HLRest: refactor put_user to utilize `User` object (#35188)
This follows #33552 , when the `_authenticate` API added a new `User` object for the API's response. This changes the `put_user` API to also employ a `User` object in the request. The User object changed slightly. A bug with put_user only putting/updating enabled (but not disabled) users has been fixed.
This commit is contained in:
parent
113af7996c
commit
85a8b517bd
|
@ -63,7 +63,7 @@ final class SecurityRequestConverters {
|
|||
static Request putUser(PutUserRequest putUserRequest) throws IOException {
|
||||
String endpoint = new RequestConverters.EndpointBuilder()
|
||||
.addPathPartAsIs("_xpack/security/user")
|
||||
.addPathPart(putUserRequest.getUsername())
|
||||
.addPathPart(putUserRequest.getUser().getUsername())
|
||||
.build();
|
||||
Request request = new Request(HttpPut.METHOD_NAME, endpoint);
|
||||
request.setEntity(createEntity(putUserRequest, REQUEST_BODY_CONTENT_TYPE));
|
||||
|
|
|
@ -21,15 +21,14 @@ package org.elasticsearch.client.security;
|
|||
|
||||
import org.elasticsearch.client.Validatable;
|
||||
import org.elasticsearch.client.ValidationException;
|
||||
import org.elasticsearch.client.security.user.User;
|
||||
import org.elasticsearch.common.CharArrays;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.xcontent.ToXContentObject;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
|
||||
|
@ -38,62 +37,33 @@ import java.util.Optional;
|
|||
*/
|
||||
public final class PutUserRequest implements Validatable, ToXContentObject {
|
||||
|
||||
private final String username;
|
||||
private final List<String> roles;
|
||||
private final String fullName;
|
||||
private final String email;
|
||||
private final Map<String, Object> metadata;
|
||||
private final char[] password;
|
||||
private final User user;
|
||||
private final @Nullable char[] password;
|
||||
private final boolean enabled;
|
||||
private final RefreshPolicy refreshPolicy;
|
||||
|
||||
/**
|
||||
* Creates a new request that is used to create or update a user in the native realm.
|
||||
*
|
||||
* @param username the username of the user to be created or updated
|
||||
* @param user the user to be created or updated
|
||||
* @param password the password of the user. The password array is not modified by this class.
|
||||
* It is the responsibility of the caller to clear the password after receiving
|
||||
* a response.
|
||||
* @param roles the roles that this user is assigned
|
||||
* @param fullName the full name of the user that may be used for display purposes
|
||||
* @param email the email address of the user
|
||||
* @param enabled true if the user is enabled and allowed to access elasticsearch
|
||||
* @param metadata a map of additional user attributes that may be used in templating roles
|
||||
* @param refreshPolicy the refresh policy for the request.
|
||||
*/
|
||||
public PutUserRequest(String username, char[] password, List<String> roles, String fullName, String email, boolean enabled,
|
||||
Map<String, Object> metadata, RefreshPolicy refreshPolicy) {
|
||||
this.username = Objects.requireNonNull(username, "username is required");
|
||||
public PutUserRequest(User user, @Nullable char[] password, boolean enabled, @Nullable RefreshPolicy refreshPolicy) {
|
||||
this.user = Objects.requireNonNull(user, "user is required, cannot be null");
|
||||
this.password = password;
|
||||
this.roles = Collections.unmodifiableList(Objects.requireNonNull(roles, "roles must be specified"));
|
||||
this.fullName = fullName;
|
||||
this.email = email;
|
||||
this.enabled = enabled;
|
||||
this.metadata = metadata == null ? Collections.emptyMap() : Collections.unmodifiableMap(metadata);
|
||||
this.refreshPolicy = refreshPolicy == null ? RefreshPolicy.getDefault() : refreshPolicy;
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
public User getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
public List<String> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public String getFullName() {
