Skip to content

Commit 5103c66

Browse files
n1v0lgn1v0lg
committed
More
1 parent e6de849 commit 5103c66

File tree

6 files changed

+66
-62
lines changed

6 files changed

+66
-62
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -290,13 +290,17 @@ interface AuthorizedIndices {
290290
* Returns all the index-like resource names that are available and accessible for an action type by a user,
291291
* at a fixed point in time (for a single cluster state view).
292292
*/
293-
Supplier<Set<String>> all();
293+
// TODO remove me
294+
default Supplier<Set<String>> allLegacy() {
295+
return () -> all().get().keySet();
296+
}
294297

295-
Supplier<Map<String, String>> allWithSelectors();
298+
Supplier<Map<String, String>> all();
296299

297300
/**
298301
* Checks if an index-like resource name is authorized, for an action by a user. The resource might or might not exist.
299302
*/
303+
// TODO remove me
300304
default boolean check(String name) {
301305
return check(name, null);
302306
}

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -322,7 +322,7 @@ ResolvedIndices resolveIndicesAndAliases(
322322
);
323323
}
324324
if (indicesOptions.expandWildcardExpressions()) {
325-
for (String authorizedIndex : authorizedIndices.all().get()) {
325+
for (String authorizedIndex : authorizedIndices.allLegacy().get()) {
326326
if (IndexAbstractionResolver.isIndexVisible(
327327
"*",
328328
allIndicesPatternSelector,
@@ -351,7 +351,7 @@ ResolvedIndices resolveIndicesAndAliases(
351351
split.getLocal(),
352352
indicesOptions,
353353
metadata,
354-
authorizedIndices.allWithSelectors(),
354+
authorizedIndices.all(),
355355
authorizedIndices::check,
356356
indicesRequest.includeDataStreams()
357357
);
@@ -388,7 +388,7 @@ ResolvedIndices resolveIndicesAndAliases(
388388
if (aliasesRequest.expandAliasesWildcards()) {
389389
List<String> aliases = replaceWildcardsWithAuthorizedAliases(
390390
aliasesRequest.aliases(),
391-
loadAuthorizedAliases(authorizedIndices.all(), metadata)
391+
loadAuthorizedAliases(authorizedIndices.allLegacy(), metadata)
392392
);
393393
aliasesRequest.replaceAliases(aliases.toArray(new String[aliases.size()]));
394394
}

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1071,12 +1071,12 @@ static final class AuthorizedIndices implements AuthorizationEngine.AuthorizedIn
10711071

10721072
// TODO remove me
10731073
@Override
1074-
public Supplier<Set<String>> all() {
1074+
public Supplier<Set<String>> allLegacy() {
10751075
return () -> allAuthorizedAndAvailableWithSelectors.get().keySet();
10761076
}
10771077

10781078
@Override
1079-
public Supplier<Map<String, String>> allWithSelectors() {
1079+
public Supplier<Map<String, String>> all() {
10801080
return allAuthorizedAndAvailableWithSelectors;
10811081
}
10821082

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizedIndicesTests.java

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ public void testAuthorizedIndicesUserWithoutRoles() {
5555
Metadata.EMPTY_METADATA.getIndicesLookup(),
5656
() -> ignore -> {}
5757
);
58-
assertTrue(authorizedIndices.all().get().isEmpty());
58+
assertTrue(authorizedIndices.allLegacy().get().isEmpty());
5959
}
6060

6161
public void testAuthorizedIndicesUserWithSomeRoles() {
@@ -115,14 +115,14 @@ public void testAuthorizedIndicesUserWithSomeRoles() {
115115
metadata.getIndicesLookup(),
116116
() -> ignore -> {}
117117
);
118-
assertThat(authorizedIndices.all().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
119-
assertThat(authorizedIndices.all().get(), not(contains("bbbbb")));
118+
assertThat(authorizedIndices.allLegacy().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
119+
assertThat(authorizedIndices.allLegacy().get(), not(contains("bbbbb")));
120120
assertThat(authorizedIndices.check("bbbbb"), is(false));
121-
assertThat(authorizedIndices.all().get(), not(contains("ba")));
121+
assertThat(authorizedIndices.allLegacy().get(), not(contains("ba")));
122122
assertThat(authorizedIndices.check("ba"), is(false));
123-
assertThat(authorizedIndices.all().get(), not(contains(internalSecurityIndex)));
123+
assertThat(authorizedIndices.allLegacy().get(), not(contains(internalSecurityIndex)));
124124
assertThat(authorizedIndices.check(internalSecurityIndex), is(false));
125-
assertThat(authorizedIndices.all().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
125+
assertThat(authorizedIndices.allLegacy().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
126126
assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS), is(false));
127127
}
128128

@@ -134,7 +134,7 @@ public void testAuthorizedIndicesUserWithSomeRolesEmptyMetadata() {
134134
Metadata.EMPTY_METADATA.getIndicesLookup(),
135135
() -> ignore -> {}
136136
);
137-
assertTrue(authorizedIndices.all().get().isEmpty());
137+
assertTrue(authorizedIndices.allLegacy().get().isEmpty());
138138
}
139139

140140
public void testSecurityIndicesAreRemovedFromRegularUser() {
@@ -145,7 +145,7 @@ public void testSecurityIndicesAreRemovedFromRegularUser() {
145145
Metadata.EMPTY_METADATA.getIndicesLookup(),
146146
() -> ignore -> {}
147147
);
148-
assertTrue(authorizedIndices.all().get().isEmpty());
148+
assertTrue(authorizedIndices.allLegacy().get().isEmpty());
149149
}
150150

