honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove and forbid the use of com.google.common.base.Predicate(s)? 

This commit removes and now forbids all uses of
com.google.common.base.Predicate and com.google.common.base.Predicates
across the codebase. This is one of the many steps in the eventual
removal of Guava as a dependency. This was enabled by
elastic/elasticsearchelastic/elasticsearch#13314.

Relates elastic/elasticsearchelastic/elasticsearch#13224, elastic/elasticsearchelastic/elasticsearch#13349

Original commit: elastic/x-pack-elasticsearch@968b81849f
This commit is contained in:
Jason Tedor 2015-09-04 13:20:27 -04:00
parent 533c14242f
commit 74cdc2f4ce
14 changed files with 137 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.action;
import com.google.common.base.Predicate;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
@ -29,7 +28,10 @@ import org.elasticsearch.shield.license.LicenseEventsNotifier;
import org.elasticsearch.shield.license.LicenseService;
import java.io.IOException;
import java.util.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import static org.elasticsearch.shield.support.Exceptions.authorizationError;
@ -79,7 +81,7 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
A functional requirement - when the license of shield is disabled (invalid/expires), shield will continue
to operate normally, except all read operations will be blocked.
*/
if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.apply(action)) {
if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) {
logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" +
"operations are blocked on shield license expiration. All data operations (read and write) continue to work. \n" +
"If you have a new license, please update it. Otherwise, please reach out to your support contact.", action);

2
shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
View File

@ -400,7 +400,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
public void accessGranted(User user, String action, TransportMessage<?> message) {
if (!principalIsAuditor(user.principal())) {
// special treatment for internal system actions - only log if explicitly told to
if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) {
if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) {
if (events.contains(SYSTEM_ACCESS_GRANTED)) {
try {
enqueue(message("access_granted", action, user.principal(), null, indices(message), message), "access_granted");

2
shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
View File

@ -168,7 +168,7 @@ public class LoggingAuditTrail implements AuditTrail {
String indices = indicesString(message);
// special treatment for internal system actions - only log on trace
if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) {
if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) {
if (logger.isTraceEnabled()) {
if (indices != null) {
logger.trace("{}[transport] [access_granted]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message, transport), user.principal(), action, indices, message.getClass().getSimpleName());

5
shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java
View File

@ -19,7 +19,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import java.util.regex.Pattern;
import static com.google.common.base.Predicates.contains;
import static com.google.common.collect.Iterables.all;
import static java.util.Arrays.asList;
@ -129,8 +128,8 @@ public abstract class SessionFactory {
return true;
}
boolean allSecure = all(asList(ldapUrls), contains(STARTS_WITH_LDAPS));
boolean allClear = all(asList(ldapUrls), contains(STARTS_WITH_LDAP));
boolean allSecure = all(asList(ldapUrls), s -> STARTS_WITH_LDAPS.matcher(s).find());
boolean allClear = all(asList(ldapUrls), s -> STARTS_WITH_LDAP.matcher(s).find());
if (!allSecure && !allClear) {
//No mixing is allowed because we use the same socketfactory

19
shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
View File

@ -5,8 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Sets;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.CompositeIndicesRequest;
@ -33,7 +31,12 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesAndAliasesResolver;
import org.elasticsearch.shield.authz.store.RolesStore;
import org.elasticsearch.transport.TransportRequest;
import java.util.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
import static org.elasticsearch.shield.support.Exceptions.authorizationError;
@ -80,12 +83,12 @@ public class InternalAuthorizationService extends AbstractComponent implements A
}
List<String> indicesAndAliases = new ArrayList<>();
Predicate<String> predicate = Predicates.or(predicates);
Predicate<String> predicate = predicates.stream().reduce(s -> false, (p1, p2) -> p1.or(p2));
MetaData metaData = clusterService.state().metaData();
// TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?
for (Map.Entry<String, AliasOrIndex> entry : metaData.getAliasAndIndexLookup().entrySet()) {
String aliasOrIndex = entry.getKey();
if (predicate.apply(aliasOrIndex)) {
if (predicate.test(aliasOrIndex)) {
indicesAndAliases.add(aliasOrIndex);
}
}
@ -115,7 +118,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
// first, we'll check if the action is a cluster action. If it is, we'll only check it
// against the cluster permissions
if (Privilege.Cluster.ACTION_MATCHER.apply(action)) {
if (Privilege.Cluster.ACTION_MATCHER.test(action)) {
Permission.Cluster cluster = permission.cluster();
if (cluster != null && cluster.check(action)) {
request.putInContext(INDICES_PERMISSIONS_KEY, IndicesAccessControl.ALLOW_ALL);
@ -126,7 +129,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
}
// ok... this is not a cluster action, let's verify it's an indices action
if (!Privilege.Index.ACTION_MATCHER.apply(action)) {
if (!Privilege.Index.ACTION_MATCHER.test(action)) {
throw denial(user, action, request);
}
@ -164,7 +167,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
}
//if we are creating an index we need to authorize potential aliases created at the same time
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
if (Privilege.Index.CREATE_INDEX_MATCHER.test(action)) {
assert request instanceof CreateIndexRequest;
Set<Alias> aliases = ((CreateIndexRequest) request).aliases();
if (!aliases.isEmpty()) {

