Rename NOT_CROSS_PROJECT and also refine slightly (#136528)

As said in the title, this PR changes the definition slightly so that
its field values form a combination that is not possible when CPS is
enabled. This plus the rename should improve the clarity of this field
and its usage.

Resolves: ES-13171

Author: ywangd

server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java

@@ -76,10 +76,10 @@ public ResolvedIndexExpressions resolveIndexAbstractions(
         final TargetProjects targetProjects,
         final boolean includeDataStreams
     ) {
-        assert targetProjects != TargetProjects.NOT_CROSS_PROJECT
-            : "cannot resolve indices cross project if target set is NOT_CROSS_PROJECT";
+        assert targetProjects != TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED
+            : "cannot resolve indices cross project if target set is local only";
         if (false == targetProjects.crossProject()) {
-            final String message = "cannot resolve indices cross project if target set is empty";
+            final String message = "cannot resolve indices cross project if target set is not cross project";
             assert false : message;
             throw new IllegalArgumentException(message);
         }

server/src/main/java/org/elasticsearch/search/crossproject/TargetProjects.java

@@ -11,10 +11,10 @@
 
 import org.elasticsearch.core.Nullable;
 
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 /**
  * Holds information about the target projects for a cross-project search request. This record is used both by the
@@ -23,8 +23,26 @@
  *                      project routing
  * @param linkedProjects all projects that are linked and authorized, can be empty if the request is not cross-project
  */
-public record TargetProjects(@Nullable ProjectRoutingInfo originProject, List<ProjectRoutingInfo> linkedProjects) {
-    public static final TargetProjects NOT_CROSS_PROJECT = new TargetProjects(null, List.of());
+public record TargetProjects(
+    @Nullable ProjectRoutingInfo originProject, // null when CPS is disabled or the local project is excluded by routing
+    @Nullable List<ProjectRoutingInfo> linkedProjects // null when CPS is disabled
+) {
+    // Constant for representing no target project at all. Note this has a non-null empty linkedProjects field.
+    public static final TargetProjects EMPTY = new TargetProjects(null, List.of());
+
+    // A placeholder constant to satisfy the AuthorizedProjectResolver contract when CPS is disabled. The field values
+    // are chosen so that it is a combination that is impossible to have when CPS is enabled. Hence, they are not
+    // meant to be always interpreted literally, i.e. the `null` originProject does NOT mean the local project is excluded.
+    // Instead, actions are always and only executed against the local project when CPS is disabled. =
+    // This is different the above EMPTY field and its isEmpty check returns `false`.
+    public static final TargetProjects LOCAL_ONLY_FOR_CPS_DISABLED = new TargetProjects(null, null);
+
+    static {
+        assert EMPTY.isEmpty();
+        assert EMPTY.crossProject() == false;
+        assert LOCAL_ONLY_FOR_CPS_DISABLED.isEmpty() == false;
+        assert LOCAL_ONLY_FOR_CPS_DISABLED.crossProject() == false;
+    }
 
     public TargetProjects(ProjectRoutingInfo originProject) {
         this(originProject, List.of());
@@ -37,14 +55,18 @@ public String originProjectAlias() {
 
     public Set<String> allProjectAliases() {
         // TODO consider caching this
-        final Set<String> allProjectAliases = linkedProjects.stream().map(ProjectRoutingInfo::projectAlias).collect(Collectors.toSet());
-        if (originProject != null) {
-            allProjectAliases.add(originProject.projectAlias());
-        }
-        return Collections.unmodifiableSet(allProjectAliases);
+        return Stream.concat(
+            originProject != null ? Stream.of(originProject) : Stream.empty(),
+            linkedProjects != null ? linkedProjects.stream() : Stream.empty()
+        ).map(ProjectRoutingInfo::projectAlias).collect(Collectors.toUnmodifiableSet());
     }
 
+    // TODO: Either change the definition or the method name since it allows targeting only the origin project without any remotes
     public boolean crossProject() {
-        return originProject != null || linkedProjects.isEmpty() == false;
+        return originProject != null || (linkedProjects != null && linkedProjects.isEmpty() == false);
+    }
+
+    public boolean isEmpty() {
+        return originProject == null && (linkedProjects != null && linkedProjects.isEmpty());
     }
 }

