Use alias name from rollover request to query indices stats

[bizybot]

In TransportRolloverAction before doing rollover we resolve
source index name (write index) from the alias in the rollover request.
Before evaluating the conditions and executing rollover action, we
retrieve stats, but to do so we used the source index name
resolved from the alias instead of alias from the index.
This fails when the user is assigned a role with index privilege on the
alias instead of the concrete index. This commit fixes this by using
the alias from the request.

Closes #40771

[elasticmachine]

Pinging @elastic/es-security

[elasticmachine]

Pinging @elastic/es-core-features

[albertzaharovits]

I am game with the main code change.
I would love if you'd add an IntegTest so that we don't catch authorization errors in Rest tests...

However, I think we should make the Rollover action use the client for index and alias creation. WDYT?

[bizybot]

Hi @albertzaharovits, Thanks for your comment

I am game with the main code change.
I would love if you'd add an IntegTest so that we don't catch authorization errors in Rest tests...

I did not see one for Rollover Action but I can add unit test to cover this. Thanks.

However, I think we should make the Rollover action use the client for index and alias creation. WDYT?

Could you please elaborate? as I did not understand what you have proposed here. Thank you.

[albertzaharovits]

Ah, I'm sorry, I mean createIndexService.createIndex to be replaced with client.indices().create() . I think the user of the rollup action should necessitate the create index privilege, at least this is my perception of the authorization with "action granularity".
This is a discussion suggestion for an issue as a follow-up, not to be addressed here.

[tvernum]

@talevy Are you able to review the (1 line) change to the transport action? It looks like you were the last person to make actual functional changes to that action, and I'd appreciate a review from someone who knows that code better than we do.

[talevy]

I still need to test my comments, but I figure sending this out earlier is better. let me know if
what I said makes sense!

[talevy]

I just ran this check to assert my theory:

PUT alpha
{
  "aliases": {
    "my_alias": {
      "is_write_index": true
    }
  }
}

PUT beta
{
  "aliases": {
    "my_alias": {
      "is_write_index": false
    }
  }
}

PUT alpha/_doc/1?refresh
{
  "foo": "bar"
}

PUT beta/_doc/1?refresh
{
  "foo": "bar"
}

POST /my_alias/_rollover/new_index?dry_run
{
  "conditions": {
    "max_docs":  2
  }
}

this returns an incorrect rollover evaluation (the write index "alpha" only has one document):

{
  "acknowledged" : false,
  "shards_acknowledged" : false,
  "old_index" : "alpha",
  "new_index" : "new_index",
  "rolled_over" : false,
  "dry_run" : true,
  "conditions" : {
    "[max_docs: 2]" : true
  }
}

I think the additional change that would make this work would be this:

@@ -249,7 +249,7 @@ public class TransportRolloverAction extends TransportMasterNodeAction<RolloverR
 
     static Map<String, Boolean> evaluateConditions(final Collection<Condition<?>> conditions, final IndexMetaData metaData,
                                                     final IndicesStatsResponse statsResponse) {
-        return evaluateConditions(conditions, statsResponse.getPrimaries().getDocs(), metaData);
+        return evaluateConditions(conditions, statsResponse.getIndex(metaData.getIndex().getName()).getPrimaries().getDocs(), metaData);
     }

The issue is that the code was looking at the total DocStats of all the indices returned in the stats-response. This change should make it so that we are looking at the sourceIndex only. The non-docstats condition (index age) is done on the correct IndexMetaData of the sourceIndex, so this should not be a problem.

[talevy]

Changes to Rollover look good to me. I'm not against
getting another opinion regarding my comments around
performance concerns.

Due to the difficulty of controlling time for the additional test in RolloverIT,
what do you think of moving these additional tests as unit tests
in TransportRolloverActionTests. That way we can control the
state of the indices such that only the write-index meets the
relevant criteria (max_age, max_docs, max_size).

[talevy]

LGTM

[tvernum]

LGTM