fixed shield due to the IndexQueryParseService removal change
Original commit: elastic/x-pack-elasticsearch@ad826b9245
This commit is contained in:
Martijn van Groningen
parent
8fe5a03aae
commit
b7b9fa3ba5
|
|
@ -162,7 +162,7 @@ public class ShieldPlugin extends Plugin {
|
|||
}
|
||||
assert shieldLicenseState != null;
|
||||
module.setSearcherWrapper((indexService) -> new ShieldIndexSearcherWrapper(indexService.getIndexSettings(),
|
||||
indexService.queryParserService(), indexService.mapperService(),
|
||||
indexService.getQueryShardContext(), indexService.mapperService(),
|
||||
indexService.bitsetFilterCache(), shieldLicenseState));
|
||||
if (clientMode == false) {
|
||||
module.registerQueryCache(ShieldPlugin.OPT_OUT_QUERY_CACHE, OptOutQueryCache::new);
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ import org.elasticsearch.index.engine.EngineException;
|
|||
import org.elasticsearch.index.mapper.DocumentMapper;
|
||||
import org.elasticsearch.index.mapper.MapperService;
|
||||
import org.elasticsearch.index.mapper.internal.ParentFieldMapper;
|
||||
import org.elasticsearch.index.query.IndexQueryParserService;
|
||||
import org.elasticsearch.index.query.ParsedQuery;
|
||||
import org.elasticsearch.index.query.QueryShardContext;
|
||||
import org.elasticsearch.index.shard.IndexSearcherWrapper;
|
||||
import org.elasticsearch.index.shard.ShardId;
|
||||
import org.elasticsearch.index.shard.ShardUtils;
|
||||
|
|
@ -48,20 +48,20 @@ import static org.apache.lucene.search.BooleanClause.Occur.FILTER;
|
|||
* Document level security is enabled by wrapping the original {@link DirectoryReader} in a {@link DocumentSubsetReader}
|
||||
* instance.
|
||||
*/
|
||||
public final class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
||||
public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
||||
|
||||
private final MapperService mapperService;
|
||||
private final Set<String> allowedMetaFields;
|
||||
private final IndexQueryParserService parserService;
|
||||
private final QueryShardContext queryShardContext;
|
||||
private final BitsetFilterCache bitsetFilterCache;
|
||||
private final ShieldLicenseState shieldLicenseState;
|
||||
private final ESLogger logger;
|
||||
|
||||
public ShieldIndexSearcherWrapper(IndexSettings indexSettings, IndexQueryParserService parserService,
|
||||
public ShieldIndexSearcherWrapper(IndexSettings indexSettings, QueryShardContext queryShardContext,
|
||||
MapperService mapperService, BitsetFilterCache bitsetFilterCache, ShieldLicenseState shieldLicenseState) {
|
||||
this.logger = Loggers.getLogger(getClass(), indexSettings.getSettings());
|
||||
this.mapperService = mapperService;
|
||||
this.parserService = parserService;
|
||||
this.queryShardContext = queryShardContext;
|
||||
this.bitsetFilterCache = bitsetFilterCache;
|
||||
this.shieldLicenseState = shieldLicenseState;
|
||||
|
||||
|
|
@ -106,7 +106,8 @@ public final class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
|||
if (permissions.getQueries() != null) {
|
||||
BooleanQuery.Builder roleQuery = new BooleanQuery.Builder();
|
||||
for (BytesReference bytesReference : permissions.getQueries()) {
|
||||
ParsedQuery parsedQuery = parserService.parse(bytesReference);
|
||||
QueryShardContext queryShardContext = copyQueryShardContext(this.queryShardContext);
|
||||
ParsedQuery parsedQuery = queryShardContext.parse(bytesReference);
|
||||
roleQuery.add(parsedQuery.query(), FILTER);
|
||||
}
|
||||
reader = DocumentSubsetReader.wrap(reader, bitsetFilterCache, roleQuery.build());
|
||||
|
|
@ -196,6 +197,11 @@ public final class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
|||
return allowedMetaFields;
