diff --git a/src/main/java/org/opensearch/security/privileges/ActionPrivileges.java b/src/main/java/org/opensearch/security/privileges/ActionPrivileges.java index 4a270e1e09..671fa9dd1a 100644 --- a/src/main/java/org/opensearch/security/privileges/ActionPrivileges.java +++ b/src/main/java/org/opensearch/security/privileges/ActionPrivileges.java @@ -429,7 +429,7 @@ PrivilegesEvaluatorResponse providesPrivilege(PrivilegesEvaluationContext contex } } - return PrivilegesEvaluatorResponse.insufficient(action, context); + return PrivilegesEvaluatorResponse.insufficient(action); } /** @@ -462,7 +462,7 @@ PrivilegesEvaluatorResponse providesExplicitPrivilege(PrivilegesEvaluationContex } } - return PrivilegesEvaluatorResponse.insufficient(action, context); + return PrivilegesEvaluatorResponse.insufficient(action); } /** @@ -499,9 +499,9 @@ PrivilegesEvaluatorResponse providesAnyPrivilege(PrivilegesEvaluationContext con } if (actions.size() == 1) { - return PrivilegesEvaluatorResponse.insufficient(actions.iterator().next(), context); + return PrivilegesEvaluatorResponse.insufficient(actions.iterator().next()); } else { - return PrivilegesEvaluatorResponse.insufficient("any of " + actions, context); + return PrivilegesEvaluatorResponse.insufficient("any of " + actions); } } } @@ -781,10 +781,10 @@ PrivilegesEvaluatorResponse providesPrivilege( Set availableIndices = checkTable.getCompleteRows(); if (!availableIndices.isEmpty()) { - return PrivilegesEvaluatorResponse.partiallyOk(availableIndices, checkTable, context).evaluationExceptions(exceptions); + return PrivilegesEvaluatorResponse.partiallyOk(availableIndices, checkTable).evaluationExceptions(exceptions); } - return PrivilegesEvaluatorResponse.insufficient(checkTable, context) + return PrivilegesEvaluatorResponse.insufficient(checkTable) .reason( resolvedIndices.getAllIndices().size() == 1 ? "Insufficient permissions for the referenced index" @@ -829,7 +829,7 @@ PrivilegesEvaluatorResponse providesExplicitPrivilege( List exceptions = new ArrayList<>(); if (!CollectionUtils.containsAny(actions, this.explicitlyRequiredIndexActions)) { - return PrivilegesEvaluatorResponse.insufficient(CheckTable.create(ImmutableSet.of("_"), actions), context); + return PrivilegesEvaluatorResponse.insufficient(CheckTable.create(ImmutableSet.of("_"), actions)); } for (String role : context.getMappedRoles()) { @@ -856,7 +856,7 @@ PrivilegesEvaluatorResponse providesExplicitPrivilege( } } - return PrivilegesEvaluatorResponse.insufficient(checkTable, context) + return PrivilegesEvaluatorResponse.insufficient(checkTable) .reason("No explicit privileges have been provided for the referenced indices.") .evaluationExceptions(exceptions); } diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java index 022a1beb0d..36666972ec 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java @@ -418,7 +418,7 @@ public PrivilegesEvaluatorResponse evaluate(PrivilegesEvaluationContext context) if (isClusterPerm(action0)) { if (serviceAccountUser) { log.info("{} is a service account which doesn't have access to cluster level permission: {}", user, action0); - return PrivilegesEvaluatorResponse.insufficient(action0, context); + return PrivilegesEvaluatorResponse.insufficient(action0); } presponse = actionPrivileges.hasClusterPrivilege(context, action0); @@ -520,7 +520,7 @@ public PrivilegesEvaluatorResponse evaluate(PrivilegesEvaluationContext context) if (!replaceResult.continueEvaluation) { if (replaceResult.accessDenied) { auditLog.logMissingPrivileges(action0, request, task); - return PrivilegesEvaluatorResponse.insufficient(action0, context); + return PrivilegesEvaluatorResponse.insufficient(action0); } else { presponse.allowed = true; presponse.createIndexRequestBuilder = replaceResult.createIndexRequestBuilder; diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluatorResponse.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluatorResponse.java index 3330219a4f..d072ec301c 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluatorResponse.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluatorResponse.java @@ -178,8 +178,7 @@ public static PrivilegesEvaluatorResponse ok() { public static PrivilegesEvaluatorResponse partiallyOk( Set availableIndices, - CheckTable indexToActionCheckTable, - PrivilegesEvaluationContext context + CheckTable indexToActionCheckTable ) { PrivilegesEvaluatorResponse response = new PrivilegesEvaluatorResponse(); response.onlyAllowedForIndices = ImmutableSet.copyOf(availableIndices); @@ -187,16 +186,13 @@ public static PrivilegesEvaluatorResponse partiallyOk( return response; } - public static PrivilegesEvaluatorResponse insufficient(String missingPrivilege, PrivilegesEvaluationContext context) { + public static PrivilegesEvaluatorResponse insufficient(String missingPrivilege) { PrivilegesEvaluatorResponse response = new PrivilegesEvaluatorResponse(); response.indexToActionCheckTable = CheckTable.create(ImmutableSet.of("_"), ImmutableSet.of(missingPrivilege)); return response; } - public static PrivilegesEvaluatorResponse insufficient( - CheckTable indexToActionCheckTable, - PrivilegesEvaluationContext context - ) { + public static PrivilegesEvaluatorResponse insufficient(CheckTable indexToActionCheckTable) { PrivilegesEvaluatorResponse response = new PrivilegesEvaluatorResponse(); response.indexToActionCheckTable = indexToActionCheckTable; return response;