Action rule and generalisation of wildcard aware matcher. Fixes sscarduzio#41

sscarduzio · sscarduzio · commit ba9638a6bdbf · 2016-04-02T15:18:04.000+01:00
diff --git a/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/Block.java b/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/Block.java
@@ -68,6 +68,10 @@ public Block(Settings s, ESLogger logger) {
       conditionsToCheck.add(new IndicesRule(s));
     } catch (RuleNotConfiguredException e) {
     }
+    try {
+      conditionsToCheck.add(new ActionsRule(s));
+    } catch (RuleNotConfiguredException e) {
+    }
   }
 
   public String getName() {
diff --git a/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/MatcherWithWildcards.java b/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/MatcherWithWildcards.java
@@ -0,0 +1,104 @@
+package org.elasticsearch.plugin.readonlyrest.acl.blocks.rules;
+
+import com.google.common.collect.Lists;
+import org.elasticsearch.common.logging.ESLogger;
+import org.elasticsearch.common.logging.Loggers;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.plugin.readonlyrest.ConfigurationHelper;
+
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Created by sscarduzio on 02/04/2016.
+ */
+public class MatcherWithWildcards {
+
+  private final static ESLogger logger = Loggers.getLogger(MatcherWithWildcards.class);
+
+  protected List<String> plainWordMatchers = Lists.newArrayList();
+  protected List<Pattern> wildcardMatchers = Lists.newArrayList();
+
+  public MatcherWithWildcards(Settings s, String key) throws RuleNotConfiguredException {
+    // Will work with single, non array conf.
+    String[] a = s.getAsArray(key);
+
+    if (a == null || a.length == 0) {
+      throw new RuleNotConfiguredException();
+    }
+
+    for (int i = 0; i < a.length; i++) {
+      a[i] = normalizePlusAndMinusIndex(a[i]);
+      if (ConfigurationHelper.isNullOrEmpty(a[i])) {
+        continue;
+      }
+      if (a[i].contains("*")) {
+        // Patch the simple star wildcard to become a regex: ("*" -> ".*")
+        String regex = ("\\Q" + a[i] + "\\E").replace("*", "\\E.*\\Q");
+
+        // Pre-compile the regex pattern matcher to validate the regex
+        // AND faster matching later on.
+        wildcardMatchers.add(Pattern.compile(regex));
+
+        // Let's match this also literally
+        plainWordMatchers.add(a[i]);
+      } else {
+        // A plain word can be matched as string
+        plainWordMatchers.add(a[i].trim());
+      }
+    }
+  }
+
+  /**
+   * Returns null if the matchable is not worth processing because it's invalid or starts with "-"
+   */
+  static String normalizePlusAndMinusIndex(String s) {
+    if(ConfigurationHelper.isNullOrEmpty(s)){
+      return null;
+    }
+    // Ignore the excluded indices
+    if (s.startsWith("-")) {
+      return null;
+    }
+    // Call included indices with their name
+    if (s.startsWith("+")) {
+      if (s.length() == 1) {
+        logger.warn("invalid matchable! " + s);
+        return null;
+      }
+      return s.substring(1, s.length());
+    }
+    return s;
+  }
+
+
+  public boolean match(String[] matchables) {
+
+    if (matchables == null || matchables.length == 0) {
+      return false;
+    }
+
+    for (String i : matchables) {
+      String matchable = normalizePlusAndMinusIndex(i);
+      if (matchable == null) {
+        continue;
+      }
+      // Try to match plain strings first
+      if (plainWordMatchers.contains(matchable)) {
+        return true;
+      }
+
+      for (Pattern p : wildcardMatchers) {
+        Matcher m = p.matcher(matchable);
+        if (m == null) {
+          continue;
+        }
+        if (m.find()) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+}
diff --git a/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/ActionsRule.java b/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/ActionsRule.java
@@ -0,0 +1,35 @@
+package org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.impl;
+
+import org.elasticsearch.common.logging.ESLogger;
+import org.elasticsearch.common.logging.Loggers;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.plugin.readonlyrest.acl.RequestContext;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.MatcherWithWildcards;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.Rule;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.RuleExitResult;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.RuleNotConfiguredException;
+
+/**
+ * Created by sscarduzio on 14/02/2016.
+ */
+public class ActionsRule extends Rule {
+
+  private final static ESLogger logger = Loggers.getLogger(ActionsRule.class);
+
+  protected MatcherWithWildcards m;
+
+  public ActionsRule(Settings s) throws RuleNotConfiguredException {
+    super(s);
+    m = new MatcherWithWildcards(s, KEY);
+  }
+
+
+  @Override
+  public RuleExitResult match(RequestContext rc) {
+    if(m.match(new String[]{rc.getAction()})){
+      return MATCH;
+    }
+    logger.debug("This request uses the action'" + rc.getAction() + "' and none of them is on the list.");
+    return NO_MATCH;
+  }
+}
diff --git a/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/IndicesRule.java b/src/main/java/org/elasticsearch/plugin/readonlyrest/acl/blocks/rules/impl/IndicesRule.java
@@ -1,19 +1,15 @@
 package org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.impl;
 
