Revert "API integration test refactoring"

This reverts commit 4742abd

Author: nibix

src/integrationTest/java/org/opensearch/security/ConfigurationFiles.java

@@ -11,10 +11,13 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
 import java.util.Objects;
 
+import org.opensearch.core.common.Strings;
 import org.opensearch.security.securityconf.impl.CType;
 
 public class ConfigurationFiles {
@@ -40,6 +43,14 @@ public static Path createConfigurationDirectory() {
         }
     }
 
+    public static void writeToConfig(final CType cType, final Path configFolder, final String content) throws IOException {
+        if (Strings.isNullOrEmpty(content)) return;
+        try (final var out = Files.newOutputStream(cType.configFile(configFolder), StandardOpenOption.APPEND)) {
+            out.write(content.getBytes(StandardCharsets.UTF_8));
+            out.flush();
+        }
+    }
+
     public static void copyResourceToFile(String resource, Path destination) {
         try (InputStream input = ConfigurationFiles.class.getClassLoader().getResourceAsStream(resource)) {
             Objects.requireNonNull(input, "Cannot find source resource " + resource);

src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java

@@ -16,34 +16,37 @@
 import java.util.StringJoiner;
 
 import org.hamcrest.Matcher;
+import org.junit.Test;
 
 import org.opensearch.common.CheckedSupplier;
 import org.opensearch.core.xcontent.ToXContentObject;
-import org.opensearch.test.framework.cluster.LocalCluster;
 import org.opensearch.test.framework.cluster.TestRestClient;
 
 import com.nimbusds.jose.util.Pair;
 
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.oneOf;
 import static org.opensearch.security.api.PatchPayloadHelper.addOp;
 import static org.opensearch.security.api.PatchPayloadHelper.patch;
 import static org.opensearch.security.api.PatchPayloadHelper.removeOp;
 import static org.opensearch.security.api.PatchPayloadHelper.replaceOp;
 import static org.opensearch.security.support.ConfigConstants.SECURITY_RESTAPI_ADMIN_ENABLED;
-import static org.opensearch.test.framework.matcher.RestMatchers.isBadRequest;
-import static org.opensearch.test.framework.matcher.RestMatchers.isCreated;
-import static org.opensearch.test.framework.matcher.RestMatchers.isForbidden;
-import static org.opensearch.test.framework.matcher.RestMatchers.isNotFound;
-import static org.opensearch.test.framework.matcher.RestMatchers.isOk;
 
 public abstract class AbstractConfigEntityApiIntegrationTest extends AbstractApiIntegrationTest {
 
-    protected static LocalCluster.Builder clusterBuilder() {
-        return AbstractApiIntegrationTest.clusterBuilder().nodeSetting(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+    static {
+        testSecurityConfig.withRestAdminUser(REST_ADMIN_USER, allRestAdminPermissions());
+    }
+
+    @Override
+    protected Map<String, Object> getClusterSettings() {
+        Map<String, Object> clusterSettings = super.getClusterSettings();
+        clusterSettings.put(SECURITY_RESTAPI_ADMIN_ENABLED, true);
+        return clusterSettings;
     }
 
     interface TestDescriptor {
@@ -96,24 +99,26 @@ protected String apiPath(String... paths) {
         return fullPath.toString();
     }
 
-    public void forbiddenForRegularUsers(LocalCluster localCluster) throws Exception {
-        try (TestRestClient client = localCluster.getRestClient(NEW_USER)) {
-            assertThat(client.putJson(apiPath("some_entity"), EMPTY_BODY), isForbidden());
-            assertThat(client.get(apiPath()), isForbidden());
-            assertThat(client.get(apiPath("some_entity")), isForbidden());
-            assertThat(client.putJson(apiPath("some_entity"), EMPTY_BODY), isForbidden());
-            assertThat(client.patch(apiPath(), EMPTY_BODY), isForbidden());
-            assertThat(client.patch(apiPath("some_entity"), EMPTY_BODY), isForbidden());
-            assertThat(client.delete(apiPath("some_entity")), isForbidden());
-        }
+    @Test
+    public void forbiddenForRegularUsers() throws Exception {
+        withUser(NEW_USER, client -> {
+            forbidden(() -> client.putJson(apiPath("some_entity"), EMPTY_BODY));
+            forbidden(() -> client.get(apiPath()));
+            forbidden(() -> client.get(apiPath("some_entity")));
+            forbidden(() -> client.putJson(apiPath("some_entity"), EMPTY_BODY));
+            forbidden(() -> client.patch(apiPath(), EMPTY_BODY));
+            forbidden(() -> client.patch(apiPath("some_entity"), EMPTY_BODY));
+            forbidden(() -> client.delete(apiPath("some_entity")));
+        });
     }
 
