Admin Users must be able to access all monitors #139

[skkosuri-amzn]

Issue #, if available:
#139

• Passed security integ tests using OpenSeach-1.1 release: ./gradlew :alerting:integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=opensearch -Dhttps=true -Dsecurity=true -Duser=admin -Dpassword=admin.

Description of changes:
#139

• Added changes that will ensure that admin users can access all monitors.
• Refactored the transport classes which have filter-by-backend-role logic.
• There is scope to improve security tests added a seperate issue Refactor security integration tests #219 , as fast follow up to this.

CheckList:
[x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #220 (031d9fc) into main (e0e41df) will decrease coverage by 0.08%.
The diff coverage is 48.71%.

@@             Coverage Diff              @@
##               main     #220      +/-   ##
============================================
- Coverage     78.86%   78.77%   -0.09%     
  Complexity      214      214              
============================================
  Files           172      173       +1     
  Lines          6964     6959       -5     
  Branches        908      912       +4     
============================================
- Hits           5492     5482      -10     
- Misses          987      993       +6     
+ Partials        485      484       -1     

Impacted Files	Coverage Δ
...tlin/org/opensearch/alerting/util/AlertingUtils.kt	81.81% <ø> (+27.47%)	⬆️
...search/alerting/transport/SecureTransportAction.kt	30.76% <30.76%> (ø)
...ting/transport/TransportDeleteDestinationAction.kt	29.09% <50.00%> (-4.25%)	⬇️
...alerting/transport/TransportDeleteMonitorAction.kt	34.69% <50.00%> (-4.53%)	⬇️
...ch/alerting/transport/TransportGetMonitorAction.kt	78.04% <60.00%> (-3.77%)	⬇️
...rch/alerting/transport/TransportGetAlertsAction.kt	74.24% <75.00%> (-2.57%)	⬇️
...erting/transport/TransportGetDestinationsAction.kt	74.64% <75.00%> (-2.38%)	⬇️
...alerting/transport/TransportSearchMonitorAction.kt	54.16% <75.00%> (-7.38%)	⬇️
...rting/transport/TransportIndexDestinationAction.kt	60.40% <80.00%> (-0.79%)	⬇️
.../alerting/transport/TransportIndexMonitorAction.kt	60.00% <80.00%> (-0.38%)	⬇️
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e0e41df...031d9fc. Read the comment docs.

[qreshi]

Since this is a method defined in an interface and is being used as an init, should we make the method final to prevent unexpected behavior or is the expectation that this method be overridden in the future for more complicated inheritance hierarchies of SecureTransportAction?

[lezzago]

I think this should be a var since this is a setting that can change overtime

[skkosuri-amzn]

I cant make listenFilterBySettingChange final since it is in an interface.

[qreshi]

I don't think the AlertingSettings.FILTER_BY_BACKEND_ROLES will be changing too often.

If the user needs to specify that listener in the init manually for any child class anyway, it might be better to have them explicitly state it rather than leave listenFilterBySettingChange open to override since it could be misleading.

Alternatively, we could make the class abstract to make the method final. Just something to consider for longevity, I don't think it's a blocker to merge.