opensearch-project · petardz · May 16, 2023 · May 16, 2023 · May 17, 2023 · May 19, 2023
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Run integration tests
         run: | 
-          ./gradlew integTest -Dsecurity=true -Dhttps=true
+          ./gradlew integTest -Dsecurity=true -Dhttps=true -Dtests.class='*SecurityBehaviorIT'
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: failure()

@@ -25,9 +25,9 @@ import org.opensearch.common.settings.Setting
 import org.opensearch.common.settings.Settings
 import org.opensearch.common.settings.SettingsFilter
 import org.opensearch.common.util.concurrent.ThreadContext
+import org.opensearch.common.xcontent.XContentParserUtils.ensureExpectedToken
 import org.opensearch.core.xcontent.NamedXContentRegistry
 import org.opensearch.core.xcontent.XContentParser.Token
-import org.opensearch.common.xcontent.XContentParserUtils.ensureExpectedToken
 import org.opensearch.env.Environment
 import org.opensearch.env.NodeEnvironment
 import org.opensearch.indexmanagement.controlcenter.notification.ControlCenterIndices
@@ -125,6 +125,7 @@ import org.opensearch.indexmanagement.rollup.settings.RollupSettings
 import org.opensearch.indexmanagement.rollup.util.QueryShardContextFactory
 import org.opensearch.indexmanagement.rollup.util.RollupFieldValueExpressionResolver
 import org.opensearch.indexmanagement.settings.IndexManagementSettings
+import org.opensearch.indexmanagement.snapshotmanagement.SMRunner
 import org.opensearch.indexmanagement.snapshotmanagement.api.resthandler.RestCreateSMPolicyHandler
 import org.opensearch.indexmanagement.snapshotmanagement.api.resthandler.RestDeleteSMPolicyHandler
 import org.opensearch.indexmanagement.snapshotmanagement.api.resthandler.RestExplainSMPolicyHandler
@@ -140,7 +141,6 @@ import org.opensearch.indexmanagement.snapshotmanagement.api.transport.get.Trans
 import org.opensearch.indexmanagement.snapshotmanagement.api.transport.index.TransportIndexSMPolicyAction
 import org.opensearch.indexmanagement.snapshotmanagement.api.transport.start.TransportStartSMAction
 import org.opensearch.indexmanagement.snapshotmanagement.api.transport.stop.TransportStopSMAction
-import org.opensearch.indexmanagement.snapshotmanagement.SMRunner
 import org.opensearch.indexmanagement.snapshotmanagement.model.SMMetadata
 import org.opensearch.indexmanagement.snapshotmanagement.model.SMPolicy
 import org.opensearch.indexmanagement.snapshotmanagement.settings.SnapshotManagementSettings

@@ -8,8 +8,8 @@ package org.opensearch.indexmanagement
 import org.apache.hc.core5.http.ContentType
 import org.apache.hc.core5.http.io.entity.StringEntity
 import org.opensearch.common.settings.Settings
-import org.opensearch.core.xcontent.ToXContent
 import org.opensearch.common.xcontent.XContentFactory
+import org.opensearch.core.xcontent.ToXContent
 import org.opensearch.indexmanagement.IndexManagementIndices.Companion.HISTORY_INDEX_BASE
 import org.opensearch.indexmanagement.IndexManagementIndices.Companion.HISTORY_WRITE_INDEX_ALIAS
 import org.opensearch.indexmanagement.IndexManagementIndices.Companion.indexManagementMappings
@@ -110,7 +110,7 @@ class IndexManagementIndicesIT : IndexStateManagementRestTestCase() {
 
         // wait for the policy to initialize which will add 1 history document to the history index
         // this should update the history mappings to the new version
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(index).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(index)!!.policyID) }
 
         waitFor {
             assertIndexExists(HISTORY_WRITE_INDEX_ALIAS)

