diff --git a/TESTING.md b/TESTING.md
index 5571b7c7a4a..4a2a786469b 100644
--- a/TESTING.md
+++ b/TESTING.md
@@ -245,7 +245,7 @@ The YAML REST tests support all the options provided by the randomized runner, p
- `tests.rest.suite`: comma separated paths of the test suites to be run (by default loaded from /rest-api-spec/test). It is possible to run only a subset of the tests providing a sub-folder or even a single yaml file (the default /rest-api-spec/test prefix is optional when files are loaded from classpath) e.g. `-Dtests.rest.suite=index,get,create/10_with_id`
-- `tests.rest.blacklist`: comma separated globs that identify tests that are blacklisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
+- `tests.rest.blacklist`: comma separated globs that identify tests that are denylisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
Java REST tests can be run with the "javaRestTest" task.
diff --git a/client/rest/src/main/java/org/opensearch/client/NodeSelector.java b/client/rest/src/main/java/org/opensearch/client/NodeSelector.java
index 398a3a72b94..09d5a2c1fe5 100644
--- a/client/rest/src/main/java/org/opensearch/client/NodeSelector.java
+++ b/client/rest/src/main/java/org/opensearch/client/NodeSelector.java
@@ -48,7 +48,7 @@ public interface NodeSelector {
* iterate the nodes as many times as they need.
*
* This may be called twice per request: first for "living" nodes that
- * have not been blacklisted by previous errors. If the selector removes
+ * have not been denylisted by previous errors. If the selector removes
* all nodes from the list or if there aren't any living nodes then the
* {@link RestClient} will call this method with a list of "dead" nodes.
*
diff --git a/client/rest/src/main/java/org/opensearch/client/RestClient.java b/client/rest/src/main/java/org/opensearch/client/RestClient.java
index c004613f89b..4f899fd7091 100644
--- a/client/rest/src/main/java/org/opensearch/client/RestClient.java
+++ b/client/rest/src/main/java/org/opensearch/client/RestClient.java
@@ -125,7 +125,7 @@ public class RestClient implements Closeable {
final List defaultHeaders;
private final String pathPrefix;
private final AtomicInteger lastNodeIndex = new AtomicInteger(0);
- private final ConcurrentMap blacklist = new ConcurrentHashMap<>();
+ private final ConcurrentMap denylist = new ConcurrentHashMap<>();
private final FailureListener failureListener;
private final NodeSelector nodeSelector;
private volatile NodeTuple> nodeTuple;
@@ -246,7 +246,7 @@ public class RestClient implements Closeable {
authCache.put(node.getHost(), new BasicScheme());
}
this.nodeTuple = new NodeTuple<>(Collections.unmodifiableList(new ArrayList<>(nodesByHost.values())), authCache);
- this.blacklist.clear();
+ this.denylist.clear();
}
/**
@@ -448,7 +448,7 @@ public class RestClient implements Closeable {
*/
private NodeTuple> nextNodes() throws IOException {
NodeTuple> nodeTuple = this.nodeTuple;
- Iterable hosts = selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector);
+ Iterable hosts = selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector);
return new NodeTuple<>(hosts.iterator(), nodeTuple.authCache);
}
@@ -458,17 +458,17 @@ public class RestClient implements Closeable {
*/
static Iterable selectNodes(
NodeTuple> nodeTuple,
- Map blacklist,
+ Map denylist,
AtomicInteger lastNodeIndex,
NodeSelector nodeSelector
) throws IOException {
/*
* Sort the nodes into living and dead lists.
*/
- List livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - blacklist.size()));
- List deadNodes = new ArrayList<>(blacklist.size());
+ List livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - denylist.size()));
+ List deadNodes = new ArrayList<>(denylist.size());
for (Node node : nodeTuple.nodes) {
- DeadHostState deadness = blacklist.get(node.getHost());
+ DeadHostState deadness = denylist.get(node.getHost());
if (deadness == null || deadness.shallBeRetried()) {
livingNodes.add(node);
} else {
@@ -526,9 +526,9 @@ public class RestClient implements Closeable {
* Receives as an argument the host that was used for the successful request.
*/
private void onResponse(Node node) {
- DeadHostState removedHost = this.blacklist.remove(node.getHost());
+ DeadHostState removedHost = this.denylist.remove(node.getHost());
if (logger.isDebugEnabled() && removedHost != null) {
- logger.debug("removed [" + node + "] from blacklist");
+ logger.debug("removed [" + node + "] from denylist");
}
}
@@ -538,19 +538,19 @@ public class RestClient implements Closeable {
*/
private void onFailure(Node node) {
while (true) {
- DeadHostState previousDeadHostState = blacklist.putIfAbsent(
+ DeadHostState previousDeadHostState = denylist.putIfAbsent(
node.getHost(),
new DeadHostState(DeadHostState.DEFAULT_TIME_SUPPLIER)
);
if (previousDeadHostState == null) {
if (logger.isDebugEnabled()) {
- logger.debug("added [" + node + "] to blacklist");
+ logger.debug("added [" + node + "] to denylist");
}
break;
}
- if (blacklist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
+ if (denylist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
if (logger.isDebugEnabled()) {
- logger.debug("updated [" + node + "] already in blacklist");
+ logger.debug("updated [" + node + "] already in denylist");
}
break;
}
@@ -718,8 +718,8 @@ public class RestClient implements Closeable {
}
/**
- * Contains a reference to a blacklisted node and the time until it is
- * revived. We use this so we can do a single pass over the blacklist.
+ * Contains a reference to a denylisted node and the time until it is
+ * revived. We use this so we can do a single pass over the denylist.
*/
private static class DeadNode implements Comparable {
final Node node;
diff --git a/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java b/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java
index 0011622fe24..0b7d2881ccb 100644
--- a/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java
+++ b/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java
@@ -62,7 +62,7 @@ import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
- * Tests for {@link RestClient} behaviour against multiple hosts: fail-over, blacklisting etc.
+ * Tests for {@link RestClient} behaviour against multiple hosts: fail-over, denylisting etc.
* Relies on a mock http client to intercept requests and return desired responses based on request path.
*/
public class RestClientMultipleHostsTests extends RestClientTestCase {
@@ -154,7 +154,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
fail("request should have failed");
} catch (ResponseException e) {
Set hostsSet = hostsSet();
- // first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
+ // first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
failureListener.assertCalled(nodes);
do {
Response response = e.getResponse();
@@ -175,7 +175,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
assertEquals("every host should have been used but some weren't: " + hostsSet, 0, hostsSet.size());
} catch (IOException e) {
Set hostsSet = hostsSet();
- // first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
+ // first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
failureListener.assertCalled(nodes);
do {
HttpHost httpHost = HttpHost.create(e.getMessage());
@@ -211,13 +211,13 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
"host [" + response.getHost() + "] not found, most likely used multiple times",
hostsSet.remove(response.getHost())
);
- // after the first request, all hosts are blacklisted, a single one gets resurrected each time
+ // after the first request, all hosts are denylisted, a single one gets resurrected each time
failureListener.assertCalled(response.getHost());
assertEquals(0, e.getSuppressed().length);
} catch (IOException e) {
HttpHost httpHost = HttpHost.create(e.getMessage());
assertTrue("host [" + httpHost + "] not found, most likely used multiple times", hostsSet.remove(httpHost));
- // after the first request, all hosts are blacklisted, a single one gets resurrected each time
+ // after the first request, all hosts are denylisted, a single one gets resurrected each time
failureListener.assertCalled(httpHost);
assertEquals(0, e.getSuppressed().length);
}
diff --git a/client/rest/src/test/java/org/opensearch/client/RestClientTests.java b/client/rest/src/test/java/org/opensearch/client/RestClientTests.java
index 169e2dbcfd8..ca761dcb6b9 100644
--- a/client/rest/src/test/java/org/opensearch/client/RestClientTests.java
+++ b/client/rest/src/test/java/org/opensearch/client/RestClientTests.java
@@ -260,11 +260,11 @@ public class RestClientTests extends RestClientTestCase {
NodeTuple> nodeTuple = new NodeTuple<>(Arrays.asList(n1, n2, n3), null);
- Map emptyBlacklist = Collections.emptyMap();
+ Map emptyDenylist = Collections.emptyMap();
// Normal cases where the node selector doesn't reject all living nodes
- assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyBlacklist, NodeSelector.ANY);
- assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyBlacklist, not1);
+ assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyDenylist, NodeSelector.ANY);
+ assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyDenylist, not1);
/*
* Try a NodeSelector that excludes all nodes. This should
@@ -274,83 +274,83 @@ public class RestClientTests extends RestClientTestCase {
String message = "NodeSelector [NONE] rejected all nodes, living ["
+ "[host=http://1, version=1], [host=http://2, version=2], "
+ "[host=http://3, version=3]] and dead []";
- assertEquals(message, assertSelectAllRejected(nodeTuple, emptyBlacklist, noNodes));
+ assertEquals(message, assertSelectAllRejected(nodeTuple, emptyDenylist, noNodes));
}
// Mark all the nodes dead for a few test cases
{
final AtomicLong time = new AtomicLong(0L);
Supplier timeSupplier = time::get;
- Map blacklist = new HashMap<>();
- blacklist.put(n1.getHost(), new DeadHostState(timeSupplier));
- blacklist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
- blacklist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
+ Map denylist = new HashMap<>();
+ denylist.put(n1.getHost(), new DeadHostState(timeSupplier));
+ denylist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
+ denylist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
/*
- * case when fewer nodeTuple than blacklist, won't result in any IllegalCapacityException
+ * case when fewer nodeTuple than denylist, won't result in any IllegalCapacityException
*/
{
NodeTuple> fewerNodeTuple = new NodeTuple<>(Arrays.asList(n1, n2), null);
- assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, blacklist, NodeSelector.ANY);
- assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, blacklist, not1);
+ assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, denylist, NodeSelector.ANY);
+ assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, denylist, not1);
}
/*
* selectHosts will revive a single host regardless of
- * blacklist time. It'll revive the node that is closest
+ * denylist time. It'll revive the node that is closest
* to being revived that the NodeSelector is ok with.
