Changes to support removal of Field stats API (elastic/x-pack-elasticsearch#1953)
* Changes to support removal of Field stats API * iter Original commit: elastic/x-pack-elasticsearch@bac97b8701
This commit is contained in:
Colin Goodheart-Smithe
GitHub
parent
32bc0cd5d5
commit
6abe6e5b54
|
|
@ -10,7 +10,6 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
|
||||
import org.elasticsearch.xpack.security.action.interceptor.BulkShardRequestInterceptor;
|
||||
import org.elasticsearch.xpack.security.action.interceptor.FieldStatsRequestInterceptor;
|
||||
import org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor;
|
||||
import org.elasticsearch.xpack.security.action.interceptor.SearchRequestInterceptor;
|
||||
import org.elasticsearch.xpack.security.action.interceptor.UpdateRequestInterceptor;
|
||||
|
|
@ -33,7 +32,6 @@ public class SecurityActionModule extends AbstractSecurityModule.Node {
|
|||
multibinder.addBinding().to(SearchRequestInterceptor.class);
|
||||
multibinder.addBinding().to(UpdateRequestInterceptor.class);
|
||||
multibinder.addBinding().to(BulkShardRequestInterceptor.class);
|
||||
multibinder.addBinding().to(FieldStatsRequestInterceptor.class);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.security.action.interceptor;
|
||||
|
||||
import org.elasticsearch.action.fieldstats.FieldStatsRequest;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
||||
/**
|
||||
* Intercepts requests to shards to field level stats and strips fields that the user is not allowed to access from the response.
|
||||
*/
|
||||
public class FieldStatsRequestInterceptor extends FieldAndDocumentLevelSecurityRequestInterceptor<FieldStatsRequest> {
|
||||
@Inject
|
||||
public FieldStatsRequestInterceptor(Settings settings, ThreadPool threadPool, XPackLicenseState licenseState) {
|
||||
super(settings, threadPool.getThreadContext(), licenseState);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(TransportRequest request) {
|
||||
return request instanceof FieldStatsRequest;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void disableFeatures(FieldStatsRequest request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) {
|
||||
if (fieldLevelSecurityEnabled) {
|
||||
request.setUseCache(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ import org.elasticsearch.ElasticsearchSecurityException;
|
|||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.action.bulk.BulkItemResponse;
|
||||
import org.elasticsearch.action.bulk.BulkResponse;
|
||||
import org.elasticsearch.action.fieldstats.FieldStatsResponse;
|
||||
import org.elasticsearch.action.get.GetResponse;
|
||||
import org.elasticsearch.action.get.MultiGetResponse;
|
||||
import org.elasticsearch.action.search.MultiSearchResponse;
|
||||
|
|
@ -23,13 +22,13 @@ import org.elasticsearch.client.Requests;
|
|||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.common.xcontent.XContentType;
|
||||
import org.elasticsearch.index.IndexModule;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.indices.IndicesRequestCache;
|
||||
import org.elasticsearch.join.ParentJoinPlugin;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.search.aggregations.AggregationBuilders;
|
||||
|
|
@ -54,7 +53,6 @@ import static org.elasticsearch.index.query.QueryBuilders.existsQuery;
|
|||
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
|
||||
import static org.elasticsearch.join.query.JoinQueryBuilders.hasChildQuery;
|
||||
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
||||
|
|
@ -664,87 +662,6 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
|
|||
assertThat(response.getResponses()[1].getResponse().getHits().getAt(0).getSourceAsMap().get("field2"), is("value2"));
|
||||
}
|
||||
|
||||
public void testFieldStatsApi() throws Exception {
|
||||
assertAcked(client().admin().indices().prepareCreate("test")
|
||||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is granted access to field1 only:
|
||||
FieldStatsResponse response = client()
|
||||
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(1));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
|
||||
// user2 is granted access to field2 only:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(1));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
|
||||
// user3 is granted access to field1 and field2:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(2));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
|
||||
// user4 is granted access to no fields:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(0));
|
||||
|
||||