@@ -26,6 +26,7 @@ import org.opensearch.indexmanagement.indexstatemanagement.IndexStateManagementR
 import org.opensearch.indexmanagement.indexstatemanagement.model.ManagedIndexConfig
 import org.opensearch.indexmanagement.indexstatemanagement.model.Policy
 import org.opensearch.indexmanagement.indexstatemanagement.resthandler.RestExplainAction
+import org.opensearch.indexmanagement.indexstatemanagement.resthandler.RestExplainAction.Companion.EXPLAIN_BASE_URI
 import org.opensearch.indexmanagement.indexstatemanagement.settings.ManagedIndexSettings
 import org.opensearch.indexmanagement.indexstatemanagement.toJsonString
 import org.opensearch.indexmanagement.indexstatemanagement.util.INDEX_NUMBER_OF_REPLICAS
@@ -105,7 +106,7 @@ abstract class SecurityRestTestCase : IndexManagementRestTestCase() {
             return super.createIndex(index, policyID, alias, replicas, shards, mapping, settings)
         }
 
-        fun getExplainManagedIndexMetaDataExt(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData {
+        fun getExplainManagedIndexMetaDataExt(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData? {
             return super.getExplainManagedIndexMetaData(indexName, userClient)
         }
     }
@@ -214,6 +215,16 @@ abstract class SecurityRestTestCase : IndexManagementRestTestCase() {
         return IndexStateManagementRestTestCaseExt.createPolicyExt(policy, policyId, refresh, client)
     }
 
+    protected fun managedIndicesExplain(
+        indices: List<String>,
+        client: RestClient
+    ): Map<*, *> {
+
+        val request = Request("GET", "$EXPLAIN_BASE_URI")
+        request.addParameter("index", indices.joinToString(separator = ","))
+        return entityAsMap(executeRequest(request, RestStatus.OK, client))
+    }
+
     protected fun managedIndexExplainAllAsMap(
         client: RestClient?,
     ): Map<*, *> {
@@ -248,7 +259,7 @@ abstract class SecurityRestTestCase : IndexManagementRestTestCase() {
         executeRequest(request, expectedStatus, client)
     }
 
-    protected fun getExplainManagedIndexMetaData(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData {
+    protected fun getExplainManagedIndexMetaData(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData? {
         return IndexStateManagementRestTestCaseExt.getExplainManagedIndexMetaDataExt(indexName, userClient)
     }
 

@@ -5,9 +5,9 @@
 
 package org.opensearch.indexmanagement.indexstatemanagement
 
+import org.apache.hc.core5.http.ContentType
 import org.apache.hc.core5.http.HttpEntity
 import org.apache.hc.core5.http.HttpHeaders
-import org.apache.hc.core5.http.ContentType
 import org.apache.hc.core5.http.io.entity.StringEntity
 import org.apache.hc.core5.http.message.BasicHeader
 import org.junit.After
@@ -22,13 +22,13 @@ import org.opensearch.client.RestClient
 import org.opensearch.cluster.metadata.IndexMetadata
 import org.opensearch.common.settings.Settings
 import org.opensearch.common.unit.TimeValue
-import org.opensearch.core.xcontent.DeprecationHandler
 import org.opensearch.common.xcontent.LoggingDeprecationHandler
-import org.opensearch.core.xcontent.NamedXContentRegistry
-import org.opensearch.core.xcontent.XContentParser.Token
 import org.opensearch.common.xcontent.XContentParserUtils.ensureExpectedToken
 import org.opensearch.common.xcontent.XContentType
 import org.opensearch.common.xcontent.json.JsonXContent.jsonXContent
+import org.opensearch.core.xcontent.DeprecationHandler
+import org.opensearch.core.xcontent.NamedXContentRegistry
+import org.opensearch.core.xcontent.XContentParser.Token
 import org.opensearch.index.seqno.SequenceNumbers
 import org.opensearch.indexmanagement.IndexManagementIndices
 import org.opensearch.indexmanagement.IndexManagementPlugin
@@ -620,7 +620,7 @@ abstract class IndexStateManagementRestTestCase : IndexManagementRestTestCase()
     // Calls explain API for a single concrete index and converts the response into a ManagedIndexMetaData
     // This only works for indices with a ManagedIndexMetaData that has been initialized
     @Suppress("LoopWithTooManyJumpStatements")
-    protected fun getExplainManagedIndexMetaData(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData {
+    protected fun getExplainManagedIndexMetaData(indexName: String, userClient: RestClient? = null): ManagedIndexMetaData? {
         if (indexName.contains("*") || indexName.contains(",")) {
             throw IllegalArgumentException("This method is only for a single concrete index")
         }
@@ -633,8 +633,13 @@ abstract class IndexStateManagementRestTestCase : IndexManagementRestTestCase()
         while (xcp.nextToken() != Token.END_OBJECT) {
             val cn = xcp.currentName()
             xcp.nextToken()
-            if (cn == "total_managed_indices") continue
-
+            if (cn == "total_managed_indices") {
+                if (xcp.text() == "0") {
+                    return null
+                } else {
+                    continue
+                }
+            }
             metadata = ManagedIndexMetaData.parse(xcp)
             break // bypass roles field
         }