|
||||
return fullName;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
return email;
|
||||
}
|
||||
|
||||
public Map<String, Object> getMetadata() {
|
||||
return metadata;
|
||||
}
|
||||
|
||||
public char[] getPassword() {
|
||||
public @Nullable char[] getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
|
@ -109,29 +79,25 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
|
|||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
PutUserRequest that = (PutUserRequest) o;
|
||||
return enabled == that.enabled &&
|
||||
Objects.equals(username, that.username) &&
|
||||
Objects.equals(roles, that.roles) &&
|
||||
Objects.equals(fullName, that.fullName) &&
|
||||
Objects.equals(email, that.email) &&
|
||||
Objects.equals(metadata, that.metadata) &&
|
||||
Arrays.equals(password, that.password) &&
|
||||
refreshPolicy == that.refreshPolicy;
|
||||
final PutUserRequest that = (PutUserRequest) o;
|
||||
return Objects.equals(user, that.user)
|
||||
&& Arrays.equals(password, that.password)
|
||||
&& enabled == that.enabled
|
||||
&& refreshPolicy == that.refreshPolicy;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int result = Objects.hash(username, roles, fullName, email, metadata, enabled, refreshPolicy);
|
||||
int result = Objects.hash(user, enabled, refreshPolicy);
|
||||
result = 31 * result + Arrays.hashCode(password);
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Optional<ValidationException> validate() {
|
||||
if (metadata != null && metadata.keySet().stream().anyMatch(s -> s.startsWith("_"))) {
|
||||
if (user.getMetadata() != null && user.getMetadata().keySet().stream().anyMatch(s -> s.startsWith("_"))) {
|
||||
ValidationException validationException = new ValidationException();
|
||||
validationException.addValidationError("metadata keys may not start with [_]");
|
||||
validationException.addValidationError("user metadata keys may not start with [_]");
|
||||
return Optional.of(validationException);
|
||||
}
|
||||
return Optional.empty();
|
||||
|
@ -140,7 +106,7 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
|
|||
@Override
|
||||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
|
||||
builder.startObject();
|
||||
builder.field("username", username);
|
||||
builder.field("username", user.getUsername());
|
||||
if (password != null) {
|
||||
byte[] charBytes = CharArrays.toUtf8Bytes(password);
|
||||
try {
|
||||
|
@ -149,18 +115,15 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
|
|||
Arrays.fill(charBytes, (byte) 0);
|
||||
}
|
||||
}
|
||||
if (roles != null) {
|
||||
builder.field("roles", roles);
|
||||
builder.field("roles", user.getRoles());
|
||||
if (user.getFullName() != null) {
|
||||
builder.field("full_name", user.getFullName());
|
||||
}
|
||||
if (fullName != null) {
|
||||
builder.field("full_name", fullName);
|
||||
}
|
||||
if (email != null) {
|
||||
builder.field("email", email);
|
||||
}
|
||||
if (metadata != null) {
|
||||
builder.field("metadata", metadata);
|
||||
if (user.getEmail() != null) {
|
||||
builder.field("email", user.getEmail());
|
||||
}
|
||||
builder.field("metadata", user.getMetadata());
|
||||
builder.field("enabled", enabled);
|
||||
return builder.endObject();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,38 +24,59 @@ import org.elasticsearch.common.Strings;
|
|||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
|
||||
/**
|
||||
* An authenticated user
|
||||
* A user to be utilized with security APIs.
|
||||
* Can be an existing authenticated user or it can be a new user to be enrolled to the native realm.
|
||||
*/
|
||||
public final class User {
|
||||
|
||||
private final String username;
|
||||
private final Collection<String> roles;
|
||||
private final Set<String> roles;
|
||||
private final Map<String, Object> metadata;
|
||||
@Nullable private final String fullName;
|
||||
@Nullable private final String email;
|
||||
|
||||
/**
|
||||
* Builds the user to be utilized with security APIs.
