Naming so hard

n1v0lg · n1v0lg · commit e7fcf9395581 · 2025-02-19T10:41:33.000+01:00
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java
@@ -302,7 +302,7 @@ public boolean checkResourcePrivileges(
                     }
                 }
                 for (String privilege : checkForPrivileges) {
-                    IndexPrivilege indexPrivilege = IndexPrivilege.getSingleSelectorOrThrow(Collections.singleton(privilege));
+                    IndexPrivilege indexPrivilege = IndexPrivilege.getWithSingleSelectorAccess(Collections.singleton(privilege));
                     if (allowedIndexPrivilegesAutomaton != null
                         && Automatons.subsetOf(indexPrivilege.getAutomaton(), allowedIndexPrivilegesAutomaton)) {
                         if (resourcePrivilegesMapBuilder != null) {
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
@@ -73,6 +73,8 @@
  *
  * Also note that the `internal:transport/proxy/` prefix is automatically added and stripped for actions that go
  * through a CCR/CCS proxy. No action should be explicitly named like that.
+ *
+ * Each named privilege is associated with an {@link IndexComponentSelector} it grants access to.
  */
 public final class IndexPrivilege extends Privilege {
     private static final Logger logger = LogManager.getLogger(IndexPrivilege.class);
@@ -276,7 +278,7 @@ private IndexPrivilege(Set<String> name, Automaton automaton, IndexComponentSele
      * Use this method if you know that the input name set corresponds to privileges covering the same selector, for instance if you have a
      * single input name, or multiple names that all grant access to one selector e.g., {@link IndexComponentSelector#DATA}.
      */
-    public static IndexPrivilege getSingleSelectorOrThrow(Set<String> names) {
+    public static IndexPrivilege getWithSingleSelectorAccess(Set<String> names) {
         final Set<IndexPrivilege> splitBySelector = getSplitBySelectorAccess(names);
         if (splitBySelector.size() != 1) {
             throw new IllegalArgumentException(
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/permission/LimitedRoleTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/permission/LimitedRoleTests.java
@@ -239,7 +239,7 @@ private static FieldPermissions randomFlsPermissions(String... grantedFields) {
     }
 
     private static IndexPrivilege randomIndexPrivilege() {
-        return IndexPrivilege.getSingleSelectorOrThrow(Set.of(randomFrom(IndexPrivilege.names())));
+        return IndexPrivilege.getWithSingleSelectorAccess(Set.of(randomFrom(IndexPrivilege.names())));
     }
 
     public void testGetRoleDescriptorsIntersectionForRemoteClusterReturnsEmpty() {
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilegeTests.java
@@ -70,35 +70,35 @@ public void testFindPrivilegesThatGrant() {
         assertThat(findPrivilegesThatGrant(RefreshAction.NAME), equalTo(List.of("maintenance", "manage", "all")));
     }
 
