ES-11331 streams params restriction (#132967)

* Add support for passing down if restricted params are used

# Conflicts:
#	server/src/main/java/org/elasticsearch/TransportVersions.java

# Conflicts:
#	server/src/main/java/org/elasticsearch/TransportVersions.java

* Add restricted param check to single doc endpoint

* Fixup YAML test

* Add YAML tests for new function

* Switch to more descriptive catch check

* Additional tests and fixes for those tests

* Update docs/changelog/132967.yaml

* Apply suggestions from code review

Co-authored-by: Copilot <[email protected]>

* Move check lower down the stack and preserve param names for better error message

Also whitelists ID and pretty as allowed params

* Fix NPE due to missing params set during serialization

* Add additional allowed params following product feedback

---------

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Keith Massey <[email protected]>

Author: 3 people

docs/changelog/132967.yaml

@@ -0,0 +1,5 @@
+pr: 132967
+summary: ES-11331 streams params restriction
+area: Data streams
+type: enhancement
+issues: []

modules/streams/src/yamlRestTest/resources/rest-api-spec/test/streams/logs/20_substream_restrictions.yml

@@ -142,13 +142,16 @@ teardown:
             index.default_pipeline: "reroute-to-logs-foo-success"
   - do:
       bulk:
-        refresh: true
         body: |
           { "index": { "_index": "logs" } }
           { "foo": "bar", "baz": "qux" }
   - match: { errors: false }
   - match: { items.0.index.status: 201 }
 
+  - do:
+      indices.refresh:
+        index: logs.foo
+
   - do:
       delete_by_query:
         index: logs.foo

modules/streams/src/yamlRestTest/resources/rest-api-spec/test/streams/logs/30_param_restrictions.yml

@@ -0,0 +1,190 @@
+---
+teardown:
+  - do:
+      streams.logs_disable: { }
+
+---
+"Check User Can't Use Restricted Params On Logs Endpoint":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      streams.status: { }
+  - is_true: logs.enabled
+
+  - do:
+      bulk:
+        list_executed_pipelines: true
+        body: |
+          { "index": { "_index": "logs"} }
+          { "foo": "bar" }
+          { "index": { "_index": "not-logs" } }
+          { "foo": "bar" }
+  - match: { errors: true }
+  - match: { items.0.index.status: 400 }
+  - match: { items.0.index.error.type: "illegal_argument_exception" }
+  - match: { items.0.index.error.reason: '/When\ writing\ to\ a\ stream\,\ only\ the\ following\ parameters\ are\ allowed\:\ \[.+\]\ however\ the\ following\ were\ used\:\ \[.+\]/' }
+  - match: { items.1.index.status: 201 }
+
+---
+"Check User Can't Use Restricted Params On Logs Endpoint - Single Doc":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      streams.status: { }
+  - is_true: logs.enabled
+
+  - do:
+      index:
+        require_alias: true
+        index: logs
+        body: { "foo": "bar" }
+      catch: '/When writing to a stream, only the following parameters are allowed: \[.+\] however the following were used: \[.+\]/'
+
+---
+"Allowed Params Only - Bulk Should Succeed":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      bulk:
+        error_trace: true
+        timeout: "1m"
+        body: |
+          { "index": { "_index": "logs"} }
+          { "foo": "bar" }
+  - match: { errors: false }
+  - match: { items.0.index.status: 201 }
+
+---
+"Allowed Params Only - Single Doc Should Succeed":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      index:
+        index: logs
+        error_trace: true
+        timeout: "1m"
+        body: |
+          { "foo": "bar" }
+  - match: { _index: "logs" }
+  - match: { result: "created" }
+
+---
+"Allowed Params Only - Single Doc with ID Should Succeed":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      index:
+        index: logs
+        id: 123456
+        body: |
+          { "foo": "bar" }
+  - match: { _index: "logs" }
+  - match: { result: "created" }
+
+---
+"No Params - Bulk Should Succeed":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      bulk:
+        body: |
+          { "index": { "_index": "logs"} }
+          { "foo": "bar" }
+  - match: { errors: false }
+  - match: { items.0.index.status: 201 }
+
+---
+"No Params - Single Doc Should Succeed":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+  -
+    do:
+      index:
+        index: logs
+        body: { "foo": "bar" }
+  - match: { _index: "logs" }
+  - match: { result: "created" }
+
+---
+"Mixed Allowed and Disallowed Params - Bulk Should Fail":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      bulk:
+        error_trace: true
+        timeout: "1m"
+        routing: "custom-routing"
+        refresh: true
+        body: |
+          { "index": { "_index": "logs"} }
+          { "foo": "bar" }
+  - match: { errors: true }
+  - match: { items.0.index.status: 400 }
+  - match: { items.0.index.error.type: "illegal_argument_exception" }
+  - match: { items.0.index.error.reason: '/When\ writing\ to\ a\ stream\,\ only\ the\ following\ parameters\ are\ allowed\:\ \[.+\]\ however\ the\ following\ were\ used\:\ \[.+\]/' }
+
+---
+"Mixed Allowed and Disallowed Params - Single Doc Should Fail":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      index:
+        index: logs
+        error_trace: true
+        timeout: "1m"
+        routing: "custom-routing"
+        refresh: true
+        body: { "foo": "bar" }
+      catch: '/When writing to a stream, only the following parameters are allowed: \[.+\] however the following were used: \[.+\]/'
+
+---
+"Multiple Disallowed Params - Bulk Should Fail":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      bulk:
+        routing: "custom-routing"
+        wait_for_active_shards: "2"
+        refresh: true
+        body: |
+          { "index": { "_index": "logs"} }
+          { "foo": "bar" }
+  - match: { errors: true }
+  - match: { items.0.index.status: 400 }
+  - match: { items.0.index.error.type: "illegal_argument_exception" }
+  - match: { items.0.index.error.reason: '/When\ writing\ to\ a\ stream\,\ only\ the\ following\ parameters\ are\ allowed\:\ \[.+\]\ however\ the\ following\ were\ used\:\ \[.+\]/' }
+
+---
+"Multiple Disallowed Params - Single Doc Should Fail":
+  - do:
+      streams.logs_enable: { }
+  - is_true: acknowledged
+
+  - do:
+      index:
+        index: logs
+        routing: "custom-routing"
+        pipeline: "my-pipeline"
+        wait_for_active_shards: "2"
+        refresh: true
+        body: { "foo": "bar" }
+      catch: '/When writing to a stream, only the following parameters are allowed: \[.+\] however the following were used: \[.+\]/'

