Fix compilation and tests for customAuthzEngine (#125469)

Relates: #123812
2025-06-28 17:34:17 -04:00 · 2025-03-24 12:03:06 +11:00 · 2025-03-24 12:03:06 +11:00 · 6c04abc68c
commit 6c04abc68c
parent 59a55c85f3
3 changed files with 68 additions and 52 deletions
--- a/plugins/examples/custom-processor/src/main/java/org/elasticsearch/example/customprocessor/ExampleRepeatProcessor.java
+++ b/plugins/examples/custom-processor/src/main/java/org/elasticsearch/example/customprocessor/ExampleRepeatProcessor.java
@ -1,5 +1,6 @@
 package org.elasticsearch.example.customprocessor;

+import org.elasticsearch.cluster.metadata.ProjectId;
 import org.elasticsearch.ingest.AbstractProcessor;
 import org.elasticsearch.ingest.ConfigurationUtils;
 import org.elasticsearch.ingest.IngestDocument;
@ -44,7 +45,8 @@ public class ExampleRepeatProcessor extends AbstractProcessor {
            Map<String, Processor.Factory> registry,
            String tag,
            String description,
-            Map<String, Object> config
+            Map<String, Object> config,
+            ProjectId projectId
        ) {
            String field = ConfigurationUtils.readStringProperty(TYPE, tag, config, FIELD_KEY_NAME);
            return new ExampleRepeatProcessor(tag, description, field);
--- a/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java
+++ b/plugins/examples/security-authorization-engine/src/main/java/org/elasticsearch/example/CustomAuthorizationEngine.java
@ -87,15 +87,15 @@ public class CustomAuthorizationEngine implements AuthorizationEngine {
    }

    @Override
-    SubscribableListener<IndexAuthorizationResult> void authorizeIndexAction(
+    public SubscribableListener<IndexAuthorizationResult> authorizeIndexAction(
        RequestInfo requestInfo,
        AuthorizationInfo authorizationInfo,
        AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
        ProjectMetadata project
    ) {
        if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
-            ActionListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
-            indicesAsyncSupplier.getAsync(ActionListener.wrap(resolvedIndices -> {
+            SubscribableListener<IndexAuthorizationResult> listener = new SubscribableListener<>();
+            indicesAsyncSupplier.getAsync().addListener(ActionListener.wrap(resolvedIndices -> {
                Map<String, IndexAccessControl> indexAccessControlMap = new HashMap<>();
                for (String name : resolvedIndices.getLocal()) {
                    indexAccessControlMap.put(name, new IndexAccessControl(FieldPermissions.DEFAULT, null));
@ -106,7 +106,7 @@ public class CustomAuthorizationEngine implements AuthorizationEngine {
            }, listener::onFailure));
            return listener;
        } else {
-            return SubscribableListener.succcess(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
+            return SubscribableListener.newSucceeded(new IndexAuthorizationResult(IndicesAccessControl.DENIED));
        }
    }

@ -120,7 +120,7 @@ public class CustomAuthorizationEngine implements AuthorizationEngine {
        if (isSuperuser(requestInfo.getAuthentication().getEffectiveSubject().getUser())) {
            listener.onResponse(new AuthorizedIndices() {
                public Set<String> all(IndexComponentSelector selector) {
-                    return () -> indicesLookup.keySet();
+                    return indicesLookup.keySet();
                }
                public boolean check(String name, IndexComponentSelector selector) {
                    return indicesLookup.containsKey(name);
@ -129,7 +129,7 @@ public class CustomAuthorizationEngine implements AuthorizationEngine {
        } else {
            listener.onResponse(new AuthorizedIndices() {
                public Set<String> all(IndexComponentSelector selector) {
-                    return () -> Set.of();
+                    return Set.of();
                }
                public boolean check(String name, IndexComponentSelector selector) {
                    return false;
--- a/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java
+++ b/plugins/examples/security-authorization-engine/src/test/java/org/elasticsearch/example/CustomAuthorizationEngineTests.java
@ -11,10 +11,8 @@ package org.elasticsearch.example;

 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.support.PlainActionFuture;
-import org.elasticsearch.cluster.metadata.IndexAbstraction;
-import org.elasticsearch.cluster.metadata.IndexAbstraction.ConcreteIndex;
+import org.elasticsearch.action.support.SubscribableListener;
 import org.elasticsearch.cluster.metadata.IndexMetadata;
-import org.elasticsearch.cluster.metadata.Metadata;
 import org.elasticsearch.cluster.metadata.ProjectMetadata;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.IndexVersion;
@ -31,9 +29,6 @@ import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessCo
 import org.elasticsearch.xpack.core.security.user.User;

 import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.stream.Stream;

 import static org.hamcrest.Matchers.is;

@ -52,13 +47,15 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

    public void testAuthorizeRunAs() {
        final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
+        final TransportRequest request = new TransportRequest() {
+        };
        CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
        // unauthorized
        {
-            Authentication authentication = Authentication
-                .newRealmAuthentication(new User("bar", "not_superuser"), new RealmRef("test", "test", "node"))
-                .runAs(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
+            Authentication authentication = Authentication.newRealmAuthentication(
+                new User("bar", "not_superuser"),
+                new RealmRef("test", "test", "node")
+            ).runAs(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
            RequestInfo info = new RequestInfo(authentication, request, action, null);
            PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
            engine.resolveAuthorizationInfo(info, future);
@ -72,9 +69,10 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