-    public void testGetSingleSelectorOrThrow() {
+    public void testGetWithSingleSelectorAccess() {
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("all"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("all"));
             assertThat(actual, equalTo(IndexPrivilege.ALL));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.ALL));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("read"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("read"));
             assertThat(actual, equalTo(IndexPrivilege.READ));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.DATA));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("none"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("none"));
             assertThat(actual, equalTo(IndexPrivilege.NONE));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.DATA));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of());
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of());
             assertThat(actual, equalTo(IndexPrivilege.NONE));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.DATA));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("indices:data/read/search"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("indices:data/read/search"));
             assertThat(actual.getSingleName(), equalTo("indices:data/read/search"));
             assertThat(actual.predicate.test("indices:data/read/search"), is(true));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.DATA));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("all", "read", "indices:data/read/search"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("all", "read", "indices:data/read/search"));
             assertThat(actual.name, equalTo(Set.of("all", "read", "indices:data/read/search")));
             assertThat(Automatons.subsetOf(IndexPrivilege.ALL.automaton, actual.automaton), is(true));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.ALL));
@@ -108,36 +108,42 @@ public void testGetSingleSelectorOrThrow() {
     public void testGetSingleSelectorWithFailuresSelectorOrThrow() {
         assumeTrue("This test requires the failure store to be enabled", DataStream.isFailureStoreFeatureFlagEnabled());
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("read_failure_store"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("read_failure_store"));
             assertThat(actual, equalTo(IndexPrivilege.READ_FAILURE_STORE));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.FAILURES));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("all", "read_failure_store"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("all", "read_failure_store"));
             assertThat(actual.name(), equalTo(Set.of("all", "read_failure_store")));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.ALL));
             assertThat(Automatons.subsetOf(IndexPrivilege.ALL.automaton, actual.automaton), is(true));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(
                 Set.of("all", "indices:data/read/search", "read_failure_store")
             );
             assertThat(actual.name(), equalTo(Set.of("all", "indices:data/read/search", "read_failure_store")));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.ALL));
             assertThat(Automatons.subsetOf(IndexPrivilege.ALL.automaton, actual.automaton), is(true));
         }
         {
-            IndexPrivilege actual = IndexPrivilege.getSingleSelectorOrThrow(Set.of("all", "read", "read_failure_store"));
+            IndexPrivilege actual = IndexPrivilege.getWithSingleSelectorAccess(Set.of("all", "read", "read_failure_store"));
             assertThat(actual.name(), equalTo(Set.of("all", "read", "read_failure_store")));
             assertThat(actual.getSelectorPredicate(), equalTo(IndexComponentSelectorPredicate.ALL));
             assertThat(Automatons.subsetOf(IndexPrivilege.ALL.automaton, actual.automaton), is(true));
         }
-        expectThrows(IllegalArgumentException.class, () -> IndexPrivilege.getSingleSelectorOrThrow(Set.of("read", "read_failure_store")));
         expectThrows(
             IllegalArgumentException.class,
-            () -> IndexPrivilege.getSingleSelectorOrThrow(Set.of("indices:data/read/search", "read_failure_store"))
+            () -> IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "read_failure_store"))
+        );
+        expectThrows(
+            IllegalArgumentException.class,
+            () -> IndexPrivilege.getWithSingleSelectorAccess(Set.of("indices:data/read/search", "read_failure_store"))
+        );
+        expectThrows(
+            IllegalArgumentException.class,
+            () -> IndexPrivilege.getWithSingleSelectorAccess(Set.of("none", "read_failure_store"))
         );
-        expectThrows(IllegalArgumentException.class, () -> IndexPrivilege.getSingleSelectorOrThrow(Set.of("none", "read_failure_store")));
     }
 
     public void testPrivilegesForRollupFieldCapsAction() {
@@ -155,39 +161,39 @@ public void testPrivilegesForGetCheckPointAction() {
     public void testRelationshipBetweenPrivileges() {
         assertThat(
             Automatons.subsetOf(
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("view_index_metadata")).automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("manage")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("view_index_metadata")).automaton,
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("manage")).automaton
             ),
             is(true)
         );
 
         assertThat(
             Automatons.subsetOf(
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("monitor")).automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("manage")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("monitor")).automaton,
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("manage")).automaton
             ),
             is(true)
         );
 
         assertThat(
             Automatons.subsetOf(
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("create", "create_doc", "index", "delete")).automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("write")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("create", "create_doc", "index", "delete")).automaton,
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("write")).automaton
             ),
             is(true)
         );
 
         assertThat(
             Automatons.subsetOf(
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("create_index", "delete_index")).automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("manage")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("create_index", "delete_index")).automaton,
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("manage")).automaton
             ),
             is(true)
         );
     }
 
     public void testCrossClusterReplicationPrivileges() {
-        final IndexPrivilege crossClusterReplication = IndexPrivilege.getSingleSelectorOrThrow(Set.of("cross_cluster_replication"));
+        final IndexPrivilege crossClusterReplication = IndexPrivilege.getWithSingleSelectorAccess(Set.of("cross_cluster_replication"));
         List.of(
             "indices:data/read/xpack/ccr/shard_changes",
             "indices:monitor/stats",
@@ -198,12 +204,12 @@ public void testCrossClusterReplicationPrivileges() {
         assertThat(
             Automatons.subsetOf(
                 crossClusterReplication.automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("manage", "read", "monitor")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("manage", "read", "monitor")).automaton
             ),
             is(true)
         );
 
