Example 16 with IndexNameExpressionResolver
use of org.opensearch.cluster.metadata.IndexNameExpressionResolver in project security by opensearch-project.
the class OpenSearchSecurityPlugin method createComponents.
@Override
public Collection<Object> createComponents(Client localClient, ClusterService clusterService, ThreadPool threadPool, ResourceWatcherService resourceWatcherService, ScriptService scriptService, NamedXContentRegistry xContentRegistry, Environment environment, NodeEnvironment nodeEnvironment, NamedWriteableRegistry namedWriteableRegistry, IndexNameExpressionResolver indexNameExpressionResolver, Supplier<RepositoriesService> repositoriesServiceSupplier) {
SSLConfig.registerClusterSettingsChangeListener(clusterService.getClusterSettings());
if (SSLConfig.isSslOnlyMode()) {
return super.createComponents(localClient, clusterService, threadPool, resourceWatcherService, scriptService, xContentRegistry, environment, nodeEnvironment, namedWriteableRegistry, indexNameExpressionResolver, repositoriesServiceSupplier);
}
this.threadPool = threadPool;
this.cs = clusterService;
this.localClient = localClient;
final List<Object> components = new ArrayList<Object>();
if (client || disabled) {
return components;
}
// Register opensearch dynamic settings
transportPassiveAuthSetting.registerClusterSettingsChangeListener(clusterService.getClusterSettings());
final ClusterInfoHolder cih = new ClusterInfoHolder();
this.cs.addListener(cih);
this.salt = Salt.from(settings);
final IndexNameExpressionResolver resolver = new IndexNameExpressionResolver(threadPool.getThreadContext());
irr = new IndexResolverReplacer(resolver, clusterService, cih);
final String DEFAULT_INTERCLUSTER_REQUEST_EVALUATOR_CLASS = DefaultInterClusterRequestEvaluator.class.getName();
InterClusterRequestEvaluator interClusterRequestEvaluator = new DefaultInterClusterRequestEvaluator(settings);
final String className = settings.get(ConfigConstants.SECURITY_INTERCLUSTER_REQUEST_EVALUATOR_CLASS, DEFAULT_INTERCLUSTER_REQUEST_EVALUATOR_CLASS);
log.debug("Using {} as intercluster request evaluator class", className);
if (!DEFAULT_INTERCLUSTER_REQUEST_EVALUATOR_CLASS.equals(className)) {
interClusterRequestEvaluator = ReflectionHelper.instantiateInterClusterRequestEvaluator(className, settings);
}
final PrivilegesInterceptor privilegesInterceptor;
if (SSLConfig.isSslOnlyMode()) {
dlsFlsValve = new DlsFlsRequestValve.NoopDlsFlsRequestValve();
auditLog = new NullAuditLog();
privilegesInterceptor = new PrivilegesInterceptor(resolver, clusterService, localClient, threadPool);
} else {
dlsFlsValve = new DlsFlsValveImpl(settings, localClient, clusterService, resolver, xContentRegistry, threadPool.getThreadContext());
auditLog = new AuditLogImpl(settings, configPath, localClient, threadPool, resolver, clusterService, environment);
privilegesInterceptor = new PrivilegesInterceptorImpl(resolver, clusterService, localClient, threadPool);
}
sslExceptionHandler = new AuditLogSslExceptionHandler(auditLog);
adminDns = new AdminDNs(settings);
cr = ConfigurationRepository.create(settings, this.configPath, threadPool, localClient, clusterService, auditLog);
final XFFResolver xffResolver = new XFFResolver(threadPool);
backendRegistry = new BackendRegistry(settings, adminDns, xffResolver, auditLog, threadPool);
final CompatConfig compatConfig = new CompatConfig(environment, transportPassiveAuthSetting);
// DLS-FLS is enabled if not client and not disabled and not SSL only.
