fix inconsistency in parameter name/type

jaymode · Feb 4, 2019 · 1c9a8e1 · 1c9a8e1
1 parent 34aa55a
commit 1c9a8e1
Show file tree

Hide file tree

Showing 11 changed files with 52 additions and 51 deletions.
diff --git a/...thorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java b/...thorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java
@@ -48,7 +48,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.function.Function;
 import java.util.stream.Collectors;
 
 /**
@@ -91,7 +90,7 @@ public void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo au
     @Override
     public void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
                                      AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
-                                     Function<String, AliasOrIndex> aliasOrIndexFunction,
+                                     Map<String, AliasOrIndex> aliasOrIndexLookup,
                                      ActionListener<IndexAuthorizationResult> listener) {
         if (isSuperuser(requestInfo.getAuthentication().getUser())) {
             indicesAsyncSupplier.getAsync(ActionListener.wrap(resolvedIndices -> {
@@ -110,9 +109,9 @@ public void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo auth
 
     @Override
     public void loadAuthorizedIndices(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
-                                      Map<String, AliasOrIndex> aliasAndIndexLookup, ActionListener<List<String>> listener) {
+                                      Map<String, AliasOrIndex> aliasOrIndexLookup, ActionListener<List<String>> listener) {
         if (isSuperuser(requestInfo.getAuthentication().getUser())) {
-            listener.onResponse(new ArrayList<>(aliasAndIndexLookup.keySet()));
+            listener.onResponse(new ArrayList<>(aliasOrIndexLookup.keySet()));
         } else {
             listener.onResponse(Collections.emptyList());
         }

diff --git a/...zation-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java b/...zation-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java
@@ -21,6 +21,7 @@
 
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.support.PlainActionFuture;
+import org.elasticsearch.cluster.metadata.AliasOrIndex;
 import org.elasticsearch.cluster.metadata.AliasOrIndex.Index;
 import org.elasticsearch.cluster.metadata.IndexMetaData;
 import org.elasticsearch.test.ESTestCase;
@@ -36,6 +37,8 @@
 import org.elasticsearch.xpack.core.security.user.User;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import static org.hamcrest.Matchers.is;
 
@@ -125,6 +128,8 @@ public void testAuthorizeClusterAction() {
 
     public void testAuthorizeIndexAction() {
         CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
+        Map<String, AliasOrIndex> aliasOrIndexMap = new HashMap<>();
+        aliasOrIndexMap.put("index", new Index(IndexMetaData.builder("index").build()));
         // authorized
         {
             RequestInfo requestInfo =
@@ -137,7 +142,7 @@ public void testAuthorizeIndexAction() {
             PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
             engine.authorizeIndexAction(requestInfo, authzInfo,
                 listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                name -> name.equals("index") ? new Index(IndexMetaData.builder("index").build()) : null, resultFuture);
+                aliasOrIndexMap, resultFuture);
             IndexAuthorizationResult result = resultFuture.actionGet();
             assertThat(result.isGranted(), is(true));
             assertThat(result.isAuditable(), is(true));
@@ -158,7 +163,7 @@ public void testAuthorizeIndexAction() {
             PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
             engine.authorizeIndexAction(requestInfo, authzInfo,
                 listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                name -> name.equals("index") ? new Index(IndexMetaData.builder("index").build()) : null, resultFuture);
+                aliasOrIndexMap, resultFuture);
             IndexAuthorizationResult result = resultFuture.actionGet();
             assertThat(result.isGranted(), is(false));
             assertThat(result.isAuditable(), is(true));

diff --git a/...n/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.java b/...n/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.java
@@ -22,7 +22,6 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.function.Function;
 
