Remove and forbid the use of com.google.common.base.Predicate(s)?
This commit removes and now forbids all uses of com.google.common.base.Predicate and com.google.common.base.Predicates across the codebase. This is one of the many steps in the eventual removal of Guava as a dependency. This was enabled by elastic/elasticsearchelastic/elasticsearch#13314. Relates elastic/elasticsearchelastic/elasticsearch#13224, elastic/elasticsearchelastic/elasticsearch#13349 Original commit: elastic/x-pack-elasticsearch@968b81849f
This commit is contained in:
parent
533c14242f
commit
74cdc2f4ce
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.action;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionResponse;
|
||||
|
@ -29,7 +28,10 @@ import org.elasticsearch.shield.license.LicenseEventsNotifier;
|
|||
import org.elasticsearch.shield.license.LicenseService;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static org.elasticsearch.shield.support.Exceptions.authorizationError;
|
||||
|
||||
|
@ -79,7 +81,7 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
|
|||
A functional requirement - when the license of shield is disabled (invalid/expires), shield will continue
|
||||
to operate normally, except all read operations will be blocked.
|
||||
*/
|
||||
if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.apply(action)) {
|
||||
if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) {
|
||||
logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" +
|
||||
"operations are blocked on shield license expiration. All data operations (read and write) continue to work. \n" +
|
||||
"If you have a new license, please update it. Otherwise, please reach out to your support contact.", action);
|
||||
|
|
|
@ -400,7 +400,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
|
|||
public void accessGranted(User user, String action, TransportMessage<?> message) {
|
||||
if (!principalIsAuditor(user.principal())) {
|
||||
// special treatment for internal system actions - only log if explicitly told to
|
||||
if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) {
|
||||
if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) {
|
||||
if (events.contains(SYSTEM_ACCESS_GRANTED)) {
|
||||
try {
|
||||
enqueue(message("access_granted", action, user.principal(), null, indices(message), message), "access_granted");
|
||||
|
|
|
@ -168,7 +168,7 @@ public class LoggingAuditTrail implements AuditTrail {
|
|||
String indices = indicesString(message);
|
||||
|
||||
// special treatment for internal system actions - only log on trace
|
||||
if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) {
|
||||
if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) {
|
||||
if (logger.isTraceEnabled()) {
|
||||
if (indices != null) {
|
||||
logger.trace("{}[transport] [access_granted]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message, transport), user.principal(), action, indices, message.getClass().getSimpleName());
|
||||
|
|
|
@ -19,7 +19,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
|
|||
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import static com.google.common.base.Predicates.contains;
|
||||
import static com.google.common.collect.Iterables.all;
|
||||
import static java.util.Arrays.asList;
|
||||
|
||||
|
@ -129,8 +128,8 @@ public abstract class SessionFactory {
|
|||
return true;
|
||||
}
|
||||
|
||||
boolean allSecure = all(asList(ldapUrls), contains(STARTS_WITH_LDAPS));
|
||||
boolean allClear = all(asList(ldapUrls), contains(STARTS_WITH_LDAP));
|
||||
boolean allSecure = all(asList(ldapUrls), s -> STARTS_WITH_LDAPS.matcher(s).find());
|
||||
boolean allClear = all(asList(ldapUrls), s -> STARTS_WITH_LDAP.matcher(s).find());
|
||||
|
||||
if (!allSecure && !allClear) {
|
||||
//No mixing is allowed because we use the same socketfactory
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import com.google.common.base.Predicates;
|
||||
import com.google.common.collect.Sets;
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.action.CompositeIndicesRequest;
|
||||
|
@ -33,7 +31,12 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesAndAliasesResolver;
|
|||
import org.elasticsearch.shield.authz.store.RolesStore;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static org.elasticsearch.shield.support.Exceptions.authorizationError;
|
||||
|
||||
|
@ -80,12 +83,12 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
}
|
||||
|
||||
List<String> indicesAndAliases = new ArrayList<>();
|
||||
Predicate<String> predicate = Predicates.or(predicates);
|
||||
Predicate<String> predicate = predicates.stream().reduce(s -> false, (p1, p2) -> p1.or(p2));
|
||||
MetaData metaData = clusterService.state().metaData();
|
||||
// TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?
