Add tests to verify that subject is injected

Signed-off-by: Craig Perkins <[email protected]>
cwperks · Jan 14, 2025 · 95f74c9 · 95f74c9
1 parent 5415ab3
commit 95f74c9
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -71,7 +71,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Allow extended plugins to be optional ([#16909](https://github.com/opensearch-project/OpenSearch/pull/16909))
 - Use the correct type to widen the sort fields when merging top docs ([#16881](https://github.com/opensearch-project/OpenSearch/pull/16881))
 - Limit reader writer separation to remote store enabled clusters [#16760](https://github.com/opensearch-project/OpenSearch/pull/16760)
-- Refactor IdentityAwarePlugin interface to be assigned a client for executing actions ([#16976](https://github.com/opensearch-project/OpenSearch/pull/16976))
+- Add runAs(Subject subject) to Client interface ([#16976](https://github.com/opensearch-project/OpenSearch/pull/16976))
 
 ### Deprecated
 - Performing update operation with default pipeline or final pipeline is deprecated ([#16712](https://github.com/opensearch-project/OpenSearch/pull/16712))

diff --git a/server/src/main/java/org/opensearch/identity/RunAsSubjectClient.java b/server/src/main/java/org/opensearch/identity/RunAsSubjectClient.java
@@ -8,6 +8,8 @@
 
 package org.opensearch.identity;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.opensearch.action.ActionRequest;
 import org.opensearch.action.ActionType;
 import org.opensearch.client.Client;
@@ -26,6 +28,8 @@
 @InternalApi
 public class RunAsSubjectClient extends FilterClient {
 
+    private static final Logger logger = LogManager.getLogger(RunAsSubjectClient.class);
+
     public static final String SUBJECT_TRANSIENT_NAME = "subject.name";
 
     private final Subject subject;
@@ -44,6 +48,7 @@ protected <Request extends ActionRequest, Response extends ActionResponse> void
         ThreadContext threadContext = threadPool().getThreadContext();
         try (ThreadContext.StoredContext ctx = threadContext.stashContext()) {
             threadContext.putTransient(SUBJECT_TRANSIENT_NAME, subject.getPrincipal().getName());
+            logger.info("Running transport action with subject: {}", subject.getPrincipal().getName());
             super.doExecute(action, request, ActionListener.runBefore(listener, ctx::restore));
         }
     }

diff --git a/server/src/test/java/org/opensearch/identity/RunAsSubjectClientTests.java b/server/src/test/java/org/opensearch/identity/RunAsSubjectClientTests.java
@@ -8,9 +8,12 @@
 
 package org.opensearch.identity;
 
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.LogManager;
 import org.opensearch.action.admin.cluster.health.ClusterHealthRequest;
 import org.opensearch.action.admin.cluster.health.ClusterHealthResponse;
 import org.opensearch.core.action.ActionListener;
+import org.opensearch.test.MockLogAppender;
 import org.opensearch.test.OpenSearchSingleNodeTestCase;
 import org.junit.Before;
 
@@ -33,36 +36,61 @@ public void setup() {
     }
 
     public void testThatContextIsRestoredOnActionListenerResponse() throws Exception {
-        client().threadPool().getThreadContext().putHeader("test_header", "foo");
-
-        client().runAs(TEST_SUBJECT).admin().cluster().health(new ClusterHealthRequest(), new ActionListener<>() {
-            @Override
-            public void onResponse(ClusterHealthResponse clusterHealthResponse) {
-                String testHeader = client().threadPool().getThreadContext().getHeader("test_header");
-                assertThat(testHeader, equalTo("foo"));
-            }
-
-            @Override
-            public void onFailure(Exception e) {
-                fail("Expected cluster health action to succeed");
-            }
-        });
+        try (MockLogAppender mockLogAppender = MockLogAppender.createForLoggers(LogManager.getLogger(RunAsSubjectClient.class))) {
+            mockLogAppender.addExpectation(
+                new MockLogAppender.SeenEventExpectation(
+                    "testSubject",
+                    "org.opensearch.identity.RunAsSubjectClient",
+                    Level.INFO,
+                    "Running transport action with subject: testSubject"
+                )
+            );
+
+            client().threadPool().getThreadContext().putHeader("test_header", "foo");
+
+            client().runAs(TEST_SUBJECT).admin().cluster().health(new ClusterHealthRequest(), new ActionListener<>() {
+                @Override
+                public void onResponse(ClusterHealthResponse clusterHealthResponse) {
+                    String testHeader = client().threadPool().getThreadContext().getHeader("test_header");
+                    assertThat(testHeader, equalTo("foo"));
+
+                    mockLogAppender.assertAllExpectationsMatched();
+                }
+
+                @Override
+                public void onFailure(Exception e) {
+                    fail("Expected cluster health action to succeed");
+                }
+            });
+        }
     }
 
     public void testThatContextIsRestoredOnActionListenerFailure() throws Exception {
-        client().threadPool().getThreadContext().putHeader("test_header", "bar");
-
-        client().runAs(TEST_SUBJECT).admin().cluster().health(new ClusterHealthRequest("dne"), new ActionListener<>() {
-            @Override
-            public void onResponse(ClusterHealthResponse clusterHealthResponse) {
-                fail("Expected cluster health action to fail");
-            }
-
-            @Override
-            public void onFailure(Exception e) {
-                String testHeader = client().threadPool().getThreadContext().getHeader("test_header");
-                assertThat(testHeader, equalTo("bar"));
-            }
-        });
+        try (MockLogAppender mockLogAppender = MockLogAppender.createForLoggers(LogManager.getLogger(RunAsSubjectClient.class))) {
+            mockLogAppender.addExpectation(
+                new MockLogAppender.SeenEventExpectation(
+                    "testSubject",
+                    "org.opensearch.identity.RunAsSubjectClient",
+                    Level.INFO,
+                    "Running transport action with subject: testSubject"
+                )
+            );
+            client().threadPool().getThreadContext().putHeader("test_header", "bar");
+
+            client().runAs(TEST_SUBJECT).admin().cluster().health(new ClusterHealthRequest("dne"), new ActionListener<>() {
+                @Override
+                public void onResponse(ClusterHealthResponse clusterHealthResponse) {
+                    fail("Expected cluster health action to fail");
+                }
+
+                @Override
+                public void onFailure(Exception e) {
+                    String testHeader = client().threadPool().getThreadContext().getHeader("test_header");
+                    assertThat(testHeader, equalTo("bar"));
+
+                    mockLogAppender.assertAllExpectationsMatched();
+                }
+            });
+        }
     }
 }