Refactor Role Mappings REST API test (opensearch-project#4450)

Signed-off-by: Andrey Pleskach <[email protected]>
stephen-crawford · Jun 26, 2024 · 6dedfb4 · 6dedfb4
1 parent f37399e
commit 6dedfb4
Show file tree

Hide file tree

Showing 6 changed files with 522 additions and 710 deletions.
diff --git a/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java b/src/integrationTest/java/org/opensearch/security/api/AbstractApiIntegrationTest.java
@@ -283,6 +283,12 @@ protected String apiPath(final String... path) {
         return fullPath.toString();
     }
 
+    void badRequestWithReason(final CheckedSupplier<TestRestClient.HttpResponse, Exception> endpointCallback, final String expectedMessage)
+        throws Exception {
+        final var response = badRequest(endpointCallback);
+        assertThat(response.getBody(), response.getTextFromJsonBody("/reason"), is(expectedMessage));
+    }
+
     void badRequestWithMessage(final CheckedSupplier<TestRestClient.HttpResponse, Exception> endpointCallback, final String expectedMessage)
         throws Exception {
         final var response = badRequest(endpointCallback);

diff --git a/...egrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java b/...egrationTest/java/org/opensearch/security/api/AbstractConfigEntityApiIntegrationTest.java
@@ -22,6 +22,8 @@
 import org.opensearch.core.xcontent.ToXContentObject;
 import org.opensearch.test.framework.cluster.TestRestClient;
 
+import com.nimbusds.jose.util.Pair;
+
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -133,23 +135,14 @@ public void forbiddenForRegularUsers() throws Exception {
 
     @Test
     public void availableForAdminUser() throws Exception {
-        final var hiddenEntityName = randomAsciiAlphanumOfLength(10);
-        final var reservedEntityName = randomAsciiAlphanumOfLength(10);
-        withUser(
-            ADMIN_USER_NAME,
-            localCluster.getAdminCertificate(),
-            client -> created(() -> client.putJson(apiPath(hiddenEntityName), testDescriptor.hiddenEntityPayload()))
-        );
-        withUser(
-            ADMIN_USER_NAME,
-            localCluster.getAdminCertificate(),
-            client -> created(() -> client.putJson(apiPath(reservedEntityName), testDescriptor.reservedEntityPayload()))
-        );
-
+        final var entitiesNames = predefinedHiddenAndReservedConfigEntities();
+        final var hiddenEntityName = entitiesNames.getLeft();
+        final var reservedEntityName = entitiesNames.getRight();
         // can't see hidden resources
         withUser(ADMIN_USER_NAME, client -> {
             verifyNoHiddenEntities(() -> client.get(apiPath()));
             creationOfReadOnlyEntityForbidden(
+                randomAsciiAlphanumOfLength(10),
                 client,
                 (builder, params) -> testDescriptor.hiddenEntityPayload().toXContent(builder, params),
                 (builder, params) -> testDescriptor.reservedEntityPayload().toXContent(builder, params),
@@ -162,6 +155,22 @@ public void availableForAdminUser() throws Exception {
         });
     }
 
+    Pair<String, String> predefinedHiddenAndReservedConfigEntities() throws Exception {
+        final var hiddenEntityName = randomAsciiAlphanumOfLength(10);
+        final var reservedEntityName = randomAsciiAlphanumOfLength(10);
+        withUser(
+            ADMIN_USER_NAME,
+            localCluster.getAdminCertificate(),
+            client -> created(() -> client.putJson(apiPath(hiddenEntityName), testDescriptor.hiddenEntityPayload()))
+        );
+        withUser(
+            ADMIN_USER_NAME,
+            localCluster.getAdminCertificate(),
+            client -> created(() -> client.putJson(apiPath(reservedEntityName), testDescriptor.reservedEntityPayload()))
+        );
+        return Pair.of(hiddenEntityName, reservedEntityName);
+    }
+
     @Test
     public void availableForTLSAdminUser() throws Exception {
         withUser(ADMIN_USER_NAME, localCluster.getAdminCertificate(), this::availableForSuperAdminUser);
@@ -176,7 +185,11 @@ public void availableForRESTAdminUser() throws Exception {
     }
 
     void availableForSuperAdminUser(final TestRestClient client) throws Exception {
-        creationOfReadOnlyEntityForbidden(client, (builder, params) -> testDescriptor.staticEntityPayload().toXContent(builder, params));
+        creationOfReadOnlyEntityForbidden(
+            randomAsciiAlphanumOfLength(10),
+            client,
+            (builder, params) -> testDescriptor.staticEntityPayload().toXContent(builder, params)
+        );
         verifyCrudOperations(true, null, client);
         verifyCrudOperations(null, true, client);
         verifyCrudOperations(null, null, client);
@@ -195,10 +208,11 @@ void verifyNoHiddenEntities(final CheckedSupplier<TestRestClient.HttpResponse, E
         }
     }
 
-    void creationOfReadOnlyEntityForbidden(final TestRestClient client, final ToXContentObject... entities) throws Exception {
+    void creationOfReadOnlyEntityForbidden(final String entityName, final TestRestClient client, final ToXContentObject... entities)
+        throws Exception {
         for (final var configEntity : entities) {
             assertInvalidKeys(
-                badRequest(() -> client.putJson(apiPath(randomAsciiAlphanumOfLength(10)), configEntity)),
+                badRequest(() -> client.putJson(apiPath(entityName), configEntity)),
                 is(oneOf("static", "hidden", "reserved"))
             );
             badRequest(() -> client.patch(apiPath(), patch(addOp(randomAsciiAlphanumOfLength(10), configEntity))));