-    public void availableForAdminUser(LocalCluster localCluster) throws Exception {
-        final var entitiesNames = predefinedHiddenAndReservedConfigEntities(localCluster);
+    @Test
+    public void availableForAdminUser() throws Exception {
+        final var entitiesNames = predefinedHiddenAndReservedConfigEntities();
         final var hiddenEntityName = entitiesNames.getLeft();
         final var reservedEntityName = entitiesNames.getRight();
         // can't see hidden resources
-        try (TestRestClient client = localCluster.getRestClient(ADMIN_USER)) {
+        withUser(ADMIN_USER_NAME, client -> {
             verifyNoHiddenEntities(() -> client.get(apiPath()));
             creationOfReadOnlyEntityForbidden(
                 randomAsciiAlphanumOfLength(10),
@@ -126,28 +131,35 @@ public void availableForAdminUser(LocalCluster localCluster) throws Exception {
             verifyUpdateAndDeleteReservedConfigEntityForbidden(reservedEntityName, client);
             verifyCrudOperations(null, null, client);
             verifyBadRequestOperations(client);
-        }
+        });
     }
 
-    Pair<String, String> predefinedHiddenAndReservedConfigEntities(LocalCluster localCluster) throws Exception {
+    Pair<String, String> predefinedHiddenAndReservedConfigEntities() throws Exception {
         final var hiddenEntityName = randomAsciiAlphanumOfLength(10);
         final var reservedEntityName = randomAsciiAlphanumOfLength(10);
-        try (TestRestClient client = localCluster.getAdminCertRestClient()) {
-            assertThat(client.putJson(apiPath(hiddenEntityName), testDescriptor.hiddenEntityPayload()), isCreated());
-            assertThat(client.putJson(apiPath(reservedEntityName), testDescriptor.reservedEntityPayload()), isCreated());
-        }
+        withUser(
+            ADMIN_USER_NAME,
+            localCluster.getAdminCertificate(),
+            client -> created(() -> client.putJson(apiPath(hiddenEntityName), testDescriptor.hiddenEntityPayload()))
+        );
+        withUser(
+            ADMIN_USER_NAME,
+            localCluster.getAdminCertificate(),
+            client -> created(() -> client.putJson(apiPath(reservedEntityName), testDescriptor.reservedEntityPayload()))
+        );
         return Pair.of(hiddenEntityName, reservedEntityName);
     }
 
-    public void availableForTLSAdminUser(LocalCluster localCluster) throws Exception {
-        try (TestRestClient client = localCluster.getAdminCertRestClient()) {
-            availableForSuperAdminUser(client);
-        }
+    @Test
+    public void availableForTLSAdminUser() throws Exception {
+        withUser(ADMIN_USER_NAME, localCluster.getAdminCertificate(), this::availableForSuperAdminUser);
     }
 
-    public void availableForRESTAdminUser(LocalCluster localCluster) throws Exception {
-        try (TestRestClient client = localCluster.getRestClient(REST_ADMIN_USER)) {
-            availableForSuperAdminUser(client);
+    @Test
+    public void availableForRESTAdminUser() throws Exception {
+        withUser(REST_ADMIN_USER, this::availableForSuperAdminUser);
+        if (testDescriptor.restAdminLimitedUser().isPresent()) {
+            withUser(testDescriptor.restAdminLimitedUser().get(), this::availableForSuperAdminUser);
         }
     }
 
@@ -166,9 +178,7 @@ void availableForSuperAdminUser(final TestRestClient client) throws Exception {
     }
 
     void verifyNoHiddenEntities(final CheckedSupplier<TestRestClient.HttpResponse, Exception> endpointCallback) throws Exception {
-        final var resp = endpointCallback.get();
-        assertThat(resp, isOk());
-        final var body = resp.bodyAsJsonNode();
+        final var body = ok(endpointCallback).bodyAsJsonNode();
         final var pretty = body.toPrettyString();
         final var it = body.elements();
         while (it.hasNext()) {
@@ -180,11 +190,11 @@ void verifyNoHiddenEntities(final CheckedSupplier<TestRestClient.HttpResponse, E
     void creationOfReadOnlyEntityForbidden(final String entityName, final TestRestClient client, final ToXContentObject... entities)
         throws Exception {
         for (final var configEntity : entities) {
-            final var resp = client.putJson(apiPath(entityName), configEntity);
-            assertThat(resp, isBadRequest());
-            assertInvalidKeys(resp, is(oneOf("static", "hidden", "reserved")));
-            final var resp2 = client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(10), configEntity)));
-            assertThat(resp2, isBadRequest());
+            assertInvalidKeys(
+                badRequest(() -> client.putJson(apiPath(entityName), configEntity)),
+                is(oneOf("static", "hidden", "reserved"))
+            );
+            badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(10), configEntity))));
         }
     }
 
@@ -212,60 +222,54 @@ void assertWrongDataType(final TestRestClient.HttpResponse response, final Map<S
             assertThat(response.getBody(), response.getTextFromJsonBody("/" + p.getKey()), is(p.getValue()));
     }
 