 /**
  * <p>
@@ -57,7 +56,7 @@
  *         can actually impersonate the user running the request.</li>
  *     <li>{@link #authorizeClusterAction(RequestInfo, AuthorizationInfo, ActionListener)} if the
  *         request is a cluster level operation.</li>
- *     <li>{@link #authorizeIndexAction(RequestInfo, AuthorizationInfo, AsyncSupplier, Function, ActionListener)} if
+ *     <li>{@link #authorizeIndexAction(RequestInfo, AuthorizationInfo, AsyncSupplier, Map, ActionListener)} if
  *         the request is a an index action. This method may be called multiple times for a single
  *         request as the request may be made up of sub-requests that also need to be authorized. The async supplier
  *         for resolved indices will invoke the
@@ -66,7 +65,7 @@
  * </ol>
  * <br><p>
  * <em>NOTE:</em> the {@link #loadAuthorizedIndices(RequestInfo, AuthorizationInfo, Map, ActionListener)}
- * method may be called prior to {@link #authorizeIndexAction(RequestInfo, AuthorizationInfo, AsyncSupplier, Function, ActionListener)}
+ * method may be called prior to {@link #authorizeIndexAction(RequestInfo, AuthorizationInfo, AsyncSupplier, Map, ActionListener)}
  * in cases where wildcards need to be expanded.
  * </p><br>
  * Authorization engines can be called from various threads including network threads that should
@@ -124,12 +123,12 @@ public interface AuthorizationEngine {
      *                          from {@link #resolveAuthorizationInfo(RequestInfo, ActionListener)}
      * @param indicesAsyncSupplier the asynchronous supplier for the indices that this request is
      *                             attempting to operate on
-     * @param aliasOrIndexFunction a function that when given a string name, returns the cluster
-     *                             metadata specific to that alias or index
+     * @param aliasOrIndexLookup a map of a string name to the cluster metadata specific to that
+     *                            alias or index
      * @param listener the listener to be notified of the authorization result
      */
     void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
-                              AsyncSupplier<ResolvedIndices> indicesAsyncSupplier, Function<String, AliasOrIndex> aliasOrIndexFunction,
+                              AsyncSupplier<ResolvedIndices> indicesAsyncSupplier, Map<String, AliasOrIndex> aliasOrIndexLookup,
                               ActionListener<IndexAuthorizationResult> listener);
 
     /**
@@ -140,12 +139,12 @@ void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizati
      *                    and associated user(s)
      * @param authorizationInfo information needed from authorization that was previously retrieved
      *                          from {@link #resolveAuthorizationInfo(RequestInfo, ActionListener)}
-     * @param aliasAndIndexLookup a function that when given a string name, returns the cluster
-     *                            metadata specific to that alias or index
+     * @param aliasOrIndexLookup a map of a string name to the cluster metadata specific to that
+     *                            alias or index
      * @param listener the listener to be notified of the authorization result
      */
     void loadAuthorizedIndices(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
-                               Map<String, AliasOrIndex> aliasAndIndexLookup, ActionListener<List<String>> listener);
+                               Map<String, AliasOrIndex> aliasOrIndexLookup, ActionListener<List<String>> listener);
 
 
     /**

diff --git a/...c/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java b/...c/main/java/org/elasticsearch/xpack/core/security/authz/permission/IndicesPermission.java
@@ -30,7 +30,6 @@
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
-import java.util.function.Function;
 import java.util.function.Predicate;
 
 import static java.util.Collections.unmodifiableMap;
@@ -136,7 +135,7 @@ public Automaton allowedActionsMatcher(String index) {
      * Authorizes the provided action against the provided indices, given the current cluster metadata
      */
     public Map<String, IndicesAccessControl.IndexAccessControl> authorize(String action, Set<String> requestedIndicesOrAliases,
-                                                                          Function<String, AliasOrIndex> allAliasesAndIndices,
+                                                                          Map<String, AliasOrIndex> allAliasesAndIndices,
                                                                           FieldPermissionsCache fieldPermissionsCache) {
         // now... every index that is associated with the request, must be granted
         // by at least one indices permission group
@@ -147,7 +146,7 @@ public Map<String, IndicesAccessControl.IndexAccessControl> authorize(String act
         for (String indexOrAlias : requestedIndicesOrAliases) {
             boolean granted = false;
             Set<String> concreteIndices = new HashSet<>();
-            AliasOrIndex aliasOrIndex = allAliasesAndIndices.apply(indexOrAlias);
+            AliasOrIndex aliasOrIndex = allAliasesAndIndices.get(indexOrAlias);
             if (aliasOrIndex != null) {
                 for (IndexMetaData indexMetaData : aliasOrIndex.getIndices()) {
                     concreteIndices.add(indexMetaData.getIndex().getName());

diff --git a/...lugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/Role.java b/...lugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/Role.java
@@ -79,7 +79,7 @@ public static Builder builder(RoleDescriptor rd, FieldPermissionsCache fieldPerm
      * is configured for any group also the allowed fields and role queries are resolved.
      */
     public IndicesAccessControl authorize(String action, Set<String> requestedIndicesOrAliases,
-                                          Function<String, AliasOrIndex> aliasAndIndexLookup,
+                                          Map<String, AliasOrIndex> aliasAndIndexLookup,
                                           FieldPermissionsCache fieldPermissionsCache) {
         Map<String, IndicesAccessControl.IndexAccessControl> indexPermissions = indices.authorize(
             action, requestedIndicesOrAliases, aliasAndIndexLookup, fieldPermissionsCache

