Merge pull request elastic/elasticsearch#1 from elastic/master

update from master

Original commit: elastic/x-pack-elasticsearch@59208737ee
This commit is contained in:
Konrad Beiske 2015-07-28 17:40:45 +02:00
commit 82d548fe5b
6 changed files with 25 additions and 13 deletions

View File

@ -49,6 +49,13 @@ points to, regardless of the filter that the alias might hold. Keep this behavio
administrative privileges to filtered index aliases. Read
https://github.com/elasticsearch/elasticsearch/issues/2318[Elasticsearch issue #2318] to learn more about this limitation.
WARNING: A filtered index alias will not provide document-level security for the {ref}/search-suggesters.html[suggesters apis]
as they do not take into account the filters placed on aliases.
WARNING: A filtered index alias will not provide document-level security when using a
{ref}/search-aggregations-bucket-children-aggregation.html[Children Aggregation] as the filter from the alias is not used
when computing the aggregation results.
[float]
=== Queries and Filters

View File

@ -106,6 +106,7 @@
<overWrite>true</overWrite>
</artifactItem>
</artifactItems>
<useBaseVersion>true</useBaseVersion>
</configuration>
</execution>
</executions>

View File

@ -17,6 +17,7 @@ import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.search.ClearScrollAction;
import org.elasticsearch.action.search.SearchScrollAction;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
@ -30,7 +31,7 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesResolver;
import org.elasticsearch.shield.authz.store.RolesStore;
import org.elasticsearch.transport.TransportRequest;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import static org.elasticsearch.shield.support.Exceptions.authenticationError;
@ -76,15 +77,11 @@ public class InternalAuthorizationService extends AbstractComponent implements A
ImmutableList.Builder<String> indicesAndAliases = ImmutableList.builder();
Predicate<String> predicate = Predicates.or(predicates.build());
MetaData metaData = clusterService.state().metaData();
for (String index : metaData.concreteAllIndices()) {
if (predicate.apply(index)) {
indicesAndAliases.add(index);
}
}
for (Iterator<String> iter = metaData.getAliases().keysIt(); iter.hasNext(); ) {
String alias = iter.next();
if (predicate.apply(alias)) {
indicesAndAliases.add(alias);
// TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles?
for (Map.Entry<String, AliasOrIndex> entry : metaData.getAliasAndIndexLookup().entrySet()) {
String aliasOrIndex = entry.getKey();
if (predicate.apply(aliasOrIndex)) {
indicesAndAliases.add(aliasOrIndex);
}
}
return indicesAndAliases.build();

View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz.indicesresolver;
import com.carrotsearch.hppc.ObjectLookupContainer;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
@ -13,6 +12,7 @@ import org.elasticsearch.action.AliasesRequest;
import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.metadata.MetaData;
@ -99,9 +99,10 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
List<String> authorizedAliases = Lists.newArrayList();
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();
SortedMap<String, AliasOrIndex> existingAliases = metaData.getAliasAndIndexLookup();
for (String authorizedIndex : authorizedIndices) {
if (existingAliases.contains(authorizedIndex)) {
AliasOrIndex aliasOrIndex = existingAliases.get(authorizedIndex);
if (aliasOrIndex != null && aliasOrIndex.isAlias()) {
authorizedAliases.add(authorizedIndex);
}
}

View File

@ -157,6 +157,7 @@
<overWrite>true</overWrite>
</artifactItem>
</artifactItems>
<useBaseVersion>true</useBaseVersion>
</configuration>
</execution>
</executions>

View File

@ -230,6 +230,11 @@ public class SensitiveXContentParser implements XContentParser {
return parser.getTokenLocation();
}
@Override
public boolean isClosed() {
return parser.isClosed();
}
@Override
public void close() throws ElasticsearchException {
parser.close();