Test cases with flag do not fail on forbidden enabled. (#2154)

* Test cases with flag do not fail on forbidden enabled. * Remarks after CR applied to DNFOF tests * Missing mget tests related to flag do not fail on forbidden added. * Code style corrections for DNFON tests. * Mather GetResponseContainOnlyDocumentIdMatcher added so that DNFOF test still are green after rebase. Signed-off-by: Lukasz Soszynski <lukasz.soszynski@eliatra.com> Signed-off-by: Lukasz Soszynski <110241464+lukasz-soszynski-eliatra@users.noreply.github.com>
opensearch-project · Nov 10, 2022 · 93fe633 · 93fe633
1 parent 977677d
commit 93fe633
Show file tree

Hide file tree

Showing 7 changed files with 465 additions and 1 deletion.
diff --git a/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java b/src/integrationTest/java/org/opensearch/security/DoNotFailOnForbiddenTests.java
diff --git a/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java b/src/integrationTest/java/org/opensearch/security/SearchOperationTest.java
@@ -319,7 +319,7 @@ public class SearchOperationTest {
 
 	@BeforeClass
 	public static void createTestData() {
-		try(Client client = cluster.getInternalNodeClient()){
+		try(Client client = cluster.getInternalNodeClient()) {
 			client.prepareIndex(SONG_INDEX_NAME).setId(ID_S1).setRefreshPolicy(IMMEDIATE).setSource(SONGS[0]).get();
 			client.prepareIndex(UPDATE_DELETE_OPERATION_INDEX_NAME).setId(DOCUMENT_TO_UPDATE_ID).setRefreshPolicy(IMMEDIATE).setSource("field", "value").get();
 			client.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(new AliasActions(ADD).indices(SONG_INDEX_NAME).alias(SONG_LYRICS_ALIAS))).actionGet();

diff --git a/src/integrationTest/java/org/opensearch/test/framework/TestSecurityConfig.java b/src/integrationTest/java/org/opensearch/test/framework/TestSecurityConfig.java
@@ -99,6 +99,11 @@ public TestSecurityConfig anonymousAuth(boolean anonymousAuthEnabled) {
 		config.anonymousAuth(anonymousAuthEnabled);
 		return this;
 	}
+
+	public TestSecurityConfig doNotFailOnForbidden(boolean doNotFailOnForbidden) {
+		config.doNotFailOnForbidden(doNotFailOnForbidden);
+		return this;
+	}
 
 	public TestSecurityConfig authc(AuthcDomain authcDomain) {
 		config.authc(authcDomain);
@@ -129,13 +134,21 @@ public TestSecurityConfig audit(AuditConfiguration auditConfiguration) {
 
 	public static class Config implements ToXContentObject {
 		private boolean anonymousAuth;
+
+		private Boolean doNotFailOnForbidden;
+
 		private Map<String, AuthcDomain> authcDomainMap = new LinkedHashMap<>();
 
 		public Config anonymousAuth(boolean anonymousAuth) {
 			this.anonymousAuth = anonymousAuth;
 			return this;
 		}
 
+		public Config doNotFailOnForbidden(Boolean doNotFailOnForbidden) {
+			this.doNotFailOnForbidden = doNotFailOnForbidden;
+			return this;
+		}
+
 		public Config authc(AuthcDomain authcDomain) {
 			authcDomainMap.put(authcDomain.id, authcDomain);
 			return this;
@@ -151,6 +164,9 @@ public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params
 				xContentBuilder.field("anonymous_auth_enabled", true);
 				xContentBuilder.endObject();
 			}
+			if(doNotFailOnForbidden != null) {
+				xContentBuilder.field("do_not_fail_on_forbidden", doNotFailOnForbidden);
+			}
 
 			xContentBuilder.field("authc", authcDomainMap);
 

diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/LocalCluster.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/LocalCluster.java
@@ -388,6 +388,11 @@ public Builder certificates(TestCertificates certificates) {
 			return this;
 		}
 