diff --git a/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -589,7 +589,7 @@ private void assertMonitoringOnRestrictedIndices(Role role) {
         for (final String indexMonitoringActionName : indexMonitoringActionNamesList) {
             final Map<String, IndexAccessControl> authzMap = role.indices().authorize(indexMonitoringActionName,
                 Sets.newHashSet(RestrictedIndicesNames.INTERNAL_SECURITY_INDEX, RestrictedIndicesNames.SECURITY_INDEX_NAME),
-                metaData.getAliasAndIndexLookup()::get, fieldPermissionsCache);
+                metaData.getAliasAndIndexLookup(), fieldPermissionsCache);
             assertThat(authzMap.get(RestrictedIndicesNames.INTERNAL_SECURITY_INDEX).isGranted(), is(true));
             assertThat(authzMap.get(RestrictedIndicesNames.SECURITY_INDEX_NAME).isGranted(), is(true));
         }
@@ -708,22 +708,22 @@ public void testSuperuserRole() {
         FieldPermissionsCache fieldPermissionsCache = new FieldPermissionsCache(Settings.EMPTY);
         SortedMap<String, AliasOrIndex> lookup = metaData.getAliasAndIndexLookup();
         Map<String, IndexAccessControl> authzMap =
-                superuserRole.indices().authorize(SearchAction.NAME, Sets.newHashSet("a1", "ba"), lookup::get, fieldPermissionsCache);
+                superuserRole.indices().authorize(SearchAction.NAME, Sets.newHashSet("a1", "ba"), lookup, fieldPermissionsCache);
         assertThat(authzMap.get("a1").isGranted(), is(true));
         assertThat(authzMap.get("b").isGranted(), is(true));
         authzMap =
-            superuserRole.indices().authorize(DeleteIndexAction.NAME, Sets.newHashSet("a1", "ba"), lookup::get, fieldPermissionsCache);
+            superuserRole.indices().authorize(DeleteIndexAction.NAME, Sets.newHashSet("a1", "ba"), lookup, fieldPermissionsCache);
         assertThat(authzMap.get("a1").isGranted(), is(true));
         assertThat(authzMap.get("b").isGranted(), is(true));
-        authzMap = superuserRole.indices().authorize(IndexAction.NAME, Sets.newHashSet("a2", "ba"), lookup::get, fieldPermissionsCache);
+        authzMap = superuserRole.indices().authorize(IndexAction.NAME, Sets.newHashSet("a2", "ba"), lookup, fieldPermissionsCache);
         assertThat(authzMap.get("a2").isGranted(), is(true));
         assertThat(authzMap.get("b").isGranted(), is(true));
         authzMap = superuserRole.indices()
-                .authorize(UpdateSettingsAction.NAME, Sets.newHashSet("aaaaaa", "ba"), lookup::get, fieldPermissionsCache);
+                .authorize(UpdateSettingsAction.NAME, Sets.newHashSet("aaaaaa", "ba"), lookup, fieldPermissionsCache);
         assertThat(authzMap.get("aaaaaa").isGranted(), is(true));
         assertThat(authzMap.get("b").isGranted(), is(true));
         authzMap = superuserRole.indices().authorize(randomFrom(IndexAction.NAME, DeleteIndexAction.NAME, SearchAction.NAME),
-                Sets.newHashSet(RestrictedIndicesNames.SECURITY_INDEX_NAME), lookup::get, fieldPermissionsCache);
+                Sets.newHashSet(RestrictedIndicesNames.SECURITY_INDEX_NAME), lookup, fieldPermissionsCache);
         assertThat(authzMap.get(RestrictedIndicesNames.SECURITY_INDEX_NAME).isGranted(), is(true));
         assertThat(authzMap.get(RestrictedIndicesNames.INTERNAL_SECURITY_INDEX).isGranted(), is(true));
         assertTrue(superuserRole.indices().check(SearchAction.NAME));

diff --git a/...n/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java b/...n/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
@@ -252,7 +252,7 @@ private void authorizeAction(final RequestInfo requestInfo, final String request
                 }));
             });
             authzEngine.authorizeIndexAction(requestInfo, authzInfo, resolvedIndicesAsyncSupplier,
-                metaData.getAliasAndIndexLookup()::get, wrapPreservingContext(new AuthorizationResultListener<>(result ->
+                metaData.getAliasAndIndexLookup(), wrapPreservingContext(new AuthorizationResultListener<>(result ->
                     handleIndexActionAuthorizationResult(result, requestInfo, requestId, authzInfo, authzEngine, authorizedIndicesSupplier,
                         resolvedIndicesAsyncSupplier, metaData, listener),
                     listener::onFailure, requestInfo, requestId, authzInfo), threadContext));
@@ -296,7 +296,7 @@ private void handleIndexActionAuthorizationResult(final IndexAuthorizationResult
                             ril.onResponse(withAliases);
                         }, ril::onFailure));
                     },
-                    metaData.getAliasAndIndexLookup()::get,
+                    metaData.getAliasAndIndexLookup(),
                     wrapPreservingContext(new AuthorizationResultListener<>(
                         authorizationResult -> runRequestInterceptors(requestInfo, authzInfo, authorizationEngine, listener),
                         listener::onFailure, aliasesRequestInfo, requestId, authzInfo), threadContext));
@@ -506,7 +506,7 @@ private void authorizeBulkItems(RequestInfo requestInfo, AuthorizationInfo authz
                         new RequestInfo(requestInfo.getAuthentication(), requestInfo.getRequest(), bulkItemAction);
                     authzEngine.authorizeIndexAction(bulkItemInfo, authzInfo,
                         ril -> ril.onResponse(new ResolvedIndices(new ArrayList<>(indices), Collections.emptyList())),
-                        metaData.getAliasAndIndexLookup()::get, ActionListener.wrap(indexAuthorizationResult ->
+                        metaData.getAliasAndIndexLookup(), ActionListener.wrap(indexAuthorizationResult ->
                                 groupedActionListener.onResponse(new Tuple<>(bulkItemAction, indexAuthorizationResult)),
                             groupedActionListener::onFailure));
                 });

diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java
@@ -76,7 +76,6 @@
 import java.util.Map.Entry;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.function.Function;
 import java.util.function.Predicate;
 
 import static org.elasticsearch.common.Strings.arrayToCommaDelimitedString;
@@ -213,7 +212,7 @@ private static boolean shouldAuthorizeIndexActionNameOnly(String action, Transpo
     @Override
     public void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
                                      AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
-                                     Function<String, AliasOrIndex> aliasOrIndexFunction,
+                                     Map<String, AliasOrIndex> aliasOrIndexLookup,
                                      ActionListener<IndexAuthorizationResult> listener) {
         final String action = requestInfo.getAction();
         final TransportRequest request = requestInfo.getRequest();
@@ -264,7 +263,7 @@ public void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo auth
                     authorizeIndexActionName(action, authorizationInfo, IndicesAccessControl.ALLOW_NO_INDICES, listener);
                 } else {
                     buildIndicesAccessControl(authentication, action, authorizationInfo,
-                        Sets.newHashSet(resolvedIndices.getLocal()), aliasOrIndexFunction, listener);
+                        Sets.newHashSet(resolvedIndices.getLocal()), aliasOrIndexLookup, listener);
                 }
             }, listener::onFailure));
         } else {
@@ -280,7 +279,7 @@ public void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo auth
                                 listener.onResponse(new IndexAuthorizationResult(true, IndicesAccessControl.ALLOW_NO_INDICES));
                             } else {
                                 buildIndicesAccessControl(authentication, action, authorizationInfo,
-                                    Sets.newHashSet(resolvedIndices.getLocal()), aliasOrIndexFunction, listener);
+                                    Sets.newHashSet(resolvedIndices.getLocal()), aliasOrIndexLookup, listener);
                             }
                         }, listener::onFailure));
                     } else {
@@ -307,10 +306,10 @@ private void authorizeIndexActionName(String action, AuthorizationInfo authoriza
 
     @Override
     public void loadAuthorizedIndices(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
-                                      Map<String, AliasOrIndex> aliasAndIndexLookup, ActionListener<List<String>> listener) {
+                                      Map<String, AliasOrIndex> aliasOrIndexLookup, ActionListener<List<String>> listener) {
         if (authorizationInfo instanceof RBACAuthorizationInfo) {
             final Role role = ((RBACAuthorizationInfo) authorizationInfo).getRole();
-            listener.onResponse(resolveAuthorizedIndicesFromRole(role, requestInfo.getAction(), aliasAndIndexLookup));
+            listener.onResponse(resolveAuthorizedIndicesFromRole(role, requestInfo.getAction(), aliasOrIndexLookup));
         } else {
             listener.onFailure(
                 new IllegalArgumentException("unsupported authorization info:" + authorizationInfo.getClass().getSimpleName()));
@@ -550,9 +549,9 @@ static List<String> resolveAuthorizedIndicesFromRole(Role role, String action, M
     }
 
     private void buildIndicesAccessControl(Authentication authentication, String action,
-                                          AuthorizationInfo authorizationInfo, Set<String> indices,
-                                          Function<String, AliasOrIndex> aliasAndIndexLookup,
-                                          ActionListener<IndexAuthorizationResult> listener) {
+                                           AuthorizationInfo authorizationInfo, Set<String> indices,
+                                           Map<String, AliasOrIndex> aliasAndIndexLookup,
+                                           ActionListener<IndexAuthorizationResult> listener) {
         if (authorizationInfo instanceof RBACAuthorizationInfo) {
             final Role role = ((RBACAuthorizationInfo) authorizationInfo).getRole();
             final IndicesAccessControl accessControl = role.authorize(action, indices, aliasAndIndexLookup, fieldPermissionsCache);