Fix tests

Signed-off-by: Craig Perkins <[email protected]>

Author: cwperks

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/TestUtils.java

@@ -373,7 +373,7 @@ public String createSampleResourceGroupAs(TestSecurityConfig.User user, Header..
 
         public String createRawResourceAs(CertificateData adminCert) {
             try (TestRestClient client = cluster.getRestClient(adminCert)) {
-                String sample = "{\"name\":\"sample\"}";
+                String sample = "{\"name\":\"sample\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 TestRestClient.HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_CREATED);
                 return resp.getTextFromJsonBody("/_id");

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/feature/disabled/DirectIndexAccessTests.java

@@ -31,6 +31,7 @@
 import static org.opensearch.sample.resource.TestUtils.SAMPLE_RESOURCE_SEARCH_ENDPOINT;
 import static org.opensearch.sample.resource.TestUtils.newCluster;
 import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
+import static org.opensearch.sample.utils.Constants.RESOURCE_TYPE;
 import static org.opensearch.security.api.AbstractApiIntegrationTest.forbidden;
 import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN;
 
@@ -66,7 +67,7 @@ public void testRawAccess_noAccessUser() throws Exception {
 
             // cannot access any raw request
             try (TestRestClient client = cluster.getRestClient(NO_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -89,7 +90,7 @@ public void testRawAccess_limitedAccessUser() {
 
             // cannot create a resource since user doesn't have indices:data/write/index permission
             try (TestRestClient client = cluster.getRestClient(LIMITED_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -114,7 +115,7 @@ public void testRawAccess_allAccessUser() {
 
             // cannot create a resource directly since system index protection (SIP) is enabled
             try (TestRestClient client = cluster.getRestClient(FULL_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -179,7 +180,7 @@ public void testRawAccess_noAccessUser() {
 
             // cannot access any raw request
             try (TestRestClient client = cluster.getRestClient(NO_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 TestRestClient.HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -202,7 +203,7 @@ public void testRawAccess_limitedAccessUser() {
 
             // cannot create a resource since user doesn't have indices:data/write/index permission
             try (TestRestClient client = cluster.getRestClient(LIMITED_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 TestRestClient.HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -228,7 +229,7 @@ public void testRawAccess_allAccessUser() {
             // can create a resource
             String userResId;
             try (TestRestClient client = cluster.getRestClient(FULL_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 TestRestClient.HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_CREATED);
                 userResId = resp.getTextFromJsonBody("/_id");

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/feature/enabled/DirectIndexAccessTests.java

@@ -36,6 +36,7 @@
 import static org.opensearch.sample.resource.TestUtils.directSharePayload;
 import static org.opensearch.sample.resource.TestUtils.newCluster;
 import static org.opensearch.sample.utils.Constants.RESOURCE_INDEX_NAME;
+import static org.opensearch.sample.utils.Constants.RESOURCE_TYPE;
 import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN;
 
 /**
@@ -62,7 +63,7 @@ public static class SystemIndexEnabled {
         private void assertResourceIndexAccess(String id, TestSecurityConfig.User user) {
             // cannot interact with resource index
             try (TestRestClient client = cluster.getRestClient(user)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -196,7 +197,7 @@ public void testRawAccess_noAccessUser() {
 
             // cannot access any raw request
             try (TestRestClient client = cluster.getRestClient(NO_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -221,7 +222,7 @@ public void testRawAccess_limitedAccessUser() {
 
             // cannot create a resource since user doesn't have indices:data/write/index permission
             try (TestRestClient client = cluster.getRestClient(LIMITED_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc", sample);
                 resp.assertStatusCode(HttpStatus.SC_FORBIDDEN);
             }
@@ -259,7 +260,7 @@ public void testRawAccess_allAccessUser() {
             // can create a resource
             String userResId;
             try (TestRestClient client = cluster.getRestClient(FULL_ACCESS_USER)) {
-                String sample = "{\"name\":\"sampleUser\"}";
+                String sample = "{\"name\":\"sampleUser\",\"resource_type\":\"" + RESOURCE_TYPE + "\"}";
                 HttpResponse resp = client.postJson(RESOURCE_INDEX_NAME + "/_doc?refresh=true", sample);
                 resp.assertStatusCode(HttpStatus.SC_CREATED);
                 userResId = resp.getTextFromJsonBody("/_id");

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/securityapis/MigrateApiTests.java

@@ -301,6 +301,7 @@ private ArrayNode expectedHits(String resourceId, String accessLevel) {
         // 3) Build the _source sub-object
         ObjectNode source = hit.putObject("_source");
         source.put("resource_id", resourceId);
+        source.put("resource_type", RESOURCE_TYPE);
 
         ObjectNode createdBy = source.putObject("created_by");
         createdBy.put("user", MIGRATION_USER.getName());

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/resource/securityapis/ShareableResourceTypesInfoApiTests.java

@@ -59,13 +59,13 @@ public void testTypesApi_mustListSampleResourceAsAType() {
             Map<String, Object> firstType = (Map<String, Object>) types.get(0);
             assertThat(firstType.get("type"), equalTo("sample-resource"));
             assertThat(
-                (List<String>) firstType.get("action_groups"),
+                (List<String>) firstType.get("access_levels"),
                 containsInAnyOrder("sample_read_only", "sample_read_write", "sample_full_access")
             );
             Map<String, Object> secondType = (Map<String, Object>) types.get(1);
             assertThat(secondType.get("type"), equalTo("sample-resource-group"));
             assertThat(
-                (List<String>) secondType.get("action_groups"),
+                (List<String>) secondType.get("access_levels"),
                 containsInAnyOrder("sample_group_read_only", "sample_group_read_write", "sample_group_full_access")
             );
         }

src/main/java/org/opensearch/security/resources/api/migrate/MigrateResourceSharingInfoApiAction.java

@@ -322,8 +322,15 @@ private ValidationResult<MigrationStats> createNewSharingRecords(Triple<String,
                     failureCount.getAndIncrement();
                     migrationStatsLatch.countDown();
                 });
-                // TODO account for hierarchy in migration as well
-                ResourceSharing sharingInfo = new ResourceSharing(resourceId, createdBy, shareWith);
+                // TODO account for hierarchy in migration as well (i.e. parent id)
+                ResourceSharing.Builder builder = ResourceSharing.builder()
+                    .resourceId(resourceId)
+                    .createdBy(createdBy)
+                    .shareWith(shareWith);
+                builder.resourceType(provider.resourceType());
+                // TODO uncomment when hierarchy fully supported
+                // builder.parentType(provider.parentType());
+                ResourceSharing sharingInfo = builder.build();
                 sharingIndexHandler.indexResourceSharing(sourceInfo.getLeft(), sharingInfo, listener);
             } catch (Exception e) {
                 LOGGER.warn("Failed indexing sharing info for [{}]: {}", resourceId, e.getMessage());

src/main/java/org/opensearch/security/resources/sharing/ResourceSharing.java

@@ -114,7 +114,7 @@ public CreatedBy getCreatedBy() {
     public ShareWith getShareWith() {
         if (shareWith == null) {
             // never been shared before, private access
-            return new ShareWith(new HashMap<>());
+            shareWith = new ShareWith(new HashMap<>());
         }
         return shareWith;
     }