Fixed IllegalArgumentException when building stateful index privileges

[nibix]

Description

This fixes the issue reported in #5216. In the case that a cluster has aliases defined on backing indices of data streams, the creation of the stateful rule would fail with an IllegalArgumentException.

This is because data stream backing indices are not supposed to be included in the stateful index privilege object. Via the aliases, however, they sneaked in anyway. We are now filtering these indices out.

This is mostly just a cosmetic problem as privilege evaluation will continue via slower fall back code paths. However, the logs will show an IllegalArgumentException stack trace for each update of the index meta data on the cluster.

• Category
  • Bugfix
• Why these changes are required?
  • Fixes log spam
• What is the old behavior before changes and new behavior after changes?
  • No behavioral change

Issues Resolved

Fixes #5216

Testing

• The unit test aliasesOnDataStreamBackingIndices was added to cover this case

Check List

• New functionality includes testing
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.66%. Comparing base (24a4593) to head (805ab03).
Report is 10 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5217   +/-   ##
=======================================
  Coverage   71.65%   71.66%           
=======================================
  Files         337      337           
  Lines       22789    22793    +4     
  Branches     3606     3607    +1     
=======================================
+ Hits        16330    16334    +4     
- Misses       4652     4656    +4     
+ Partials     1807     1803    -4     

Files with missing lines	Coverage Δ
...ensearch/security/privileges/ActionPrivileges.java	94.71% <100.00%> (-0.44%)	⬇️

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cwperks]

Thank you for the quick work on this @nibix and confirming that the fallback is working as intended.

[opensearch-trigger-bot]

The backport to 2.19 failed:

Server Error

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.19
# Create a new branch
git switch --create backport/backport-5217-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 4e1158c225a4a5426269bf6a32bdb055ab1152b1
# Push it to GitHub
git push --set-upstream origin backport/backport-5217-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.19

Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport/backport-5217-to-2.19.