Optimized DLS/FLS

Signed-off-by: Nils Bandener <[email protected]>

src/integrationTest/java/org/opensearch/security/util/MockIndexMetadataBuilder.java

@@ -12,19 +12,16 @@
 
 import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.stream.Collectors;
-
-import com.google.common.collect.ImmutableMap;
 
 import org.opensearch.Version;
 import org.opensearch.cluster.metadata.AliasMetadata;
 import org.opensearch.cluster.metadata.DataStream;
 import org.opensearch.cluster.metadata.IndexAbstraction;
 import org.opensearch.cluster.metadata.IndexMetadata;
+import org.opensearch.cluster.metadata.Metadata;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.core.index.Index;
 
@@ -34,12 +31,15 @@
  */
 public class MockIndexMetadataBuilder {
 
-    private final static Settings INDEX_SETTINGS = Settings.builder()
+    private static final Settings INDEX_SETTINGS = Settings.builder()
         .put(IndexMetadata.SETTING_INDEX_VERSION_CREATED.getKey(), Version.CURRENT)
         .put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
         .put(IndexMetadata.SETTING_NUMBER_OF_REPLICAS, 1)
         .build();
 
+    private Metadata.Builder delegate = new Metadata.Builder();
+    private Map<String, IndexMetadata.Builder> nameToIndexMetadataBuilderMap = new HashMap<>();
+
     private Map<String, IndexAbstraction> nameToIndexAbstractionMap = new HashMap<>();
     private Map<String, IndexMetadata> nameToIndexMetadataMap = new HashMap<>();
     private Map<String, Set<String>> indicesToAliases = new HashMap<>();
@@ -65,55 +65,16 @@ public static MockIndexMetadataBuilder dataStreams(String... dataStreams) {
         return builder;
     }
 
-    public ImmutableMap<String, IndexAbstraction> build() {
-        Map<String, AliasMetadata> aliasMetadataMap = new HashMap<>();
-
-        for (Map.Entry<String, Set<String>> aliasEntry : this.aliasesToIndices.entrySet()) {
-            String alias = aliasEntry.getKey();
-            AliasMetadata aliasMetadata = AliasMetadata.builder(alias).build();
-            aliasMetadataMap.put(alias, aliasMetadata);
-        }
-
-        for (Map.Entry<String, Set<String>> indexEntry : this.indicesToAliases.entrySet()) {
-            String index = indexEntry.getKey();
-            Set<String> aliases = indexEntry.getValue();
-
-            IndexMetadata.Builder indexMetadataBuilder = IndexMetadata.builder(index).settings(INDEX_SETTINGS);
-
-            for (String alias : aliases) {
-                indexMetadataBuilder.putAlias(aliasMetadataMap.get(alias));
-            }
-
-            IndexMetadata indexMetadata = indexMetadataBuilder.build();
-            nameToIndexMetadataMap.put(index, indexMetadata);
-            nameToIndexAbstractionMap.put(index, new IndexAbstraction.Index(indexMetadata));
-        }
-
-        for (Map.Entry<String, Set<String>> aliasEntry : this.aliasesToIndices.entrySet()) {
-            String alias = aliasEntry.getKey();
-            Set<String> indices = aliasEntry.getValue();
-            AliasMetadata aliasMetadata = aliasMetadataMap.get(alias);
-
-            String firstIndex = indices.iterator().next();
-            indices.remove(firstIndex);
-
-            IndexMetadata firstIndexMetadata = nameToIndexMetadataMap.get(firstIndex);
-            IndexAbstraction.Alias indexAbstraction = new IndexAbstraction.Alias(aliasMetadata, firstIndexMetadata);
-
-            for (String index : indices) {
-                indexAbstraction.getIndices().add(nameToIndexMetadataMap.get(index));
-            }
-
-            nameToIndexAbstractionMap.put(alias, indexAbstraction);
+    public Metadata build() {
+        for (IndexMetadata.Builder indexMetadataBuilder : nameToIndexMetadataBuilderMap.values()) {
+            this.delegate.put(indexMetadataBuilder);
         }
 
-        return ImmutableMap.copyOf(this.nameToIndexAbstractionMap);
+        return this.delegate.build();
     }
 
-    public MockIndexMetadataBuilder index(String index) {
-        if (!this.indicesToAliases.containsKey(index)) {
-            this.indicesToAliases.put(index, new HashSet<>());
-        }
+    public MockIndexMetadataBuilder index(String indexName) {
+        getIndexMetadataBuilder(indexName);
         return this;
     }
 
@@ -131,21 +92,11 @@ public MockIndexMetadataBuilder dataStream(String dataStream, int generations) {
         for (int i = 1; i <= generations; i++) {
             String backingIndexName = DataStream.getDefaultBackingIndexName(dataStream, i);
             backingIndices.add(new Index(backingIndexName, backingIndexName));
+            getIndexMetadata(backingIndexName);
         }
 
