From 88fb79372d1b0f90f8e24bbb367c5770bd2481a0 Mon Sep 17 00:00:00 2001 From: bowenlan-amzn Date: Mon, 14 Nov 2022 10:13:07 -0800 Subject: [PATCH] Fix security miss of action validation feature Signed-off-by: bowenlan-amzn --- build.gradle | 2 ++ .../indexstatemanagement/ManagedIndexRunner.kt | 8 +++++++- .../transport/action/explain/TransportExplainAction.kt | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 07db1a7fa..43b2c9d8e 100644 --- a/build.gradle +++ b/build.gradle @@ -145,6 +145,8 @@ task ktlintFormat(type: JavaExec, group: "formatting") { main = "com.pinterest.ktlint.Main" classpath = configurations.ktlint args "-F", "src/**/*.kt", "spi/src/main/**/*.kt" + // https://github.com/pinterest/ktlint/issues/1391 + jvmArgs "--add-opens=java.base/java.lang=ALL-UNNAMED" } detekt { diff --git a/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/ManagedIndexRunner.kt b/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/ManagedIndexRunner.kt index 0b0f58d64..3722223e1 100644 --- a/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/ManagedIndexRunner.kt +++ b/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/ManagedIndexRunner.kt @@ -404,7 +404,13 @@ object ManagedIndexRunner : @Suppress("ComplexCondition", "MaxLineLength") if (updateResult.metadataSaved && state != null && action != null && step != null && currentActionMetaData != null) { if (validationServiceEnabled) { - val validationResult = actionValidation.validate(action.type, stepContext.metadata.index) + val validationResult = withClosableContext( + IndexManagementSecurityContext( + managedIndexConfig.id, settings, threadPool.threadContext, managedIndexConfig.policy.user + ) + ) { + actionValidation.validate(action.type, stepContext.metadata.index) + } if (validationResult.validationStatus == Validate.ValidationStatus.RE_VALIDATING) { logger.warn("Validation Status is: RE_VALIDATING. The action is {}, state is {}, step is {}.\", action.type, state.name, step.name") publishErrorNotification(policy, managedIndexMetaData) diff --git a/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/transport/action/explain/TransportExplainAction.kt b/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/transport/action/explain/TransportExplainAction.kt index ac7caab1f..f3d079a53 100644 --- a/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/transport/action/explain/TransportExplainAction.kt +++ b/src/main/kotlin/org/opensearch/indexmanagement/indexstatemanagement/transport/action/explain/TransportExplainAction.kt @@ -383,7 +383,7 @@ class TransportExplainAction @Inject constructor( filteredIndices.add(indexNames[i]) filteredMetadata.add(indexMetadatas[i]) filteredPolicies.add(indexPolicyIDs[i]) - validationResults[i]?.let { filteredValidationResult.add(it) } + validationResults[i].let { filteredValidationResult.add(it) } enabledState[indexNames[i]]?.let { enabledStatus[indexNames[i]] = it } appliedPolicies[indexNames[i]]?.let { filteredAppliedPolicies[indexNames[i]] = it } } catch (e: OpenSearchSecurityException) {