Updates doc for sample resource plugin and fixes some code duplication

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>

Author: DarshitChanpura

sample-resource-plugin/README.md

@@ -1,12 +1,17 @@
 # Resource Sharing and Access Control Plugin
 
 This plugin demonstrates resource sharing and access control functionality, providing sample resource APIs and marking it as a resource sharing plugin via resource-sharing-spi. The access control is implemented on Security plugin and will be performed under the hood.
+At present only admin and resource owners can modify/delete the resource
 
 ## PreRequisites
 
-Publish SPI to local maven before proceeding:
+Publish SPI, Common and Client to local maven before proceeding:
 ```shell
 ./gradlew clean :opensearch-resource-sharing-spi:publishToMavenLocal
+
+./gradlew clean :opensearch-security-common:publishToMavenLocal
+
+./gradlew clean :opensearch-security-client:publishToMavenLocal
 ```
 
 System index feature must be enabled to prevent direct access to resource. Add the following setting in case it has not already been enabled.
@@ -16,7 +21,7 @@ plugins.security.system_indices.enabled: true
 
 ## Features
 
-- Create, update and delete resources.
+- Create, update, get, delete resources, as well as share and revoke access to a resource.
 
 ## API Endpoints
 
@@ -64,7 +69,6 @@ The plugin exposes the following six API endpoints:
   }
   ```
 
-
 ### 4. Get Resource
 - **Endpoint:** `GET /_plugins/sample_resource_sharing/get/{resource_id}`
 - **Description:** Get a specified resource owned by the requesting user, if the user has access to the resource, else fails.

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/SampleResourcePluginSystemIndexDisabledTests.java

@@ -29,7 +29,7 @@
 import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN;
 
 /**
- * These tests run with resource sharing enabled
+ * These tests run with resource sharing enabled but system index protection disabled
  */
 public class SampleResourcePluginSystemIndexDisabledTests extends AbstractSampleResourcePluginFeatureEnabledTests {
 
@@ -47,7 +47,7 @@ protected LocalCluster getLocalCluster() {
     }
 
     @Test
-    public void testRawAccess() throws Exception {
+    public void testDirectAccess() throws Exception {
         String resourceId;
         // create sample resource
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
@@ -101,36 +101,6 @@ public void testRawAccess() throws Exception {
             response.assertStatusCode(HttpStatus.SC_OK);
         }
 
-        // Create an entry in resource-sharing index
-        try (TestRestClient client = cluster.getRestClient(cluster.getAdminCertificate())) {
-            // Since test framework doesn't yet allow loading ex tensions we need to create a resource sharing entry manually
-            String json = String.format(
-                "{"
-                    + "  \"source_idx\": \".sample_resource_sharing_plugin\","
-                    + "  \"resource_id\": \"%s\","
-                    + "  \"created_by\": {"
-                    + "    \"user\": \"admin\""
-                    + "  }"
-                    + "}",
-                resourceId
-            );
-            HttpResponse response = client.postJson(OPENSEARCH_RESOURCE_SHARING_INDEX + "/_doc", json);
-            assertThat(response.getStatusReason(), containsString("Created"));
-            // Also update the in-memory map and get
-            ResourcePluginInfo.getInstance().getResourceIndicesMutable().add(RESOURCE_INDEX_NAME);
-            ResourceProvider provider = new ResourceProvider(
-                SampleResource.class.getCanonicalName(),
-                RESOURCE_INDEX_NAME,
-                new SampleResourceParser()
-            );
-            ResourcePluginInfo.getInstance().getResourceProvidersMutable().put(RESOURCE_INDEX_NAME, provider);
-
-            Thread.sleep(1000);
-            response = client.get(SAMPLE_RESOURCE_GET_ENDPOINT + "/" + resourceId);
-            response.assertStatusCode(HttpStatus.SC_OK);
-            assertThat(response.getBody(), containsString("sample"));
-        }
-
         // shared_with_user will be able to access resource directly since system index protection is disabled even-though resource is not
         // shared with this user, but cannot access via sample plugin APIs
         try (TestRestClient client = cluster.getRestClient(SHARED_WITH_USER)) {
@@ -141,6 +111,16 @@ public void testRawAccess() throws Exception {
