Fix tests

Signed-off-by: Derek Ho <[email protected]>

src/integrationTest/java/org/opensearch/security/privileges/ActionPrivilegesTest.java

@@ -1189,7 +1189,8 @@ static PrivilegesEvaluationContext ctxByUsername(String username) {
             null,
             null,
             new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)),
-            null
+            null,
+            mock(ApiTokenRepository.class)
         );
     }
 }

src/main/java/org/opensearch/security/action/apitokens/ApiTokenRepository.java

@@ -25,6 +25,9 @@
 import org.opensearch.index.IndexNotFoundException;
 import org.opensearch.security.authtoken.jwt.ExpiringBearerAuthToken;
 import org.opensearch.security.identity.SecurityTokenManager;
+import org.opensearch.security.user.User;
+
+import static org.opensearch.security.http.ApiTokenAuthenticator.API_TOKEN_USER_PREFIX;
 
 public class ApiTokenRepository {
     private final ApiTokenIndexHandler apiTokenIndexHandler;
@@ -41,6 +44,17 @@ void reloadApiTokensFromIndex() {
         );
     }
 
+    public Permissions getApiTokenPermissionsForUser(User user) {
+        String name = user.getName();
+        if (name.startsWith(API_TOKEN_USER_PREFIX)) {
+            String jti = user.getName().split(API_TOKEN_USER_PREFIX)[1];
+            if (isValidToken(jti)) {
+                return getPermissionsForJti(jti);
+            }
+        }
+        return new Permissions(List.of(), List.of());
+    }
+
     public Permissions getPermissionsForJti(String jti) {
         return jtis.get(jti);
     }

src/test/java/org/opensearch/security/action/apitokens/ApiTokenRepositoryTest.java

@@ -24,6 +24,7 @@
 import org.opensearch.index.IndexNotFoundException;
 import org.opensearch.security.authtoken.jwt.ExpiringBearerAuthToken;
 import org.opensearch.security.identity.SecurityTokenManager;
+import org.opensearch.security.user.User;
 
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
@@ -65,6 +66,29 @@ public void testDeleteApiToken() throws ApiTokenException {
         verify(apiTokenIndexHandler).deleteToken(tokenName);
     }
 
+    @Test
+    public void testGetApiTokenPermissionsForUser() throws ApiTokenException {
+        User derek = new User("derek");
+        User apiTokenNotExists = new User("apitoken:notexists");
+        User apiTokenExists = new User("apitoken:exists");
+        repository.getJtis()
+            .put("exists", new Permissions(List.of("cluster_all"), List.of(new ApiToken.IndexPermission(List.of("*"), List.of("*")))));
+
+        Permissions permissionsForDerek = repository.getApiTokenPermissionsForUser(derek);
+        assertEquals(List.of(), permissionsForDerek.getClusterPerm());
+        assertEquals(List.of(), permissionsForDerek.getIndexPermission());
+
+        Permissions permissionsForApiTokenNotExists = repository.getApiTokenPermissionsForUser(apiTokenNotExists);
+        assertEquals(List.of(), permissionsForApiTokenNotExists.getClusterPerm());
+        assertEquals(List.of(), permissionsForApiTokenNotExists.getIndexPermission());
+
+        Permissions permissionsForApiTokenExists = repository.getApiTokenPermissionsForUser(apiTokenExists);
+        assertEquals(List.of("cluster_all"), permissionsForApiTokenExists.getClusterPerm());
+        assertEquals(List.of("*"), permissionsForApiTokenExists.getIndexPermission().getFirst().getAllowedActions());
+        assertEquals(List.of("*"), permissionsForApiTokenExists.getIndexPermission().getFirst().getIndexPatterns());
+
+    }
+
     @Test
     public void testGetApiTokens() throws IndexNotFoundException {
         Map<String, ApiToken> expectedTokens = new HashMap<>();