@@ -44,7 +44,7 @@ class ActionRetryIT : IndexStateManagementRestTestCase() {
         // First execution. We need to initialize the policy.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Second execution is to fail the step once.
         updateManagedIndexConfigStartTime(managedIndexConfig)
@@ -53,7 +53,7 @@ class ActionRetryIT : IndexStateManagementRestTestCase() {
             val managedIndexMetaData = getExplainManagedIndexMetaData(indexName)
             assertEquals(
                 ActionMetaData(
-                    "rollover", managedIndexMetaData.actionMetaData?.startTime, 0, false, 1,
+                    "rollover", managedIndexMetaData!!.actionMetaData?.startTime, 0, false, 1,
                     managedIndexMetaData.actionMetaData?.lastRetryTime, null
                 ),
                 managedIndexMetaData.actionMetaData
@@ -69,7 +69,7 @@ class ActionRetryIT : IndexStateManagementRestTestCase() {
             val managedIndexMetaData = getExplainManagedIndexMetaData(indexName)
             assertEquals(
                 ActionMetaData(
-                    "rollover", managedIndexMetaData.actionMetaData?.startTime, 0, false, 2,
+                    "rollover", managedIndexMetaData!!.actionMetaData?.startTime, 0, false, 2,
                     managedIndexMetaData.actionMetaData?.lastRetryTime, null
                 ),
                 managedIndexMetaData.actionMetaData
@@ -85,7 +85,7 @@ class ActionRetryIT : IndexStateManagementRestTestCase() {
             val managedIndexMetaData = getExplainManagedIndexMetaData(indexName)
             assertEquals(
                 ActionMetaData(
-                    "rollover", managedIndexMetaData.actionMetaData?.startTime, 0, true, 2,
+                    "rollover", managedIndexMetaData!!.actionMetaData?.startTime, 0, true, 2,
                     managedIndexMetaData.actionMetaData?.lastRetryTime, null
                 ),
                 managedIndexMetaData.actionMetaData
@@ -119,11 +119,11 @@ class ActionRetryIT : IndexStateManagementRestTestCase() {
         updateManagedIndexConfigStartTime(managedIndexConfig)
         // First execution. We need to initialize the policy.
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
         // Second execution is to fail the step once.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(1, getExplainManagedIndexMetaData(indexName).actionMetaData?.consumedRetries) }
+        waitFor { assertEquals(1, getExplainManagedIndexMetaData(indexName)!!.actionMetaData?.consumedRetries) }
 
         // Third execution should not run job since we have the retry backoff.
         updateManagedIndexConfigStartTime(managedIndexConfig)

