Fix compilation and tests for customAuthzEngine

ywangd · ywangd · commit f49fd610da39 · 2025-03-24T09:48:41.000+11:00
Relates: elastic#123812
diff --git a/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java b/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java
@@ -87,15 +87,15 @@ public void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo au
     }
 
     @Override
-    SubscribableListener<IndexAuthorizationResult> void authorizeIndexAction(
+    public SubscribableListener<IndexAuthorizationResult> authorizeIndexAction(
         RequestInfo requestInfo,
         AuthorizationInfo authorizationInfo,
         AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
         ProjectMetadata project
     ) {
         if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
-            ActionListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
-            indicesAsyncSupplier.getAsync(ActionListener.wrap(resolvedIndices -> {
+            SubscribableListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
+            indicesAsyncSupplier.getAsync().addListener(ActionListener.wrap(resolvedIndices -> {
                 Map<String, IndexAccessControl> indexAccessControlMap = new HashMap<>();
                 for (String name : resolvedIndices.getLocal()) {
                     indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null));
@@ -106,7 +106,7 @@ SubscribableListener<IndexAuthorizationResult> void authorizeIndexAction(
             }, listener::onFailure));
             return listener;
         } else {
-            return SubscribableListener.succcess(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
+            return SubscribableListener.newSucceeded(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
         }
     }
 
@@ -120,7 +120,7 @@ public void loadAuthorizedIndices(
         if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
             listener.onResponse(new AuthorizedIndices() {
                 public Set<String> all(IndexComponentSelector selector) {
-                    return () -> indicesLookup.keySet();
+                    return indicesLookup.keySet();
                 }
                 public boolean check(String name, IndexComponentSelector selector) {
                     return indicesLookup.containsKey(name);
@@ -129,7 +129,7 @@ public boolean check(String name, IndexComponentSelector selector) {
         } else {
             listener.onResponse(new AuthorizedIndices() {
                 public Set<String> all(IndexComponentSelector selector) {
-                    return () -> Set.of();
+                    return Set.of();
                 }
                 public boolean check(String name, IndexComponentSelector selector) {
                     return false;
diff --git a/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java b/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java
@@ -11,10 +11,8 @@
 
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.support.PlainActionFuture;
-import org.elasticsearch.cluster.metadata.IndexAbstraction;
-import org.elasticsearch.cluster.metadata.IndexAbstraction.ConcreteIndex;
+import org.elasticsearch.action.support.SubscribableListener;
 import org.elasticsearch.cluster.metadata.IndexMetadata;
-import org.elasticsearch.cluster.metadata.Metadata;
 import org.elasticsearch.cluster.metadata.ProjectMetadata;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.IndexVersion;
@@ -31,9 +29,6 @@
 import org.elasticsearch.xpack.core.security.user.User;
 
 import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.stream.Stream;
 
 import static org.hamcrest.Matchers.is;
 
@@ -52,13 +47,15 @@ public void testGetAuthorizationInfo() {
 
     public void testAuthorizeRunAs() {
         final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
+        final TransportRequest request = new TransportRequest() {
+        };
         CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
         // unauthorized
         {
-            Authentication authentication = Authentication
-                .newRealmAuthentication(new User("bar", "not_superuser"), new RealmRef("test", "test", "node"))
-                .runAs(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
+            Authentication authentication = Authentication.newRealmAuthentication(
+                new User("bar", "not_superuser"),
+                new RealmRef("test", "test", "node")
+            ).runAs(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
             RequestInfo info = new RequestInfo(authentication, request, action, null);
             PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
             engine.resolveAuthorizationInfo(info, future);
@@ -72,9 +69,10 @@ public void testAuthorizeRunAs() {
 
         // authorized
         {
-            Authentication authentication = Authentication
-                .newRealmAuthentication(new User("bar", "custom_superuser"), new RealmRef("test", "test", "node"))
-                .runAs(new User("joe", "not_superuser"), new RealmRef("test", "test", "node"));
+            Authentication authentication = Authentication.newRealmAuthentication(
+                new User("bar", "custom_superuser"),
+                new RealmRef("test", "test", "node")
+            ).runAs(new User("joe", "not_superuser"), new RealmRef("test", "test", "node"));
             RequestInfo info = new RequestInfo(authentication, request, action, null);
             PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
             engine.resolveAuthorizationInfo(info, future);
@@ -103,10 +101,12 @@ public void testAuthorizeClusterAction() {
 
