearch.client.Client;
 import org.opensearch.client.node.NodeClient;
-import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.inject.Inject;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.rest.RestStatus;
@@ -35,7 +33,6 @@
 import org.opensearch.rest.RestChannel;
 import org.opensearch.rest.RestHandler;
 import org.opensearch.rest.RestRequest;
-import org.opensearch.security.identity.SecurityTokenManager;
 
 import static org.opensearch.rest.RestRequest.Method.DELETE;
 import static org.opensearch.rest.RestRequest.Method.GET;
@@ -55,8 +52,6 @@ public class ApiTokenAction extends BaseRestHandler {
     private ApiTokenRepository apiTokenRepository;
     public Logger log = LogManager.getLogger(this.getClass());
 
-
-
     private static final List<RestHandler.Route> ROUTES = addRoutesPrefix(
         ImmutableList.of(
             new RestHandler.Route(POST, "/apitokens"),
@@ -68,7 +63,7 @@ public class ApiTokenAction extends BaseRestHandler {
     @Inject
     public ApiTokenAction(ApiTokenRepository apiTokenRepository) {
         this.apiTokenRepository = apiTokenRepository;
-//        this.apiTokenRepository = new ApiTokenRepository(client, clusterService, securityTokenManager);
+        // this.apiTokenRepository = new ApiTokenRepository(client, clusterService, securityTokenManager);
     }
 
     @Override

src/main/java/org/opensearch/security/authtoken/jwt/ApiTokenJwtVendor.java

@@ -14,33 +14,25 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.text.ParseException;
-import java.util.Base64;
 import java.util.Date;
-import java.util.List;
 import java.util.Optional;
 import java.util.function.LongSupplier;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import org.opensearch.OpenSearchException;
 import org.opensearch.common.collect.Tuple;
 import org.opensearch.common.settings.Settings;
 
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSSigner;
-import com.nimbusds.jose.KeyLengthException;
-import com.nimbusds.jose.crypto.MACSigner;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jose.jwk.KeyUse;
-import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 
 import static org.opensearch.security.authtoken.jwt.JwtVendor.createJwkFromSettings;
-import static org.opensearch.security.util.AuthTokenUtils.isKeyNull;
 
 public class ApiTokenJwtVendor extends JwtVendor {
     private static final Logger logger = LogManager.getLogger(ApiTokenJwtVendor.class);
@@ -61,7 +53,7 @@ public ApiTokenJwtVendor(final Settings settings, final Optional<LongSupplier> t
     @Override
     @SuppressWarnings("removal")
     public ExpiringBearerAuthToken createJwt(final String issuer, final String subject, final String audience, final long expiration)
-            throws JOSEException, ParseException {
+        throws JOSEException, ParseException {
         final long currentTimeMs = timeProvider.getAsLong();
         final Date now = new Date(currentTimeMs);
 
@@ -77,13 +69,13 @@ public ExpiringBearerAuthToken createJwt(final String issuer, final String subje
         final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(signingKey.getAlgorithm().getName())).build();
 
         final SignedJWT signedJwt = AccessController.doPrivileged(
-                (PrivilegedAction<SignedJWT>) () -> new SignedJWT(header, claimsBuilder.build())
+            (PrivilegedAction<SignedJWT>) () -> new SignedJWT(header, claimsBuilder.build())
         );
         // Sign the JWT so it can be serialized
         signedJwt.sign(signer);
         if (logger.isDebugEnabled()) {
             logger.debug(
-                    "Created JWT: " + signedJwt.serialize() + "\n" + signedJwt.getHeader().toJSONObject() + "\n" + signedJwt.getJWTClaimsSet()
+                "Created JWT: " + signedJwt.serialize() + "\n" + signedJwt.getHeader().toJSONObject() + "\n" + signedJwt.getJWTClaimsSet()
             );
         }
         return new ExpiringBearerAuthToken(signedJwt.serialize(), subject, expiryTime);