From 0b51bb92db0d1eed324c1cc8f8e6ac3468f833b4 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 14 Jan 2025 19:44:42 -0500 Subject: [PATCH 1/3] Cleanup SystemIndexTest with RunAsSubjectClient Signed-off-by: Craig Perkins --- .../systemindex/SystemIndexTests.java | 2 +- .../IndexDocumentIntoSystemIndexAction.java | 5 +- .../IndexDocumentIntoSystemIndexResponse.java | 48 ------------ .../sampleplugin/PluginContextSwitcher.java | 35 --------- ...dexDocumentIntoMixOfSystemIndexAction.java | 27 +++---- ...ulkIndexDocumentIntoSystemIndexAction.java | 31 ++++---- .../RestRunClusterHealthAction.java | 4 +- .../sampleplugin/RunAsSubjectClient.java | 62 ++++++++++++++++ .../sampleplugin/RunClusterHealthAction.java | 5 +- .../RunClusterHealthResponse.java | 42 ----------- .../sampleplugin/SystemIndexPlugin1.java | 16 ++-- ...ortIndexDocumentIntoSystemIndexAction.java | 73 +++++++------------ .../TransportRunClusterHealthAction.java | 52 ++++--------- 13 files changed, 142 insertions(+), 260 deletions(-) delete mode 100644 src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexResponse.java delete mode 100644 src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginContextSwitcher.java create mode 100644 src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java delete mode 100644 src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthResponse.java diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java index 3435e6dbdc..13325b3029 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/SystemIndexTests.java @@ -100,7 +100,7 @@ public void testPluginShouldBeAbleToIndexDocumentIntoItsSystemIndex() { HttpResponse response = client.put("try-create-and-index/" + SYSTEM_INDEX_1); assertThat(response.getStatusCode(), equalTo(RestStatus.OK.getStatus())); - assertThat(response.getBody(), containsString(SystemIndexPlugin1.class.getCanonicalName())); + assertThat(response.getBody(), containsString("{\"acknowledged\":true}")); } } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java index a78c57e1d1..b272f464c1 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java @@ -11,12 +11,13 @@ package org.opensearch.security.systemindex.sampleplugin; import org.opensearch.action.ActionType; +import org.opensearch.action.support.master.AcknowledgedResponse; -public class IndexDocumentIntoSystemIndexAction extends ActionType { +public class IndexDocumentIntoSystemIndexAction extends ActionType { public static final IndexDocumentIntoSystemIndexAction INSTANCE = new IndexDocumentIntoSystemIndexAction(); public static final String NAME = "cluster:mock/systemindex/index"; private IndexDocumentIntoSystemIndexAction() { - super(NAME, IndexDocumentIntoSystemIndexResponse::new); + super(NAME, AcknowledgedResponse::new); } } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexResponse.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexResponse.java deleted file mode 100644 index e154742fe2..0000000000 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexResponse.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright OpenSearch Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - */ - -package org.opensearch.security.systemindex.sampleplugin; - -// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here -import java.io.IOException; - -import org.opensearch.action.support.master.AcknowledgedResponse; -import org.opensearch.core.common.io.stream.StreamInput; -import org.opensearch.core.common.io.stream.StreamOutput; -import org.opensearch.core.xcontent.ToXContent; -import org.opensearch.core.xcontent.ToXContentObject; -import org.opensearch.core.xcontent.XContentBuilder; -// CS-ENFORCE-SINGLE - -public class IndexDocumentIntoSystemIndexResponse extends AcknowledgedResponse implements ToXContentObject { - - private String plugin; - - public IndexDocumentIntoSystemIndexResponse(boolean status, String plugin) { - super(status); - this.plugin = plugin; - } - - public IndexDocumentIntoSystemIndexResponse(StreamInput in) throws IOException { - super(in); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeString(plugin); - } - - @Override - public void addCustomFields(XContentBuilder builder, ToXContent.Params params) throws IOException { - super.addCustomFields(builder, params); - builder.field("plugin", plugin); - } -} diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginContextSwitcher.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginContextSwitcher.java deleted file mode 100644 index 4ef420efdb..0000000000 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginContextSwitcher.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ -package org.opensearch.security.systemindex.sampleplugin; - -import java.util.Objects; -import java.util.concurrent.Callable; - -import org.opensearch.identity.PluginSubject; - -public class PluginContextSwitcher { - private PluginSubject pluginSubject; - - public PluginContextSwitcher() {} - - public void initialize(PluginSubject pluginSubject) { - Objects.requireNonNull(pluginSubject); - this.pluginSubject = pluginSubject; - } - - public T runAs(Callable callable) { - try { - return pluginSubject.runAs(callable); - } catch (Exception e) { - throw new RuntimeException(e); - } - } -} diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java index e9b569a263..7a9f930c2a 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java @@ -34,11 +34,11 @@ public class RestBulkIndexDocumentIntoMixOfSystemIndexAction extends BaseRestHandler { private final Client client; - private final PluginContextSwitcher contextSwitcher; + private final RunAsSubjectClient pluginClient; - public RestBulkIndexDocumentIntoMixOfSystemIndexAction(Client client, PluginContextSwitcher contextSwitcher) { + public RestBulkIndexDocumentIntoMixOfSystemIndexAction(Client client, RunAsSubjectClient pluginClient) { this.client = client; - this.contextSwitcher = contextSwitcher; + this.pluginClient = pluginClient; } @Override @@ -57,19 +57,14 @@ public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client @Override public void accept(RestChannel channel) throws Exception { - contextSwitcher.runAs(() -> { - BulkRequestBuilder builder = client.prepareBulk(); - builder.add(new IndexRequest(SYSTEM_INDEX_1).source("content", 1)); - builder.add(new IndexRequest(SYSTEM_INDEX_2).source("content", 1)); - builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE); - BulkRequest bulkRequest = builder.request(); - client.bulk(bulkRequest, ActionListener.wrap(r -> { - channel.sendResponse( - new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS)) - ); - }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); })); - return null; - }); + BulkRequestBuilder builder = client.prepareBulk(); + builder.add(new IndexRequest(SYSTEM_INDEX_1).source("content", 1)); + builder.add(new IndexRequest(SYSTEM_INDEX_2).source("content", 1)); + builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE); + BulkRequest bulkRequest = builder.request(); + pluginClient.bulk(bulkRequest, ActionListener.wrap(r -> { + channel.sendResponse(new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS))); + }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); })); } }; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java index 8b37e54164..a6d729aca4 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java @@ -34,11 +34,11 @@ public class RestBulkIndexDocumentIntoSystemIndexAction extends BaseRestHandler { private final Client client; - private final PluginContextSwitcher contextSwitcher; + private final RunAsSubjectClient pluginClient; - public RestBulkIndexDocumentIntoSystemIndexAction(Client client, PluginContextSwitcher contextSwitcher) { + public RestBulkIndexDocumentIntoSystemIndexAction(Client client, RunAsSubjectClient pluginClient) { this.client = client; - this.contextSwitcher = contextSwitcher; + this.pluginClient = pluginClient; } @Override @@ -58,21 +58,18 @@ public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client @Override public void accept(RestChannel channel) throws Exception { - contextSwitcher.runAs(() -> { - client.admin().indices().create(new CreateIndexRequest(indexName), ActionListener.wrap(r -> { - BulkRequestBuilder builder = client.prepareBulk(); - builder.add(new IndexRequest(indexName).source("{\"content\":1}", XContentType.JSON)); - builder.add(new IndexRequest(indexName).source("{\"content\":2}", XContentType.JSON)); - builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE); - BulkRequest bulkRequest = builder.request(); - client.bulk(bulkRequest, ActionListener.wrap(r2 -> { - channel.sendResponse( - new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS)) - ); - }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); })); + pluginClient.admin().indices().create(new CreateIndexRequest(indexName), ActionListener.wrap(r -> { + BulkRequestBuilder builder = client.prepareBulk(); + builder.add(new IndexRequest(indexName).source("{\"content\":1}", XContentType.JSON)); + builder.add(new IndexRequest(indexName).source("{\"content\":2}", XContentType.JSON)); + builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE); + BulkRequest bulkRequest = builder.request(); + pluginClient.bulk(bulkRequest, ActionListener.wrap(r2 -> { + channel.sendResponse( + new BytesRestResponse(RestStatus.OK, r.toXContent(channel.newBuilder(), ToXContent.EMPTY_PARAMS)) + ); }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); })); - return null; - }); + }, fr -> { channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, String.valueOf(fr))); })); } }; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestRunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestRunClusterHealthAction.java index f4674b4377..232f462072 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestRunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestRunClusterHealthAction.java @@ -24,11 +24,9 @@ public class RestRunClusterHealthAction extends BaseRestHandler { private final Client client; - private final PluginContextSwitcher contextSwitcher; - public RestRunClusterHealthAction(Client client, PluginContextSwitcher contextSwitcher) { + public RestRunClusterHealthAction(Client client) { this.client = client; - this.contextSwitcher = contextSwitcher; } @Override diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java new file mode 100644 index 0000000000..39540841cb --- /dev/null +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java @@ -0,0 +1,62 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +package org.opensearch.security.systemindex.sampleplugin; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import org.opensearch.action.ActionRequest; +import org.opensearch.action.ActionType; +import org.opensearch.client.Client; +import org.opensearch.client.FilterClient; +import org.opensearch.common.util.concurrent.ThreadContext; +import org.opensearch.core.action.ActionListener; +import org.opensearch.core.action.ActionResponse; +import org.opensearch.identity.Subject; + +/** + * Implementation of client that will run transport actions in a stashed context and inject the name of the provided + * subject into the context. + */ +public class RunAsSubjectClient extends FilterClient { + + private static final Logger logger = LogManager.getLogger(RunAsSubjectClient.class); + + private Subject subject; + + public RunAsSubjectClient(Client delegate) { + super(delegate); + } + + public RunAsSubjectClient(Client delegate, Subject subject) { + super(delegate); + this.subject = subject; + } + + public void setSubject(Subject subject) { + this.subject = subject; + } + + @Override + protected void doExecute( + ActionType action, + Request request, + ActionListener listener + ) { + try (ThreadContext.StoredContext ctx = threadPool().getThreadContext().newStoredContext(false)) { + subject.runAs(() -> { + logger.info("Running transport action with subject: {}", subject.getPrincipal().getName()); + super.doExecute(action, request, ActionListener.runBefore(listener, ctx::restore)); + return null; + }); + } catch (Exception e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java index dca6b8d2b7..7d028a7ddf 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java @@ -11,12 +11,13 @@ package org.opensearch.security.systemindex.sampleplugin; import org.opensearch.action.ActionType; +import org.opensearch.action.support.master.AcknowledgedResponse; -public class RunClusterHealthAction extends ActionType { +public class RunClusterHealthAction extends ActionType { public static final RunClusterHealthAction INSTANCE = new RunClusterHealthAction(); public static final String NAME = "cluster:mock/monitor/health"; private RunClusterHealthAction() { - super(NAME, RunClusterHealthResponse::new); + super(NAME, AcknowledgedResponse::new); } } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthResponse.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthResponse.java deleted file mode 100644 index a500755e22..0000000000 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthResponse.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright OpenSearch Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - */ - -package org.opensearch.security.systemindex.sampleplugin; - -// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here -import java.io.IOException; - -import org.opensearch.action.support.master.AcknowledgedResponse; -import org.opensearch.core.common.io.stream.StreamInput; -import org.opensearch.core.common.io.stream.StreamOutput; -import org.opensearch.core.xcontent.ToXContentObject; -import org.opensearch.core.xcontent.XContentBuilder; -// CS-ENFORCE-SINGLE - -public class RunClusterHealthResponse extends AcknowledgedResponse implements ToXContentObject { - - public RunClusterHealthResponse(boolean status) { - super(status); - } - - public RunClusterHealthResponse(StreamInput in) throws IOException { - super(in); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - } - - @Override - public void addCustomFields(XContentBuilder builder, Params params) throws IOException { - super.addCustomFields(builder, params); - } -} diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java index 9805619965..9113a50a5f 