21
shield/src/main/java/org/elasticsearch/shield/authz/Permission.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
@ -22,7 +21,17 @@ import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.shield.support.AutomatonPredicate;
import org.elasticsearch.shield.support.Automatons;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.function.Predicate;
/**
* Represents a permission in the system. There are 3 types of permissions:
@ -209,7 +218,7 @@ public interface Permission {
}
public boolean check(String action) {
return predicate.apply(action);
return predicate.test(action);
}
@Override
@ -279,7 +288,7 @@ public interface Permission {
public Predicate<String> load(String action) throws Exception {
List<String> indices = new ArrayList<>();
for (Group group : groups) {
if (group.actionMatcher.apply(action)) {
if (group.actionMatcher.test(action)) {
indices.addAll(Arrays.asList(group.indices));
}
}
@ -532,12 +541,12 @@ public interface Permission {
}
public boolean indexNameMatch(String index) {
return indexNameMatcher.apply(index);
return indexNameMatcher.test(index);
}
public boolean check(String action, String index) {
assert index != null;
return actionMatcher.apply(action) && indexNameMatcher.apply(index);
return actionMatcher.test(action) && indexNameMatcher.test(index);
}
}
}

10
shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
@ -28,6 +27,7 @@ import org.elasticsearch.shield.support.Automatons;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.function.Predicate;
import static org.elasticsearch.shield.support.Automatons.patterns;
@ -206,7 +206,7 @@ public abstract class Privilege<P extends Privilege<P>> {
public static void addCustom(String name, String... actionPatterns) {
for (String pattern : actionPatterns) {
if (!Index.ACTION_MATCHER.apply(pattern)) {
if (!Index.ACTION_MATCHER.test(pattern)) {
throw new IllegalArgumentException("cannot register custom index privilege [" + name + "]. index action must follow the 'indices:*' format");
}
}
@ -252,7 +252,7 @@ public abstract class Privilege<P extends Privilege<P>> {
private static Index resolve(String name) {
name = name.toLowerCase(Locale.ROOT);
if (ACTION_MATCHER.apply(name)) {
if (ACTION_MATCHER.test(name)) {
return action(name);
}
for (Index index : values) {
@ -314,7 +314,7 @@ public abstract class Privilege<P extends Privilege<P>> {
public static void addCustom(String name, String... actionPatterns) {
for (String pattern : actionPatterns) {
if (!Cluster.ACTION_MATCHER.apply(pattern)) {
if (!Cluster.ACTION_MATCHER.test(pattern)) {
throw new IllegalArgumentException("cannot register custom cluster privilege [" + name + "]. cluster aciton must follow the 'cluster:*' format");
}
}
@ -350,7 +350,7 @@ public abstract class Privilege<P extends Privilege<P>> {
private static Cluster resolve(String name) {
name = name.toLowerCase(Locale.ROOT);
if (ACTION_MATCHER.apply(name)) {
if (ACTION_MATCHER.test(name)) {
return action(name);
}
for (Cluster cluster : values) {

4
shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java
View File

@ -5,7 +5,7 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import java.util.function.Predicate;
/**
*
@ -22,6 +22,6 @@ public class SystemRole {
}
public boolean check(String action) {
return PREDICATE.apply(action);
return PREDICATE.test(action);
}
}

5
shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java
View File

@ -5,10 +5,11 @@
*/
package org.elasticsearch.shield.support;
import com.google.common.base.Predicate;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.RunAutomaton;
import java.util.function.Predicate;
/**
*
*/
@ -25,7 +26,7 @@ public class AutomatonPredicate implements Predicate<String> {
}
@Override
public boolean apply(String input) {
public boolean test(String input) {
return automaton.run(input);
}
}

