added injecting whole user object in threadContext before calling not…

…ification APIs so that backend roles are available to notification plugin

Signed-off-by: Petar Dzepina <[email protected]>

alerting/src/main/kotlin/org/opensearch/alerting/MonitorRunner.kt

@@ -12,9 +12,8 @@ import org.opensearch.alerting.action.GetDestinationsResponse
 import org.opensearch.alerting.model.ActionRunResult
 import org.opensearch.alerting.model.MonitorRunResult
 import org.opensearch.alerting.model.destination.Destination
-import org.opensearch.alerting.opensearchapi.InjectorContextElement
+import org.opensearch.alerting.opensearchapi.setUserInfoInThreadContext
 import org.opensearch.alerting.opensearchapi.suspendUntil
-import org.opensearch.alerting.opensearchapi.withClosableContext
 import org.opensearch.alerting.script.QueryLevelTriggerExecutionContext
 import org.opensearch.alerting.script.TriggerExecutionContext
 import org.opensearch.alerting.util.destinationmigration.NotificationActionConfigs
@@ -62,10 +61,11 @@ abstract class MonitorRunner {
                 throw IllegalStateException("Message content missing in the Destination with id: ${action.destinationId}")
             }
             if (!dryrun) {
-                val roles = MonitorRunnerService.getRolesForMonitor(monitor)
-                withClosableContext(
-                    InjectorContextElement(monitor.id, monitorCtx.settings!!, monitorCtx.threadPool!!.threadContext, roles)
-                ) {
+                val client = monitorCtx.client
+                client!!.threadPool().threadContext.stashContext().use {
+                    if (monitor.user != null) {
+                        monitor.user!!.setUserInfoInThreadContext(client.threadPool().threadContext)
+                    }
                     actionOutput[Action.MESSAGE_ID] = getConfigAndSendNotification(
                         action,
                         monitorCtx,

core/src/main/kotlin/org/opensearch/alerting/opensearchapi/OpenSearchExtensions.kt

@@ -21,6 +21,7 @@ import org.opensearch.common.util.concurrent.ThreadContext
 import org.opensearch.common.util.concurrent.ThreadContext.StoredContext
 import org.opensearch.common.xcontent.XContentHelper
 import org.opensearch.common.xcontent.XContentType
+import org.opensearch.commons.ConfigConstants
 import org.opensearch.commons.InjectSecurity
 import org.opensearch.commons.authuser.User
 import org.opensearch.commons.notifications.NotificationsPluginInterface
@@ -32,6 +33,7 @@ import org.opensearch.rest.RestStatus.BAD_GATEWAY
 import org.opensearch.rest.RestStatus.GATEWAY_TIMEOUT
 import org.opensearch.rest.RestStatus.SERVICE_UNAVAILABLE
 import org.opensearch.search.builder.SearchSourceBuilder
+import java.util.StringJoiner
 import kotlin.coroutines.CoroutineContext
 import kotlin.coroutines.resume
 import kotlin.coroutines.resumeWithException
@@ -219,3 +221,13 @@ suspend fun <T> withClosableContext(
         context.rolesInjectorHelper.close()
     }
 }
+
+fun User.setUserInfoInThreadContext(threadContext: ThreadContext) {
+    if (threadContext.getTransient<Any>(ConfigConstants.OPENSEARCH_SECURITY_USER_INFO_THREAD_CONTEXT) == null) {
+        val joiner = StringJoiner("|")
+        joiner.add(name)
+        joiner.add(java.lang.String.join(",", backendRoles))
+        joiner.add(java.lang.String.join(",", roles))
+        threadContext.putTransient(ConfigConstants.OPENSEARCH_SECURITY_USER_INFO_THREAD_CONTEXT, joiner.toString())
+    }
+}