Add Delete Privileges API to HLRC (#35454)
This commit adds the Delete Privileges API to the high level REST client. Related to #29827
This commit is contained in:
parent
e7b7d52a6a
commit
5b7446bb5f
|
@ -29,6 +29,8 @@ import org.elasticsearch.client.security.ClearRolesCacheRequest;
|
||||||
import org.elasticsearch.client.security.ClearRolesCacheResponse;
|
import org.elasticsearch.client.security.ClearRolesCacheResponse;
|
||||||
import org.elasticsearch.client.security.CreateTokenRequest;
|
import org.elasticsearch.client.security.CreateTokenRequest;
|
||||||
import org.elasticsearch.client.security.CreateTokenResponse;
|
import org.elasticsearch.client.security.CreateTokenResponse;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesRequest;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesResponse;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingResponse;
|
import org.elasticsearch.client.security.DeleteRoleMappingResponse;
|
||||||
import org.elasticsearch.client.security.DeleteRoleRequest;
|
import org.elasticsearch.client.security.DeleteRoleRequest;
|
||||||
|
@ -473,4 +475,32 @@ public final class SecurityClient {
|
||||||
InvalidateTokenResponse::fromXContent, listener, emptySet());
|
InvalidateTokenResponse::fromXContent, listener, emptySet());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes application privilege(s)
|
||||||
|
* See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-privilege.html">
|
||||||
|
* the docs</a> for more.
|
||||||
|
* @param request the request with the application privilege to delete
|
||||||
|
* @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
|
||||||
|
* @return the response from the delete application privilege call
|
||||||
|
* @throws IOException in case there is a problem sending the request or parsing back the response
|
||||||
|
*/
|
||||||
|
public DeletePrivilegesResponse deletePrivileges(DeletePrivilegesRequest request, RequestOptions options) throws IOException {
|
||||||
|
return restHighLevelClient.performRequestAndParseEntity(request, SecurityRequestConverters::deletePrivileges, options,
|
||||||
|
DeletePrivilegesResponse::fromXContent, singleton(404));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Asynchronously removes an application privilege
|
||||||
|
* See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-privilege.html">
|
||||||
|
* the docs</a> for more.
|
||||||
|
* @param request the request with the application privilege to delete
|
||||||
|
* @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
|
||||||
|
* @param listener the listener to be notified upon request completion
|
||||||
|
*/
|
||||||
|
public void deletePrivilegesAsync(DeletePrivilegesRequest request, RequestOptions options,
|
||||||
|
ActionListener<DeletePrivilegesResponse> listener) {
|
||||||
|
restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::deletePrivileges, options,
|
||||||
|
DeletePrivilegesResponse::fromXContent, listener, singleton(404));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,21 +19,22 @@
|
||||||
|
|
||||||
package org.elasticsearch.client;
|
package org.elasticsearch.client;
|
||||||
|
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpDelete;
|
import org.apache.http.client.methods.HttpDelete;
|
||||||
|
import org.apache.http.client.methods.HttpGet;
|
||||||
import org.apache.http.client.methods.HttpPost;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
import org.apache.http.client.methods.HttpPut;
|
||||||
|
import org.elasticsearch.client.security.ChangePasswordRequest;
|
||||||
import org.elasticsearch.client.security.ClearRealmCacheRequest;
|
import org.elasticsearch.client.security.ClearRealmCacheRequest;
|
||||||
import org.elasticsearch.client.security.ClearRolesCacheRequest;
|
import org.elasticsearch.client.security.ClearRolesCacheRequest;
