Security, Aliases and Closed indices confuse open-only wildcard expansion

[elasticmachine]

Original comment by @bleskes:

X-pack has a security away wild expanses logic. When resolving requests which expand wild cards to open indices (almost all monitoring/search requests) if the cluster has a closed index which has an alias.

PUT index
{
  "settings": {
    "number_of_shards": 1
  }
}

POST _aliases
{
  "actions": [
    {
      "add": {
        "index": "index",
        "alias": "alias1"
      }
    }
  ]
}

POST index/_close

## this will go boom.
GET _cat/shards?v

as far as I can tell this is present in 5.4 & master. Looking at it with Jay, the culprit is a combination of AuthorizedIndices expanding empty index lists to include aliases, the logic in IndicesAndAliasesResolver#isIndexVisible that doesn't remove aliases if they point to closed indices and the normal logic in ES that explodes if a request asks for an index/alias that is closed.

[elasticmachine]

Original comment by @bczifra:

EMAIL REDACTED @jaymode If they remove the alias pointing to the closed index, will will that resolve the error?~~ wrong repo

[elasticmachine]

Original comment by @gmoskovicz:

@jaymode i see that the PR that fixes this doesn't have a version label. When is this going to be added ? Is this fix available in any 5.x versions?

[elasticmachine]

Original comment by @jasontedor:

@gmoskovicz That PR was closed without being merged anywhere, that's why there are no version labels and that's why this issue is still open.

[elasticmachine]

Original comment by @gmoskovicz:

@jasontedor 🤕 thanks for that i missed that part.

[javanna]

@jaymode should this be closed as a duplicate of #32238 ?

[jaymode]

@javanna that's correct. Thanks for the ping, I am closing it.