|
||||
for (Map.Entry<String, AliasOrIndex> entry : metaData.getAliasAndIndexLookup().entrySet()) {
|
||||
String aliasOrIndex = entry.getKey();
|
||||
if (predicate.apply(aliasOrIndex)) {
|
||||
if (predicate.test(aliasOrIndex)) {
|
||||
indicesAndAliases.add(aliasOrIndex);
|
||||
}
|
||||
}
|
||||
|
@ -115,7 +118,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
|
||||
// first, we'll check if the action is a cluster action. If it is, we'll only check it
|
||||
// against the cluster permissions
|
||||
if (Privilege.Cluster.ACTION_MATCHER.apply(action)) {
|
||||
if (Privilege.Cluster.ACTION_MATCHER.test(action)) {
|
||||
Permission.Cluster cluster = permission.cluster();
|
||||
if (cluster != null && cluster.check(action)) {
|
||||
request.putInContext(INDICES_PERMISSIONS_KEY, IndicesAccessControl.ALLOW_ALL);
|
||||
|
@ -126,7 +129,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
}
|
||||
|
||||
// ok... this is not a cluster action, let's verify it's an indices action
|
||||
if (!Privilege.Index.ACTION_MATCHER.apply(action)) {
|
||||
if (!Privilege.Index.ACTION_MATCHER.test(action)) {
|
||||
throw denial(user, action, request);
|
||||
}
|
||||
|
||||
|
@ -164,7 +167,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
}
|
||||
|
||||
//if we are creating an index we need to authorize potential aliases created at the same time
|
||||
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
|
||||
if (Privilege.Index.CREATE_INDEX_MATCHER.test(action)) {
|
||||
assert request instanceof CreateIndexRequest;
|
||||
Set<Alias> aliases = ((CreateIndexRequest) request).aliases();
|
||||
if (!aliases.isEmpty()) {
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
import com.google.common.cache.CacheLoader;
|
||||
import com.google.common.cache.LoadingCache;
|
||||
|
@ -22,7 +21,17 @@ import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
|
|||
import org.elasticsearch.shield.support.AutomatonPredicate;
|
||||
import org.elasticsearch.shield.support.Automatons;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.SortedMap;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
/**
|
||||
* Represents a permission in the system. There are 3 types of permissions:
|
||||
|
@ -209,7 +218,7 @@ public interface Permission {
|
|||
}
|
||||
|
||||
public boolean check(String action) {
|
||||
return predicate.apply(action);
|
||||
return predicate.test(action);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -279,7 +288,7 @@ public interface Permission {
|
|||
public Predicate<String> load(String action) throws Exception {
|
||||
List<String> indices = new ArrayList<>();
|
||||
for (Group group : groups) {
|
||||
if (group.actionMatcher.apply(action)) {
|
||||
if (group.actionMatcher.test(action)) {
|
||||
indices.addAll(Arrays.asList(group.indices));
|
||||
}
|
||||
}
|
||||
|
@ -532,12 +541,12 @@ public interface Permission {
|
|||
}
|
||||
|
||||
public boolean indexNameMatch(String index) {
|
||||
return indexNameMatcher.apply(index);
|
||||
return indexNameMatcher.test(index);
|
||||
}
|
||||
|
||||
public boolean check(String action, String index) {
|
||||
assert index != null;
|
||||
return actionMatcher.apply(action) && indexNameMatcher.apply(index);
|
||||
return actionMatcher.test(action) && indexNameMatcher.test(index);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
import com.google.common.cache.CacheLoader;
|
||||
import com.google.common.cache.LoadingCache;
|
||||
|
@ -28,6 +27,7 @@ import org.elasticsearch.shield.support.Automatons;
|
|||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.CopyOnWriteArraySet;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static org.elasticsearch.shield.support.Automatons.patterns;
|
||||
|
||||
|
@ -206,7 +206,7 @@ public abstract class Privilege<P extends Privilege<P>> {
|
|||
|
||||
public static void addCustom(String name, String... actionPatterns) {
|
||||
for (String pattern : actionPatterns) {
|
||||
if (!Index.ACTION_MATCHER.apply(pattern)) {
|
||||
if (!Index.ACTION_MATCHER.test(pattern)) {
|
||||
throw new IllegalArgumentException("cannot register custom index privilege [" + name + "]. index action must follow the 'indices:*' format");
|
||||
}
|
||||
}
|
||||
|
