diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java index 1c1b5c3f47a..b7534717c02 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java @@ -152,6 +152,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil destructiveOperations.failDestructive(indicesRequest.indices()); } catch(IllegalArgumentException e) { listener.onFailure(e); + return; } } diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java index fd8fd575ad5..25d36a2a82d 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java @@ -84,6 +84,7 @@ public interface ServerTransportFilter { destructiveOperations.failDestructive(indicesRequest.indices()); } catch(IllegalArgumentException e) { listener.onFailure(e); + return; } } /* diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/DestructiveOperationsTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/DestructiveOperationsTests.java index 9ef9a28117c..c0b83f9fc6e 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/DestructiveOperationsTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/DestructiveOperationsTests.java @@ -21,25 +21,34 @@ public class DestructiveOperationsTests extends SecurityIntegTestCase { } public void testDeleteIndexDestructiveOperationsRequireName() { + createIndex("index1"); Settings settings = Settings.builder().put(DestructiveOperations.REQUIRES_NAME_SETTING.getKey(), true).build(); assertAcked(client().admin().cluster().prepareUpdateSettings().setTransientSettings(settings)); { IllegalArgumentException illegalArgumentException = expectThrows(IllegalArgumentException.class, () -> client().admin().indices().prepareDelete("*").get()); assertEquals("Wildcard expressions or all indices are not allowed", illegalArgumentException.getMessage()); + String[] indices = client().admin().indices().prepareGetIndex().setIndices("index1").get().getIndices(); + assertEquals(1, indices.length); + assertEquals("index1", indices[0]); } { IllegalArgumentException illegalArgumentException = expectThrows(IllegalArgumentException.class, () -> client().admin().indices().prepareDelete("*", "-index1").get()); assertEquals("Wildcard expressions or all indices are not allowed", illegalArgumentException.getMessage()); + String[] indices = client().admin().indices().prepareGetIndex().setIndices("index1").get().getIndices(); + assertEquals(1, indices.length); + assertEquals("index1", indices[0]); } { IllegalArgumentException illegalArgumentException = expectThrows(IllegalArgumentException.class, () -> client().admin().indices().prepareDelete("_all").get()); assertEquals("Wildcard expressions or all indices are not allowed", illegalArgumentException.getMessage()); + String[] indices = client().admin().indices().prepareGetIndex().setIndices("index1").get().getIndices(); + assertEquals(1, indices.length); + assertEquals("index1", indices[0]); } - createIndex("index1"); assertAcked(client().admin().indices().prepareDelete("index1")); } diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java index 0bd80ea6f95..03ef4b07657 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java @@ -133,6 +133,7 @@ public class SecurityActionFilterTests extends ESTestCase { filter.apply(task, action, request, listener, chain); if (failDestructiveOperations) { verify(listener).onFailure(isA(IllegalArgumentException.class)); + verifyNoMoreInteractions(authzService, chain); } else { verify(authzService).authorize(authentication, action, request, Collections.emptyList(), Collections.emptyList()); verify(chain).proceed(eq(task), eq(action), eq(request), isA(ContextPreservingActionListener.class)); diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java index 6d9bf73f600..af7f629b4c3 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterTests.java @@ -106,6 +106,7 @@ public class ServerTransportFilterTests extends ESTestCase { filter.inbound(action, request, channel, listener); if (failDestructiveOperations) { verify(listener).onFailure(isA(IllegalArgumentException.class)); + verifyNoMoreInteractions(authzService); } else { verify(authzService).authorize(authentication, action, request, Collections.emptyList(), Collections.emptyList()); }