Example usage for org.apache.lucene.util.automaton Operations union

List of usage examples for org.apache.lucene.util.automaton Operations union

  1. HOME
  2. Java
  3. org.apache.lucene
  4. org.apache.lucene.util.automaton.*
  5. Operations
  6. union

Introduction

In this page you can find the example usage for org.apache.lucene.util.automaton Operations union.

Prototype

public static Automaton union(Automaton a1, Automaton a2)

Source Link

Document

Returns an automaton that accepts the union of the languages of the given automata.

Usage

From source file:org.codelibs.elasticsearch.common.xcontent.support.XContentMapValues.java

License:Apache License

/** Make matches on objects also match dots in field names.
 *  For instance, if the original simple regex is `foo`, this will translate
 *  it into `foo` OR `foo.*`. *//*  w w w  . j a v a  2s .com*/
private static Automaton makeMatchDotsInFieldNames(Automaton automaton) {
    return Operations.union(automaton,
            Operations.concatenate(Arrays.asList(automaton, Automata.makeChar('.'), Automata.makeAnyString())));
}

From source file:org.elasticsearch.xpack.core.security.authz.permission.FieldPermissions.java

License:Open Source License

private static Automaton initializePermittedFieldsAutomaton(final String[] grantedFields,
        final String[] deniedFields) {
    Automaton grantedFieldsAutomaton;/*from  w w w. java 2 s  .  c  om*/
    if (grantedFields == null || Arrays.stream(grantedFields).anyMatch(Regex::isMatchAllPattern)) {
        grantedFieldsAutomaton = Automatons.MATCH_ALL;
    } else {
        // an automaton that includes metadata fields, including join fields created by the _parent field such
        // as _parent#type
        Automaton metaFieldsAutomaton = Operations.concatenate(Automata.makeChar('_'),
                Automata.makeAnyString());
        grantedFieldsAutomaton = Operations.union(Automatons.patterns(grantedFields), metaFieldsAutomaton);
    }

    Automaton deniedFieldsAutomaton;
    if (deniedFields == null || deniedFields.length == 0) {
        deniedFieldsAutomaton = Automatons.EMPTY;
    } else {
        deniedFieldsAutomaton = Automatons.patterns(deniedFields);
    }

    grantedFieldsAutomaton = MinimizationOperations.minimize(grantedFieldsAutomaton,
            Operations.DEFAULT_MAX_DETERMINIZED_STATES);
    deniedFieldsAutomaton = MinimizationOperations.minimize(deniedFieldsAutomaton,
            Operations.DEFAULT_MAX_DETERMINIZED_STATES);

    if (subsetOf(deniedFieldsAutomaton, grantedFieldsAutomaton) == false) {
        throw new ElasticsearchSecurityException("Exceptions for field permissions must be a subset of the "
                + "granted fields but " + Strings.arrayToCommaDelimitedString(deniedFields)
                + " is not a subset of " + Strings.arrayToCommaDelimitedString(grantedFields));
    }

    grantedFieldsAutomaton = Automatons.minusAndMinimize(grantedFieldsAutomaton, deniedFieldsAutomaton);
    return grantedFieldsAutomaton;
}

From source file:org.elasticsearch.xpack.security.authz.store.FileRolesStoreTests.java

License:Open Source License

public void testParseFile() throws Exception {
    Path path = getDataPath("roles.yml");
    Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger,
            Settings.builder().put(XPackSettings.DLS_FLS_ENABLED.getKey(), true).build(),
            new XPackLicenseState(Settings.EMPTY));
    assertThat(roles, notNullValue());//from www .j av a 2  s.  c  om
    assertThat(roles.size(), is(9));

    RoleDescriptor descriptor = roles.get("role1");
    assertNotNull(descriptor);
    Role role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role1" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster().privilege(), is(ClusterPrivilege.ALL));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(2));
    assertThat(role.runAs(), is(RunAsPermission.NONE));

    IndicesPermission.Group group = role.indices().groups()[0];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(2));
    assertThat(group.indices()[0], equalTo("idx1"));
    assertThat(group.indices()[1], equalTo("idx2"));
    assertThat(group.privilege(), notNullValue());
    assertThat(group.privilege(), is(IndexPrivilege.READ));

    group = role.indices().groups()[1];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(1));
    assertThat(group.indices()[0], equalTo("idx3"));
    assertThat(group.privilege(), notNullValue());
    assertTrue(Operations.subsetOf(IndexPrivilege.READ.getAutomaton(), group.privilege().getAutomaton()));
    assertTrue(Operations.subsetOf(IndexPrivilege.WRITE.getAutomaton(), group.privilege().getAutomaton()));