|
||||
*
|
||||
* @param username the username, also known as the principal, unique for in the scope of a realm
|
||||
* @param roles the roles that this user is assigned
|
||||
* @param metadata a map of additional user attributes that may be used in templating roles
|
||||
* @param fullName the full name of the user that may be used for display purposes
|
||||
* @param email the email address of the user
|
||||
*/
|
||||
public User(String username, Collection<String> roles, Map<String, Object> metadata, @Nullable String fullName,
|
||||
@Nullable String email) {
|
||||
Objects.requireNonNull(username, "`username` cannot be null");
|
||||
Objects.requireNonNull(roles, "`roles` cannot be null. Pass an empty collection instead.");
|
||||
Objects.requireNonNull(roles, "`metadata` cannot be null. Pass an empty map instead.");
|
||||
this.username = username;
|
||||
this.roles = roles;
|
||||
this.metadata = Collections.unmodifiableMap(metadata);
|
||||
this.username = username = Objects.requireNonNull(username, "`username` is required, cannot be null");
|
||||
this.roles = Collections.unmodifiableSet(new HashSet<>(
|
||||
Objects.requireNonNull(roles, "`roles` is required, cannot be null. Pass an empty Collection instead.")));
|
||||
this.metadata = Collections
|
||||
.unmodifiableMap(Objects.requireNonNull(metadata, "`metadata` is required, cannot be null. Pass an empty map instead."));
|
||||
this.fullName = fullName;
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the user to be utilized with security APIs.
|
||||
*
|
||||
* @param username the username, also known as the principal, unique for in the scope of a realm
|
||||
* @param roles the roles that this user is assigned
|
||||
*/
|
||||
public User(String username, Collection<String> roles) {
|
||||
this(username, roles, Collections.emptyMap(), null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return The principal of this user - effectively serving as the
|
||||
* unique identity of the user. Can never be {@code null}.
|
||||
*/
|
||||
public String username() {
|
||||
public String getUsername() {
|
||||
return this.username;
|
||||
}
|
||||
|
||||
|
@ -64,28 +85,28 @@ public final class User {
|
|||
* identified by their unique names and each represents as
|
||||
* set of permissions. Can never be {@code null}.
|
||||
*/
|
||||
public Collection<String> roles() {
|
||||
public Set<String> getRoles() {
|
||||
return this.roles;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return The metadata that is associated with this user. Can never be {@code null}.
|
||||
*/
|
||||
public Map<String, Object> metadata() {
|
||||
public Map<String, Object> getMetadata() {
|
||||
return metadata;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return The full name of this user. May be {@code null}.
|
||||
*/
|
||||
public @Nullable String fullName() {
|
||||
public @Nullable String getFullName() {
|
||||
return fullName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return The email of this user. May be {@code null}.
|
||||
*/
|
||||
public @Nullable String email() {
|
||||
public @Nullable String getEmail() {
|
||||
return email;
|
||||
}
|
||||
|
||||
|
@ -103,28 +124,14 @@ public final class User {
|
|||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o instanceof User == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
final User user = (User) o;
|
||||
|
||||
if (!username.equals(user.username)) {
|
||||
return false;
|
||||
}
|
||||
if (!roles.equals(user.roles)) {
|
||||
return false;
|
||||
}
|
||||
if (!metadata.equals(user.metadata)) {
|
||||
return false;
|
||||
}
|
||||
if (fullName != null ? !fullName.equals(user.fullName) : user.fullName != null) {
|
||||
return false;
|
||||
}
|
||||
return !(email != null ? !email.equals(user.email) : user.email != null);
|
||||
if (this == o) return true;
|
||||
if (o == null || this.getClass() != o.getClass()) return false;
|
||||
final User that = (User) o;
|
||||
return Objects.equals(username, that.username)
|
||||
&& Objects.equals(roles, that.roles)
|
||||
&& Objects.equals(metadata, that.metadata)
|
||||
