Simlify

n1v0lg · n1v0lg · commit bf3d46b60def · 2025-02-17T16:04:11.000+01:00
diff --git a/x-pack/plugin/security/qa/multi-cluster/src/javaRestTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityFcActionAuthorizationIT.java b/x-pack/plugin/security/qa/multi-cluster/src/javaRestTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityFcActionAuthorizationIT.java
@@ -483,7 +483,7 @@ public void testUpdateCrossClusterApiKey() throws Exception {
                         + "for user [foo] with assigned roles [role] authenticated by API key id ["
                         + apiKeyId
                         + "] of user [test_user] on indices [index], this action is granted by the index privileges "
-                        + "[view_index_metadata,manage,all]"
+                        + "[view_index_metadata,manage,read,all]"
                 )
             );
         }
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizedIndicesTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizedIndicesTests.java
@@ -187,8 +187,10 @@ public void testSecurityIndicesAreRestrictedForDefaultRole() {
     }
 
     public void testSecurityIndicesAreNotRemovedFromUnrestrictedRole() {
-        Role.Builder builder = Role.builder(RESTRICTED_INDICES, randomAlphaOfLength(8));
-        Role role = builder.add(FieldPermissions.DEFAULT, null, IndexPrivilege.ALL, true, "*").cluster(Set.of("all"), Set.of()).build();
+        Role role = Role.builder(RESTRICTED_INDICES, randomAlphaOfLength(8))
+            .add(FieldPermissions.DEFAULT, null, IndexPrivilege.ALL, true, "*")
+            .cluster(Set.of("all"), Set.of())
+            .build();
         Settings indexSettings = Settings.builder().put(IndexMetadata.SETTING_VERSION_CREATED, IndexVersion.current()).build();
         final String internalSecurityIndex = randomFrom(
             TestRestrictedIndices.INTERNAL_SECURITY_MAIN_INDEX_6,
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java
@@ -86,7 +86,6 @@
 import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeTests;
 import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilegeResolver;
 import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
-import org.elasticsearch.xpack.core.security.authz.privilege.IndexComponentSelectorPrivilege;
 import org.elasticsearch.xpack.core.security.authz.privilege.IndexPrivilege;
 import org.elasticsearch.xpack.core.security.authz.restriction.Workflow;
 import org.elasticsearch.xpack.core.security.authz.restriction.WorkflowResolver;
@@ -1270,7 +1269,6 @@ public void testBuildRoleWithFlsAndDlsInRemoteIndicesDefinition() {
                 false,
                 "{\"match\":{\"field\":\"a\"}}",
                 new FieldPermissionsDefinition.FieldGrantExcludeGroup(new String[] { "field" }, null),
-                IndexComponentSelectorPrivilege.DATA,
                 "index-1"
             )
         );
@@ -1306,15 +1304,13 @@ public void testBuildRoleWithFlsAndDlsInRemoteIndicesDefinition() {
                 false,
                 "{\"match\":{\"field\":\"a\"}}",
                 new FieldPermissionsDefinition.FieldGrantExcludeGroup(new String[] { "field" }, null),
-                IndexComponentSelectorPrivilege.DATA,
                 "index-1"
             ),
             indexGroup(
                 IndexPrivilege.READ,
                 false,
                 "{\"match\":{\"field\":\"b\"}}",
                 new FieldPermissionsDefinition.FieldGrantExcludeGroup(new String[] { "other" }, null),
-                IndexComponentSelectorPrivilege.DATA,
                 "index-1"
             )
         );
@@ -1542,10 +1538,7 @@ public void testBuildRoleWithReadFailureStorePrivilegeOnly() {
                 new IndicesPrivileges[] { IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
             )
         );
-        assertHasIndexGroups(
-            role.indices(),
-            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, IndexComponentSelectorPrivilege.FAILURES, indexPattern)
-        );
+        assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern));
     }
 
     public void testBuildRoleWithReadFailureStorePrivilegeDuplicatesMerged() {
@@ -1558,10 +1551,7 @@ public void testBuildRoleWithReadFailureStorePrivilegeDuplicatesMerged() {
                     IndicesPrivileges.builder().indices(indexPattern).privileges("read_failure_store").build() }
             )
         );
-        assertHasIndexGroups(
-            role.indices(),
-            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, IndexComponentSelectorPrivilege.FAILURES, indexPattern)
-        );
+        assertHasIndexGroups(role.indices(), indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern));
     }
 
     public void testBuildRoleWithReadFailureStoreAndReadPrivilegeSplit() {
@@ -1575,8 +1565,8 @@ public void testBuildRoleWithReadFailureStoreAndReadPrivilegeSplit() {
         );
         assertHasIndexGroups(
             role.indices(),
-            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, IndexComponentSelectorPrivilege.FAILURES, indexPattern),
-            indexGroup(IndexPrivilege.READ, false, IndexComponentSelectorPrivilege.DATA, indexPattern)
+            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern),
+            indexGroup(IndexPrivilege.READ, false, indexPattern)
         );
     }
 
@@ -1592,8 +1582,8 @@ public void testBuildRoleWithMultipleReadFailureStoreAndReadPrivilegeSplit() {
         );
         assertHasIndexGroups(
             role.indices(),
-            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, IndexComponentSelectorPrivilege.FAILURES, indexPattern),
-            indexGroup(IndexPrivilege.READ, false, IndexComponentSelectorPrivilege.DATA, indexPattern)
+            indexGroup(IndexPrivilege.READ_FAILURE_STORE, false, indexPattern),
+            indexGroup(IndexPrivilege.READ, false, indexPattern)
         );
     }
 
@@ -1609,12 +1599,7 @@ public void testBuildRoleWithAllPrivilegeIsNeverSplit() {
         );
         assertHasIndexGroups(
             role.indices(),
-            indexGroup(
-                IndexPrivilege.get(Set.of("read", "read_failure_store", "all")),
-                false,
-                IndexComponentSelectorPrivilege.ALL,
-                indexPattern
-            )
+            indexGroup(IndexPrivilege.get(Set.of("read", "read_failure_store", "all")), false, indexPattern)
         );
     }
 
@@ -3470,23 +3455,6 @@ private static Matcher<IndicesPermission.Group> indexGroup(
             allowRestrictedIndices,
             null,
             new FieldPermissionsDefinition.FieldGrantExcludeGroup(null, null),
-            IndexComponentSelectorPrivilege.DATA,
-            indices
-        );
-    }
-
-    private static Matcher<IndicesPermission.Group> indexGroup(
-        final IndexPrivilege privilege,
-        final boolean allowRestrictedIndices,
-        final IndexComponentSelectorPrivilege selectorPrivilege,
-        final String... indices
-    ) {
-        return indexGroup(
-            privilege,
-            allowRestrictedIndices,
-            null,
-            new FieldPermissionsDefinition.FieldGrantExcludeGroup(null, null),
-            selectorPrivilege,
             indices
         );
     }
@@ -3496,7 +3464,6 @@ private static Matcher<IndicesPermission.Group> indexGroup(
         final boolean allowRestrictedIndices,
         @Nullable final String query,
         final FieldPermissionsDefinition.FieldGrantExcludeGroup flsGroup,
-        IndexComponentSelectorPrivilege selectorPrivilege,
         final String... indices
     ) {
         return new BaseMatcher<>() {
@@ -3510,7 +3477,6 @@ public boolean matches(Object o) {
                     && equalTo(privilege).matches(group.privilege())
                     && equalTo(allowRestrictedIndices).matches(group.allowRestrictedIndices())
                     && equalTo(new FieldPermissions(new FieldPermissionsDefinition(Set.of(flsGroup)))).matches(group.getFieldPermissions())
-                    && equalTo(selectorPrivilege).matches(group.getSelectorPrivilege())
                     && arrayContaining(indices).matches(group.indices());
             }
 
@@ -3528,8 +3494,6 @@ public void describeTo(Description description) {
                         + query
                         + ", fieldGrantExcludeGroup="
                         + flsGroup
-                        + ", selectorPrivilege="
-                        + selectorPrivilege
                         + '}'
                 );
             }

Original file line number	Diff line number	Diff line change
`@@ -483,7 +483,7 @@ public void testUpdateCrossClusterApiKey() throws Exception {`
`483`	`483`	`+ "for user [foo] with assigned roles [role] authenticated by API key id ["`
`484`	`484`	`+ apiKeyId`
`485`	`485`	`+ "] of user [test_user] on indices [index], this action is granted by the index privileges "`
`486`		`- + "[view_index_metadata,manage,all]"`
	`486`	`+ + "[view_index_metadata,manage,read,all]"`
`487`	`487`	`)`
`488`	`488`	`);`
`489`	`489`	`}`