Run /_execute in User context (#312)

opendistro-for-elasticsearch · Dec 1, 2020 · 57995b6 · 57995b6
1 parent 150b060
commit 57995b6
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/...com/amazon/opendistroforelasticsearch/alerting/transport/TransportExecuteMonitorAction.kt b/...com/amazon/opendistroforelasticsearch/alerting/transport/TransportExecuteMonitorAction.kt
@@ -7,6 +7,8 @@ import com.amazon.opendistroforelasticsearch.alerting.action.ExecuteMonitorRespo
 import com.amazon.opendistroforelasticsearch.alerting.core.model.ScheduledJob
 import com.amazon.opendistroforelasticsearch.alerting.model.Monitor
 import com.amazon.opendistroforelasticsearch.alerting.util.AlertingException
+import com.amazon.opendistroforelasticsearch.commons.ConfigConstants
+import com.amazon.opendistroforelasticsearch.commons.authuser.User
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
@@ -39,8 +41,14 @@ class TransportExecuteMonitorAction @Inject constructor(
 ) : HandledTransportAction<ExecuteMonitorRequest, ExecuteMonitorResponse> (
         ExecuteMonitorAction.NAME, transportService, actionFilters, ::ExecuteMonitorRequest) {
 
+    private var user: User? = null
+
     override fun doExecute(task: Task, execMonitorRequest: ExecuteMonitorRequest, actionListener: ActionListener<ExecuteMonitorResponse>) {
 
+        val userStr = client.threadPool().threadContext.getTransient<String>(ConfigConstants.OPENDISTRO_SECURITY_USER_AND_ROLES)
+        log.debug("User and roles string from thread context: $userStr")
+        user = User.parse(userStr)
+
         client.threadPool().threadContext.stashContext().use {
             val executeMonitor = fun(monitor: Monitor) {
                 // Launch the coroutine with the clients threadContext. This is needed to preserve authentication information
@@ -87,7 +95,10 @@ class TransportExecuteMonitorAction @Inject constructor(
                     }
                 })
             } else {
-                val monitor = execMonitorRequest.monitor as Monitor
+                val monitor = when (user == null || user?.name.isNullOrEmpty()) {
+                    true -> execMonitorRequest.monitor as Monitor
+                    false -> (execMonitorRequest.monitor as Monitor).copy(user = user)
+                }
                 executeMonitor(monitor)
             }
         }

diff --git a/...otlin/com/amazon/opendistroforelasticsearch/alerting/core/schedule/JobSchedulerMetrics.kt b/...otlin/com/amazon/opendistroforelasticsearch/alerting/core/schedule/JobSchedulerMetrics.kt
@@ -48,7 +48,8 @@ class JobSchedulerMetrics : ToXContentFragment, Writeable {
 
     override fun toXContent(builder: XContentBuilder, params: ToXContent.Params): XContentBuilder {
         if (lastExecutionTime != null)
-            builder.timeField("last_execution_time", "last_execution_time_in_millis", Instant.ofEpochMilli(lastExecutionTime).toEpochMilli())
+            builder.timeField("last_execution_time", "last_execution_time_in_millis",
+                    Instant.ofEpochMilli(lastExecutionTime).toEpochMilli())
         builder.field("running_on_time", runningOnTime)
         return builder
     }