*/
- assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), NodeSelector.ANY));
- assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), not1));
+ assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), NodeSelector.ANY));
+ assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), not1));
/*
* Try a NodeSelector that excludes all nodes. This should
* return a failure, but a different failure than when the
- * blacklist is empty so that the caller knows that all of
- * their nodes are blacklisted AND blocked.
+ * denylist is empty so that the caller knows that all of
+ * their nodes are denylisted AND blocked.
*/
String message = "NodeSelector [NONE] rejected all nodes, living [] and dead ["
+ "[host=http://1, version=1], [host=http://2, version=2], "
+ "[host=http://3, version=3]]";
- assertEquals(message, assertSelectAllRejected(nodeTuple, blacklist, noNodes));
+ assertEquals(message, assertSelectAllRejected(nodeTuple, denylist, noNodes));
/*
* Now lets wind the clock forward, past the timeout for one of
* the dead nodes. We should return it.
*/
time.set(new DeadHostState(timeSupplier).getDeadUntilNanos());
- assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, blacklist, NodeSelector.ANY);
+ assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, denylist, NodeSelector.ANY);
/*
* But if the NodeSelector rejects that node then we'll pick the
* first on that the NodeSelector doesn't reject.
*/
- assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, blacklist, not1);
+ assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, denylist, not1);
/*
* If we wind the clock way into the future, past any of the
- * blacklist timeouts then we function as though the nodes aren't
- * in the blacklist at all.
+ * denylist timeouts then we function as though the nodes aren't
+ * in the denylist at all.
*/
time.addAndGet(DeadHostState.MAX_CONNECTION_TIMEOUT_NANOS);
- assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, blacklist, NodeSelector.ANY);
- assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, blacklist, not1);
+ assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, denylist, NodeSelector.ANY);
+ assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, denylist, not1);
}
}
private void assertSelectLivingHosts(
List expectedNodes,
NodeTuple> nodeTuple,
- Map blacklist,
+ Map denylist,
NodeSelector nodeSelector
) throws IOException {
int iterations = 1000;
AtomicInteger lastNodeIndex = new AtomicInteger(0);
- assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
+ assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
// Calling it again rotates the set of results
for (int i = 1; i < iterations; i++) {
Collections.rotate(expectedNodes, 1);
- assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
+ assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
}
}
@@ -360,11 +360,11 @@ public class RestClientTests extends RestClientTestCase {
*/
private static String assertSelectAllRejected(
NodeTuple> nodeTuple,
- Map blacklist,
+ Map denylist,
NodeSelector nodeSelector
) {
try {
- RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(0), nodeSelector);
+ RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(0), nodeSelector);
throw new AssertionError("expected selectHosts to fail");
} catch (IOException e) {
return e.getMessage();
diff --git a/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java b/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java
index 08f1efd4dac..f41c4984499 100644
--- a/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java
+++ b/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java
@@ -54,7 +54,7 @@ import java.util.Set;
* a thread must have {@code modifyThread} to even terminate its own pool, leaving
* system threads unprotected.
*
- * This class throws exception on {@code exitVM} calls, and provides a whitelist where calls
+ * This class throws exception on {@code exitVM} calls, and provides an allowlist where calls
* from exit are allowed.
*
* Additionally it enforces threadgroup security with the following rules:
diff --git a/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java b/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java
index c479a6d01ee..1c13e51788f 100644
--- a/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java
+++ b/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java
@@ -43,13 +43,13 @@ import java.util.Map;
public class AnalysisPainlessExtension implements PainlessExtension {
- private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
+ private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
AnalysisPainlessExtension.class,
"painless_whitelist.txt"
);
@Override
public Map, List> getContextWhitelists() {
- return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(WHITELIST));
+ return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(ALLOWLIST));
}
}
diff --git a/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java b/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java
index 93cb60c5b52..c45104873c7 100644
--- a/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java
+++ b/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java
@@ -44,13 +44,13 @@ import java.util.Map;
public class ProcessorsWhitelistExtension implements PainlessExtension {
- private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
+ private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
ProcessorsWhitelistExtension.class,
"processors_whitelist.txt"
);
@Override
public Map, List> getContextWhitelists() {
- return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(WHITELIST));
+ return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(ALLOWLIST));
}
}
diff --git a/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt b/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt
index 1372ef2ed03..7b8c6050788 100644
--- a/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt
+++ b/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt
@@ -17,7 +17,7 @@
# under the License.
#
-# This file contains a whitelist of static processor methods that can be accessed from painless
+# This file contains a allowlist of static processor methods that can be accessed from painless
class org.opensearch.ingest.common.Processors {
long bytes(String)
diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java
index 695c8663872..b400c7a027f 100644
--- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java
+++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java
@@ -39,18 +39,18 @@ import java.util.List;
import java.util.Objects;
/**
- * Whitelist contains data structures designed to be used to generate a whitelist of Java classes,
+ * Allowlist contains data structures designed to be used to generate an allowlist of Java classes,
* constructors, methods, and fields that can be used within a Painless script at both compile-time
* and run-time.
*
- * A whitelist consists of several pieces with {@link WhitelistClass}s as the top level. Each
+ * A Allowlist consists of several pieces with {@link WhitelistClass}s as the top level. Each
* {@link WhitelistClass} will contain zero-to-many {@link WhitelistConstructor}s, {@link WhitelistMethod}s, and
* {@link WhitelistField}s which are what will be available with a Painless script. See each individual
- * whitelist object for more detail.
+ * allowlist object for more detail.
*/
public final class Whitelist {
- private static final String[] BASE_WHITELIST_FILES = new String[] {
+ private static final String[] BASE_ALLOWLIST_FILES = new String[] {
"org.opensearch.txt",
"java.lang.txt",
"java.math.txt",
@@ -66,37 +66,37 @@ public final class Whitelist {
"java.util.stream.txt" };
public static final List BASE_WHITELISTS = Collections.singletonList(
- WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_WHITELIST_FILES)
+ WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_ALLOWLIST_FILES)
);
- /** The {@link ClassLoader} used to look up the whitelisted Java classes, constructors, methods, and fields. */
+ /** The {@link ClassLoader} used to look up the allowlisted Java classes, constructors, methods, and fields. */
public final ClassLoader classLoader;
- /** The {@link List} of all the whitelisted Painless classes. */
+ /** The {@link List} of all the allowlisted Painless classes. */
public final List whitelistClasses;
- /** The {@link List} of all the whitelisted static Painless methods. */
+ /** The {@link List} of all the allowlisted static Painless methods. */
public final List whitelistImportedMethods;
- /** The {@link List} of all the whitelisted Painless class bindings. */
+ /** The {@link List} of all the allowlisted Painless class bindings. */
public final List whitelistClassBindings;
- /** The {@link List} of all the whitelisted Painless instance bindings. */
+ /** The {@link List} of all the allowlisted Painless instance bindings. */
public final List whitelistInstanceBindings;
/** Standard constructor. All values must be not {@code null}. */
public Whitelist(
ClassLoader classLoader,
- List whitelistClasses,
- List whitelistImportedMethods,
- List whitelistClassBindings,
- List whitelistInstanceBindings
+ List allowlistClasses,
+ List allowlistImportedMethods,
+ List allowlistClassBindings,
+ List allowlistInstanceBindings
) {
this.classLoader = Objects.requireNonNull(classLoader);
- this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(whitelistClasses));
- this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistImportedMethods));
- this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistClassBindings));
- this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistInstanceBindings));
+ this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(allowlistClasses));
+ this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistImportedMethods));
+ this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistClassBindings));
+ this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistInstanceBindings));
}
}
diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java
index 3947be60054..bf5083998f9 100644
--- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java
+++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java
@@ -42,7 +42,7 @@ import java.util.stream.Collectors;
/**
* Class represents the equivalent of a Java class in Painless complete with super classes,
* constructors, methods, and fields. There must be a one-to-one mapping of class names to Java
- * classes. Though, since multiple whitelists may be combined into a single whitelist for a
+ * classes. Though, since multiple allowlists may be combined into a single allowlist for a
* specific context, as long as multiple classes representing the same Java class have the same
* class name and have legal constructor/method overloading they can be merged together.
*
@@ -51,7 +51,7 @@ import java.util.stream.Collectors;
* number of parameters, and multiples methods with the same name are allowed for a single class
* as long as they have the same return type and a different number of parameters.
*
- * Classes will automatically extend other whitelisted classes if the Java class they represent is a
+ * Classes will automatically extend other allowlisted classes if the Java class they represent is a
* subclass of other classes including Java interfaces.
*/
public final class WhitelistClass {
@@ -62,13 +62,13 @@ public final class WhitelistClass {
/** The Java class name this class represents. */
public final String javaClassName;
- /** The {@link List} of whitelisted ({@link WhitelistConstructor}s) available to this class. */
+ /** The {@link List} of allowlisted ({@link WhitelistConstructor}s) available to this class. */
public final List whitelistConstructors;
- /** The {@link List} of whitelisted ({@link WhitelistMethod}s) available to this class. */
+ /** The {@link List} of allowlisted ({@link WhitelistMethod}s) available to this class. */
public final List whitelistMethods;
- /** The {@link List} of whitelisted ({@link WhitelistField}s) available to this class. */
+ /** The {@link List} of allowlisted ({@link WhitelistField}s) available to this class. */
public final List whitelistFields;
/** The {@link Map} of annotations for this class. */
@@ -78,18 +78,18 @@ public final class WhitelistClass {
public WhitelistClass(
String origin,
String javaClassName,
- List whitelistConstructors,
- List whitelistMethods,
- List whitelistFields,
+ List allowlistConstructors,
+ List allowlistMethods,
+ List allowlistFields,
List
*
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
- * until it finds a matching whitelisted method. If one is not found, it throws an exception.