        // authorized
        {
-            Authentication authentication = Authentication
-                .newRealmAuthentication(new User("bar", "custom_superuser"), new RealmRef("test", "test", "node"))
-                .runAs(new User("joe", "not_superuser"), new RealmRef("test", "test", "node"));
+            Authentication authentication = Authentication.newRealmAuthentication(
+                new User("bar", "custom_superuser"),
+                new RealmRef("test", "test", "node")
+            ).runAs(new User("joe", "not_superuser"), new RealmRef("test", "test", "node"));
            RequestInfo info = new RequestInfo(authentication, request, action, null);
            PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
            engine.resolveAuthorizationInfo(info, future);
@ -103,10 +101,12 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

        // unauthorized
        {
-            RequestInfo unauthReqInfo =
-                new RequestInfo(
+            RequestInfo unauthReqInfo = new RequestInfo(
                Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
-                    requestInfo.getRequest(), requestInfo.getAction(), null);
+                requestInfo.getRequest(),
+                requestInfo.getAction(),
+                null
+            );
            PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
            engine.resolveAuthorizationInfo(unauthReqInfo, future);
            AuthorizationInfo authzInfo = future.actionGet();
@ -120,28 +120,35 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

    public void testAuthorizeIndexAction() {
        CustomAuthorizationEngine engine = new CustomAuthorizationEngine();
-        ProjectMetadata project = ProjectMetadata.builder(randomProjectIdOrDefault()).put(IndexMetadata.builder("index")
+        ProjectMetadata project = ProjectMetadata.builder(randomProjectIdOrDefault())
+            .put(
+                IndexMetadata.builder("index")
                    .settings(Settings.builder().put("index.version.created", IndexVersion.current()))
                    .numberOfShards(1)
                    .numberOfReplicas(0)
                    .build(),
                false
-                ).build();
+            )
+            .build();
        // authorized
        {
-            RequestInfo requestInfo =
-                new RequestInfo(
+            RequestInfo requestInfo = new RequestInfo(
                Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node")),
-                    new SearchRequest(), "indices:data/read/search", null);
+                new SearchRequest(),
+                "indices:data/read/search",
+                null
+            );
            PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
            engine.resolveAuthorizationInfo(requestInfo, future);
            AuthorizationInfo authzInfo = future.actionGet();

-            PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
-            engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
-            IndexAuthorizationResult result = resultFuture.actionGet();
+            final SubscribableListener<IndexAuthorizationResult> resultListener = engine.authorizeIndexAction(
+                requestInfo,
+                authzInfo,
+                () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
+                project
+            );
+            IndexAuthorizationResult result = safeAwait(resultListener);
            assertThat(result.isGranted(), is(true));
            IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
            assertNotNull(indicesAccessControl.getIndexPermissions("index"));
@ -149,19 +156,23 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

        // unauthorized
        {
-            RequestInfo requestInfo =
-                new RequestInfo(
+            RequestInfo requestInfo = new RequestInfo(
                Authentication.newRealmAuthentication(new User("joe", "not_superuser"), new RealmRef("test", "test", "node")),
-                    new SearchRequest(), "indices:data/read/search", null);
+                new SearchRequest(),
+                "indices:data/read/search",
+                null
+            );
            PlainActionFuture<AuthorizationInfo> future = new PlainActionFuture<>();
            engine.resolveAuthorizationInfo(requestInfo, future);
            AuthorizationInfo authzInfo = future.actionGet();

-            PlainActionFuture<IndexAuthorizationResult> resultFuture = new PlainActionFuture<>();
-            engine.authorizeIndexAction(requestInfo, authzInfo,
-                listener -> listener.onResponse(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
-                project, resultFuture);
-            IndexAuthorizationResult result = resultFuture.actionGet();
+            final SubscribableListener<IndexAuthorizationResult> resultListener = engine.authorizeIndexAction(
+                requestInfo,
+                authzInfo,
+                () -> SubscribableListener.newSucceeded(new ResolvedIndices(Collections.singletonList("index"), Collections.emptyList())),
+                project
+            );
+            IndexAuthorizationResult result = safeAwait(resultListener);
            assertThat(result.isGranted(), is(false));
            IndicesAccessControl indicesAccessControl = result.getIndicesAccessControl();
            assertNull(indicesAccessControl.getIndexPermissions("index"));
@ -170,9 +181,12 @@ public class CustomAuthorizationEngineTests extends ESTestCase {

    private RequestInfo getRequestInfo() {
        final String action = "cluster:monitor/foo";
-        final TransportRequest request = new TransportRequest() {};
-        final Authentication authentication =
-            Authentication.newRealmAuthentication(new User("joe", "custom_superuser"), new RealmRef("test", "test", "node"));
+        final TransportRequest request = new TransportRequest() {
+        };
+        final Authentication authentication = Authentication.newRealmAuthentication(
+            new User("joe", "custom_superuser"),
+            new RealmRef("test", "test", "node")
+        );
        return new RequestInfo(authentication, request, action, null);
    }
 }