Only run DlsFlsValveImpl.invoke on indices requests

Signed-off-by: Craig Perkins <[email protected]>

src/main/java/org/opensearch/security/configuration/DlsFlsValveImpl.java

@@ -83,6 +83,8 @@
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.threadpool.ThreadPool;
 
+import static org.opensearch.security.privileges.PrivilegesEvaluator.isIndexPerm;
+
 public class DlsFlsValveImpl implements DlsFlsRequestValve {
 
     private static final String MAP_EXECUTION_HINT = "map";
@@ -135,6 +137,10 @@ public DlsFlsValveImpl(
      */
     @Override
     public boolean invoke(PrivilegesEvaluationContext context, final ActionListener<?> listener) {
+        if (!isIndexPerm(context.getAction())) {
+            return true;
+        }
+
         DlsFlsProcessedConfig config = this.dlsFlsProcessedConfig.get();
         ActionRequest request = context.getRequest();
         IndexResolverReplacer.Resolved resolved = context.getResolvedRequest();

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -709,6 +709,10 @@ public static boolean isClusterPerm(String action0) {
             || (action0.equals(RenderSearchTemplateAction.NAME)));
     }
 
+    public static boolean isIndexPerm(String action0) {
+        return (action0.startsWith("indices:") && !isClusterPerm(action0));
+    }
+
     @SuppressWarnings("unchecked")
     private boolean checkFilteredAliases(Resolved requestedResolved, String action, boolean isDebugEnabled) {
         final String faMode = dcm.getFilteredAliasMode();// getConfigSettings().dynamic.filtered_alias_mode;