diff --git a/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index 52bc8b5611a..d0a7b512d34 100644 --- a/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.audit.logfile; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.base.Predicate; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; @@ -32,8 +31,6 @@ public class LoggingAuditTrail implements AuditTrail { public static final String NAME = "logfile"; - private static final Predicate SYSTEM_ACTION_MATCHER = Privilege.SYSTEM.predicate(); - private final ESLogger logger; @Override @@ -127,8 +124,8 @@ public class LoggingAuditTrail implements AuditTrail { public void accessGranted(User user, String action, TransportMessage message) { String indices = indices(message); - // special treatment for system actions - only log on trace - if (SYSTEM_ACTION_MATCHER.apply(action)) { + // special treatment for internal system actions - only log on trace + if (Privilege.SYSTEM.internalActionPredicate().apply(action)) { if (logger.isTraceEnabled()) { if (indices != null) { logger.trace("ACCESS_GRANTED\thost=[{}], principal=[{}], action=[{}], indices=[{}], request=[{}]", message.remoteAddress(), user.principal(), action, indices, message.getClass().getSimpleName()); diff --git a/src/main/java/org/elasticsearch/shield/authz/Privilege.java b/src/main/java/org/elasticsearch/shield/authz/Privilege.java index ec7047ce889..25783c0f189 100644 --- a/src/main/java/org/elasticsearch/shield/authz/Privilege.java +++ b/src/main/java/org/elasticsearch/shield/authz/Privilege.java @@ -75,6 +75,8 @@ public abstract class Privilege

> { public static class System extends Privilege { + private static final Predicate INTERNAL_PREDICATE = new AutomatonPredicate(patterns("internal:*")); + protected static final Predicate PREDICATE = new AutomatonPredicate(patterns( "internal:*", "indices:monitor/*", // added for marvel @@ -90,6 +92,10 @@ public abstract class Privilege

> { return PREDICATE; } + public Predicate internalActionPredicate() { + return INTERNAL_PREDICATE; + } + @Override public boolean implies(System other) { return true; diff --git a/src/main/java/org/elasticsearch/shield/support/Automatons.java b/src/main/java/org/elasticsearch/shield/support/Automatons.java index c42b7c3ca0b..4c7f7378187 100644 --- a/src/main/java/org/elasticsearch/shield/support/Automatons.java +++ b/src/main/java/org/elasticsearch/shield/support/Automatons.java @@ -9,6 +9,7 @@ import org.apache.lucene.util.automaton.Automata; import org.apache.lucene.util.automaton.Automaton; import org.apache.lucene.util.automaton.Operations; import org.apache.lucene.util.automaton.RegExp; +import org.elasticsearch.common.collect.ImmutableList; import java.util.ArrayList; import java.util.Collection; @@ -33,14 +34,7 @@ public final class Automatons { * Builds and returns an automaton that will represent the union of all the given patterns. */ public static Automaton patterns(String... patterns) { - if (patterns.length == 0) { - return Automata.makeEmpty(); - } - Automaton automaton = pattern(patterns[0]); - for (String pattern : patterns) { - automaton = union(automaton, pattern(pattern)); - } - return determinize(minimize(automaton)); + return patterns(ImmutableList.copyOf(patterns)); } /** diff --git a/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java b/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java index 03bfc8f4481..896aca2aa1d 100644 --- a/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java +++ b/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java @@ -278,7 +278,7 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase { } @Test - public void testAccessGranted_SystemAction() throws Exception { + public void testAccessGranted_InternalSystemAction() throws Exception { for (Level level : Level.values()) { CapturingLogger logger = new CapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(logger);