add agent framework security it tests

Zhangxunmt · Zhangxunmt · commit 6b7af6f2d9ba · 2024-03-22T10:41:27.000-07:00
Signed-off-by: Xun Zhang &lt;xunzh@amazon.com&gt;
diff --git a/plugin/src/test/java/org/opensearch/ml/rest/MLCommonsRestTestCase.java b/plugin/src/test/java/org/opensearch/ml/rest/MLCommonsRestTestCase.java
@@ -66,10 +66,14 @@
 import org.opensearch.ml.common.AccessMode;
 import org.opensearch.ml.common.FunctionName;
 import org.opensearch.ml.common.MLTaskState;
+import org.opensearch.ml.common.agent.MLAgent;
+import org.opensearch.ml.common.agent.MLToolSpec;
 import org.opensearch.ml.common.dataset.MLInputDataset;
 import org.opensearch.ml.common.dataset.SearchQueryInputDataset;
 import org.opensearch.ml.common.dataset.TextDocsInputDataSet;
+import org.opensearch.ml.common.dataset.remote.RemoteInferenceInputDataSet;
 import org.opensearch.ml.common.input.MLInput;
+import org.opensearch.ml.common.input.execute.agent.AgentMLInput;
 import org.opensearch.ml.common.input.parameter.MLAlgoParams;
 import org.opensearch.ml.common.model.MLModelConfig;
 import org.opensearch.ml.common.model.MLModelFormat;
@@ -731,6 +735,47 @@ public String registerModel(String input) throws IOException {
         return parseTaskIdFromResponse(response);
     }
 
+    public void registerMLAgent(RestClient client, String input, Consumer<Map<String, Object>> function) throws IOException {
+        Response response = TestHelper.makeRequest(client, "POST", "/_plugins/_ml/agents/_register", null, input, null);
+        verifyResponse(function, response);
+    }
+
+    public void executeAgent(RestClient client, String agentId, String input, Consumer<Map<String, Object>> function) throws IOException {
+        Response response = TestHelper.makeRequest(client, "POST", "/_plugins/_ml/agents/" + agentId + "/_execute", null, input, null);
+        verifyResponse(function, response);
+    }
+
+    public void getAgent(RestClient client, String agentId, Consumer<Map<String, Object>> function) throws IOException {
+        Response response = TestHelper.makeRequest(client, "GET", "/_plugins/_ml/agents/" + agentId, null, "", null);
+        verifyResponse(function, response);
+    }
+
+    public void searchAgent(RestClient client, String input, Consumer<Map<String, Object>> function) throws IOException {
+        Response response = TestHelper.makeRequest(client, "POST", "/_plugins/_ml/agents/_search", null, input, null);
+        verifyResponse(function, response);
+    }
+
+    public void deleteAgent(RestClient client, String agentId, Consumer<Map<String, Object>> function) throws IOException {
+        Response response = TestHelper.makeRequest(client, "DELETE", "/_plugins/_ml/agents/" + agentId, null, "", null);
+        verifyResponse(function, response);
+    }
+
+    public MLAgent createCatIndexToolMLAgent() {
+        MLToolSpec catIndexTool = MLToolSpec
+            .builder()
+            .type("CatIndexTool")
+            .name("DemoCatIndexTool")
+            .parameters(Map.of("input", "${parameters.question}"))
+            .build();
+        return MLAgent
+            .builder()
+            .name("Test_Agent_For_CatIndex_tool")
+            .type("flow")
+            .description("this is a test agent for the CatIndexTool")
+            .tools(List.of(catIndexTool))
+            .build();
+    }
+
     public void deployModel(RestClient client, MLRegisterModelInput registerModelInput, Consumer<Map<String, Object>> function)
         throws IOException,
         InterruptedException {
diff --git a/plugin/src/test/java/org/opensearch/ml/rest/SecureMLRestIT.java b/plugin/src/test/java/org/opensearch/ml/rest/SecureMLRestIT.java
@@ -18,15 +18,23 @@
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.rules.ExpectedException;
+import org.opensearch.action.search.SearchRequest;
 import org.opensearch.client.Response;
 import org.opensearch.client.ResponseException;
 import org.opensearch.client.RestClient;
 import org.opensearch.commons.rest.SecureRestClientBuilder;
 import org.opensearch.index.query.MatchAllQueryBuilder;
+import org.opensearch.index.query.QueryBuilders;
 import org.opensearch.ml.common.AccessMode;
 import org.opensearch.ml.common.FunctionName;
 import org.opensearch.ml.common.MLTaskState;
+import org.opensearch.ml.common.agent.MLAgent;
+import org.opensearch.ml.common.dataset.remote.RemoteInferenceInputDataSet;
+import org.opensearch.ml.common.input.execute.agent.AgentMLInput;
 import org.opensearch.ml.common.input.parameter.clustering.KMeansParams;
+import org.opensearch.ml.common.transport.agent.MLAgentDeleteRequest;
+import org.opensearch.ml.common.transport.agent.MLAgentGetRequest;
+import org.opensearch.ml.common.transport.agent.MLRegisterAgentRequest;
 import org.opensearch.ml.common.transport.model_group.MLRegisterModelGroupInput;
 import org.opensearch.ml.common.transport.register.MLRegisterModelInput;
 import org.opensearch.ml.utils.TestHelper;
@@ -35,6 +43,8 @@
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
 