    descriptor = roles.get("role1.ab");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role1.ab" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster().privilege(), is(ClusterPrivilege.ALL));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(0));
    assertThat(role.runAs(), is(RunAsPermission.NONE));

    descriptor = roles.get("role2");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role2" }));
    assertThat(role.cluster(), notNullValue());
    assertTrue(Operations.sameLanguage(role.cluster().privilege().getAutomaton(),
            ClusterPrivilege.ALL.getAutomaton()));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices(), is(IndicesPermission.NONE));
    assertThat(role.runAs(), is(RunAsPermission.NONE));

    descriptor = roles.get("role3");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role3" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(1));
    assertThat(role.runAs(), is(RunAsPermission.NONE));

    group = role.indices().groups()[0];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(1));
    assertThat(group.indices()[0], equalTo("/.*_.*/"));
    assertThat(group.privilege(), notNullValue());
    assertTrue(Operations.sameLanguage(group.privilege().getAutomaton(),
            MinimizationOperations.minimize(
                    Operations.union(IndexPrivilege.READ.getAutomaton(), IndexPrivilege.WRITE.getAutomaton()),
                    Operations.DEFAULT_MAX_DETERMINIZED_STATES)));

    descriptor = roles.get("role4");
    assertNull(descriptor);

    descriptor = roles.get("role_run_as");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role_run_as" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.indices(), is(IndicesPermission.NONE));
    assertThat(role.runAs(), notNullValue());
    assertThat(role.runAs().check("user1"), is(true));
    assertThat(role.runAs().check("user2"), is(true));
    assertThat(role.runAs().check("user" + randomIntBetween(3, 9)), is(false));

    descriptor = roles.get("role_run_as1");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role_run_as1" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.indices(), is(IndicesPermission.NONE));
    assertThat(role.runAs(), notNullValue());
    assertThat(role.runAs().check("user1"), is(true));
    assertThat(role.runAs().check("user2"), is(true));
    assertThat(role.runAs().check("user" + randomIntBetween(3, 9)), is(false));

    descriptor = roles.get("role_fields");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role_fields" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.runAs(), is(RunAsPermission.NONE));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(1));

    group = role.indices().groups()[0];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(1));
    assertThat(group.indices()[0], equalTo("field_idx"));
    assertThat(group.privilege(), notNullValue());
    assertTrue(Operations.sameLanguage(group.privilege().getAutomaton(), IndexPrivilege.READ.getAutomaton()));
    assertTrue(group.getFieldPermissions().grantsAccessTo("foo"));
    assertTrue(group.getFieldPermissions().grantsAccessTo("boo"));
    assertTrue(group.getFieldPermissions().hasFieldLevelSecurity());

    descriptor = roles.get("role_query");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role_query" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.runAs(), is(RunAsPermission.NONE));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(1));

    group = role.indices().groups()[0];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(1));
    assertThat(group.indices()[0], equalTo("query_idx"));
    assertThat(group.privilege(), notNullValue());
    assertTrue(Operations.sameLanguage(group.privilege().getAutomaton(), IndexPrivilege.READ.getAutomaton()));
    assertFalse(group.getFieldPermissions().hasFieldLevelSecurity());
    assertThat(group.getQuery(), notNullValue());

    descriptor = roles.get("role_query_fields");
    assertNotNull(descriptor);
    role = Role.builder(descriptor, null).build();
    assertThat(role, notNullValue());
    assertThat(role.names(), equalTo(new String[] { "role_query_fields" }));
    assertThat(role.cluster(), notNullValue());
    assertThat(role.cluster(), is(ClusterPermission.SimpleClusterPermission.NONE));
    assertThat(role.runAs(), is(RunAsPermission.NONE));
    assertThat(role.indices(), notNullValue());
    assertThat(role.indices().groups(), notNullValue());
    assertThat(role.indices().groups().length, is(1));

    group = role.indices().groups()[0];
    assertThat(group.indices(), notNullValue());
    assertThat(group.indices().length, is(1));
    assertThat(group.indices()[0], equalTo("query_fields_idx"));
    assertThat(group.privilege(), notNullValue());
    assertTrue(Operations.sameLanguage(group.privilege().getAutomaton(), IndexPrivilege.READ.getAutomaton()));
    assertTrue(group.getFieldPermissions().grantsAccessTo("foo"));
    assertTrue(group.getFieldPermissions().grantsAccessTo("boo"));
    assertTrue(group.getFieldPermissions().hasFieldLevelSecurity());
    assertThat(group.getQuery(), notNullValue());
}