More split tests

n1v0lg · n1v0lg · commit 4a4474864185 · 2025-02-19T11:54:28.000+01:00
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
@@ -369,14 +369,14 @@ private static Set<IndexPrivilege> resolve(Set<String> name) {
             }
         }
 
-        final Set<IndexPrivilege> result = combineIndexPrivileges(
+        final Set<IndexPrivilege> combined = combineIndexPrivileges(
             allSelectorAccessPrivileges,
             dataSelectorAccessPrivileges,
             failuresSelectorAccessPrivileges,
             actions
         );
-        assertNamesMatch(name, result);
-        return result;
+        assertNamesMatch(name, combined);
+        return combined;
     }
 
     private static Set<IndexPrivilege> combineIndexPrivileges(
@@ -396,14 +396,14 @@ private static Set<IndexPrivilege> combineIndexPrivileges(
             return Set.of(union(allSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.ALL));
         }
 
-        final Set<IndexPrivilege> result = new HashSet<>();
+        final Set<IndexPrivilege> combined = new HashSet<>();
         if (false == failuresSelectorAccessPrivileges.isEmpty()) {
-            result.add(union(failuresSelectorAccessPrivileges, Set.of(), IndexComponentSelectorPredicate.FAILURES));
+            combined.add(union(failuresSelectorAccessPrivileges, Set.of(), IndexComponentSelectorPredicate.FAILURES));
         }
         if (false == dataSelectorAccessPrivileges.isEmpty() || false == actions.isEmpty()) {
-            result.add(union(dataSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.DATA));
+            combined.add(union(dataSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.DATA));
         }
-        return result;
+        return combined;
     }
 
     private static void assertNamesMatch(Set<String> names, Set<IndexPrivilege> privileges) {
@@ -428,7 +428,7 @@ private static IndexPrivilege union(
 
         if (false == actions.isEmpty()) {
             names.addAll(actions);
-            automata.add(patterns(actions.stream().map(Privilege::actionToPattern).toArray(String[]::new)));
+            automata.add(patterns(actions.stream().map(Privilege::actionToPattern).toList()));
         }
         return new IndexPrivilege(names, unionAndMinimize(automata), selectorPredicate);
     }
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java
@@ -105,7 +105,7 @@ public void testGetWithSingleSelectorAccess() {
         }
     }
 
-    public void testGetSingleSelectorWithFailuresSelectorOrThrow() {
+    public void testGetWithSingleSelectorAccessFailuresSelector() {
         assumeTrue("This test requires the failure store to be enabled", DataStream.isFailureStoreFeatureFlagEnabled());
         {
             IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("read_failure_store"));
@@ -146,6 +146,80 @@ public void testGetSingleSelectorWithFailuresSelectorOrThrow() {
         );
     }
 
+    public void testGetSplitBySelectorAccess() {
+        assumeTrue("This test requires the failure store to be enabled", DataStream.isFailureStoreFeatureFlagEnabled());
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(Set.of("read_failure_store"));
+            assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE));
+            assertThat(actual.iterator().next().getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.FAILURES));
+        }
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(Set.of("read_failure_store", "READ_FAILURE_STORE"));
+            assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE));
+            assertThat(actual.iterator().next().getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.FAILURES));
+        }
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+                Set.of("read_failure_store", "read", "READ_FAILURE_STORE")
+            );
+            assertThat(actual, containsInAnyOrder(IndexPrivilege.READ_FAILURE_STORE, IndexPrivilege.READ));
+            List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
+            assertThat(
+                actualPredicates,
+                containsInAnyOrder(IndexComponentSelectorPredicate.DATA, IndexComponentSelectorPredicate.FAILURES)
+            );
+        }
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+                Set.of("read_failure_store", "read", "view_index_metadata")
+            );
+            assertThat(
+                actual,
+                containsInAnyOrder(
+                    IndexPrivilege.READ_FAILURE_STORE,
+                    IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "view_index_metadata"))
+                )
+            );
+            List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
+            assertThat(
+                actualPredicates,
+                containsInAnyOrder(IndexComponentSelectorPredicate.DATA, IndexComponentSelectorPredicate.FAILURES)
+            );
+        }
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+                Set.of("read_failure_store", "read", "indices:data/read/search", "view_index_metadata")
+            );
+            assertThat(
+                actual,
+                containsInAnyOrder(
+                    IndexPrivilege.READ_FAILURE_STORE,
+                    IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "indices:data/read/search", "view_index_metadata"))
+                )
+            );
+            List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
+            assertThat(
+                actualPredicates,
+                containsInAnyOrder(IndexComponentSelectorPredicate.DATA, IndexComponentSelectorPredicate.FAILURES)
+            );
+        }
+        {
+            Set<IndexPrivilege> actual = IndexPrivilege.getSplitBySelectorAccess(
+                Set.of("read_failure_store", "all", "read", "indices:data/read/search", "view_index_metadata")
+            );
+            assertThat(
+                actual,
+                containsInAnyOrder(
+                    IndexPrivilege.getWithSingleSelectorAccess(
+                        Set.of("read_failure_store", "all", "read", "indices:data/read/search", "view_index_metadata")
+                    )
+                )
+            );
+            List<IndexComponentSelectorPredicate> actualPredicates = actual.stream().map(IndexPrivilege::getSelectorPredicate).toList();
+            assertThat(actualPredicates, containsInAnyOrder(IndexComponentSelectorPredicate.ALL));
+        }
+    }
+
     public void testPrivilegesForRollupFieldCapsAction() {
         final Collection<String> privileges = findPrivilegesThatGrant(GetRollupIndexCapsAction.NAME);
         assertThat(Set.copyOf(privileges), equalTo(Set.of("manage", "all", "view_index_metadata", "read")));