         // unauthorized
         {
-            RequestInfo unauthReqInfo =
-                new RequestInfo(
-                    Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
-                    requestInfo.getRequest(), requestInfo.getAction(), null);
+            RequestInfo unauthReqInfo = new RequestInfo(
+                Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
+                requestInfo.getRequest(),
+                requestInfo.getAction(),
+                null
+            );
             PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
             engine.resolveAuthorizationInfo(unauthReqInfo, future);
             AuthorizationInfo authzInfo = future.actionGet();
@@ -120,48 +120,67 @@ public void testAuthorizeClusterAction() {
 
     public void testAuthorizeIndexAction() {
         CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
-        ProjectMetadata project = ProjectMetadata.builder(randomProjectIdOrDefault()).put(IndexMetadata.builder("index")
-                .settings(Settings.builder().put("index.version.created", IndexVersion.current()))
-                .numberOfShards(1)
-                .numberOfReplicas(0)
-                .build(),
-                    false
-                ).build();
+        ProjectMetadata project = ProjectMetadata.builder(randomProjectIdOrDefault())
+            .put(
+                IndexMetadata.builder("index")
+                    .settings(Settings.builder().put("index.version.created", IndexVersion.current()))
+                    .numberOfShards(1)
+                    .numberOfReplicas(0)
+                    .build(),
+                false
+            )
+            .build();
         // authorized
         {
-            RequestInfo requestInfo =
-                new RequestInfo(
-                    Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node")),
-                    new SearchRequest(), "indices:data/read/search", null);
+            RequestInfo requestInfo = new RequestInfo(
+                Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node")),
+                new SearchRequest(),
+                "indices:data/read/search",
+                null
+            );
             PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
             engine.resolveAuthorizationInfo(requestInfo, future);
             AuthorizationInfo authzInfo = future.actionGet();
 
-            PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
-            engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
-            IndexAuthorizationResult result = resultFuture.actionGet();
+            final SubscribableListener<IndexAuthorizationResult> resultListener = engine.authorizeIndexAction(
+                requestInfo,
+                authzInfo,
+                () -> {
+                    final var resolvedIndicesListener = new SubscribableListener<ResolvedIndices>();
+                    resolvedIndicesListener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList()));
+                    return resolvedIndicesListener;
+                },
+                project
+            );
+            IndexAuthorizationResult result = safeAwait(resultListener);
             assertThat(result.isGranted(), is(true));
             IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
             assertNotNull(indicesAccessControl.getIndexPermissions("index"));
         }
 
         // unauthorized
         {
-            RequestInfo requestInfo =
-                new RequestInfo(
-                    Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
-                    new SearchRequest(), "indices:data/read/search", null);
+            RequestInfo requestInfo = new RequestInfo(
+                Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
+                new SearchRequest(),
+                "indices:data/read/search",
+                null
+            );
             PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
             engine.resolveAuthorizationInfo(requestInfo, future);
             AuthorizationInfo authzInfo = future.actionGet();
 
-            PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
-            engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
-            IndexAuthorizationResult result = resultFuture.actionGet();
+            final SubscribableListener<IndexAuthorizationResult> resultListener = engine.authorizeIndexAction(
+                requestInfo,
+                authzInfo,
+                () -> {
+                    final var resolvedIndicesListener = new SubscribableListener<ResolvedIndices>();
+                    resolvedIndicesListener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList()));
+                    return resolvedIndicesListener;
+                },
+                project
+            );
+            IndexAuthorizationResult result = safeAwait(resultListener);
             assertThat(result.isGranted(), is(false));
             IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
             assertNull(indicesAccessControl.getIndexPermissions("index"));
@@ -170,9 +189,12 @@ public void testAuthorizeIndexAction() {
 
     private RequestInfo getRequestInfo() {
         final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
-        final Authentication authentication =
-            Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
+        final TransportRequest request = new TransportRequest() {
+        };
+        final Authentication authentication = Authentication.newRealmAuthentication(
+            new User("joe", "custom_superuser"),
+            new RealmRef("test", "test", "node")
+        );
         return new RequestInfo(authentication, request, action, null);
     }
 }
