Implements end-to-end integration tests for Authorization in Rest Layer

[DarshitChanpura]

Description

This change test Authorization in Rest Layer feature by testing NamedRoutes and legacy Routes. It does so by adding two plugins in security plugin's test framework with one registering NamedRoutes and other registering legacy Routes.

• Category: Enhancement

Issues Resolved

• Resolves Implement end-to-end testing of the new named routes API and ensure backwards compatibility. #2928

Testing

Integration tests

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

Not sure why Codecov/project shows 27% decrease when this PR adds more tests.

Update: Seems to have resolved on its own.

[DarshitChanpura]

Backport is currently blocked by: #3230

[stephen-crawford]

Great job @DarshitChanpura! Just a few comments.

[peternied]

Really thorough testing on these components great work. I'm having trouble knowing reading if scenarios are covered or not based on conventions around the naming conventions.

[codecov]

Codecov Report

Merging #3226 (fd84d3a) into main (07406d6) will increase coverage by 0.01%.
Report is 1 commits behind head on main.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #3226      +/-   ##
============================================
+ Coverage     62.43%   62.45%   +0.01%     
+ Complexity     3351     3350       -1     
============================================
  Files           254      254              
  Lines         19748    19748              
  Branches       3334     3334              
============================================
+ Hits          12330    12333       +3     
+ Misses         5789     5785       -4     
- Partials       1629     1630       +1     

see 3 files with indirect coverage changes

[peternied]

Reviewed and commented on several test names

[DarshitChanpura]

No sure why the codecov/project/plugin report shows decrease of .01% when upon clicking the link to codecov it shows an increase of .01%

[peternied]

No sure why the codecov/project/plugin report shows decrease of .01% when upon clicking the link to codecov it shows an increase of .01%

Congrats you've found another source of non-deterministic test results - src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java

I've updated #3137, and you can update the codecov.yml to prevent false positives if you'd like

[peternied]

Thanks for the renames - much more approachable!

[RyanL1997]

Hi @DarshitChanpura, great work for putting the tests together! In generally this is looking good to me. I just left some minor questions and a naming related comment.

[RyanL1997]

Just wanna confirm, we are removing this since we are switching to use the audit log for capturing all the log msgs?

[RyanL1997]

By reading through the previous comment, I think the privilege is the actual permissions for the user who sends out the request is that correct?

[RyanL1997]

nit: I assume the NAME is referencing to this dummy permission? so maybe rename it to DUMMY_PERMISSION_NAME?

[stephen-crawford]

Looks Good To Me!

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-3226-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 9a7e517abd9d4d0e301f918adc65cb82b8f14d88
# Push it to GitHub
git push --set-upstream origin backport/backport-3226-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-3226-to-2.x.

[peternied]

@DarshitChanpura Can you make sure to include this in the everything at once backport for AuthZ in the Rest layer?