Skip to content

Commit 4c0e8f1

Browse files
jaymodejaymode
authored
Introduce system index APIs for Kibana (elastic#52385)
This commit introduces a module for Kibana that exposes REST APIs that will be used by Kibana for access to its system indices. These APIs are wrapped versions of the existing REST endpoints. A new setting is also introduced since the Kibana system indices' names are allowed to be changed by a user in case multiple instances of Kibana use the same instance of Elasticsearch. Additionally, the ThreadContext has been extended to indicate that the use of system indices may be allowed in a request. This will be built upon in the future for the protection of system indices.
1 parent 4e58dde commit 4c0e8f1

File tree

42 files changed

+974
-108
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+974
-108
lines changed

modules/kibana/build.gradle

+31
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
/*
2+
* Licensed to Elasticsearch under one or more contributor
3+
* license agreements. See the NOTICE file distributed with
4+
* this work for additional information regarding copyright
5+
* ownership. Elasticsearch licenses this file to you under
6+
* the Apache License, Version 2.0 (the "License"); you may
7+
* not use this file except in compliance with the License.
8+
* You may obtain a copy of the License at
9+
*
10+
* http://www.apache.org/licenses/LICENSE-2.0
11+
*
12+
* Unless required by applicable law or agreed to in writing,
13+
* software distributed under the License is distributed on an
14+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15+
* KIND, either express or implied. See the License for the
16+
* specific language governing permissions and limitations
17+
* under the License.
18+
*/
19+
20+
esplugin {
21+
description 'Plugin exposing APIs for Kibana system indices'
22+
classname 'org.elasticsearch.kibana.KibanaPlugin'
23+
}
24+
25+
dependencies {
26+
compile project(path: ':modules:reindex', configuration: 'runtime')
27+
}
28+
29+
testClusters.integTest {
30+
module file(project(':modules:reindex').tasks.bundlePlugin.archiveFile)
31+
}