             response.assertStatusCode(HttpStatus.SC_FORBIDDEN);
         }
 
+        // Update sample resource shared_with_user will be able to update admin's resource because system index protection is disabled
+        try (TestRestClient client = cluster.getRestClient(SHARED_WITH_USER)) {
+            String sampleResourceUpdated = "{\"name\":\"sampleUpdated\"}";
+            TestRestClient.HttpResponse updateResponse = client.postJson(
+                RESOURCE_INDEX_NAME + "/_doc/" + resourceId,
+                sampleResourceUpdated
+            );
+            updateResponse.assertStatusCode(HttpStatus.SC_OK);
+        }
+
         // share resource with shared_with user
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
             Thread.sleep(1000);

sample-resource-plugin/src/integrationTest/java/org/opensearch/sample/SampleResourcePluginTests.java

@@ -32,7 +32,7 @@
 import static org.opensearch.test.framework.TestSecurityConfig.User.USER_ADMIN;
 
 /**
- * These tests run with resource sharing enabled and system index enabled
+ * These tests run with resource sharing enabled and system index protection enabled
  */
 public class SampleResourcePluginTests extends AbstractSampleResourcePluginFeatureEnabledTests {
 
@@ -51,7 +51,7 @@ protected LocalCluster getLocalCluster() {
     }
 
     @Test
-    public void testRawAccess() throws Exception {
+    public void testDirectAccess() throws Exception {
         String resourceId;
         // create sample resource
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
@@ -105,36 +105,6 @@ public void testRawAccess() throws Exception {
             response.assertStatusCode(HttpStatus.SC_OK);
         }
 
-        // Create an entry in resource-sharing index
-        try (TestRestClient client = cluster.getRestClient(cluster.getAdminCertificate())) {
-            // Since test framework doesn't yet allow loading ex tensions we need to create a resource sharing entry manually
-            String json = String.format(
-                "{"
-                    + "  \"source_idx\": \".sample_resource_sharing_plugin\","
-                    + "  \"resource_id\": \"%s\","
-                    + "  \"created_by\": {"
-                    + "    \"user\": \"admin\""
-                    + "  }"
-                    + "}",
-                resourceId
-            );
-            HttpResponse response = client.postJson(OPENSEARCH_RESOURCE_SHARING_INDEX + "/_doc", json);
-            assertThat(response.getStatusReason(), containsString("Created"));
-            // Also update the in-memory map and get
-            ResourcePluginInfo.getInstance().getResourceIndicesMutable().add(RESOURCE_INDEX_NAME);
-            ResourceProvider provider = new ResourceProvider(
-                SampleResource.class.getCanonicalName(),
-                RESOURCE_INDEX_NAME,
-                new SampleResourceParser()
-            );
-            ResourcePluginInfo.getInstance().getResourceProvidersMutable().put(RESOURCE_INDEX_NAME, provider);
-
-            Thread.sleep(1000);
-            response = client.get(SAMPLE_RESOURCE_GET_ENDPOINT + "/" + resourceId);
-            response.assertStatusCode(HttpStatus.SC_OK);
-            assertThat(response.getBody(), containsString("sample"));
-        }
-
         // shared_with_user should not be able to delete the resource since system index protection is enabled
         try (TestRestClient client = cluster.getRestClient(SHARED_WITH_USER)) {
             HttpResponse response = client.delete(RESOURCE_INDEX_NAME + "/_doc/" + resourceId);
@@ -151,6 +121,16 @@ public void testRawAccess() throws Exception {
             response.assertStatusCode(HttpStatus.SC_FORBIDDEN);
         }
 
+        // Update sample resource (shared_with_user cannot update admin's resource) because system index protection is enabled
+        try (TestRestClient client = cluster.getRestClient(SHARED_WITH_USER)) {
+            String sampleResourceUpdated = "{\"name\":\"sampleUpdated\"}";
+            TestRestClient.HttpResponse updateResponse = client.postJson(
+                RESOURCE_INDEX_NAME + "/_doc/" + resourceId,
+                sampleResourceUpdated
+            );
+            updateResponse.assertStatusCode(HttpStatus.SC_FORBIDDEN);
+        }
+
         // share resource with shared_with user
         try (TestRestClient client = cluster.getRestClient(USER_ADMIN)) {
             Thread.sleep(1000);

sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResource.java

@@ -24,6 +24,9 @@
