Fix CustomAuthorizationEngine

Author: n1v0lg

plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java

@@ -41,6 +41,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 /**
@@ -87,26 +88,28 @@ public void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo au
     }
 
     @Override
-    SubscribableListener<IndexAuthorizationResult> void authorizeIndexAction(
+    public SubscribableListener<IndexAuthorizationResult> authorizeIndexAction(
         RequestInfo requestInfo,
         AuthorizationInfo authorizationInfo,
         AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
         ProjectMetadata project
     ) {
         if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
-            ActionListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
-            indicesAsyncSupplier.getAsync(ActionListener.wrap(resolvedIndices -> {
-                Map<String, IndexAccessControl> indexAccessControlMap = new HashMap<>();
-                for (String name : resolvedIndices.getLocal()) {
-                    indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null));
-                }
-                IndicesAccessControl indicesAccessControl =
-                    new IndicesAccessControl(true, Collections.unmodifiableMap(indexAccessControlMap));
-                listener.onResponse(new IndexAuthorizationResult(indicesAccessControl));
-            }, listener::onFailure));
+            SubscribableListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
+            indicesAsyncSupplier.getAsync().addListener(listener.delegateFailureAndWrap(
+                (delegateListener, resolvedIndices) -> {
+                    Map<String, IndexAccessControl> indexAccessControlMap = new HashMap<>();
+                    for (String name : resolvedIndices.getLocal()) {
+                        indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null));
+                    }
+                    IndicesAccessControl indicesAccessControl =
+                        new IndicesAccessControl(true, Collections.unmodifiableMap(indexAccessControlMap));
+                    listener.onResponse(new IndexAuthorizationResult(indicesAccessControl));
+                })
+            );
             return listener;
         } else {
-            return SubscribableListener.succcess(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
+            return SubscribableListener.newSucceeded(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
         }
     }
 
@@ -119,19 +122,21 @@ public void loadAuthorizedIndices(
     ) {
         if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
             listener.onResponse(new AuthorizedIndices() {
-                public Set<String> all(IndexComponentSelector selector) {
-                    return () -> indicesLookup.keySet();
+                public Supplier<Set<String>> all() {
+                    return indicesLookup::keySet;
                 }
-                public boolean check(String name, IndexComponentSelector selector) {
+
+                public boolean check(String name) {
                     return indicesLookup.containsKey(name);
                 }
             });
         } else {
             listener.onResponse(new AuthorizedIndices() {
-                public Set<String> all(IndexComponentSelector selector) {
+                public Supplier<Set<String>> all() {
                     return () -> Set.of();
                 }
-                public boolean check(String name, IndexComponentSelector selector) {
+
+                public boolean check(String name) {
                     return false;
                 }
             });
@@ -259,6 +264,6 @@ private boolean isSuperuser(User user) {
 
     private boolean isSuperuser(AuthorizationInfo authorizationInfo) {
         assert authorizationInfo instanceof CustomAuthorizationInfo;
-        return Arrays.asList(((CustomAuthorizationInfo)authorizationInfo).asMap().get("roles")).contains("custom_superuser");
+        return Arrays.asList(((CustomAuthorizationInfo) authorizationInfo).asMap().get("roles")).contains("custom_superuser");
     }
 }

plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java

@@ -11,6 +11,7 @@
 
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.support.PlainActionFuture;
+import org.elasticsearch.action.support.SubscribableListener;
 import org.elasticsearch.cluster.metadata.IndexAbstraction;
 import org.elasticsearch.cluster.metadata.IndexAbstraction.ConcreteIndex;
 import org.elasticsearch.cluster.metadata.IndexMetadata;
@@ -52,7 +53,8 @@ public void testGetAuthorizationInfo() {
 
     public void testAuthorizeRunAs() {
         final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
+        final TransportRequest request = new TransportRequest() {
+        };
         CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
         // unauthorized
         {
@@ -125,8 +127,8 @@ public void testAuthorizeIndexAction() {
                 .numberOfShards(1)
                 .numberOfReplicas(0)
                 .build(),
-                    false
-                ).build();
+            false
+        ).build();
         // authorized
         {
             RequestInfo requestInfo =
@@ -138,9 +140,10 @@ public void testAuthorizeIndexAction() {
             AuthorizationInfo authzInfo = future.actionGet();
 
             PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
-            engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
+            SubscribableListener<IndexAuthorizationResult> l = engine.authorizeIndexAction(requestInfo, authzInfo,
+                () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
+                project);
+            l.addListener(resultFuture);
             IndexAuthorizationResult result = resultFuture.actionGet();
             assertThat(result.isGranted(), is(true));
             IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
@@ -159,8 +162,8 @@ public void testAuthorizeIndexAction() {
 
             PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
             engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
+                () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
+                project).addListener(resultFuture);
             IndexAuthorizationResult result = resultFuture.actionGet();
             assertThat(result.isGranted(), is(false));
             IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
@@ -170,7 +173,8 @@ public void testAuthorizeIndexAction() {
 
     private RequestInfo getRequestInfo() {
         final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
+        final TransportRequest request = new TransportRequest() {
+        };
         final Authentication authentication =
             Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
         return new RequestInfo(authentication, request, action, null);