diff --git a/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java b/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java index a59db7a8ea565..6e3ff53f19a27 100644 --- a/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java +++ b/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java @@ -41,6 +41,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.function.Supplier; import java.util.stream.Collectors; /** @@ -87,26 +88,28 @@ public void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo au } @Override - SubscribableListener void authorizeIndexAction( + public SubscribableListener authorizeIndexAction( RequestInfo requestInfo, AuthorizationInfo authorizationInfo, AsyncSupplier indicesAsyncSupplier, ProjectMetadata project ) { if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) { - ActionListener listener = new SubscribableListener<>(); - indicesAsyncSupplier.getAsync(ActionListener.wrap(resolvedIndices -> { - Map indexAccessControlMap = new HashMap<>(); - for (String name : resolvedIndices.getLocal()) { - indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null)); - } - IndicesAccessControl indicesAccessControl = - new IndicesAccessControl(true, Collections.unmodifiableMap(indexAccessControlMap)); - listener.onResponse(new IndexAuthorizationResult(indicesAccessControl)); - }, listener::onFailure)); + SubscribableListener listener = new SubscribableListener<>(); + indicesAsyncSupplier.getAsync().addListener(listener.delegateFailureAndWrap( + (delegateListener, resolvedIndices) -> { + Map indexAccessControlMap = new HashMap<>(); + for (String name : resolvedIndices.getLocal()) { + indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null)); + } + IndicesAccessControl indicesAccessControl = + new IndicesAccessControl(true, Collections.unmodifiableMap(indexAccessControlMap)); + listener.onResponse(new IndexAuthorizationResult(indicesAccessControl)); + }) + ); return listener; } else { - return SubscribableListener.succcess(new IndexAuthorizationResult(IndicesAccessControl.DENIED)); + return SubscribableListener.newSucceeded(new IndexAuthorizationResult(IndicesAccessControl.DENIED)); } } @@ -119,19 +122,21 @@ public void loadAuthorizedIndices( ) { if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) { listener.onResponse(new AuthorizedIndices() { - public Set all(IndexComponentSelector selector) { - return () -> indicesLookup.keySet(); + public Supplier> all() { + return indicesLookup::keySet; } - public boolean check(String name, IndexComponentSelector selector) { + + public boolean check(String name) { return indicesLookup.containsKey(name); } }); } else { listener.onResponse(new AuthorizedIndices() { - public Set all(IndexComponentSelector selector) { + public Supplier> all() { return () -> Set.of(); } - public boolean check(String name, IndexComponentSelector selector) { + + public boolean check(String name) { return false; } }); @@ -259,6 +264,6 @@ private boolean isSuperuser(User user) { private boolean isSuperuser(AuthorizationInfo authorizationInfo) { assert authorizationInfo instanceof CustomAuthorizationInfo; - return Arrays.asList(((CustomAuthorizationInfo)authorizationInfo).asMap().get("roles")).contains("custom_superuser"); + return Arrays.asList(((CustomAuthorizationInfo) authorizationInfo).asMap().get("roles")).contains("custom_superuser"); } } diff --git a/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java b/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java index 81de1168c7e6b..4ffb0ee1d2ed8 100644 --- a/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java +++ b/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java @@ -11,6 +11,7 @@ import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.support.PlainActionFuture; +import org.elasticsearch.action.support.SubscribableListener; import org.elasticsearch.cluster.metadata.IndexAbstraction; import org.elasticsearch.cluster.metadata.IndexAbstraction.ConcreteIndex; import org.elasticsearch.cluster.metadata.IndexMetadata; @@ -52,7 +53,8 @@ public void testGetAuthorizationInfo() { public void testAuthorizeRunAs() { final String action = "cluster:monitor/foo"; - final TransportRequest request = new TransportRequest() {}; + final TransportRequest request = new TransportRequest() { + }; CustomAuthorizationEngine engine = new CustomAuthorizationEngine(); // unauthorized { @@ -125,8 +127,8 @@ public void testAuthorizeIndexAction() { .numberOfShards(1) .numberOfReplicas(0) .build(), - false - ).build(); + false + ).build(); // authorized { RequestInfo requestInfo = @@ -138,9 +140,10 @@ public void testAuthorizeIndexAction() { AuthorizationInfo authzInfo = future.actionGet(); PlainActionFuture resultFuture = new PlainActionFuture<>(); - engine.authorizeIndexAction(requestInfo, authzInfo, - listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())), - project, resultFuture); + SubscribableListener l = engine.authorizeIndexAction(requestInfo, authzInfo, + () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())), + project); + l.addListener(resultFuture); IndexAuthorizationResult result = resultFuture.actionGet(); assertThat(result.isGranted(), is(true)); IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl(); @@ -159,8 +162,8 @@ public void testAuthorizeIndexAction() { PlainActionFuture resultFuture = new PlainActionFuture<>(); engine.authorizeIndexAction(requestInfo, authzInfo, - listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())), - project, resultFuture); + () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())), + project).addListener(resultFuture); IndexAuthorizationResult result = resultFuture.actionGet(); assertThat(result.isGranted(), is(false)); IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl(); @@ -170,7 +173,8 @@ public void testAuthorizeIndexAction() { private RequestInfo getRequestInfo() { final String action = "cluster:monitor/foo"; - final TransportRequest request = new TransportRequest() {}; + final TransportRequest request = new TransportRequest() { + }; final Authentication authentication = Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node")); return new RequestInfo(authentication, request, action, null);