opensearch-project
diff --git a/‎build.gradle‎
Lines changed: 5 additions & 0 deletions b/‎build.gradle‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/integrationTest/java/org/opensearch/security/PerfTest.java‎
Lines changed: 0 additions & 146 deletions b/‎src/integrationTest/java/org/opensearch/security/PerfTest.java‎
Lines changed: 0 additions & 146 deletions
diff --git a/‎src/integrationTest/java/org/opensearch/security/SearchOperationTest.java‎
Lines changed: 6 additions & 1 deletion b/‎src/integrationTest/java/org/opensearch/security/SearchOperationTest.java‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java‎
Lines changed: 1 addition & 1 deletion b/‎src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/integrationTest/java/org/opensearch/security/privileges/RestEndpointPermissionTests.java‎
Lines changed: 2 additions & 1 deletion b/‎src/integrationTest/java/org/opensearch/security/privileges/RestEndpointPermissionTests.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/integrationTest/java/org/opensearch/security/privileges/actionlevel/RoleBasedActionPrivilegesTest.java‎
Lines changed: 38 additions & 19 deletions b/‎src/integrationTest/java/org/opensearch/security/privileges/actionlevel/RoleBasedActionPrivilegesTest.java‎
Lines changed: 38 additions & 19 deletions
@@ -573,6 +573,11 @@ allprojects {
         integrationTestImplementation 'org.slf4j:slf4j-api:2.0.12'
         integrationTestImplementation 'com.selectivem.collections:special-collections-complete:1.4.0'
         integrationTestImplementation "org.opensearch.plugin:lang-painless:${opensearch_version}"
+
+        integrationTestImplementation ('com.jayway.jsonpath:json-path:2.9.0') {
+            exclude(group: 'net.minidev', module: 'json-smart')
+        }
+        integrationTestImplementation 'net.minidev:json-smart:2.6.0'
     }
 }
 
 
@@ -67,6 +67,7 @@
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
 import org.opensearch.action.search.SearchScrollRequest;
+import org.opensearch.action.support.IndicesOptions;
 import org.opensearch.action.update.UpdateRequest;
 import org.opensearch.action.update.UpdateResponse;
 import org.opensearch.client.RestHighLevelClient;
@@ -2281,7 +2282,11 @@ public void openIndex_negative() throws IOException {
                     .open(new OpenIndexRequest(indexThatUserHasAccessTo, indexThatUserHasNoAccessTo), DEFAULT),
                 statusException(FORBIDDEN)
             );
-            assertThatThrownBy(() -> restHighLevelClient.indices().open(new OpenIndexRequest("*"), DEFAULT), statusException(FORBIDDEN));
+            assertThatThrownBy(
+                () -> restHighLevelClient.indices()
+                    .open(new OpenIndexRequest("*").indicesOptions(IndicesOptions.LENIENT_EXPAND_OPEN_CLOSED), DEFAULT),
+                statusException(FORBIDDEN)
+            );
         }
     }
 
 
@@ -44,7 +44,7 @@ public class PrivilegesEvaluatorTest {
     );
 
     protected final static TestSecurityConfig.User NEGATED_REGEX = new TestSecurityConfig.User("negated_regex_user").roles(
-        new Role("negated_regex_role").indexPermissions("read").on("/^[a-z].*/").clusterPermissions("cluster_composite_ops")
+        new Role("negated_regex_role").indexPermissions("read").on("/^[a-r].*/").clusterPermissions("cluster_composite_ops")
     );
 
     protected final static TestSecurityConfig.User SEARCH_TEMPLATE = new TestSecurityConfig.User("search_template_user").roles(
 
@@ -122,7 +122,8 @@ public RestEndpointPermissionTests() throws IOException {
             createRolesConfig(),
             FlattenedActionGroups.EMPTY,
             RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-            Settings.EMPTY
+            Settings.EMPTY,
+            false
         );
     }
 
