Spotless Check and Adding one more test for coverage

Signed-off-by: Sam <samuel.costa@eliatra.com>
samuelcostae · Aug 16, 2023 · 0d64a48 · 0d64a48
1 parent 6d026f7
commit 0d64a48
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java b/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java
@@ -203,7 +203,7 @@ private PrivilegesEvaluatorResponse evaluateNewSecuredIndicesAccess(
         Boolean isDebugEnabled
 
     ) {
-        if (matchAnyDenyIndices(requestedResolved)){
+        if (matchAnyDenyIndices(requestedResolved)) {
             auditLog.logSecurityIndexAttempt(request, action, task);
             if (log.isInfoEnabled()) {
                 log.info(

diff --git a/src/test/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluatorTest.java
@@ -160,6 +160,22 @@ public void protectedActionLocalAll() {
         verify(log).info("{} for '_all' indices is not allowed for a regular user", "indices:data/write");
     }
 
+    @Test
+    public void protectedActionLocalAllWithNewAccessControl() {
+        setupEvaluatorWithSystemIndicesControl();
+        final Resolved resolved = Resolved._LOCAL_ALL;
+
+        // Action
+        evaluator.evaluate(request, task, PROTECTED_ACTION, resolved, presponse, securityRoles);
+        verify(log).isDebugEnabled();
+
+        verify(auditLog).logSecurityIndexAttempt(request, PROTECTED_ACTION, task);
+        assertThat(presponse.allowed, is(false));
+        verify(presponse).markComplete();
+        verify(presponse).isComplete();
+        verify(log).isDebugEnabled();
+        verify(log).info("{} for '_all' indices is not allowed for a regular user", "indices:data/write");
+    }
     @Test
     public void protectedActionSystemIndex() {
         setupEvaluatorWithSystemIndicesControl();