 import static org.opensearch.core.xcontent.ConstructingObjectParser.constructorArg;
 import static org.opensearch.core.xcontent.ConstructingObjectParser.optionalConstructorArg;
 
+/**
+ * Sample resource declared by this plugin.
+ */
 public class SampleResource implements Resource {
 
     private String name;

sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourceParser.java

@@ -16,6 +16,9 @@
 import org.opensearch.core.xcontent.XContentParser;
 import org.opensearch.security.spi.resources.ResourceParser;
 
+/**
+ * Responsible for parsing the XContent into a SampleResource object.
+ */
 public class SampleResourceParser implements ResourceParser<SampleResource> {
     @Override
     public SampleResource parseXContent(XContentParser parser) throws IOException {

sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourcePlugin.java

@@ -64,7 +64,7 @@
 
 /**
  * Sample Resource plugin.
- * It uses ".sample_resources" index to manage its resources, and exposes a REST API
+ * It uses ".sample_resource_sharing_plugin" index to manage its resources, and exposes few REST APIs that manage CRUD operations on sample resources.
  *
  */
 public class SampleResourcePlugin extends Plugin implements ActionPlugin, SystemIndexPlugin, ResourceSharingExtension {

sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourceScope.java

@@ -14,8 +14,9 @@
 import org.opensearch.security.spi.resources.ResourceAccessScope;
 
 /**
- * This class demonstrates a sample implementation of Basic Access Scopes to fit each plugin's use-case.
- * The plugin then uses this scope when seeking access evaluation for a user on a particular resource.
+ * This class implements two scopes  for the sample plugin.
+ * The first scope is SAMPLE_FULL_ACCESS, which allows full access to the sample plugin.
+ * The second scope is PUBLIC, which allows public access to the sample plugin.
  */
 public enum SampleResourceScope implements ResourceAccessScope<SampleResourceScope> {
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/create/CreateResourceRestAction.java

@@ -23,6 +23,9 @@
 import static org.opensearch.rest.RestRequest.Method.PUT;
 import static org.opensearch.sample.utils.Constants.SAMPLE_RESOURCE_PLUGIN_API_PREFIX;
 
+/**
+ * Rest Action to create a Sample Resource. Registers Create and Update REST APIs.
+ */
 public class CreateResourceRestAction extends BaseRestHandler {
 
     public CreateResourceRestAction() {}
@@ -31,13 +34,13 @@ public CreateResourceRestAction() {}
     public List<Route> routes() {
         return List.of(
             new Route(PUT, SAMPLE_RESOURCE_PLUGIN_API_PREFIX + "/create"),
-            new Route(POST, SAMPLE_RESOURCE_PLUGIN_API_PREFIX + "/update/{resourceId}")
+            new Route(POST, SAMPLE_RESOURCE_PLUGIN_API_PREFIX + "/update/{resource_id}")
         );
     }
 
     @Override
     public String getName() {
-        return "create_sample_resource";
+        return "create_update_sample_resource";
     }
 
     @Override
@@ -51,7 +54,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
             case PUT:
                 return createResource(source, client);
             case POST:
-                return updateResource(source, request.param("resourceId"), client);
+                return updateResource(source, request.param("resource_id"), client);
             default:
                 throw new IllegalArgumentException("Illegal method: " + request.method());
         }

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/create/UpdateResourceAction.java

@@ -15,11 +15,11 @@
  */
 public class UpdateResourceAction extends ActionType<CreateResourceResponse> {
     /**
-     * Create sample resource action instance
+     * Update sample resource action instance
      */
     public static final UpdateResourceAction INSTANCE = new UpdateResourceAction();
     /**
-     * Create sample resource action name
+     * Update sample resource action name
      */
     public static final String NAME = "cluster:admin/sample-resource-plugin/update";
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/delete/DeleteResourceAction.java

@@ -11,15 +11,15 @@
 import org.opensearch.action.ActionType;
 
 /**
- * Action to create a sample resource
+ * Action to delete a sample resource
  */
 public class DeleteResourceAction extends ActionType<DeleteResourceResponse> {
     /**
-     * Create sample resource action instance
+     * Delete sample resource action instance
      */
     public static final DeleteResourceAction INSTANCE = new DeleteResourceAction();