|
||||||
import org.elasticsearch.client.security.CreateTokenRequest;
|
import org.elasticsearch.client.security.CreateTokenRequest;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleRequest;
|
import org.elasticsearch.client.security.DeleteRoleRequest;
|
||||||
import org.elasticsearch.client.security.InvalidateTokenRequest;
|
|
||||||
import org.elasticsearch.client.security.PutRoleMappingRequest;
|
|
||||||
import org.elasticsearch.client.security.DisableUserRequest;
|
import org.elasticsearch.client.security.DisableUserRequest;
|
||||||
import org.elasticsearch.client.security.EnableUserRequest;
|
import org.elasticsearch.client.security.EnableUserRequest;
|
||||||
import org.elasticsearch.client.security.GetRoleMappingsRequest;
|
import org.elasticsearch.client.security.GetRoleMappingsRequest;
|
||||||
import org.elasticsearch.client.security.ChangePasswordRequest;
|
import org.elasticsearch.client.security.InvalidateTokenRequest;
|
||||||
|
import org.elasticsearch.client.security.PutRoleMappingRequest;
|
||||||
import org.elasticsearch.client.security.PutUserRequest;
|
import org.elasticsearch.client.security.PutUserRequest;
|
||||||
import org.elasticsearch.client.security.SetUserEnabledRequest;
|
import org.elasticsearch.client.security.SetUserEnabledRequest;
|
||||||
import org.elasticsearch.common.Strings;
|
import org.elasticsearch.common.Strings;
|
||||||
|
@ -172,4 +173,16 @@ final class SecurityRequestConverters {
|
||||||
request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE));
|
request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE));
|
||||||
return request;
|
return request;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static Request deletePrivileges(DeletePrivilegesRequest deletePrivilegeRequest) {
|
||||||
|
String endpoint = new RequestConverters.EndpointBuilder()
|
||||||
|
.addPathPartAsIs("_xpack/security/privilege")
|
||||||
|
.addPathPart(deletePrivilegeRequest.getApplication())
|
||||||
|
.addCommaSeparatedPathParts(deletePrivilegeRequest.getPrivileges())
|
||||||
|
.build();
|
||||||
|
Request request = new Request(HttpDelete.METHOD_NAME, endpoint);
|
||||||
|
RequestConverters.Params params = new RequestConverters.Params(request);
|
||||||
|
params.withRefreshPolicy(deletePrivilegeRequest.getRefreshPolicy());
|
||||||
|
return request;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
/*
|
||||||
|
* Licensed to Elasticsearch under one or more contributor
|
||||||
|
* license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright
|
||||||
|
* ownership. Elasticsearch licenses this file to you under
|
||||||
|
* the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.elasticsearch.client.security;
|
||||||
|
|
||||||
|
import org.elasticsearch.client.Validatable;
|
||||||
|
import org.elasticsearch.common.Nullable;
|
||||||
|
import org.elasticsearch.common.Strings;
|
||||||
|
import org.elasticsearch.common.util.CollectionUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A request to delete application privileges
|
||||||
|
*/
|
||||||
|
public final class DeletePrivilegesRequest implements Validatable {
|
||||||
|
|
||||||
|
private final String application;
|
||||||
|
private final String[] privileges;
|
||||||
|
private final RefreshPolicy refreshPolicy;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new {@link DeletePrivilegesRequest} using the default {@link RefreshPolicy#getDefault()} refresh policy.
|
||||||
|
*
|
||||||
|
* @param application the name of the application for which the privileges will be deleted
|
||||||
|
* @param privileges the privileges to delete
|
||||||
|
*/
|
||||||
|
public DeletePrivilegesRequest(String application, String... privileges) {
|
||||||
|
this(application, privileges, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new {@link DeletePrivilegesRequest}.