+ * until it finds a matching allowlisted method. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching method.
*
- * @param painlessLookup the whitelist
+ * @param painlessLookup the allowlist
* @param functions user defined functions and lambdas
* @param constants available constants to be used if the method has the {@code InjectConstantAnnotation}
* @param methodHandlesLookup caller's lookup
@@ -249,7 +249,7 @@ public final class Def {
* @param name Name of the method.
* @param args bootstrap args passed to callsite
* @return pointer to matching method to invoke. never returns null.
- * @throws IllegalArgumentException if no matching whitelisted method was found.
+ * @throws IllegalArgumentException if no matching allowlisted method was found.
* @throws Throwable if a method reference cannot be converted to an functional interface
*/
static MethodHandle lookupMethod(
@@ -473,26 +473,26 @@ public final class Def {
*
* The following field loads are allowed:
*
- *
Whitelisted {@code field} from receiver's class or any superclasses.
- *
Whitelisted method named {@code getField()} from receiver's class/superclasses/interfaces.
- *
Whitelisted method named {@code isField()} from receiver's class/superclasses/interfaces.
+ *
Allowlisted {@code field} from receiver's class or any superclasses.
+ *
Allowlisted method named {@code getField()} from receiver's class/superclasses/interfaces.
+ *
Allowlisted method named {@code isField()} from receiver's class/superclasses/interfaces.
*
The {@code length} field of an array.
*
The value corresponding to a map key named {@code field} when the receiver is a Map.
*
The value in a list at element {@code field} (integer) when the receiver is a List.
*
*
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
- * until it finds a matching whitelisted getter. If one is not found, it throws an exception.
+ * until it finds a matching allowlisted getter. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching getter.
*
- * @param painlessLookup the whitelist
+ * @param painlessLookup the allowlist
* @param receiverClass Class of the object to retrieve the field from.
* @param name Name of the field.
* @return pointer to matching field. never returns null.
- * @throws IllegalArgumentException if no matching whitelisted field was found.
+ * @throws IllegalArgumentException if no matching allowlisted field was found.
*/
static MethodHandle lookupGetter(PainlessLookup painlessLookup, Class> receiverClass, String name) {
- // first try whitelist
+ // first try allowlist
MethodHandle getter = painlessLookup.lookupRuntimeGetterMethodHandle(receiverClass, name);
if (getter != null) {
@@ -530,24 +530,24 @@ public final class Def {
*
* The following field stores are allowed:
*
- *
Whitelisted {@code field} from receiver's class or any superclasses.
- *
Whitelisted method named {@code setField()} from receiver's class/superclasses/interfaces.
+ *
Allowlisted {@code field} from receiver's class or any superclasses.
+ *
Allowlisted method named {@code setField()} from receiver's class/superclasses/interfaces.
*
The value corresponding to a map key named {@code field} when the receiver is a Map.
*
The value in a list at element {@code field} (integer) when the receiver is a List.
*
*
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
- * until it finds a matching whitelisted setter. If one is not found, it throws an exception.
+ * until it finds a matching allowlisted setter. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching setter.
*
- * @param painlessLookup the whitelist
+ * @param painlessLookup the allowlist
* @param receiverClass Class of the object to retrieve the field from.
* @param name Name of the field.
* @return pointer to matching field. never returns null.
- * @throws IllegalArgumentException if no matching whitelisted field was found.
+ * @throws IllegalArgumentException if no matching allowlisted field was found.
*/
static MethodHandle lookupSetter(PainlessLookup painlessLookup, Class> receiverClass, String name) {
- // first try whitelist
+ // first try allowlist
MethodHandle setter = painlessLookup.lookupRuntimeSetterMethodHandle(receiverClass, name);
if (setter != null) {
diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java b/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java
index 97e2b6f2466..0726881b129 100644
--- a/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java
+++ b/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java
@@ -53,7 +53,7 @@ import java.util.Map;
* shift operator, and dynamic array index normalize.
*
* When a new type is encountered at the call site, we lookup from the appropriate
- * whitelist, and cache with a guard. If we encounter too many types, we stop caching.
+ * allowlist, and cache with a guard. If we encounter too many types, we stop caching.
*
* Based on the cascaded inlining cache from the JSR 292 cookbook
* (https://code.google.com/archive/p/jsr292-cookbook/, BSD license)
@@ -166,7 +166,7 @@ public final class DefBootstrap {
}
/**
- * Does a slow lookup against the whitelist.
+ * Does a slow lookup against the allowlist.
*/
private MethodHandle lookup(int flavor, String name, Class> receiver) throws Throwable {
switch (flavor) {
@@ -470,10 +470,10 @@ public final class DefBootstrap {
* In addition to ordinary parameters, we also take some parameters defined at the call site:
*
*
{@code initialDepth}: initial call site depth. this is used to exercise megamorphic fallback.
- *
{@code flavor}: type of dynamic call it is (and which part of whitelist to look at).
+ *
{@code flavor}: type of dynamic call it is (and which part of allowlist to look at).
*
{@code args}: flavor-specific args.
*
- * And we take the {@link PainlessLookup} used to compile the script for whitelist checking.
+ * And we take the {@link PainlessLookup} used to compile the script for allowlist checking.
*
* see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html#jvms-6.5.invokedynamic
*/
diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java b/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java
index 097960dfbe6..c6aa2661487 100644
--- a/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java
+++ b/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java
@@ -59,8 +59,8 @@ import static org.objectweb.asm.Opcodes.H_NEWINVOKESPECIAL;
*/
public class FunctionRef {
/**
- * Creates a new FunctionRef which will resolve {@code type::call} from the whitelist.
- * @param painlessLookup the whitelist against which this script is being compiled
+ * Creates a new FunctionRef which will resolve {@code type::call} from the allowlist.
+ * @param painlessLookup the allowlist against which this script is being compiled
* @param functionTable user-defined and synthetic methods generated directly on the script class
* @param location the character number within the script at compile-time
* @param targetClass functional interface type to implement.
diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java b/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java
index 4c693243d2a..09a23c15f34 100644
--- a/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java
+++ b/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java
@@ -83,11 +83,11 @@ import java.util.function.Supplier;
*/
public final class PainlessPlugin extends Plugin implements ScriptPlugin, ExtensiblePlugin, ActionPlugin {
- private static final Map, List> whitelists;
+ private static final Map, List> allowlists;
/*
- * Contexts from Core that need custom whitelists can add them to the map below.
- * Whitelist resources should be added as appropriately named, separate files
+ * Contexts from Core that need custom allowlists can add them to the map below.
+ * Allowlist resources should be added as appropriately named, separate files
* under Painless' resources
*/
static {
@@ -108,23 +108,23 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
ingest.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
map.put(IngestScript.CONTEXT, ingest);
- whitelists = map;
+ allowlists = map;
}
private final SetOnce painlessScriptEngine = new SetOnce<>();
@Override
public ScriptEngine getScriptEngine(Settings settings, Collection> contexts) {
- Map, List> contextsWithWhitelists = new HashMap<>();
+ Map, List> contextsWithAllowlists = new HashMap<>();
for (ScriptContext> context : contexts) {
- // we might have a context that only uses the base whitelists, so would not have been filled in by reloadSPI
- List contextWhitelists = whitelists.get(context);
- if (contextWhitelists == null) {
- contextWhitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
+ // we might have a context that only uses the base allowlists, so would not have been filled in by reloadSPI
+ List contextAllowlists = allowlists.get(context);
+ if (contextAllowlists == null) {
+ contextAllowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
}
- contextsWithWhitelists.put(context, contextWhitelists);
+ contextsWithAllowlists.put(context, contextAllowlists);
}
- painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithWhitelists));
+ painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithAllowlists));
return painlessScriptEngine.get();
}
@@ -158,7 +158,7 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
.stream()
.flatMap(extension -> extension.getContextWhitelists().entrySet().stream())
.forEach(entry -> {
- List existing = whitelists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
+ List existing = allowlists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
existing.addAll(entry.getValue());
});
}
diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java b/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java
index 4b2125aac24..a9333fde6b4 100644
--- a/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java
+++ b/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java
@@ -68,7 +68,7 @@ import static java.util.Collections.singletonList;
import static org.opensearch.rest.RestRequest.Method.GET;
/**
- * Internal REST API for querying context information about Painless whitelists.
+ * Internal REST API for querying context information about Painless allowlists.
