Spotless

Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>

Author: nibix

src/integrationTest/java/org/opensearch/security/privileges/int_tests/DataStreamAuthorizationReadOnlyIntTests.java

@@ -390,10 +390,10 @@ public void search_indexPattern_minus() throws Exception {
             // OpenSearch does not handle the expression ds_a*,ds_b*,-ds_b2,-ds_b3 in a way that excludes the data streams. See
             // search_indexPattern_minus_backingIndices for an alternative.
             assertThat(
-                    httpResponse,
-                    containsExactly(ds_a1, ds_a2, ds_a3, ds_b1, ds_b2, ds_b3).at("hits.hits[*]._index")
-                            .reducedBy(user.reference(READ))
-                            .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
+                httpResponse,
+                containsExactly(ds_a1, ds_a2, ds_a3, ds_b1, ds_b2, ds_b3).at("hits.hits[*]._index")
+                    .reducedBy(user.reference(READ))
+                    .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
             );
         }
     }
@@ -402,12 +402,12 @@ public void search_indexPattern_minus() throws Exception {
     public void search_indexPattern_minus_backingIndices() throws Exception {
         try (TestRestClient restClient = cluster.getRestClient(user)) {
             TestRestClient.HttpResponse httpResponse = restClient.get("ds_a*,ds_b*,-.ds-ds_b2*,-.ds-ds_b3*/_search?size=1000");
-                assertThat(
-                    httpResponse,
-                    containsExactly(ds_a1, ds_a2, ds_a3, ds_b1).at("hits.hits[*]._index")
-                        .reducedBy(user.reference(READ))
-                        .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
-                );
+            assertThat(
+                httpResponse,
+                containsExactly(ds_a1, ds_a2, ds_a3, ds_b1).at("hits.hits[*]._index")
+                    .reducedBy(user.reference(READ))
+                    .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
+            );
         }
     }
 
@@ -418,12 +418,12 @@ public void search_indexPattern_nonExistingIndex_ignoreUnavailable() throws Exce
                 "ds_a*,ds_b*,xxx_non_existing/_search?size=1000&ignore_unavailable=true"
             );
 
-                assertThat(
-                    httpResponse,
-                    containsExactly(ds_a1, ds_a2, ds_a3, ds_b1, ds_b2, ds_b3).at("hits.hits[*]._index")
-                        .reducedBy(user.reference(READ))
-                        .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
-                );
+            assertThat(
+                httpResponse,
+                containsExactly(ds_a1, ds_a2, ds_a3, ds_b1, ds_b2, ds_b3).at("hits.hits[*]._index")
+                    .reducedBy(user.reference(READ))
+                    .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
+            );
 
         }
     }
@@ -484,7 +484,9 @@ public void search_termsAggregation_index() throws Exception {
 
             assertThat(
                 httpResponse,
-                containsExactly(ALL_INDICES_EXCEPT_SYSTEM_INDICES).at("aggregations.indices.buckets[*].key").reducedBy(user.reference(READ)).whenEmpty(isOk())
+                containsExactly(ALL_INDICES_EXCEPT_SYSTEM_INDICES).at("aggregations.indices.buckets[*].key")
+                    .reducedBy(user.reference(READ))
+                    .whenEmpty(isOk())
             );
 
         }
@@ -812,12 +814,12 @@ public void field_caps_indexPattern_minus() throws Exception {
     public void field_caps_indexPattern_minus_backingIndices() throws Exception {
         try (TestRestClient restClient = cluster.getRestClient(user)) {
             TestRestClient.HttpResponse httpResponse = restClient.get("ds_a*,ds_b*,-.ds-ds_b2*,-.ds-ds_b3*/_field_caps?fields=*");
-                assertThat(
-                    httpResponse,
-                    containsExactly(ds_a1, ds_a2, ds_a3, ds_b1).at("indices")
-                        .reducedBy(user.reference(READ))
-                        .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
-                );
+            assertThat(
+                httpResponse,
+                containsExactly(ds_a1, ds_a2, ds_a3, ds_b1).at("indices")
+                    .reducedBy(user.reference(READ))
+                    .whenEmpty(clusterConfig.allowsEmptyResultSets ? isOk() : isForbidden())
+            );
         }
     }
 

src/integrationTest/java/org/opensearch/security/privileges/int_tests/IndexAuthorizationReadOnlyIntTests.java