|
||||||
|
*
|
||||||
|
* @param application the name of the application for which the privileges will be deleted
|
||||||
|
* @param privileges the privileges to delete
|
||||||
|
* @param refreshPolicy the refresh policy {@link RefreshPolicy} for the request, defaults to {@link RefreshPolicy#getDefault()}
|
||||||
|
*/
|
||||||
|
public DeletePrivilegesRequest(String application, String[] privileges, @Nullable RefreshPolicy refreshPolicy) {
|
||||||
|
if (Strings.hasText(application) == false) {
|
||||||
|
throw new IllegalArgumentException("application name is required");
|
||||||
|
}
|
||||||
|
if (CollectionUtils.isEmpty(privileges)) {
|
||||||
|
throw new IllegalArgumentException("privileges are required");
|
||||||
|
}
|
||||||
|
this.application = application;
|
||||||
|
this.privileges = privileges;
|
||||||
|
this.refreshPolicy = (refreshPolicy == null) ? RefreshPolicy.getDefault() : refreshPolicy;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getApplication() {
|
||||||
|
return application;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String[] getPrivileges() {
|
||||||
|
return privileges;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RefreshPolicy getRefreshPolicy() {
|
||||||
|
return refreshPolicy;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,91 @@
|
||||||
|
/*
|
||||||
|
* Licensed to Elasticsearch under one or more contributor
|
||||||
|
* license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright
|
||||||
|
* ownership. Elasticsearch licenses this file to you under
|
||||||
|
* the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.elasticsearch.client.security;
|
||||||
|
|
||||||
|
import org.elasticsearch.common.xcontent.XContentParser;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
|
import static org.elasticsearch.common.xcontent.XContentParserUtils.ensureExpectedToken;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Response for application privileges deletion
|
||||||
|
*/
|
||||||
|
public final class DeletePrivilegesResponse {
|
||||||
|
|
||||||
|
private final String application;
|
||||||
|
private final List<String> privileges;
|
||||||
|
|
||||||
|
DeletePrivilegesResponse(String application, List<String> privileges) {
|
||||||
|
this.application = Objects.requireNonNull(application, "application is required");
|
||||||
|
this.privileges = Objects.requireNonNull(privileges, "privileges are required");
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getApplication() {
|
||||||
|
return application;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates if the given privilege was successfully found and deleted from the list of application privileges.
|
||||||
|
*
|
||||||
|
* @param privilege the privilege
|
||||||
|
* @return true if the privilege was found and deleted, false otherwise.
|
||||||
|
*/
|
||||||
|
public boolean isFound(final String privilege) {
|
||||||
|
return privileges.contains(privilege);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static DeletePrivilegesResponse fromXContent(XContentParser parser) throws IOException {
|
||||||
|
XContentParser.Token token = parser.currentToken();
|
||||||
|
if (token == null) {
|
||||||
|
token = parser.nextToken();
|
||||||
|
}
|
||||||
|
ensureExpectedToken(XContentParser.Token.START_OBJECT, token, parser::getTokenLocation);
|
||||||
|
token = parser.nextToken();
|
||||||
|
ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser::getTokenLocation);
|
||||||
|
final String application = parser.currentName();
|
||||||
|
final List<String> foundAndDeletedPrivileges = new ArrayList<>();
|
||||||
|
token = parser.nextToken();
|
||||||
|
if (token == XContentParser.Token.START_OBJECT) {
|
||||||
|
while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
|
||||||
|
if (token == XContentParser.Token.FIELD_NAME) {
|
||||||
|
String privilege = parser.currentName();
|
||||||
|
token = parser.nextToken();
|
||||||
|
if (token == XContentParser.Token.START_OBJECT) {
|
||||||
|
String currentFieldName = null;
|
||||||
|
while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