final boolean dlsFlsEnabled = !SSLConfig.isSslOnlyMode();
evaluator = new PrivilegesEvaluator(clusterService, threadPool, cr, resolver, auditLog, settings, privilegesInterceptor, cih, irr, dlsFlsEnabled, namedXContentRegistry);
sf = new SecurityFilter(settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, xffResolver);
final String principalExtractorClass = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PRINCIPAL_EXTRACTOR_CLASS, null);
if (principalExtractorClass == null) {
principalExtractor = new DefaultPrincipalExtractor();
} else {
principalExtractor = ReflectionHelper.instantiatePrincipalExtractor(principalExtractorClass);
}
securityRestHandler = new SecurityRestFilter(backendRegistry, auditLog, threadPool, principalExtractor, settings, configPath, compatConfig);
final DynamicConfigFactory dcf = new DynamicConfigFactory(cr, settings, configPath, localClient, threadPool, cih);
dcf.registerDCFListener(backendRegistry);
dcf.registerDCFListener(compatConfig);
dcf.registerDCFListener(irr);
dcf.registerDCFListener(xffResolver);
dcf.registerDCFListener(evaluator);
dcf.registerDCFListener(securityRestHandler);
if (!(auditLog instanceof NullAuditLog)) {
// Don't register if advanced modules is disabled in which case auditlog is instance of NullAuditLog
dcf.registerDCFListener(auditLog);
}
cr.setDynamicConfigFactory(dcf);
si = new SecurityInterceptor(settings, threadPool, backendRegistry, auditLog, principalExtractor, interClusterRequestEvaluator, cs, Objects.requireNonNull(sslExceptionHandler), Objects.requireNonNull(cih), SSLConfig);
components.add(principalExtractor);
// is used to first establish trust between same cluster nodes and there after dynamic config is loaded if enabled.
if (DEFAULT_INTERCLUSTER_REQUEST_EVALUATOR_CLASS.equals(className)) {
DefaultInterClusterRequestEvaluator e = (DefaultInterClusterRequestEvaluator) interClusterRequestEvaluator;
e.subscribeForChanges(dcf);
}
components.add(adminDns);
components.add(cr);
components.add(xffResolver);
components.add(backendRegistry);
components.add(evaluator);
components.add(si);
components.add(dcf);
return components;
}
Also used :
ArrayList(java.util.ArrayList)
AdminDNs(org.opensearch.security.configuration.AdminDNs)
DlsFlsRequestValve(org.opensearch.security.configuration.DlsFlsRequestValve)
DefaultPrincipalExtractor(org.opensearch.security.ssl.transport.DefaultPrincipalExtractor)
BackendRegistry(org.opensearch.security.auth.BackendRegistry)
DynamicConfigFactory(org.opensearch.security.securityconf.DynamicConfigFactory)
XFFResolver(org.opensearch.security.http.XFFResolver)
IndexResolverReplacer(org.opensearch.security.resolver.IndexResolverReplacer)
DefaultInterClusterRequestEvaluator(org.opensearch.security.transport.DefaultInterClusterRequestEvaluator)
SecurityFilter(org.opensearch.security.filter.SecurityFilter)
PrivilegesInterceptor(org.opensearch.security.privileges.PrivilegesInterceptor)
AuditLogSslExceptionHandler(org.opensearch.security.auditlog.AuditLogSslExceptionHandler)
CompatConfig(org.opensearch.security.configuration.CompatConfig)
SecurityInterceptor(org.opensearch.security.transport.SecurityInterceptor)
SecurityRestFilter(org.opensearch.security.filter.SecurityRestFilter)
ClusterInfoHolder(org.opensearch.security.configuration.ClusterInfoHolder)
DlsFlsValveImpl(org.opensearch.security.configuration.DlsFlsValveImpl)
AuditLogImpl(org.opensearch.security.auditlog.impl.AuditLogImpl)
NullAuditLog(org.opensearch.security.auditlog.NullAuditLog)
PrivilegesInterceptorImpl(org.opensearch.security.configuration.PrivilegesInterceptorImpl)
IndexNameExpressionResolver(org.opensearch.cluster.metadata.IndexNameExpressionResolver)
PrivilegesEvaluator(org.opensearch.security.privileges.PrivilegesEvaluator)
InterClusterRequestEvaluator(org.opensearch.security.transport.InterClusterRequestEvaluator)
DefaultInterClusterRequestEvaluator(org.opensearch.security.transport.DefaultInterClusterRequestEvaluator)
Example 17 with IndexNameExpressionResolver
use of org.opensearch.cluster.metadata.IndexNameExpressionResolver in project OpenSearch by opensearch-project.