&& Objects.equals(fullName, that.fullName)
|
||||
&& Objects.equals(email, that.email);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.elasticsearch.client.security.AuthenticateResponse;
|
|||
import org.elasticsearch.client.security.PutUserRequest;
|
||||
import org.elasticsearch.client.security.PutUserResponse;
|
||||
import org.elasticsearch.client.security.RefreshPolicy;
|
||||
import org.elasticsearch.client.security.user.User;
|
||||
import org.elasticsearch.common.CharArrays;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
@ -34,12 +35,29 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.empty;
|
||||
|
||||
public class SecurityIT extends ESRestHighLevelClientTestCase {
|
||||
|
||||
public void testPutUser() throws Exception {
|
||||
final SecurityClient securityClient = highLevelClient().security();
|
||||
// create user
|
||||
final PutUserRequest putUserRequest = randomPutUserRequest(randomBoolean());
|
||||
final PutUserResponse putUserResponse = execute(putUserRequest, securityClient::putUser, securityClient::putUserAsync);
|
||||
// assert user created
|
||||
assertThat(putUserResponse.isCreated(), is(true));
|
||||
// update user
|
||||
final User updatedUser = randomUser(putUserRequest.getUser().getUsername());
|
||||
final PutUserRequest updateUserRequest = randomPutUserRequest(updatedUser, randomBoolean());
|
||||
final PutUserResponse updateUserResponse = execute(updateUserRequest, securityClient::putUser, securityClient::putUserAsync);
|
||||
// assert user not created
|
||||
assertThat(updateUserResponse.isCreated(), is(false));
|
||||
// delete user
|
||||
final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME,
|
||||
"/_xpack/security/user/" + putUserRequest.getUser().getUsername());
|
||||
highLevelClient().getLowLevelClient().performRequest(deleteUserRequest);
|
||||
}
|
||||
|
||||
public void testAuthenticate() throws Exception {
|
||||
final SecurityClient securityClient = highLevelClient().security();
|
||||
// test fixture: put enabled user
|
||||
|
@ -48,34 +66,30 @@ public class SecurityIT extends ESRestHighLevelClientTestCase {
|
|||
assertThat(putUserResponse.isCreated(), is(true));
|
||||
|
||||
// authenticate correctly
|
||||
final String basicAuthHeader = basicAuthHeader(putUserRequest.getUsername(), putUserRequest.getPassword());
|
||||
final String basicAuthHeader = basicAuthHeader(putUserRequest.getUser().getUsername(), putUserRequest.getPassword());
|
||||
final AuthenticateResponse authenticateResponse = execute(securityClient::authenticate, securityClient::authenticateAsync,
|
||||
authorizationRequestOptions(basicAuthHeader));
|
||||
|
||||
assertThat(authenticateResponse.getUser().username(), is(putUserRequest.getUsername()));
|
||||
if (putUserRequest.getRoles().isEmpty()) {
|
||||
assertThat(authenticateResponse.getUser().roles(), is(empty()));
|
||||
} else {
|
||||
assertThat(authenticateResponse.getUser().roles(), contains(putUserRequest.getRoles().toArray()));
|
||||
}
|
||||
assertThat(authenticateResponse.getUser().metadata(), is(putUserRequest.getMetadata()));
|
||||
assertThat(authenticateResponse.getUser().fullName(), is(putUserRequest.getFullName()));
|
||||
assertThat(authenticateResponse.getUser().email(), is(putUserRequest.getEmail()));
|
||||
assertThat(authenticateResponse.getUser(), is(putUserRequest.getUser()));
|
||||
assertThat(authenticateResponse.enabled(), is(true));
|
||||
|
||||
// delete user
|
||||
final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME, "/_xpack/security/user/" + putUserRequest.getUsername());
|
||||
final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME,
|
||||
"/_xpack/security/user/" + putUserRequest.getUser().getUsername());
|
||||
highLevelClient().getLowLevelClient().performRequest(deleteUserRequest);
|
||||
|
||||
// authentication no longer works
|
||||
ElasticsearchStatusException e = expectThrows(ElasticsearchStatusException.class, () -> execute(securityClient::authenticate,
|
||||
securityClient::authenticateAsync, authorizationRequestOptions(basicAuthHeader)));
|
||||
assertThat(e.getMessage(), containsString("unable to authenticate user [" + putUserRequest.getUsername() + "]"));
