fix cluster perm classification for msearch template (opensearch-proj…

…ect#2892) * fix cluster perm classification for msearch template Signed-off-by: Derek Ho <dxho@amazon.com> * move test to unit test file Signed-off-by: Derek Ho <dxho@amazon.com> * fully revert integration test file Signed-off-by: Derek Ho <dxho@amazon.com> * Update src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * spotless Signed-off-by: Derek Ho <dxho@amazon.com> --------- Signed-off-by: Derek Ho <dxho@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
peternied · Jun 29, 2023 · c1d2127 · c1d2127
1 parent 37f277e
commit c1d2127
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
@@ -668,7 +668,7 @@ public static boolean isClusterPerm(String action0) {
             || action0.startsWith(SearchScrollAction.NAME)
             || (action0.equals(BulkAction.NAME))
             || (action0.equals(MultiGetAction.NAME))
-            || (action0.equals(MultiSearchAction.NAME))
+            || (action0.startsWith(MultiSearchAction.NAME))
             || (action0.equals(MultiTermVectorsAction.NAME))
             || (action0.equals(ReindexAction.NAME))
 

diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java
@@ -0,0 +1,36 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.security.privileges;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.opensearch.security.privileges.PrivilegesEvaluator.isClusterPerm;
+
+public class PrivilegesEvaluatorUnitTest {
+
+    @Test
+    public void testClusterPerm() {
+        String multiSearchTemplate = "indices:data/read/msearch/template";
+        String monitorHealth = "cluster:monitor/health";
+        String writeIndex = "indices:data/write/reindex";
+        String adminClose = "indices:admin/close";
+        String monitorUpgrade = "indices:monitor/upgrade";
+
+        // Cluster Permissions
+        assertTrue(isClusterPerm(multiSearchTemplate));
+        assertTrue(isClusterPerm(writeIndex));
+        assertTrue(isClusterPerm(monitorHealth));
+
+        // Index Permissions
+        assertFalse(isClusterPerm(adminClose));
+        assertFalse(isClusterPerm(monitorUpgrade));
+    }
+}