Module org.elasticsearch.xcore
Class DLSRoleQueryValidator
java.lang.Object
org.elasticsearch.xpack.core.security.authz.support.DLSRoleQueryValidator
This class helps in evaluating the query field if it is template,
validating the query and checking if the query type is allowed to be used in DLS role query.
-
Method Summary
Modifier and TypeMethodDescriptionstatic QueryBuilderevaluateAndVerifyRoleQuery(String query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) static QueryBuilderevaluateAndVerifyRoleQuery(BytesReference query, ScriptService scriptService, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry, User user) Evaluates the query if it is a template and then validates the query by parsing and building theQueryBuilder.static booleanhasStoredScript(BytesReference query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) static voidvalidateQueryField(RoleDescriptor.IndicesPrivileges[] indicesPrivileges, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) Validates the query field in theRoleDescriptor.IndicesPrivilegesonly if it is not a template query.
It parses the query and builds theQueryBuilder, also checks if the query type is supported in DLS role query.
-
Method Details
-
validateQueryField
public static void validateQueryField(RoleDescriptor.IndicesPrivileges[] indicesPrivileges, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) Validates the query field in theRoleDescriptor.IndicesPrivilegesonly if it is not a template query.
It parses the query and builds theQueryBuilder, also checks if the query type is supported in DLS role query.- Parameters:
indicesPrivileges-RoleDescriptor.IndicesPrivilegesxContentRegistry-NamedXContentRegistryfor finding named queries
-
hasStoredScript
public static boolean hasStoredScript(BytesReference query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) throws IOException - Throws:
IOException
-
evaluateAndVerifyRoleQuery
@Nullable public static QueryBuilder evaluateAndVerifyRoleQuery(BytesReference query, ScriptService scriptService, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry, User user) Evaluates the query if it is a template and then validates the query by parsing and building theQueryBuilder. It also checks if the query type is supported in DLS role query.- Parameters:
query-BytesReferencequery field from the rolescriptService-ScriptServiceused for evaluation of a template queryxContentRegistry-NamedXContentRegistryfor finding named queriesuser-Userused when evaluation a template query- Returns:
QueryBuilderif the query is valid and allowed, in caseRoleDescriptor.IndicesPrivileges* does not have a query field then it returnsnull.
-
evaluateAndVerifyRoleQuery
@Nullable public static QueryBuilder evaluateAndVerifyRoleQuery(String query, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) throws IOException - Throws:
IOException
-