Cluster permissions evaluation logic will now include index_template type action

[DarshitChanpura]

Description

Title

• Category : Bug Fix

Issues Resolved

• Resolves [BUG] index_template action type is not part of cluster-permissions check even though template is. #1884

Testing

A test is written to evaluate this

Check List

• New functionality includes testing
  - [ ] New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

@opensearch-project/security Seems like the test failures are related to audit-log changes. Need some help fixing this.

[cliu123]

@DarshitChanpura CI failed. Would you please take a look?

[DarshitChanpura]

@DarshitChanpura CI failed. Would you please take a look?

It failed due to errors unrelated to the changes in this PR, example look here. Have we seen this error before?

[davidlago]

nitpick: space before else (do we have a linting rule for this?)

[DarshitChanpura]

done

[davidlago]

Could you please add a description to either this PR or the associated issue explaining what the implications of index_template not being initially included? i.e., what is the behavior change after fixing this issue?

[DarshitChanpura]

Could you please add a description to either this PR or the associated issue explaining what the implications of index_template not being initially included? i.e., what is the behavior change after fixing this issue?

done... description added to the referenced issue

[codecov-commenter]

Codecov Report

Merging #1885 (260f7bb) into main (001d73f) will increase coverage by 0.00%.
The diff coverage is 50.00%.

@@            Coverage Diff            @@
##               main    #1885   +/-   ##
=========================================
  Coverage     61.01%   61.02%           
  Complexity     3232     3232           
=========================================
  Files           256      256           
  Lines         18085    18087    +2     
  Branches       3222     3224    +2     
=========================================
+ Hits          11034    11037    +3     
+ Misses         5469     5466    -3     
- Partials       1582     1584    +2     

Impacted Files	Coverage Δ
...earch/security/resolver/IndexResolverReplacer.java	65.34% <0.00%> (-0.19%)	⬇️
...earch/security/privileges/PrivilegesEvaluator.java	72.02% <100.00%> (+0.09%)	⬆️
...security/auditlog/sink/ExternalOpenSearchSink.java	59.25% <0.00%> (-2.47%)	⬇️
...nsearch/security/dlic/rest/api/AuditApiAction.java	68.08% <0.00%> (+4.25%)	⬆️
...ecurity/configuration/StaticResourceException.java	25.00% <0.00%> (+25.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 001d73f...260f7bb. Read the comment docs.

[peternied]

Much cleaner to use a regex, here is an example https://ideone.com/wEcFot

'test[12]'	 Name was: test,	 index position: 12
'result[2]'	 Name was: result,	 index position: 2
'res[2da]'	 No Match
'[a2da]'	 No Match
'sitename'	 No Match

If you have a match, immediately assign currentNode = currentNode.get(arrayEntryIdx); and then call continue to go back to the top of the loop

[DarshitChanpura]

good find.. this is much better.. Slight change, I can't immediately continue once I find the match, as I first have to check whether the current node on the requested path is an array and then try to get the request index.

[peternied]

Great work @DarshitChanpura