|
||||
assertThat(e.getMessage(), containsString("unable to authenticate user [" + putUserRequest.getUser().getUsername() + "]"));
|
||||
}
|
||||
|
||||
private static PutUserRequest randomPutUserRequest(boolean enabled) {
|
||||
private static User randomUser() {
|
||||
final String username = randomAlphaOfLengthBetween(1, 4);
|
||||
final char[] password = randomAlphaOfLengthBetween(6, 10).toCharArray();
|
||||
return randomUser(username);
|
||||
}
|
||||
|
||||
private static User randomUser(String username) {
|
||||
final List<String> roles = Arrays.asList(generateRandomStringArray(3, 3, false, true));
|
||||
final String fullName = randomFrom(random(), null, randomAlphaOfLengthBetween(0, 3));
|
||||
final String email = randomFrom(random(), null, randomAlphaOfLengthBetween(0, 3));
|
||||
|
@ -91,7 +105,17 @@ public class SecurityIT extends ESRestHighLevelClientTestCase {
|
|||
} else {
|
||||
metadata.put("string_list", Arrays.asList(generateRandomStringArray(4, 4, false, true)));
|
||||
}
|
||||
return new PutUserRequest(username, password, roles, fullName, email, enabled, metadata, RefreshPolicy.IMMEDIATE);
|
||||
return new User(username, roles, metadata, fullName, email);
|
||||
}
|
||||
|
||||
private static PutUserRequest randomPutUserRequest(boolean enabled) {
|
||||
final User user = randomUser();
|
||||
return randomPutUserRequest(user, enabled);
|
||||
}
|
||||
|
||||
private static PutUserRequest randomPutUserRequest(User user, boolean enabled) {
|
||||
final char[] password = randomAlphaOfLengthBetween(6, 10).toCharArray();
|
||||
return new PutUserRequest(user, password, enabled, RefreshPolicy.IMMEDIATE);
|
||||
}
|
||||
|
||||
private static String basicAuthHeader(String username, char[] password) {
|
||||
|
|
|
@ -36,6 +36,7 @@ import org.elasticsearch.client.security.RefreshPolicy;
|
|||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
|
||||
import org.elasticsearch.client.security.support.expressiondsl.expressions.AnyRoleMapperExpression;
|
||||
import org.elasticsearch.client.security.support.expressiondsl.fields.FieldRoleMapperExpression;
|
||||
import org.elasticsearch.client.security.user.User;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
|
||||
|
@ -57,23 +58,21 @@ public class SecurityRequestConvertersTests extends ESTestCase {
|
|||
final String email = randomBoolean() ? null : randomAlphaOfLengthBetween(12, 24);
|
||||
final String fullName = randomBoolean() ? null : randomAlphaOfLengthBetween(7, 14);
|
||||
final boolean enabled = randomBoolean();
|
||||
final Map<String, Object> metadata;
|
||||
final Map<String, Object> metadata = new HashMap<>();
|
||||
if (randomBoolean()) {
|
||||
metadata = new HashMap<>();
|
||||
for (int i = 0; i < randomIntBetween(0, 10); i++) {
|
||||
metadata.put(String.valueOf(i), randomAlphaOfLengthBetween(1, 12));
|
||||
}
|
||||
} else {
|
||||
metadata = null;
|
||||
}
|
||||
final User user = new User(username, roles, metadata, fullName, email);
|
||||
|
||||
final RefreshPolicy refreshPolicy = randomFrom(RefreshPolicy.values());
|
||||
final Map<String, String> expectedParams = getExpectedParamsFromRefreshPolicy(refreshPolicy);
|
||||
|
||||
PutUserRequest putUserRequest = new PutUserRequest(username, password, roles, fullName, email, enabled, metadata, refreshPolicy);
|
||||
PutUserRequest putUserRequest = new PutUserRequest(user, password, enabled, refreshPolicy);
|
||||
Request request = SecurityRequestConverters.putUser(putUserRequest);
|
||||
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
|
||||
assertEquals("/_xpack/security/user/" + putUserRequest.getUsername(), request.getEndpoint());
|
||||
assertEquals("/_xpack/security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint());
|
||||
assertEquals(expectedParams, request.getParameters());
|
||||
assertToXContentBody(putUserRequest, request.getEntity());
|
||||
}
|
||||
|
|
|
@ -90,8 +90,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
{
|
||||
//tag::put-user-execute
|
||||
char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
PutUserRequest request =