* Commands include the following:
*
*
GET /_scripts/painless/_context -- retrieves a list of contexts
diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java b/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java
index dd8e253db47..ff3fbc640e9 100644
--- a/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java
+++ b/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java
@@ -126,107 +126,107 @@ public final class PainlessLookupBuilder {
}
}
- public static PainlessLookup buildFromWhitelists(List whitelists) {
+ public static PainlessLookup buildFromWhitelists(List allowlists) {
PainlessLookupBuilder painlessLookupBuilder = new PainlessLookupBuilder();
String origin = "internal error";
try {
- for (Whitelist whitelist : whitelists) {
- for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
- origin = whitelistClass.origin;
+ for (Whitelist allowlist : allowlists) {
+ for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
+ origin = allowlistClass.origin;
painlessLookupBuilder.addPainlessClass(
- whitelist.classLoader,
- whitelistClass.javaClassName,
- whitelistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
+ allowlist.classLoader,
+ allowlistClass.javaClassName,
+ allowlistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
);
}
}
- for (Whitelist whitelist : whitelists) {
- for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
- String targetCanonicalClassName = whitelistClass.javaClassName.replace('$', '.');
+ for (Whitelist allowlist : allowlists) {
+ for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
+ String targetCanonicalClassName = allowlistClass.javaClassName.replace('$', '.');
- for (WhitelistConstructor whitelistConstructor : whitelistClass.whitelistConstructors) {
- origin = whitelistConstructor.origin;
+ for (WhitelistConstructor allowlistConstructor : allowlistClass.whitelistConstructors) {
+ origin = allowlistConstructor.origin;
painlessLookupBuilder.addPainlessConstructor(
targetCanonicalClassName,
- whitelistConstructor.canonicalTypeNameParameters,
- whitelistConstructor.painlessAnnotations
+ allowlistConstructor.canonicalTypeNameParameters,
+ allowlistConstructor.painlessAnnotations
);
}
- for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
- origin = whitelistMethod.origin;
+ for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
+ origin = allowlistMethod.origin;
painlessLookupBuilder.addPainlessMethod(
- whitelist.classLoader,
+ allowlist.classLoader,
targetCanonicalClassName,
- whitelistMethod.augmentedCanonicalClassName,
- whitelistMethod.methodName,
- whitelistMethod.returnCanonicalTypeName,
- whitelistMethod.canonicalTypeNameParameters,
- whitelistMethod.painlessAnnotations
+ allowlistMethod.augmentedCanonicalClassName,
+ allowlistMethod.methodName,
+ allowlistMethod.returnCanonicalTypeName,
+ allowlistMethod.canonicalTypeNameParameters,
+ allowlistMethod.painlessAnnotations
);
}
- for (WhitelistField whitelistField : whitelistClass.whitelistFields) {
- origin = whitelistField.origin;
+ for (WhitelistField allowlistField : allowlistClass.whitelistFields) {
+ origin = allowlistField.origin;
painlessLookupBuilder.addPainlessField(
targetCanonicalClassName,
- whitelistField.fieldName,
- whitelistField.canonicalTypeNameParameter
+ allowlistField.fieldName,
+ allowlistField.canonicalTypeNameParameter
);
}
}
- for (WhitelistMethod whitelistStatic : whitelist.whitelistImportedMethods) {
- origin = whitelistStatic.origin;
+ for (WhitelistMethod allowlistStatic : allowlist.whitelistImportedMethods) {
+ origin = allowlistStatic.origin;
painlessLookupBuilder.addImportedPainlessMethod(
- whitelist.classLoader,
- whitelistStatic.augmentedCanonicalClassName,
- whitelistStatic.methodName,
- whitelistStatic.returnCanonicalTypeName,
- whitelistStatic.canonicalTypeNameParameters,
- whitelistStatic.painlessAnnotations
+ allowlist.classLoader,
+ allowlistStatic.augmentedCanonicalClassName,
+ allowlistStatic.methodName,
+ allowlistStatic.returnCanonicalTypeName,
+ allowlistStatic.canonicalTypeNameParameters,
+ allowlistStatic.painlessAnnotations
);
}
- for (WhitelistClassBinding whitelistClassBinding : whitelist.whitelistClassBindings) {
- origin = whitelistClassBinding.origin;
+ for (WhitelistClassBinding allowlistClassBinding : allowlist.whitelistClassBindings) {
+ origin = allowlistClassBinding.origin;
painlessLookupBuilder.addPainlessClassBinding(
- whitelist.classLoader,
- whitelistClassBinding.targetJavaClassName,
- whitelistClassBinding.methodName,
- whitelistClassBinding.returnCanonicalTypeName,
- whitelistClassBinding.canonicalTypeNameParameters,
- whitelistClassBinding.painlessAnnotations
+ allowlist.classLoader,
+ allowlistClassBinding.targetJavaClassName,
+ allowlistClassBinding.methodName,
+ allowlistClassBinding.returnCanonicalTypeName,
+ allowlistClassBinding.canonicalTypeNameParameters,
+ allowlistClassBinding.painlessAnnotations
);
}
- for (WhitelistInstanceBinding whitelistInstanceBinding : whitelist.whitelistInstanceBindings) {
- origin = whitelistInstanceBinding.origin;
+ for (WhitelistInstanceBinding allowlistInstanceBinding : allowlist.whitelistInstanceBindings) {
+ origin = allowlistInstanceBinding.origin;
painlessLookupBuilder.addPainlessInstanceBinding(
- whitelistInstanceBinding.targetInstance,
- whitelistInstanceBinding.methodName,
- whitelistInstanceBinding.returnCanonicalTypeName,
- whitelistInstanceBinding.canonicalTypeNameParameters
+ allowlistInstanceBinding.targetInstance,
+ allowlistInstanceBinding.methodName,
+ allowlistInstanceBinding.returnCanonicalTypeName,
+ allowlistInstanceBinding.canonicalTypeNameParameters
);
}
}
} catch (Exception exception) {
- throw new IllegalArgumentException("error loading whitelist(s) " + origin, exception);
+ throw new IllegalArgumentException("error loading allowlist(s) " + origin, exception);
}
return painlessLookupBuilder.build();
}
// javaClassNamesToClasses is all the classes that need to be available to the custom classloader
- // including classes used as part of imported methods and class bindings but not necessarily whitelisted
+ // including classes used as part of imported methods and class bindings but not necessarily allowlisted
// individually. The values of javaClassNamesToClasses are a superset of the values of
// canonicalClassNamesToClasses.
private final Map> javaClassNamesToClasses;
- // canonicalClassNamesToClasses is all the whitelisted classes available in a Painless script including
+ // canonicalClassNamesToClasses is all the allowlisted classes available in a Painless script including
// classes with imported canonical names but does not include classes from imported methods or class
- // bindings unless also whitelisted separately. The values of canonicalClassNamesToClasses are a subset
+ // bindings unless also allowlisted separately. The values of canonicalClassNamesToClasses are a subset
// of the values of javaClassNamesToClasses.
private final Map> canonicalClassNamesToClasses;
private final Map, PainlessClassBuilder> classesToPainlessClassBuilders;
@@ -2060,7 +2060,7 @@ public final class PainlessLookupBuilder {
/**
* Creates a {@link Map} of PainlessMethodKeys to {@link PainlessMethod}s per {@link PainlessClass} stored as
* {@link PainlessClass#runtimeMethods} identical to {@link PainlessClass#methods} with the exception of generated
- * bridge methods. A generated bridge method is created for each whitelisted method that has at least one parameter
+ * bridge methods. A generated bridge method is created for each allowlisted method that has at least one parameter
* with a boxed type to cast from other numeric primitive/boxed types in a symmetric was not handled by
* {@link MethodHandle#asType(MethodType)}. As an example {@link MethodHandle#asType(MethodType)} legally casts
* from {@link Integer} to long but not from int to {@link Long}. Generated bridge methods cover the latter case.
diff --git a/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy b/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy
index d1e2f88bb16..ccfd6ba70dd 100644
--- a/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy
+++ b/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy
@@ -34,6 +34,6 @@ grant {
// needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader";
- // needed to find the classloader to load whitelisted classes from
+ // needed to find the classloader to load allowlisted classes from
permission java.lang.RuntimePermission "getClassLoader";
};
diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt
index ab12664824b..05b3e4fa83c 100644
--- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt
+++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt
@@ -58,7 +58,7 @@ class java.util.regex.Matcher {
String replaceFirst(String)
boolean requireEnd()
Matcher reset()
- # Note: Do not whitelist Matcher.reset(String), it subverts regex limiting
+ # Note: Do not allowlist Matcher.reset(String), it subverts regex limiting
int start()
int start(int)
Matcher useAnchoringBounds(boolean)
diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt
index ed75c44ce9f..e314934ed4e 100644
--- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt
+++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt
@@ -17,7 +17,7 @@
# under the License.
#
-# This file contains a whitelist for the Moving Function pipeline aggregator in core
+# This file contains an allowlist for the Moving Function pipeline aggregator in core
class org.opensearch.search.aggregations.pipeline.MovingFunctions {
double max(double[])
diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt
index 36f3c8e418d..cddb8e5f0aa 100644
--- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt
+++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt
@@ -17,7 +17,7 @@
# under the License.
#
-# This file contains a whitelist for the ingest scripts
+# This file contains an allowlist for the ingest scripts
class java.lang.String {
String org.opensearch.painless.api.Augmentation sha1()
diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt
index 9c8b8fd0d2c..cca7e07a953 100644
--- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt
+++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt
@@ -17,7 +17,7 @@
# under the License.
#
-# This file contains a whitelist for functions to be used in Score context
+# This file contains an allowlist for functions to be used in Score context
class org.opensearch.script.ScoreScript @no_import {
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java
index d5cd3205b31..98b0cad9960 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java
@@ -53,9 +53,9 @@ public class AugmentationTests extends ScriptTestCase {
@BeforeClass
public static void beforeClass() {
Map, List> contexts = newDefaultContexts();
- List digestWhitelist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
- digestWhitelist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
- contexts.put(DigestTestScript.CONTEXT, digestWhitelist);
+ List digestAllowlist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
+ digestAllowlist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
+ contexts.put(DigestTestScript.CONTEXT, digestAllowlist);
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java
index 65f277741cc..e5113d93677 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java
@@ -51,8 +51,8 @@ public class BindingsTests extends ScriptTestCase {
@BeforeClass
public static void beforeClass() {
Map, List> contexts = newDefaultContexts();
- List whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
- whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
+ List allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
+ allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
InstanceBindingTestClass instanceBindingTestClass = new InstanceBindingTestClass(1);
WhitelistInstanceBinding getter = new WhitelistInstanceBinding(
@@ -74,16 +74,16 @@ public class BindingsTests extends ScriptTestCase {
List instanceBindingsList = new ArrayList<>();
instanceBindingsList.add(getter);
instanceBindingsList.add(setter);
- Whitelist instanceBindingsWhitelist = new Whitelist(
+ Whitelist instanceBindingsAllowlist = new Whitelist(
instanceBindingTestClass.getClass().getClassLoader(),
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(),
instanceBindingsList
);
- whitelists.add(instanceBindingsWhitelist);
+ allowlists.add(instanceBindingsAllowlist);
- contexts.put(BindingsTestScript.CONTEXT, whitelists);
+ contexts.put(BindingsTestScript.CONTEXT, allowlists);
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java
index 1bc6597b584..bf9ad76fc6c 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java
@@ -35,7 +35,7 @@ package org.opensearch.painless;
import java.util.List;
import java.util.function.Function;
-/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
+/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
public class FeatureTestObject {
/** static method that returns true */
public static boolean overloadedStatic() {
@@ -47,7 +47,7 @@ public class FeatureTestObject {
return whatToReturn;
}
- /** static method only whitelisted as a static */
+ /** static method only allowlisted as a static */
public static float staticAddFloatsTest(float x, float y) {
return x + y;
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java
index 9fb0610bc94..22216e5fb41 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java
@@ -32,7 +32,7 @@
package org.opensearch.painless;
-/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
+/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
public class FeatureTestObject2 {
public FeatureTestObject2() {
super();
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java
index cb8296a3f23..8c1f545efcf 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java
@@ -172,7 +172,7 @@ public class RegexTests extends ScriptTestCase {
assertEquals("o", exec("Matcher m = /(?f)(?o)o/.matcher('foo'); m.find(); return m.namedGroup('second')"));
}
- // Make sure some methods on Pattern are whitelisted
+ // Make sure some methods on Pattern are allowlisted
public void testSplit() {
assertArrayEquals(new String[] { "cat", "dog" }, (String[]) exec("/,/.split('cat,dog')"));
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java b/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java
index 488c01c6d1a..a30aa97d334 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java
@@ -62,9 +62,9 @@ public abstract class ScriptTestCase extends OpenSearchTestCase {
/** Creates a new contexts map with PainlessTextScript = org.opensearch.painless.test */
protected static Map, List> newDefaultContexts() {
Map, List> contexts = new HashMap<>();
- List whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
- whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
- contexts.put(PainlessTestScript.CONTEXT, whitelists);
+ List allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
+ allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
+ contexts.put(PainlessTestScript.CONTEXT, allowlists);
return contexts;
}
diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java
index 1f5b252cb74..e4e754a5414 100644
--- a/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java
+++ b/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java
@@ -70,51 +70,51 @@ public class WhitelistLoaderTests extends ScriptTestCase {
public void testAnnotations() {
Map parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
parsers.put(AnnotationTestObject.TestAnnotation.NAME, AnnotationTestObject.TestAnnotationParser.INSTANCE);
- Whitelist whitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
+ Whitelist allowlist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
- assertEquals(1, whitelist.whitelistClasses.size());
+ assertEquals(1, allowlist.whitelistClasses.size());
- WhitelistClass whitelistClass = whitelist.whitelistClasses.get(0);
+ WhitelistClass allowlistClass = allowlist.whitelistClasses.get(0);
- assertNotNull(whitelistClass.painlessAnnotations.get(NoImportAnnotation.class));
- assertEquals(1, whitelistClass.painlessAnnotations.size());
- assertEquals(3, whitelistClass.whitelistMethods.size());
+ assertNotNull(allowlistClass.painlessAnnotations.get(NoImportAnnotation.class));
+ assertEquals(1, allowlistClass.painlessAnnotations.size());
+ assertEquals(3, allowlistClass.whitelistMethods.size());
int count = 0;
- for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
- if ("deprecatedMethod".equals(whitelistMethod.methodName)) {
+ for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
+ if ("deprecatedMethod".equals(allowlistMethod.methodName)) {
assertEquals(
"use another method",
- ((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
+ ((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
);
- assertEquals(1, whitelistMethod.painlessAnnotations.size());
+ assertEquals(1, allowlistMethod.painlessAnnotations.size());
++count;
}
- if ("annotatedTestMethod".equals(whitelistMethod.methodName)) {
- AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
+ if ("annotatedTestMethod".equals(allowlistMethod.methodName)) {
+ AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
AnnotationTestObject.TestAnnotation.class
));
assertEquals("one", ta.getOne());
assertEquals("two", ta.getTwo());
assertEquals("three", ta.getThree());
- assertEquals(1, whitelistMethod.painlessAnnotations.size());
+ assertEquals(1, allowlistMethod.painlessAnnotations.size());
++count;
}
- if ("annotatedMultipleMethod".equals(whitelistMethod.methodName)) {
+ if ("annotatedMultipleMethod".equals(allowlistMethod.methodName)) {
assertEquals(
"test",
- ((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
+ ((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
);
- AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
+ AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
AnnotationTestObject.TestAnnotation.class
));
assertEquals("one", ta.getOne());
assertEquals("two", ta.getTwo());
assertEquals("three", ta.getThree());
- assertEquals(2, whitelistMethod.painlessAnnotations.size());
+ assertEquals(2, allowlistMethod.painlessAnnotations.size());
++count;
}
}
diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation
index 35808a46a90..897fb9c7aff 100644
--- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation
+++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation
@@ -1,4 +1,4 @@
-# whitelist for annotation tests
+# allowlist for annotation tests
class org.opensearch.painless.AnnotationTestObject @no_import {
void deprecatedMethod() @deprecated[message="use another method"]
diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown
index 386a0bfd7ac..c5bb17cc42c 100644
--- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown
+++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown
@@ -1,4 +1,4 @@
-# whitelist for annotation tests with unknown annotation
+# allowlist for annotation tests with unknown annotation
class org.opensearch.painless.AnnotationTestObject @no_import {
void unknownAnnotationMethod() @unknownAnnotation
diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options
index 616776d5ed3..d6d96cc6cfc 100644
--- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options
+++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options
@@ -1,4 +1,4 @@
-# whitelist for annotation tests with unknown annotation containing options
+# allowlist for annotation tests with unknown annotation containing options
class org.opensearch.painless.AnnotationTestObject @no_import {
void unknownAnnotationMethod() @unknownAnootationWithMessage[arg="arg value"]
diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test
index d2329040570..5345f7fab87 100644
--- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test
+++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test
@@ -1,4 +1,4 @@
-# whitelist for tests
+# allowlist for tests
# TODO: remove this when the transition from Joda to Java datetimes is completed
class org.opensearch.script.JodaCompatibleZonedDateTime {
diff --git a/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml b/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml
index 57e7b4e31e0..fee31fca55d 100644
--- a/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml
+++ b/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml
@@ -1,4 +1,4 @@
-# Sanity integration test to make sure the custom context and whitelist work for moving_fn pipeline agg
+# Sanity integration test to make sure the custom context and allowlist work for moving_fn pipeline agg
#
setup:
- do:
diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle
index 6639e799cdd..935fe468fdb 100644
--- a/modules/reindex/build.gradle
+++ b/modules/reindex/build.gradle
@@ -49,7 +49,7 @@ testClusters.all {
// Modules who's integration is explicitly tested in integration tests
module ':modules:parent-join'
module ':modules:lang-painless'
- // Whitelist reindexing from the local node so we can test reindex-from-remote.
+ // Allowlist reindexing from the local node so we can test reindex-from-remote.
setting 'reindex.remote.whitelist', '127.0.0.1:*'
}
diff --git a/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java b/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java
index 671827b0164..d4a2ba08409 100644
--- a/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java
+++ b/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java
@@ -59,7 +59,7 @@ class ReindexValidator {
static final String SORT_DEPRECATED_MESSAGE = "The sort option in reindex is deprecated. "
+ "Instead consider using query filtering to find the desired subset of data.";
- private final CharacterRunAutomaton remoteWhitelist;
+ private final CharacterRunAutomaton remoteAllowlist;
private final ClusterService clusterService;
private final IndexNameExpressionResolver resolver;
private final AutoCreateIndex autoCreateIndex;
@@ -70,14 +70,14 @@ class ReindexValidator {
IndexNameExpressionResolver resolver,
AutoCreateIndex autoCreateIndex
) {
- this.remoteWhitelist = buildRemoteWhitelist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
+ this.remoteAllowlist = buildRemoteAllowlist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
this.clusterService = clusterService;
this.resolver = resolver;
this.autoCreateIndex = autoCreateIndex;
}
void initialValidation(ReindexRequest request) {
- checkRemoteWhitelist(remoteWhitelist, request.getRemoteInfo());
+ checkRemoteAllowlist(remoteAllowlist, request.getRemoteInfo());
ClusterState state = clusterService.state();
validateAgainstAliases(
request.getSearchRequest(),
@@ -93,32 +93,32 @@ class ReindexValidator {
}
}
- static void checkRemoteWhitelist(CharacterRunAutomaton whitelist, RemoteInfo remoteInfo) {
+ static void checkRemoteAllowlist(CharacterRunAutomaton allowlist, RemoteInfo remoteInfo) {
if (remoteInfo == null) {
return;
}
String check = remoteInfo.getHost() + ':' + remoteInfo.getPort();
- if (whitelist.run(check)) {
+ if (allowlist.run(check)) {
return;
}
- String whiteListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
- throw new IllegalArgumentException('[' + check + "] not whitelisted in " + whiteListKey);
+ String allowListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
+ throw new IllegalArgumentException('[' + check + "] not allowlisted in " + allowListKey);
}
/**
- * Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote whitelist and make sure that it doesn't whitelist
+ * Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote allowlist and make sure that it doesn't allowlist
* the world.
