Assert

Author: n1v0lg

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java

@@ -26,6 +26,7 @@
 import org.elasticsearch.common.regex.Regex;
 import org.elasticsearch.common.settings.ClusterSettings;
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.core.Assertions;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.core.Tuple;
 import org.elasticsearch.index.Index;
@@ -509,6 +510,7 @@ private static List<String> replaceWildcardsWithAuthorizedAliases(String[] alias
         }
 
         for (String aliasExpression : aliases) {
+            assertOnlyDataSelector(aliasExpression);
             boolean include = true;
             if (aliasExpression.charAt(0) == '-') {
                 include = false;
@@ -536,6 +538,14 @@ private static List<String> replaceWildcardsWithAuthorizedAliases(String[] alias
         return finalAliases;
     }
 
+    private static void assertOnlyDataSelector(String expression) {
+        if (Assertions.ENABLED) {
+            Tuple<String, String> tuple = IndexNameExpressionResolver.splitSelectorExpression(expression);
+            assert tuple.v2() == null || IndexComponentSelector.getByKey(tuple.v2()) == IndexComponentSelector.DATA
+                : "Selector [" + tuple.v2() + "] is not allowed in expression [" + expression + "]";
+        }
+    }
+
     private static List<String> indicesList(String[] list) {
         return (list == null) ? null : Arrays.asList(list);
     }