 
@@ -86,7 +86,8 @@ public void wellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(subject.hasClusterPrivilege(ctx().roles("test_role").get(), "cluster:monitor/nodes/stats"), isAllowed());
@@ -110,7 +111,8 @@ public void notWellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(
@@ -137,7 +139,8 @@ public void wildcard() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(subject.hasClusterPrivilege(ctx().roles("test_role").get(), "cluster:whatever"), isAllowed());
@@ -165,7 +168,8 @@ public void explicit_wellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(subject.hasExplicitClusterPrivilege(ctx().roles("explicit_role").get(), "cluster:monitor/nodes/stats"), isAllowed());
@@ -201,7 +205,8 @@ public void explicit_notWellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(
@@ -232,7 +237,8 @@ public void hasAny_wellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(
@@ -267,7 +273,8 @@ public void hasAny_notWellKnown() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(
@@ -309,7 +316,8 @@ public void hasAny_wildcard() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             assertThat(subject.hasAnyClusterPrivilege(ctx().roles("test_role").get(), ImmutableSet.of("cluster:whatever")), isAllowed());
@@ -508,7 +516,8 @@ public IndicesAndAliases(IndexSpec indexSpec, ActionSpec actionSpec, Statefulnes
                     roles,
                     FlattenedActionGroups.EMPTY,
                     RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                    settings
+                    settings,
+                    false
                 );
 
                 if (statefulness == Statefulness.STATEFUL || statefulness == Statefulness.STATEFUL_LIMITED) {
@@ -682,7 +691,8 @@ public DataStreams(IndexSpec indexSpec, ActionSpec actionSpec, Statefulness stat
                     roles,
                     FlattenedActionGroups.EMPTY,
                     RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                    settings
+                    settings,
+                    false
                 );
 
                 if (statefulness == Statefulness.STATEFUL || statefulness == Statefulness.STATEFUL_LIMITED) {
@@ -918,7 +928,8 @@ public void hasIndexPrivilege_errors() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasIndexPrivilege(
@@ -949,7 +960,8 @@ public void hasExplicitIndexPrivilege_positive() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasExplicitIndexPrivilege(
@@ -974,7 +986,8 @@ public void hasExplicitIndexPrivilege_positive_wildcard() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasExplicitIndexPrivilege(
@@ -996,7 +1009,8 @@ public void hasExplicitIndexPrivilege_noWildcard() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasExplicitIndexPrivilege(
@@ -1021,7 +1035,8 @@ public void hasExplicitIndexPrivilege_negative_wrongAction() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasExplicitIndexPrivilege(
@@ -1046,7 +1061,8 @@ public void hasExplicitIndexPrivilege_errors() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             PrivilegesEvaluatorResponse result = subject.hasExplicitIndexPrivilege(
@@ -1080,7 +1096,8 @@ public void aliasesOnDataStreamBackingIndices() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
             subject.updateStatefulIndexPrivileges(metadata.getIndicesLookup(), 2);
 
@@ -1113,7 +1130,8 @@ public void statefulDisabled() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.builder().put(RoleBasedActionPrivileges.PRECOMPUTED_PRIVILEGES_ENABLED.getKey(), false).build()
+                Settings.builder().put(RoleBasedActionPrivileges.PRECOMPUTED_PRIVILEGES_ENABLED.getKey(), false).build(),
+                false
             );
             subject.updateStatefulIndexPrivileges(metadata, 1);
             assertEquals(0, subject.getEstimatedStatefulIndexByteSize());
@@ -1136,7 +1154,8 @@ public void estimatedSize() throws Exception {
                 roles,
                 FlattenedActionGroups.EMPTY,
                 RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,
-                Settings.EMPTY
+                Settings.EMPTY,
+                false
             );
 
             subject.updateStatefulIndexPrivileges(indices, 1);
Original file line number	Diff line number	Diff line change
`@@ -573,6 +573,11 @@ allprojects {`
`573`	`573`	`integrationTestImplementation 'org.slf4j:slf4j-api:2.0.12'`
`574`	`574`	`integrationTestImplementation 'com.selectivem.collections:special-collections-complete:1.4.0'`
`575`	`575`	`integrationTestImplementation "org.opensearch.plugin:lang-painless:${opensearch_version}"`
	`576`	`+`
	`577`	`+ integrationTestImplementation ('com.jayway.jsonpath:json-path:2.9.0') {`
	`578`	`+ exclude(group: 'net.minidev', module: 'json-smart')`
	`579`	`+ }`
	`580`	`+ integrationTestImplementation 'net.minidev:json-smart:2.6.0'`
`576`	`581`	`}`
`577`	`582`	`}`
`578`	`583`
Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,8 @@ public RestEndpointPermissionTests() throws IOException {`
`122`	`122`	`createRolesConfig(),`
`123`	`123`	`FlattenedActionGroups.EMPTY,`
`124`	`124`	`RuntimeOptimizedActionPrivileges.SpecialIndexProtection.NONE,`
`125`		`- Settings.EMPTY`
	`125`	`+ Settings.EMPTY,`
	`126`	`+ false`
`126`	`127`	`);`
`127`	`128`	`}`
`128`	`129`