37
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.audit.index;
import com.google.common.base.Predicate;
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
import org.elasticsearch.action.exists.ExistsResponse;
@ -19,7 +18,7 @@ import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.Test;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.TEST, randomDynamicTemplates = false)
public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
@ -69,16 +68,13 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
void awaitIndexCreation() throws Exception {
final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover);
boolean success = awaitBusy(new Predicate<Void>() {
@Override
public boolean apply(Void o) {
try {
ExistsResponse response =
client().prepareExists(indexName).execute().actionGet();
return response.exists();
} catch (Exception e) {
return false;
}
boolean success = awaitBusy(() -> {
try {
ExistsResponse response =
client().prepareExists(indexName).execute().actionGet();
return response.exists();
} catch (Exception e) {
return false;
}
});
@ -88,19 +84,16 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
}
void awaitIndexTemplateCreation() throws InterruptedException {
boolean found = awaitBusy(new Predicate<Void>() {
@Override
public boolean apply(Void aVoid) {
GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
if (response.getIndexTemplates().size() > 0) {
for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) {
if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) {
return true;
}
boolean found = awaitBusy(() -> {
GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
if (response.getIndexTemplates().size() > 0) {
for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) {
if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) {
return true;
}
}
return false;
}
return false;
});
if (!found) {

29
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.audit.index;
import com.google.common.base.Predicate;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse;
@ -54,7 +53,10 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
import static org.hamcrest.Matchers.contains;
@ -62,7 +64,11 @@ import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Mockito.*;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
*
@ -704,16 +710,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
}
private void awaitIndexCreation(final String indexName) throws InterruptedException {
boolean found = awaitBusy(new Predicate<Void>() {
@Override
public boolean apply(Void o) {
try {
ExistsResponse response =
getClient().prepareExists(indexName).execute().actionGet();
return response.exists();
} catch (Exception e) {
return false;
}
boolean found = awaitBusy(() -> {
try {
ExistsResponse response =
getClient().prepareExists(indexName).execute().actionGet();
return response.exists();
} catch (Exception e) {
return false;
}
});
assertThat("[" + indexName + "] does not exist!", found, is(true));

8
shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.audit.index;
import com.google.common.base.Predicate;
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.common.settings.Settings;
@ -127,12 +126,7 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
public void testThatRemoteAuditInstancesAreStarted() throws Exception {
Iterable<IndexAuditTrail> auditTrails = remoteCluster.getInstances(IndexAuditTrail.class);
for (final IndexAuditTrail auditTrail : auditTrails) {
awaitBusy(new Predicate<Void>() {
@Override
public boolean apply(Void aVoid) {
return auditTrail.state() == IndexAuditTrail.State.STARTED;
}
}, 2L, TimeUnit.SECONDS);
awaitBusy(() -> auditTrail.state() == IndexAuditTrail.State.STARTED, 2L, TimeUnit.SECONDS);
assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED));
}
}

22
shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import org.elasticsearch.action.get.GetAction;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
@ -14,9 +13,16 @@ import org.junit.Test;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.function.Predicate;
import static org.elasticsearch.shield.authz.Privilege.Index.*;
import static org.hamcrest.Matchers.*;
import static org.elasticsearch.shield.authz.Privilege.Index.Cluster;
import static org.elasticsearch.shield.authz.Privilege.Index.MONITOR;
import static org.elasticsearch.shield.authz.Privilege.Index.READ;
import static org.elasticsearch.shield.authz.Privilege.Index.SEARCH;
import static org.elasticsearch.shield.authz.Privilege.Index.union;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*
@ -72,11 +78,11 @@ public class PermissionTests extends ESTestCase {
// "baz_*foo", "/fool.*bar/"
private void testAllowedIndicesMatcher(Predicate<String> indicesMatcher) {
assertThat(indicesMatcher.apply("foobar"), is(false));
assertThat(indicesMatcher.apply("fool"), is(false));
assertThat(indicesMatcher.apply("fool2bar"), is(true));
assertThat(indicesMatcher.apply("baz_foo"), is(true));
assertThat(indicesMatcher.apply("barbapapa"), is(false));
assertThat(indicesMatcher.test("foobar"), is(false));
assertThat(indicesMatcher.test("fool"), is(false));
assertThat(indicesMatcher.test("fool2bar"), is(true));
assertThat(indicesMatcher.test("baz_foo"), is(true));
assertThat(indicesMatcher.test("barbapapa"), is(false));
}