modules/kibana/src/main/java/org/elasticsearch/kibana/KibanaPlugin.java

+145
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,145 @@
1+
/*
2+
* Licensed to Elasticsearch under one or more contributor
3+
* license agreements. See the NOTICE file distributed with
4+
* this work for additional information regarding copyright
5+
* ownership. Elasticsearch licenses this file to you under
6+
* the Apache License, Version 2.0 (the "License"); you may
7+
* not use this file except in compliance with the License.
8+
* You may obtain a copy of the License at
9+
*
10+
* http://www.apache.org/licenses/LICENSE-2.0
11+
*
12+
* Unless required by applicable law or agreed to in writing,
13+
* software distributed under the License is distributed on an
14+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15+
* KIND, either express or implied. See the License for the
16+
* specific language governing permissions and limitations
17+
* under the License.
18+
*/
19+
20+
package org.elasticsearch.kibana;
21+
22+
import org.elasticsearch.client.node.NodeClient;
23+
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
24+
import org.elasticsearch.cluster.node.DiscoveryNodes;
25+
import org.elasticsearch.common.settings.ClusterSettings;
26+
import org.elasticsearch.common.settings.IndexScopedSettings;
27+
import org.elasticsearch.common.settings.Setting;
28+
import org.elasticsearch.common.settings.Setting.Property;
29+
import org.elasticsearch.common.settings.Settings;
30+
import org.elasticsearch.common.settings.SettingsFilter;
31+
import org.elasticsearch.index.reindex.RestDeleteByQueryAction;
32+
import org.elasticsearch.indices.SystemIndexDescriptor;
33+
import org.elasticsearch.plugins.Plugin;
34+
import org.elasticsearch.plugins.SystemIndexPlugin;
35+
import org.elasticsearch.rest.BaseRestHandler;
36+
import org.elasticsearch.rest.RestController;
37+
import org.elasticsearch.rest.RestHandler;
38+
import org.elasticsearch.rest.RestRequest;
39+
import org.elasticsearch.rest.action.admin.indices.RestCreateIndexAction;
40+
import org.elasticsearch.rest.action.admin.indices.RestGetAliasesAction;
41+
import org.elasticsearch.rest.action.admin.indices.RestGetIndicesAction;
42+
import org.elasticsearch.rest.action.admin.indices.RestIndexPutAliasAction;
43+
import org.elasticsearch.rest.action.admin.indices.RestRefreshAction;
44+
import org.elasticsearch.rest.action.admin.indices.RestUpdateSettingsAction;
45+
import org.elasticsearch.rest.action.document.RestBulkAction;
46+
import org.elasticsearch.rest.action.document.RestDeleteAction;
47+
import org.elasticsearch.rest.action.document.RestGetAction;
48+
import org.elasticsearch.rest.action.document.RestIndexAction;
49+
import org.elasticsearch.rest.action.document.RestIndexAction.AutoIdHandler;
50+
import org.elasticsearch.rest.action.document.RestIndexAction.CreateHandler;
51+
import org.elasticsearch.rest.action.document.RestMultiGetAction;
52+
import org.elasticsearch.rest.action.document.RestUpdateAction;
53+
import org.elasticsearch.rest.action.search.RestClearScrollAction;
54+
import org.elasticsearch.rest.action.search.RestSearchAction;
55+
import org.elasticsearch.rest.action.search.RestSearchScrollAction;
56+
57+
import java.io.IOException;
58+
import java.util.Collection;
59+
import java.util.List;
60+
import java.util.function.Function;
61+
import java.util.function.Supplier;
62+
import java.util.stream.Collectors;
63+
64+
public class KibanaPlugin extends Plugin implements SystemIndexPlugin {
65+
66+
public static final Setting<List<String>> KIBANA_INDEX_NAMES_SETTING = Setting.listSetting("kibana.system_indices",
67+
List.of(".kibana*", ".reporting"), Function.identity(), Property.NodeScope);
68+
69+
@Override
70+
public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings settings) {
71+
return KIBANA_INDEX_NAMES_SETTING.get(settings).stream()
72+
.map(pattern -> new SystemIndexDescriptor(pattern, "System index used by kibana"))
73+
.collect(Collectors.toUnmodifiableList());
74+
}
75+
76+
@Override
77+
public List<RestHandler> getRestHandlers(Settings settings, RestController restController, ClusterSettings clusterSettings,
78+
IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter,
79+
IndexNameExpressionResolver indexNameExpressionResolver,
80+
Supplier<DiscoveryNodes> nodesInCluster) {
81+
// TODO need to figure out what subset of system indices Kibana should have access to via these APIs
82+
final List<String> allowedIndexPatterns = List.of();
83+
return List.of(
84+
// Based on https://github.com/elastic/kibana/issues/49764
85+
// apis needed to perform migrations... ideally these will go away
86+
new KibanaWrappedRestHandler(new RestCreateIndexAction(), allowedIndexPatterns),
87+
new KibanaWrappedRestHandler(new RestGetAliasesAction(), allowedIndexPatterns),
88+
new KibanaWrappedRestHandler(new RestIndexPutAliasAction(), allowedIndexPatterns),
89+
new KibanaWrappedRestHandler(new RestRefreshAction(), allowedIndexPatterns),
90+
91+
// apis needed to access saved objects
92+
new KibanaWrappedRestHandler(new RestGetAction(), allowedIndexPatterns),
93+
new KibanaWrappedRestHandler(new RestMultiGetAction(settings), allowedIndexPatterns),
94+
new KibanaWrappedRestHandler(new RestSearchAction(), allowedIndexPatterns),
95+
new KibanaWrappedRestHandler(new RestBulkAction(settings), allowedIndexPatterns),
96+
new KibanaWrappedRestHandler(new RestDeleteAction(), allowedIndexPatterns),
97+
new KibanaWrappedRestHandler(new RestDeleteByQueryAction(), allowedIndexPatterns),
98+
99+
// api used for testing
100+
new KibanaWrappedRestHandler(new RestUpdateSettingsAction(), allowedIndexPatterns),
101+
102+
// apis used specifically by reporting
103+
new KibanaWrappedRestHandler(new RestGetIndicesAction(), allowedIndexPatterns),
104+
new KibanaWrappedRestHandler(new RestIndexAction(), allowedIndexPatterns),
105+
new KibanaWrappedRestHandler(new CreateHandler(), allowedIndexPatterns),
106+
new KibanaWrappedRestHandler(new AutoIdHandler(nodesInCluster), allowedIndexPatterns),
107+
new KibanaWrappedRestHandler(new RestUpdateAction(), allowedIndexPatterns),
108+
new KibanaWrappedRestHandler(new RestSearchScrollAction(), allowedIndexPatterns),
109+
new KibanaWrappedRestHandler(new RestClearScrollAction(), allowedIndexPatterns)
110+
);
111+
112+
}
113+
114+
@Override
115+
public List<Setting<?>> getSettings() {
116+
return List.of(KIBANA_INDEX_NAMES_SETTING);
117+
}
118+
119+
static class KibanaWrappedRestHandler extends BaseRestHandler.Wrapper {
120+
121+
private final List<String> allowedIndexPatterns;
122+
123+
KibanaWrappedRestHandler(BaseRestHandler delegate, List<String> allowedIndexPatterns) {
124+
super(delegate);
125+
this.allowedIndexPatterns = allowedIndexPatterns;
126+
}
127+
128+
@Override
129+
public String getName() {
130+
return "kibana_" + super.getName();
131+
}
132+
133+
@Override
134+
public List<Route> routes() {
135+
return super.routes().stream().map(route -> new Route(route.getMethod(), "/_kibana" + route.getPath()))
136+
.collect(Collectors.toUnmodifiableList());
137+
}
138+
139+
@Override
140+
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
141+
client.threadPool().getThreadContext().allowSystemIndexAccess(allowedIndexPatterns);
142+
return super.prepareRequest(request, client);
143+
}
144+
}
145+
}