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java @@ -45,7 +45,7 @@ public class SystemIndexPlugin1 extends Plugin implements SystemIndexPlugin, IdentityAwarePlugin { public static final String SYSTEM_INDEX_1 = ".system-index1"; - private PluginContextSwitcher contextSwitcher; + private RunAsSubjectClient pluginClient; private Client client; @@ -64,8 +64,8 @@ public Collection createComponents( Supplier repositoriesServiceSupplier ) { this.client = client; - this.contextSwitcher = new PluginContextSwitcher(); - return List.of(contextSwitcher); + this.pluginClient = new RunAsSubjectClient(client); + return List.of(pluginClient); } @Override @@ -86,9 +86,9 @@ public List getRestHandlers( ) { return List.of( new RestIndexDocumentIntoSystemIndexAction(client), - new RestRunClusterHealthAction(client, contextSwitcher), - new RestBulkIndexDocumentIntoSystemIndexAction(client, contextSwitcher), - new RestBulkIndexDocumentIntoMixOfSystemIndexAction(client, contextSwitcher) + new RestRunClusterHealthAction(client), + new RestBulkIndexDocumentIntoSystemIndexAction(client, pluginClient), + new RestBulkIndexDocumentIntoMixOfSystemIndexAction(client, pluginClient) ); } @@ -102,8 +102,8 @@ public List getRestHandlers( @Override public void assignSubject(PluginSubject pluginSystemSubject) { - if (contextSwitcher != null) { - this.contextSwitcher.initialize(pluginSystemSubject); + if (pluginClient != null) { + this.pluginClient.setSubject(pluginSystemSubject); } } } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java index 6138cfbb54..d9ea722a74 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java @@ -15,80 +15,57 @@ import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; import org.opensearch.action.support.WriteRequest; +import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.common.xcontent.XContentType; import org.opensearch.core.action.ActionListener; -import org.opensearch.identity.IdentityService; -import org.opensearch.identity.Subject; -import org.opensearch.security.support.ConfigConstants; -import org.opensearch.security.user.User; import org.opensearch.tasks.Task; -import org.opensearch.threadpool.ThreadPool; import org.opensearch.transport.TransportService; public class TransportIndexDocumentIntoSystemIndexAction extends HandledTransportAction< IndexDocumentIntoSystemIndexRequest, - IndexDocumentIntoSystemIndexResponse> { + AcknowledgedResponse> { private final Client client; - private final ThreadPool threadPool; - private final PluginContextSwitcher contextSwitcher; - private final IdentityService identityService; + private final RunAsSubjectClient pluginClient; @Inject public TransportIndexDocumentIntoSystemIndexAction( final TransportService transportService, final ActionFilters actionFilters, final Client client, - final ThreadPool threadPool, - final PluginContextSwitcher contextSwitcher, - final IdentityService identityService + final RunAsSubjectClient pluginClient ) { super(IndexDocumentIntoSystemIndexAction.NAME, transportService, actionFilters, IndexDocumentIntoSystemIndexRequest::new); this.client = client; - this.threadPool = threadPool; - this.contextSwitcher = contextSwitcher; - this.identityService = identityService; + this.pluginClient = pluginClient; } @Override - protected void doExecute( - Task task, - IndexDocumentIntoSystemIndexRequest request, - ActionListener actionListener - ) { + protected void doExecute(Task task, IndexDocumentIntoSystemIndexRequest request, ActionListener actionListener) { String indexName = request.getIndexName(); String runAs = request.getRunAs(); - Subject userSubject = identityService.getCurrentSubject(); try { - contextSwitcher.runAs(() -> { - client.admin().indices().create(new CreateIndexRequest(indexName), ActionListener.wrap(r -> { - if ("user".equalsIgnoreCase(runAs)) { - userSubject.runAs(() -> { - client.index( - new IndexRequest(indexName).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE) - .source("{\"content\":1}", XContentType.JSON), - ActionListener.wrap(r2 -> { - User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); - actionListener.onResponse(new IndexDocumentIntoSystemIndexResponse(true, user.getName())); - }, actionListener::onFailure) - ); - return null; - }); - } else { - client.index( - new IndexRequest(indexName).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE) - .source("{\"content\":1}", XContentType.JSON), - ActionListener.wrap(r2 -> { - User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); - actionListener.onResponse(new IndexDocumentIntoSystemIndexResponse(true, user.getName())); - }, actionListener::onFailure) - ); - } - }, actionListener::onFailure)); - return null; - }); + pluginClient.admin().indices().create(new CreateIndexRequest(indexName), ActionListener.wrap(r -> { + if ("user".equalsIgnoreCase(runAs)) { + client.index( + new IndexRequest(indexName).