|
|
@@ -173,10 +173,9 @@ public class TransportPutDataFrameTransformAction
|
|
|
// Early check to verify that the user can create the destination index and can read from the source
|
|
|
if (licenseState.isAuthAllowed()) {
|
|
|
final String username = securityContext.getUser().principal();
|
|
|
- RoleDescriptor.IndicesPrivileges sourceIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
|
|
- .indices(config.getSource().getIndex())
|
|
|
- .privileges("read")
|
|
|
- .build();
|
|
|
+ List<String> srcPrivileges = new ArrayList<>(2);
|
|
|
+ srcPrivileges.add("read");
|
|
|
+
|
|
|
List<String> destPrivileges = new ArrayList<>(3);
|
|
|
destPrivileges.add("read");
|
|
|
destPrivileges.add("index");
|
|
|
@@ -184,12 +183,19 @@ public class TransportPutDataFrameTransformAction
|
|
|
// We should check that the creating user has the privileges to create the index.
|
|
|
if (concreteDest.length == 0) {
|
|
|
destPrivileges.add("create_index");
|
|
|
+ // We need to read the source indices mapping to deduce the destination mapping
|
|
|
+ srcPrivileges.add("view_index_metadata");
|
|
|
}
|
|
|
RoleDescriptor.IndicesPrivileges destIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
|
|
.indices(destIndex)
|
|
|
.privileges(destPrivileges)
|
|
|
.build();
|
|
|
|
|
|
+ RoleDescriptor.IndicesPrivileges sourceIndexPrivileges = RoleDescriptor.IndicesPrivileges.builder()
|
|
|
+ .indices(config.getSource().getIndex())
|
|
|
+ .privileges(srcPrivileges)
|
|
|
+ .build();
|
|
|
+
|
|
|
HasPrivilegesRequest privRequest = new HasPrivilegesRequest();
|
|
|
privRequest.applicationPrivileges(new RoleDescriptor.ApplicationResourcePrivileges[0]);
|
|
|
privRequest.username(username);
|
Benjamin Trent