Minor tweaks

Author: tvernum

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java

@@ -6,6 +6,8 @@
  */
 package org.elasticsearch.xpack.core.security.authz.permission;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.lucene.util.automaton.Automaton;
 import org.apache.lucene.util.automaton.Operations;
 import org.apache.lucene.util.automaton.TooComplexToDeterminizeException;
@@ -57,6 +59,8 @@
  */
 public final class IndicesPermission {
 
+    private final Logger logger = LogManager.getLogger(getClass());
+
     private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(IndicesPermission.class);
 
     public static final IndicesPermission NONE = new IndicesPermission(new RestrictedIndices(Automatons.EMPTY), Group.EMPTY_ARRAY);
@@ -343,6 +347,7 @@ public boolean checkResourcePrivileges(
                     return automaton;
                 } catch (TooComplexToDeterminizeException e) {
                     final String text = pattern.length() > 260 ? Strings.cleanTruncate(pattern, 256) + "..." : pattern;
+                    logger.info("refusing to check privileges against complex index pattern [{}]", text);
                     throw new IllegalArgumentException("the provided index pattern [" + text + "] is too complex to be evaluated", e);
                 }
             }));

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/accesscontrol/IndicesPermissionTests.java

@@ -1101,19 +1101,11 @@ public void testCheckResourcePrivilegesWithTooComplexAutomaton() {
             "my-index"
         ).build();
 
-        StringBuilder pattern = new StringBuilder("/");
-        for (int i = 0; i < 2048; i++) {
-            if (i > 0) {
-                pattern.append("|");
-            }
-            pattern.append(randomAlphaOfLength(64));
-        }
-        pattern.append("/");
         var ex = expectThrows(
             IllegalArgumentException.class,
-            () -> permission.checkResourcePrivileges(Set.of(pattern.toString()), false, Set.of("read"), null)
+            () -> permission.checkResourcePrivileges(Set.of("****a*b?c**d**e*f??*g**h???i??*j*k*l*m*n???o*"), false, Set.of("read"), null)
         );
-        assertThat(ex.getMessage(), containsString("index pattern [/"));
+        assertThat(ex.getMessage(), containsString("index pattern [****a*b?c**d**e*f??*g**h???i??*j*k*l*m*n???o*]"));
         assertThat(ex.getCause(), instanceOf(TooComplexToDeterminizeException.class));
     }