e3e61d79acb835d3d9105a68b86ad87b618fbb84,src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/IndicesRule.java,IndicesRule,match,#RequestContext#,51
Before Change
boolean hasAll = false;
for (String idx : rc.getIndices()) {
// For searches, we need to match to existing indices
if (rc.getActionRequest() instanceof SearchRequest) {
After Change
}
@Override
public RuleExitResult match(RequestContext rc) {
if (rc.getActionRequest() instanceof SearchRequest) {
// 1. Requesting none or all the indices means requesting allowed indices..
if (rc.getIndices().size() == 0 || (rc.getIndices().contains("_all"))) {
rc.setIndices(configuredWildcards.getMatchers());
return MATCH;
}
// ----- Now you requested SOME indices, let's see if and what we can allow in..
// 2. All indices match by wildcard?
if (configuredWildcards.filter(rc.getIndices()).size() == rc.getIndices().size()) {
return MATCH;
}
// 2.1 Detect non-wildcard requested indices that do not exist and return 404 (compatibility with vanilla ES)
Set<String> real = rc.getAvailableIndicesAndAliases();
for (final String idx : rc.getIndices()) {
if (!idx.contains("*") && !real.contains(idx)) {
rc.setIndices(new HashSet<String>(1) {{
add(idx);
}});
return MATCH;
}
}
// 3. indices match by reverse-wildcard?
// Expand requested indices to a subset of indices available in ES
Set<String> expansion = new MatcherWithWildcards(rc.getIndices()).filter(rc.getAvailableIndicesAndAliases());
// 4. Your request expands to no actual index, fine with me, it will return 404 on its own!
if (expansion.size() == 0) {
return MATCH;
}