|
||||
}
|
||||
|
||||
// for testing:
|
||||
protected QueryShardContext copyQueryShardContext(QueryShardContext context) {
|
||||
return new QueryShardContext(context);
|
||||
}
|
||||
|
||||
private void resolveParentChildJoinFields(Set<String> allowedFields) {
|
||||
for (DocumentMapper mapper : mapperService.docMappers(false)) {
|
||||
ParentFieldMapper parentFieldMapper = mapper.parentFieldMapper();
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ import org.elasticsearch.index.IndexSettings;
|
|||
import org.elasticsearch.index.cache.bitset.BitsetFilterCache;
|
||||
import org.elasticsearch.index.engine.EngineConfig;
|
||||
import org.elasticsearch.index.mapper.MapperService;
|
||||
import org.elasticsearch.index.query.IndexQueryParserService;
|
||||
import org.elasticsearch.index.query.ParsedQuery;
|
||||
import org.elasticsearch.index.query.QueryShardContext;
|
||||
import org.elasticsearch.index.shard.ShardId;
|
||||
import org.elasticsearch.indices.IndicesWarmer;
|
||||
import org.elasticsearch.shield.authz.InternalAuthorizationService;
|
||||
|
|
@ -81,14 +81,19 @@ public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase {
|
|||
RequestContext.setCurrent(new RequestContext(request));
|
||||
IndicesAccessControl.IndexAccessControl indexAccessControl = new IndicesAccessControl.IndexAccessControl(true, null, singleton(new BytesArray("{}")));
|
||||
request.putInContext(InternalAuthorizationService.INDICES_PERMISSIONS_KEY, new IndicesAccessControl(true, singletonMap("_index", indexAccessControl)));
|
||||
IndexQueryParserService parserService = mock(IndexQueryParserService.class);
|
||||
IndexSettings indexSettings = IndexSettingsModule.newIndexSettings(shardId.index(), Settings.EMPTY, Collections.EMPTY_LIST);
|
||||
QueryShardContext queryShardContext = mock(QueryShardContext.class);
|
||||
IndexSettings settings = IndexSettingsModule.newIndexSettings(new Index("_index"), Settings.EMPTY, Collections.EMPTY_LIST);
|
||||
BitsetFilterCache bitsetFilterCache = new BitsetFilterCache(settings, new IndicesWarmer(settings.getSettings(), null));
|
||||
ShieldLicenseState licenseState = mock(ShieldLicenseState.class);
|
||||
when(licenseState.documentAndFieldLevelSecurityEnabled()).thenReturn(true);
|
||||
ShieldIndexSearcherWrapper wrapper = new ShieldIndexSearcherWrapper(
|
||||
IndexSettingsModule.newIndexSettings(shardId.index(), Settings.EMPTY, Collections.EMPTY_LIST), parserService, mapperService, bitsetFilterCache, licenseState
|
||||
);
|
||||
ShieldIndexSearcherWrapper wrapper = new ShieldIndexSearcherWrapper(indexSettings, queryShardContext, mapperService, bitsetFilterCache, licenseState) {
|
||||
|
||||
@Override
|
||||
protected QueryShardContext copyQueryShardContext(QueryShardContext context) {
|
||||
return queryShardContext;
|
||||
}
|
||||
};
|
||||
|
||||
Directory directory = newDirectory();
|
||||
IndexWriter iw = new IndexWriter(
|
||||
|
|
@ -135,7 +140,7 @@ public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase {
|
|||
DirectoryReader directoryReader = ElasticsearchDirectoryReader.wrap(DirectoryReader.open(directory), shardId);
|
||||
for (int i = 0; i < numValues; i++) {
|
||||
ParsedQuery parsedQuery = new ParsedQuery(new TermQuery(new Term("field", values[i])));
|
||||
when(parserService.parse(any(BytesReference.class))).thenReturn(parsedQuery);
|
||||
when(queryShardContext.parse(any(BytesReference.class))).thenReturn(parsedQuery);
|
||||
DirectoryReader wrappedDirectoryReader = wrapper.wrap(directoryReader);
|
||||
IndexSearcher indexSearcher = wrapper.wrap(engineConfig, new IndexSearcher(wrappedDirectoryReader));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue