Bug fix for : Admin Users must be able to access all monitors #139 (#280

) Signed-off-by: Sriram <[email protected]> (cherry picked from commit 0351155)
opensearch-project · Sep 23, 2022 · fd3f20d · fd3f20d
1 parent ee88a43
commit fd3f20d
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt b/alerting/src/main/kotlin/org/opensearch/alerting/transport/SecureTransportAction.kt
@@ -92,6 +92,8 @@ interface SecureTransportAction {
                     )
                 )
                 return false
+            } else if (isAdmin(user)) {
+                return true
             } else if (user.backendRoles.isNullOrEmpty()) {
                 actionListener.onFailure(
                     AlertingException.wrap(
@@ -118,7 +120,7 @@ interface SecureTransportAction {
         resourceId: String
     ): Boolean {
 
-        if (!filterByEnabled) return true
+        if (!doFilterForUser(requesterUser)) return true
 
         val resourceBackendRoles = resourceUser?.backendRoles
         val requesterBackendRoles = requesterUser?.backendRoles

diff --git a/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt b/alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureMonitorRestApiIT.kt
@@ -521,6 +521,25 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
             )
             assertEquals("Search monitor failed", RestStatus.OK, adminSearchResponse.restStatus())
             assertEquals("Monitor not found during search", 1, getDocs(adminSearchResponse))
+
+            // get as "admin" - must get 1 docs
+            val id: String = monitorJson["_id"] as String
+            val adminGetResponse = client().makeRequest(
+                "GET",
+                "$ALERTING_BASE_URI/$id",
+                emptyMap(),
+                NStringEntity(search, ContentType.APPLICATION_JSON)
+            )
+            assertEquals("Get monitor failed", RestStatus.OK, adminGetResponse.restStatus())
+
+            // delete as "admin"
+            val adminDeleteResponse = client().makeRequest(
+                "DELETE",
+                "$ALERTING_BASE_URI/$id",
+                emptyMap(),
+                NStringEntity(search, ContentType.APPLICATION_JSON)
+            )
+            assertEquals("Delete monitor failed", RestStatus.OK, adminGetResponse.restStatus())
         } finally {
             deleteRoleMapping("hr_role")
             deleteRole("hr_role")