+import static org.opensearch.ml.common.CommonValue.ML_AGENT_INDEX;
+
 public class SecureMLRestIT extends MLCommonsRestTestCase {
     private String irisIndex = "iris_data_secure_ml_it";
 
@@ -59,6 +69,8 @@ public class SecureMLRestIT extends MLCommonsRestTestCase {
 
     private String modelGroupId;
 
+    private MLAgent mlAgent;
+
     /**
      * Create an unguessable password. Simple password are weak due to https://tinyurl.com/383em9zk
      * @return a random password.
@@ -151,6 +163,8 @@ public void setup() throws IOException {
             this.modelGroupId = (String) registerModelGroupResult.get("model_group_id");
         });
         mlRegisterModelInput = createRegisterModelInput(modelGroupId);
+
+        mlAgent = createCatIndexToolMLAgent();
     }
 
     @After
@@ -248,6 +262,151 @@ public void testDeployModelWithFullAccess() throws IOException, InterruptedExcep
         });
     }
 
+    public void testExecuteAgentWithFullAccess() throws IOException {
+        registerMLAgent(mlFullAccessClient, TestHelper.toJsonString(mlAgent), registerMLAgentResult -> {
+            assertNotNull(registerMLAgentResult);
+            assertTrue(registerMLAgentResult.containsKey("agent_id"));
+            String agentId = (String) registerMLAgentResult.get("agent_id");
+            try {
+                AgentMLInput agentMLInput = AgentMLInput
+                    .AgentMLInputBuilder()
+                    .agentId(agentId)
+                    .functionName(FunctionName.AGENT)
+                    .inputDataset(
+                        RemoteInferenceInputDataSet.builder().parameters(Map.of("question", "How many indices do I have?")).build()
+                    )
+                    .build();
+
+                executeAgent(mlFullAccessClient, agentId, TestHelper.toJsonString(agentMLInput), mlExecuteTaskResponse -> {
+                    assertNotNull(mlExecuteTaskResponse);
+                    assertTrue(mlExecuteTaskResponse.containsKey("inference_results"));
+                });
+            } catch (IOException e) {
+                assertNull(e);
+            }
+        });
+    }
+
+    public void testExecuteAgentWithReadOnlyAccess() throws IOException {
+        exceptionRule.expect(RuntimeException.class);
+        exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/execute]");
+        AgentMLInput agentMLInput = AgentMLInput
+                .AgentMLInputBuilder()
+                .agentId("test-agent")
+                .functionName(FunctionName.AGENT)
+                .inputDataset(
+                        RemoteInferenceInputDataSet.builder().parameters(Map.of("question", "How many indices do I have?")).build()
+                )
+                .build();
+
+        executeAgent(mlReadOnlyClient, "test-agent", TestHelper.toJsonString(agentMLInput), mlExecuteTaskResponse -> {
+            assertNotNull(mlExecuteTaskResponse);
+            assertTrue(mlExecuteTaskResponse.containsKey("inference_results"));
+        });
+    }
+
+    public void testGetAgentWithFullAccess() throws IOException {
+        registerMLAgent(mlFullAccessClient, TestHelper.toJsonString(mlAgent), registerMLAgentResult -> {
+            assertNotNull(registerMLAgentResult);
+            assertTrue(registerMLAgentResult.containsKey("agent_id"));
+            String agentId = (String) registerMLAgentResult.get("agent_id");
+            try {
+                MLAgentGetRequest mlAgentGetRequest = MLAgentGetRequest.builder().agentId(agentId).build();
+                getAgent(mlFullAccessClient, agentId, mlGetAgentResponse -> {
+                    assertNotNull(mlGetAgentResponse);
+                    assertTrue(mlGetAgentResponse.containsKey("name"));
+                    assertEquals(mlGetAgentResponse.get("name"), "Test_Agent_For_CatIndex_tool");
+                });
+            } catch (IOException e) {
+                assertNull(e);
+            }
+        });
+    }
+
+    public void testGetAgentWithNoAccess() throws IOException {
+        exceptionRule.expect(RuntimeException.class);
+        exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/agents/get]");
