New setting plus mutual exclusiveness validation

lukewhiting · lukewhiting · commit 9268c38a7692 · 2024-11-05T13:18:00.000Z
diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java
@@ -26,13 +26,14 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
-
 import javax.mail.MessagingException;
 import javax.mail.internet.InternetAddress;
 import javax.net.ssl.SSLSocketFactory;
@@ -56,9 +57,72 @@ public class EmailService extends NotificationService<Account> {
         (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope)
     );
 
+    private static final List<String> ALLOW_ALL_DEFAULT = List.of("*");
+
     private static final Setting<List<String>> SETTING_DOMAIN_ALLOWLIST = Setting.stringListSetting(
         "xpack.notification.email.account.domain_allowlist",
-        List.of("*"),
+        ALLOW_ALL_DEFAULT,
+        new Setting.Validator<>() {
+            @Override
+            public void validate(List<String> value) {
+                // Ignored
+            }
+
+            @Override
+            @SuppressWarnings("unchecked")
+            public void validate(List<String> value, Map<Setting<?>, Object> settings) {
+                List<String> recipientAllowPatterns = (List<String>) settings.get(SETTING_RECIPIENT_ALLOW_PATTERNS);
+                if (value.equals(ALLOW_ALL_DEFAULT) == false && recipientAllowPatterns.equals(ALLOW_ALL_DEFAULT) == false) {
+                    throw new IllegalArgumentException(
+                        "Cannot set both ["
+                            + SETTING_RECIPIENT_ALLOW_PATTERNS.getKey()
+                            + "] and ["
+                            + SETTING_DOMAIN_ALLOWLIST.getKey()
+                            + "] to a non [\"*\"] value at the same time."
+                    );
+                }
+            }
+
+            @Override
+            public Iterator<Setting<?>> settings() {
+                List<Setting<?>> settingRecipientAllowPatterns = List.of(SETTING_RECIPIENT_ALLOW_PATTERNS);
+                return settingRecipientAllowPatterns.iterator();
+            }
+        },
+        Property.Dynamic,
+        Property.NodeScope
+    );
+
+    private static final Setting<List<String>> SETTING_RECIPIENT_ALLOW_PATTERNS = Setting.stringListSetting(
+        "xpack.notification.email.recipient_allowlist",
+        ALLOW_ALL_DEFAULT,
+        new Setting.Validator<>() {
+            @Override
+            public void validate(List<String> value) {
+                // Ignored
+            }
+
+            @Override
+            @SuppressWarnings("unchecked")
+            public void validate(List<String> value, Map<Setting<?>, Object> settings) {
+                List<String> domainAllowList = (List<String>) settings.get(SETTING_DOMAIN_ALLOWLIST);
+                if (value.equals(ALLOW_ALL_DEFAULT) == false && domainAllowList.equals(ALLOW_ALL_DEFAULT) == false) {
+                    throw new IllegalArgumentException(
+                        "Connect set both ["
+                            + SETTING_RECIPIENT_ALLOW_PATTERNS.getKey()
+                            + "] and ["
+                            + SETTING_DOMAIN_ALLOWLIST.getKey()
+                            + "] to a non [\"*\"] value at the same time."
+                    );
+                }
+            }
+
+            @Override
+            public Iterator<Setting<?>> settings() {
+                List<Setting<?>> settingDomainAllowlist = List.of(SETTING_DOMAIN_ALLOWLIST);
+                return settingDomainAllowlist.iterator();
+            }
+        },
         Property.Dynamic,
         Property.NodeScope
     );
@@ -167,6 +231,7 @@ public class EmailService extends NotificationService<Account> {
     private final CryptoService cryptoService;
     private final SSLService sslService;
     private volatile Set<String> allowedDomains;
+    private volatile Set<String> allowedRecipientPatterns;
 
     @SuppressWarnings("this-escape")
     public EmailService(Settings settings, @Nullable CryptoService cryptoService, SSLService sslService, ClusterSettings clusterSettings) {
@@ -192,7 +257,9 @@ public EmailService(Settings settings, @Nullable CryptoService cryptoService, SS
         clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_SEND_PARTIAL, (s, o) -> {}, (s, o) -> {});
         clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_WAIT_ON_QUIT, (s, o) -> {}, (s, o) -> {});
         this.allowedDomains = new HashSet<>(SETTING_DOMAIN_ALLOWLIST.get(settings));
+        this.allowedRecipientPatterns = new HashSet<>(SETTING_RECIPIENT_ALLOW_PATTERNS.get(settings));
         clusterSettings.addSettingsUpdateConsumer(SETTING_DOMAIN_ALLOWLIST, this::updateAllowedDomains);
+        clusterSettings.addSettingsUpdateConsumer(SETTING_RECIPIENT_ALLOW_PATTERNS, this::updateAllowedRecipientPatterns);
         // do an initial load
         reload(settings);
     }
@@ -201,6 +268,10 @@ void updateAllowedDomains(List<String> newDomains) {
         this.allowedDomains = new HashSet<>(newDomains);
     }
 
+    void updateAllowedRecipientPatterns(List<String> newPatterns) {
+        this.allowedRecipientPatterns = new HashSet<>(newPatterns);
+    }
+
     @Override
     protected Account createAccount(String name, Settings accountSettings) {
         Account.Config config = new Account.Config(name, accountSettings, getSmtpSslSocketFactory(), logger);
@@ -304,6 +375,7 @@ private static List<Setting<?>> getDynamicSettings() {
         return Arrays.asList(
             SETTING_DEFAULT_ACCOUNT,
             SETTING_DOMAIN_ALLOWLIST,
+            SETTING_RECIPIENT_ALLOW_PATTERNS,
             SETTING_PROFILE,
             SETTING_EMAIL_DEFAULTS,
             SETTING_SMTP_AUTH,
