From 0353eb929184fada0967ac609e4d1f00b86e5a17 Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Tue, 13 Aug 2019 09:11:04 +0200 Subject: [PATCH] required changes after merging in upstream branch --- .../authz/privilege/ClusterPrivilegeResolver.java | 5 ++++- .../security/authz/privilege/PrivilegeTests.java | 15 +++++++-------- .../elasticsearch/xpack/enrich/EnrichPlugin.java | 10 +++++----- .../enrich/rest/RestDeleteEnrichPolicyAction.java | 4 +--- .../rest/RestExecuteEnrichPolicyAction.java | 4 +--- .../enrich/rest/RestGetEnrichPolicyAction.java | 4 +--- .../enrich/rest/RestListEnrichPolicyAction.java | 4 +--- .../enrich/rest/RestPutEnrichPolicyAction.java | 4 +--- 8 files changed, 21 insertions(+), 29 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java index ff84b3fd5a8..102bcd4afff 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java @@ -77,6 +77,7 @@ public class ClusterPrivilegeResolver { Collections.unmodifiableSet(Sets.newHashSet("cluster:admin/slm/*", StartILMAction.NAME, StopILMAction.NAME, GetStatusAction.NAME)); private static final Set READ_SLM_PATTERN = Collections.unmodifiableSet(Sets.newHashSet(GetSnapshotLifecycleAction.NAME, GetStatusAction.NAME)); + private static final Set MANAGE_ENRICH_AUTOMATON = Collections.unmodifiableSet(Sets.newHashSet("cluster:admin/xpack/enrich/*")); public static final NamedClusterPrivilege NONE = new ActionClusterPrivilege("none", Collections.emptySet(), Collections.emptySet()); public static final NamedClusterPrivilege ALL = new ActionClusterPrivilege("all", ALL_CLUSTER_PATTERN); @@ -113,6 +114,7 @@ public class ClusterPrivilegeResolver { public static final NamedClusterPrivilege READ_ILM = new ActionClusterPrivilege("read_ilm", READ_ILM_PATTERN); public static final NamedClusterPrivilege MANAGE_SLM = new ActionClusterPrivilege("manage_slm", MANAGE_SLM_PATTERN); public static final NamedClusterPrivilege READ_SLM = new ActionClusterPrivilege("read_slm", READ_SLM_PATTERN); + public static final NamedClusterPrivilege MANAGE_ENRICH = new ActionClusterPrivilege("manage_enrich", MANAGE_ENRICH_AUTOMATON); private static final Map VALUES = Collections.unmodifiableMap( Stream.of( @@ -143,7 +145,8 @@ public class ClusterPrivilegeResolver { MANAGE_ILM, READ_ILM, MANAGE_SLM, - READ_SLM).collect(Collectors.toMap(cp -> cp.name(), cp -> cp))); + READ_SLM, + MANAGE_ENRICH).collect(Collectors.toMap(cp -> cp.name(), cp -> cp))); /** * Resolves a {@link NamedClusterPrivilege} from a given name if it exists. diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java index 489e31ed1f7..4231b02bea6 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java @@ -182,14 +182,13 @@ public class PrivilegeTests extends ESTestCase { } public void testManageEnrichPrivilege() { - Predicate predicate = ClusterPrivilege.MANAGE_ENRICH.predicate(); - assertThat(predicate.test(DeleteEnrichPolicyAction.NAME), is(true)); - assertThat(predicate.test(ExecuteEnrichPolicyAction.NAME), is(true)); - assertThat(predicate.test(GetEnrichPolicyAction.NAME), is(true)); - assertThat(predicate.test(ListEnrichPolicyAction.NAME), is(true)); - assertThat(predicate.test(PutEnrichPolicyAction.NAME), is(true)); - assertThat(predicate.test("cluster:admin/xpack/enrich/brand_new_api"), is(true)); - assertThat(predicate.test("cluster:admin/xpack/whatever"), is(false)); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, DeleteEnrichPolicyAction.NAME); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, ExecuteEnrichPolicyAction.NAME); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, GetEnrichPolicyAction.NAME); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, ListEnrichPolicyAction.NAME); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, PutEnrichPolicyAction.NAME); + verifyClusterActionAllowed(ClusterPrivilegeResolver.MANAGE_ENRICH, "cluster:admin/xpack/enrich/brand_new_api"); + verifyClusterActionDenied(ClusterPrivilegeResolver.MANAGE_ENRICH, "cluster:admin/xpack/whatever"); } public void testIlmPrivileges() { diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPlugin.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPlugin.java index 80ae0f00045..06371b7a595 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPlugin.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPlugin.java @@ -132,11 +132,11 @@ public class EnrichPlugin extends Plugin implements ActionPlugin, IngestPlugin { } return Arrays.asList( - new RestGetEnrichPolicyAction(settings, restController), - new RestDeleteEnrichPolicyAction(settings, restController), - new RestListEnrichPolicyAction(settings, restController), - new RestPutEnrichPolicyAction(settings, restController), - new RestExecuteEnrichPolicyAction(settings, restController) + new RestGetEnrichPolicyAction(restController), + new RestDeleteEnrichPolicyAction(restController), + new RestListEnrichPolicyAction(restController), + new RestPutEnrichPolicyAction(restController), + new RestExecuteEnrichPolicyAction(restController) ); } diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestDeleteEnrichPolicyAction.