From 00c326af40e11434fdaf9593dfe2ad7cfc61b1e8 Mon Sep 17 00:00:00 2001 From: Amit Galitzky Date: Mon, 10 Jul 2023 12:36:01 -0700 Subject: [PATCH] refactored the get setting method Signed-off-by: Amit Galitzky --- .../org/opensearch/alerting/InputService.kt | 4 +-- .../transport/TransportIndexMonitorAction.kt | 4 +-- .../opensearch/alerting/util/AlertingUtils.kt | 24 ++++++++++++++++++ .../alerting/util/AnomalyDetectionUtils.kt | 25 ------------------- 4 files changed, 28 insertions(+), 29 deletions(-) diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/InputService.kt b/alerting/src/main/kotlin/org/opensearch/alerting/InputService.kt index 43a712510..d027600a7 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/InputService.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/InputService.kt @@ -15,7 +15,7 @@ import org.opensearch.alerting.opensearchapi.suspendUntil import org.opensearch.alerting.util.AggregationQueryRewriter import org.opensearch.alerting.util.addUserBackendRolesFilter import org.opensearch.alerting.util.executeTransportAction -import org.opensearch.alerting.util.getADBackendRoleFilterEnabled +import org.opensearch.alerting.util.getRoleFilterEnabled import org.opensearch.alerting.util.toMap import org.opensearch.alerting.workflow.WorkflowRunContext import org.opensearch.client.Client @@ -210,7 +210,7 @@ class InputService( // Monitor runner will send transport request to check permission first. If security plugin response // is yes, user has permission to query AD result. If AD role filter enabled, we will add user role // filter to protect data at user role level; otherwise, user can query any AD result. - if (getADBackendRoleFilterEnabled(clusterService, settings)) { + if (getRoleFilterEnabled(clusterService, settings, "plugins.anomaly_detection.filter_by_backend_roles")) { addUserBackendRolesFilter(monitor.user, searchRequest.source()) } val searchResponse: SearchResponse = client.suspendUntil { client.search(searchRequest, it) } diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/transport/TransportIndexMonitorAction.kt b/alerting/src/main/kotlin/org/opensearch/alerting/transport/TransportIndexMonitorAction.kt index 19fc8df1f..2f3b41b02 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/transport/TransportIndexMonitorAction.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/transport/TransportIndexMonitorAction.kt @@ -45,7 +45,7 @@ import org.opensearch.alerting.util.AlertingException import org.opensearch.alerting.util.DocLevelMonitorQueries import org.opensearch.alerting.util.IndexUtils import org.opensearch.alerting.util.addUserBackendRolesFilter -import org.opensearch.alerting.util.getADBackendRoleFilterEnabled +import org.opensearch.alerting.util.getRoleFilterEnabled import org.opensearch.alerting.util.isADMonitor import org.opensearch.client.Client import org.opensearch.cluster.service.ClusterService @@ -279,7 +279,7 @@ class TransportIndexMonitorAction @Inject constructor( request.monitor = request.monitor .copy(user = User(user.name, user.backendRoles, user.roles, user.customAttNames)) val searchSourceBuilder = SearchSourceBuilder().size(0) - if (getADBackendRoleFilterEnabled(clusterService, settings)) { + if (getRoleFilterEnabled(clusterService, settings, "plugins.anomaly_detection.filter_by_backend_roles")) { addUserBackendRolesFilter(user, searchSourceBuilder) } val searchRequest = SearchRequest().indices(".opendistro-anomaly-detectors").source(searchSourceBuilder) diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/util/AlertingUtils.kt b/alerting/src/main/kotlin/org/opensearch/alerting/util/AlertingUtils.kt index 5255de8c9..33911b216 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/util/AlertingUtils.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/util/AlertingUtils.kt @@ -9,6 +9,8 @@ import org.apache.logging.log4j.LogManager import org.opensearch.alerting.model.BucketLevelTriggerRunResult import org.opensearch.alerting.model.destination.Destination import org.opensearch.alerting.settings.DestinationSettings +import org.opensearch.cluster.service.ClusterService +import org.opensearch.common.settings.Settings import org.opensearch.commons.alerting.model.AggregationResultBucket import org.opensearch.commons.alerting.model.Monitor import org.opensearch.commons.alerting.model.action.Action @@ -38,6 +40,28 @@ fun isValidEmail(email: String): Boolean { return validEmailPattern.matches(email) } +fun getRoleFilterEnabled(clusterService: ClusterService, settings: Settings, settingPath: String): Boolean { + var adBackendRoleFilterEnabled: Boolean + val metaData = clusterService.state().metadata() + + // get default value for setting + if (clusterService.clusterSettings.get(settingPath) != null) { + adBackendRoleFilterEnabled = clusterService.clusterSettings.get(settingPath).getDefault(settings) as Boolean + } else { + // default setting doesn't exist, so returning false as it means AD plugins isn't in cluster anyway + return false + } + + // Transient settings are prioritized so those are checked first. + return if (metaData.transientSettings().get(settingPath) != null) { + metaData.transientSettings().getAsBoolean(settingPath, adBackendRoleFilterEnabled) + } else if (metaData.persistentSettings().get(settingPath) != null) { + metaData.persistentSettings().getAsBoolean(settingPath, adBackendRoleFilterEnabled) + } else { + adBackendRoleFilterEnabled + } +} + /** Allowed Destinations are ones that are specified in the [DestinationSettings.ALLOW_LIST] setting. */ fun Destination.isAllowed(allowList: List): Boolean = allowList.contains(this.type.value) diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/util/AnomalyDetectionUtils.kt b/alerting/src/main/kotlin/org/opensearch/alerting/util/AnomalyDetectionUtils.kt index a3cbb62ad..1196c8f19 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/util/AnomalyDetectionUtils.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/util/AnomalyDetectionUtils.kt @@ -6,9 +6,7 @@ package org.opensearch.alerting.util import org.apache.lucene.search.join.ScoreMode -import org.opensearch.cluster.service.ClusterService import org.opensearch.common.Strings -import org.opensearch.common.settings.Settings import org.opensearch.commons.alerting.model.Monitor import org.opensearch.commons.alerting.model.SearchInput import org.opensearch.commons.authuser.User @@ -34,29 +32,6 @@ fun isADMonitor(monitor: Monitor): Boolean { return false } -fun getADBackendRoleFilterEnabled(clusterService: ClusterService, settings: Settings): Boolean { - var adBackendRoleFilterEnabled: Boolean - val metaData = clusterService.state().metadata() - val adFilterString = "plugins.anomaly_detection.filter_by_backend_roles" - - // get default value for setting - if (clusterService.clusterSettings.get(adFilterString) != null) { - adBackendRoleFilterEnabled = clusterService.clusterSettings.get(adFilterString).getDefault(settings) as Boolean - } else { - // default setting doesn't exist, so returning false as it means AD plugins isn't in cluster anyway - return false - } - - // Transient settings are prioritized so those are checked first. - return if (metaData.transientSettings().get(adFilterString) != null) { - metaData.transientSettings().getAsBoolean(adFilterString, adBackendRoleFilterEnabled) - } else if (metaData.persistentSettings().get(adFilterString) != null) { - metaData.persistentSettings().getAsBoolean(adFilterString, adBackendRoleFilterEnabled) - } else { - adBackendRoleFilterEnabled - } -} - fun addUserBackendRolesFilter(user: User?, searchSourceBuilder: SearchSourceBuilder): SearchSourceBuilder { var boolQueryBuilder = BoolQueryBuilder() val userFieldName = "user"