+    void assertSpecifyOneOf(final TestRestClient.HttpResponse response, final String expectedSpecifyOneOfKeys) {
+        assertThat(response.getBody(), response.getTextFromJsonBody("/status"), is("error"));
+        assertThat(response.getBody(), response.getTextFromJsonBody("/reason"), equalTo("Invalid configuration"));
+        assertThat(response.getBody(), response.getTextFromJsonBody("/specify_one_of/keys"), containsString(expectedSpecifyOneOfKeys));
+    }
+
+    void assertMissingMandatoryKeys(final TestRestClient.HttpResponse response, final String expectedKeys) {
+        assertThat(response.getBody(), response.getTextFromJsonBody("/status"), is("error"));
+        assertThat(response.getBody(), response.getTextFromJsonBody("/reason"), equalTo("Invalid configuration"));
+        assertThat(response.getBody(), response.getTextFromJsonBody("/missing_mandatory_keys/keys"), containsString(expectedKeys));
+    }
+
     void verifyUpdateAndDeleteHiddenConfigEntityForbidden(final String hiddenEntityName, final TestRestClient client) throws Exception {
         final var expectedErrorMessage = "Resource '" + hiddenEntityName + "' is not available.";
-        assertThat(
-            client.putJson(apiPath(hiddenEntityName), testDescriptor.entityPayload()),
-            isNotFound().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(
-            client.patch(
+        notFound(() -> client.putJson(apiPath(hiddenEntityName), testDescriptor.entityPayload()), expectedErrorMessage);
+        notFound(
+            () -> client.patch(
                 apiPath(hiddenEntityName),
                 patch(replaceOp(testDescriptor.entityJsonProperty(), testDescriptor.jsonPropertyPayload()))
             ),
-            isNotFound().withAttribute("/message", expectedErrorMessage)
+            expectedErrorMessage
         );
-        assertThat(
-            client.patch(apiPath(), patch(replaceOp(hiddenEntityName, testDescriptor.entityPayload()))),
-            isNotFound().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(
-            client.patch(apiPath(hiddenEntityName), patch(removeOp(testDescriptor.entityJsonProperty()))),
-            isNotFound().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(
-            client.patch(apiPath(), patch(removeOp(hiddenEntityName))),
-            isNotFound().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(client.delete(apiPath(hiddenEntityName)), isNotFound().withAttribute("/message", expectedErrorMessage));
+        notFound(() -> client.patch(apiPath(), patch(replaceOp(hiddenEntityName, testDescriptor.entityPayload()))), expectedErrorMessage);
+        notFound(() -> client.patch(apiPath(hiddenEntityName), patch(removeOp(testDescriptor.entityJsonProperty()))), expectedErrorMessage);
+        notFound(() -> client.patch(apiPath(), patch(removeOp(hiddenEntityName))), expectedErrorMessage);
+        notFound(() -> client.delete(apiPath(hiddenEntityName)), expectedErrorMessage);
     }
 
     void verifyUpdateAndDeleteReservedConfigEntityForbidden(final String reservedEntityName, final TestRestClient client) throws Exception {
         final var expectedErrorMessage = "Resource '" + reservedEntityName + "' is reserved.";
-        assertThat(
-            client.putJson(apiPath(reservedEntityName), testDescriptor.entityPayload()),
-            isForbidden().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(
-            client.patch(
+        forbidden(() -> client.putJson(apiPath(reservedEntityName), testDescriptor.entityPayload()), expectedErrorMessage);
+        forbidden(
+            () -> client.patch(
                 apiPath(reservedEntityName),
                 patch(replaceOp(testDescriptor.entityJsonProperty(), testDescriptor.entityJsonProperty()))
             ),
-            isForbidden().withAttribute("/message", expectedErrorMessage)
+            expectedErrorMessage
         );
-        assertThat(
-            client.patch(apiPath(), patch(replaceOp(reservedEntityName, testDescriptor.entityPayload()))),
-            isForbidden().withAttribute("/message", expectedErrorMessage)
-        );
-        assertThat(
-            client.patch(apiPath(), patch(removeOp(reservedEntityName))),
-            isForbidden().withAttribute("/message", expectedErrorMessage)
+        forbidden(
+            () -> client.patch(apiPath(), patch(replaceOp(reservedEntityName, testDescriptor.entityPayload()))),
+            expectedErrorMessage
         );
-        assertThat(
-            client.patch(apiPath(reservedEntityName), patch(removeOp(testDescriptor.entityJsonProperty()))),
-            isForbidden().withAttribute("/message", expectedErrorMessage)
+        forbidden(() -> client.patch(apiPath(), patch(removeOp(reservedEntityName))), expectedErrorMessage);
+        forbidden(
+            () -> client.patch(apiPath(reservedEntityName), patch(removeOp(testDescriptor.entityJsonProperty()))),
+            expectedErrorMessage
         );
-        assertThat(client.delete(apiPath(reservedEntityName)), isForbidden().withAttribute("/message", expectedErrorMessage));
+        forbidden(() -> client.delete(apiPath(reservedEntityName)), expectedErrorMessage);
     }
 
     void forbiddenToCreateEntityWithRestAdminPermissions(final TestRestClient client) throws Exception {}