Assert

n1v0lg · n1v0lg · commit fa467f46f1fa · 2025-03-14T14:59:53.000+01:00
diff --git a/server/src/main/java/org/elasticsearch/cluster/metadata/IndexNameExpressionResolver.java b/server/src/main/java/org/elasticsearch/cluster/metadata/IndexNameExpressionResolver.java
@@ -1031,7 +1031,7 @@ public static String combineSelectorExpression(String baseExpression, @Nullable
             : (baseExpression + SelectorResolver.SELECTOR_SEPARATOR + selectorExpression);
     }
 
-    public static void assertExpressionHasDefaultOrDataSelector(String expression) {
+    public static void assertExpressionHasNullOrDataSelector(String expression) {
         if (Assertions.ENABLED) {
             var tuple = splitSelectorExpression(expression);
             assert tuple.v2() == null || IndexComponentSelector.DATA.getKey().equals(tuple.v2())
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java
@@ -319,7 +319,7 @@ public boolean checkResourcePrivileges(
             combineIndexGroups && checkForIndexPatterns.stream().anyMatch(Automatons::isLuceneRegex)
         );
         for (String forIndexPattern : checkForIndexPatterns) {
-            IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(forIndexPattern);
+            IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(forIndexPattern);
             Automaton checkIndexAutomaton = Automatons.patterns(forIndexPattern);
             if (false == allowRestrictedIndices && false == isConcreteRestrictedIndex(forIndexPattern)) {
                 checkIndexAutomaton = Automatons.minusAndMinimize(checkIndexAutomaton, restrictedIndices.getAutomaton());
diff --git a/x-pack/plugin/downsample/src/main/java/org/elasticsearch/xpack/downsample/TransportDownsampleAction.java b/x-pack/plugin/downsample/src/main/java/org/elasticsearch/xpack/downsample/TransportDownsampleAction.java
@@ -210,8 +210,8 @@ protected void masterOperation(
     ) {
         long startTime = client.threadPool().relativeTimeInMillis();
         String sourceIndexName = request.getSourceIndex();
-        IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(sourceIndexName);
-        IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(request.getTargetIndex());
+        IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(sourceIndexName);
+        IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(request.getTargetIndex());
         final IndicesAccessControl indicesAccessControl = threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY);
         if (indicesAccessControl != null) {
             final IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(sourceIndexName);
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -2211,7 +2211,7 @@ public Function<String, FieldPredicate> getFieldFilter() {
                     return FieldPredicate.ACCEPT_ALL;
                 }
                 assert indicesAccessControl.isGranted();
-                IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(index);
+                IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(index);
                 IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(index);
                 if (indexPermissions == null) {
                     return FieldPredicate.ACCEPT_ALL;
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java
@@ -438,6 +438,7 @@ static String getPutMappingIndexOrAlias(
         ProjectMetadata projectMetadata
     ) {
         final String concreteIndexName = request.getConcreteIndex().getName();
+        assert IndexNameExpressionResolver.hasSelectorSuffix(concreteIndexName) == false : "selectors are not allowed in this context";
 
         // validate that the concrete index exists, otherwise there is no remapping that we could do
         final IndexAbstraction indexAbstraction = projectMetadata.getIndicesLookup().get(concreteIndexName);
@@ -464,6 +465,7 @@ static String getPutMappingIndexOrAlias(
             if (aliasMetadata != null) {
                 Optional<String> foundAlias = aliasMetadata.stream().map(AliasMetadata::alias).filter(aliasName -> {
                     // we know this is implicit data access (as opposed to another selector) so the default selector check is correct
+                    assert IndexNameExpressionResolver.hasSelectorSuffix(aliasName) == false : "selectors are not allowed in this context";
                     if (false == isAuthorized.test(aliasName, IndexComponentSelector.DATA)) {
                         return false;
                     }
@@ -511,7 +513,7 @@ private static List<String> replaceWildcardsWithAuthorizedAliases(String[] alias
         }
 
         for (String aliasExpression : aliases) {
-            IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(aliasExpression);
+            IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(aliasExpression);
             boolean include = true;
             if (aliasExpression.charAt(0) == '-') {
                 include = false;

Original file line number	Diff line number	Diff line change
`@@ -1031,7 +1031,7 @@ public static String combineSelectorExpression(String baseExpression, @Nullable`
`1031`	`1031`	`: (baseExpression + SelectorResolver.SELECTOR_SEPARATOR + selectorExpression);`
`1032`	`1032`	`}`
`1033`	`1033`
`1034`		`- public static void assertExpressionHasDefaultOrDataSelector(String expression) {`
	`1034`	`+ public static void assertExpressionHasNullOrDataSelector(String expression) {`
`1035`	`1035`	`if (Assertions.ENABLED) {`
`1036`	`1036`	`var tuple = splitSelectorExpression(expression);`
`1037`	`1037`	`assert tuple.v2() == null \|\| IndexComponentSelector.DATA.getKey().equals(tuple.v2())`
Original file line number	Diff line number	Diff line change
`@@ -2211,7 +2211,7 @@ public Function<String, FieldPredicate> getFieldFilter() {`
`2211`	`2211`	`return FieldPredicate.ACCEPT_ALL;`
`2212`	`2212`	`}`
`2213`	`2213`	`assert indicesAccessControl.isGranted();`
`2214`		`- IndexNameExpressionResolver.assertExpressionHasDefaultOrDataSelector(index);`
	`2214`	`+ IndexNameExpressionResolver.assertExpressionHasNullOrDataSelector(index);`
`2215`	`2215`	`IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(index);`
`2216`	`2216`	`if (indexPermissions == null) {`
`2217`	`2217`	`return FieldPredicate.ACCEPT_ALL;`