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -354,6 +354,7 @@ static TransportVersion def(int id) {
     public static final TransportVersion SHARD_WRITE_LOAD_IN_CLUSTER_INFO = def(9_126_0_00);
     public static final TransportVersion ESQL_SAMPLE_OPERATOR_STATUS = def(9_127_0_00);
     public static final TransportVersion PROJECT_RESERVED_STATE_MOVE_TO_REGISTRY = def(9_147_0_00);
+    public static final TransportVersion STREAMS_ENDPOINT_PARAM_RESTRICTIONS = def(9_148_00_00);
 
     /*
      * STOP! READ THIS FIRST! No, really,

server/src/main/java/org/elasticsearch/action/ActionModule.java

@@ -459,6 +459,7 @@ public class ActionModule extends AbstractModule {
     private final RequestValidators<IndicesAliasesRequest> indicesAliasesRequestRequestValidators;
     private final ReservedClusterStateService reservedClusterStateService;
     private final RestExtension restExtension;
+    private final ClusterService clusterService;
 
     public ActionModule(
         Settings settings,
@@ -534,6 +535,7 @@ public ActionModule(
             reservedProjectStateHandlers
         );
         this.restExtension = restExtension;
+        this.clusterService = clusterService;
     }
 
     private static <T> T getRestServerComponent(
@@ -927,9 +929,9 @@ public void initRestHandlers(Supplier<DiscoveryNodes> nodesInCluster, Predicate<
         registerHandler.accept(new RestResolveClusterAction());
         registerHandler.accept(new RestResolveIndexAction());
 
-        registerHandler.accept(new RestIndexAction());
-        registerHandler.accept(new CreateHandler());
-        registerHandler.accept(new AutoIdHandler());
+        registerHandler.accept(new RestIndexAction(clusterService, projectIdResolver));
+        registerHandler.accept(new CreateHandler(clusterService, projectIdResolver));
+        registerHandler.accept(new AutoIdHandler(clusterService, projectIdResolver));
         registerHandler.accept(new RestGetAction());
         registerHandler.accept(new RestGetSourceAction());
         registerHandler.accept(new RestMultiGetAction(settings));

server/src/main/java/org/elasticsearch/action/bulk/BulkRequest.java

@@ -48,6 +48,7 @@
 import java.util.Objects;
 import java.util.Set;
 
+import static java.util.Collections.emptySet;
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 
 /**
@@ -86,6 +87,7 @@ public class BulkRequest extends LegacyActionRequest
     private Boolean globalRequireAlias;
     private Boolean globalRequireDatsStream;
     private boolean includeSourceOnError = true;
+    private Set<String> paramsUsed = emptySet();
 
     private long sizeInBytes = 0;
 
