-
Notifications
You must be signed in to change notification settings - Fork 36
Added User support for background job and API Transport Actions #272
Conversation
Codecov Report
@@ Coverage Diff @@
## master #272 +/- ##
============================================
- Coverage 71.23% 70.69% -0.54%
- Complexity 1761 1776 +15
============================================
Files 185 186 +1
Lines 8436 8597 +161
Branches 722 731 +9
============================================
+ Hits 6009 6078 +69
- Misses 2089 2173 +84
- Partials 338 346 +8
Flags with carried forward coverage won't be shown. Click here to find out more. |
src/main/java/com/amazon/opendistroforelasticsearch/ad/rest/AbstractSearchAction.java
Show resolved
Hide resolved
...a/com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyResultTransportAction.java
Outdated
Show resolved
Hide resolved
...com/amazon/opendistroforelasticsearch/ad/transport/DeleteAnomalyDetectorTransportAction.java
Show resolved
Hide resolved
...va/com/amazon/opendistroforelasticsearch/ad/transport/GetAnomalyDetectorTransportAction.java
Show resolved
Hide resolved
.../com/amazon/opendistroforelasticsearch/ad/transport/IndexAnomalyDetectorTransportAction.java
Show resolved
Hide resolved
...a/com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyResultTransportAction.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
try { | ||
this.restClient = new SecureRestClientBuilder(settings, environment.configFile()).build(); | ||
} catch (IOException e) { | ||
e.printStackTrace(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
change to log.error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point sure.
...com/amazon/opendistroforelasticsearch/ad/rest/handler/IndexAnomalyDetectorActionHandler.java
Show resolved
Hide resolved
src/main/java/com/amazon/opendistroforelasticsearch/ad/settings/AnomalyDetectorSettings.java
Show resolved
Hide resolved
@@ -101,6 +106,14 @@ public static String validateAnomalyDetector(AnomalyDetector anomalyDetector, in | |||
return null; | |||
} | |||
|
|||
public static void addFilter(User user, SearchSourceBuilder searchSourceBuilder, String fieldName) { | |||
TermsQueryBuilder filterBackendRoles = QueryBuilders.termsQuery(fieldName, user.getBackendRoles()); | |||
if (searchSourceBuilder.query() instanceof BoolQueryBuilder) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the searchSourceBuilder.query()
is not a BoolQueryBuilder
?
For example, one user want to count all anomaly result. That will be just an aggregation query. For this case we will not add this filterBackendRoles
term query to the original query, then user can get total anomaly result count for all users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any updates? If it's not easy to build a flexible solution. How about we start from supporting BoolQueryBuilder
like alerting ? We can support more query types in future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, its getting tricky support other queries, I spent some time to figure out if there is a cleaner way of doing it.
Like you said, lets start supporting the bool query and we can add support to the other queries if needed later.
I will handle queries with an error for now.
...a/com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyResultTransportAction.java
Show resolved
Hide resolved
...a/com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyResultTransportAction.java
Show resolved
Hide resolved
...com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyDetectorTransportAction.java
Show resolved
Hide resolved
...com/amazon/opendistroforelasticsearch/ad/transport/SearchAnomalyDetectorTransportAction.java
Show resolved
Hide resolved
src/main/java/com/amazon/opendistroforelasticsearch/ad/util/RestHandlerUtils.java
Show resolved
Hide resolved
|
||
private void addFilter(User user, SearchSourceBuilder searchSourceBuilder, String fieldName) { | ||
TermsQueryBuilder filterBackendRoles = QueryBuilders.termsQuery(fieldName, user.getBackendRoles()); | ||
// For search detector queries, non BoolQuery is only used to find if the new detector name being created is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If user use curl to search detector, and they don't use bool query, they can search other user's detector data. So we may have security leak.
How about we build a dedicated API to check if detector name is unique or not. The input is simple a detector name string, the output is true or false. And we control access in java code by ourselves. This needs to change AD Kibana code to switch to this new API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah sure that sounds good. I will work with Tyler and work on these changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. Will approve this one. Put the new API in another PR.
BTW, we should throw error for search detectors if not bool query.
*Issue #195 *
Description of changes:
Added User support for background job and API Transport Actions
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.