From 2f2160ebad5e67b625272c71372e412530db4e07 Mon Sep 17 00:00:00 2001
From: RAJ CHAKRAVARTHI <49325334+raj-chak@users.noreply.github.com>
Date: Wed, 4 Jan 2023 21:34:55 -0500
Subject: [PATCH] changes to return empty serach response for custom rules
 (#231)

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>

Signed-off-by: Raj Chakravarthi <raj@icedome.ca>
(cherry picked from commit 2fcbdba25d1ec7daa02901616881c85a3e3d4a9a)
---
 .../transport/TransportSearchRuleAction.java       | 14 ++++++++++++--
 .../resthandler/RuleRestApiIT.java                 | 13 +++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchRuleAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchRuleAction.java
index 1f7ad8c83..4f5f4c4d1 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchRuleAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchRuleAction.java
@@ -13,6 +13,7 @@
 import org.opensearch.action.bulk.BulkResponse;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
+import org.opensearch.action.search.ShardSearchFailure;
 import org.opensearch.action.support.ActionFilters;
 import org.opensearch.action.support.HandledTransportAction;
 import org.opensearch.action.support.WriteRequest;
@@ -24,6 +25,7 @@
 import org.opensearch.common.unit.TimeValue;
 import org.opensearch.index.reindex.BulkByScrollResponse;
 import org.opensearch.rest.RestStatus;
+import org.opensearch.search.internal.InternalSearchResponse;
 import org.opensearch.securityanalytics.action.SearchRuleAction;
 import org.opensearch.securityanalytics.action.SearchRuleRequest;
 import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
@@ -47,7 +49,6 @@ public class TransportSearchRuleAction extends HandledTransportAction<SearchRule
     private final ThreadPool threadPool;
 
     private final ClusterService clusterService;
-
     private final Settings settings;
 
     private volatile TimeValue indexTimeout;
@@ -190,7 +191,16 @@ public void onFailure(Exception e) {
                 if (ruleIndices.ruleIndexExists(false)) {
                     search(request.getSearchRequest());
                 } else {
-                    onFailures(new IllegalArgumentException("Custom rule index doesnt exist. Please create custom rules first."));
+                    this.listener.onResponse(new SearchResponse(
+                            InternalSearchResponse.empty(),
+                            null,
+                            1,
+                            1,
+                            0,
+                            1,
+                            ShardSearchFailure.EMPTY_ARRAY,
+                            SearchResponse.Clusters.EMPTY
+                    ));
                 }
             }
         }
diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java
index 83e3fe745..cd3b2607a 100644
--- a/src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java
+++ b/src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java
@@ -273,6 +273,19 @@ public void testSearchingPrepackagedRulesByAuthor() throws IOException {
         Assert.assertEquals(17, ((Map<String, Object>) ((Map<String, Object>) responseBody.get("hits")).get("total")).get("value"));
     }
 
+    public void testSearchingCustomRulesWhenNoneExist() throws IOException {
+        String request = "{\n" +
+                "  \"query\": {\n" +
+                "        \"match_all\": {}\n" +
+                "    }\n" +
+                "}";
+
+        Response searchResponse = makeRequest(client(), "POST", String.format(Locale.getDefault(), "%s/_search", SecurityAnalyticsPlugin.RULE_BASE_URI), Collections.singletonMap("pre_packaged", "false"),
+                new StringEntity(request), new BasicHeader("Content-Type", "application/json"));
+        Assert.assertEquals("Searching rules failed", RestStatus.OK, restStatus(searchResponse));
+        Map<String, Object> responseBody = asMap(searchResponse);
+        Assert.assertEquals(0, ((Map<String, Object>) ((Map<String, Object>) responseBody.get("hits")).get("total")).get("value"));
+    }
     @SuppressWarnings("unchecked")
     public void testSearchingCustomRules() throws IOException {
         String rule = randomRule();