diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md
index f1e42e1663..ba036b2022 100644
--- a/DEVELOPER_GUIDE.md
+++ b/DEVELOPER_GUIDE.md
@@ -8,6 +8,7 @@ So you want to contribute code to this project? Excellent! We're glad you're her
- [Using IntelliJ IDEA](#using-intellij-idea)
- [Running integration tests](#running-integration-tests)
- [Bulk test runs](#bulk-test-runs)
+ - [Checkstyle Violations](#checkstyle-violations)
- [Submitting Changes](#submitting-changes)
- [Backports](#backports)
@@ -146,6 +147,35 @@ Integration tests are automatically run on all pull requests for all supported v
### Bulk test runs
To collect reliability data on test runs there is a manual GitHub action workflow called `Bulk Integration Test`. The workflow is started for a branch on this project or in a fork by going to [GitHub action workflows](https://github.com/opensearch-project/security/actions/workflows/integration-tests.yml) and selecting `Run Workflow`.
+### Checkstyle Violations
+Checkstyle enforced several rules within this codebase. Sometimes exceptions will be necessary for components that are set for deprecation but the new version is unavailable. There are two formats of suppression that can be used when dealing with violations of this nature, one for disabling a single rule, or another for disabling all rules - its best to be as specific as possible.
+
+*Execute Checkstyle*
+```
+./gradlew checkstyleMain checkstyleTest
+```
+
+*Example violation*
+```
+[ant:checkstyle] [ERROR] /local/home/security/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java:178: Usage should be switched to cluster manager [RegexpSingleline]
+```
+
+*Single Rule Suppression*
+```
+ // CS-SUPPRESS-SINGLE: RegexpSingleline See http://github/issues/1234
+ ...
+ Code that violates the rule
+ ...
+ // CS-ENFORCE-SINGLE
+```
+
+*Suppression All Checkstyle Rules*
+```
+ // CS-SUPRESS-ALL: Legacy code to be deleted in Z.Y.X see http://github/issues/1234
+ ...
+ // CS-ENFORCE-ALL
+```
+
## Submitting Changes
See [CONTRIBUTING](CONTRIBUTING.md).
diff --git a/checkstyle/sun_checks.xml b/checkstyle/sun_checks.xml
index 099c8d39a5..5ffbedaf5a 100644
--- a/checkstyle/sun_checks.xml
+++ b/checkstyle/sun_checks.xml
@@ -201,7 +201,18 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/java/org/opensearch/security/configuration/ClusterInfoHolder.java b/src/main/java/org/opensearch/security/configuration/ClusterInfoHolder.java
index b289eba0ef..c0569e8390 100644
--- a/src/main/java/org/opensearch/security/configuration/ClusterInfoHolder.java
+++ b/src/main/java/org/opensearch/security/configuration/ClusterInfoHolder.java
@@ -77,7 +77,7 @@ public void clusterChanged(ClusterChangedEvent event) {
initialized = true;
}
- isLocalNodeElectedClusterManager = event.localNodeMaster()?Boolean.TRUE:Boolean.FALSE;
+ isLocalNodeElectedClusterManager = event.localNodeClusterManager()?Boolean.TRUE:Boolean.FALSE;
}
public Boolean getHas6xNodes() {
diff --git a/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java b/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java
index 4a81e517a0..f69e736b8f 100644
--- a/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java
+++ b/src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java
@@ -174,7 +174,9 @@ public boolean invoke(String action, ActionRequest request, final ActionListener
//When we encounter a terms or sampler aggregation with masked fields activated we forcibly
//need to switch off global ordinals because field masking can break ordering
+ // CS-SUPPRESS-SINGLE: RegexpSingleline Ignore term inside of url
//https://www.elastic.co/guide/en/elasticsearch/reference/master/eager-global-ordinals.html#_avoiding_global_ordinal_loading
+ // CS-ENFORCE-SINGLE
if (evaluatedDlsFlsConfig.hasFieldMasking()) {
