opensearch-project
Fixed IllegalArgumentException when building stateful index privileges
Description
This fixes the issue reported in #5216. In the case that a cluster has aliases defined on backing indices of data streams, the creation of the stateful rule would fail with an IllegalArgumentException.
This is because data stream backing indices are not supposed to be included in the stateful index privilege object. Via the aliases, however, they sneaked in anyway. We are now filtering these indices out.
This is mostly just a cosmetic problem as privilege evaluation will continue via slower fall back code paths. However, the logs will show an IllegalArgumentException stack trace for each update of the index meta data on the cluster.
- Category
- Bugfix
- Why these changes are required?
- Fixes log spam
- What is the old behavior before changes and new behavior after changes?
- No behavioral change
Issues Resolved
Fixes #5216
Testing
- The unit test
aliasesOnDataStreamBackingIndiceswas added to cover this case
Check List
- [x] New functionality includes testing
- [x] Commits are signed per the DCO using --signoff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 71.66%. Comparing base (
24a4593) to head (805ab03). Report is 10 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #5217 +/- ##
=======================================
Coverage 71.65% 71.66%
=======================================
Files 337 337
Lines 22789 22793 +4
Branches 3606 3607 +1
=======================================
+ Hits 16330 16334 +4
- Misses 4652 4656 +4
+ Partials 1807 1803 -4
| Files with missing lines | Coverage Δ | |
|---|---|---|
| ...ensearch/security/privileges/ActionPrivileges.java | 94.71% <100.00%> (-0.44%) |
:arrow_down: |
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
The backport to 2.19 failed:
Server Error
To backport manually, run these commands in your terminal:
# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.19
# Create a new branch
git switch --create backport/backport-5217-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 4e1158c225a4a5426269bf6a32bdb055ab1152b1
# Push it to GitHub
git push --set-upstream origin backport/backport-5217-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.19
Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport/backport-5217-to-2.19.
![opensearch-trigger-bot[bot] avatar](https://avatars.githubusercontent.com/u/80134844?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Jakob3xD The comment regarding the failed backport is confusing, but this has been already backported to 2.19: #5235