@ -252,7 +252,7 @@ public abstract class Privilege<P extends Privilege<P>> {
|
|||
|
||||
private static Index resolve(String name) {
|
||||
name = name.toLowerCase(Locale.ROOT);
|
||||
if (ACTION_MATCHER.apply(name)) {
|
||||
if (ACTION_MATCHER.test(name)) {
|
||||
return action(name);
|
||||
}
|
||||
for (Index index : values) {
|
||||
|
@ -314,7 +314,7 @@ public abstract class Privilege<P extends Privilege<P>> {
|
|||
|
||||
public static void addCustom(String name, String... actionPatterns) {
|
||||
for (String pattern : actionPatterns) {
|
||||
if (!Cluster.ACTION_MATCHER.apply(pattern)) {
|
||||
if (!Cluster.ACTION_MATCHER.test(pattern)) {
|
||||
throw new IllegalArgumentException("cannot register custom cluster privilege [" + name + "]. cluster aciton must follow the 'cluster:*' format");
|
||||
}
|
||||
}
|
||||
|
@ -350,7 +350,7 @@ public abstract class Privilege<P extends Privilege<P>> {
|
|||
|
||||
private static Cluster resolve(String name) {
|
||||
name = name.toLowerCase(Locale.ROOT);
|
||||
if (ACTION_MATCHER.apply(name)) {
|
||||
if (ACTION_MATCHER.test(name)) {
|
||||
return action(name);
|
||||
}
|
||||
for (Cluster cluster : values) {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -22,6 +22,6 @@ public class SystemRole {
|
|||
}
|
||||
|
||||
public boolean check(String action) {
|
||||
return PREDICATE.apply(action);
|
||||
return PREDICATE.test(action);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,10 +5,11 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.support;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import dk.brics.automaton.Automaton;
|
||||
import dk.brics.automaton.RunAutomaton;
|
||||
|
||||
import java.util.function.Predicate;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
@ -25,7 +26,7 @@ public class AutomatonPredicate implements Predicate<String> {
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean apply(String input) {
|
||||
public boolean test(String input) {
|
||||
return automaton.run(input);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.audit.index;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
|
||||
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
|
||||
import org.elasticsearch.action.exists.ExistsResponse;
|
||||
|
@ -19,7 +18,7 @@ import org.joda.time.DateTime;
|
|||
import org.joda.time.DateTimeZone;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
@ClusterScope(scope = Scope.TEST, randomDynamicTemplates = false)
|
||||
public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
|
||||
|
@ -69,9 +68,7 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
|
|||
|
||||
void awaitIndexCreation() throws Exception {
|
||||
final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover);
|
||||
boolean success = awaitBusy(new Predicate<Void>() {
|
||||
@Override
|
||||
public boolean apply(Void o) {
|
||||
boolean success = awaitBusy(() -> {
|
||||
try {
|
||||
ExistsResponse response =
|
||||
client().prepareExists(indexName).execute().actionGet();
|
||||
|
@ -79,7 +76,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
|
|||
} catch (Exception e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (!success) {
|
||||
|
@ -88,9 +84,7 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
|
|||
}
|
||||
|
||||
void awaitIndexTemplateCreation() throws InterruptedException {
|
||||
boolean found = awaitBusy(new Predicate<Void>() {
|
||||
@Override
|
||||
public boolean apply(Void aVoid) {
|
||||
boolean found = awaitBusy(() -> {
|
||||
GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
|
||||
if (response.getIndexTemplates().size() > 0) {
|
||||
for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) {
|
||||
|
@ -100,7 +94,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
|
|||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
});
|
||||
|
||||
if (!found) {
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.audit.index;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.IndicesRequest;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||
import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse;
|
||||
|
@ -54,7 +53,10 @@ import java.util.List;
|
|||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*;
|
||||
