From 2049a45f520a6223563b2c72dd3276b945fbabde Mon Sep 17 00:00:00 2001 From: Nik Everett Date: Fri, 19 Aug 2016 11:09:31 -0400 Subject: [PATCH] Handle core chaning IndexRequest Original commit: elastic/x-pack-elasticsearch@8cd311b3e868835c8ca95352504cb8670b935904 --- .../authz/AuthorizationServiceTests.java | 25 +++++----- .../DefaultIndicesResolverTests.java | 46 +++++++++---------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java index dbd177bb2e2..a4c4d57b842 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java @@ -5,9 +5,6 @@ */ package org.elasticsearch.xpack.security.authz; -import java.util.ArrayList; -import java.util.List; - import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction; @@ -15,6 +12,7 @@ import org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest; import org.elasticsearch.action.admin.indices.alias.Alias; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest; +import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.elasticsearch.action.admin.indices.create.CreateIndexAction; import org.elasticsearch.action.admin.indices.create.CreateIndexRequest; import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest; @@ -64,20 +62,23 @@ import org.elasticsearch.xpack.security.SecurityTemplateService; import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; +import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.After; import org.junit.Before; +import java.util.ArrayList; +import java.util.List; + import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException; import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException; import static org.hamcrest.Matchers.containsInAnyOrder; @@ -520,8 +521,8 @@ public class AuthorizationServiceTests extends ESTestCase { requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id"))); requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id"))); - requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("security_alias", - SecurityTemplateService.SECURITY_INDEX_NAME))); + requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest() + .addAliasAction(AliasActions.add().alias("security_alias").index(SecurityTemplateService.SECURITY_INDEX_NAME)))); requests.add( new Tuple<>(UpdateSettingsAction.NAME, new UpdateSettingsRequest().indices(SecurityTemplateService.SECURITY_INDEX_NAME))); @@ -603,8 +604,8 @@ public class AuthorizationServiceTests extends ESTestCase { requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id"))); requests.add(new Tuple<>(TermVectorsAction.NAME, new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id"))); - requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest().addAlias("security_alias", - SecurityTemplateService.SECURITY_INDEX_NAME))); + requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest() + .addAliasAction(AliasActions.add().alias("security_alias").index(SecurityTemplateService.SECURITY_INDEX_NAME)))); requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME))); requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "foo", "bar"))); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java index d2460026e97..85687d32998 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java @@ -5,11 +5,10 @@ */ package org.elasticsearch.xpack.security.authz.indicesresolver; -import java.util.Set; - import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest; +import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions; import org.elasticsearch.action.admin.indices.alias.get.GetAliasesAction; import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest; import org.elasticsearch.action.admin.indices.delete.DeleteIndexAction; @@ -34,10 +33,6 @@ import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.security.SecurityTemplateService; -import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; -import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.AuthorizationService; @@ -45,8 +40,13 @@ import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; +import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.Before; +import java.util.Set; + import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.equalTo; @@ -266,8 +266,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveIndicesAliasesRequest() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo", "foofoo"); - request.addAlias("alias2", "foo", "foobar"); + request.addAliasAction(AliasActions.add().alias("alias1").indices("foo", "foofoo")); + request.addAliasAction(AliasActions.add().alias("alias2").indices("foo", "foobar")); Set indices = defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); //the union of all indices and aliases gets returned String[] expectedIndices = new String[]{"alias1", "alias2", "foo", "foofoo", "foobar"}; @@ -281,8 +281,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveIndicesAliasesRequestExistingAlias() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo", "foofoo"); - request.addAlias("foofoobar", "foo", "foobar"); + request.addAliasAction(AliasActions.add().alias("alias1").indices("foo", "foofoo")); + request.addAliasAction(AliasActions.add().alias("foofoobar").indices("foo", "foobar")); Set