     /**
-     * Create sample resource action name
+     * Delete sample resource action name
      */
     public static final String NAME = "cluster:admin/sample-resource-plugin/delete";
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/delete/DeleteResourceRequest.java

@@ -16,7 +16,7 @@
 import org.opensearch.core.common.io.stream.StreamOutput;
 
 /**
- * Request object for CreateSampleResource transport action
+ * Request object for DeleteSampleResource transport action
  */
 public class DeleteResourceRequest extends ActionRequest {
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/delete/DeleteResourceResponse.java

@@ -16,6 +16,9 @@
 import org.opensearch.core.xcontent.ToXContentObject;
 import org.opensearch.core.xcontent.XContentBuilder;
 
+/**
+ * Response to a DeleteSampleResourceRequest
+ */
 public class DeleteResourceResponse extends ActionResponse implements ToXContentObject {
     private final String message;
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/delete/DeleteResourceRestAction.java

@@ -20,6 +20,9 @@
 import static org.opensearch.rest.RestRequest.Method.DELETE;
 import static org.opensearch.sample.utils.Constants.SAMPLE_RESOURCE_PLUGIN_API_PREFIX;
 
+/**
+ * Rest Action to delete a Sample Resource.
+ */
 public class DeleteResourceRestAction extends BaseRestHandler {
 
     public DeleteResourceRestAction() {}

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/get/GetResourceRestAction.java

@@ -20,6 +20,9 @@
 import static org.opensearch.rest.RestRequest.Method.GET;
 import static org.opensearch.sample.utils.Constants.SAMPLE_RESOURCE_PLUGIN_API_PREFIX;
 
+/**
+ * Rest action to get a sample resource
+ */
 public class GetResourceRestAction extends BaseRestHandler {
 
     public GetResourceRestAction() {}

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/revoke/RevokeResourceAccessAction.java

@@ -15,11 +15,11 @@
  */
 public class RevokeResourceAccessAction extends ActionType<RevokeResourceAccessResponse> {
     /**
-     * Share sample resource action instance
+     * Revoke sample resource action instance
      */
     public static final RevokeResourceAccessAction INSTANCE = new RevokeResourceAccessAction();
     /**
-     * Share sample resource action name
+     * Revoke sample resource action name
      */
     public static final String NAME = "cluster:admin/sample-resource-plugin/revoke";
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/revoke/RevokeResourceAccessRequest.java

@@ -20,7 +20,7 @@
 import org.opensearch.core.common.io.stream.StreamOutput;
 
 /**
- * Request object for revoking access to a sample resource transport action
+ * Request object for revoking access to a sample resource
  */
 public class RevokeResourceAccessRequest extends ActionRequest {
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/revoke/RevokeResourceAccessResponse.java

@@ -17,6 +17,9 @@
 import org.opensearch.core.xcontent.XContentBuilder;
 import org.opensearch.security.spi.resources.sharing.ShareWith;
 
+/**
+ * Response for the RevokeResourceAccessAction
+ */
 public class RevokeResourceAccessResponse extends ActionResponse implements ToXContentObject {
     private final ShareWith shareWith;
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/revoke/RevokeResourceAccessRestAction.java

@@ -23,6 +23,9 @@
 import static org.opensearch.rest.RestRequest.Method.POST;
 import static org.opensearch.sample.utils.Constants.SAMPLE_RESOURCE_PLUGIN_API_PREFIX;
 
+/**
+ * Rest Action to revoke sample resource access
+ */
 public class RevokeResourceAccessRestAction extends BaseRestHandler {
 
     public RevokeResourceAccessRestAction() {}

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/share/ShareResourceResponse.java

@@ -17,6 +17,9 @@
 import org.opensearch.core.xcontent.XContentBuilder;
 import org.opensearch.security.spi.resources.sharing.ShareWith;
 
+/**
+ * Response object for ShareResourceAction
+ */
 public class ShareResourceResponse extends ActionResponse implements ToXContentObject {
     private final ShareWith shareWith;
 

sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/rest/share/ShareResourceRestAction.java

@@ -23,6 +23,9 @@
 import static org.opensearch.rest.RestRequest.Method.POST;
 import static org.opensearch.sample.utils.Constants.SAMPLE_RESOURCE_PLUGIN_API_PREFIX;
 
+/**
+ * Rest Action to share a resource
+ */
 public class ShareResourceRestAction extends BaseRestHandler {
 
     public ShareResourceRestAction() {}