Failure store - No selectors in snapshots (elastic#120114) (elastic#120711)

In this PR we include the failure store indices while
disallowing the user to use selectors in the `indices` field of the
create and restore snapshot requests.

**Security concerns**

The create and restore snapshot require cluster privileges only, so we
do not have to worry about how to handle index level security (see
[Create Snapshot
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/create-snapshot-api.html#create-snapshot-api-prereqs)
& [Restore Snapshot
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/restore-snapshot-api.html#restore-snapshot-api-prereqs)).

**Challenges**

While there are other APIs that do not support selectors but they do
include the failure indices in their response such as `GET
_data_stream/<target>`, `GET _data_stream/<target>/stats`, etc; the
snapshot APIs are a little bit different. The reason for that is that
the data stream APIs first collect only the relevant data streams and
then they select the backing indices and/or the failure indices. On the
other hand, the snapshot API that works with both indices and data
streams cannot take such a shortcut and needs to use the
`concreteIndices` method.

We propose, to add a flag that when the selectors are not "allowed" can
determine if we need to include the failure store or not. In the past we
had something similar called the default selector, but it was more
flexible and it was used a fallback always.

Our goal now is to only specify the behaviour we want when the selectors
are not supported. This new flag allowed also to simplify the concrete
index resolution in `GET _data_stream/<target>/stats`

Relates to elastic#119545

Author: gmarouli

modules/data-streams/src/internalClusterTest/java/org/elasticsearch/datastreams/DataStreamsSnapshotsIT.java

@@ -36,7 +36,6 @@
 import org.elasticsearch.client.internal.Client;
 import org.elasticsearch.cluster.metadata.DataStream;
 import org.elasticsearch.cluster.metadata.DataStreamAlias;
-import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.ByteSizeUnit;
 import org.elasticsearch.index.Index;
@@ -334,13 +333,13 @@ public void testSnapshotAndRestoreInPlace() {
         assertThat(rolloverResponse.getNewIndex(), equalTo(DataStream.getDefaultBackingIndexName("ds", 3)));
     }
 
-    public void testFailureStoreSnapshotAndRestore() throws Exception {
+    public void testFailureStoreSnapshotAndRestore() {
         String dataStreamName = "with-fs";
         CreateSnapshotResponse createSnapshotResponse = client.admin()
             .cluster()
             .prepareCreateSnapshot(TEST_REQUEST_TIMEOUT, REPO, SNAPSHOT)
             .setWaitForCompletion(true)
-            .setIndices(IndexNameExpressionResolver.combineSelector(dataStreamName, IndexComponentSelector.ALL_APPLICABLE))
+            .setIndices(dataStreamName)
             .setIncludeGlobalState(false)
             .get();
 
@@ -391,6 +390,49 @@ public void testFailureStoreSnapshotAndRestore() throws Exception {
         }
     }
 
+    public void testSelectorsNotAllowedInSnapshotAndRestore() {
+        String dataStreamName = "with-fs";
+        try {
+            client.admin()
+                .cluster()
+                .prepareCreateSnapshot(TEST_REQUEST_TIMEOUT, REPO, SNAPSHOT)
+                .setWaitForCompletion(true)
+                .setIndices(dataStreamName + "::" + randomFrom(IndexComponentSelector.values()).getKey())
+                .setIncludeGlobalState(false)
+                .get();
+            fail("Should have failed because selectors are not allowed in snapshot creation");
+        } catch (IllegalArgumentException e) {
+            assertThat(
+                e.getMessage(),
+                containsString("Index component selectors are not supported in this context but found selector in expression")
+            );
+        }
+        CreateSnapshotResponse createSnapshotResponse = client.admin()
+            .cluster()
+            .prepareCreateSnapshot(TEST_REQUEST_TIMEOUT, REPO, SNAPSHOT)
+            .setWaitForCompletion(true)
+            .setIndices("ds")
+            .setIncludeGlobalState(false)
+            .get();
+
+        RestStatus status = createSnapshotResponse.getSnapshotInfo().status();
+        assertEquals(RestStatus.OK, status);
+        try {
+            client.admin()
+                .cluster()
+                .prepareRestoreSnapshot(TEST_REQUEST_TIMEOUT, REPO, SNAPSHOT)
+                .setWaitForCompletion(true)
+                .setIndices(dataStreamName + "::" + randomFrom(IndexComponentSelector.values()).getKey())
+                .get();
+            fail("Should have failed because selectors are not allowed in snapshot restore");
+        } catch (IllegalArgumentException e) {
+            assertThat(
+                e.getMessage(),
+                containsString("Index component selectors are not supported in this context but found selector in expression")
+            );
+        }
+    }
+
     public void testSnapshotAndRestoreAllIncludeSpecificDataStream() throws Exception {
         DocWriteResponse indexResponse = client.prepareIndex("other-ds")
             .setOpType(DocWriteRequest.OpType.CREATE)
@@ -1216,6 +1258,7 @@ public void testExcludeDSFromSnapshotWhenExcludingAnyOfItsIndices() {
             SnapshotInfo retrievedSnapshot = getSnapshot(REPO, SNAPSHOT);
             assertThat(retrievedSnapshot.dataStreams(), contains(dataStreamName));
             assertThat(retrievedSnapshot.indices(), containsInAnyOrder(fsBackingIndexName));
+            assertThat(retrievedSnapshot.indices(), not(containsInAnyOrder(fsFailureIndexName)));
 
