Skip to content

Commit fa5940f

Browse files
security changes
Signed-off-by: Bharathwaj G <bharath78910@gmail.com>
1 parent 3c8116c commit fa5940f

8 files changed

Lines changed: 47 additions & 4 deletions

File tree

server/src/main/java/org/opensearch/action/search/DeletePitAction.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
public class DeletePitAction extends ActionType<DeletePitResponse> {
1717

1818
public static final DeletePitAction INSTANCE = new DeletePitAction();
19-
public static final String NAME = "cluster:admin/point_in_time/delete";
19+
public static final String NAME = "indices:data/read/point_in_time/delete";
2020

2121
private DeletePitAction() {
2222
super(NAME, DeletePitResponse::new);

server/src/main/java/org/opensearch/action/search/DeletePitRequest.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,11 @@ public DeletePitRequest(List<String> pitIds) {
4848
this.pitIds.addAll(pitIds);
4949
}
5050

51+
public void clearAndSetPitIds(List<String> pitIds) {
52+
this.pitIds.clear();
53+
this.pitIds.addAll(pitIds);
54+
}
55+
5156
public DeletePitRequest() {}
5257

5358
public List<String> getPitIds() {

server/src/main/java/org/opensearch/action/search/GetAllPitNodesRequest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,19 @@
2121
*/
2222
public class GetAllPitNodesRequest extends BaseNodesRequest<GetAllPitNodesRequest> {
2323

24+
private GetAllPitNodesResponse getAllPitNodesResponse;
2425
@Inject
2526
public GetAllPitNodesRequest(DiscoveryNode... concreteNodes) {
2627
super(concreteNodes);
2728
}
2829

30+
public void setGetAllPitNodesResponse(GetAllPitNodesResponse getAllPitNodesResponse) {
31+
this.getAllPitNodesResponse = getAllPitNodesResponse;
32+
}
33+
34+
public GetAllPitNodesResponse getGetAllPitNodesResponse() {
35+
return getAllPitNodesResponse;
36+
}
2937
public GetAllPitNodesRequest(StreamInput in) throws IOException {
3038
super(in);
3139
}

server/src/main/java/org/opensearch/action/search/GetAllPitNodesResponse.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,4 +77,9 @@ public void writeNodesTo(StreamOutput out, List<GetAllPitNodeResponse> nodes) th
7777
public List<ListPitInfo> getPitInfos() {
7878
return Collections.unmodifiableList(new ArrayList<>(pitInfos));
7979
}
80+
81+
public void clearAndSetPitInfos(List<ListPitInfo> listPitInfos) {
82+
pitInfos.clear();
83+
pitInfos.addAll(listPitInfos);
84+
}
8085
}

server/src/main/java/org/opensearch/action/search/GetAllPitsAction.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
*/
1616
public class GetAllPitsAction extends ActionType<GetAllPitNodesResponse> {
1717
public static final GetAllPitsAction INSTANCE = new GetAllPitsAction();
18-
public static final String NAME = "cluster:admin/point_in_time/read";
18+
public static final String NAME = "indices:data/read/point_in_time/read";
1919

2020
private GetAllPitsAction() {
2121
super(NAME, GetAllPitNodesResponse::new);

server/src/main/java/org/opensearch/action/search/PitService.java

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
import org.opensearch.action.ActionListener;
1616
import org.opensearch.action.StepListener;
1717
import org.opensearch.action.support.GroupedActionListener;
18+
import org.opensearch.client.node.NodeClient;
1819
import org.opensearch.cluster.node.DiscoveryNode;
1920
import org.opensearch.cluster.service.ClusterService;
2021
import org.opensearch.common.Strings;
@@ -48,11 +49,14 @@ public class PitService {
4849
private final SearchTransportService searchTransportService;
4950
private final TransportService transportService;
5051

52+
private final NodeClient nodeClient;
53+
5154
@Inject
52-
public PitService(ClusterService clusterService, SearchTransportService searchTransportService, TransportService transportService) {
55+
public PitService(ClusterService clusterService, SearchTransportService searchTransportService, TransportService transportService, NodeClient nodeClient) {
5356
this.clusterService = clusterService;
5457
this.searchTransportService = searchTransportService;
5558
this.transportService = transportService;
59+
this.nodeClient = nodeClient;
5660
}
5761

5862
/**
@@ -144,6 +148,17 @@ public void onFailure(final Exception e) {
144148
}, size);
145149
}
146150

151+
/**
152+
* This method returns indices associated for each pit
153+
*/
154+
public Map<String, String[]> getIndicesForPits(List<String> pitIds) {
155+
Map<String, String[]> pitToIndicesMap = new HashMap<>();
156+
for(String pitId : pitIds) {
157+
pitToIndicesMap.put(pitId, SearchContextId.decode(nodeClient.getNamedWriteableRegistry(), pitId).getActualIndices());
158+
}
159+
return pitToIndicesMap;
160+
}
161+
147162
/**
148163
* Get all active point in time contexts
149164
*/
@@ -182,4 +197,6 @@ public GetAllPitNodesResponse read(StreamInput in) throws IOException {
182197
}
183198
);
184199
}
200+
201+
185202
}

server/src/main/java/org/opensearch/action/search/TransportDeletePitAction.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ public TransportDeletePitAction(
5757
@Override
5858
protected void doExecute(Task task, DeletePitRequest request, ActionListener<DeletePitResponse> listener) {
5959
List<String> pitIds = request.getPitIds();
60+
logger.info("pit ids size : " + pitIds.size() + " : " + pitIds.get(0));
6061
if (pitIds.size() == 1 && "_all".equals(pitIds.get(0))) {
6162
deleteAllPits(listener);
6263
} else {

server/src/main/java/org/opensearch/action/search/TransportGetAllPitsAction.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@
1515
import org.opensearch.tasks.Task;
1616
import org.opensearch.transport.TransportService;
1717

18+
import java.util.Collections;
19+
1820
/**
1921
* Transport action to get all active PIT contexts in the cluster
2022
*/
@@ -30,6 +32,11 @@ public TransportGetAllPitsAction(ActionFilters actionFilters, TransportService t
3032

3133
@Override
3234
protected void doExecute(Task task, GetAllPitNodesRequest request, ActionListener<GetAllPitNodesResponse> listener) {
33-
pitService.getAllPits(listener);
35+
// If security plugin intercepts the request, it'll replace all PIT IDs with permitted PIT IDs
36+
if(request.getGetAllPitNodesResponse() != null) {
37+
listener.onResponse(request.getGetAllPitNodesResponse());
38+
} else {
39+
pitService.getAllPits(listener);
40+
}
3441
}
3542
}

0 commit comments

Comments
 (0)