Automaton and fls dls test

Author: n1v0lg

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/RoleDescriptorRequestValidator.java

@@ -49,7 +49,7 @@ public static ActionRequestValidationException validate(
         if (roleDescriptor.getIndicesPrivileges() != null) {
             for (RoleDescriptor.IndicesPrivileges idp : roleDescriptor.getIndicesPrivileges()) {
                 try {
-                    IndexPrivilege.getSplitBySelectorAccess(Set.of(idp.getPrivileges()));
+                    IndexPrivilege.splitBySelectorAccess(Set.of(idp.getPrivileges()));
                 } catch (IllegalArgumentException ile) {
                     validationException = addValidationError(ile.getMessage(), validationException);
                 }
@@ -61,7 +61,7 @@ public static ActionRequestValidationException validate(
                 validationException = addValidationError("remote index cluster alias cannot be an empty string", validationException);
             }
             try {
-                var privileges = IndexPrivilege.getSplitBySelectorAccess(Set.of(ridp.indicesPrivileges().getPrivileges()));
+                var privileges = IndexPrivilege.splitBySelectorAccess(Set.of(ridp.indicesPrivileges().getPrivileges()));
                 if (privileges.stream().anyMatch(p -> p.getSelectorPredicate() == IndexComponentSelectorPredicate.FAILURES)) {
                     validationException = addValidationError(
                         "remote index privileges cannot contain privileges that grant access to the failure store",

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/Role.java

@@ -437,7 +437,7 @@ static SimpleRole buildFromRoleDescriptor(
                     new FieldPermissionsDefinition(indexPrivilege.getGrantedFields(), indexPrivilege.getDeniedFields())
                 ),
                 indexPrivilege.getQuery() == null ? null : Collections.singleton(indexPrivilege.getQuery()),
-                IndexPrivilege.getSplitBySelectorAccess(Set.of(indexPrivilege.getPrivileges())),
+                IndexPrivilege.splitBySelectorAccess(Set.of(indexPrivilege.getPrivileges())),
                 indexPrivilege.allowRestrictedIndices(),
                 indexPrivilege.getIndices()
             );
@@ -454,7 +454,7 @@ static SimpleRole buildFromRoleDescriptor(
                     new FieldPermissionsDefinition(indicesPrivileges.getGrantedFields(), indicesPrivileges.getDeniedFields())
                 ),
                 indicesPrivileges.getQuery() == null ? null : Collections.singleton(indicesPrivileges.getQuery()),
-                IndexPrivilege.getSplitBySelectorAccess(Set.of(indicesPrivileges.getPrivileges())),
+                IndexPrivilege.splitBySelectorAccess(Set.of(indicesPrivileges.getPrivileges())),
                 indicesPrivileges.allowRestrictedIndices(),
                 indicesPrivileges.getIndices()
             );

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ConfigurableClusterPrivileges.java

@@ -414,9 +414,7 @@ public ManageRolesPrivilege(List<ManageRolesIndexPermissionGroup> manageRolesInd
             this.requestPredicateSupplier = (restrictedIndices) -> {
                 IndicesPermission.Builder indicesPermissionBuilder = new IndicesPermission.Builder(restrictedIndices);
                 for (ManageRolesIndexPermissionGroup indexPatternPrivilege : manageRolesIndexPermissionGroups) {
-                    Set<IndexPrivilege> splitBySelector = IndexPrivilege.getSplitBySelectorAccess(
-                        Set.of(indexPatternPrivilege.privileges())
-                    );
+                    Set<IndexPrivilege> splitBySelector = IndexPrivilege.splitBySelectorAccess(Set.of(indexPatternPrivilege.privileges()));
                     for (IndexPrivilege indexPrivilege : splitBySelector) {
                         indicesPermissionBuilder.addGroup(
                             indexPrivilege,

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexComponentSelectorPredicate.java

@@ -16,7 +16,7 @@
 /**
  * A predicate to capture role access by {@link IndexComponentSelector}.
  * This is assigned to each {@link org.elasticsearch.xpack.core.security.authz.permission.IndicesPermission.Group} during role building.
- * See also {@link org.elasticsearch.xpack.core.security.authz.privilege.IndexPrivilege#getSplitBySelectorAccess(Set)}.
+ * See also {@link org.elasticsearch.xpack.core.security.authz.privilege.IndexPrivilege#splitBySelectorAccess(Set)}.
  */
 public record IndexComponentSelectorPredicate(Set<String> names, Predicate<IndexComponentSelector> predicate)
     implements