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE) + .source("{\"content\":1}", XContentType.JSON), + ActionListener.wrap(r2 -> { + actionListener.onResponse(new AcknowledgedResponse(true)); + }, actionListener::onFailure) + ); + } else { + pluginClient.index( + new IndexRequest(indexName).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE) + .source("{\"content\":1}", XContentType.JSON), + ActionListener.wrap(r2 -> { + actionListener.onResponse(new AcknowledgedResponse(true)); + }, actionListener::onFailure) + ); + } + }, actionListener::onFailure)); } catch (Exception ex) { throw new RuntimeException("Unexpected error: " + ex.getMessage()); } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java index 310262c947..c7c81d1e53 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java @@ -14,67 +14,43 @@ import org.opensearch.action.admin.cluster.health.ClusterHealthResponse; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; +import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.core.action.ActionListener; -import org.opensearch.identity.IdentityService; -import org.opensearch.identity.Subject; import org.opensearch.tasks.Task; -import org.opensearch.threadpool.ThreadPool; import org.opensearch.transport.TransportService; -public class TransportRunClusterHealthAction extends HandledTransportAction { +public class TransportRunClusterHealthAction extends HandledTransportAction { private final Client client; - private final ThreadPool threadPool; - private final PluginContextSwitcher contextSwitcher; - private final IdentityService identityService; + private final RunAsSubjectClient pluginClient; @Inject public TransportRunClusterHealthAction( final TransportService transportService, final ActionFilters actionFilters, final Client client, - final ThreadPool threadPool, - final PluginContextSwitcher contextSwitcher, - final IdentityService identityService + final RunAsSubjectClient pluginClient ) { super(RunClusterHealthAction.NAME, transportService, actionFilters, RunClusterHealthRequest::new); this.client = client; - this.threadPool = threadPool; - this.contextSwitcher = contextSwitcher; - this.identityService = identityService; + this.pluginClient = pluginClient; } @Override - protected void doExecute(Task task, RunClusterHealthRequest request, ActionListener actionListener) { + protected void doExecute(Task task, RunClusterHealthRequest request, ActionListener actionListener) { String runAs = request.getRunAs(); - if ("user".equalsIgnoreCase(runAs)) { - Subject user = identityService.getCurrentSubject(); - try { - user.runAs(() -> { - ActionListener chr = ActionListener.wrap( - r -> { actionListener.onResponse(new RunClusterHealthResponse(true)); }, - actionListener::onFailure - ); - client.admin().cluster().health(new ClusterHealthRequest(), chr); - return null; - }); - } catch (Exception e) { - throw new RuntimeException(e); - } - } else if ("plugin".equalsIgnoreCase(runAs)) { - contextSwitcher.runAs(() -> { - ActionListener chr = ActionListener.wrap( - r -> { actionListener.onResponse(new RunClusterHealthResponse(true)); }, - actionListener::onFailure - ); - client.admin().cluster().health(new ClusterHealthRequest(), chr); - return null; - }); + if ("plugin".equalsIgnoreCase(runAs)) { + ActionListener chr = ActionListener.wrap( + r -> { actionListener.onResponse(new AcknowledgedResponse(true)); }, + actionListener::onFailure + ); + pluginClient.admin().cluster().health(new ClusterHealthRequest(), chr); } else { + // run in the authenticated user context ActionListener chr = ActionListener.wrap( - r -> { actionListener.onResponse(new RunClusterHealthResponse(true)); }, + r -> { actionListener.onResponse(new AcknowledgedResponse(true)); }, actionListener::onFailure ); client.admin().cluster().health(new ClusterHealthRequest(), chr); From adb6cf64dd7df7fed5ab04735df1cf8165d584e1 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 14 Jan 2025 20:05:09 -0500 Subject: [PATCH 2/3] Fix checkstyle error Signed-off-by: Craig Perkins --- .../sampleplugin/IndexDocumentIntoSystemIndexAction.java | 2 ++ .../systemindex/sampleplugin/RunClusterHealthAction.java | 2 ++ .../TransportIndexDocumentIntoSystemIndexAction.java | 2 ++ .../sampleplugin/TransportRunClusterHealthAction.java | 2 ++ 4 files changed, 8 insertions(+) diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java index b272f464c1..f9c6abfa04 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java @@ -11,7 +11,9 @@ package org.opensearch.security.systemindex.sampleplugin; import