java.lang.Object
org.elasticsearch.xpack.core.security.authz.support.DLSRoleQueryValidator

public final class DLSRoleQueryValidator extends Object
This class helps in evaluating the query field if it is template, validating the query and checking if the query type is allowed to be used in DLS role query.
  • Method Details

    • validateQueryField

      public static void validateQueryField(RoleDescriptor.IndicesPrivileges[] indicesPrivileges, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry)
      Validates the query field in the RoleDescriptor.IndicesPrivileges only if it is not a template query.
      It parses the query and builds the QueryBuilder, also checks if the query type is supported in DLS role query.
      Parameters:
      indicesPrivileges - RoleDescriptor.IndicesPrivileges
      xContentRegistry - NamedXContentRegistry for finding named queries
    • hasStoredScript

      public static boolean hasStoredScript(BytesReference query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) throws IOException
      Throws:
      IOException
    • evaluateAndVerifyRoleQuery

      @Nullable public static QueryBuilder evaluateAndVerifyRoleQuery(BytesReference query, ScriptService scriptService, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry, User user)
      Evaluates the query if it is a template and then validates the query by parsing and building the QueryBuilder. It also checks if the query type is supported in DLS role query.
      Parameters:
      query - BytesReference query field from the role
      scriptService - ScriptService used for evaluation of a template query
      xContentRegistry - NamedXContentRegistry for finding named queries
      user - User used when evaluation a template query
      Returns:
      QueryBuilder if the query is valid and allowed, in case RoleDescriptor.IndicesPrivileges * does not have a query field then it returns null.
    • evaluateAndVerifyRoleQuery

      @Nullable public static QueryBuilder evaluateAndVerifyRoleQuery(String query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) throws IOException
      Throws:
      IOException