*/
- static CharacterRunAutomaton buildRemoteWhitelist(List whitelist) {
- if (whitelist.isEmpty()) {
+ static CharacterRunAutomaton buildRemoteAllowlist(List allowlist) {
+ if (allowlist.isEmpty()) {
return new CharacterRunAutomaton(Automata.makeEmpty());
}
- Automaton automaton = Regex.simpleMatchToAutomaton(whitelist.toArray(Strings.EMPTY_ARRAY));
+ Automaton automaton = Regex.simpleMatchToAutomaton(allowlist.toArray(Strings.EMPTY_ARRAY));
automaton = MinimizationOperations.minimize(automaton, Operations.DEFAULT_DETERMINIZE_WORK_LIMIT);
if (Operations.isTotal(automaton)) {
throw new IllegalArgumentException(
- "Refusing to start because whitelist "
- + whitelist
+ "Refusing to start because allowlist "
+ + allowlist
+ " accepts all addresses. "
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
+ "for them."
diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java
index e083b877236..df2d9894e64 100644
--- a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java
+++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java
@@ -44,22 +44,22 @@ import java.util.List;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
import static java.util.Collections.singletonList;
-import static org.opensearch.index.reindex.ReindexValidator.buildRemoteWhitelist;
-import static org.opensearch.index.reindex.ReindexValidator.checkRemoteWhitelist;
+import static org.opensearch.index.reindex.ReindexValidator.buildRemoteAllowlist;
+import static org.opensearch.index.reindex.ReindexValidator.checkRemoteAllowlist;
/**
- * Tests the reindex-from-remote whitelist of remotes.
+ * Tests the reindex-from-remote allowlist of remotes.
*/
public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
private final BytesReference query = new BytesArray("{ \"foo\" : \"bar\" }");
public void testLocalRequestWithoutWhitelist() {
- checkRemoteWhitelist(buildRemoteWhitelist(emptyList()), null);
+ checkRemoteAllowlist(buildRemoteAllowlist(emptyList()), null);
}
public void testLocalRequestWithWhitelist() {
- checkRemoteWhitelist(buildRemoteWhitelist(randomWhitelist()), null);
+ checkRemoteAllowlist(buildRemoteAllowlist(randomAllowlist()), null);
}
/**
@@ -81,16 +81,16 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
}
public void testWhitelistedRemote() {
- List whitelist = randomWhitelist();
- String[] inList = whitelist.iterator().next().split(":");
+ List allowlist = randomAllowlist();
+ String[] inList = allowlist.iterator().next().split(":");
String host = inList[0];
int port = Integer.valueOf(inList[1]);
- checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo(host, port));
+ checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo(host, port));
}
public void testWhitelistedByPrefix() {
- checkRemoteWhitelist(
- buildRemoteWhitelist(singletonList("*.example.com:9200")),
+ checkRemoteAllowlist(
+ buildRemoteAllowlist(singletonList("*.example.com:9200")),
new RemoteInfo(
randomAlphaOfLength(5),
"es.example.com",
@@ -104,34 +104,34 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
RemoteInfo.DEFAULT_CONNECT_TIMEOUT
)
);
- checkRemoteWhitelist(
- buildRemoteWhitelist(singletonList("*.example.com:9200")),
+ checkRemoteAllowlist(
+ buildRemoteAllowlist(singletonList("*.example.com:9200")),
newRemoteInfo("6e134134a1.us-east-1.aws.example.com", 9200)
);
}
public void testWhitelistedBySuffix() {
- checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
+ checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
}
public void testWhitelistedByInfix() {
- checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
+ checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
}
public void testLoopbackInWhitelistRemote() throws UnknownHostException {
- List whitelist = randomWhitelist();
- whitelist.add("127.0.0.1:*");
- checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("127.0.0.1", 9200));
+ List allowlist = randomAllowlist();
+ allowlist.add("127.0.0.1:*");
+ checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("127.0.0.1", 9200));
}
public void testUnwhitelistedRemote() {
int port = between(1, Integer.MAX_VALUE);
- List whitelist = randomBoolean() ? randomWhitelist() : emptyList();
+ List allowlist = randomBoolean() ? randomAllowlist() : emptyList();
Exception e = expectThrows(
IllegalArgumentException.class,
- () -> checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("not in list", port))
+ () -> checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("not in list", port))
);
- assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.whitelist", e.getMessage());
+ assertEquals("[not in list:" + port + "] not allowlisted in reindex.remote.whitelist", e.getMessage());
}
public void testRejectMatchAll() {
@@ -140,22 +140,22 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
assertMatchesTooMuch(singletonList("***"));
assertMatchesTooMuch(Arrays.asList("realstuff", "*"));
assertMatchesTooMuch(Arrays.asList("*", "realstuff"));
- List random = randomWhitelist();
+ List random = randomAllowlist();
random.add("*");
assertMatchesTooMuch(random);
}
public void testIPv6Address() {
- List whitelist = randomWhitelist();
- whitelist.add("[::1]:*");
- checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("[::1]", 9200));
+ List allowlist = randomAllowlist();
+ allowlist.add("[::1]:*");
+ checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("[::1]", 9200));
}
- private void assertMatchesTooMuch(List whitelist) {
- Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteWhitelist(whitelist));
+ private void assertMatchesTooMuch(List allowlist) {
+ Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteAllowlist(allowlist));
assertEquals(
- "Refusing to start because whitelist "
- + whitelist
+ "Refusing to start because allowlist "
+ + allowlist
+ " accepts all addresses. "
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
+ "for them.",
@@ -163,12 +163,12 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
);
}
- private List randomWhitelist() {
+ private List randomAllowlist() {
int size = between(1, 100);
- List whitelist = new ArrayList<>(size);
+ List allowlist = new ArrayList<>(size);
for (int i = 0; i < size; i++) {
- whitelist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
+ allowlist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
}
- return whitelist;
+ return allowlist;
}
}
diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java
index 2486ea3d922..e78715d9045 100644
--- a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java
+++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java
@@ -98,7 +98,7 @@ public class ReindexFromRemoteWithAuthTests extends OpenSearchSingleNodeTestCase
@Override
protected Settings nodeSettings() {
Settings.Builder settings = Settings.builder().put(super.nodeSettings());
- // Whitelist reindexing from the http host we're going to use
+ // Allowlist reindexing from the http host we're going to use
settings.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*");
settings.put(NetworkModule.HTTP_TYPE_KEY, Netty4Plugin.NETTY_HTTP_TRANSPORT_NAME);
return settings.build();
diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java
index b95ec431717..96b1b5d3d2e 100644
--- a/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java
+++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java
@@ -102,7 +102,7 @@ public class RetryTests extends OpenSearchIntegTestCase {
final Settings nodeSettings() {
return Settings.builder()
- // whitelist reindexing from the HTTP host we're going to use
+ // allowlist reindexing from the HTTP host we're going to use
.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*")
.build();
}
diff --git a/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml b/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml
index 7086e048eba..876d100e0bc 100644
--- a/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml
+++ b/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml
@@ -308,7 +308,7 @@
---
"unwhitelisted remote host fails":
- do:
- catch: /\[badremote:9200\] not whitelisted in reindex.remote.whitelist/
+ catch: /\[badremote:9200\] not allowlisted in reindex.remote.whitelist/
reindex:
body:
source:
diff --git a/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java b/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java
index 041550b70a6..837a30555e1 100644
--- a/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java
+++ b/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java
@@ -95,7 +95,7 @@ public class URLRepository extends BlobStoreRepository {
private final List supportedProtocols;
- private final URIPattern[] urlWhiteList;
+ private final URIPattern[] urlAllowList;
private final Environment environment;
@@ -120,7 +120,7 @@ public class URLRepository extends BlobStoreRepository {
}
this.environment = environment;
supportedProtocols = SUPPORTED_PROTOCOLS_SETTING.get(environment.settings());
- urlWhiteList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
+ urlAllowList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
basePath = BlobPath.cleanPath();
url = URL_SETTING.exists(metadata.settings())
? URL_SETTING.get(metadata.settings())
@@ -161,7 +161,7 @@ public class URLRepository extends BlobStoreRepository {
for (String supportedProtocol : supportedProtocols) {
if (supportedProtocol.equals(protocol)) {
try {
- if (URIPattern.match(urlWhiteList, url.toURI())) {
+ if (URIPattern.match(urlAllowList, url.toURI())) {
// URL matches white list - no additional processing is needed
return url;
}
diff --git a/plugins/discovery-azure-classic/build.gradle b/plugins/discovery-azure-classic/build.gradle
index 7bb9250ea40..968f4efb3fa 100644
--- a/plugins/discovery-azure-classic/build.gradle
+++ b/plugins/discovery-azure-classic/build.gradle
@@ -63,7 +63,7 @@ dependencies {
api 'com.sun.xml.bind:jaxb-impl:2.2.3-1'
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
- // and whitelist this hack in JarHell
+ // and allowlist this hack in JarHell
api 'javax.xml.bind:jaxb-api:2.3.1'
}
diff --git a/plugins/examples/painless-whitelist/build.gradle b/plugins/examples/painless-whitelist/build.gradle
index 61888efbcf1..70052c209ab 100644
--- a/plugins/examples/painless-whitelist/build.gradle
+++ b/plugins/examples/painless-whitelist/build.gradle
@@ -32,7 +32,7 @@ apply plugin: 'opensearch.yaml-rest-test'
opensearchplugin {
name 'painless-whitelist'
- description 'An example whitelisting additional classes and methods in painless'
+ description 'An example allowlisting additional classes and methods in painless'
classname 'org.opensearch.example.painlesswhitelist.MyWhitelistPlugin'
extendedPlugins = ['lang-painless']
licenseFile rootProject.file('licenses/APACHE-LICENSE-2.0.txt')
diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java
index 471c28ea445..74adcf5e4f5 100644
--- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java
+++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java
@@ -46,19 +46,19 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-/** An extension of painless which adds a whitelist. */
+/** An extension of painless which adds an allowlist. */
public class ExampleWhitelistExtension implements PainlessExtension {
@Override
public Map, List> getContextWhitelists() {
Map parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
parsers.put(ExamplePainlessAnnotation.NAME, ExampleWhitelistAnnotationParser.INSTANCE);
- Whitelist classWhitelist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
+ Whitelist classAllowlist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
- ExampleWhitelistedInstance ewi = new ExampleWhitelistedInstance(1);
+ ExampleWhitelistedInstance eai = new ExampleWhitelistedInstance(1);
WhitelistInstanceBinding addValue = new WhitelistInstanceBinding(
"example addValue",
- ewi,
+ eai,
"addValue",
"int",
Collections.singletonList("int"),
@@ -66,20 +66,20 @@ public class ExampleWhitelistExtension implements PainlessExtension {
);
WhitelistInstanceBinding getValue = new WhitelistInstanceBinding(
"example getValue",
- ewi,
+ eai,
"getValue",
"int",
Collections.emptyList(),
Collections.emptyList()
);
- Whitelist instanceWhitelist = new Whitelist(
- ewi.getClass().getClassLoader(),
+ Whitelist instanceAllowlist = new Whitelist(
+ eai.getClass().getClassLoader(),
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(),
Arrays.asList(addValue, getValue)
);
- return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classWhitelist, instanceWhitelist));
+ return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classAllowlist, instanceAllowlist));
}
}
diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java
index 1798375686d..5832a2ee59a 100644
--- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java
+++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java
@@ -33,9 +33,9 @@
package org.opensearch.example.painlesswhitelist;
/**
- * An example of a class to be whitelisted for use by painless scripts
+ * An example of a class to be allowlisted for use by painless scripts
*
- * Each of the members and methods below are whitelisted for use in search scripts.