-        final IndexPrivilege crossClusterReplicationInternal = IndexPrivilege.getSingleSelectorOrThrow(
+        final IndexPrivilege crossClusterReplicationInternal = IndexPrivilege.getWithSingleSelectorAccess(
             Set.of("cross_cluster_replication_internal")
         );
         List.of(
@@ -220,14 +226,14 @@ public void testCrossClusterReplicationPrivileges() {
         assertThat(
             Automatons.subsetOf(
                 crossClusterReplicationInternal.automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("manage")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("manage")).automaton
             ),
             is(false)
         );
         assertThat(
             Automatons.subsetOf(
                 crossClusterReplicationInternal.automaton,
-                IndexPrivilege.getSingleSelectorOrThrow(Set.of("all")).automaton
+                IndexPrivilege.getWithSingleSelectorAccess(Set.of("all")).automaton
             ),
             is(true)
         );
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java
@@ -205,7 +205,7 @@ public void testClusterAction() throws Exception {
 
     public void testIndexAction() throws Exception {
         Set<String> actionName = Sets.newHashSet("indices:admin/mapping/delete");
-        IndexPrivilege index = IndexPrivilege.getSingleSelectorOrThrow(actionName);
+        IndexPrivilege index = IndexPrivilege.getWithSingleSelectorAccess(actionName);
         assertThat(index, notNullValue());
         assertThat(index.predicate().test("indices:admin/mapping/delete"), is(true));
         assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false));
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/support/AutomatonPatternsTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/support/AutomatonPatternsTests.java
@@ -37,7 +37,7 @@ public void testRemoteClusterPrivsDoNotOverlap() {
 
         // check that the action patterns for remote CCS are not allowed by remote CCR privileges
         Arrays.stream(CCS_INDICES_PRIVILEGE_NAMES).forEach(ccsPrivilege -> {
-            Automaton ccsAutomaton = IndexPrivilege.getSingleSelectorOrThrow(Set.of(ccsPrivilege)).getAutomaton();
+            Automaton ccsAutomaton = IndexPrivilege.getWithSingleSelectorAccess(Set.of(ccsPrivilege)).getAutomaton();
             Automatons.getPatterns(ccsAutomaton).forEach(ccsPattern -> {
                 // emulate an action name that could be allowed by a CCS privilege
                 String actionName = ccsPattern.replaceAll("\\*", randomAlphaOfLengthBetween(1, 8));
@@ -49,14 +49,17 @@ public void testRemoteClusterPrivsDoNotOverlap() {
                         ccrPrivileges,
                         ccsPattern
                     );
-                    assertFalse(errorMessage, IndexPrivilege.getSingleSelectorOrThrow(Set.of(ccrPrivileges)).predicate().test(actionName));
+                    assertFalse(
+                        errorMessage,
+                        IndexPrivilege.getWithSingleSelectorAccess(Set.of(ccrPrivileges)).predicate().test(actionName)
+                    );
                 });
             });
         });
 