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
|
||||
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
|
||||
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
|
||||
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
|
||||
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
|
||||
import static org.elasticsearch.test.InternalTestCluster.clusterName;
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
|
@ -62,7 +64,11 @@ import static org.hamcrest.Matchers.equalTo;
|
|||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.mockito.Mockito.any;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -704,9 +710,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
|
|||
}
|
||||
|
||||
private void awaitIndexCreation(final String indexName) throws InterruptedException {
|
||||
boolean found = awaitBusy(new Predicate<Void>() {
|
||||
@Override
|
||||
public boolean apply(Void o) {
|
||||
boolean found = awaitBusy(() -> {
|
||||
try {
|
||||
ExistsResponse response =
|
||||
getClient().prepareExists(indexName).execute().actionGet();
|
||||
|
@ -714,7 +718,6 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
|
|||
} catch (Exception e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
});
|
||||
assertThat("[" + indexName + "] does not exist!", found, is(true));
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.audit.index;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
|
@ -127,12 +126,7 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
|
|||
public void testThatRemoteAuditInstancesAreStarted() throws Exception {
|
||||
Iterable<IndexAuditTrail> auditTrails = remoteCluster.getInstances(IndexAuditTrail.class);
|
||||
for (final IndexAuditTrail auditTrail : auditTrails) {
|
||||
awaitBusy(new Predicate<Void>() {
|
||||
@Override
|
||||
public boolean apply(Void aVoid) {
|
||||
return auditTrail.state() == IndexAuditTrail.State.STARTED;
|
||||
}
|
||||
}, 2L, TimeUnit.SECONDS);
|
||||
awaitBusy(() -> auditTrail.state() == IndexAuditTrail.State.STARTED, 2L, TimeUnit.SECONDS);
|
||||
assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.get.GetAction;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.junit.Before;
|
||||
|
@ -14,9 +13,16 @@ import org.junit.Test;
|
|||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.*;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.Cluster;
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.MONITOR;
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.READ;
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.SEARCH;
|
||||
import static org.elasticsearch.shield.authz.Privilege.Index.union;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -72,11 +78,11 @@ public class PermissionTests extends ESTestCase {
|
|||
|
||||
// "baz_*foo", "/fool.*bar/"
|
||||
private void testAllowedIndicesMatcher(Predicate<String> indicesMatcher) {
|
||||
assertThat(indicesMatcher.apply("foobar"), is(false));
|
||||
assertThat(indicesMatcher.apply("fool"), is(false));
|
||||
assertThat(indicesMatcher.apply("fool2bar"), is(true));
|
||||
assertThat(indicesMatcher.apply("baz_foo"), is(true));
|
||||
assertThat(indicesMatcher.apply("barbapapa"), is(false));
|
||||
assertThat(indicesMatcher.test("foobar"), is(false));
|
||||
assertThat(indicesMatcher.test("fool"), is(false));
|
||||
assertThat(indicesMatcher.test("fool2bar"), is(true));
|
||||
assertThat(indicesMatcher.test("baz_foo"), is(true));
|
||||
assertThat(indicesMatcher.test("barbapapa"), is(false));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz;
|
||||
|
||||
import com.google.common.base.Predicate;
|
||||
import org.elasticsearch.action.get.GetAction;
|
||||
import org.elasticsearch.action.get.MultiGetAction;
|
||||
import org.elasticsearch.action.search.MultiSearchAction;
|
||||
|
@ -18,7 +17,11 @@ import org.junit.Rule;
|
|||
import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -48,10 +51,10 @@ public class PrivilegeTests extends ESTestCase {
|
|||
@Test
|
||||
public void testSubActionPattern() throws Exception {
|
||||
AutomatonPredicate predicate = new AutomatonPredicate(Automatons.patterns("foo" + Privilege.SUB_ACTION_SUFFIX_PATTERN));
|
||||
assertThat(predicate.apply("foo[n][nodes]"), is(true));
|
||||
