Fix indices shown in _cat/indices

[tlrx]

After two recent changes (#38824 and #33888), the _cat/indices API no longer report information for active recovering indices and non-replicated closed indices. It also misreport replicated closed indices that are potentially not authorized for the user.

This commit changes how the cat action works by first using the Get Settings API in order to resolve authorized indices. It then uses the Cluster State, Cluster Health and Indices Stats APIs to retrieve information about the indices.

Since the health and the stats of the indices are not guaranteed to exist (ex: recovering indices have a health status but no index stats; non-replicated closed indices have no health and no stats) they are shown only if they are present.

Closes #39933

[elasticmachine]

Pinging @elastic/es-core-features

[tlrx]

@elasticmachine run elasticsearch-ci/1
@elasticmachine run elasticsearch-ci/2

[tlrx]

Note that this API now requires an additional indices:admin/get privilege.

This is a breaking change but I don't come with a better solution to correctly resolved authorized indices before retrieving other information.

[tlrx]

@elasticmachine update branch

[ywelsch]

Can we use the cluster health request to resolve the authorized indices instead of using the newly added Get Index request?

[ywelsch]

could step 2, 3 and 4 run in parallel?

[tlrx]

Yes, I used a GroupedActionListener for this.

[tlrx]

Can we use the cluster health request to resolve the authorized indices instead of using the newly added Get Index request?

The way the Cluster Health API works prevent us from using it to resolve the authorized indices: when using the Cat Indices API, the user requires the appropriate privilege to get the cluster state (cluster:monitor/state) and the cluster health (cluster:monitor/health). Those Cluster APIs provide a cluster-wide view and don't re-filter indices given index privileges (because the Cluster API itself requires a "higher" privilege), so a user that has the privilege to access the cluster state (or the cluster health) can access the state (or health) of all indices. Then the _cat/indices tries to be smart and filters out indices as the Indices Stats API would do but even if both APIs provides a similar output I don't think we should mix them.

I'm not a big fan of adding another privilege and call for this _cat/indices but I don't have a better idea for now. I'm waiting for some ideas @albertzaharovits :)

[albertzaharovits]

Hi @tlrx ,
I think we can use the get index settings API (TransportGetSettingsAction) to get the set of authorized indices, because, as you said, cluster health and cluster state are "cluster-wide" and are not confined by index permissions and that get index stats is also not suitable, because we wish to display indices that are not returned by this API (recovering indices and non-replicated closed indices). If we learn of some indices that are not returned by the get index settings API, then we can simply list all of them irrespective of index privileges. My reasoning is that if the user has privileges to run this API (_cat/indices) at all, it can also call the cluster state on its own and "see" the indices there, so the hiding we're fighting with here is just a "nice to have".

[tlrx]

@elasticmachine run elasticsearch-ci/1

[tlrx]

@albertzaharovits Thanks for your suggestion, it seems to work nicely :). Can you have a look please?

[albertzaharovits]

I believe we should keep the original behavior with respect to wildcards that are expanded with the same options by all APIs. This prevents errors when the wildcard expands to indices that are subsequently removed before the other calls. This is my only objection and in case I'm not mistaken can be rectified easily.

I'll LGTM for now.
Thank you Tanguy for tackling fallouts of my changes!

[albertzaharovits]

Why do we use the concreteIndices rather than indices with indicesOptions. There is a comment in the original code:

...
// This behavior can be ensured by letting the cluster health and indices
// stats requests re-resolve the index names with the same indices options
// that we used for the initial cluster state request (strictExpand).

that I believe still applies (if wildcards expand to indices that are subsequently deleted, we should not error).

[tlrx]

Yes, this is not good. I restored the original comment and behavior in 4eb76f5

[albertzaharovits]

this can be simplified.

[albertzaharovits]

this can be simplified to client.admin().cluster().health(request, listener)
there are 3 occurrences of this.

[tlrx]

There's still a need to downcast - I pushed ff35567

[ywelsch]

LGTM

[ywelsch]

can you add a comment why we're using getSettings request here? i.e. that it is used to resolve the indices.

[tlrx]

I pushed d93c087

[tlrx]

@elasticmachine run elasticsearch-ci/1