the class IndicesRequestIT method testFlush.
public void testFlush() {
String[] indexShardActions = new String[] { TransportShardFlushAction.NAME, TransportShardFlushAction.NAME + "[r]", TransportShardFlushAction.NAME + "[p]" };
interceptTransportActions(indexShardActions);
FlushRequest flushRequest = new FlushRequest(randomIndicesOrAliases());
internalCluster().coordOnlyNodeClient().admin().indices().flush(flushRequest).actionGet();
clearInterceptedActions();
String[] indices = new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)).concreteIndexNames(client().admin().cluster().prepareState().get().getState(), flushRequest);
assertIndicesSubset(Arrays.asList(indices), indexShardActions);
}
Also used :
FlushRequest(org.opensearch.action.admin.indices.flush.FlushRequest)
ThreadContext(org.opensearch.common.util.concurrent.ThreadContext)
IndexNameExpressionResolver(org.opensearch.cluster.metadata.IndexNameExpressionResolver)
Example 18 with IndexNameExpressionResolver
use of org.opensearch.cluster.metadata.IndexNameExpressionResolver in project OpenSearch by opensearch-project.
the class IndicesRequestIT method testRefresh.
public void testRefresh() {
String[] indexShardActions = new String[] { TransportShardRefreshAction.NAME, TransportShardRefreshAction.NAME + "[r]", TransportShardRefreshAction.NAME + "[p]" };
interceptTransportActions(indexShardActions);
RefreshRequest refreshRequest = new RefreshRequest(randomIndicesOrAliases());
internalCluster().coordOnlyNodeClient().admin().indices().refresh(refreshRequest).actionGet();
clearInterceptedActions();
String[] indices = new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)).concreteIndexNames(client().admin().cluster().prepareState().get().getState(), refreshRequest);
assertIndicesSubset(Arrays.asList(indices), indexShardActions);
}
Also used :
RefreshRequest(org.opensearch.action.admin.indices.refresh.RefreshRequest)
ThreadContext(org.opensearch.common.util.concurrent.ThreadContext)
IndexNameExpressionResolver(org.opensearch.cluster.metadata.IndexNameExpressionResolver)
Example 19 with IndexNameExpressionResolver
use of org.opensearch.cluster.metadata.IndexNameExpressionResolver in project OpenSearch by opensearch-project.
the class ActionModuleTests method testSetupRestHandlerContainsKnownBuiltin.
public void testSetupRestHandlerContainsKnownBuiltin() {
SettingsModule settings = new SettingsModule(Settings.EMPTY);
UsageService usageService = new UsageService();
ActionModule actionModule = new ActionModule(settings.getSettings(), new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)), settings.getIndexScopedSettings(), settings.getClusterSettings(), settings.getSettingsFilter(), null, emptyList(), null, null, usageService, null);
actionModule.initRestHandlers(null);
// At this point the easiest way to confirm that a handler is loaded is to try to register another one on top of it and to fail
Exception e = expectThrows(IllegalArgumentException.class, () -> actionModule.getRestController().registerHandler(new RestHandler() {
@Override
public void handleRequest(RestRequest request, RestChannel channel, NodeClient client) throws Exception {
}
@Override
public List<Route> routes() {
return singletonList(new Route(Method.GET, "/"));
}
}));
assertThat(e.getMessage(), startsWith("Cannot replace existing handler for [/] for method: GET"));
}
Also used :
NodeClient(org.opensearch.client.node.NodeClient)
UsageService(org.opensearch.usage.UsageService)
RestHandler(org.opensearch.rest.RestHandler)
RestRequest(org.opensearch.rest.RestRequest)
SettingsModule(org.opensearch.common.settings.SettingsModule)
ThreadContext(org.opensearch.common.util.concurrent.ThreadContext)
RestChannel(org.opensearch.rest.RestChannel)
IndexNameExpressionResolver(org.opensearch.cluster.metadata.IndexNameExpressionResolver)
IOException(java.io.IOException)
Example 20 with IndexNameExpressionResolver
use of org.opensearch.cluster.metadata.IndexNameExpressionResolver in project OpenSearch by opensearch-project.
