-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce limitations on ILM policy names #35104
Changes from 2 commits
8370a0c
782379d
27ce24b
4e3d989
d8cd5f7
18276bf
ebd551d
92db083
a95d940
ea7db68
1d5f20d
246328f
97e5701
bc8b1ed
b2be88a
a0f7a92
6c58f5e
0ff4c4f
a941312
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ | |
|
||
import org.apache.logging.log4j.LogManager; | ||
import org.apache.logging.log4j.Logger; | ||
import org.elasticsearch.ElasticsearchException; | ||
import org.elasticsearch.client.Client; | ||
import org.elasticsearch.cluster.AbstractDiffable; | ||
import org.elasticsearch.cluster.Diffable; | ||
|
@@ -21,12 +22,14 @@ | |
import org.elasticsearch.xpack.core.indexlifecycle.Step.StepKey; | ||
|
||
import java.io.IOException; | ||
import java.io.UnsupportedEncodingException; | ||
import java.util.ArrayList; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.ListIterator; | ||
import java.util.Map; | ||
import java.util.Objects; | ||
import java.util.function.BiFunction; | ||
import java.util.function.Function; | ||
import java.util.stream.Collectors; | ||
|
||
|
@@ -40,6 +43,7 @@ | |
public class LifecyclePolicy extends AbstractDiffable<LifecyclePolicy> | ||
implements ToXContentObject, Diffable<LifecyclePolicy> { | ||
private static final Logger logger = LogManager.getLogger(LifecyclePolicy.class); | ||
private static final int MAX_INDEX_NAME_BYTES = 255; | ||
|
||
public static final ParseField PHASES_FIELD = new ParseField("phases"); | ||
|
||
|
@@ -241,6 +245,42 @@ public boolean isActionSafe(StepKey stepKey) { | |
} | ||
} | ||
|
||
/** | ||
* Validate the name for an policy against some static rules. Intended to match | ||
* {@link org.elasticsearch.cluster.metadata.MetaDataCreateIndexService#validateIndexOrAliasName(String, BiFunction)} | ||
* @param policy the policy name to validate | ||
* @throws IllegalArgumentException if the name is invalid | ||
*/ | ||
public static void validatePolicyName(String policy) { | ||
if (!Strings.validFileName(policy)) { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: must not contain the following characters " + | ||
Strings.INVALID_FILENAME_CHARS); | ||
} | ||
if (policy.contains("#")) { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: must not contain '#'"); | ||
} | ||
if (policy.contains(":")) { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: must not contain ':'"); | ||
} | ||
if (policy.charAt(0) == '_' || policy.charAt(0) == '-' || policy.charAt(0) == '+') { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: must not start with '_', '-', or '+'"); | ||
} | ||
int byteCount = 0; | ||
try { | ||
byteCount = policy.getBytes("UTF-8").length; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this is cleaner: Also I think that utf-8 should always be available in a Java runtime. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
} catch (UnsupportedEncodingException e) { | ||
// UTF-8 should always be supported, but rethrow this if it is not for some reason | ||
throw new ElasticsearchException("Unable to determine length of policy name", e); | ||
} | ||
if (byteCount > MAX_INDEX_NAME_BYTES) { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: name is too long, (" + byteCount + " > " + | ||
MAX_INDEX_NAME_BYTES + ")"); | ||
} | ||
if (policy.equals(".") || policy.equals("..")) { | ||
throw new IllegalArgumentException("invalid policy name [" + policy + "]: must not be '.' or '..'"); | ||
} | ||
gwbrown marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(name, phases); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if it would be nicer for the user if we just have a single message here that describes all the characters that we don't allow in a policy name? This might avoid frustration if the user tries something like
_foo bar
as the policy name since they will be able to fix everything in one step rather than two?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only if we don't end up with something too complicated. As-is, it's simple to read and validate that it follows the rules when encoded this way. The rules aren't so onerous that I expect any and certainly not multiple to be broken on a routine basis, they will be the exception. We can document the rules in the ILM API guide too, that would help.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking it would be ok as
But I don't feel too strongly about this, I agree the likelihood of multiple violations is low since there are too many rules here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would argue that's harder to consume for the case of a single violation (the common case contingent on any violation) as now as a user I am left wondering, wait, which rule did I break?
It's like those awful password dialog boxes. Password doesn't meet the required criteria:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok lets leave it as is then
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_
(the other characters are okay).