             assertAcked(
                 safeGet(client.execute(DeleteDataStreamAction.INSTANCE, new DeleteDataStreamAction.Request(TEST_REQUEST_TIMEOUT, "*")))

modules/data-streams/src/main/java/org/elasticsearch/datastreams/action/DataStreamsStatsTransportAction.java

@@ -16,7 +16,6 @@
 import org.elasticsearch.action.datastreams.DataStreamsStatsAction;
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.action.support.DefaultShardOperationFailedException;
-import org.elasticsearch.action.support.IndexComponentSelector;
 import org.elasticsearch.action.support.broadcast.node.TransportBroadcastByNodeAction;
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.block.ClusterBlockException;
@@ -101,17 +100,6 @@ protected ClusterBlockException checkRequestBlock(
         return state.blocks().indicesBlockedException(ClusterBlockLevel.METADATA_READ, concreteIndices);
     }
 
-    @Override
-    protected String[] resolveConcreteIndexNames(ClusterState clusterState, DataStreamsStatsAction.Request request) {
-        return DataStreamsActionUtil.resolveConcreteIndexNamesWithSelector(
-            indexNameExpressionResolver,
-            clusterState,
-            request.indices(),
-            IndexComponentSelector.ALL_APPLICABLE,
-            request.indicesOptions()
-        ).toArray(String[]::new);
-    }
-
     @Override
     protected ShardsIterator shards(ClusterState clusterState, DataStreamsStatsAction.Request request, String[] concreteIndices) {
         return clusterState.getRoutingTable().allShards(concreteIndices);

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -167,6 +167,8 @@ static TransportVersion def(int id) {
     public static final TransportVersion ESQL_SKIP_ES_INDEX_SERIALIZATION = def(8_827_00_0);
     public static final TransportVersion ADD_INDEX_BLOCK_TWO_PHASE = def(8_828_00_0);
     public static final TransportVersion RESOLVE_CLUSTER_NO_INDEX_EXPRESSION = def(8_829_00_0);
+    public static final TransportVersion ML_ROLLOVER_LEGACY_INDICES = def(8_830_00_0);
+    public static final TransportVersion ADD_INCLUDE_FAILURE_INDICES_OPTION = def(8_831_00_0);
 
     /*
      * STOP! READ THIS FIRST! No, really,

server/src/main/java/org/elasticsearch/action/admin/cluster/snapshots/create/CreateSnapshotRequest.java

@@ -16,7 +16,6 @@
 import org.elasticsearch.action.IndicesRequest;
 import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.action.support.master.MasterNodeRequest;
-import org.elasticsearch.cluster.metadata.DataStream;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.UUIDs;
 import org.elasticsearch.common.bytes.BytesReference;
@@ -69,9 +68,7 @@ public class CreateSnapshotRequest extends MasterNodeRequest<CreateSnapshotReque
 
     private String[] indices = EMPTY_ARRAY;
 
-    private IndicesOptions indicesOptions = DataStream.isFailureStoreFeatureFlagEnabled()
-        ? IndicesOptions.strictExpandHiddenIncludeFailureStore()
-        : IndicesOptions.strictExpandHidden();
+    private IndicesOptions indicesOptions = IndicesOptions.strictExpandHiddenFailureNoSelectors();
 
     private String[] featureStates = EMPTY_ARRAY;
 

server/src/main/java/org/elasticsearch/action/admin/cluster/snapshots/restore/RestoreSnapshotRequest.java

@@ -14,6 +14,7 @@
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.action.support.master.MasterNodeRequest;
+import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
@@ -43,7 +44,7 @@ public class RestoreSnapshotRequest extends MasterNodeRequest<RestoreSnapshotReq
     private String snapshot;
     private String repository;
     private String[] indices = Strings.EMPTY_ARRAY;
-    private IndicesOptions indicesOptions = IndicesOptions.strictExpandOpen();
+    private IndicesOptions indicesOptions = IndicesOptions.strictExpandOpenFailureNoSelectors();
     private String[] featureStates = Strings.EMPTY_ARRAY;
     private String renamePattern;
     private String renameReplacement;
@@ -138,6 +139,16 @@ public ActionRequestValidationException validate() {
         if (indicesOptions == null) {
             validationException = addValidationError("indicesOptions is missing", validationException);
         }
+        // This action does not use the IndexNameExpressionResolver to resolve concrete indices, this is why we check here for selectors
+        if (indicesOptions.allowSelectors() == false) {
+            for (String index : indices) {
+                try {
+                    IndexNameExpressionResolver.SelectorResolver.parseExpression(index, indicesOptions);
+                } catch (IllegalArgumentException e) {
+                    validationException = addValidationError(e.getMessage(), validationException);
+                }
+            }
+        }
         if (featureStates == null) {
             validationException = addValidationError("featureStates is missing", validationException);
         }

server/src/main/java/org/elasticsearch/action/datastreams/DataStreamsActionUtil.java

