@@ -3869,38 +3869,53 @@ public void testSetExceptionOnMissingIndexWhenIgnoreUnavailable() {
38693869 when (crossProjectModeDecider .crossProjectEnabled ()).thenReturn (true );
38703870 when (crossProjectModeDecider .resolvesCrossProject (any ())).thenReturn (true );
38713871
3872- mockMetadataWithIndex ("available-index" );
3872+ final var metadataBuilder = ProjectMetadata .builder (projectId ).put (createIndexMetadata ("accessible-index" ), true );
3873+ if (randomBoolean ()) {
3874+ metadataBuilder .put (createIndexMetadata ("not-accessible-index" ), true );
3875+ }
3876+
3877+ mockClusterState (metadataBuilder .build ());
3878+
38733879 var authentication = createAuthentication (new User ("user" , "partial-access-role" ));
38743880 roleMap .put (
38753881 "partial-access-role" ,
38763882 new RoleDescriptor (
38773883 "partial-access-role" ,
38783884 null ,
3879- new IndicesPrivileges [] { IndicesPrivileges .builder ().indices ("available -index" ).privileges ("read" ).build () },
3885+ new IndicesPrivileges [] { IndicesPrivileges .builder ().indices ("accessible -index" ).privileges ("read" ).build () },
38803886 null
38813887 )
38823888 );
3883- final var request = new SearchRequest ("available-index" , "not-available-index" ).indicesOptions (
3884- IndicesOptions .fromOptions (true , false , true , false )
3885- );
3889+ var requestAccessibleIndex = randomBoolean ();
3890+
3891+ var request = requestAccessibleIndex
3892+ ? new SearchRequest ("accessible-index" , "not-accessible-index" )
3893+ : new SearchRequest ("not-accessible-index" );
3894+
3895+ request .indicesOptions (IndicesOptions .fromOptions (true , false , true , false ));
38863896 AuditUtil .getOrGenerateRequestId (threadContext );
38873897 authorize (authentication , TransportSearchAction .TYPE .name (), request );
38883898
38893899 final var authorizationInfo = mock (AuthorizationInfo .class );
38903900 when (authorizationInfo .asMap ()).thenReturn (Map .of ("user.info" , new String [] { "partial-access-role" }));
38913901
38923902 final var expressions = request .getResolvedIndexExpressions ().expressions ();
3893- assertThat (expressions , hasSize (2 ));
3894- assertThat (expressions .getFirst (), equalTo (resolvedIndexExpression ("available-index" , Set .of ("available-index" ), SUCCESS )));
3903+ if (requestAccessibleIndex ) {
3904+ assertThat (expressions , hasSize (2 ));
3905+ assertThat (expressions .getFirst (), equalTo (resolvedIndexExpression ("accessible-index" , Set .of ("accessible-index" ), SUCCESS )));
3906+ } else {
3907+ assertThat (expressions , hasSize (1 ));
3908+ }
38953909
3896- assertThat (expressions .get (1 ).original (), equalTo ("not-available-index" ));
3897- assertThat (expressions .get (1 ).localExpressions ().indices (), empty ());
3898- assertThat (expressions .get (1 ).localExpressions ().localIndexResolutionResult (), equalTo (CONCRETE_RESOURCE_UNAUTHORIZED ));
3910+ var notAccessibleIndexExpression = requestAccessibleIndex ? expressions .get (1 ) : expressions .getFirst ();
3911+ assertThat (notAccessibleIndexExpression .original (), equalTo ("not-accessible-index" ));
3912+ assertThat (notAccessibleIndexExpression .localExpressions ().indices (), empty ());
3913+ assertThat (notAccessibleIndexExpression .localExpressions ().localIndexResolutionResult (), equalTo (CONCRETE_RESOURCE_UNAUTHORIZED ));
38993914 assertThat (
3900- expressions . get ( 1 ) .localExpressions ().exception ().getMessage (),
3915+ notAccessibleIndexExpression .localExpressions ().exception ().getMessage (),
39013916 equalTo (
39023917 "action [indices:data/read/search] is unauthorized for user [user]"
3903- + " with effective roles [partial-access-role] on indices [not-available -index], "
3918+ + " with effective roles [partial-access-role] on indices [not-accessible -index], "
39043919 + "this action is granted by the index privileges [read,all]"
39053920 )
39063921 );
0 commit comments