Original file line number	Diff line number	Diff line change
`@@ -369,14 +369,14 @@ private static Set<IndexPrivilege> resolve(Set<String> name) {`
`369`	`369`	`}`
`370`	`370`	`}`
`371`	`371`
`372`		`- final Set<IndexPrivilege> result = combineIndexPrivileges(`
	`372`	`+ final Set<IndexPrivilege> combined = combineIndexPrivileges(`
`373`	`373`	`allSelectorAccessPrivileges,`
`374`	`374`	`dataSelectorAccessPrivileges,`
`375`	`375`	`failuresSelectorAccessPrivileges,`
`376`	`376`	`actions`
`377`	`377`	`);`
`378`		`- assertNamesMatch(name, result);`
`379`		`- return result;`
	`378`	`+ assertNamesMatch(name, combined);`
	`379`	`+ return combined;`
`380`	`380`	`}`
`381`	`381`
`382`	`382`	`private static Set<IndexPrivilege> combineIndexPrivileges(`
`@@ -396,14 +396,14 @@ private static Set<IndexPrivilege> combineIndexPrivileges(`
`396`	`396`	`return Set.of(union(allSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.ALL));`
`397`	`397`	`}`
`398`	`398`
`399`		`- final Set<IndexPrivilege> result = new HashSet<>();`
	`399`	`+ final Set<IndexPrivilege> combined = new HashSet<>();`
`400`	`400`	`if (false == failuresSelectorAccessPrivileges.isEmpty()) {`
`401`		`- result.add(union(failuresSelectorAccessPrivileges, Set.of(), IndexComponentSelectorPredicate.FAILURES));`
	`401`	`+ combined.add(union(failuresSelectorAccessPrivileges, Set.of(), IndexComponentSelectorPredicate.FAILURES));`
`402`	`402`	`}`
`403`	`403`	`if (false == dataSelectorAccessPrivileges.isEmpty() \|\| false == actions.isEmpty()) {`
`404`		`- result.add(union(dataSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.DATA));`
	`404`	`+ combined.add(union(dataSelectorAccessPrivileges, actions, IndexComponentSelectorPredicate.DATA));`
`405`	`405`	`}`
`406`		`- return result;`
	`406`	`+ return combined;`
`407`	`407`	`}`
`408`	`408`
`409`	`409`	`private static void assertNamesMatch(Set<String> names, Set<IndexPrivilege> privileges) {`
`@@ -428,7 +428,7 @@ private static IndexPrivilege union(`
`428`	`428`
`429`	`429`	`if (false == actions.isEmpty()) {`
`430`	`430`	`names.addAll(actions);`
`431`		`- automata.add(patterns(actions.stream().map(Privilege::actionToPattern).toArray(String[]::new)));`
	`431`	`+ automata.add(patterns(actions.stream().map(Privilege::actionToPattern).toList()));`
`432`	`432`	`}`
`433`	`433`	`return new IndexPrivilege(names, unionAndMinimize(automata), selectorPredicate);`
`434`	`434`	`}`