Rebasing security subject

Signed-off-by: Craig Perkins <[email protected]>

src/integrationTest/java/org/opensearch/security/plugin/IndexDocumentIntoSystemIndexAction.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import org.opensearch.action.ActionType;
+
+public class IndexDocumentIntoSystemIndexAction extends ActionType<IndexDocumentIntoSystemIndexResponse> {
+    public static final IndexDocumentIntoSystemIndexAction INSTANCE = new IndexDocumentIntoSystemIndexAction();
+    public static final String NAME = "cluster:mock/systemindex/index";
+
+    private IndexDocumentIntoSystemIndexAction() {
+        super(NAME, IndexDocumentIntoSystemIndexResponse::new);
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/IndexDocumentIntoSystemIndexRequest.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import java.io.IOException;
+
+import org.opensearch.action.ActionRequest;
+import org.opensearch.action.ActionRequestValidationException;
+import org.opensearch.core.common.io.stream.StreamInput;
+
+public class IndexDocumentIntoSystemIndexRequest extends ActionRequest {
+
+    private final String indexName;
+
+    private final String runAs;
+
+    public IndexDocumentIntoSystemIndexRequest(String indexName, String runAs) {
+        this.indexName = indexName;
+        this.runAs = runAs;
+    }
+
+    public IndexDocumentIntoSystemIndexRequest(StreamInput in) throws IOException {
+        super(in);
+        this.indexName = in.readString();
+        this.runAs = in.readOptionalString();
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        return null;
+    }
+
+    public String getIndexName() {
+        return this.indexName;
+    }
+
+    public String getRunAs() {
+        return this.runAs;
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/IndexDocumentIntoSystemIndexResponse.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
+import java.io.IOException;
+
+import org.opensearch.action.support.master.AcknowledgedResponse;
+import org.opensearch.core.common.io.stream.StreamInput;
+import org.opensearch.core.common.io.stream.StreamOutput;
+import org.opensearch.core.xcontent.ToXContent;
+import org.opensearch.core.xcontent.ToXContentObject;
+import org.opensearch.core.xcontent.XContentBuilder;
+// CS-ENFORCE-SINGLE
+
+public class IndexDocumentIntoSystemIndexResponse extends AcknowledgedResponse implements ToXContentObject {
+
+    private String plugin;
+
+    public IndexDocumentIntoSystemIndexResponse(boolean status, String plugin) {
+        super(status);
+        this.plugin = plugin;
+    }
+
+    public IndexDocumentIntoSystemIndexResponse(StreamInput in) throws IOException {
+        super(in);
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(plugin);
+    }
+
+    @Override
+    public void addCustomFields(XContentBuilder builder, ToXContent.Params params) throws IOException {
+        super.addCustomFields(builder, params);
+        builder.field("plugin", plugin);
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import java.util.List;
+
+import org.opensearch.action.bulk.BulkRequest;
+import org.opensearch.action.bulk.BulkRequestBuilder;
+import org.opensearch.action.index.IndexRequest;
+import org.opensearch.action.support.WriteRequest;
+import org.opensearch.client.Client;
+import org.opensearch.client.node.NodeClient;
+import org.opensearch.common.xcontent.XContentType;
+import org.opensearch.core.action.ActionListener;
+import org.opensearch.core.rest.RestStatus;
+import org.opensearch.core.xcontent.ToXContent;
+import org.opensearch.rest.BaseRestHandler;
+import org.opensearch.rest.BytesRestResponse;
+import org.opensearch.rest.RestChannel;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.security.identity.PluginContextSwitcher;
+
+import static java.util.Collections.singletonList;
+import static org.opensearch.rest.RestRequest.Method.PUT;
+import static org.opensearch.security.plugin.SystemIndexPlugin1.SYSTEM_INDEX_1;
+import static org.opensearch.security.plugin.SystemIndexPlugin2.SYSTEM_INDEX_2;
+
+public class RestBulkIndexDocumentIntoMixOfSystemIndexAction extends BaseRestHandler {
+
+    private final Client client;
+    private final PluginContextSwitcher contextSwitcher;
+
+    public RestBulkIndexDocumentIntoMixOfSystemIndexAction(Client client, PluginContextSwitcher contextSwitcher) {
+        this.client = client;
+        this.contextSwitcher = contextSwitcher;
+    }
+
+    @Override
+    public List<Route> routes() {
+        return singletonList(new Route(PUT, "/try-create-and-bulk-mixed-index"));
+    }
+
+    @Override
+    public String getName() {
+        return "test_bulk_index_document_into_mix_of_system_index_action";
+    }
+
+    @Override
+    public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) {
+        return new RestChannelConsumer() {
+
+            @Override
+            public void accept(RestChannel channel) throws Exception {
+                contextSwitcher.runAs(() -> {
+                    BulkRequestBuilder builder = client.prepareBulk();
+                    builder.add(new IndexRequest(SYSTEM_INDEX_1).source("{\"content\":1}", XContentType.JSON));
+                    builder.add(new IndexRequest(SYSTEM_INDEX_2).source("{\"content\":1}", XContentType.JSON));
+                    builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
+                    BulkRequest bulkRequest = builder.request();
+                    client.bulk(bulkRequest, ActionListener.wrap(r -> {
+                        channel.sendResponse(
+                            new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS))
+                        );
+                    }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); }));
+                    return null;
+                });
+            }
+        };
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/RestBulkIndexDocumentIntoSystemIndexAction.java