assertThat(predicate.apply("foo[n]"), is(true));
|
||||
assertThat(predicate.apply("bar[n][nodes]"), is(false));
|
||||
assertThat(predicate.apply("[n][nodes]"), is(false));
|
||||
assertThat(predicate.test("foo[n][nodes]"), is(true));
|
||||
assertThat(predicate.test("foo[n]"), is(true));
|
||||
assertThat(predicate.test("bar[n][nodes]"), is(false));
|
||||
assertThat(predicate.test("[n][nodes]"), is(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -81,17 +84,17 @@ public class PrivilegeTests extends ESTestCase {
|
|||
Privilege.Name name = new Privilege.Name("indices:admin/template/delete");
|
||||
Privilege.Cluster cluster = Privilege.Cluster.get(name);
|
||||
assertThat(cluster, notNullValue());
|
||||
assertThat(cluster.predicate().apply("indices:admin/template/delete"), is(true));
|
||||
assertThat(cluster.predicate().test("indices:admin/template/delete"), is(true));
|
||||
|
||||
name = new Privilege.Name("indices:admin/template/get");
|
||||
cluster = Privilege.Cluster.get(name);
|
||||
assertThat(cluster, notNullValue());
|
||||
assertThat(cluster.predicate().apply("indices:admin/template/get"), is(true));
|
||||
assertThat(cluster.predicate().test("indices:admin/template/get"), is(true));
|
||||
|
||||
name = new Privilege.Name("indices:admin/template/put");
|
||||
cluster = Privilege.Cluster.get(name);
|
||||
assertThat(cluster, notNullValue());
|
||||
assertThat(cluster.predicate().apply("indices:admin/template/put"), is(true));
|
||||
assertThat(cluster.predicate().test("indices:admin/template/put"), is(true));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -106,8 +109,8 @@ public class PrivilegeTests extends ESTestCase {
|
|||
Privilege.Name actionName = new Privilege.Name("cluster:admin/snapshot/delete");
|
||||
Privilege.Cluster cluster = Privilege.Cluster.get(actionName);
|
||||
assertThat(cluster, notNullValue());
|
||||
assertThat(cluster.predicate().apply("cluster:admin/snapshot/delete"), is(true));
|
||||
assertThat(cluster.predicate().apply("cluster:admin/snapshot/dele"), is(false));
|
||||
assertThat(cluster.predicate().test("cluster:admin/snapshot/delete"), is(true));
|
||||
assertThat(cluster.predicate().test("cluster:admin/snapshot/dele"), is(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -117,14 +120,14 @@ public class PrivilegeTests extends ESTestCase {
|
|||
for (Privilege.Cluster cluster : Privilege.Cluster.values()) {
|
||||
if ("foo".equals(cluster.name.toString())) {
|
||||
found = true;
|
||||
assertThat(cluster.predicate().apply("cluster:bar"), is(true));
|
||||
assertThat(cluster.predicate().test("cluster:bar"), is(true));
|
||||
}
|
||||
}
|
||||
assertThat(found, is(true));
|
||||
Privilege.Cluster cluster = Privilege.Cluster.get(new Privilege.Name("foo"));
|
||||
assertThat(cluster, notNullValue());
|
||||
assertThat(cluster.name().toString(), is("foo"));
|
||||
assertThat(cluster.predicate().apply("cluster:bar"), is(true));
|
||||
assertThat(cluster.predicate().test("cluster:bar"), is(true));
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
|
@ -142,8 +145,8 @@ public class PrivilegeTests extends ESTestCase {
|
|||
Privilege.Name actionName = new Privilege.Name("indices:admin/mapping/delete");
|
||||
Privilege.Index index = Privilege.Index.get(actionName);
|
||||
assertThat(index, notNullValue());
|
||||
assertThat(index.predicate().apply("indices:admin/mapping/delete"), is(true));
|
||||
assertThat(index.predicate().apply("indices:admin/mapping/dele"), is(false));
|
||||
assertThat(index.predicate().test("indices:admin/mapping/delete"), is(true));
|
||||
assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -204,14 +207,14 @@ public class PrivilegeTests extends ESTestCase {
|
|||
for (Privilege.Index index : Privilege.Index.values()) {
|
||||
if ("foo".equals(index.name.toString())) {
|
||||
found = true;
|
||||
assertThat(index.predicate().apply("indices:bar"), is(true));
|
||||
assertThat(index.predicate().test("indices:bar"), is(true));
|
||||
}
|
||||
}
|
||||
assertThat(found, is(true));
|
||||
Privilege.Index index = Privilege.Index.get(new Privilege.Name("foo"));
|
||||
assertThat(index, notNullValue());
|
||||
assertThat(index.name().toString(), is("foo"));
|
||||
assertThat(index.predicate().apply("indices:bar"), is(true));