         DataStream dataStreamMetadata = new DataStream(dataStream, new DataStream.TimestampField("@timestamp"), backingIndices);
-        IndexAbstraction.DataStream dataStreamIndexAbstraction = new IndexAbstraction.DataStream(
-            dataStreamMetadata,
-            backingIndices.stream().map(i -> getIndexMetadata(i.getName())).collect(Collectors.toList())
-        );
-        this.nameToIndexAbstractionMap.put(dataStream, dataStreamIndexAbstraction);
-
-        for (Index backingIndex : backingIndices) {
-            this.nameToIndexAbstractionMap.put(
-                backingIndex.getName(),
-                new IndexAbstraction.Index(getIndexMetadata(backingIndex.getName()), dataStreamIndexAbstraction)
-            );
-        }
+        this.delegate.put(dataStreamMetadata);
 
         return this;
     }
@@ -165,26 +116,51 @@ private IndexMetadata getIndexMetadata(String index) {
         return result;
     }
 
+    private IndexMetadata.Builder getIndexMetadataBuilder(String indexName) {
+        IndexMetadata.Builder result = this.nameToIndexMetadataBuilderMap.get(indexName);
+
+        if (result != null) {
+            return result;
+        }
+
+        result = new IndexMetadata.Builder(indexName).settings(INDEX_SETTINGS);
+
+        this.nameToIndexMetadataBuilderMap.put(indexName, result);
+
+        return result;
+    }
+
     public class AliasBuilder {
-        private String alias;
+        private String aliasName;
 
         private AliasBuilder(String alias) {
-            this.alias = alias;
+            this.aliasName = alias;
         }
 
-        public MockIndexMetadataBuilder of(String firstIndex, String... moreIndices) {
-            MockIndexMetadataBuilder.this.indicesToAliases.computeIfAbsent(firstIndex, (k) -> new HashSet<>()).add(this.alias);
+        public MockIndexMetadataBuilder of(String... indices) {
+            AliasMetadata aliasMetadata = new AliasMetadata.Builder(aliasName).build();
+
+            for (String index : indices) {
+                IndexMetadata.Builder indexMetadataBuilder = getIndexMetadataBuilder(index);
+                indexMetadataBuilder.putAlias(aliasMetadata);
+            }
+
+            /*
+
+            MockIndexMetadataBuilder.this.delegate.put(aliasMetadata);
+
+            MockIndexMetadataBuilder.this.indicesToAliases.computeIfAbsent(firstIndex, (k) -> new HashSet<>()).add(this.aliasName);
 
             Set<String> indices = new HashSet<>();
             indices.add(firstIndex);
 
             for (String index : moreIndices) {
-                MockIndexMetadataBuilder.this.indicesToAliases.computeIfAbsent(index, (k) -> new HashSet<>()).add(this.alias);
+                MockIndexMetadataBuilder.this.indicesToAliases.computeIfAbsent(index, (k) -> new HashSet<>()).add(this.aliasName);
                 indices.add(index);
             }
 
-            MockIndexMetadataBuilder.this.aliasesToIndices.put(this.alias, indices);
-
+            MockIndexMetadataBuilder.this.aliasesToIndices.put(this.aliasName, indices);
+              */
             return MockIndexMetadataBuilder.this;
         }
     }

src/integrationTest/java/org/opensearch/test/framework/TestSecurityConfig.java

@@ -42,6 +42,7 @@
 import java.util.Set;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -54,8 +55,10 @@
 import org.opensearch.common.xcontent.XContentFactory;
 import org.opensearch.core.common.Strings;
 import org.opensearch.core.common.bytes.BytesReference;
+import org.opensearch.core.xcontent.MediaTypeRegistry;
 import org.opensearch.core.xcontent.ToXContentObject;
 import org.opensearch.core.xcontent.XContentBuilder;
+import org.opensearch.index.query.QueryBuilder;
 import org.opensearch.security.hasher.PasswordHasher;
 import org.opensearch.security.hasher.PasswordHasherFactory;
 import org.opensearch.security.securityconf.impl.CType;
@@ -651,6 +654,22 @@ public boolean equals(Object o) {
         public int hashCode() {
             return Objects.hash(name, clusterPermissions, indexPermissions, hidden, reserved, description);
         }
+
+        public static SecurityDynamicConfiguration<org.opensearch.security.securityconf.impl.v7.RoleV7> toRolesConfiguration(
+            TestSecurityConfig.Role... roles
+        ) {
+            try {
+                return SecurityDynamicConfiguration.fromJson(
+                    configToJson(CType.ROLES, Stream.of(roles).collect(Collectors.toMap(r -> r.name, r -> r))),
+                    CType.ROLES,
+                    2,
+                    0,
+                    0
+                );
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
     }
 
     public static class RoleMapping implements ToXContentObject {
@@ -764,6 +783,11 @@ public IndexPermission dls(String dlsQuery) {
             return this;
         }
 
+        public IndexPermission dls(QueryBuilder dlsQuery) {
+            this.dlsQuery = Strings.toString(MediaTypeRegistry.JSON, dlsQuery);
+            return this;
+        }
+
         public IndexPermission fls(String... fls) {
             this.fls = Arrays.asList(fls);
             return this;