Adaptions after rebasing

Signed-off-by: Nils Bandener <[email protected]>

build.gradle

@@ -584,6 +584,8 @@ dependencies {
     implementation 'com.nimbusds:nimbus-jose-jwt:9.40'
     implementation 'com.rfksystems:blake2b:2.0.0'
     implementation 'com.password4j:password4j:1.8.2'
+    implementation 'com.selectivem:checklists:1.1.0'
+
     //JWT
     implementation "io.jsonwebtoken:jjwt-api:${jjwt_version}"
     implementation "io.jsonwebtoken:jjwt-impl:${jjwt_version}"

src/main/java/org/opensearch/security/privileges/ActionPrivileges.java

@@ -37,6 +37,8 @@
 import org.opensearch.security.securityconf.impl.v7.RoleV7;
 import org.opensearch.security.support.WildcardMatcher;
 
+import com.selectivem.check.CheckTable;
+
 /**
  * This class converts role configuration into pre-computed, optimized data structures for checking privileges.
  *
@@ -565,7 +567,7 @@ PrivilegesEvaluatorResponse providesPrivilege(
                 return PrivilegesEvaluatorResponse.ok();
             }
 
-            ImmutableSet<String> availableIndices = checkTable.getCompleteRows();
+            Set<String> availableIndices = checkTable.getCompleteRows();
 
             if (!availableIndices.isEmpty()) {
                 return PrivilegesEvaluatorResponse.partiallyOk(availableIndices, checkTable, context);

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -97,6 +97,7 @@
 import org.opensearch.security.securityconf.impl.CType;
 import org.opensearch.security.securityconf.impl.DashboardSignInOption;
 import org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration;
+import org.opensearch.security.securityconf.impl.v7.ActionGroupsV7;
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.support.WildcardMatcher;
 import org.opensearch.security.user.User;
@@ -199,7 +200,11 @@ public PrivilegesEvaluator(
 
                 if (rolesConfiguration != null) {
                     FlattenedActionGroups flattenedActionGroups = actionGroupsConfiguration != null
-                        ? new FlattenedActionGroups(DynamicConfigFactory.addStatics(actionGroupsConfiguration.deepClone()))
+                        ? new FlattenedActionGroups(
+                            (SecurityDynamicConfiguration<ActionGroupsV7>) DynamicConfigFactory.addStatics(
+                                actionGroupsConfiguration.deepClone()
+                            )
+                        )
                         : FlattenedActionGroups.EMPTY;
                     ActionPrivileges actionPrivileges = new ActionPrivileges(
                         DynamicConfigFactory.addStatics(rolesConfiguration.deepClone()),
@@ -501,23 +506,23 @@ public PrivilegesEvaluatorResponse evaluate(
                         //
                         // Thus, I am inclined to remove the following logic and rely on the processing on
                         // the get/search/tv level.
-                        Set<String> reduced = securityRoles.reduce(
-                            requestedResolved,
-                            user,
-                            new String[] { action0 },
-                            resolver,
-                            clusterService
-                        );
-
-                        if (reduced.isEmpty()) {
-                            presponse.allowed = false;
-                            return presponse;
-                        }
-
-                        if (irr.replace(request, true, reduced.toArray(new String[0]))) {
-                            presponse.allowed = true;
-                            return presponse;
-                        }
+                        // Set<String> reduced = securityRoles.reduce(
+                        // requestedResolved,
+                        // user,
+                        // new String[] { action0 },
+                        // resolver,
+                        // clusterService
+                        // );
+                        //
+                        // if (reduced.isEmpty()) {
+                        // presponse.allowed = false;
+                        // return presponse;
+                        // }
+                        //
+                        // if (irr.replace(request, true, reduced.toArray(new String[0]))) {
+                        // presponse.allowed = true;
+                        // return presponse;
+                        // }
                     }
 
                     if (isDebugEnabled) {

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluatorResponse.java

@@ -36,6 +36,8 @@
 import org.opensearch.security.resolver.IndexResolverReplacer.Resolved;
 import org.opensearch.security.securityconf.EvaluatedDlsFlsConfig;
 
+import com.selectivem.check.CheckTable;
+
 public class PrivilegesEvaluatorResponse {
     boolean allowed = false;
     Set<String> missingSecurityRoles = new HashSet<>();
@@ -44,7 +46,7 @@ public class PrivilegesEvaluatorResponse {
     PrivilegesEvaluatorResponseState state = PrivilegesEvaluatorResponseState.PENDING;
     Resolved resolved;
     CreateIndexRequestBuilder createIndexRequestBuilder;
-    private ImmutableSet<String> onlyAllowedForIndices = ImmutableSet.of();
+    private Set<String> onlyAllowedForIndices = ImmutableSet.of();
     private CheckTable<String, String> indexToActionCheckTable;
     private String reason;
 
@@ -66,7 +68,7 @@ public boolean isPartiallyOk() {
         return !this.onlyAllowedForIndices.isEmpty();
     }
 
-    public ImmutableSet<String> getAvailableIndices() {
+    public Set<String> getAvailableIndices() {
         return this.onlyAllowedForIndices;
     }