Merge pull request elastic/elasticsearch#1 from elastic/master
update from master Original commit: elastic/x-pack-elasticsearch@59208737ee
This commit is contained in:
Konrad Beiske
commit
82d548fe5b
|
|
@ -49,6 +49,13 @@ points to, regardless of the filter that the alias might hold. Keep this behavio
|
|||
administrative privileges to filtered index aliases. Read
|
||||
https://github.com/elasticsearch/elasticsearch/issues/2318[Elasticsearch issue #2318] to learn more about this limitation.
|
||||
|
||||
WARNING: A filtered index alias will not provide document-level security for the {ref}/search-suggesters.html[suggesters apis]
|
||||
as they do not take into account the filters placed on aliases.
|
||||
|
||||
WARNING: A filtered index alias will not provide document-level security when using a
|
||||
{ref}/search-aggregations-bucket-children-aggregation.html[Children Aggregation] as the filter from the alias is not used
|
||||
when computing the aggregation results.
|
||||
|
||||
[float]
|
||||
=== Queries and Filters
|
||||
|
||||
|
|
|
|||
|
|
@ -106,6 +106,7 @@
|
|||
<overWrite>true</overWrite>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
<useBaseVersion>true</useBaseVersion>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
|
|||
import org.elasticsearch.action.search.ClearScrollAction;
|
||||
import org.elasticsearch.action.search.SearchScrollAction;
|
||||
import org.elasticsearch.cluster.ClusterService;
|
||||
import org.elasticsearch.cluster.metadata.AliasOrIndex;
|
||||
import org.elasticsearch.cluster.metadata.MetaData;
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
|
|
@ -30,7 +31,7 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesResolver;
|
|||
import org.elasticsearch.shield.authz.store.RolesStore;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.elasticsearch.shield.support.Exceptions.authenticationError;
|
||||
|
|
@ -76,15 +77,11 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
ImmutableList.Builder<String> indicesAndAliases = ImmutableList.builder();
|
||||
Predicate<String> predicate = Predicates.or(predicates.build());
|
||||
MetaData metaData = clusterService.state().metaData();
|
||||
for (String index : metaData.concreteAllIndices()) {
|
||||
if (predicate.apply(index)) {
|
||||
indicesAndAliases.add(index);
|
||||
}
|
||||
}
|
||||
for (Iterator<String> iter = metaData.getAliases().keysIt(); iter.hasNext(); ) {
|
||||
String alias = iter.next();
|
||||
if (predicate.apply(alias)) {
|
||||
indicesAndAliases.add(alias);
|
||||
// TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?
|
||||
for (Map.Entry<String, AliasOrIndex> entry : metaData.getAliasAndIndexLookup().entrySet()) {
|
||||
String aliasOrIndex = entry.getKey();
|
||||
if (predicate.apply(aliasOrIndex)) {
|
||||
indicesAndAliases.add(aliasOrIndex);
|
||||
}
|
||||
}
|
||||
return indicesAndAliases.build();
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.shield.authz.indicesresolver;
|
||||
|
||||
import com.carrotsearch.hppc.ObjectLookupContainer;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.Lists;
|
||||
import com.google.common.collect.Sets;
|
||||
|
|
@ -13,6 +12,7 @@ import org.elasticsearch.action.AliasesRequest;
|
|||
import org.elasticsearch.action.CompositeIndicesRequest;
|
||||
import org.elasticsearch.action.IndicesRequest;
|
||||
import org.elasticsearch.action.support.IndicesOptions;
|
||||
import org.elasticsearch.cluster.metadata.AliasOrIndex;
|
||||
import org.elasticsearch.cluster.metadata.IndexMetaData;
|
||||
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
|
||||
import org.elasticsearch.cluster.metadata.MetaData;
|
||||
|
|
@ -99,9 +99,10 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
|
|||
|
||||
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
|
||||
List<String> authorizedAliases = Lists.newArrayList();
|
||||
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();
|
||||
SortedMap<String, AliasOrIndex> existingAliases = metaData.getAliasAndIndexLookup();
|
||||
for (String authorizedIndex : authorizedIndices) {
|
||||
if (existingAliases.contains(authorizedIndex)) {
|
||||
AliasOrIndex aliasOrIndex = existingAliases.get(authorizedIndex);
|
||||
if (aliasOrIndex != null && aliasOrIndex.isAlias()) {
|
||||
authorizedAliases.add(authorizedIndex);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -157,6 +157,7 @@
|
|||
<overWrite>true</overWrite>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
<useBaseVersion>true</useBaseVersion>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
|
|
|
|||
|
|
@ -230,6 +230,11 @@ public class SensitiveXContentParser implements XContentParser {
|
|||
return parser.getTokenLocation();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isClosed() {
|
||||
return parser.isClosed();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() throws ElasticsearchException {
|
||||
parser.close();
|
||||
|
|
|
|||
Loading…
Reference in New Issue