@@ -0,0 +1,80 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import java.util.List;
+
+import org.opensearch.action.admin.indices.create.CreateIndexRequest;
+import org.opensearch.action.bulk.BulkRequest;
+import org.opensearch.action.bulk.BulkRequestBuilder;
+import org.opensearch.action.index.IndexRequest;
+import org.opensearch.action.support.WriteRequest;
+import org.opensearch.client.Client;
+import org.opensearch.client.node.NodeClient;
+import org.opensearch.common.xcontent.XContentType;
+import org.opensearch.core.action.ActionListener;
+import org.opensearch.core.rest.RestStatus;
+import org.opensearch.core.xcontent.ToXContent;
+import org.opensearch.rest.BaseRestHandler;
+import org.opensearch.rest.BytesRestResponse;
+import org.opensearch.rest.RestChannel;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.security.identity.PluginContextSwitcher;
+
+import static java.util.Collections.singletonList;
+import static org.opensearch.rest.RestRequest.Method.PUT;
+
+public class RestBulkIndexDocumentIntoSystemIndexAction extends BaseRestHandler {
+
+    private final Client client;
+    private final PluginContextSwitcher contextSwitcher;
+
+    public RestBulkIndexDocumentIntoSystemIndexAction(Client client, PluginContextSwitcher contextSwitcher) {
+        this.client = client;
+        this.contextSwitcher = contextSwitcher;
+    }
+
+    @Override
+    public List<Route> routes() {
+        return singletonList(new Route(PUT, "/try-create-and-bulk-index/{index}"));
+    }
+
+    @Override
+    public String getName() {
+        return "test_bulk_index_document_into_system_index_action";
+    }
+
+    @Override
+    public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) {
+        String indexName = request.param("index");
+        return new RestChannelConsumer() {
+
+            @Override
+            public void accept(RestChannel channel) throws Exception {
+                contextSwitcher.runAs(() -> {
+                    client.admin().indices().create(new CreateIndexRequest(indexName), ActionListener.wrap(r -> {
+                        BulkRequestBuilder builder = client.prepareBulk();
+                        builder.add(new IndexRequest(indexName).source("{\"content\":1}", XContentType.JSON));
+                        builder.add(new IndexRequest(indexName).source("{\"content\":2}", XContentType.JSON));
+                        builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
+                        BulkRequest bulkRequest = builder.request();
+                        client.bulk(bulkRequest, ActionListener.wrap(r2 -> {
+                            channel.sendResponse(
+                                new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS))
+                            );
+                        }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); }));
+                    }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); }));
+                    return null;
+                });
+            }
+        };
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/RestIndexDocumentIntoSystemIndexAction.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import java.util.List;
+
+import org.opensearch.client.Client;
+import org.opensearch.client.node.NodeClient;
+import org.opensearch.rest.BaseRestHandler;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.rest.action.RestToXContentListener;
+
+import static java.util.Collections.singletonList;
+import static org.opensearch.rest.RestRequest.Method.PUT;
+
+public class RestIndexDocumentIntoSystemIndexAction extends BaseRestHandler {
+
+    private final Client client;
+
+    public RestIndexDocumentIntoSystemIndexAction(Client client) {
+        this.client = client;
+    }
+
+    @Override
+    public List<Route> routes() {
+        return singletonList(new Route(PUT, "/try-create-and-index/{index}"));
+    }
+
+    @Override
+    public String getName() {
+        return "test_index_document_into_system_index_action";
+    }
+
+    @Override
+    public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) {
+        String runAs = request.param("runAs");
+        String indexName = request.param("index");
+        IndexDocumentIntoSystemIndexRequest indexRequest = new IndexDocumentIntoSystemIndexRequest(indexName, runAs);
+        return channel -> client.execute(IndexDocumentIntoSystemIndexAction.INSTANCE, indexRequest, new RestToXContentListener<>(channel));
+    }
+}

src/integrationTest/java/org/opensearch/security/plugin/RestRunClusterHealthAction.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ */
+
+package org.opensearch.security.plugin;
+
+import java.util.List;
+
+import org.opensearch.client.Client;
+import org.opensearch.client.node.NodeClient;
+import org.opensearch.rest.BaseRestHandler;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.rest.action.RestToXContentListener;
+import org.opensearch.security.identity.PluginContextSwitcher;
+
+import static java.util.Collections.singletonList;
+import static org.opensearch.rest.RestRequest.Method.GET;
+
+public class RestRunClusterHealthAction extends BaseRestHandler {
+
+    private final Client client;
+    private final PluginContextSwitcher contextSwitcher;
+
+    public RestRunClusterHealthAction(Client client, PluginContextSwitcher contextSwitcher) {
+        this.client = client;
+        this.contextSwitcher = contextSwitcher;
+    }
+
+    @Override
+    public List<Route> routes() {
+        return singletonList(new Route(GET, "/try-cluster-health/{runAs}"));
+    }
+
+    @Override
+    public String getName() {
+        return "test_run_cluster_health_action";
+    }
+
+    @Override
+    public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) {
+        String runAs = request.param("runAs");
+        RunClusterHealthRequest runRequest = new RunClusterHealthRequest(runAs);
+        return channel -> client.execute(RunClusterHealthAction.INSTANCE, runRequest, new RestToXContentListener<>(channel));
+    }
+}