|
||||
new PutUserRequest("example", password, Collections.singletonList("superuser"), null, null, true, null, RefreshPolicy.NONE);
|
||||
User user = new User("example", Collections.singletonList("superuser"));
|
||||
PutUserRequest request = new PutUserRequest(user, password, true, RefreshPolicy.NONE);
|
||||
PutUserResponse response = client.security().putUser(request, RequestOptions.DEFAULT);
|
||||
//end::put-user-execute
|
||||
|
||||
|
@ -104,8 +104,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
|
||||
{
|
||||
char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
PutUserRequest request = new PutUserRequest("example2", password, Collections.singletonList("superuser"), null, null, true,
|
||||
null, RefreshPolicy.NONE);
|
||||
User user2 = new User("example2", Collections.singletonList("superuser"));
|
||||
PutUserRequest request = new PutUserRequest(user2, password, true, RefreshPolicy.NONE);
|
||||
// tag::put-user-execute-listener
|
||||
ActionListener<PutUserResponse> listener = new ActionListener<PutUserResponse>() {
|
||||
@Override
|
||||
|
@ -300,8 +300,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
public void testEnableUser() throws Exception {
|
||||
RestHighLevelClient client = highLevelClient();
|
||||
char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
PutUserRequest putUserRequest = new PutUserRequest("enable_user", password, Collections.singletonList("superuser"), null,
|
||||
null, true, null, RefreshPolicy.IMMEDIATE);
|
||||
User enable_user = new User("enable_user", Collections.singletonList("superuser"));
|
||||
PutUserRequest putUserRequest = new PutUserRequest(enable_user, password, true, RefreshPolicy.IMMEDIATE);
|
||||
PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
|
||||
assertTrue(putUserResponse.isCreated());
|
||||
|
||||
|
@ -345,8 +345,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
public void testDisableUser() throws Exception {
|
||||
RestHighLevelClient client = highLevelClient();
|
||||
char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
PutUserRequest putUserRequest = new PutUserRequest("disable_user", password, Collections.singletonList("superuser"), null,
|
||||
null, true, null, RefreshPolicy.IMMEDIATE);
|
||||
User disable_user = new User("disable_user", Collections.singletonList("superuser"));
|
||||
PutUserRequest putUserRequest = new PutUserRequest(disable_user, password, true, RefreshPolicy.IMMEDIATE);
|
||||
PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
|
||||
assertTrue(putUserResponse.isCreated());
|
||||
{
|
||||
|
@ -398,11 +398,11 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
boolean enabled = response.enabled(); // <2>
|
||||
//end::authenticate-response
|
||||
|
||||
assertThat(user.username(), is("test_user"));
|
||||
assertThat(user.roles(), contains(new String[]{"superuser"}));
|
||||
assertThat(user.fullName(), nullValue());
|
||||
assertThat(user.email(), nullValue());
|
||||
assertThat(user.metadata().isEmpty(), is(true));
|
||||
assertThat(user.getUsername(), is("test_user"));
|
||||
assertThat(user.getRoles(), contains(new String[] {"superuser"}));
|
||||
assertThat(user.getFullName(), nullValue());
|
||||
assertThat(user.getEmail(), nullValue());
|
||||
assertThat(user.getMetadata().isEmpty(), is(true));
|
||||
assertThat(enabled, is(true));
|
||||
}
|
||||
|
||||
|
@ -608,8 +608,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
RestHighLevelClient client = highLevelClient();
|
||||
char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
char[] newPassword = new char[]{'n', 'e', 'w', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
|
||||
PutUserRequest putUserRequest = new PutUserRequest("change_password_user", password, Collections.singletonList("superuser"),
|
||||
null, null, true, null, RefreshPolicy.NONE);
|
||||
User user = new User("change_password_user", Collections.singletonList("superuser"), Collections.emptyMap(), null, null);
|
||||
PutUserRequest putUserRequest = new PutUserRequest(user, password, true, RefreshPolicy.NONE);
|
||||
PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
|
||||
