security changes

Signed-off-by: Bharathwaj G <[email protected]>

server/src/main/java/org/opensearch/action/search/DeletePitAction.java

@@ -16,7 +16,7 @@
 public class DeletePitAction extends ActionType<DeletePitResponse> {
 
     public static final DeletePitAction INSTANCE = new DeletePitAction();
-    public static final String NAME = "cluster:admin/point_in_time/delete";
+    public static final String NAME = "indices:data/read/point_in_time/delete";
 
     private DeletePitAction() {
         super(NAME, DeletePitResponse::new);

server/src/main/java/org/opensearch/action/search/DeletePitRequest.java

@@ -48,6 +48,11 @@ public DeletePitRequest(List<String> pitIds) {
         this.pitIds.addAll(pitIds);
     }
 
+    public void clearAndSetPitIds(List<String> pitIds) {
+        this.pitIds.clear();
+        this.pitIds.addAll(pitIds);
+    }
+
     public DeletePitRequest() {}
 
     public List<String> getPitIds() {

server/src/main/java/org/opensearch/action/search/GetAllPitNodesRequest.java

@@ -21,11 +21,19 @@
  */
 public class GetAllPitNodesRequest extends BaseNodesRequest<GetAllPitNodesRequest> {
 
+    private GetAllPitNodesResponse getAllPitNodesResponse;
     @Inject
     public GetAllPitNodesRequest(DiscoveryNode... concreteNodes) {
         super(concreteNodes);
     }
 
+    public void setGetAllPitNodesResponse(GetAllPitNodesResponse getAllPitNodesResponse) {
+        this.getAllPitNodesResponse = getAllPitNodesResponse;
+    }
+
+    public GetAllPitNodesResponse getGetAllPitNodesResponse() {
+        return getAllPitNodesResponse;
+    }
     public GetAllPitNodesRequest(StreamInput in) throws IOException {
         super(in);
     }

server/src/main/java/org/opensearch/action/search/GetAllPitNodesResponse.java

@@ -77,4 +77,9 @@ public void writeNodesTo(StreamOutput out, List<GetAllPitNodeResponse> nodes) th
     public List<ListPitInfo> getPitInfos() {
         return Collections.unmodifiableList(new ArrayList<>(pitInfos));
     }
+
+    public void clearAndSetPitInfos(List<ListPitInfo> listPitInfos) {
+        pitInfos.clear();
+        pitInfos.addAll(listPitInfos);
+    }
 }

server/src/main/java/org/opensearch/action/search/GetAllPitsAction.java

@@ -15,7 +15,7 @@
  */
 public class GetAllPitsAction extends ActionType<GetAllPitNodesResponse> {
     public static final GetAllPitsAction INSTANCE = new GetAllPitsAction();
-    public static final String NAME = "cluster:admin/point_in_time/read";
+    public static final String NAME = "indices:data/read/point_in_time/read";
 
     private GetAllPitsAction() {
         super(NAME, GetAllPitNodesResponse::new);

server/src/main/java/org/opensearch/action/search/PitService.java

@@ -15,6 +15,7 @@
 import org.opensearch.action.ActionListener;
 import org.opensearch.action.StepListener;
 import org.opensearch.action.support.GroupedActionListener;
+import org.opensearch.client.node.NodeClient;
 import org.opensearch.cluster.node.DiscoveryNode;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.Strings;
@@ -48,11 +49,14 @@ public class PitService {
     private final SearchTransportService searchTransportService;
     private final TransportService transportService;
 
+    private final NodeClient nodeClient;
+
     @Inject
-    public PitService(ClusterService clusterService, SearchTransportService searchTransportService, TransportService transportService) {
+    public PitService(ClusterService clusterService, SearchTransportService searchTransportService, TransportService transportService, NodeClient nodeClient) {
         this.clusterService = clusterService;
         this.searchTransportService = searchTransportService;
         this.transportService = transportService;
+        this.nodeClient = nodeClient;
     }
 
     /**
@@ -144,6 +148,17 @@ public void onFailure(final Exception e) {
         }, size);
     }
 
+    /**
+     * This method returns indices associated for each pit
+     */
+    public Map<String, String[]> getIndicesForPits(List<String> pitIds) {
+        Map<String, String[]> pitToIndicesMap = new HashMap<>();
+        for(String pitId : pitIds) {
+            pitToIndicesMap.put(pitId, SearchContextId.decode(nodeClient.getNamedWriteableRegistry(), pitId).getActualIndices());
+        }
+        return pitToIndicesMap;
+    }
+
     /**
      * Get all active point in time contexts
      */
@@ -182,4 +197,6 @@ public GetAllPitNodesResponse read(StreamInput in) throws IOException {
             }
         );
     }
+
+
 }

server/src/main/java/org/opensearch/action/search/TransportDeletePitAction.java

@@ -57,6 +57,7 @@ public TransportDeletePitAction(
     @Override
     protected void doExecute(Task task, DeletePitRequest request, ActionListener<DeletePitResponse> listener) {
         List<String> pitIds = request.getPitIds();
+        logger.info("pit ids size : " + pitIds.size() + " : " + pitIds.get(0));
         if (pitIds.size() == 1 && "_all".equals(pitIds.get(0))) {
             deleteAllPits(listener);
         } else {

server/src/main/java/org/opensearch/action/search/TransportGetAllPitsAction.java

@@ -15,6 +15,8 @@
 import org.opensearch.tasks.Task;
 import org.opensearch.transport.TransportService;
 
+import java.util.Collections;
+
 /**
  * Transport action to get all active PIT contexts in the cluster
  */
@@ -30,6 +32,11 @@ public TransportGetAllPitsAction(ActionFilters actionFilters, TransportService t
 
     @Override
     protected void doExecute(Task task, GetAllPitNodesRequest request, ActionListener<GetAllPitNodesResponse> listener) {
-        pitService.getAllPits(listener);
+        // If security plugin intercepts the request, it'll replace all PIT IDs with permitted PIT IDs
+        if(request.getGetAllPitNodesResponse() != null) {
+            listener.onResponse(request.getGetAllPitNodesResponse());
+        } else {
+            pitService.getAllPits(listener);
+        }
     }
 }