@@ -9,7 +9,6 @@
 
 package org.elasticsearch.action.datastreams;
 
-import org.elasticsearch.action.support.IndexComponentSelector;
 import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.metadata.DataStream;
@@ -55,64 +54,24 @@ public static List<String> resolveConcreteIndexNames(
         String[] names,
         IndicesOptions indicesOptions
     ) {
-        List<ResolvedExpression> abstractionNames = indexNameExpressionResolver.dataStreams(
+        List<ResolvedExpression> resolvedDataStreamExpressions = indexNameExpressionResolver.dataStreams(
             clusterState,
             updateIndicesOptions(indicesOptions),
             names
         );
         SortedMap<String, IndexAbstraction> indicesLookup = clusterState.getMetadata().getIndicesLookup();
 
-        List<String> results = new ArrayList<>(abstractionNames.size());
-        for (ResolvedExpression abstractionName : abstractionNames) {
-            IndexAbstraction indexAbstraction = indicesLookup.get(abstractionName.resource());
+        List<String> results = new ArrayList<>(resolvedDataStreamExpressions.size());
+        for (ResolvedExpression resolvedExpression : resolvedDataStreamExpressions) {
+            IndexAbstraction indexAbstraction = indicesLookup.get(resolvedExpression.resource());
             assert indexAbstraction != null;
             if (indexAbstraction.getType() == IndexAbstraction.Type.DATA_STREAM) {
-                selectDataStreamIndicesNames(
-                    (DataStream) indexAbstraction,
-                    IndexComponentSelector.FAILURES.equals(abstractionName.selector()),
-                    results
-                );
-            }
-        }
-        return results;
-    }
-
-    /**
-     * Resolves a list of expressions into data stream names and then collects the concrete indices
-     * that are applicable for those data streams based on the selector provided in the arguments.
-     * @param indexNameExpressionResolver resolver object
-     * @param clusterState state to query
-     * @param names data stream expressions
-     * @param selector which component indices of the data stream should be returned
-     * @param indicesOptions options for expression resolution
-     * @return A stream of concrete index names that belong to the components specified
-     *         on the data streams returned from the expressions given
-     */
-    public static List<String> resolveConcreteIndexNamesWithSelector(
-        IndexNameExpressionResolver indexNameExpressionResolver,
-        ClusterState clusterState,
-        String[] names,
-        IndexComponentSelector selector,
-        IndicesOptions indicesOptions
-    ) {
-        assert indicesOptions.allowSelectors() == false : "If selectors are enabled, use resolveConcreteIndexNames instead";
-        List<String> abstractionNames = indexNameExpressionResolver.dataStreamNames(
-            clusterState,
-            updateIndicesOptions(indicesOptions),
-            names
-        );
-        SortedMap<String, IndexAbstraction> indicesLookup = clusterState.getMetadata().getIndicesLookup();
-
-        List<String> results = new ArrayList<>(abstractionNames.size());
-        for (String abstractionName : abstractionNames) {
-            IndexAbstraction indexAbstraction = indicesLookup.get(abstractionName);
-            assert indexAbstraction != null;
-            if (indexAbstraction.getType() == IndexAbstraction.Type.DATA_STREAM) {
-                if (selector.shouldIncludeData()) {
-                    selectDataStreamIndicesNames((DataStream) indexAbstraction, false, results);
+                DataStream dataStream = (DataStream) indexAbstraction;
+                if (IndexNameExpressionResolver.shouldIncludeRegularIndices(indicesOptions, resolvedExpression.selector())) {
+                    selectDataStreamIndicesNames(dataStream, false, results);
                 }
-                if (selector.shouldIncludeFailures()) {
-                    selectDataStreamIndicesNames((DataStream) indexAbstraction, true, results);
+                if (IndexNameExpressionResolver.shouldIncludeFailureIndices(indicesOptions, resolvedExpression.selector())) {
+                    selectDataStreamIndicesNames(dataStream, true, results);
                 }
             }
         }

server/src/main/java/org/elasticsearch/action/datastreams/DataStreamsStatsAction.java

@@ -57,6 +57,7 @@ public Request() {
                             .allowClosedIndices(true)
                             .ignoreThrottled(false)
                             .allowSelectors(false)
+                            .includeFailureIndices(true)
                             .build()
                     )
                     .build()