Skip to content

Commit

Permalink
Merge pull request from GHSA-wmx7-x4jp-9jgg
Browse files Browse the repository at this point in the history
* Resolving backing indices of data streams when resolving for aliases

* Fixing resolution of indices for non-wild card scenarios / exact matches

* Adding tests for DLS/FLS/Field-Masking on Data Streams

Co-authored-by: Sandesh Kumar <kusandes@amazon.com>
  • Loading branch information
Dave Lago and Sandesh Kumar committed Nov 7, 2022
1 parent f75be3e commit f7cc569
Show file tree
Hide file tree
Showing 5 changed files with 472 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
import org.opensearch.security.user.User;

import static org.opensearch.cluster.metadata.IndexAbstraction.Type.ALIAS;
import static org.opensearch.cluster.metadata.IndexAbstraction.Type.DATA_STREAM;

public class ConfigModelV7 extends ConfigModel {

Expand Down Expand Up @@ -769,20 +770,22 @@ public Set<String> getResolvedIndexPattern(final User user, final IndexNameExpre
final ImmutableSet.Builder<String> resolvedIndices = new ImmutableSet.Builder<>();

final WildcardMatcher matcher = WildcardMatcher.from(unresolved);
boolean includeDataStreams = true;
if (!(matcher instanceof WildcardMatcher.Exact)) {
final String[] aliasesForPermittedPattern = cs.state().getMetadata().getIndicesLookup().entrySet().stream()
.filter(e -> e.getValue().getType() == ALIAS)
final String[] aliasesAndDataStreamsForPermittedPattern = cs.state().getMetadata().getIndicesLookup().entrySet().stream()
.filter(e -> (e.getValue().getType() == ALIAS) || (e.getValue().getType() == DATA_STREAM))
.filter(e -> matcher.test(e.getKey()))
.map(e -> e.getKey())
.toArray(String[]::new);
if (aliasesForPermittedPattern.length > 0) {
final String[] resolvedAliases = resolver.concreteIndexNames(cs.state(), IndicesOptions.lenientExpandOpen(), aliasesForPermittedPattern);
resolvedIndices.addAll(Arrays.asList(resolvedAliases));
if (aliasesAndDataStreamsForPermittedPattern.length > 0) {
final String[] resolvedAliasesAndDataStreamIndices = resolver.concreteIndexNames(cs.state(),
IndicesOptions.lenientExpandOpen(), includeDataStreams, aliasesAndDataStreamsForPermittedPattern);
resolvedIndices.addAll(Arrays.asList(resolvedAliasesAndDataStreamIndices));
}
}

if (Strings.isNotBlank(unresolved)) {
final String[] resolvedIndicesFromPattern = resolver.concreteIndexNames(cs.state(), IndicesOptions.lenientExpandOpen(), unresolved);
final String[] resolvedIndicesFromPattern = resolver.concreteIndexNames(cs.state(), IndicesOptions.lenientExpandOpen(), includeDataStreams, unresolved);
resolvedIndices.addAll(Arrays.asList(resolvedIndicesFromPattern));
}

Expand Down
Loading

0 comments on commit f7cc569

Please sign in to comment.