         // check that the action patterns for remote CCR are not allowed by remote CCS privileges
         Arrays.stream(CCR_INDICES_PRIVILEGE_NAMES).forEach(ccrPrivilege -> {
-            Automaton ccrAutomaton = IndexPrivilege.getSingleSelectorOrThrow(Set.of(ccrPrivilege)).getAutomaton();
+            Automaton ccrAutomaton = IndexPrivilege.getWithSingleSelectorAccess(Set.of(ccrPrivilege)).getAutomaton();
             Automatons.getPatterns(ccrAutomaton).forEach(ccrPattern -> {
                 // emulate an action name that could be allowed by a CCR privilege
                 String actionName = ccrPattern.replaceAll("\\*", randomAlphaOfLengthBetween(1, 8));
@@ -74,7 +77,7 @@ public void testRemoteClusterPrivsDoNotOverlap() {
                         );
                         assertFalse(
                             errorMessage,
-                            IndexPrivilege.getSingleSelectorOrThrow(Set.of(ccsPrivileges)).predicate().test(actionName)
+                            IndexPrivilege.getWithSingleSelectorAccess(Set.of(ccsPrivileges)).predicate().test(actionName)
                         );
                     }
                 });
diff --git a/x-pack/plugin/security/qa/consistency-checks/src/test/java/org/elasticsearch/xpack/security/CrossClusterShardTests.java b/x-pack/plugin/security/qa/consistency-checks/src/test/java/org/elasticsearch/xpack/security/CrossClusterShardTests.java
@@ -112,7 +112,7 @@ public void testCheckForNewShardLevelTransportActions() throws Exception {
 
         List<String> shardActions = transportActionBindings.stream()
             .map(binding -> binding.getProvider().get())
-            .filter(action -> IndexPrivilege.getSingleSelectorOrThrow(crossClusterPrivilegeNames).predicate().test(action.actionName))
+            .filter(action -> IndexPrivilege.getWithSingleSelectorAccess(crossClusterPrivilegeNames).predicate().test(action.actionName))
             .filter(this::actionIsLikelyShardAction)
             .map(action -> action.actionName)
             .toList();
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/DeprecationRoleDescriptorConsumer.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/DeprecationRoleDescriptorConsumer.java
@@ -183,7 +183,7 @@ private void logDeprecatedPermission(RoleDescriptor roleDescriptor) {
         for (Map.Entry<String, Set<String>> privilegesByAlias : privilegesByAliasMap.entrySet()) {
             final String aliasName = privilegesByAlias.getKey();
             final Set<String> aliasPrivilegeNames = privilegesByAlias.getValue();
-            final Automaton aliasPrivilegeAutomaton = IndexPrivilege.getSingleSelectorOrThrow(aliasPrivilegeNames).getAutomaton();
+            final Automaton aliasPrivilegeAutomaton = IndexPrivilege.getWithSingleSelectorAccess(aliasPrivilegeNames).getAutomaton();
             final SortedSet<String> inferiorIndexNames = new TreeSet<>();
             // check if the alias grants superiors privileges than the indices it points to
             for (Index index : aliasOrIndexMap.get(aliasName).getIndices()) {
@@ -193,7 +193,7 @@ private void logDeprecatedPermission(RoleDescriptor roleDescriptor) {
                     // compute automaton once per index no matter how many times it is pointed to
                     final Automaton indexPrivilegeAutomaton = indexAutomatonMap.computeIfAbsent(
                         index.getName(),
-                        i -> IndexPrivilege.getSingleSelectorOrThrow(indexPrivileges).getAutomaton()
+                        i -> IndexPrivilege.getWithSingleSelectorAccess(indexPrivileges).getAutomaton()
                     );
                     if (false == Automatons.subsetOf(indexPrivilegeAutomaton, aliasPrivilegeAutomaton)) {
                         inferiorIndexNames.add(index.getName());
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java
@@ -1290,7 +1290,7 @@ public void testBuildUserPrivilegeResponse() {
             {"term":{"public":true}}""");
         final Role role = Role.builder(RESTRICTED_INDICES, "test", "role")
             .cluster(Sets.newHashSet("monitor", "manage_watcher"), Collections.singleton(manageApplicationPrivileges))
-            .add(IndexPrivilege.getSingleSelectorOrThrow(Sets.newHashSet("read", "write")), "index-1")
+            .add(IndexPrivilege.getWithSingleSelectorAccess(Sets.newHashSet("read", "write")), "index-1")
             .add(IndexPrivilege.ALL, "index-2", "index-3")
             .add(
                 new FieldPermissions(new FieldPermissionsDefinition(new String[] { "public.*" }, new String[0])),
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java
@@ -1494,8 +1494,8 @@ public void testBuildRoleWithMultipleRemoteMergedAcrossPrivilegesAndDescriptors(
         assertHasRemoteIndexGroupsForClusters(
             role.remoteIndices(),
             Set.of("remote-1"),
-            indexGroup(IndexPrivilege.getSingleSelectorOrThrow(Set.of("read")), false, "index-1"),
-            indexGroup(IndexPrivilege.getSingleSelectorOrThrow(Set.of("none")), false, "index-1")
+            indexGroup(IndexPrivilege.getWithSingleSelectorAccess(Set.of("read")), false, "index-1"),
+            indexGroup(IndexPrivilege.getWithSingleSelectorAccess(Set.of("none")), false, "index-1")
         );
     }
 
