Enhance RestLayerPrivilegesEvaluator Code Coverage

[stephen-crawford]

Description

RestLayerPrivilegesEvaluator is expected to have 100% code coverage. This change should boost the coverage as high as is reasonable. Per this comment: #2929 (comment), I am not adding tests for debug logs.

Issues Resolved

Resolves #2929

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[peternied]

If code cov says that there is a no change, are you sure these tests are executed and their coverage data submitted? Do you see these tests executed from the artifacts of the check runs?

[stephen-crawford]

It does not look like it ran. I am not sure how to fix that though. I don't think it is something related to this change--I triggered a re-run.

[willyborankin]

@scrawfor99 I think you need to call it RestPathMatchesTests.java not RestPathMatchesTest.java.

[willyborankin]

Maybe it is not only your case but others as well.

[peternied]

Nice catch @willyborankin . I've got a change that will expect 100% code coverage in the tests (e.g. all test code should be executed) that should help us catch this kind of issue

• Add code coverage exclusions on false positives #3196

[willyborankin]

Yes I did the same mistake :-D. Here is PR: #3224. Lets see.

[stephen-crawford]

Huh, who knew. I will swap over the name.

[stephen-crawford]

Confirmed tests ran.

[stephen-crawford]

RestLayerPrivilegeEvaluator still lists isInitialized as having partial coverage. However, I think this is adequate. I added a test to check that it fails when not initialized (one of the two possibilities) and all other tests which test something else will inherently check isInitialized is true during their evaluation. This covers the true case.

[stephen-crawford]

This is the code coverage for the other SecurityRestFilter: https://app.codecov.io/gh/opensearch-project/security/pull/3218/blob/src/main/java/org/opensearch/security/filter/SecurityRestFilter.java

It still labels a significant amount as uncovered. I am not sure what is expected here however, as the way to exercise the files is to extract the internal method logic into separate functions so we can provide good and bad inputs and test the handling.

[peternied]

I've created a pull request for your fork that reduces the product code, adds more assertions, and gets more coverage, take a look and see if you'd like to include it with PR

• Increase coverage target stephen-crawford/security#4

[codecov]

Codecov Report

Merging #3218 (b58e3bc) into main (75f529a) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #3218      +/-   ##
============================================
+ Coverage     62.43%   62.45%   +0.01%     
+ Complexity     3352     3351       -1     
============================================
  Files           254      254              
  Lines         19748    19743       -5     
  Branches       3334     3334              
============================================
  Hits          12330    12330              
+ Misses         5789     5785       -4     
+ Partials       1629     1628       -1     

Files Changed	Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java	84.34% <100.00%> (ø)
...urity/privileges/RestLayerPrivilegesEvaluator.java	94.11% <100.00%> (+12.06%)	⬆️

[DarshitChanpura]

LGTM. Thanks @scrawfor99 !

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-3218-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 46dfd841abeae193075d8cf95dd4023e9ea71ef9
# Push it to GitHub
git push --set-upstream origin backport/backport-3218-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-3218-to-2.x.

[DarshitChanpura]

Backported in #2956 as that is the parent change for this PR.