indices = defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); //the union of all indices and aliases gets returned, foofoobar is an existing alias but that doesn't make any difference String[] expectedIndices = new String[]{"alias1", "foofoobar", "foo", "foofoo", "foobar"}; @@ -296,8 +296,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveIndicesAliasesRequestMissingIndex() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo", "foofoo"); - request.addAlias("alias2", "missing"); + request.addAliasAction(AliasActions.add().alias("alias1").indices("foo", "foofoo")); + request.addAliasAction(AliasActions.add().alias("alias2").index("missing")); Set indices = defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); //the union of all indices and aliases gets returned, missing is not an existing index/alias but that doesn't make any difference String[] expectedIndices = new String[]{"alias1", "alias2", "foo", "foofoo", "missing"}; @@ -311,8 +311,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveWildcardsIndicesAliasesRequest() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo*"); - request.addAlias("alias2", "bar*"); + request.addAliasAction(AliasActions.add().alias("alias1").index("foo*")); + request.addAliasAction(AliasActions.add().alias("alias2").index("bar*")); Set indices = defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); //the union of all resolved indices and aliases gets returned, based on indices and aliases that user is authorized for String[] expectedIndices = new String[]{"alias1", "alias2", "foofoo", "foofoobar", "bar"}; @@ -327,9 +327,9 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveWildcardsIndicesAliasesRequestNoMatchingIndices() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo*"); - request.addAlias("alias2", "bar*"); - request.addAlias("alias3", "non_matching_*"); + request.addAliasAction(AliasActions.add().alias("alias1").index("foo*")); + request.addAliasAction(AliasActions.add().alias("alias2").index("bar*")); + request.addAliasAction(AliasActions.add().alias("alias3").index("non_matching_*")); //if a single operation contains wildcards and ends up being resolved to no indices, it makes the whole request fail try { defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); @@ -341,8 +341,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveAllIndicesAliasesRequest() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "_all"); - request.addAlias("alias2", "_all"); + request.addAliasAction(AliasActions.add().alias("alias1").index("_all")); + request.addAliasAction(AliasActions.add().alias("alias2").index("_all")); Set indices = defaultIndicesResolver.resolve(user, IndicesAliasesAction.NAME, request, metaData); //the union of all resolved indices and aliases gets returned String[] expectedIndices = new String[]{"bar", "foofoobar", "foofoo", "alias1", "alias2"}; @@ -358,7 +358,7 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveAllIndicesAliasesRequestNoAuthorizedIndices() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "_all"); + request.addAliasAction(AliasActions.add().alias("alias1").index("_all")); //current user is not authorized for any index, _all resolves to no indices, the request fails try { defaultIndicesResolver.resolve(userNoIndices, IndicesAliasesAction.NAME, request, metaData); @@ -370,7 +370,7 @@ public class DefaultIndicesResolverTests extends ESTestCase { public void testResolveWildcardsIndicesAliasesRequestNoAuthorizedIndices() { IndicesAliasesRequest request = new IndicesAliasesRequest(); - request.addAlias("alias1", "foo*"); + request.addAliasAction(AliasActions.add().alias("alias1").index("foo*")); //current user is not authorized for any index, foo* resolves to no indices, the request fails try { defaultIndicesResolver.resolve(userNoIndices, IndicesAliasesAction.NAME, request, metaData); @@ -826,7 +826,7 @@ public class DefaultIndicesResolverTests extends ESTestCase { assertThat(indices, hasItem(SecurityTemplateService.SECURITY_INDEX_NAME)); IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest(); - aliasesRequest.addAlias("security_alias", "*"); + aliasesRequest.addAliasAction(AliasActions.add().alias("security_alias").index("*")); indices = defaultIndicesResolver.resolve(XPackUser.INSTANCE, IndicesAliasesAction.NAME, aliasesRequest, metaData); assertThat(indices, hasItem(SecurityTemplateService.SECURITY_INDEX_NAME)); } @@ -841,7 +841,7 @@ public class DefaultIndicesResolverTests extends ESTestCase { assertThat(indices, not(hasItem(SecurityTemplateService.SECURITY_INDEX_NAME))); IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest(); - aliasesRequest.addAlias("security_alias1", "*"); + aliasesRequest.addAliasAction(AliasActions.add().alias("security_alias1").index("*")); indices = defaultIndicesResolver.resolve(allAccessUser, IndicesAliasesAction.NAME, aliasesRequest, metaData); assertThat(indices, not(hasItem(SecurityTemplateService.SECURITY_INDEX_NAME))); }