From cb06896ba64e27e2613e61a489d14a6a5e2a586f Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 30 Dec 2024 15:19:13 -0500 Subject: [PATCH] Add unit tests Signed-off-by: Craig Perkins --- .../privileges/ActionPrivilegesTest.java | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java b/src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java index 221c710cb3..1f60cf92d5 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java @@ -126,6 +126,28 @@ public void wildcard() throws Exception { ); } + @Test + public void wildcardByUsername() throws Exception { + SecurityDynamicConfiguration roles = SecurityDynamicConfiguration.empty(CType.ROLES); + + ActionPrivileges subject = new ActionPrivileges( + roles, + FlattenedActionGroups.EMPTY, + null, + Settings.EMPTY, + Map.of("plugin:org.opensearch.sample.SamplePlugin", Set.of("*")) + ); + + assertThat( + subject.hasClusterPrivilege(ctxByUsername("plugin:org.opensearch.sample.SamplePlugin"), "cluster:whatever"), + isAllowed() + ); + assertThat( + subject.hasClusterPrivilege(ctx("plugin:org.opensearch.other.OtherPlugin"), "cluster:whatever"), + isForbidden(missingPrivileges("cluster:whatever")) + ); + } + @Test public void explicit_wellKnown() throws Exception { SecurityDynamicConfiguration roles = SecurityDynamicConfiguration.fromYaml("non_explicit_role:\n" + // @@ -1031,4 +1053,19 @@ static PrivilegesEvaluationContext ctx(String... roles) { null ); } + + static PrivilegesEvaluationContext ctxByUsername(String username) { + User user = new User(username); + user.addAttributes(ImmutableMap.of("attrs.dept_no", "a11")); + return new PrivilegesEvaluationContext( + user, + ImmutableSet.of(), + null, + null, + null, + null, + new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)), + null + ); + } }