|
||||||
|
if (token == XContentParser.Token.FIELD_NAME) {
|
||||||
|
currentFieldName = parser.currentName();
|
||||||
|
} else if (token == XContentParser.Token.VALUE_BOOLEAN) {
|
||||||
|
if ("found".equals(currentFieldName) && parser.booleanValue()) {
|
||||||
|
foundAndDeletedPrivileges.add(privilege);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return new DeletePrivilegesResponse(application, foundAndDeletedPrivileges);
|
||||||
|
}
|
||||||
|
}
|
|
@ -24,6 +24,7 @@ import org.apache.http.client.methods.HttpDelete;
|
||||||
import org.apache.http.client.methods.HttpPost;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
import org.apache.http.client.methods.HttpPut;
|
||||||
import org.elasticsearch.client.security.CreateTokenRequest;
|
import org.elasticsearch.client.security.CreateTokenRequest;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleRequest;
|
import org.elasticsearch.client.security.DeleteRoleRequest;
|
||||||
import org.elasticsearch.client.security.DisableUserRequest;
|
import org.elasticsearch.client.security.DisableUserRequest;
|
||||||
|
@ -241,4 +242,19 @@ public class SecurityRequestConvertersTests extends ESTestCase {
|
||||||
assertEquals(0, request.getParameters().size());
|
assertEquals(0, request.getParameters().size());
|
||||||
assertToXContentBody(createTokenRequest, request.getEntity());
|
assertToXContentBody(createTokenRequest, request.getEntity());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testDeletePrivileges() {
|
||||||
|
final String application = randomAlphaOfLengthBetween(1, 12);
|
||||||
|
final List<String> privileges = randomSubsetOf(randomIntBetween(1, 3), "read", "write", "all");
|
||||||
|
final RefreshPolicy refreshPolicy = randomFrom(RefreshPolicy.values());
|
||||||
|
final Map<String, String> expectedParams = getExpectedParamsFromRefreshPolicy(refreshPolicy);
|
||||||
|
DeletePrivilegesRequest deletePrivilegesRequest =
|
||||||
|
new DeletePrivilegesRequest(application, privileges.toArray(Strings.EMPTY_ARRAY), refreshPolicy);
|
||||||
|
Request request = SecurityRequestConverters.deletePrivileges(deletePrivilegesRequest);
|
||||||
|
assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
|
||||||
|
assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges),
|
||||||
|
request.getEndpoint());
|
||||||
|
assertEquals(expectedParams, request.getParameters());
|
||||||
|
assertNull(request.getEntity());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,7 @@ import org.elasticsearch.action.support.PlainActionFuture;
|
||||||
import org.elasticsearch.client.ESRestHighLevelClientTestCase;
|
import org.elasticsearch.client.ESRestHighLevelClientTestCase;
|
||||||
import org.elasticsearch.client.Request;
|
import org.elasticsearch.client.Request;
|
||||||
import org.elasticsearch.client.RequestOptions;
|
import org.elasticsearch.client.RequestOptions;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.client.RestHighLevelClient;
|
import org.elasticsearch.client.RestHighLevelClient;
|
||||||
import org.elasticsearch.client.security.AuthenticateResponse;
|
import org.elasticsearch.client.security.AuthenticateResponse;
|
||||||
import org.elasticsearch.client.security.ChangePasswordRequest;
|
import org.elasticsearch.client.security.ChangePasswordRequest;
|
||||||
|
@ -37,6 +38,8 @@ import org.elasticsearch.client.security.ClearRolesCacheRequest;
|
||||||
import org.elasticsearch.client.security.ClearRolesCacheResponse;
|
import org.elasticsearch.client.security.ClearRolesCacheResponse;
|
||||||
import org.elasticsearch.client.security.CreateTokenRequest;
|
import org.elasticsearch.client.security.CreateTokenRequest;
|
||||||
import org.elasticsearch.client.security.CreateTokenResponse;
|
import org.elasticsearch.client.security.CreateTokenResponse;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesRequest;
|
||||||
|
import org.elasticsearch.client.security.DeletePrivilegesResponse;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
import org.elasticsearch.client.security.DeleteRoleMappingRequest;
|
||||||