+ * Each of the members and methods below are allowlisted for use in search scripts.
* See example_whitelist.txt.
*/
public class ExampleWhitelistedClass {
@@ -68,7 +68,7 @@ public class ExampleWhitelistedClass {
return Integer.parseInt(x);
}
- // example method to attach annotations in whitelist
+ // example method to attach annotations in allowlist
public void annotate() {
// some logic here
}
diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java
index 38a95545c46..ab6ba53e403 100644
--- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java
+++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java
@@ -35,5 +35,5 @@ package org.opensearch.example.painlesswhitelist;
import org.opensearch.plugins.Plugin;
public class MyWhitelistPlugin extends Plugin {
- // we don't actually need anything here, since whitelists are extended through SPI
+ // we don't actually need anything here, since allowlists are extended through SPI
}
diff --git a/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt b/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt
index 5c6c605c7c2..8f2ccaf05f2 100644
--- a/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt
+++ b/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt
@@ -17,7 +17,7 @@
# under the License.
#
-# This file contains a whitelist for an example class which may be access from painless
+# This file contains an allowlist for an example class which may be access from painless
class org.opensearch.example.painlesswhitelist.ExampleWhitelistedClass {
# constructor
diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml
index 1b887058237..cc3762eb42d 100644
--- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml
+++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml
@@ -1,4 +1,4 @@
-# Integration tests for the painless whitelist example plugin
+# Integration tests for the painless allowlist example plugin
#
"Plugin loaded":
- skip:
diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml
index 51a440142fd..92289af1792 100644
--- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml
+++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml
@@ -1,4 +1,4 @@
-# Example test using whitelisted members and methods
+# Example test using allowlisted members and methods
"Whitelisted custom class":
- do:
diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml
index c6d8048b979..447e1c2a827 100644
--- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml
+++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml
@@ -1,4 +1,4 @@
-# Example test using whitelisted statically imported method
+# Example test using allowlisted statically imported method
"custom static imported method":
- do:
diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle
index 21ad7b6dd54..c5939958c81 100644
--- a/plugins/repository-s3/build.gradle
+++ b/plugins/repository-s3/build.gradle
@@ -64,7 +64,7 @@ dependencies {
api "joda-time:joda-time:${versions.joda}"
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
- // and whitelist this hack in JarHell
+ // and allowlist this hack in JarHell
api 'javax.xml.bind:jaxb-api:2.3.1'
testImplementation project(':test:fixtures:s3-fixture')
diff --git a/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java b/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java
index 49787eeb09b..d45d8ddab9c 100644
--- a/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java
+++ b/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java
@@ -79,7 +79,7 @@ public final class BootstrapInfo {
// create a view of sysprops map that does not allow modifications
// this must be done this way (e.g. versus an actual typed map), because
- // some test methods still change properties, so whitelisted changes must
+ // some test methods still change properties, so allowlisted changes must
// be reflected in this view.
private static final Dictionary SYSTEM_PROPERTIES;
static {
diff --git a/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java b/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java
index 434af8fceb1..8e179de9c28 100644
--- a/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java
+++ b/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java
@@ -227,7 +227,7 @@ final class SystemCallFilter {
static class Arch {
/** AUDIT_ARCH_XXX constant from linux/audit.h */
final int audit;
- /** syscall limit (necessary for blacklisting on amd64, to ban 32-bit syscalls) */
+ /** syscall limit (necessary for denylisting on amd64, to ban 32-bit syscalls) */
final int limit;
/** __NR_fork */
final int fork;
diff --git a/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java b/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java
index 948e1a4e6eb..671123f2df7 100644
--- a/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java
+++ b/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java
@@ -293,7 +293,7 @@ class BindingProcessor extends AbstractProcessor {
return false;
}
- // It's unfortunate that we have to maintain a blacklist of specific
+ // It's unfortunate that we have to maintain a denylist of specific
// classes, but we can't easily block the whole package because of
// all our unit tests.
private static final Set> FORBIDDEN_TYPES = unmodifiableSet(
diff --git a/server/src/main/java/org/opensearch/common/inject/InheritingState.java b/server/src/main/java/org/opensearch/common/inject/InheritingState.java
index 3d821114ff4..70a2fb335cc 100644
--- a/server/src/main/java/org/opensearch/common/inject/InheritingState.java
+++ b/server/src/main/java/org/opensearch/common/inject/InheritingState.java
@@ -61,7 +61,7 @@ class InheritingState implements State {
private final Map, Scope> scopes = new HashMap<>();
private final List converters = new ArrayList<>();
private final List listenerBindings = new ArrayList<>();
- private WeakKeySet blacklistedKeys = new WeakKeySet();
+ private WeakKeySet denylistedKeys = new WeakKeySet();
private final Object lock;
InheritingState(State parent) {
@@ -145,17 +145,17 @@ class InheritingState implements State {
@Override
public void blacklist(Key> key) {
parent.blacklist(key);
- blacklistedKeys.add(key);
+ denylistedKeys.add(key);
}
@Override
public boolean isBlacklisted(Key> key) {
- return blacklistedKeys.contains(key);
+ return denylistedKeys.contains(key);
}
@Override
public void clearBlacklisted() {
- blacklistedKeys = new WeakKeySet();
+ denylistedKeys = new WeakKeySet();
}
@Override
diff --git a/server/src/main/java/org/opensearch/common/inject/State.java b/server/src/main/java/org/opensearch/common/inject/State.java
index 497c7d4d51e..6a69e9547d7 100644
--- a/server/src/main/java/org/opensearch/common/inject/State.java
+++ b/server/src/main/java/org/opensearch/common/inject/State.java
@@ -164,7 +164,7 @@ interface State {
/**
* Forbids the corresponding injector from creating a binding to {@code key}. Child injectors
- * blacklist their bound keys on their parent injectors to prevent just-in-time bindings on the
+ * denylist their bound keys on their parent injectors to prevent just-in-time bindings on the
* parent injector that would conflict.
*/
void blacklist(Key> key);
@@ -177,11 +177,11 @@ interface State {
/**
* Returns the shared lock for all injector data. This is a low-granularity, high-contention lock
- * to be used when reading mutable data (ie. just-in-time bindings, and binding blacklists).
+ * to be used when reading mutable data (ie. just-in-time bindings, and binding denylists).
