From 23508b95bf5bb36488ebd28689d3469c0f2bbe90 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Thu, 22 Jun 2023 10:39:06 -0400 Subject: [PATCH 1/5] fix cluster perm classification for msearch template Signed-off-by: Derek Ho --- .../opensearch/security/privileges/PrivilegesEvaluator.java | 2 +- .../security/privileges/PrivilegesEvaluatorTest.java | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java index b118a62e5d..a3738dadac 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java @@ -668,7 +668,7 @@ public static boolean isClusterPerm(String action0) { || action0.startsWith(SearchScrollAction.NAME) || (action0.equals(BulkAction.NAME)) || (action0.equals(MultiGetAction.NAME)) - || (action0.equals(MultiSearchAction.NAME)) + || (action0.startsWith(MultiSearchAction.NAME)) || (action0.equals(MultiTermVectorsAction.NAME)) || (action0.equals(ReindexAction.NAME)) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index b953ac8ddb..043dfe504f 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -58,4 +58,10 @@ public void testRegexPattern() throws Exception { response = rh.executeGetRequest("r*/_search", NegatedRegexUserHeader); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); } + + @Test + public void testClusterPerm() { + String clusterPerm = "indices:data/read/msearch/template"; + Assert.assertEquals(true, PrivilegesEvaluator.isClusterPerm(clusterPerm)); + } } From 7e56743441a08d1d9ab9dd8ec5a194e2a54ab30a Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Jun 2023 10:44:45 -0400 Subject: [PATCH 2/5] move test to unit test file Signed-off-by: Derek Ho --- .../privileges/PrivilegesEvaluatorTest.java | 5 ---- .../PrivilegesEvaluatorUnitTest.java | 28 +++++++++++++++++++ 2 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 043dfe504f..3ccdfdc29b 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -59,9 +59,4 @@ public void testRegexPattern() throws Exception { Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); } - @Test - public void testClusterPerm() { - String clusterPerm = "indices:data/read/msearch/template"; - Assert.assertEquals(true, PrivilegesEvaluator.isClusterPerm(clusterPerm)); - } } diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java new file mode 100644 index 0000000000..7bb4ae48f7 --- /dev/null +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java @@ -0,0 +1,28 @@ +package org.opensearch.security.privileges; + +import org.junit.Test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.opensearch.security.privileges.PrivilegesEvaluator.isClusterPerm; + +public class PrivilegesEvaluatorUnitTest { + + @Test + public void testClusterPerm() { + String multiSearchTemplate = "indices:data/read/msearch/template"; + String monitorHealth = "cluster:monitor/health"; + String writeIndex = "indices:data/write/reindex"; + String adminClose = "indices:admin/close"; + String monitorUpgrade = "indices:monitor/upgrade"; + + // Cluster Permissions + assertTrue(isClusterPerm(multiSearchTemplate)); + assertTrue(isClusterPerm(writeIndex)); + assertTrue(isClusterPerm(monitorHealth)); + + // Index Permissions + assertFalse(isClusterPerm(adminClose)); + assertFalse(isClusterPerm(monitorUpgrade)); + } +} From ef4ad87795ced3f0e9e2f8d18363a42e69991a55 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Jun 2023 10:45:21 -0400 Subject: [PATCH 3/5] fully revert integration test file Signed-off-by: Derek Ho --- .../opensearch/security/privileges/PrivilegesEvaluatorTest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 3ccdfdc29b..b953ac8ddb 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -58,5 +58,4 @@ public void testRegexPattern() throws Exception { response = rh.executeGetRequest("r*/_search", NegatedRegexUserHeader); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); } - } From 239a23b2567442bf552a2b4f745dd56ff9468f3c Mon Sep 17 00:00:00 2001 From: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Date: Tue, 27 Jun 2023 12:00:01 -0400 Subject: [PATCH 4/5] Update src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- .../security/privileges/PrivilegesEvaluatorUnitTest.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java index 7bb4ae48f7..9a3a84d2fe 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java @@ -1,3 +1,11 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + package org.opensearch.security.privileges; import org.junit.Test; From 61f31d939ec3f13d685c91a4a22618c25e887a3e Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Tue, 27 Jun 2023 13:33:15 -0400 Subject: [PATCH 5/5] spotless Signed-off-by: Derek Ho --- .../security/privileges/PrivilegesEvaluatorUnitTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java index 9a3a84d2fe..e7412f43b4 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java @@ -5,7 +5,7 @@ * this file be licensed under the Apache-2.0 license or a * compatible open source license. */ - + package org.opensearch.security.privileges; import org.junit.Test;