@@ -108,6 +110,9 @@ public BulkRequest(StreamInput in) throws IOException {
         if (in.getTransportVersion().onOrAfter(TransportVersions.INGEST_REQUEST_INCLUDE_SOURCE_ON_ERROR)) {
             includeSourceOnError = in.readBoolean();
         } // else default value is true
+        if (in.getTransportVersion().onOrAfter(TransportVersions.STREAMS_ENDPOINT_PARAM_RESTRICTIONS)) {
+            paramsUsed = in.readCollectionAsImmutableSet(StreamInput::readString);
+        }
     }
 
     public BulkRequest(@Nullable String globalIndex) {
@@ -474,6 +479,9 @@ public void writeTo(StreamOutput out) throws IOException {
         if (out.getTransportVersion().onOrAfter(TransportVersions.INGEST_REQUEST_INCLUDE_SOURCE_ON_ERROR)) {
             out.writeBoolean(includeSourceOnError);
         }
+        if (out.getTransportVersion().onOrAfter(TransportVersions.STREAMS_ENDPOINT_PARAM_RESTRICTIONS)) {
+            out.writeCollection(paramsUsed, StreamOutput::writeString);
+        }
     }
 
     @Override
@@ -516,6 +524,14 @@ public boolean isSimulated() {
         return false; // Always false, but may be overridden by a subclass
     }
 
+    public Set<String> requestParamsUsed() {
+        return paramsUsed;
+    }
+
+    public void requestParamsUsed(Set<String> paramsUsed) {
+        this.paramsUsed = paramsUsed;
+    }
+
     /*
      * Returns any component template substitutions that are to be used as part of this bulk request. We would likely only have
      * substitutions in the event of a simulated request.
@@ -554,6 +570,7 @@ public BulkRequest shallowClone() {
         bulkRequest.routing(routing());
         bulkRequest.requireAlias(requireAlias());
         bulkRequest.requireDataStream(requireDataStream());
+        bulkRequest.requestParamsUsed(requestParamsUsed());
         return bulkRequest;
     }
 }

server/src/main/java/org/elasticsearch/action/bulk/IncrementalBulkService.java

@@ -29,9 +29,11 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.Supplier;
 
+import static java.util.Collections.emptySet;
 import static org.elasticsearch.common.settings.Setting.boolSetting;
 
 public class IncrementalBulkService {
@@ -62,12 +64,17 @@ public IncrementalBulkService(Client client, IndexingPressure indexingPressure,
 
     public Handler newBulkRequest() {
         ensureEnabled();
-        return newBulkRequest(null, null, null);
+        return newBulkRequest(null, null, null, emptySet());
     }
 
-    public Handler newBulkRequest(@Nullable String waitForActiveShards, @Nullable TimeValue timeout, @Nullable String refresh) {
+    public Handler newBulkRequest(
+        @Nullable String waitForActiveShards,
+        @Nullable TimeValue timeout,
+        @Nullable String refresh,
+        Set<String> paramsUsed
+    ) {
         ensureEnabled();
-        return new Handler(client, indexingPressure, waitForActiveShards, timeout, refresh, chunkWaitTimeMillisHistogram);
+        return new Handler(client, indexingPressure, waitForActiveShards, timeout, refresh, chunkWaitTimeMillisHistogram, paramsUsed);
     }
 
     private void ensureEnabled() {
@@ -105,6 +112,7 @@ public static class Handler implements Releasable {
         private final Client client;
         private final ActiveShardCount waitForActiveShards;
         private final TimeValue timeout;
+        private final Set<String> paramsUsed;
         private final String refresh;
 
         private final ArrayList<Releasable> releasables = new ArrayList<>(4);
@@ -125,12 +133,14 @@ protected Handler(
             @Nullable String waitForActiveShards,
             @Nullable TimeValue timeout,
             @Nullable String refresh,
-            LongHistogram chunkWaitTimeMillisHistogram
+            LongHistogram chunkWaitTimeMillisHistogram,
+            Set<String> paramsUsed
         ) {
             this.client = client;
             this.waitForActiveShards = waitForActiveShards != null ? ActiveShardCount.parseString(waitForActiveShards) : null;
             this.timeout = timeout;
             this.refresh = refresh;
+            this.paramsUsed = paramsUsed;
             this.incrementalOperation = indexingPressure.startIncrementalCoordinating(0, 0, false);
             this.chunkWaitTimeMillisHistogram = chunkWaitTimeMillisHistogram;
             createNewBulkRequest(EMPTY_STATE);
@@ -310,6 +320,7 @@ private void createNewBulkRequest(BulkRequest.IncrementalState incrementalState)
             if (refresh != null) {
                 bulkRequest.setRefreshPolicy(refresh);
             }
+            bulkRequest.requestParamsUsed(paramsUsed);
         }
     }
 }