Fix

n1v0lg · n1v0lg · commit 2f49f057895e · 2025-02-06T18:23:22.000+01:00
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java
@@ -114,7 +114,8 @@ public void addIndex(
         String[] grantedFields,
         String[] deniedFields,
         @Nullable BytesReference query,
-        boolean allowRestrictedIndices
+        boolean allowRestrictedIndices,
+        List<String> selectors
     ) {
         this.indicesPrivileges.add(
             RoleDescriptor.IndicesPrivileges.builder()
@@ -123,6 +124,7 @@ public void addIndex(
                 .grantedFields(grantedFields)
                 .deniedFields(deniedFields)
                 .query(query)
+                .selectors(selectors)
                 .allowRestrictedIndices(allowRestrictedIndices)
                 .build()
         );
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilder.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilder.java
@@ -7,13 +7,15 @@
 package org.elasticsearch.xpack.core.security.action.role;
 
 import org.elasticsearch.action.ActionRequestBuilder;
+import org.elasticsearch.action.support.IndexComponentSelector;
 import org.elasticsearch.client.internal.ElasticsearchClient;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.xcontent.XContentType;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
 
 import java.io.IOException;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -75,7 +77,28 @@ public PutRoleRequestBuilder addIndices(
         @Nullable BytesReference query,
         boolean allowRestrictedIndices
     ) {
-        request.addIndex(indices, privileges, grantedFields, deniedFields, query, allowRestrictedIndices);
+        request.addIndex(
+            indices,
+            privileges,
+            grantedFields,
+            deniedFields,
+            query,
+            allowRestrictedIndices,
+            List.of(IndexComponentSelector.DATA.getKey())
+        );
+        return this;
+    }
+
+    public PutRoleRequestBuilder addIndices(
+        String[] indices,
+        String[] privileges,
+        String[] grantedFields,
+        String[] deniedFields,
+        @Nullable BytesReference query,
+        boolean allowRestrictedIndices,
+        List<String> selectors
+    ) {
+        request.addIndex(indices, privileges, grantedFields, deniedFields, query, allowRestrictedIndices, selectors);
         return this;
     }
 
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java
@@ -1646,6 +1646,10 @@ public IndicesPrivileges build() {
                 if (indicesPrivileges.privileges == null || indicesPrivileges.privileges.length == 0) {
                     throw new IllegalArgumentException("indices privileges must define at least one privilege");
                 }
+                // TODO
+                if (indicesPrivileges.selectors == null || indicesPrivileges.selectors.isEmpty()) {
+                    indicesPrivileges.selectors = DEFAULT_SELECTORS;
+                }
                 return indicesPrivileges;
             }
         }
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java
@@ -7,6 +7,7 @@
 package org.elasticsearch.xpack.core.security.action.role;
 
 import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.action.support.IndexComponentSelector;
 import org.elasticsearch.action.support.WriteRequest;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges;
@@ -76,7 +77,8 @@ public void testValidationErrorWithUnknownIndexPrivilegeName() {
             null,
             null,
             null,
-            randomBoolean()
+            randomBoolean(),
+            List.of(IndexComponentSelector.DATA.getKey())
         );
 
         // Fail
@@ -180,7 +182,8 @@ public void testValidationSuccessWithCorrectIndexPrivilegeName() {
             null,
             null,
             null,
-            randomBoolean()
+            randomBoolean(),
+            List.of(IndexComponentSelector.DATA.getKey())
         );
         assertSuccessfulValidation(request);
     }
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/ManageRolesPrivilegesTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/ManageRolesPrivilegesTests.java
@@ -8,6 +8,7 @@
 package org.elasticsearch.xpack.core.security.authz.privilege;
 
 import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.support.IndexComponentSelector;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.test.AbstractNamedWriteableTestCase;
 import org.elasticsearch.xcontent.ToXContent;
@@ -276,7 +277,7 @@ private static void assertAllowedIndexPatterns(
         {
             final PutRoleRequest putRoleRequest = new PutRoleRequest();
             putRoleRequest.name(randomAlphaOfLength(3));
-            putRoleRequest.addIndex(indexPatterns, privileges, null, null, null, false);
+            putRoleRequest.addIndex(indexPatterns, privileges, null, null, null, false, List.of(IndexComponentSelector.DATA.getKey()));
             assertThat(permissionCheck(permission, "cluster:admin/xpack/security/role/put", putRoleRequest), is(expected));
         }
         {

Original file line number	Diff line number	Diff line change
`@@ -1646,6 +1646,10 @@ public IndicesPrivileges build() {`
`1646`	`1646`	`if (indicesPrivileges.privileges == null \|\| indicesPrivileges.privileges.length == 0) {`
`1647`	`1647`	`throw new IllegalArgumentException("indices privileges must define at least one privilege");`
`1648`	`1648`	`}`
	`1649`	`+ // TODO`
	`1650`	`+ if (indicesPrivileges.selectors == null \|\| indicesPrivileges.selectors.isEmpty()) {`
	`1651`	`+ indicesPrivileges.selectors = DEFAULT_SELECTORS;`
	`1652`	`+ }`
`1649`	`1653`	`return indicesPrivileges;`
`1650`	`1654`	`}`
`1651`	`1655`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`package org.elasticsearch.xpack.core.security.authz.privilege;`
`9`	`9`
`10`	`10`	`import org.elasticsearch.action.ActionRequest;`
	`11`	`+import org.elasticsearch.action.support.IndexComponentSelector;`
`11`	`12`	`import org.elasticsearch.common.io.stream.NamedWriteableRegistry;`
`12`	`13`	`import org.elasticsearch.test.AbstractNamedWriteableTestCase;`
`13`	`14`	`import org.elasticsearch.xcontent.ToXContent;`
`@@ -276,7 +277,7 @@ private static void assertAllowedIndexPatterns(`
`276`	`277`	`{`
`277`	`278`	`final PutRoleRequest putRoleRequest = new PutRoleRequest();`
`278`	`279`	`putRoleRequest.name(randomAlphaOfLength(3));`
`279`		`- putRoleRequest.addIndex(indexPatterns, privileges, null, null, null, false);`
	`280`	`+ putRoleRequest.addIndex(indexPatterns, privileges, null, null, null, false, List.of(IndexComponentSelector.DATA.getKey()));`
`280`	`281`	`assertThat(permissionCheck(permission, "cluster:admin/xpack/security/role/put", putRoleRequest), is(expected));`
`281`	`282`	`}`
`282`	`283`	`{`