add UT for acess denied cases

Signed-off-by: Xun Zhang <xunzh@amazon.com>

Author: Zhangxunmt

memory/src/test/java/org/opensearch/ml/memory/index/ConversationMetaIndexTests.java

@@ -701,4 +701,19 @@ public void testUpdateConversation_ClientFails() {
         verify(getListener, times(1)).onFailure(argCaptor.capture());
         assert (argCaptor.getValue().getMessage().equals("Client Failure"));
     }
+
+    public void testUpdateConversation_NoAccess_ThenFail() {
+        doReturn(true).when(metadata).hasIndex(anyString());
+        doAnswer(invocation -> {
+            ActionListener<Boolean> al = invocation.getArgument(1);
+            al.onResponse(false);
+            return null;
+        }).when(conversationMetaIndex).checkAccess(anyString(), any());
+
+        ActionListener<UpdateResponse> updateListener = mock(ActionListener.class);
+        conversationMetaIndex.updateConversation("conversationId", new UpdateRequest(), updateListener);
+        ArgumentCaptor<Exception> argCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(updateListener, times(1)).onFailure(argCaptor.capture());
+        assert (argCaptor.getValue().getMessage().equals("User [BAD_USER] does not have access to conversation conversationId"));
+    }
 }

memory/src/test/java/org/opensearch/ml/memory/index/InteractionsIndexTests.java

@@ -32,6 +32,7 @@
 import java.time.Instant;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 
 import org.junit.Before;
 import org.mockito.ArgumentCaptor;
@@ -47,6 +48,8 @@
 import org.opensearch.action.search.SearchResponse;
 import org.opensearch.action.search.SearchResponseSections;
 import org.opensearch.action.search.ShardSearchFailure;
+import org.opensearch.action.update.UpdateRequest;
+import org.opensearch.action.update.UpdateResponse;
 import org.opensearch.client.AdminClient;
 import org.opensearch.client.Client;
 import org.opensearch.client.IndicesAdminClient;
@@ -800,4 +803,76 @@ public void testGetSg_ClientFails_ThenFail() {
         verify(getListener, times(1)).onFailure(argCaptor.capture());
         assert (argCaptor.getValue().getMessage().equals("Client Failure in Sg Get"));
     }
+
+    public void testGetSg_NoAccess_ThenFail() {
+        doReturn(true).when(metadata).hasIndex(anyString());
+        setupDenyAccess("Henry");
+        setupRefreshSuccess();
+        GetResponse response = setUpInteractionResponse("iid");
+        doAnswer(invocation -> {
+            ActionListener<GetResponse> listener = invocation.getArgument(1);
+            listener.onResponse(response);
+            return null;
+        }).when(client).get(any(), any());
+        ActionListener<Interaction> getListener = mock(ActionListener.class);
+        interactionsIndex.getInteraction("iid", getListener);
+        ArgumentCaptor<Exception> argCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(getListener, times(1)).onFailure(argCaptor.capture());
+        assert (argCaptor.getValue().getMessage().equals("User [Henry] does not have access to interaction iid"));
+    }
+
+    public void testGetTraces_NoAccess_ThenFail() {
+        doReturn(true).when(metadata).hasIndex(anyString());
+        setupRefreshSuccess();
+        setupDenyAccess("Xun");
+        GetResponse response = setUpInteractionResponse("iid");
+        doAnswer(invocation -> {
+            ActionListener<GetResponse> listener = invocation.getArgument(1);
+            listener.onResponse(response);
+            return null;
+        }).when(client).get(any(), any());
+
+        ActionListener<List<Interaction>> getListener = mock(ActionListener.class);
+        interactionsIndex.getTraces("iid", 0, 10, getListener);
+        ArgumentCaptor<Exception> argCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(getListener, times(1)).onFailure(argCaptor.capture());
+        assert (argCaptor.getValue().getMessage().equals("User [Xun] does not have access to interaction iid"));
+    }
+
+    public void testUpdateInteraction_NoAccess_ThenFail() {
+        doReturn(true).when(metadata).hasIndex(anyString());
+        setupRefreshSuccess();
+        setupDenyAccess("Xun");
+        GetResponse response = setUpInteractionResponse("iid");
+        doAnswer(invocation -> {
+            ActionListener<GetResponse> listener = invocation.getArgument(1);
+            listener.onResponse(response);
+            return null;
+        }).when(client).get(any(), any());
+
+        ActionListener<UpdateResponse> updateListener = mock(ActionListener.class);
+        interactionsIndex.updateInteraction("iid", new UpdateRequest(), updateListener);
+        ArgumentCaptor<Exception> argCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(updateListener, times(1)).onFailure(argCaptor.capture());
+        assert (argCaptor.getValue().getMessage().equals("User [Xun] does not have access to interaction iid"));
+    }
+
+    private GetResponse setUpInteractionResponse(String interactionId) {
+        @SuppressWarnings("unchecked")
+        GetResponse response = mock(GetResponse.class);
+        doReturn(true).when(response).isExists();
+        doReturn(interactionId).when(response).getId();
+        doReturn(
+            Map
+                .of(
+                    ConversationalIndexConstants.INTERACTIONS_CREATE_TIME_FIELD,
+                    Instant.now().toString(),
+                    ConversationalIndexConstants.INTERACTIONS_CONVERSATION_ID_FIELD,
+                    "conversation test 1",
+                    ConversationalIndexConstants.INTERACTIONS_RESPONSE_FIELD,
+                    "answer1"
+                )
+        ).when(response).getSourceAsMap();
+        return response;
+    }
 }