More fixes

n1v0lg · n1v0lg · commit a531e5f68843 · 2025-02-17T10:14:37.000+01:00
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java
@@ -76,6 +76,17 @@ public Builder(RestrictedIndices restrictedIndices) {
             this.restrictedIndices = restrictedIndices;
         }
 
+        // TODO remove me
+        public Builder addGroup(
+            IndexPrivilege privilege,
+            FieldPermissions fieldPermissions,
+            @Nullable Set<BytesReference> query,
+            boolean allowRestrictedIndices,
+            String... indices
+        ) {
+            return addGroup(privilege, fieldPermissions, query, allowRestrictedIndices, IndexComponentSelectorPrivilege.DATA, indices);
+        }
+
         public Builder addGroup(
             IndexPrivilege privilege,
             FieldPermissions fieldPermissions,
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/InternalUsers.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/InternalUsers.java
@@ -162,7 +162,8 @@ public class InternalUsers {
                         IndicesStatsAction.NAME + "*",
                         TransportUpdateSettingsAction.TYPE.name(),
                         DownsampleAction.NAME,
-                        TransportAddIndexBlockAction.TYPE.name()
+                        TransportAddIndexBlockAction.TYPE.name(),
+                        IndexPrivilege.MANAGE_FAILURE_STORE_INTERNAL.getSingleName()
                     )
                     .allowRestrictedIndices(false)
                     .build(),
@@ -181,7 +182,8 @@ public class InternalUsers {
                         IndicesStatsAction.NAME + "*",
                         TransportUpdateSettingsAction.TYPE.name(),
                         DownsampleAction.NAME,
-                        TransportAddIndexBlockAction.TYPE.name()
+                        TransportAddIndexBlockAction.TYPE.name(),
+                        IndexPrivilege.MANAGE_FAILURE_STORE_INTERNAL.getSingleName()
                     )
                     .allowRestrictedIndices(true)
                     .build() },
@@ -221,7 +223,8 @@ public class InternalUsers {
                         TransportBulkAction.NAME,
                         TransportIndexAction.NAME,
                         TransportSearchScrollAction.TYPE.name(),
-                        ModifyDataStreamsAction.NAME
+                        ModifyDataStreamsAction.NAME,
+                        IndexPrivilege.MANAGE_FAILURE_STORE_INTERNAL.getSingleName()
                     )
                     .allowRestrictedIndices(false)
                     .build() },
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java
@@ -58,26 +58,32 @@ public void testOrderingOfPrivilegeNames() throws Exception {
     }
 
     public void testFindPrivilegesThatGrant() {
-        assertThat(findPrivilegesThatGrant(TransportSearchAction.TYPE.name()), equalTo(List.of("read", "all")));
+        assertThat(findPrivilegesThatGrant(TransportSearchAction.TYPE.name()), equalTo(List.of("read", "read_failure_store", "all")));
         assertThat(findPrivilegesThatGrant(TransportIndexAction.NAME), equalTo(List.of("create_doc", "create", "index", "write", "all")));
         assertThat(findPrivilegesThatGrant(TransportUpdateAction.NAME), equalTo(List.of("index", "write", "all")));
         assertThat(findPrivilegesThatGrant(TransportDeleteAction.NAME), equalTo(List.of("delete", "write", "all")));
         assertThat(
             findPrivilegesThatGrant(IndicesStatsAction.NAME),
-            equalTo(List.of("monitor", "cross_cluster_replication", "manage", "all"))
+            equalTo(List.of("monitor", "manage", "manage_failure_store_internal", "cross_cluster_replication", "all"))
+        );
+        assertThat(
+            findPrivilegesThatGrant(RefreshAction.NAME),
+            equalTo(List.of("maintenance", "manage", "manage_failure_store_internal", "all"))
         );
-        assertThat(findPrivilegesThatGrant(RefreshAction.NAME), equalTo(List.of("maintenance", "manage", "all")));
     }
 
     public void testPrivilegesForRollupFieldCapsAction() {
         final Collection<String> privileges = findPrivilegesThatGrant(GetRollupIndexCapsAction.NAME);
-        assertThat(Set.copyOf(privileges), equalTo(Set.of("read", "view_index_metadata", "manage", "all")));
+        assertThat(
+            Set.copyOf(privileges),
+            equalTo(Set.of("manage", "all", "read_failure_store", "view_index_metadata", "read", "manage_failure_store_internal"))
+        );
     }
 
     public void testPrivilegesForGetCheckPointAction() {
         assertThat(
             findPrivilegesThatGrant(GetCheckpointAction.NAME),
-            containsInAnyOrder("monitor", "view_index_metadata", "manage", "all")
+            containsInAnyOrder("monitor", "view_index_metadata", "manage", "manage_failure_store_internal", "all")
         );
     }
 