// user5 has no field level security configured:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user5", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(3));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field3").getDocCount(), equalTo(1L));
|
||||
|
||||
// user6 has field level security configured for field*:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user6", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(3));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field3").getDocCount(), equalTo(1L));
|
||||
|
||||
// user7 has no field level security configured (roles with and without field level security):
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user7", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(3));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field3").getDocCount(), equalTo(1L));
|
||||
|
||||
// user8 has field level security configured for field1 and field2 (multiple roles):
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user8", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setFields("field1", "field2", "field3")
|
||||
.get();
|
||||
assertThat(response.getAllFieldStats().size(), equalTo(2));
|
||||
assertThat(response.getAllFieldStats().get("field1").getDocCount(), equalTo(1L));
|
||||
assertThat(response.getAllFieldStats().get("field2").getDocCount(), equalTo(1L));
|
||||
}
|
||||
|
||||
public void testScroll() throws Exception {
|
||||
assertAcked(client().admin().indices().prepareCreate("test")
|
||||
.setSettings(Settings.builder().put(IndexModule.INDEX_QUERY_CACHE_EVERYTHING_SETTING.getKey(), true))
|
||||
|
|
|
|||
|
|
@ -13,8 +13,6 @@ import org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsRespon
|
|||
import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse;
|
||||
import org.elasticsearch.action.admin.indices.validate.query.ValidateQueryResponse;
|
||||
import org.elasticsearch.action.delete.DeleteResponse;
|
||||
import org.elasticsearch.action.fieldstats.FieldStats;
|
||||
import org.elasticsearch.action.fieldstats.FieldStatsResponse;
|
||||
import org.elasticsearch.action.index.IndexResponse;
|
||||
import org.elasticsearch.action.search.MultiSearchResponse;
|
||||
import org.elasticsearch.action.search.SearchResponse;
|
||||
|
|
@ -22,9 +20,9 @@ import org.elasticsearch.cluster.metadata.MappingMetaData;
|
|||
import org.elasticsearch.common.collect.ImmutableOpenMap;
|
||||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
|
@ -136,26 +134,6 @@ public class KibanaUserRoleIntegTests extends SecurityIntegTestCase {
|
|||
assertEquals(multiSearchResponse.getResponses()[0].getResponse().getHits().getTotalHits(), multiHits);
|
||||
}
|
||||
|
||||
public void testFieldStats() throws Exception {
|
||||
final String index = "logstash-20-12-2015";
|
||||
final String type = "event";
|
||||
final String field = "foo";
|
||||
indexRandom(true, client().prepareIndex().setIndex(index).setType(type).setSource(field, "bar"));
|
||||
|
||||
FieldStatsResponse response = client().prepareFieldStats().setIndices(index).setFields(field).get();
|
||||
FieldStats fieldStats = response.getAllFieldStats().get(field);
|
||||
assertThat(fieldStats, notNullValue());
|
||||
final String fieldStatsMax = fieldStats.getMaxValueAsString();
|
||||
|
||||
response = client()
|
||||
.filterWithHeader(singletonMap("Authorization", UsernamePasswordToken.basicAuthHeaderValue("kibana_user", USERS_PASSWD)))
|
||||
.prepareFieldStats()
|
||||
.setIndices(index).setFields(field).get();
|
||||
FieldStats fieldStats1 = response.getAllFieldStats().get(field);
|
||||
assertThat(fieldStats1, notNullValue());
|
||||
assertThat(fieldStats1.getMaxValueAsString(), equalTo(fieldStatsMax));
|
||||
}
|
||||
|
||||
public void testGetIndex() throws Exception {
|
||||
final String index = "logstash-20-12-2015";
|
||||
final String type = "event";
|
||||
|
|
|
|||
|
|
@ -58,7 +58,6 @@ indices:monitor/shard_stores
|
|||
indices:monitor/stats
|
||||
indices:monitor/upgrade
|
||||
indices:data/read/explain
|
||||
indices:data/read/field_stats
|
||||
indices:data/read/field_caps
|
||||
indices:data/read/get
|
||||
indices:data/read/xpack/graph/explore
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ indices:admin/upgrade
|
|||
indices:admin/upgrade[n]
|
||||
indices:admin/validate/query[s]
|
||||
indices:data/read/explain[s]
|
||||
indices:data/read/field_stats[s]
|
||||
indices:data/read/field_caps[index]
|
||||
indices:data/read/field_caps[index][s]
|
||||
indices:data/read/get[s]
|
||||
|
|
|
|||
Loading…
Reference in New Issue