#2553 gSmall refactor on logic on SecurityIndexAccessEvaluator.java

Signed-off-by: scosta <samuel.costa@eliatra.com>
opensearch-project · May 16, 2023 · a3ca6c8 · a3ca6c8
1 parent 64092cf
commit a3ca6c8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java b/src/main/java/org/opensearch/security/privileges/SecurityIndexAccessEvaluator.java
@@ -26,8 +26,15 @@
 
 package org.opensearch.security.privileges;
 
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+
 import org.opensearch.action.ActionRequest;
 import org.opensearch.action.RealtimeRequest;
 import org.opensearch.action.search.SearchRequest;
@@ -40,9 +47,6 @@
 import org.opensearch.security.support.WildcardMatcher;
 import org.opensearch.tasks.Task;
 
-import java.util.*;
-import java.util.stream.Collectors;
-
 public class SecurityIndexAccessEvaluator {
     Logger log = LogManager.getLogger(this.getClass());
     private final String securityIndex;
@@ -94,8 +98,8 @@ public PrivilegesEvaluatorResponse evaluate(final ActionRequest request, final T
 
             final boolean isDebugEnabled = log.isDebugEnabled();
 
-            if( matchAnySystemIndices(requestedResolved) && !checkExtensionPermissionsForUser(securityRoles)){
-            log.warn("An account without the {} permission  is trying to access one of the Extensions's System Indexes. Related indexes: {}", ConfigConstants.EXTENSIONS_PERMISSION, requestedResolved.getAllIndices() );
+            if( matchAnySystemIndices(requestedResolved) && !checkSystemIndexPermissionsForUser(securityRoles)){
+            log.warn("An account without the {} permission  is trying to access a System Index. Related indexes: {}", ConfigConstants.SYSTEM_INDEX_PERMISSION, requestedResolved.getAllIndices() );
             presponse.allowed = false;
             return presponse.markComplete();
         }
@@ -115,7 +119,7 @@ public PrivilegesEvaluatorResponse evaluate(final ActionRequest request, final T
                 presponse.allowed = false;
                 return presponse.markComplete();
             }
-            if (matchAnySystemIndices(requestedResolved) && !checkExtensionPermissionsForUser(securityRoles)) {
+            if (matchAnySystemIndices(requestedResolved)) {
                 if (filterSecurityIndex) {
                     Set<String> allWithoutSecurity = new HashSet<>(requestedResolved.getAllIndices());
                     allWithoutSecurity.remove(securityIndex);
@@ -160,7 +164,7 @@ public PrivilegesEvaluatorResponse evaluate(final ActionRequest request, final T
         return presponse;
     }
 
-    private  boolean checkExtensionPermissionsForUser(ConfigModelV7.SecurityRoles securityRoles) {
+    private  boolean checkSystemIndexPermissionsForUser(ConfigModelV7.SecurityRoles securityRoles) {
         Set<WildcardMatcher> userPermMatchers = new HashSet<>();
 
         securityRoles.getRoles().stream().forEach(securityRole -> {

diff --git a/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java
@@ -831,7 +831,7 @@ public WildcardMatcher getPerms() {
             return WildcardMatcher.from(perms);
         }
 
-        public WildcardMatcher getNonStarPerms() {
+        public WildcardMatcher getNonWildCardPerms() {
             return WildcardMatcher.from(perms.stream().filter(perm -> !perm.equals("*") ));
         }
     }