Make PrivilegesEvaluator extensible through config (Contribute to the repo)

Hi all,

I want to make the PrivilegesEvaluator flexible so that any user can use his/her own implementation of PrivilegesEvaluator
This is the idea

  1. Introduce a new property as to which evaluator is to be initialized
  2. Create an abstract class Evaluator. // Parent class of any evaluator
    PrivilegesEvaluator implements the abstract class (only override the evaluate() api)
  3. Similarly,
    create abstract class EvaluatorResponse // Parent class of any evaluatorResponse
  4. Create a EvaluatorFactory which returns the specified evaluator to be used when invoked.

Here are the links for PrivilegesEvaluator and PrivilegesEvaluatorResponse classes :

  1. https://github.com/opendistro-for-elasticsearch/security/blob/master/src/main/java/com/amazon/opendistroforelasticsearch/security/privileges/PrivilegesEvaluator.java
  2. https://github.com/opendistro-for-elasticsearch/security/blob/master/src/main/java/com/amazon/opendistroforelasticsearch/security/privileges/PrivilegesEvaluatorResponse.java

Is this design viable to be contributed or if not, please suggest changes?

anyone? Please help…

Thanks Divyansh! We will get back to you in the next few days. Apologies for the delay.

Sure! Please do get back asap as I have already started working on this. Any suggestions would be valuable.