modules/kibana/src/test/java/org/elasticsearch/kibana/KibanaPluginTests.java

+46
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
2+
/*
3+
* Licensed to Elasticsearch under one or more contributor
4+
* license agreements. See the NOTICE file distributed with
5+
* this work for additional information regarding copyright
6+
* ownership. Elasticsearch licenses this file to you under
7+
* the Apache License, Version 2.0 (the "License"); you may
8+
* not use this file except in compliance with the License.
9+
* You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing,
14+
* software distributed under the License is distributed on an
15+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
* KIND, either express or implied. See the License for the
17+
* specific language governing permissions and limitations
18+
* under the License.
19+
*/
20+
21+
package org.elasticsearch.kibana;
22+
23+
import org.elasticsearch.common.settings.Settings;
24+
import org.elasticsearch.indices.SystemIndexDescriptor;
25+
import org.elasticsearch.test.ESTestCase;
26+
27+
import java.util.List;
28+
import java.util.stream.Collectors;
29+
30+
import static org.hamcrest.Matchers.contains;
31+
import static org.hamcrest.Matchers.is;
32+
33+
public class KibanaPluginTests extends ESTestCase {
34+
35+
public void testKibanaIndexNames() {
36+
assertThat(new KibanaPlugin().getSettings(), contains(KibanaPlugin.KIBANA_INDEX_NAMES_SETTING));
37+
assertThat(new KibanaPlugin().getSystemIndexDescriptors(Settings.EMPTY).stream()
38+
.map(SystemIndexDescriptor::getIndexPattern).collect(Collectors.toUnmodifiableList()),
39+
contains(".kibana*", ".reporting"));
40+
final List<String> names = List.of("." + randomAlphaOfLength(4), "." + randomAlphaOfLength(6));
41+
final List<String> namesFromDescriptors = new KibanaPlugin().getSystemIndexDescriptors(
42+
Settings.builder().putList(KibanaPlugin.KIBANA_INDEX_NAMES_SETTING.getKey(), names).build()
43+
).stream().map(SystemIndexDescriptor::getIndexPattern).collect(Collectors.toUnmodifiableList());
44+
assertThat(namesFromDescriptors, is(names));
45+
}
46+
}

0 commit comments

Comments
 (0)