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java

@@ -184,7 +184,8 @@ public final class IndexPrivilege extends Privilege {
     public static final IndexPrivilege ALL = new IndexPrivilege("all", ALL_AUTOMATON, IndexComponentSelectorPredicate.ALL);
     public static final IndexPrivilege READ_FAILURE_STORE = new IndexPrivilege(
         "read_failure_store",
-        READ_AUTOMATON,
+        // TODO use READ_AUTOMATON here in authorization follow-up
+        Automatons.EMPTY,
         IndexComponentSelectorPredicate.FAILURES
     );
     public static final IndexPrivilege READ = new IndexPrivilege("read", READ_AUTOMATON);
@@ -274,13 +275,13 @@ private IndexPrivilege(Set<String> name, Automaton automaton, IndexComponentSele
     }
 
     /**
-     * Delegates to {@link #getSplitBySelectorAccess(Set)} but throws if the result is not a singleton, i.e., covers more than one selector.
+     * Delegates to {@link #splitBySelectorAccess(Set)} but throws if the result is not a singleton, i.e., covers more than one selector.
      * Use this method if you know that the input name set corresponds to privileges covering the same selector, for instance if you have a
      * single input name, or multiple names that all grant access to one selector e.g., {@link IndexComponentSelector#DATA}.
      * @throws IllegalArgumentException if privileges and actions for input names cover access to more than one selector
      */
     public static IndexPrivilege getWithSingleSelectorAccess(Set<String> names) {
-        final Set<IndexPrivilege> splitBySelector = getSplitBySelectorAccess(names);
+        final Set<IndexPrivilege> splitBySelector = splitBySelectorAccess(names);
         if (splitBySelector.size() != 1) {
             throw new IllegalArgumentException(
                 "index privilege patterns " + names + " did not map to a single selector " + splitBySelector
@@ -299,14 +300,14 @@ public static IndexPrivilege getWithSingleSelectorAccess(Set<String> names) {
      * selector boundaries since their underlying automata would be combined, granting more access than is valid.
      * This method conceptually splits the input names into ones that correspond to different selector access, and return an index privilege
      * for each partition.
-     * For instance, `getSplitBySelectorAccess(Set.of("view_index_metadata", "write", "read_failure_store"))` will return two index
+     * For instance, `splitBySelectorAccess(Set.of("view_index_metadata", "write", "read_failure_store"))` will return two index
      * privileges one covering `view_index_metadata` and `write` for a {@link IndexComponentSelectorPredicate#DATA}, the other covering
      * `read_failure_store` for a {@link IndexComponentSelectorPredicate#FAILURES} selector.
      * A notable exception is the {@link IndexPrivilege#ALL} privilege. If this privilege is included in the input name set, this method
      * returns a single index privilege that grants access to all selectors.
      * All raw actions are treated as granting access to the {@link IndexComponentSelector#DATA} selector.
      */
-    public static Set<IndexPrivilege> getSplitBySelectorAccess(Set<String> names) {
+    public static Set<IndexPrivilege> splitBySelectorAccess(Set<String> names) {
         return CACHE.computeIfAbsent(names, (theName) -> {
             if (theName.isEmpty()) {
                 return Set.of(NONE);

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/permission/SimpleRoleTests.java

@@ -176,7 +176,7 @@ public void testGetRoleDescriptorsIntersectionForRemoteCluster() {
                 Set.of(randomAlphaOfLength(8)),
                 new FieldPermissions(new FieldPermissionsDefinition(new String[] { randomAlphaOfLength(5) }, null)),
                 null,
-                IndexPrivilege.getSplitBySelectorAccess(Set.of(randomFrom(IndexPrivilege.names()))),
+                IndexPrivilege.splitBySelectorAccess(Set.of(randomFrom(IndexPrivilege.names()))),
                 randomBoolean(),
                 randomAlphaOfLength(9)
             )

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java

@@ -146,22 +146,20 @@ public void testGetWithSingleSelectorAccessFailuresSelector() {
         );
     }
 