+		public Builder doNotFailOnForbidden(boolean doNotFailOnForbidden) {
+			testSecurityConfig.doNotFailOnForbidden(doNotFailOnForbidden);
+			return this;
+		}
+
 		public LocalCluster build() {
 			try {
 				if(testCertificates == null){

diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/SearchRequestFactory.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/SearchRequestFactory.java
@@ -34,6 +34,14 @@ public static SearchRequest queryStringQueryRequest(String indexName, String que
 		return searchRequest;
 	}
 
+	public static SearchRequest queryStringQueryRequest(String[] indicesNames, String queryString) {
+		SearchRequest searchRequest = new SearchRequest(indicesNames);
+		SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
+		searchSourceBuilder.query(QueryBuilders.queryStringQuery(queryString));
+		searchRequest.source(searchSourceBuilder);
+		return searchRequest;
+	}
+
 	public static SearchRequest queryStringQueryRequest(String queryString) {
 		SearchRequest searchRequest = new SearchRequest();
 		SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();

diff --git a/...t/java/org/opensearch/test/framework/matcher/GetResponseContainOnlyDocumentIdMatcher.java b/...t/java/org/opensearch/test/framework/matcher/GetResponseContainOnlyDocumentIdMatcher.java
@@ -0,0 +1,51 @@
+/*
+* Copyright OpenSearch Contributors
+* SPDX-License-Identifier: Apache-2.0
+*
+* The OpenSearch Contributors require contributions made to
+* this file be licensed under the Apache-2.0 license or a
+* compatible open source license.
+*
+*/
+package org.opensearch.test.framework.matcher;
+
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+
+import org.opensearch.action.get.GetResponse;
+
+import static java.util.Objects.requireNonNull;
+
+class GetResponseContainOnlyDocumentIdMatcher extends TypeSafeDiagnosingMatcher<GetResponse> {
+
+	private final String indexName;
+	private final String documentId;
+
+	public GetResponseContainOnlyDocumentIdMatcher(String indexName, String documentId) {
+		this.indexName = requireNonNull(indexName, "Index name is required");
+		this.documentId = requireNonNull(documentId, "Document id is required");
+	}
+
+	@Override
+	protected boolean matchesSafely(GetResponse response, Description mismatchDescription) {
+		if(indexName.equals(response.getIndex()) == false ) {
+			mismatchDescription.appendText(" index name ").appendValue(response.getIndex()).appendText(" is incorrect ");
+			return false;
+		}
+		if(documentId.equals(response.getId()) == false) {
+			mismatchDescription.appendText(" id ").appendValue(response.getId()).appendText(" is incorrect ");
+			return false;
+		}
+		if(response.isExists()) {
+			mismatchDescription.appendText(" document exist what is not desired ");
+			return false;
+		}
+		return true;
+	}
+
+	@Override
+	public void describeTo(Description description) {
+		description.appendText("Response should contain document id from index ").appendValue(indexName).appendText(" with id ")
+			.appendValue(documentId).appendText(" but document should not be present ");
+	}
+}
diff --git a/src/integrationTest/java/org/opensearch/test/framework/matcher/GetResponseMatchers.java b/src/integrationTest/java/org/opensearch/test/framework/matcher/GetResponseMatchers.java
@@ -21,6 +21,10 @@ public static Matcher<GetResponse> containDocument(String indexName, String docu
 		return new GetResponseDocumentIdMatcher(indexName, documentId);
 	}
 
+	public static Matcher<GetResponse> containOnlyDocumentId(String indexName, String documentId) {
+		return new GetResponseContainOnlyDocumentIdMatcher(indexName, documentId);
+	}
+
 	public static Matcher<GetResponse> documentContainField(String fieldName, Object fieldValue) {
 		return new GetResponseDocumentFieldValueMatcher(fieldName, fieldValue);
 	}