work in progress

x-pack/plugin/core/src/main/java/module-info.java

@@ -22,6 +22,7 @@
     requires unboundid.ldapsdk;
     requires org.elasticsearch.tdigest;
     requires org.elasticsearch.xcore.templates;
+    requires org.elasticsearch.logging;
 
     exports org.elasticsearch.index.engine.frozen;
     exports org.elasticsearch.license;

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java

@@ -8,13 +8,18 @@
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.action.support.IndexComponentSelector;
+import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
+import org.elasticsearch.core.Tuple;
 import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.IndicesPrivileges;
 
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * A request for checking a user's privileges
@@ -84,7 +89,50 @@ public ApplicationResourcePrivileges[] applicationPrivileges() {
     }
 
     public void indexPrivileges(IndicesPrivileges... privileges) {
-        this.indexPrivileges = privileges;
+        IndicesPrivileges[] newPrivileges = new IndicesPrivileges[privileges.length];
+        for (int i = 0; i < privileges.length; i++) {
+            IndicesPrivileges currentPriv = privileges[i];
+            IndicesPrivileges.Builder builder = IndicesPrivileges.builder(privileges[i]);
+            builder.indices((String[]) null);
+            List<String> updatedIndexPatterns = new ArrayList<>();
+            for (String indexPatternRequested : currentPriv.getIndices()) {
+                Tuple<String, String> split = IndexNameExpressionResolver.splitSelectorExpression(indexPatternRequested);
+                String indexNameNoSelector = split.v1();
+                String selectorAsString = split.v2();
+                if (selectorAsString == null) {
+                    assert indexPatternRequested.equals(indexNameNoSelector);
+                    updatedIndexPatterns.add(indexNameNoSelector); // add as-is, no selector
+                } else {
+                    IndexComponentSelector selector = IndexComponentSelector.getByKey(selectorAsString);
+                    switch (selector) {
+                        case DATA:
+                            updatedIndexPatterns.add(indexNameNoSelector); // strip the selector
+                            break;
+                        case FAILURES:
+                            updatedIndexPatterns.add(indexPatternRequested); // add as-is, keep selector in name
+                            break;
+                        case ALL_APPLICABLE:
+                            updatedIndexPatterns.add(indexNameNoSelector); // add with no selector for data
+                            updatedIndexPatterns.add(
+                                IndexNameExpressionResolver.combineSelector(indexNameNoSelector, IndexComponentSelector.FAILURES)
+                            ); // add with failure selector
+                            break;
+                        default:
+                            throw new IllegalArgumentException(
+                                "Unknown index component selector ["
+                                    + selectorAsString
+                                    + "], available options are: "
+                                    + IndexComponentSelector.values()
+                            );
+
+                    }
+                }
+                builder.indices(updatedIndexPatterns);
+                newPrivileges[i] = builder.build();
+            }
+        }
+
+        this.indexPrivileges = newPrivileges;
     }
 
     public void clusterPrivileges(String... privileges) {

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java

@@ -1371,6 +1371,10 @@ public static Builder builder() {
             return new Builder();
         }
 
+        public static Builder builder(IndicesPrivileges copyFrom) {
+            return new Builder(copyFrom);
+        }
+
         public String[] getIndices() {
             return this.indices;
         }
@@ -1553,6 +1557,15 @@ public static class Builder {
 
             private Builder() {}
 
+            private Builder(IndicesPrivileges copyFrom) {
+                indicesPrivileges.indices = copyFrom.indices;
+                indicesPrivileges.privileges = copyFrom.privileges;
+                indicesPrivileges.grantedFields = copyFrom.grantedFields;
+                indicesPrivileges.deniedFields = copyFrom.deniedFields;
+                indicesPrivileges.query = copyFrom.query;
+                indicesPrivileges.allowRestrictedIndices = copyFrom.allowRestrictedIndices;
+            }
+
             public Builder indices(String... indices) {
                 indicesPrivileges.indices = indices;
                 return this;