From c1d212722d503f723b412c016cb14b85b8990980 Mon Sep 17 00:00:00 2001 From: Derek Ho Date: Wed, 28 Jun 2023 15:21:04 -0400 Subject: [PATCH] fix cluster perm classification for msearch template (#2892) * fix cluster perm classification for msearch template Signed-off-by: Derek Ho * move test to unit test file Signed-off-by: Derek Ho * fully revert integration test file Signed-off-by: Derek Ho * Update src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * spotless Signed-off-by: Derek Ho --------- Signed-off-by: Derek Ho Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- .../privileges/PrivilegesEvaluator.java | 2 +- .../PrivilegesEvaluatorUnitTest.java | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java index b118a62e5d..a3738dadac 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java @@ -668,7 +668,7 @@ public static boolean isClusterPerm(String action0) { || action0.startsWith(SearchScrollAction.NAME) || (action0.equals(BulkAction.NAME)) || (action0.equals(MultiGetAction.NAME)) - || (action0.equals(MultiSearchAction.NAME)) + || (action0.startsWith(MultiSearchAction.NAME)) || (action0.equals(MultiTermVectorsAction.NAME)) || (action0.equals(ReindexAction.NAME)) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java new file mode 100644 index 0000000000..e7412f43b4 --- /dev/null +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java @@ -0,0 +1,36 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +package org.opensearch.security.privileges; + +import org.junit.Test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.opensearch.security.privileges.PrivilegesEvaluator.isClusterPerm; + +public class PrivilegesEvaluatorUnitTest { + + @Test + public void testClusterPerm() { + String multiSearchTemplate = "indices:data/read/msearch/template"; + String monitorHealth = "cluster:monitor/health"; + String writeIndex = "indices:data/write/reindex"; + String adminClose = "indices:admin/close"; + String monitorUpgrade = "indices:monitor/upgrade"; + + // Cluster Permissions + assertTrue(isClusterPerm(multiSearchTemplate)); + assertTrue(isClusterPerm(writeIndex)); + assertTrue(isClusterPerm(monitorHealth)); + + // Index Permissions + assertFalse(isClusterPerm(adminClose)); + assertFalse(isClusterPerm(monitorUpgrade)); + } +}