Add support for DLS Term Lookup Queries (#1541)

Signed-off-by: Jochen Kressin <[email protected]>
opensearch-project · Mar 11, 2022 · 920701e · 920701e
1 parent 3607314
commit 920701e
Show file tree

Hide file tree

Showing 30 changed files with 2,856 additions and 538 deletions.
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -110,6 +110,7 @@
 import org.opensearch.index.IndexModule;
 import org.opensearch.index.cache.query.QueryCache;
 import org.opensearch.index.shard.SearchOperationListener;
+import org.opensearch.indices.IndicesService;
 import org.opensearch.indices.SystemIndexDescriptor;
 import org.opensearch.indices.breaker.CircuitBreakerService;
 import org.opensearch.plugins.ClusterPlugin;
@@ -779,7 +780,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl
             auditLog = new NullAuditLog();
             privilegesInterceptor = new PrivilegesInterceptor(resolver, clusterService, localClient, threadPool);
         } else {
-            dlsFlsValve = new DlsFlsValveImpl();
+            dlsFlsValve = new DlsFlsValveImpl(settings, localClient, clusterService, resolver, xContentRegistry, threadPool.getThreadContext());
             auditLog = new AuditLogImpl(settings, configPath, localClient, threadPool, resolver, clusterService, environment);
             privilegesInterceptor = new PrivilegesInterceptorImpl(resolver, clusterService, localClient, threadPool);
         }
@@ -798,10 +799,10 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl
         // DLS-FLS is enabled if not client and not disabled and not SSL only.
         final boolean dlsFlsEnabled = !SSLConfig.isSslOnlyMode();
         evaluator = new PrivilegesEvaluator(clusterService, threadPool, cr, resolver, auditLog,
-                settings, privilegesInterceptor, cih, irr, dlsFlsEnabled);
-
-        sf = new SecurityFilter(localClient, settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, backendRegistry);
+                settings, privilegesInterceptor, cih, irr, dlsFlsEnabled, namedXContentRegistry);
 
+        sf = new SecurityFilter(localClient, settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, backendRegistry, namedXContentRegistry);
+
         final String principalExtractorClass = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PRINCIPAL_EXTRACTOR_CLASS, null);
 
         if(principalExtractorClass == null) {
@@ -1125,12 +1126,14 @@ public static class GuiceHolder implements LifecycleComponent {
 
         private static RepositoriesService repositoriesService;
         private static RemoteClusterService remoteClusterService;
+        private static IndicesService indicesService;
 
         @Inject
         public GuiceHolder(final RepositoriesService repositoriesService,
-                final TransportService remoteClusterService) {
+                final TransportService remoteClusterService, IndicesService indicesService) {
             GuiceHolder.repositoriesService = repositoriesService;
             GuiceHolder.remoteClusterService = remoteClusterService.getRemoteClusterService();
+            GuiceHolder.indicesService = indicesService;
         }
 
         public static RepositoriesService getRepositoriesService() {
@@ -1141,6 +1144,10 @@ public static RemoteClusterService getRemoteClusterService() {
             return remoteClusterService;
         }
 
+        public static IndicesService getIndicesService() {
+            return indicesService;
+        }
+
         @Override
         public void close() {
         }