org.opensearch.action.ActionType; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; +// CS-ENFORCE-SINGLE public class IndexDocumentIntoSystemIndexAction extends ActionType { public static final IndexDocumentIntoSystemIndexAction INSTANCE = new IndexDocumentIntoSystemIndexAction(); diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java index 7d028a7ddf..c076936490 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java @@ -11,7 +11,9 @@ package org.opensearch.security.systemindex.sampleplugin; import org.opensearch.action.ActionType; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; +// CS-ENFORCE-SINGLE public class RunClusterHealthAction extends ActionType { public static final RunClusterHealthAction INSTANCE = new RunClusterHealthAction(); diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java index d9ea722a74..1f66dc8bf5 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java @@ -15,7 +15,9 @@ import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; import org.opensearch.action.support.WriteRequest; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; +// CS-ENFORCE-SINGLE import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.common.xcontent.XContentType; diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java index c7c81d1e53..0592110831 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java @@ -14,7 +14,9 @@ import org.opensearch.action.admin.cluster.health.ClusterHealthResponse; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; +// CS-ENFORCE-SINGLE import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.core.action.ActionListener; From 0952ac51ba299d75394337afc6b32d0497193e54 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 14 Jan 2025 21:12:42 -0500 Subject: [PATCH 3/3] Surround all imports Signed-off-by: Craig Perkins --- .../sampleplugin/IndexDocumentIntoSystemIndexAction.java | 2 +- .../systemindex/sampleplugin/RunClusterHealthAction.java | 2 +- .../TransportIndexDocumentIntoSystemIndexAction.java | 4 ++-- .../sampleplugin/TransportRunClusterHealthAction.java | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java index f9c6abfa04..3be83b39b2 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java @@ -10,8 +10,8 @@ package org.opensearch.security.systemindex.sampleplugin; -import org.opensearch.action.ActionType; // CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here +import org.opensearch.action.ActionType; import org.opensearch.action.support.master.AcknowledgedResponse; // CS-ENFORCE-SINGLE diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java index c076936490..e197362254 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java @@ -10,8 +10,8 @@ package org.opensearch.security.systemindex.sampleplugin; -import org.opensearch.action.ActionType; // CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here +import org.opensearch.action.ActionType; import org.opensearch.action.support.master.AcknowledgedResponse; // CS-ENFORCE-SINGLE diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java index 1f66dc8bf5..26ae100c89 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java @@ -10,20 +10,20 @@ package org.opensearch.security.systemindex.sampleplugin; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.admin.indices.create.CreateIndexRequest; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; import org.opensearch.action.support.WriteRequest; -// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; -// CS-ENFORCE-SINGLE import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.common.xcontent.XContentType; import org.opensearch.core.action.ActionListener; import org.opensearch.tasks.Task; import org.opensearch.transport.TransportService; +// CS-ENFORCE-SINGLE public class TransportIndexDocumentIntoSystemIndexAction extends HandledTransportAction< IndexDocumentIntoSystemIndexRequest, diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java index 0592110831..12e17ae998 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java @@ -10,18 +10,18 @@ package org.opensearch.security.systemindex.sampleplugin; +// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.admin.cluster.health.ClusterHealthRequest; import org.opensearch.action.admin.cluster.health.ClusterHealthResponse; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; -// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here import org.opensearch.action.support.master.AcknowledgedResponse; -// CS-ENFORCE-SINGLE import org.opensearch.client.Client; import org.opensearch.common.inject.Inject; import org.opensearch.core.action.ActionListener; import org.opensearch.tasks.Task; import org.opensearch.transport.TransportService; +// CS-ENFORCE-SINGLE public class TransportRunClusterHealthAction extends HandledTransportAction {