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizedProjectsResolver.java

@@ -12,15 +12,15 @@
 
 /**
  * A resolver of authorized projects for the current user. This includes the origin project and all linked projects the user has access to.
- * If we are not in a cross-project search context, the supplier returns {@link TargetProjects#NOT_CROSS_PROJECT}.
+ * If we are not in a cross-project search context, the supplier returns {@link TargetProjects#LOCAL_ONLY_FOR_CPS_DISABLED}.
  */
 public interface AuthorizedProjectsResolver {
     void resolveAuthorizedProjects(ActionListener<TargetProjects> listener);
 
     class Default implements AuthorizedProjectsResolver {
         @Override
         public void resolveAuthorizedProjects(ActionListener<TargetProjects> listener) {
-            listener.onResponse(TargetProjects.NOT_CROSS_PROJECT);
+            listener.onResponse(TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED);
         }
     }
 }

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java

@@ -506,7 +506,7 @@ private void authorizeAction(
                 targetProjectListener = new SubscribableListener<>();
                 authorizedProjectsResolver.resolveAuthorizedProjects(targetProjectListener);
             } else {
-                targetProjectListener = SubscribableListener.newSucceeded(TargetProjects.NOT_CROSS_PROJECT);
+                targetProjectListener = SubscribableListener.newSucceeded(TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED);
             }
 
             targetProjectListener.addListener(ActionListener.wrap(targetProjects -> {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java

@@ -296,7 +296,13 @@ ResolvedIndices resolveIndicesAndAliases(
         ProjectMetadata projectMetadata,
         AuthorizationEngine.AuthorizedIndices authorizedIndices
     ) {
-        return resolveIndicesAndAliases(action, indicesRequest, projectMetadata, authorizedIndices, TargetProjects.NOT_CROSS_PROJECT);
+        return resolveIndicesAndAliases(
+            action,
+            indicesRequest,
+            projectMetadata,
+            authorizedIndices,
+            TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED
+        );
     }
 
     ResolvedIndices resolveIndicesAndAliases(
@@ -370,11 +376,13 @@ ResolvedIndices resolveIndicesAndAliases(
                 // we honour allow_no_indices like es core does.
             } else {
                 assert indicesRequest.indices() != null : "indices() cannot be null when resolving non-all-index expressions";
+                // TODO: consider short-circuit when authorizedProjects.linkedProjects is empty or is filtered to empty
                 if (crossProjectModeDecider.resolvesCrossProject(replaceable)
                     // a none expression should not go through cross-project resolution -- fall back to local resolution logic
                     && false == IndexNameExpressionResolver.isNoneExpression(replaceable.indices())) {
-                    assert replaceable.allowsRemoteIndices() : "cross-project requests must allow remote indices";
-                    assert authorizedProjects.crossProject() : "cross-project requests must have cross-project target set";
+                    assert replaceable.allowsRemoteIndices() : "cross-project request [" + indicesRequest + "] must allow remote indices";
+                    assert authorizedProjects.crossProject()
+                        : "cross-project request [" + indicesRequest + "] must have cross-project target set";
 
                     final ResolvedIndexExpressions resolved = indexAbstractionResolver.resolveIndexAbstractions(
                         Arrays.asList(replaceable.indices()),

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java

@@ -335,7 +335,7 @@ public void setup() {
         authorizedProjectsResolver = mock(AuthorizedProjectsResolver.class);
         doAnswer(invocation -> {
             ActionListener<TargetProjects> callback = (ActionListener<TargetProjects>) invocation.getArguments()[0];
-            callback.onResponse(TargetProjects.NOT_CROSS_PROJECT);
+            callback.onResponse(TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED);
             return null;
         }).when(authorizedProjectsResolver).resolveAuthorizedProjects(anyActionListener());
         crossProjectModeDecider = mock(CrossProjectModeDecider.class);

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolverTests.java

@@ -2911,7 +2911,13 @@ private ResolvedIndices resolveIndices(TransportRequest request, AuthorizedIndic
     }
 
     private ResolvedIndices resolveIndices(String action, TransportRequest request, AuthorizedIndices authorizedIndices) {
-        return defaultIndicesResolver.resolve(action, request, this.projectMetadata, authorizedIndices, TargetProjects.NOT_CROSS_PROJECT);
+        return defaultIndicesResolver.resolve(
+            action,
+            request,
+            this.projectMetadata,
+            authorizedIndices,
+            TargetProjects.LOCAL_ONLY_FOR_CPS_DISABLED
+        );
     }
 
     private static void assertNoIndices(IndicesRequest.Replaceable request, ResolvedIndices resolvedIndices) {