89
shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import com.google.common.base.Predicate;
import org.elasticsearch.action.get.GetAction;
import org.elasticsearch.action.get.MultiGetAction;
import org.elasticsearch.action.search.MultiSearchAction;
@ -18,7 +17,11 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import static org.hamcrest.Matchers.*;
import java.util.function.Predicate;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*
@ -48,10 +51,10 @@ public class PrivilegeTests extends ESTestCase {
@Test
public void testSubActionPattern() throws Exception {
AutomatonPredicate predicate = new AutomatonPredicate(Automatons.patterns("foo" + Privilege.SUB_ACTION_SUFFIX_PATTERN));
assertThat(predicate.apply("foo[n][nodes]"), is(true));
assertThat(predicate.apply("foo[n]"), is(true));
assertThat(predicate.apply("bar[n][nodes]"), is(false));
assertThat(predicate.apply("[n][nodes]"), is(false));
assertThat(predicate.test("foo[n][nodes]"), is(true));
assertThat(predicate.test("foo[n]"), is(true));
assertThat(predicate.test("bar[n][nodes]"), is(false));
assertThat(predicate.test("[n][nodes]"), is(false));
}
@Test
@ -81,17 +84,17 @@ public class PrivilegeTests extends ESTestCase {
Privilege.Name name = new Privilege.Name("indices:admin/template/delete");
Privilege.Cluster cluster = Privilege.Cluster.get(name);
assertThat(cluster, notNullValue());
assertThat(cluster.predicate().apply("indices:admin/template/delete"), is(true));
assertThat(cluster.predicate().test("indices:admin/template/delete"), is(true));
name = new Privilege.Name("indices:admin/template/get");
cluster = Privilege.Cluster.get(name);
assertThat(cluster, notNullValue());
assertThat(cluster.predicate().apply("indices:admin/template/get"), is(true));
assertThat(cluster.predicate().test("indices:admin/template/get"), is(true));
name = new Privilege.Name("indices:admin/template/put");
cluster = Privilege.Cluster.get(name);
assertThat(cluster, notNullValue());
assertThat(cluster.predicate().apply("indices:admin/template/put"), is(true));
assertThat(cluster.predicate().test("indices:admin/template/put"), is(true));
}
@Test
@ -106,8 +109,8 @@ public class PrivilegeTests extends ESTestCase {
Privilege.Name actionName = new Privilege.Name("cluster:admin/snapshot/delete");
Privilege.Cluster cluster = Privilege.Cluster.get(actionName);
assertThat(cluster, notNullValue());
assertThat(cluster.predicate().apply("cluster:admin/snapshot/delete"), is(true));
assertThat(cluster.predicate().apply("cluster:admin/snapshot/dele"), is(false));
assertThat(cluster.predicate().test("cluster:admin/snapshot/delete"), is(true));
assertThat(cluster.predicate().test("cluster:admin/snapshot/dele"), is(false));
}
@Test
@ -117,14 +120,14 @@ public class PrivilegeTests extends ESTestCase {
for (Privilege.Cluster cluster : Privilege.Cluster.values()) {
if ("foo".equals(cluster.name.toString())) {
found = true;
assertThat(cluster.predicate().apply("cluster:bar"), is(true));
assertThat(cluster.predicate().test("cluster:bar"), is(true));
}
}
assertThat(found, is(true));
Privilege.Cluster cluster = Privilege.Cluster.get(new Privilege.Name("foo"));
assertThat(cluster, notNullValue());
assertThat(cluster.name().toString(), is("foo"));
assertThat(cluster.predicate().apply("cluster:bar"), is(true));
assertThat(cluster.predicate().test("cluster:bar"), is(true));
}
@Test(expected = IllegalArgumentException.class)
@ -142,8 +145,8 @@ public class PrivilegeTests extends ESTestCase {
Privilege.Name actionName = new Privilege.Name("indices:admin/mapping/delete");
Privilege.Index index = Privilege.Index.get(actionName);
assertThat(index, notNullValue());
assertThat(index.predicate().apply("indices:admin/mapping/delete"), is(true));
assertThat(index.predicate().apply("indices:admin/mapping/dele"), is(false));
assertThat(index.predicate().test("indices:admin/mapping/delete"), is(true));
assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false));
}
@Test
@ -204,14 +207,14 @@ public class PrivilegeTests extends ESTestCase {
for (Privilege.Index index : Privilege.Index.values()) {
if ("foo".equals(index.name.toString())) {
found = true;