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestDeleteEnrichPolicyAction.java index b779e01d141..01c23d91fed 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestDeleteEnrichPolicyAction.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestDeleteEnrichPolicyAction.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.enrich.rest; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; @@ -17,8 +16,7 @@ import java.io.IOException; public class RestDeleteEnrichPolicyAction extends BaseRestHandler { - public RestDeleteEnrichPolicyAction(final Settings settings, final RestController controller) { - super(settings); + public RestDeleteEnrichPolicyAction(final RestController controller) { controller.registerHandler(RestRequest.Method.DELETE, "/_enrich/policy/{name}", this); } diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestExecuteEnrichPolicyAction.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestExecuteEnrichPolicyAction.java index 5129c583f0b..05955efdc8b 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestExecuteEnrichPolicyAction.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestExecuteEnrichPolicyAction.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.enrich.rest; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; @@ -17,8 +16,7 @@ import java.io.IOException; public class RestExecuteEnrichPolicyAction extends BaseRestHandler { - public RestExecuteEnrichPolicyAction(final Settings settings, final RestController controller) { - super(settings); + public RestExecuteEnrichPolicyAction(final RestController controller) { controller.registerHandler(RestRequest.Method.PUT, "/_enrich/policy/{name}/_execute", this); controller.registerHandler(RestRequest.Method.POST, "/_enrich/policy/{name}/_execute", this); } diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestGetEnrichPolicyAction.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestGetEnrichPolicyAction.java index 4cbd7be5a88..2b757908015 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestGetEnrichPolicyAction.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestGetEnrichPolicyAction.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.enrich.rest; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; @@ -17,8 +16,7 @@ import java.io.IOException; public class RestGetEnrichPolicyAction extends BaseRestHandler { - public RestGetEnrichPolicyAction(final Settings settings, final RestController controller) { - super(settings); + public RestGetEnrichPolicyAction(final RestController controller) { controller.registerHandler(RestRequest.Method.GET, "/_enrich/policy/{name}", this); } diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestListEnrichPolicyAction.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestListEnrichPolicyAction.java index 29286cd7f7e..af022338c42 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestListEnrichPolicyAction.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestListEnrichPolicyAction.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.enrich.rest; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; @@ -17,8 +16,7 @@ import java.io.IOException; public class RestListEnrichPolicyAction extends BaseRestHandler { - public RestListEnrichPolicyAction(final Settings settings, final RestController controller) { - super(settings); + public RestListEnrichPolicyAction(final RestController controller) { controller.registerHandler(RestRequest.Method.GET, "/_enrich/policy", this); } diff --git a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestPutEnrichPolicyAction.java b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestPutEnrichPolicyAction.java index bd7d0e26427..38d36447d8e 100644 --- a/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestPutEnrichPolicyAction.java +++ b/x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/rest/RestPutEnrichPolicyAction.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.enrich.rest; import org.elasticsearch.client.node.NodeClient; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestController; @@ -18,8 +17,7 @@ import java.io.IOException; public class RestPutEnrichPolicyAction extends BaseRestHandler { - public RestPutEnrichPolicyAction(final Settings settings, final RestController controller) { - super(settings); + public RestPutEnrichPolicyAction(final RestController controller) { controller.registerHandler(RestRequest.Method.PUT, "/_enrich/policy/{name}", this); }