|
||||
assertThat(index.predicate().test("indices:bar"), is(true));
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
|
@ -227,42 +230,42 @@ public class PrivilegeTests extends ESTestCase {
|
|||
@Test
|
||||
public void testSystem() throws Exception {
|
||||
Predicate<String> predicate = Privilege.SYSTEM.predicate();
|
||||
assertThat(predicate.apply("indices:monitor/whatever"), is(true));
|
||||
assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
|
||||
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false));
|
||||
assertThat(predicate.apply("internal:whatever"), is(true));
|
||||
assertThat(predicate.apply("indices:whatever"), is(false));
|
||||
assertThat(predicate.apply("cluster:whatever"), is(false));
|
||||
assertThat(predicate.apply("cluster:admin/snapshot/status"), is(false));
|
||||
assertThat(predicate.apply("whatever"), is(false));
|
||||
assertThat(predicate.apply("cluster:admin/reroute"), is(true));
|
||||
assertThat(predicate.apply("cluster:admin/whatever"), is(false));
|
||||
assertThat(predicate.apply("indices:admin/mapping/put"), is(true));
|
||||
assertThat(predicate.apply("indices:admin/mapping/whatever"), is(false));
|
||||
assertThat(predicate.test("indices:monitor/whatever"), is(true));
|
||||
assertThat(predicate.test("cluster:monitor/whatever"), is(true));
|
||||
assertThat(predicate.test("cluster:admin/snapshot/status[nodes]"), is(false));
|
||||
assertThat(predicate.test("internal:whatever"), is(true));
|
||||
assertThat(predicate.test("indices:whatever"), is(false));
|
||||
assertThat(predicate.test("cluster:whatever"), is(false));
|
||||
assertThat(predicate.test("cluster:admin/snapshot/status"), is(false));
|
||||
assertThat(predicate.test("whatever"), is(false));
|
||||
assertThat(predicate.test("cluster:admin/reroute"), is(true));
|
||||
assertThat(predicate.test("cluster:admin/whatever"), is(false));
|
||||
assertThat(predicate.test("indices:admin/mapping/put"), is(true));
|
||||
assertThat(predicate.test("indices:admin/mapping/whatever"), is(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSearchPrivilege() throws Exception {
|
||||
Predicate<String> predicate = Privilege.Index.SEARCH.predicate();
|
||||
assertThat(predicate.apply(SearchAction.NAME), is(true));
|
||||
assertThat(predicate.apply(SearchAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.apply(MultiSearchAction.NAME), is(true));
|
||||
assertThat(predicate.apply(MultiSearchAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.apply(SuggestAction.NAME), is(true));
|
||||
assertThat(predicate.apply(SuggestAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.test(SearchAction.NAME), is(true));
|
||||
assertThat(predicate.test(SearchAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.test(MultiSearchAction.NAME), is(true));
|
||||
assertThat(predicate.test(MultiSearchAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.test(SuggestAction.NAME), is(true));
|
||||
assertThat(predicate.test(SuggestAction.NAME + "/whatever"), is(true));
|
||||
|
||||
assertThat(predicate.apply(GetAction.NAME), is(false));
|
||||
assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(false));
|
||||
assertThat(predicate.apply(MultiGetAction.NAME), is(false));
|
||||
assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(false));
|
||||
assertThat(predicate.test(GetAction.NAME), is(false));
|
||||
assertThat(predicate.test(GetAction.NAME + "/whatever"), is(false));
|
||||
assertThat(predicate.test(MultiGetAction.NAME), is(false));
|
||||
assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetPrivilege() throws Exception {
|
||||
Predicate<String> predicate = Privilege.Index.GET.predicate();
|
||||
assertThat(predicate.apply(GetAction.NAME), is(true));
|
||||
assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.apply(MultiGetAction.NAME), is(true));
|
||||
assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.test(GetAction.NAME), is(true));
|
||||
assertThat(predicate.test(GetAction.NAME + "/whatever"), is(true));
|
||||
assertThat(predicate.test(MultiGetAction.NAME), is(true));
|
||||
assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(true));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue