Fix few tests

Signed-off-by: Craig Perkins <[email protected]>

Author: cwperks

src/main/java/org/opensearch/security/resources/ResourceSharingIndexHandler.java

@@ -13,7 +13,6 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -720,33 +719,19 @@ public void patchSharingInfo(
 
         // Apply patch and update the document
         sharingInfoListener.whenComplete(sharingInfo -> {
-            ShareWith updatedShareWith = sharingInfo.getShareWith();
-            if (updatedShareWith == null) {
-                updatedShareWith = new ShareWith(new HashMap<>());
-            }
             if (add != null) {
-                updatedShareWith = updatedShareWith.add(add);
+                sharingInfo.getShareWith().add(add);
             }
             if (revoke != null) {
-                updatedShareWith = updatedShareWith.revoke(revoke);
+                sharingInfo.getShareWith().revoke(revoke);
             }
 
-            ShareWith cleaned = null;
-            if (updatedShareWith != null) {
-                ShareWith pruned = updatedShareWith.prune();
-                if (!pruned.isPrivate()) {
-                    cleaned = pruned; // store only if something non-empty remains
-                }
-            }
-
-            ResourceSharing updatedSharingInfo = new ResourceSharing(resourceId, sharingInfo.getCreatedBy(), cleaned);
-
             try (ThreadContext.StoredContext ctx = this.threadPool.getThreadContext().stashContext()) {
                 // update the record
                 IndexRequest ir = client.prepareIndex(resourceSharingIndex)
                     .setId(resourceId)
                     .setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE)
-                    .setSource(updatedSharingInfo.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
+                    .setSource(sharingInfo.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
                     .setOpType(DocWriteRequest.OpType.INDEX)
                     .request();
 
@@ -762,13 +747,13 @@ public void patchSharingInfo(
                     updateResourceVisibility(
                         resourceId,
                         resourceIndex,
-                        updatedSharingInfo.getAllPrincipals(),
+                        sharingInfo.getAllPrincipals(),
                         ActionListener.wrap((updateResponse) -> {
                             LOGGER.debug("Successfully updated visibility for resource {} within index {}", resourceId, resourceIndex);
-                            listener.onResponse(updatedSharingInfo);
+                            listener.onResponse(sharingInfo);
                         }, (e) -> {
                             LOGGER.error("Failed to update principals field in [{}] for resource [{}]", resourceIndex, resourceId, e);
-                            listener.onResponse(updatedSharingInfo);
+                            listener.onResponse(sharingInfo);
                         })
                     );
 

src/main/java/org/opensearch/security/resources/sharing/ResourceSharing.java

@@ -112,6 +112,10 @@ public CreatedBy getCreatedBy() {
     }
 
     public ShareWith getShareWith() {
+        if (shareWith == null) {
+            // never been shared before, private access
+            return new ShareWith(new HashMap<>());
+        }
         return shareWith;
     }
 
@@ -251,13 +255,25 @@ public static ResourceSharing fromXContent(XContentParser parser) throws IOExcep
                         b.resourceId(parser.text());
                         break;
                     case "resource_type":
-                        b.resourceType(parser.text());
+                        if (token == XContentParser.Token.VALUE_NULL) {
+                            b.resourceType(null);
+                        } else {
+                            b.resourceType(parser.text());
+                        }
                         break;
                     case "parent_type":
-                        b.parentType(parser.text());
+                        if (token == XContentParser.Token.VALUE_NULL) {
+                            b.parentType(null);
+                        } else {
+                            b.parentType(parser.text());
+                        }
                         break;
                     case "parent_id":
-                        b.parentId(parser.text());
+                        if (token == XContentParser.Token.VALUE_NULL) {
+                            b.parentId(null);
+                        } else {
+                            b.parentId(parser.text());
+                        }
                         break;
                     case "created_by":
                         b.createdBy(CreatedBy.fromXContent(parser));

src/main/java/org/opensearch/security/resources/sharing/ShareWith.java

@@ -141,16 +141,15 @@ public ShareWith add(ShareWith other) {
         if (other == null || other.isPrivate()) {
             return this;
         }
-        Map<String, Recipients> updated = new HashMap<>(this.sharingInfo);
         for (var entry : other.sharingInfo.entrySet()) {
             String level = entry.getKey();
             Recipients patchRecipients = entry.getValue();
-            updated.merge(level, patchRecipients, (orig, patchRec) -> {
+            sharingInfo.merge(level, patchRecipients, (orig, patchRec) -> {
                 orig.share(patchRec);
                 return orig;
             });
         }
-        return new ShareWith(updated);
+        return this;
     }
 
     /**
@@ -160,16 +159,15 @@ public ShareWith revoke(ShareWith other) {
         if (this.sharingInfo.isEmpty() || other == null || other.isPrivate()) {
             return this;
         }
-        Map<String, Recipients> updated = new HashMap<>(this.sharingInfo);
         for (var entry : other.sharingInfo.entrySet()) {
             String level = entry.getKey();
-            Recipients revokeRecipients = entry.getValue();
-            updated.computeIfPresent(level, (lvl, orig) -> {
-                orig.revoke(revokeRecipients);
+            Recipients toRevoke = entry.getValue();
+            sharingInfo.computeIfPresent(level, (lvl, orig) -> {
+                orig.revoke(toRevoke);
                 return orig;
             });
         }
-        return new ShareWith(updated);
+        return this;
     }
 
     /** Return a normalized ShareWith with no empty buckets and no empty action-groups. */

src/test/java/org/opensearch/security/resources/ResourceAccessHandlerTest.java

@@ -24,7 +24,6 @@
 import org.opensearch.security.auth.UserSubjectImpl;
 import org.opensearch.security.configuration.AdminDNs;
 import org.opensearch.security.privileges.PrivilegesEvaluator;
-import org.opensearch.security.resources.sharing.Recipient;
 import org.opensearch.security.resources.sharing.ResourceSharing;
 import org.opensearch.security.resources.sharing.ShareWith;
 import org.opensearch.security.securityconf.FlattenedActionGroups;
@@ -124,10 +123,7 @@ public void testHasPermission_sharedWithUserAllowed() {
 
         // Document setup: shared with the user at access-level "read"
         ResourceSharing doc = mock(ResourceSharing.class);
-        when(doc.isCreatedBy("bob")).thenReturn(false);
-        when(doc.fetchAccessLevels(eq(Recipient.USERS), any())).thenReturn(Set.of("read"));
-        when(doc.fetchAccessLevels(eq(Recipient.ROLES), any())).thenReturn(Set.of());
-        when(doc.fetchAccessLevels(eq(Recipient.BACKEND_ROLES), any())).thenReturn(Set.of());
+        when(doc.getAccessLevelsForUser(user)).thenReturn(Set.of("read"));
 
         FlattenedActionGroups ag = mock(FlattenedActionGroups.class);
         when(resourcePluginInfo.flattenedForType(TYPE)).thenReturn(ag);