Thorough integration tests for index API authorization (#5632)

Signed-off-by: Nils Bandener <[email protected]>

Author: nibix

build.gradle

@@ -573,6 +573,10 @@ allprojects {
         }
         integrationTestImplementation 'org.slf4j:slf4j-api:2.0.12'
         integrationTestImplementation 'com.selectivem.collections:special-collections-complete:1.4.0'
+
+        integrationTestImplementation ('com.jayway.jsonpath:json-path:2.9.0') {
+            exclude(group: 'net.minidev', module: 'json-smart')
+        }
     }
 }
 

src/integrationTest/java/org/opensearch/security/http/ServiceAccountAuthenticationTest.java

@@ -20,11 +20,11 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
-import org.opensearch.test.framework.TestIndex;
 import org.opensearch.test.framework.TestSecurityConfig;
 import org.opensearch.test.framework.cluster.ClusterManager;
 import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
+import org.opensearch.test.framework.data.TestIndex;
 
 import static org.opensearch.security.support.ConfigConstants.SECURITY_RESTAPI_ROLES_ENABLED;
 import static org.opensearch.security.support.ConfigConstants.SECURITY_SYSTEM_INDICES_ENABLED_KEY;

src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java

@@ -19,12 +19,12 @@
 
 import org.opensearch.script.mustache.MustacheModulePlugin;
 import org.opensearch.script.mustache.RenderSearchTemplateAction;
-import org.opensearch.test.framework.TestIndex;
 import org.opensearch.test.framework.TestSecurityConfig;
 import org.opensearch.test.framework.TestSecurityConfig.Role;
 import org.opensearch.test.framework.cluster.ClusterManager;
 import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
+import org.opensearch.test.framework.data.TestIndex;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;

src/integrationTest/java/org/opensearch/security/privileges/dlsfls/FlsFmIntegrationTests.java

@@ -28,12 +28,12 @@
 import org.bouncycastle.util.encoders.Hex;
 
 import org.opensearch.plugin.mapper.MapperSizePlugin;
-import org.opensearch.test.framework.TestData;
-import org.opensearch.test.framework.TestIndex;
 import org.opensearch.test.framework.TestSecurityConfig;
 import org.opensearch.test.framework.cluster.ClusterManager;
 import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
+import org.opensearch.test.framework.data.TestData;
+import org.opensearch.test.framework.data.TestIndex;
 
 import com.rfksystems.blake2b.Blake2b;
 

src/integrationTest/java/org/opensearch/security/privileges/int_tests/ClusterConfig.java

@@ -0,0 +1,86 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.privileges.int_tests;
+
+import java.util.Map;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+import org.opensearch.test.framework.cluster.LocalCluster;
+
+/**
+ * This is one of the test parameter dimensions used by the *Authorization*IntTests test suites.
+ * The test suites run on different cluster configurations; the possible cluster configurations are defined here.
+ */
+public enum ClusterConfig {
+    LEGACY_PRIVILEGES_EVALUATION(
+        "legacy",
+        c -> c.doNotFailOnForbidden(true).nodeSettings(Map.of("plugins.security.system_indices.enabled", true)),
+        true,
+        false,
+        false
+    ),
+    LEGACY_PRIVILEGES_EVALUATION_SYSTEM_INDEX_PERMISSION(
+        "legacy_system_index_perm",
+        c -> c.doNotFailOnForbidden(true)
+            .nodeSettings(
+                Map.of("plugins.security.system_indices.enabled", true, "plugins.security.system_indices.permission.enabled", true)
+            ),
+        true,
+        true,
+        false
+    );
+
+    final String name;
+    final Function<LocalCluster.Builder, LocalCluster.Builder> clusterConfiguration;
+    final boolean legacyPrivilegeEvaluation;
+    final boolean systemIndexPrivilegeEnabled;
+    final boolean allowsEmptyResultSets;
+
+    private LocalCluster cluster;
+
+    ClusterConfig(
+        String name,
+        Function<LocalCluster.Builder, LocalCluster.Builder> clusterConfiguration,
+        boolean legacyPrivilegeEvaluation,
+        boolean systemIndexPrivilegeEnabled,
+        boolean allowsEmptyResultSets
+    ) {
+        this.name = name;
+        this.clusterConfiguration = clusterConfiguration;
+        this.legacyPrivilegeEvaluation = legacyPrivilegeEvaluation;
+        this.systemIndexPrivilegeEnabled = systemIndexPrivilegeEnabled;
+        this.allowsEmptyResultSets = allowsEmptyResultSets;
+    }
+
+    LocalCluster cluster(Supplier<LocalCluster.Builder> clusterBuilder) {
+        if (cluster == null) {
+            cluster = this.clusterConfiguration.apply(clusterBuilder.get()).build();
+            cluster.before();
+        }
+        return cluster;
+    }
+
+    void shutdown() {
+        if (cluster != null) {
+            try {
+                cluster.close();
+            } catch (Exception e) {}
+            cluster = null;
+        }
+    }
+
+    @Override
+    public String toString() {
+        return name;
+    }
+}