+
+        getAgent(mlNoAccessClient, "test-agent", mlExecuteTaskResponse -> {
+            assertNotNull(mlExecuteTaskResponse);
+            assertTrue(mlExecuteTaskResponse.containsKey("inference_results"));
+        });
+    }
+
+    public void testSearchAgentWithFullAccess() throws IOException {
+        registerMLAgent(mlFullAccessClient, TestHelper.toJsonString(mlAgent), registerMLAgentResult -> {
+            assertNotNull(registerMLAgentResult);
+            assertTrue(registerMLAgentResult.containsKey("agent_id"));
+            try {
+                SearchRequest searchRequest = new SearchRequest(ML_AGENT_INDEX);
+                SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
+                searchSourceBuilder.query(QueryBuilders.matchAllQuery());
+                searchRequest.source(searchSourceBuilder);
+                searchAgent(mlFullAccessClient, gson.toJson(searchRequest), mlSearchAgentResponse -> {
+                    assertNotNull(mlSearchAgentResponse);
+                    assertTrue(mlSearchAgentResponse.containsKey("hits"));
+                });
+            } catch (IOException e) {
+                assertNull(e);
+            }
+        });
+    }
+
+    public void testSearchAgentWithNoAccess() throws IOException {
+        exceptionRule.expect(RuntimeException.class);
+        exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/agents/search]");
+
+        SearchRequest searchRequest = new SearchRequest(ML_AGENT_INDEX);
+        SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
+        searchSourceBuilder.query(QueryBuilders.matchAllQuery());
+        searchRequest.source(searchSourceBuilder);
+        searchAgent(mlNoAccessClient, gson.toJson(searchRequest), mlSearchAgentResponse -> {
+            assertNotNull(mlSearchAgentResponse);
+            assertTrue(mlSearchAgentResponse.containsKey("hits"));
+        });
+    }
+
+    public void testDeleteAgentWithFullAccess() throws IOException {
+        registerMLAgent(mlFullAccessClient, TestHelper.toJsonString(mlAgent), registerMLAgentResult -> {
+            assertNotNull(registerMLAgentResult);
+            assertTrue(registerMLAgentResult.containsKey("agent_id"));
+            String agentId = (String) registerMLAgentResult.get("agent_id");
+            try {
+                deleteAgent(mlFullAccessClient, agentId, mlSearchAgentResponse -> {
+                    assertNotNull(mlSearchAgentResponse);
+                    assertTrue(mlSearchAgentResponse.containsKey("result"));
+                    assertEquals(mlSearchAgentResponse.get("result"), "deleted");
+                });
+            } catch (IOException e) {
+                assertNull(e);
+            }
+        });
+    }
+
+    public void testDeleteAgentWithNoAccess() throws IOException {
+        exceptionRule.expect(RuntimeException.class);
+        exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/agents/delete]");
+
+        deleteAgent(mlReadOnlyClient, "agentId", mlSearchAgentResponse -> {
+            assertNotNull(mlSearchAgentResponse);
+            assertTrue(mlSearchAgentResponse.containsKey("result"));
+            assertEquals(mlSearchAgentResponse.get("result"), "deleted");
+        });
+    }
+
+    public void testRegisterAgentWithFullAccess() throws IOException {
+        registerMLAgent(mlFullAccessClient, TestHelper.toJsonString(mlAgent), registerMLAgentResult -> {
+            assertNotNull(registerMLAgentResult);
+            assertTrue(registerMLAgentResult.containsKey("agent_id"));
+        });
+    }
+
+    public void testRegisterAgentWithReadOnlyMLAccess() throws IOException {
+        exceptionRule.expect(ResponseException.class);
+        exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/agents/register]");
+        registerMLAgent(mlReadOnlyClient, TestHelper.toJsonString(mlAgent), null);
+    }
+
     public void testTrainWithReadOnlyMLAccess() throws IOException {
         exceptionRule.expect(ResponseException.class);
         exceptionRule.expectMessage("no permissions for [cluster:admin/opensearch/ml/train]");