the class AutoCreateIndexTests method testUpdate.
public void testUpdate() {
boolean value = randomBoolean();
Settings settings;
if (value && randomBoolean()) {
settings = Settings.EMPTY;
} else {
settings = Settings.builder().put(AutoCreateIndex.AUTO_CREATE_INDEX_SETTING.getKey(), value).build();
}
ClusterSettings clusterSettings = new ClusterSettings(settings, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS);
AutoCreateIndex autoCreateIndex = new AutoCreateIndex(settings, clusterSettings, new IndexNameExpressionResolver(new ThreadContext(Settings.EMPTY)), new SystemIndices(org.opensearch.common.collect.Map.of()));
assertThat(autoCreateIndex.getAutoCreate().isAutoCreateIndex(), equalTo(value));
Settings newSettings = Settings.builder().put(AutoCreateIndex.AUTO_CREATE_INDEX_SETTING.getKey(), !value).build();
clusterSettings.applySettings(newSettings);
assertThat(autoCreateIndex.getAutoCreate().isAutoCreateIndex(), equalTo(!value));
newSettings = Settings.builder().put(AutoCreateIndex.AUTO_CREATE_INDEX_SETTING.getKey(), "logs-*").build();
clusterSettings.applySettings(newSettings);
assertThat(autoCreateIndex.getAutoCreate().isAutoCreateIndex(), equalTo(true));
assertThat(autoCreateIndex.getAutoCreate().getExpressions().size(), equalTo(1));
assertThat(autoCreateIndex.getAutoCreate().getExpressions().get(0).v1(), equalTo("logs-*"));
}
Also used :
ClusterSettings(org.opensearch.common.settings.ClusterSettings)
ThreadContext(org.opensearch.common.util.concurrent.ThreadContext)
IndexNameExpressionResolver(org.opensearch.cluster.metadata.IndexNameExpressionResolver)
SystemIndices(org.opensearch.indices.SystemIndices)
Settings(org.opensearch.common.settings.Settings)
ClusterSettings(org.opensearch.common.settings.ClusterSettings)
Aggregations
IndexNameExpressionResolver (org.opensearch.cluster.metadata.IndexNameExpressionResolver)39
ThreadContext (org.opensearch.common.util.concurrent.ThreadContext)26
ClusterState (org.opensearch.cluster.ClusterState)20
Matchers.containsString (org.hamcrest.Matchers.containsString)18
Settings (org.opensearch.common.settings.Settings)15
ThreadPool (org.opensearch.threadpool.ThreadPool)14
ClusterService (org.opensearch.cluster.service.ClusterService)11
Metadata (org.opensearch.cluster.metadata.Metadata)10
Tuple (org.opensearch.common.collect.Tuple)10
IOException (java.io.IOException)9
Before (org.junit.Before)9
ClusterName (org.opensearch.cluster.ClusterName)9
IndexMetadata (org.opensearch.cluster.metadata.IndexMetadata)9
TestThreadPool (org.opensearch.threadpool.TestThreadPool)8
ActionListener (org.opensearch.action.ActionListener)7
ActionFilters (org.opensearch.action.support.ActionFilters)7
ClusterSettings (org.opensearch.common.settings.ClusterSettings)7
Index (org.opensearch.index.Index)7
TransportService (org.opensearch.transport.TransportService)7
HashSet (java.util.HashSet)5