import org.elasticsearch.client.security.DeleteRoleMappingResponse;
|
import org.elasticsearch.client.security.DeleteRoleMappingResponse;
|
||||||
import org.elasticsearch.client.security.DeleteRoleRequest;
|
import org.elasticsearch.client.security.DeleteRoleRequest;
|
||||||
|
@ -55,13 +58,14 @@ import org.elasticsearch.client.security.PutRoleMappingResponse;
|
||||||
import org.elasticsearch.client.security.PutUserRequest;
|
import org.elasticsearch.client.security.PutUserRequest;
|
||||||
import org.elasticsearch.client.security.PutUserResponse;
|
import org.elasticsearch.client.security.PutUserResponse;
|
||||||
import org.elasticsearch.client.security.RefreshPolicy;
|
import org.elasticsearch.client.security.RefreshPolicy;
|
||||||
|
import org.elasticsearch.client.security.support.CertificateInfo;
|
||||||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
|
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
|
||||||
|
import org.elasticsearch.client.security.support.expressiondsl.expressions.AnyRoleMapperExpression;
|
||||||
import org.elasticsearch.client.security.support.expressiondsl.fields.FieldRoleMapperExpression;
|
import org.elasticsearch.client.security.support.expressiondsl.fields.FieldRoleMapperExpression;
|
||||||
import org.elasticsearch.client.security.user.User;
|
import org.elasticsearch.client.security.user.User;
|
||||||
import org.elasticsearch.client.security.support.CertificateInfo;
|
|
||||||
import org.elasticsearch.client.security.support.expressiondsl.expressions.AnyRoleMapperExpression;
|
|
||||||
import org.elasticsearch.common.Strings;
|
import org.elasticsearch.common.Strings;
|
||||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||||
|
import org.elasticsearch.rest.RestStatus;
|
||||||
import org.hamcrest.Matchers;
|
import org.hamcrest.Matchers;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -916,4 +920,78 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
||||||
// See https://github.com/elastic/elasticsearch/issues/35115
|
// See https://github.com/elastic/elasticsearch/issues/35115
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testDeletePrivilege() throws Exception {
|
||||||
|
RestHighLevelClient client = highLevelClient();
|
||||||
|
{
|
||||||
|
final Request createPrivilegeRequest = new Request("POST", "/_xpack/security/privilege");
|
||||||
|
createPrivilegeRequest.setJsonEntity("{" +
|
||||||
|
" \"testapp\": {" +
|
||||||
|
" \"read\": {" +
|
||||||
|
" \"actions\": [ \"action:login\", \"data:read/*\" ]" +
|
||||||
|
" }," +
|
||||||
|
" \"write\": {" +
|
||||||
|
" \"actions\": [ \"action:login\", \"data:write/*\" ]" +
|
||||||
|
" }," +
|
||||||
|
" \"all\": {" +
|
||||||
|
" \"actions\": [ \"action:login\", \"data:write/*\" ]" +
|
||||||
|
" }" +
|
||||||
|
" }" +
|
||||||
|
"}");
|
||||||
|
|
||||||
|
final Response createPrivilegeResponse = client.getLowLevelClient().performRequest(createPrivilegeRequest);
|
||||||
|
assertEquals(RestStatus.OK.getStatus(), createPrivilegeResponse.getStatusLine().getStatusCode());
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// tag::delete-privileges-request
|
||||||
|
DeletePrivilegesRequest request = new DeletePrivilegesRequest(
|
||||||
|
"testapp", // <1>
|
||||||
|
"read", "write"); // <2>
|
||||||
|
// end::delete-privileges-request
|
||||||
|
|
||||||
|
// tag::delete-privileges-execute
|
||||||
|
DeletePrivilegesResponse response = client.security().deletePrivileges(request, RequestOptions.DEFAULT);
|
||||||
|
// end::delete-privileges-execute
|
||||||
|
|
||||||
|
// tag::delete-privileges-response
|
||||||
|
String application = response.getApplication(); // <1>
|
||||||
|
boolean found = response.isFound("read"); // <2>
|
||||||
|
// end::delete-privileges-response
|
||||||
|
assertThat(application, equalTo("testapp"));
|
||||||
|
assertTrue(response.isFound("write"));
|
||||||
|
assertTrue(found);
|
||||||
|
|
||||||
|
// check if deleting the already deleted privileges again will give us a different response
|
||||||
|
response = client.security().deletePrivileges(request, RequestOptions.DEFAULT);
