Revert "[Backport 2.x] Use SystemIndexRegistry from core to determine if request contains system indices (opensearch-project#4550)"

This reverts commit ed67676.

Author: cwperks

src/integrationTest/java/org/opensearch/security/SystemIndexTests.java

@@ -136,7 +136,7 @@ public class PrivilegesEvaluator {
     private ConfigModel configModel;
     private final IndexResolverReplacer irr;
     private final SnapshotRestoreEvaluator snapshotRestoreEvaluator;
-    private final SystemIndexAccessEvaluator systemIndexAccessEvaluator;
+    private final SecurityIndexAccessEvaluator securityIndexAccessEvaluator;
     private final ProtectedIndexAccessEvaluator protectedIndexAccessEvaluator;
     private final TermsAggregationEvaluator termsAggregationEvaluator;
     private final PitPrivilegesEvaluator pitPrivilegesEvaluator;
@@ -172,7 +172,7 @@ public PrivilegesEvaluator(
         this.clusterInfoHolder = clusterInfoHolder;
         this.irr = irr;
         snapshotRestoreEvaluator = new SnapshotRestoreEvaluator(settings, auditLog);
-        systemIndexAccessEvaluator = new SystemIndexAccessEvaluator(settings, auditLog, irr);
+        securityIndexAccessEvaluator = new SecurityIndexAccessEvaluator(settings, auditLog, irr);
         protectedIndexAccessEvaluator = new ProtectedIndexAccessEvaluator(settings, auditLog);
         termsAggregationEvaluator = new TermsAggregationEvaluator();
         pitPrivilegesEvaluator = new PitPrivilegesEvaluator();
@@ -328,7 +328,7 @@ public PrivilegesEvaluatorResponse evaluate(PrivilegesEvaluationContext context)
         }
 
         // Security index access
-        if (systemIndexAccessEvaluator.evaluate(
+        if (securityIndexAccessEvaluator.evaluate(
             request,
             task,
             action0,

src/integrationTest/java/org/opensearch/security/http/ExampleSystemIndexPlugin.java

@@ -41,7 +41,6 @@
 import org.opensearch.cluster.metadata.IndexNameExpressionResolver;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.settings.Settings;
-import org.opensearch.indices.SystemIndexRegistry;
 import org.opensearch.security.auditlog.AuditLog;
 import org.opensearch.security.resolver.IndexResolverReplacer;
 import org.opensearch.security.resolver.IndexResolverReplacer.Resolved;
@@ -57,7 +56,7 @@
  * - The term `protected system indices` used here translates to system indices
  *   which have an added layer of security and cannot be accessed by anyone except Super Admin
  */
-public class SystemIndexAccessEvaluator {
+public class SecurityIndexAccessEvaluator {
 
     Logger log = LogManager.getLogger(this.getClass());
 
@@ -73,7 +72,7 @@ public class SystemIndexAccessEvaluator {
     private final boolean isSystemIndexEnabled;
     private final boolean isSystemIndexPermissionEnabled;
 
-    public SystemIndexAccessEvaluator(final Settings settings, AuditLog auditLog, IndexResolverReplacer irr) {
+    public SecurityIndexAccessEvaluator(final Settings settings, AuditLog auditLog, IndexResolverReplacer irr) {
         this.securityIndex = settings.get(
             ConfigConstants.SECURITY_CONFIG_INDEX_NAME,
             ConfigConstants.OPENDISTRO_SECURITY_DEFAULT_CONFIG_INDEX
@@ -84,7 +83,6 @@ public SystemIndexAccessEvaluator(final Settings settings, AuditLog auditLog, In
         this.systemIndexMatcher = WildcardMatcher.from(
             settings.getAsList(ConfigConstants.SECURITY_SYSTEM_INDICES_KEY, ConfigConstants.SECURITY_SYSTEM_INDICES_DEFAULT)
         );
-
         this.superAdminAccessOnlyIndexMatcher = WildcardMatcher.from(this.securityIndex);
         this.isSystemIndexEnabled = settings.getAsBoolean(
             ConfigConstants.SECURITY_SYSTEM_INDICES_ENABLED_KEY,
@@ -170,16 +168,15 @@ private boolean requestContainsAnySystemIndices(final Resolved requestedResolved
      * It will always return security index if it is present in the request, as security index is protected regardless
      * of feature being enabled or disabled
      * @param requestedResolved request which contains indices to be matched against system indices
-     * @return the set of protected system indices present in the request
+     * @return the list of protected system indices present in the request
      */
-    private Set<String> getAllSystemIndices(final Resolved requestedResolved) {
-        final Set<String> systemIndices = requestedResolved.getAllIndices()
+    private List<String> getAllSystemIndices(final Resolved requestedResolved) {
+        final List<String> systemIndices = requestedResolved.getAllIndices()
             .stream()
             .filter(securityIndex::equals)
-            .collect(Collectors.toSet());
+            .collect(Collectors.toList());
         if (isSystemIndexEnabled) {
             systemIndices.addAll(systemIndexMatcher.getMatchAny(requestedResolved.getAllIndices(), Collectors.toList()));
-            systemIndices.addAll(SystemIndexRegistry.matchesSystemIndexPattern(requestedResolved.getAllIndices().toArray(String[]::new)));
         }
         return systemIndices;
     }
@@ -213,7 +210,7 @@ private List<String> getAllProtectedSystemIndices(final Resolved requestedResolv
     private boolean requestContainsAnyRegularIndices(final Resolved requestedResolved) {
         Set<String> allIndices = requestedResolved.getAllIndices();
 
-        Set<String> allSystemIndices = getAllSystemIndices(requestedResolved);
+        List<String> allSystemIndices = getAllSystemIndices(requestedResolved);
         List<String> allProtectedSystemIndices = getAllProtectedSystemIndices(requestedResolved);
 
         return allIndices.stream().anyMatch(index -> !allSystemIndices.contains(index) && !allProtectedSystemIndices.contains(index));

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -56,7 +56,7 @@
 import static org.mockito.Mockito.when;
 
 @RunWith(MockitoJUnitRunner.class)
-public class SystemIndexAccessEvaluatorTest {
+public class SecurityIndexAccessEvaluatorTest {
 
     @Mock
     private AuditLog auditLog;
@@ -73,7 +73,7 @@ public class SystemIndexAccessEvaluatorTest {
     @Mock
     ClusterService cs;
 
-    private SystemIndexAccessEvaluator evaluator;
+    private SecurityIndexAccessEvaluator evaluator;
     private static final String UNPROTECTED_ACTION = "indices:data/read";
     private static final String PROTECTED_ACTION = "indices:data/write";
 
@@ -137,7 +137,7 @@ public void setup(
 
         // when trying to resolve Index Names
 
-        evaluator = new SystemIndexAccessEvaluator(
+        evaluator = new SecurityIndexAccessEvaluator(
             Settings.builder()
                 .put(ConfigConstants.SECURITY_SYSTEM_INDICES_KEY, TEST_SYSTEM_INDEX)
                 .put(ConfigConstants.SECURITY_SYSTEM_INDICES_ENABLED_KEY, isSystemIndexEnabled)