-import com.google.common.collect.Lists;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.plugin.readonlyrest.ConfigurationHelper;
 import org.elasticsearch.plugin.readonlyrest.acl.RequestContext;
+import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.MatcherWithWildcards;
 import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.Rule;
 import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.RuleExitResult;
 import org.elasticsearch.plugin.readonlyrest.acl.blocks.rules.RuleNotConfiguredException;
 
 import java.util.Arrays;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 /**
  * Created by sscarduzio on 20/02/2016.
@@ -22,90 +18,19 @@ public class IndicesRule extends Rule {
 
   private final static ESLogger logger = Loggers.getLogger(IndicesRule.class);
 
-  protected List<String> indicesToMatch = Lists.newArrayList();
-  protected List<Pattern> indicesWithWildcards = Lists.newArrayList();
+  protected MatcherWithWildcards m;
 
   public IndicesRule(Settings s) throws RuleNotConfiguredException {
     super(s);
-    String[] a = s.getAsArray(KEY);
-
-    if (a == null || a.length == 0) {
-      throw new RuleNotConfiguredException();
-    }
-
-    for (int i = 0; i < a.length; i++) {
-      a[i] = normalizePlusAndMinusIndex(a[i]);
-      if (ConfigurationHelper.isNullOrEmpty(a[i])) {
-        continue;
-      }
-      if (a[i].contains("*")) {
-        // Patch the simple star wildcard to become a regex: ("*" -> ".*")
-        String regex = ("\\Q" + a[i] + "\\E").replace("*", "\\E.*\\Q");
-
-        // Pre-compile the regex pattern matcher to validate the regex
-        // AND faster matching later on.
-        indicesWithWildcards.add(Pattern.compile(regex));
-
-        // Let's match this also literally
-        indicesToMatch.add(a[i]);
-      } else {
-        // A plain word can be matched as string
-        indicesToMatch.add(a[i].trim());
-      }
-    }
-  }
-
-  /**
-   * Returns null if the index is not worth processing because it's invalid or starts with "-"
-   */
-  String normalizePlusAndMinusIndex(String s) {
-    // Ignore the excluded indices
-    if (s.startsWith("-")) {
-      return null;
-    }
-    // Call included indices with their name
-    if (s.startsWith("+")) {
-      if (s.length() == 1) {
-        logger.warn("invalid index! " + s);
-        return null;
-      }
-      return s.substring(1, s.length());
-    }
-    return s;
+    m = new MatcherWithWildcards(s, KEY);
   }
 
   @Override
   public RuleExitResult match(RequestContext rc) {
-
-    String[] indices = rc.getIndices();
-
-    if (indices == null || indices.length == 0) {
-      logger.warn("didn't find any index for this request: " + rc.getRequest().method() + " " + rc.getRequest().rawPath());
-      return NO_MATCH;
+    if(m.match(rc.getIndices())){
+      return MATCH;
     }
-
-    for (String i : indices) {
-      String idx = normalizePlusAndMinusIndex(i);
-      if(idx == null) {
-        continue;
-      }
-      // Try to match plain strings first
-      if (indicesToMatch.contains(idx)) {
-        return MATCH;
-      }
-
-      for (Pattern p : indicesWithWildcards) {
-        Matcher m = p.matcher(idx);
-        if(m == null) {
-          continue;
-        }
-        if (m.find()) {
-          return MATCH;
-        }
-      }
-    }
-
-    logger.debug("This request uses the indices '" + Arrays.toString(indices) + "' and none of them is on the list.");
+    logger.debug("This request uses the indices '" + Arrays.toString(rc.getIndices()) + "' and none of them is on the list.");
     return NO_MATCH;
   }
 
diff --git a/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ACLTest.java b/src/test/java/org/elasticsearch/rest/action/readonlyrest/acl/test/ACLTest.java
diff --git a/src/test/test_rules.yml b/src/test/test_rules.yml

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,10 @@ public Block(Settings s, ESLogger logger) {`
`68`	`68`	`conditionsToCheck.add(new IndicesRule(s));`
`69`	`69`	`} catch (RuleNotConfiguredException e) {`
`70`	`70`	`}`
	`71`	`+ try {`
	`72`	`+ conditionsToCheck.add(new ActionsRule(s));`
	`73`	`+ } catch (RuleNotConfiguredException e) {`
	`74`	`+ }`
`71`	`75`	`}`
`72`	`76`
`73`	`77`	`public String getName() {`