|
||||||
|
assertFalse(response.isFound("write"));
|
||||||
|
}
|
||||||
|
{
|
||||||
|
DeletePrivilegesRequest deletePrivilegesRequest = new DeletePrivilegesRequest("testapp", "all");
|
||||||
|
|
||||||
|
ActionListener<DeletePrivilegesResponse> listener;
|
||||||
|
//tag::delete-privileges-execute-listener
|
||||||
|
listener = new ActionListener<DeletePrivilegesResponse>() {
|
||||||
|
@Override
|
||||||
|
public void onResponse(DeletePrivilegesResponse deletePrivilegesResponse) {
|
||||||
|
// <1>
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onFailure(Exception e) {
|
||||||
|
// <2>
|
||||||
|
}
|
||||||
|
};
|
||||||
|
//end::delete-privileges-execute-listener
|
||||||
|
|
||||||
|
// Replace the empty listener by a blocking listener in test
|
||||||
|
final CountDownLatch latch = new CountDownLatch(1);
|
||||||
|
listener = new LatchedActionListener<>(listener, latch);
|
||||||
|
|
||||||
|
//tag::delete-privileges-execute-async
|
||||||
|
client.security().deletePrivilegesAsync(deletePrivilegesRequest, RequestOptions.DEFAULT, listener); // <1>
|
||||||
|
//end::delete-privileges-execute-async
|
||||||
|
|
||||||
|
assertTrue(latch.await(30L, TimeUnit.SECONDS));
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
--
|
||||||
|
:api: delete-privileges
|
||||||
|
:request: DeletePrivilegesRequest
|
||||||
|
:response: DeletePrivilegesResponse
|
||||||
|
--
|
||||||
|
|
||||||
|
[id="{upid}-{api}"]
|
||||||
|
=== Delete Privileges API
|
||||||
|
|
||||||
|
This API can be used to delete application privileges.
|
||||||
|
|
||||||
|
[id="{upid}-{api}-request"]
|
||||||
|
==== Delete Application Privileges Request
|
||||||
|
|
||||||
|
A +{request}+ has two arguments
|
||||||
|
|
||||||
|
["source","java",subs="attributes,callouts,macros"]
|
||||||
|
--------------------------------------------------
|
||||||
|
include-tagged::{doc-tests-file}[{api}-request]
|
||||||
|
--------------------------------------------------
|
||||||
|
<1> the name of application
|
||||||
|
<2> the name(s) of the privileges to delete that belong to the given application
|
||||||
|
|
||||||
|
include::../execution.asciidoc[]
|
||||||
|
|
||||||
|
[id="{upid}-{api}-response"]
|
||||||
|
==== Delete Application Privileges Response
|
||||||
|
|
||||||
|
The returned +{response}+ allows to retrieve information about the executed
|
||||||
|
operation as follows:
|
||||||
|
|
||||||
|
["source","java",subs="attributes,callouts,macros"]
|
||||||
|
--------------------------------------------------
|
||||||
|
include-tagged::{doc-tests-file}[{api}-response]
|
||||||
|
--------------------------------------------------
|
||||||
|
<1> the name of the application
|
||||||
|
<2> whether the given privilege was found and deleted
|
|
@ -353,12 +353,14 @@ The Java High Level REST Client supports the following Security APIs:
|
||||||
* <<java-rest-high-security-delete-role-mapping>>
|
* <<java-rest-high-security-delete-role-mapping>>
|
||||||
* <<java-rest-high-security-create-token>>
|
* <<java-rest-high-security-create-token>>
|
||||||
* <<{upid}-invalidate-token>>
|
* <<{upid}-invalidate-token>>
|
||||||
|
* <<{upid}-delete-privileges>>
|
||||||
|
|
||||||
include::security/put-user.asciidoc[]
|
include::security/put-user.asciidoc[]
|
||||||
include::security/enable-user.asciidoc[]
|
include::security/enable-user.asciidoc[]
|
||||||
include::security/disable-user.asciidoc[]
|
include::security/disable-user.asciidoc[]
|
||||||
include::security/change-password.asciidoc[]
|
include::security/change-password.asciidoc[]
|
||||||
include::security/delete-role.asciidoc[]
|
include::security/delete-role.asciidoc[]
|
||||||
|
include::security/delete-privileges.asciidoc[]
|
||||||
include::security/clear-roles-cache.asciidoc[]
|
include::security/clear-roles-cache.asciidoc[]
|
||||||
include::security/clear-realm-cache.asciidoc[]
|
include::security/clear-realm-cache.asciidoc[]
|
||||||
include::security/authenticate.asciidoc[]
|
include::security/authenticate.asciidoc[]
|
||||||
|
|
Loading…
Reference in New Issue