-    public void testGetSplitBySelectorAccess() {
+    public void testSplitBySelectorAccess() {
         assumeTrue("requires failure store feature", DataStream.isFailureStoreFeatureFlagEnabled());
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(Set.of("read_failure_store"));
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(Set.of("read_failure_store"));
             assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE));
             assertThat(actual.iterator().next().getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.FAILURES));
         }
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(Set.of("read_failure_store", "READ_FAILURE_STORE"));
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(Set.of("read_failure_store", "READ_FAILURE_STORE"));
             assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE));
             assertThat(actual.iterator().next().getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.FAILURES));
         }
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
-                Set.of("read_failure_store", "read", "READ_FAILURE_STORE")
-            );
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(Set.of("read_failure_store", "read", "READ_FAILURE_STORE"));
             assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE, IndexPrivilege.READ));
             List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
             assertThat(
@@ -170,9 +168,7 @@ public void testGetSplitBySelectorAccess() {
             );
         }
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
-                Set.of("read_failure_store", "read", "view_index_metadata")
-            );
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(Set.of("read_failure_store", "read", "view_index_metadata"));
             assertThat(
                 actual,
                 containsInAnyOrder(
@@ -187,7 +183,7 @@ public void testGetSplitBySelectorAccess() {
             );
         }
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(
                 Set.of("read_failure_store", "read", "indices:data/read/search", "view_index_metadata")
             );
             assertThat(
@@ -204,7 +200,7 @@ public void testGetSplitBySelectorAccess() {
             );
         }
         {
-            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+            Set<IndexPrivilege> actual = IndexPrivilege.splitBySelectorAccess(
                 Set.of("read_failure_store", "all", "read", "indices:data/read/search", "view_index_metadata")
             );
             assertThat(

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java

@@ -218,7 +218,7 @@ public void testIndexCollapse() {
         IndexPrivilege second = values[randomIntBetween(0, values.length - 1)];
 
         Set<String> name = Sets.newHashSet(first.name().iterator().next(), second.name().iterator().next());
-        Set<IndexPrivilege> indices = IndexPrivilege.getSplitBySelectorAccess(name);
+        Set<IndexPrivilege> indices = IndexPrivilege.splitBySelectorAccess(name);
 
         Automaton automaton = null;
         if (indices.size() == 1) {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java

@@ -543,7 +543,7 @@ public static void buildRoleFromDescriptors(
             (key, privilege) -> builder.add(
                 fieldPermissionsCache.getFieldPermissions(privilege.fieldPermissionsDefinition),
                 privilege.query,
-                IndexPrivilege.getSplitBySelectorAccess(privilege.privileges),
+                IndexPrivilege.splitBySelectorAccess(privilege.privileges),
                 false,
                 privilege.indices.toArray(Strings.EMPTY_ARRAY)
             )
@@ -552,7 +552,7 @@ public static void buildRoleFromDescriptors(
             (key, privilege) -> builder.add(
                 fieldPermissionsCache.getFieldPermissions(privilege.fieldPermissionsDefinition),
                 privilege.query,
-                IndexPrivilege.getSplitBySelectorAccess(privilege.privileges),
+                IndexPrivilege.splitBySelectorAccess(privilege.privileges),
                 true,
                 privilege.indices.toArray(Strings.EMPTY_ARRAY)
             )
@@ -566,7 +566,7 @@ public static void buildRoleFromDescriptors(
                         new FieldPermissionsDefinition(privilege.getGrantedFields(), privilege.getDeniedFields())
                     ),
                     privilege.getQuery() == null ? null : newHashSet(privilege.getQuery()),
-                    IndexPrivilege.getSplitBySelectorAccess(newHashSet(Objects.requireNonNull(privilege.getPrivileges()))),
+                    IndexPrivilege.splitBySelectorAccess(newHashSet(Objects.requireNonNull(privilege.getPrivileges()))),
                     privilege.allowRestrictedIndices(),
                     newHashSet(Objects.requireNonNull(privilege.getIndices())).toArray(new String[0])
                 )

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java

@@ -1616,7 +1616,7 @@ public void testGetRoleDescriptorsIntersectionForRemoteClusterHasDeterministicOr
         final int numGroups = randomIntBetween(2, 5);
         int extraGroups = 0;
         for (int i = 0; i < numGroups; i++) {
-            Set<IndexPrivilege> splitBySelector = IndexPrivilege.getSplitBySelectorAccess(
+            Set<IndexPrivilege> splitBySelector = IndexPrivilege.splitBySelectorAccess(
                 Set.copyOf(randomSubsetOf(randomIntBetween(1, 4), IndexPrivilege.names()))
             );
             // If we end up with failure and data access, we will split and end up with extra groups. Need to account for this for the