assertThat(index.predicate().apply("indices:bar"), is(true));
assertThat(index.predicate().test("indices:bar"), is(true));
}
}
assertThat(found, is(true));
Privilege.Index index = Privilege.Index.get(new Privilege.Name("foo"));
assertThat(index, notNullValue());
assertThat(index.name().toString(), is("foo"));
assertThat(index.predicate().apply("indices:bar"), is(true));
assertThat(index.predicate().test("indices:bar"), is(true));
}
@Test(expected = IllegalArgumentException.class)
@ -227,42 +230,42 @@ public class PrivilegeTests extends ESTestCase {
@Test
public void testSystem() throws Exception {
Predicate<String> predicate = Privilege.SYSTEM.predicate();
assertThat(predicate.apply("indices:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false));
assertThat(predicate.apply("internal:whatever"), is(true));
assertThat(predicate.apply("indices:whatever"), is(false));
assertThat(predicate.apply("cluster:whatever"), is(false));
assertThat(predicate.apply("cluster:admin/snapshot/status"), is(false));
assertThat(predicate.apply("whatever"), is(false));
assertThat(predicate.apply("cluster:admin/reroute"), is(true));
assertThat(predicate.apply("cluster:admin/whatever"), is(false));
assertThat(predicate.apply("indices:admin/mapping/put"), is(true));
assertThat(predicate.apply("indices:admin/mapping/whatever"), is(false));
assertThat(predicate.test("indices:monitor/whatever"), is(true));
assertThat(predicate.test("cluster:monitor/whatever"), is(true));
assertThat(predicate.test("cluster:admin/snapshot/status[nodes]"), is(false));
assertThat(predicate.test("internal:whatever"), is(true));
assertThat(predicate.test("indices:whatever"), is(false));
assertThat(predicate.test("cluster:whatever"), is(false));
assertThat(predicate.test("cluster:admin/snapshot/status"), is(false));
assertThat(predicate.test("whatever"), is(false));
assertThat(predicate.test("cluster:admin/reroute"), is(true));
assertThat(predicate.test("cluster:admin/whatever"), is(false));
assertThat(predicate.test("indices:admin/mapping/put"), is(true));
assertThat(predicate.test("indices:admin/mapping/whatever"), is(false));
}
@Test
public void testSearchPrivilege() throws Exception {
Predicate<String> predicate = Privilege.Index.SEARCH.predicate();
assertThat(predicate.apply(SearchAction.NAME), is(true));
assertThat(predicate.apply(SearchAction.NAME + "/whatever"), is(true));
assertThat(predicate.apply(MultiSearchAction.NAME), is(true));
assertThat(predicate.apply(MultiSearchAction.NAME + "/whatever"), is(true));
assertThat(predicate.apply(SuggestAction.NAME), is(true));
assertThat(predicate.apply(SuggestAction.NAME + "/whatever"), is(true));
assertThat(predicate.test(SearchAction.NAME), is(true));
assertThat(predicate.test(SearchAction.NAME + "/whatever"), is(true));
assertThat(predicate.test(MultiSearchAction.NAME), is(true));
assertThat(predicate.test(MultiSearchAction.NAME + "/whatever"), is(true));
assertThat(predicate.test(SuggestAction.NAME), is(true));
assertThat(predicate.test(SuggestAction.NAME + "/whatever"), is(true));
assertThat(predicate.apply(GetAction.NAME), is(false));
assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(false));
assertThat(predicate.apply(MultiGetAction.NAME), is(false));
assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(false));
assertThat(predicate.test(GetAction.NAME), is(false));
assertThat(predicate.test(GetAction.NAME + "/whatever"), is(false));
assertThat(predicate.test(MultiGetAction.NAME), is(false));
assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false));
}
@Test
public void testGetPrivilege() throws Exception {
Predicate<String> predicate = Privilege.Index.GET.predicate();
assertThat(predicate.apply(GetAction.NAME), is(true));
assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(true));
assertThat(predicate.apply(MultiGetAction.NAME), is(true));
assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(true));
assertThat(predicate.test(GetAction.NAME), is(true));
assertThat(predicate.test(GetAction.NAME + "/whatever"), is(true));
assertThat(predicate.test(MultiGetAction.NAME), is(true));
assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(true));
}
}