@@ -35,14 +35,14 @@ class ActionTimeoutIT : IndexStateManagementRestTestCase() {
         // First execution. We need to initialize the policy.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // the second execution we move into rollover action, we won't hit the timeout as this is the execution that sets the startTime
         updateManagedIndexConfigStartTime(managedIndexConfig)
         waitFor {
             assertEquals(
                 "Should be attempting to rollover",
-                getExplainManagedIndexMetaData(indexName).info?.get("message"),
+                getExplainManagedIndexMetaData(indexName)!!.info?.get("message"),
                 AttemptRolloverStep.getPendingMessage(indexName)
             )
         }
@@ -88,7 +88,7 @@ class ActionTimeoutIT : IndexStateManagementRestTestCase() {
         // First execution. We need to initialize the policy.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // the second execution we move into open action, we won't hit the timeout as this is the execution that sets the startTime
         updateManagedIndexConfigStartTime(managedIndexConfig)
@@ -111,7 +111,7 @@ class ActionTimeoutIT : IndexStateManagementRestTestCase() {
         waitFor {
             assertEquals(
                 "Should be attempting to rollover",
-                getExplainManagedIndexMetaData(indexName).info?.get("message"),
+                getExplainManagedIndexMetaData(indexName)!!.info?.get("message"),
                 AttemptRolloverStep.getPendingMessage(indexName)
             )
         }

@@ -43,7 +43,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         waitFor {
             val alias = getAlias(indexName, "")
@@ -55,7 +55,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
         waitFor {
-            val info = getExplainManagedIndexMetaData(indexName).info as Map<String, Any?>
+            val info = getExplainManagedIndexMetaData(indexName)!!.info as Map<String, Any?>
             assertEquals("Alias was not successfully updated", AttemptAliasActionsStep.getSuccessMessage(indexName), info["message"])
             val alias = getAlias(indexName, "")
             assertTrue("Alias was not added to index", alias.containsKey(aliasName))
@@ -86,7 +86,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         waitFor {
             val alias = getAlias(indexName, "")
@@ -98,7 +98,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
         waitFor {
-            val info = getExplainManagedIndexMetaData(indexName).info as Map<String, Any?>
+            val info = getExplainManagedIndexMetaData(indexName)!!.info as Map<String, Any?>
             assertEquals("Alias was not successfully updated", AttemptAliasActionsStep.getSuccessMessage(indexName), info["message"])
             val alias = getAlias(indexName, "")
             assertTrue("Alias was not added to index", alias.containsKey(aliasName))
@@ -129,7 +129,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         waitFor {
             val alias = getAlias(indexName, "")
@@ -141,7 +141,7 @@ class AliasActionIT : IndexStateManagementRestTestCase() {
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
         waitFor {
-            val info = getExplainManagedIndexMetaData(indexName).info as Map<String, Any?>
+            val info = getExplainManagedIndexMetaData(indexName)!!.info as Map<String, Any?>
             assertEquals("Alias was not successfully updated", AttemptAliasActionsStep.getSuccessMessage(indexName), info["message"])
             val alias = getAlias(indexName, "")
             assertTrue("Alias was not removed from index", !alias.containsKey(aliasName))

@@ -43,7 +43,7 @@ class AllocationActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Need to wait two cycles.
         // Change the start time so the job will trigger in 2 seconds.
@@ -88,7 +88,7 @@ class AllocationActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Need to wait two cycles.
         // Change the start time so the job will trigger in 2 seconds.
@@ -139,7 +139,7 @@ class AllocationActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Need to wait two cycles.
         // Change the start time so the job will trigger in 2 seconds.
@@ -191,7 +191,7 @@ class AllocationActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Need to wait two cycles.
         // Change the start time so the job will trigger in 2 seconds.
@@ -235,14 +235,14 @@ class AllocationActionIT : IndexStateManagementRestTestCase() {
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
-        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName).policyID) }
+        waitFor { assertEquals(policyID, getExplainManagedIndexMetaData(indexName)!!.policyID) }
 
         // Need to wait two cycles.
         // Change the start time so the job will trigger in 2 seconds.
         updateManagedIndexConfigStartTime(managedIndexConfig)
 
         waitFor {
-            assertEquals(AttemptAllocationStep.getFailedMessage(indexName), getExplainManagedIndexMetaData(indexName).info?.get("message"))
+            assertEquals(AttemptAllocationStep.getFailedMessage(indexName), getExplainManagedIndexMetaData(indexName)!!.info?.get("message"))
         }
     }
 }