@@ -311,8 +311,8 @@ public class IndexAuthorizationReadOnlyIntTests {
                 .on(".system_index_plugin")
         )//
         .reference(READ, limitedTo(index_c1, alias_c1, system_index_plugin, alias_with_system_index))//
-        .reference(READ_NEXT_GEN, limitedTo(index_c1, alias_c1,  system_index_plugin))//
-            .reference(GET_ALIAS, limitedTo(index_c1, alias_c1, system_index_plugin, alias_with_system_index));
+        .reference(READ_NEXT_GEN, limitedTo(index_c1, alias_c1, system_index_plugin))//
+        .reference(GET_ALIAS, limitedTo(index_c1, alias_c1, system_index_plugin, alias_with_system_index));
     /**
      * This user has no privileges for indices that are used in this test. But they have privileges for other indices.
      * This allows them to use actions like _search and receive empty result sets.
@@ -1626,34 +1626,34 @@ public void getAlias_indexPattern_includeHidden() throws Exception {
                 if (user == UNLIMITED_USER) {
                     if (clusterConfig == ClusterConfig.LEGACY_PRIVILEGES_EVALUATION) {
                         assertThat(
-                                httpResponse,
-                                containsExactly(
-                                        index_a1,
-                                        index_a2,
-                                        index_a3,
-                                        index_b1,
-                                        index_b2,
-                                        index_b3,
-                                        index_c1,
-                                        index_hidden,
-                                        index_hidden_dot,
-                                        system_index_plugin
-                                ).at("$.keys()")
+                            httpResponse,
+                            containsExactly(
+                                index_a1,
+                                index_a2,
+                                index_a3,
+                                index_b1,
+                                index_b2,
+                                index_b3,
+                                index_c1,
+                                index_hidden,
+                                index_hidden_dot,
+                                system_index_plugin
+                            ).at("$.keys()")
                         );
                     } else {
                         assertThat(
-                                httpResponse,
-                                containsExactly(
-                                        index_a1,
-                                        index_a2,
-                                        index_a3,
-                                        index_b1,
-                                        index_b2,
-                                        index_b3,
-                                        index_c1,
-                                        index_hidden,
-                                        index_hidden_dot
-                                ).at("$.keys()")
+                            httpResponse,
+                            containsExactly(
+                                index_a1,
+                                index_a2,
+                                index_a3,
+                                index_b1,
+                                index_b2,
+                                index_b3,
+                                index_c1,
+                                index_hidden,
+                                index_hidden_dot
+                            ).at("$.keys()")
                         );
                     }
                 } else if (!user.reference(GET_ALIAS).isEmpty()) {

src/integrationTest/java/org/opensearch/security/privileges/int_tests/MiscPrivilegesIntTests.java

@@ -54,8 +54,8 @@ public class MiscPrivilegesIntTests {
         );
 
     private String TEST_RENDER_SEARCH_TEMPLATE_QUERY =
-            """
-                    {"params":{"status":["pending","published"]},"source":"{\\"query\\": {\\"terms\\": {\\"status\\": [\\"{{#status}}\\",\\"{{.}}\\",\\"{{/status}}\\"]}}}"}""";
+        """
+            {"params":{"status":["pending","published"]},"source":"{\\"query\\": {\\"terms\\": {\\"status\\": [\\"{{#status}}\\",\\"{{.}}\\",\\"{{/status}}\\"]}}}"}""";
 
     final static TestIndex R = TestIndex.name("r").build();
     /**

src/main/java/org/opensearch/security/privileges/ResourceAccessEvaluator.java

@@ -83,12 +83,17 @@ public void evaluateAsync(
         // if it reached this evaluator, it is safe to assume that the request if of DocRequest type
         DocRequest req = (DocRequest) request;
 
-        resourceAccessHandler.hasPermission(req.id(), req.type(), action,             ActionListener.wrap(
+        resourceAccessHandler.hasPermission(
+            req.id(),
+            req.type(),
+            action,
+            ActionListener.wrap(
                 hasAccess -> pResponseListener.onResponse(
-                        hasAccess ? PrivilegesEvaluatorResponse.ok() : PrivilegesEvaluatorResponse.insufficient(action)
+                    hasAccess ? PrivilegesEvaluatorResponse.ok() : PrivilegesEvaluatorResponse.insufficient(action)
                 ),
                 pResponseListener::onFailure
-        ));
+            )
+        );
     }
 
     /**

src/main/java/org/opensearch/security/privileges/actionlevel/legacy/PrivilegesEvaluator.java

@@ -373,7 +373,8 @@ public PrivilegesEvaluatorResponse evaluate(PrivilegesEvaluationContext context)
         }
 
         if (GetAllPitsAction.NAME.equals(action0)) {
-            // We preserve old behavior here: The "indices:data/read/point_in_time/readall" is allowed  when I have privileges on any actions.
+            // We preserve old behavior here: The "indices:data/read/point_in_time/readall" is allowed when I have privileges on any
+            // actions.
             // This is okay, as the action name includes "readall" anyway. In the new privilege evaluation, this is a cluster privilege.
             return actionPrivileges.hasIndexPrivilegeForAnyIndex(context, Set.of(action0));
         }

src/main/java/org/opensearch/security/resources/ResourceAccessHandler.java

@@ -29,7 +29,6 @@
 import org.opensearch.security.auth.UserSubjectImpl;
 import org.opensearch.security.configuration.AdminDNs;
 import org.opensearch.security.privileges.PrivilegesConfiguration;
-import org.opensearch.security.privileges.PrivilegesEvaluationContext;
 import org.opensearch.security.resources.sharing.Recipient;
 import org.opensearch.security.resources.sharing.ResourceSharing;
 import org.opensearch.security.resources.sharing.ShareWith;