From 101f58cfd23e74ada54d3f009176fddbcb571607 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 09:12:51 -0400 Subject: [PATCH] fix cluster perm classification for msearch template (#2892) (#2914) * fix cluster perm classification for msearch template Signed-off-by: Derek Ho * move test to unit test file Signed-off-by: Derek Ho * fully revert integration test file Signed-off-by: Derek Ho * Update src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * spotless Signed-off-by: Derek Ho --------- Signed-off-by: Derek Ho Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> (cherry picked from commit 50ce79c939c8506aae305977d213653eaf21c992) Co-authored-by: Derek Ho --- .../privileges/PrivilegesEvaluator.java | 2 +- .../PrivilegesEvaluatorUnitTest.java | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java index 7383c6b4b6..f41241d3ef 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java @@ -669,7 +669,7 @@ public static boolean isClusterPerm(String action0) { || action0.startsWith(SearchScrollAction.NAME) || (action0.equals(BulkAction.NAME)) || (action0.equals(MultiGetAction.NAME)) - || (action0.equals(MultiSearchAction.NAME)) + || (action0.startsWith(MultiSearchAction.NAME)) || (action0.equals(MultiTermVectorsAction.NAME)) || (action0.equals(ReindexAction.NAME)) diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java new file mode 100644 index 0000000000..e7412f43b4 --- /dev/null +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java @@ -0,0 +1,36 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +package org.opensearch.security.privileges; + +import org.junit.Test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.opensearch.security.privileges.PrivilegesEvaluator.isClusterPerm; + +public class PrivilegesEvaluatorUnitTest { + + @Test + public void testClusterPerm() { + String multiSearchTemplate = "indices:data/read/msearch/template"; + String monitorHealth = "cluster:monitor/health"; + String writeIndex = "indices:data/write/reindex"; + String adminClose = "indices:admin/close"; + String monitorUpgrade = "indices:monitor/upgrade"; + + // Cluster Permissions + assertTrue(isClusterPerm(multiSearchTemplate)); + assertTrue(isClusterPerm(writeIndex)); + assertTrue(isClusterPerm(monitorHealth)); + + // Index Permissions + assertFalse(isClusterPerm(adminClose)); + assertFalse(isClusterPerm(monitorUpgrade)); + } +}