if (searchRequest.source() != null && searchRequest.source().aggregations() != null) {
diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java
index 7ea87cba09..3403dc1ee8 100644
--- a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java
+++ b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java
@@ -11,6 +11,7 @@
package org.opensearch.security.dlic.rest.api;
+// CS-SUPPRESS-SINGLE: RegexpSingleline https://github.com/opensearch-project/OpenSearch/issues/3663
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collections;
@@ -69,6 +70,7 @@
import org.opensearch.threadpool.ThreadPool;
import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
+// CS-ENFORCE-SINGLE
public class MigrateApiAction extends AbstractApiAction {
private static final List routes = addRoutesPrefix(Collections.singletonList(
diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java
index 0329ebf6fe..2553a13677 100644
--- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java
+++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java
@@ -26,6 +26,7 @@
package org.opensearch.security.tools;
+// CS-SUPPRESS-SINGLE: RegexpSingleline https://github.com/opensearch-project/OpenSearch/issues/3663
import java.io.ByteArrayInputStream;
import java.io.Console;
import java.io.File;
@@ -139,6 +140,7 @@
import static org.opensearch.common.xcontent.DeprecationHandler.THROW_UNSUPPORTED_OPERATION;
import static org.opensearch.security.support.SecurityUtils.replaceEnvVars;
+// CS-ENFORCE-SINGLE
@SuppressWarnings("deprecation")
public class SecurityAdmin {
diff --git a/src/test/java/org/opensearch/security/RolesInjectorIntegTest.java b/src/test/java/org/opensearch/security/RolesInjectorIntegTest.java
index 9a356ff92e..8a4129e32b 100644
--- a/src/test/java/org/opensearch/security/RolesInjectorIntegTest.java
+++ b/src/test/java/org/opensearch/security/RolesInjectorIntegTest.java
@@ -45,6 +45,7 @@
import org.opensearch.repositories.RepositoriesService;
import org.opensearch.script.ScriptService;
import org.opensearch.security.support.ConfigConstants;
+import org.opensearch.security.test.AbstractSecurityUnitTest;
import org.opensearch.security.test.DynamicSecurityConfig;
import org.opensearch.security.test.SingleClusterTest;
import org.opensearch.threadpool.ThreadPool;
@@ -83,12 +84,9 @@ public void testRolesInject() throws Exception {
Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().
health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus());
- final Settings tcSettings = Settings.builder()
+ final Settings tcSettings = AbstractSecurityUnitTest.nodeRolesSettings(Settings.builder(), false, false)
.put(minimumSecuritySettings(Settings.EMPTY).get(0))
.put("cluster.name", clusterInfo.clustername)
- .put("node.data", false)
- .put("node.master", false)
- .put("node.ingest", false)
.put("path.data", "./target/data/" + clusterInfo.clustername + "/cert/data")
.put("path.logs", "./target/data/" + clusterInfo.clustername + "/cert/logs")
.put("path.home", "./target")
diff --git a/src/test/java/org/opensearch/security/RolesValidationIntegTest.java b/src/test/java/org/opensearch/security/RolesValidationIntegTest.java
index 588bcbb7fc..57a2d45a28 100644
--- a/src/test/java/org/opensearch/security/RolesValidationIntegTest.java
+++ b/src/test/java/org/opensearch/security/RolesValidationIntegTest.java
@@ -39,6 +39,7 @@
import org.opensearch.repositories.RepositoriesService;
import org.opensearch.script.ScriptService;
import org.opensearch.security.support.ConfigConstants;
+import org.opensearch.security.test.AbstractSecurityUnitTest;
import org.opensearch.security.test.DynamicSecurityConfig;
import org.opensearch.security.test.SingleClusterTest;
import org.opensearch.threadpool.ThreadPool;
@@ -74,12 +75,9 @@ public Collection