151151
public void testSecurityIndicesAreRestrictedForDefaultRole() {
@@ -177,12 +177,12 @@ public void testSecurityIndicesAreRestrictedForDefaultRole() {
177177
metadata.getIndicesLookup(),
178178
() -> ignore -> {}
179179
);
180-
assertThat(authorizedIndices.all().get(), containsInAnyOrder("an-index", "another-index"));
180+
assertThat(authorizedIndices.allLegacy().get(), containsInAnyOrder("an-index", "another-index"));
181181
assertThat(authorizedIndices.check("an-index"), is(true));
182182
assertThat(authorizedIndices.check("another-index"), is(true));
183-
assertThat(authorizedIndices.all().get(), not(contains(internalSecurityIndex)));
183+
assertThat(authorizedIndices.allLegacy().get(), not(contains(internalSecurityIndex)));
184184
assertThat(authorizedIndices.check(internalSecurityIndex), is(false));
185-
assertThat(authorizedIndices.all().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
185+
assertThat(authorizedIndices.allLegacy().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
186186
assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS), is(false));
187187
}
188188

@@ -216,7 +216,7 @@ public void testSecurityIndicesAreNotRemovedFromUnrestrictedRole() {
216216
() -> ignore -> {}
217217
);
218218
assertThat(
219-
authorizedIndices.all().get(),
219+
authorizedIndices.allLegacy().get(),
220220
containsInAnyOrder("an-index", "another-index", SecuritySystemIndices.SECURITY_MAIN_ALIAS, internalSecurityIndex)
221221
);
222222

@@ -227,7 +227,7 @@ public void testSecurityIndicesAreNotRemovedFromUnrestrictedRole() {
227227
() -> ignore -> {}
228228
);
229229
assertThat(
230-
authorizedIndicesSuperUser.all().get(),
230+
authorizedIndicesSuperUser.allLegacy().get(),
231231
containsInAnyOrder("an-index", "another-index", SecuritySystemIndices.SECURITY_MAIN_ALIAS, internalSecurityIndex)
232232
);
233233
}
@@ -297,21 +297,21 @@ public void testDataStreamsAreNotIncludedInAuthorizedIndices() {
297297
metadata.getIndicesLookup(),
298298
() -> ignore -> {}
299299
);
300-
assertThat(authorizedIndices.all().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
300+
assertThat(authorizedIndices.allLegacy().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
301301
for (String resource : List.of("a1", "a2", "aaaaaa", "b", "ab")) {
302302
assertThat(authorizedIndices.check(resource), is(true));
303303
}
304-
assertThat(authorizedIndices.all().get(), not(contains("bbbbb")));
304+
assertThat(authorizedIndices.allLegacy().get(), not(contains("bbbbb")));
305305
assertThat(authorizedIndices.check("bbbbb"), is(false));
306-
assertThat(authorizedIndices.all().get(), not(contains("ba")));
306+
assertThat(authorizedIndices.allLegacy().get(), not(contains("ba")));
307307
assertThat(authorizedIndices.check("ba"), is(false));
308308
// due to context, datastreams are excluded from wildcard expansion
309-
assertThat(authorizedIndices.all().get(), not(contains("adatastream1")));
309+
assertThat(authorizedIndices.allLegacy().get(), not(contains("adatastream1")));
310310
// but they are authorized when explicitly tested (they are not "unavailable" for the Security filter)
311311
assertThat(authorizedIndices.check("adatastream1"), is(true));
312-
assertThat(authorizedIndices.all().get(), not(contains(internalSecurityIndex)));
312+
assertThat(authorizedIndices.allLegacy().get(), not(contains(internalSecurityIndex)));
313313
assertThat(authorizedIndices.check(internalSecurityIndex), is(false));
314-
assertThat(authorizedIndices.all().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
314+
assertThat(authorizedIndices.allLegacy().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
315315
assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS), is(false));
316316
}
317317

@@ -382,14 +382,14 @@ public void testDataStreamsAreIncludedInAuthorizedIndices() {
382382
metadata.getIndicesLookup(),
383383
() -> ignore -> {}
384384
);
385-
assertThat(authorizedIndices.all().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab", "adatastream1", backingIndex));
386-
assertThat(authorizedIndices.all().get(), not(contains("bbbbb")));
385+
assertThat(authorizedIndices.allLegacy().get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab", "adatastream1", backingIndex));
386+
assertThat(authorizedIndices.allLegacy().get(), not(contains("bbbbb")));
387387
assertThat(authorizedIndices.check("bbbbb"), is(false));
388-
assertThat(authorizedIndices.all().get(), not(contains("ba")));
388+
assertThat(authorizedIndices.allLegacy().get(), not(contains("ba")));
389389
assertThat(authorizedIndices.check("ba"), is(false));
390-
assertThat(authorizedIndices.all().get(), not(contains(internalSecurityIndex)));
390+
assertThat(authorizedIndices.allLegacy().get(), not(contains(internalSecurityIndex)));
391391
assertThat(authorizedIndices.check(internalSecurityIndex), is(false));
392-
assertThat(authorizedIndices.all().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
392+
assertThat(authorizedIndices.allLegacy().get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
393393
assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS), is(false));
394394
}
395395

0 commit comments

Comments
 (0)