*/
Object lock();
- // ES_GUICE: clean blacklist keys
+ // ES_GUICE: clean denylist keys
void clearBlacklisted();
void makeAllBindingsToEagerSingletons(Injector injector);
diff --git a/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java b/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java
index 7e85c5cdd72..1f187f7f0e8 100644
--- a/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java
+++ b/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java
@@ -126,7 +126,7 @@ public class ScriptedMetricAggContexts {
return state;
}
- // Return the doc as a map (instead of LeafDocLookup) in order to abide by type whitelisting rules for
+ // Return the doc as a map (instead of LeafDocLookup) in order to abide by type allowlisting rules for
// Painless scripts.
public Map> getDoc() {
return leafLookup == null ? null : leafLookup.doc();
diff --git a/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java b/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java
index a9f3d06c0ea..e3a57654f94 100644
--- a/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java
+++ b/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java
@@ -192,7 +192,7 @@ public class MovingFunctions {
}
/**
- * Version of holt that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
+ * Version of holt that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
*/
public static double[] holtForecast(double[] values, double alpha, double beta, int numForecasts) {
@@ -268,7 +268,7 @@ public class MovingFunctions {
}
/**
- * Version of holt-winters that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
+ * Version of holt-winters that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
*/
public static double[] holtWintersForecast(
diff --git a/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java b/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java
index 8869c2857aa..004b784311b 100644
--- a/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java
+++ b/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java
@@ -254,29 +254,29 @@ public class ClusterModuleTests extends ModuleTestCase {
}
public void testPre63CustomsFiltering() {
- final String whiteListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
- final String whiteListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
+ final String allowListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
+ final String allowListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
final ClusterState clusterState = ClusterState.builder(ClusterName.DEFAULT)
- .putCustom(whiteListedClusterCustom, new RestoreInProgress.Builder().build())
+ .putCustom(allowListedClusterCustom, new RestoreInProgress.Builder().build())
.putCustom("other", new RestoreInProgress.Builder().build())
.metadata(
Metadata.builder()
- .putCustom(whiteListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
+ .putCustom(allowListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
.putCustom("other", new RepositoriesMetadata(Collections.emptyList()))
.build()
)
.build();
- assertNotNull(clusterState.custom(whiteListedClusterCustom));
+ assertNotNull(clusterState.custom(allowListedClusterCustom));
assertNotNull(clusterState.custom("other"));
- assertNotNull(clusterState.metadata().custom(whiteListedMetadataCustom));
+ assertNotNull(clusterState.metadata().custom(allowListedMetadataCustom));
assertNotNull(clusterState.metadata().custom("other"));
final ClusterState fixedClusterState = ClusterModule.filterCustomsForPre63Clients(clusterState);
- assertNotNull(fixedClusterState.custom(whiteListedClusterCustom));
+ assertNotNull(fixedClusterState.custom(allowListedClusterCustom));
assertNull(fixedClusterState.custom("other"));
- assertNotNull(fixedClusterState.metadata().custom(whiteListedMetadataCustom));
+ assertNotNull(fixedClusterState.metadata().custom(allowListedMetadataCustom));
assertNull(fixedClusterState.metadata().custom("other"));
}
diff --git a/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java b/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java
index 2b408097757..0b00d261823 100644
--- a/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java
+++ b/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java
@@ -95,7 +95,7 @@ public class FilterAllocationDeciderTests extends OpenSearchAllocationTestCase {
assertEquals(routingTable.index("idx").shard(0).shards().get(0).state(), UNASSIGNED);
assertNull(routingTable.index("idx").shard(0).shards().get(0).currentNodeId());
- // after failing the shard we are unassigned since the node is blacklisted and we can't initialize on the other node
+ // after failing the shard we are unassigned since the node is denylisted and we can't initialize on the other node
RoutingAllocation allocation = new RoutingAllocation(allocationDeciders, state.getRoutingNodes(), state, null, null, 0);
allocation.debugDecision(true);
Decision.Single decision = (Decision.Single) filterAllocationDecider.canAllocate(
diff --git a/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java b/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java
index b08edf10286..cbeefa7349e 100644
--- a/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java
+++ b/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java
@@ -175,16 +175,16 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
protected ValuesSourceRegistry valuesSourceRegistry;
// A list of field types that should not be tested, or are not currently supported
- private static List TYPE_TEST_BLACKLIST;
+ private static List TYPE_TEST_DENYLIST;
static {
- List blacklist = new ArrayList<>();
- blacklist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
- blacklist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
- blacklist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
- blacklist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
- blacklist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
- TYPE_TEST_BLACKLIST = blacklist;
+ List denylist = new ArrayList<>();
+ denylist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
+ denylist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
+ denylist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
+ denylist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
+ denylist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
+ TYPE_TEST_DENYLIST = denylist;
}
/**
@@ -713,11 +713,11 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
}
/**
- * A method that allows implementors to specifically blacklist particular field types (based on their content_name).
+ * A method that allows implementors to specifically denylist particular field types (based on their content_name).
* This is needed in some areas where the ValuesSourceType is not granular enough, for example integer values
* vs floating points, or `keyword` bytes vs `binary` bytes (which are not searchable)
*
- * This is a blacklist instead of a whitelist because there are vastly more field types than ValuesSourceTypes,
+ * This is a denylist instead of an allowlist because there are vastly more field types than ValuesSourceTypes,
* and it's expected that these unsupported cases are exceptional rather than common
*/
protected List unsupportedMappedFieldTypes() {
@@ -748,7 +748,7 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
for (Map.Entry mappedType : mapperRegistry.getMapperParsers().entrySet()) {
// Some field types should not be tested, or require more work and are not ready yet
- if (TYPE_TEST_BLACKLIST.contains(mappedType.getKey())) {
+ if (TYPE_TEST_DENYLIST.contains(mappedType.getKey())) {
continue;
}
diff --git a/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java b/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java
index 8a2e9deb424..15510e368b1 100644
--- a/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java
+++ b/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java
@@ -34,7 +34,7 @@ package org.opensearch.test.rest.yaml;
import java.util.regex.Pattern;
/**
- * Matches blacklist patterns.
+ * Matches denylist patterns.
*
* Currently the following syntax is supported:
*
@@ -45,20 +45,20 @@ import java.util.regex.Pattern;
* indices.get/10_basic/advanced/allow_no_indices (contains an additional segment)
*
*
- * Each blacklist pattern is a suffix match on the path. Empty patterns are not allowed.
+ * Each denylist pattern is a suffix match on the path. Empty patterns are not allowed.
*/
final class BlacklistedPathPatternMatcher {
private final Pattern pattern;
/**
- * Constructs a new BlacklistedPathPatternMatcher instance from the provided suffix pattern.
+ * Constructs a new DenylistedPathPatternMatcher instance from the provided suffix pattern.
*
* @param p The suffix pattern. Must be a non-empty string.
*/
BlacklistedPathPatternMatcher(String p) {
// guard against accidentally matching everything as an empty string lead to the pattern ".*" which matches everything
if (p == null || p.trim().isEmpty()) {
- throw new IllegalArgumentException("Empty blacklist patterns are not supported");
+ throw new IllegalArgumentException("Empty denylist patterns are not supported");
}
// very simple transformation from wildcard to a proper regex
String finalPattern = p.replaceAll("\\*", "[^/]*") // support wildcard matches (within a single path segment)
diff --git a/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java b/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java
index 375103d2c1d..ca2659e9523 100644
--- a/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java
+++ b/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java
@@ -88,13 +88,13 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
*/
public static final String REST_TESTS_SUITE = "tests.rest.suite";
/**
- * Property that allows to blacklist some of the REST tests based on a comma separated list of globs
+ * Property that allows to denylist some of the REST tests based on a comma separated list of globs
* e.g. "-Dtests.rest.blacklist=get/10_basic/*"
*/
public static final String REST_TESTS_BLACKLIST = "tests.rest.blacklist";
/**
- * We use tests.rest.blacklist in build files to blacklist tests; this property enables a user to add additional blacklisted tests on
- * top of the tests blacklisted in the build.
+ * We use tests.rest.blacklist in build files to denylist tests; this property enables a user to add additional denylisted tests on
+ * top of the tests denylisted in the build.
*/
public static final String REST_TESTS_BLACKLIST_ADDITIONS = "tests.rest.blacklist_additions";
/**
@@ -116,7 +116,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
*/
private static final String PATHS_SEPARATOR = "(? blacklistPathMatchers;
+ private static List denylistPathMatchers;
private static ClientYamlTestExecutionContext restTestExecutionContext;
private static ClientYamlTestExecutionContext adminExecutionContext;
private static ClientYamlTestClient clientYamlTestClient;
@@ -138,7 +138,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
public void initAndResetContext() throws Exception {
if (restTestExecutionContext == null) {
assert adminExecutionContext == null;
- assert blacklistPathMatchers == null;
+ assert denylistPathMatchers == null;
final ClientYamlSuiteRestSpec restSpec = ClientYamlSuiteRestSpec.load(SPEC_PATH);
validateSpec(restSpec);
final List hosts = getClusterHosts();
@@ -149,21 +149,21 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
clientYamlTestClient = initClientYamlTestClient(restSpec, client(), hosts, esVersion, masterVersion);
restTestExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, randomizeContentType());
adminExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, false);
- final String[] blacklist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
- blacklistPathMatchers = new ArrayList<>();
- for (final String entry : blacklist) {
- blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
+ final String[] denylist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
+ denylistPathMatchers = new ArrayList<>();
+ for (final String entry : denylist) {
+ denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
}
- final String[] blacklistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
- for (final String entry : blacklistAdditions) {
- blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
+ final String[] denylistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
+ for (final String entry : denylistAdditions) {
+ denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
}
}
assert restTestExecutionContext != null;
assert adminExecutionContext != null;
- assert blacklistPathMatchers != null;
+ assert denylistPathMatchers != null;
- // admin context must be available for @After always, regardless of whether the test was blacklisted
+ // admin context must be available for @After always, regardless of whether the test was denylisted
adminExecutionContext.clear();
restTestExecutionContext.clear();
@@ -184,7 +184,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
try {
IOUtils.close(clientYamlTestClient);
} finally {
- blacklistPathMatchers = null;
+ denylistPathMatchers = null;
restTestExecutionContext = null;
adminExecutionContext = null;
clientYamlTestClient = null;
@@ -355,12 +355,12 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
}
public void test() throws IOException {
- // skip test if it matches one of the blacklist globs
- for (BlacklistedPathPatternMatcher blacklistedPathMatcher : blacklistPathMatchers) {
+ // skip test if it matches one of the denylist globs
+ for (BlacklistedPathPatternMatcher denylistedPathMatcher : denylistPathMatchers) {
String testPath = testCandidate.getSuitePath() + "/" + testCandidate.getTestSection().getName();
assumeFalse(
"[" + testCandidate.getTestPath() + "] skipped, reason: blacklisted",
- blacklistedPathMatcher.isSuffixMatch(testPath)
+ denylistedPathMatcher.isSuffixMatch(testPath)
);
}