@@ -1606,7 +1606,7 @@ public void testBuildRoleWithAllPrivilegeIsNeverSplit() {
         );
         assertHasIndexGroups(
             role.indices(),
-            indexGroup(IndexPrivilege.getSingleSelectorOrThrow(Set.of("read", "read_failure_store", "all")), false, indexPattern)
+            indexGroup(IndexPrivilege.getWithSingleSelectorAccess(Set.of("read", "read_failure_store", "all")), false, indexPattern)
         );
     }
 
@@ -1633,7 +1633,7 @@ public void testBuildRoleNeverSplitsWithoutFailureStoreRelatedPrivileges() {
 
         final Role role = buildRole(roleDescriptorWithIndicesPrivileges("r1", indicesPrivileges));
         final IndicesPermission actual = role.indices();
-        assertHasIndexGroups(actual, indexGroup(IndexPrivilege.getSingleSelectorOrThrow(usedPrivileges), false, indexPattern));
+        assertHasIndexGroups(actual, indexGroup(IndexPrivilege.getWithSingleSelectorAccess(usedPrivileges), false, indexPattern));
     }
 
     public void testCustomRolesProviderFailures() throws Exception {

Original file line number	Diff line number	Diff line change
`@@ -302,7 +302,7 @@ public boolean checkResourcePrivileges(`
`302`	`302`	`}`
`303`	`303`	`}`
`304`	`304`	`for (String privilege : checkForPrivileges) {`
`305`		`- IndexPrivilege indexPrivilege = IndexPrivilege.getSingleSelectorOrThrow(Collections.singleton(privilege));`
	`305`	`+ IndexPrivilege indexPrivilege = IndexPrivilege.getWithSingleSelectorAccess(Collections.singleton(privilege));`
`306`	`306`	`if (allowedIndexPrivilegesAutomaton != null`
`307`	`307`	`&& Automatons.subsetOf(indexPrivilege.getAutomaton(), allowedIndexPrivilegesAutomaton)) {`
`308`	`308`	`if (resourcePrivilegesMapBuilder != null) {`
Original file line number	Diff line number	Diff line change
`@@ -239,7 +239,7 @@ private static FieldPermissions randomFlsPermissions(String... grantedFields) {`
`239`	`239`	`}`
`240`	`240`
`241`	`241`	`private static IndexPrivilege randomIndexPrivilege() {`
`242`		`- return IndexPrivilege.getSingleSelectorOrThrow(Set.of(randomFrom(IndexPrivilege.names())));`
	`242`	`+ return IndexPrivilege.getWithSingleSelectorAccess(Set.of(randomFrom(IndexPrivilege.names())));`
`243`	`243`	`}`
`244`	`244`
`245`	`245`	`public void testGetRoleDescriptorsIntersectionForRemoteClusterReturnsEmpty() {`