fixed security tests (opensearch-project#484) (opensearch-project#794)

* fixed security tests

Signed-off-by: Raj Chakravarthi <[email protected]>
(cherry picked from commit c51940f5e2d14a00262f7f4675bbba2d930d2ede)

alerting/src/test/kotlin/org/opensearch/alerting/AlertingRestTestCase.kt

@@ -1182,10 +1182,11 @@ abstract class AlertingRestTestCase : ODFERestTestCase() {
         client().performRequest(request)
     }
 
-    fun createIndexRoleWithDocLevelSecurity(name: String, index: String, dlsQuery: String) {
+    fun createIndexRoleWithDocLevelSecurity(name: String, index: String, dlsQuery: String, clusterPermissions: String? = "") {
         val request = Request("PUT", "/_plugins/_security/api/roles/$name")
         var entity = "{\n" +
             "\"cluster_permissions\": [\n" +
+            "\"$clusterPermissions\"\n" +
             "],\n" +
             "\"index_permissions\": [\n" +
             "{\n" +

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureDestinationRestApiIT.kt

@@ -41,7 +41,7 @@ class SecureDestinationRestApiIT : AlertingRestTestCase() {
         }
     }
 
-    val user = "userOne"
+    val user = "userA"
     var userClient: RestClient? = null
 
     @Before

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureEmailAccountRestApiIT.kt

@@ -13,13 +13,15 @@ import org.junit.After
 import org.junit.Before
 import org.junit.BeforeClass
 import org.opensearch.alerting.ALERTING_GET_EMAIL_ACCOUNT_ACCESS
+import org.opensearch.alerting.ALERTING_NO_ACCESS_ROLE
 import org.opensearch.alerting.ALERTING_SEARCH_EMAIL_ACCOUNT_ACCESS
 import org.opensearch.alerting.AlertingPlugin
 import org.opensearch.alerting.AlertingRestTestCase
 import org.opensearch.alerting.TEST_HR_BACKEND_ROLE
 import org.opensearch.alerting.TEST_HR_INDEX
 import org.opensearch.alerting.TEST_HR_ROLE
 import org.opensearch.alerting.makeRequest
+import org.opensearch.client.ResponseException
 import org.opensearch.client.RestClient
 import org.opensearch.commons.rest.SecureRestClientBuilder
 import org.opensearch.rest.RestStatus
@@ -50,7 +52,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
         }
     }
 
-    val user = "userOne"
+    val user = "userB"
     var userClient: RestClient? = null
 
     @Before
@@ -126,7 +128,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
 
     /*
     TODO: https://github.com/opensearch-project/alerting/issues/300
-
+     */
     fun `test get email accounts with an user without get email account role`() {
         createUserWithTestDataAndCustomRole(
             user,
@@ -135,9 +137,7 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
             listOf(TEST_HR_BACKEND_ROLE),
             getClusterPermissionsFromCustomRole(ALERTING_NO_ACCESS_ROLE)
         )
-
         val emailAccount = createRandomEmailAccountWithGivenName(true, randomAlphaOfLength(5))
-
         try {
             userClient?.makeRequest(
                 "GET",
@@ -155,19 +155,15 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
             deleteRoleAndRoleMapping(TEST_HR_ROLE)
         }
     }
-
     fun `test search email accounts with an user without search email account role`() {
-
         createUserWithTestDataAndCustomRole(
             user,
             TEST_HR_INDEX,
             TEST_HR_ROLE,
             listOf(TEST_HR_BACKEND_ROLE),
             getClusterPermissionsFromCustomRole(ALERTING_NO_ACCESS_ROLE)
         )
-
         createRandomEmailAccountWithGivenName(true, randomAlphaOfLength(5))
-
         try {
             userClient?.makeRequest(
                 "POST",
@@ -182,6 +178,4 @@ class SecureEmailAccountRestApiIT : AlertingRestTestCase() {
             deleteRoleAndRoleMapping(TEST_HR_ROLE)
         }
     }
-
-     */
 }

alerting/src/test/kotlin/org/opensearch/alerting/resthandler/SecureEmailGroupsRestApiIT.kt

@@ -52,7 +52,7 @@ class SecureEmailGroupsRestApiIT : AlertingRestTestCase() {
         }
     }
 
-    val user = "userOne"
+    val user = "userC"
     var userClient: RestClient? = null
 
     @Before