assertTrue(putUserResponse.isCreated());
|
||||
{
|
||||
|
@ -774,8 +774,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
|
||||
{
|
||||
// Setup user
|
||||
PutUserRequest putUserRequest = new PutUserRequest("token_user", "password".toCharArray(),
|
||||
Collections.singletonList("kibana_user"), null, null, true, null, RefreshPolicy.IMMEDIATE);
|
||||
User token_user = new User("token_user", Collections.singletonList("kibana_user"));
|
||||
PutUserRequest putUserRequest = new PutUserRequest(token_user, "password".toCharArray(), true, RefreshPolicy.IMMEDIATE);
|
||||
PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
|
||||
assertTrue(putUserResponse.isCreated());
|
||||
}
|
||||
|
@ -852,8 +852,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
|
|||
{
|
||||
// Setup user
|
||||
final char[] password = "password".toCharArray();
|
||||
PutUserRequest putUserRequest = new PutUserRequest("invalidate_token", password,
|
||||
Collections.singletonList("kibana_user"), null, null, true, null, RefreshPolicy.IMMEDIATE);
|
||||
User invalidate_token_user = new User("invalidate_token", Collections.singletonList("kibana_user"));
|
||||
PutUserRequest putUserRequest = new PutUserRequest(invalidate_token_user, password, true, RefreshPolicy.IMMEDIATE);
|
||||
PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
|
||||
assertTrue(putUserResponse.isCreated());
|
||||
|
||||
|
|
|
@ -77,14 +77,14 @@ public class AuthenticateResponseTests extends ESTestCase {
|
|||
final User user = response.getUser();
|
||||
final boolean enabled = response.enabled();
|
||||
builder.startObject();
|
||||
builder.field(AuthenticateResponse.USERNAME.getPreferredName(), user.username());
|
||||
builder.field(AuthenticateResponse.ROLES.getPreferredName(), user.roles());
|
||||
builder.field(AuthenticateResponse.METADATA.getPreferredName(), user.metadata());
|
||||
if (user.fullName() != null) {
|
||||
builder.field(AuthenticateResponse.FULL_NAME.getPreferredName(), user.fullName());
|
||||
builder.field(AuthenticateResponse.USERNAME.getPreferredName(), user.getUsername());
|
||||
builder.field(AuthenticateResponse.ROLES.getPreferredName(), user.getRoles());
|
||||
builder.field(AuthenticateResponse.METADATA.getPreferredName(), user.getMetadata());
|
||||
if (user.getFullName() != null) {
|
||||
builder.field(AuthenticateResponse.FULL_NAME.getPreferredName(), user.getFullName());
|
||||
}
|
||||
if (user.email() != null) {
|
||||
builder.field(AuthenticateResponse.EMAIL.getPreferredName(), user.email());
|
||||
if (user.getEmail() != null) {
|
||||
builder.field(AuthenticateResponse.EMAIL.getPreferredName(), user.getEmail());
|
||||
}
|
||||
builder.field(AuthenticateResponse.ENABLED.getPreferredName(), enabled);
|
||||
builder.endObject();
|
||||
|
@ -92,8 +92,8 @@ public class AuthenticateResponseTests extends ESTestCase {
|
|||
|
||||
private AuthenticateResponse copy(AuthenticateResponse response) {
|
||||
final User originalUser = response.getUser();
|
||||
final User copyUser = new User(originalUser.username(), originalUser.roles(), originalUser.metadata(), originalUser.fullName(),
|
||||
originalUser.email());
|
||||
final User copyUser = new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
|
||||
originalUser.getFullName(), originalUser.getEmail());
|
||||
return new AuthenticateResponse(copyUser, response.enabled());
|
||||
}
|
||||
|
||||
|
@ -101,27 +101,27 @@ public class AuthenticateResponseTests extends ESTestCase {
|
|||
final User originalUser = response.getUser();
|
||||
switch (randomIntBetween(1, 6)) {
|
||||
case 1:
|
||||
return new AuthenticateResponse(new User(originalUser.username() + "wrong", originalUser.roles(), originalUser.metadata(),
|
||||
originalUser.fullName(), originalUser.email()), response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername() + "wrong", originalUser.getRoles(),
|
||||
originalUser.getMetadata(), originalUser.getFullName(), originalUser.getEmail()), response.enabled());
|
||||
case 2:
|
||||
final Collection<String> wrongRoles = new ArrayList<>(originalUser.roles());
|
||||
final Collection<String> wrongRoles = new ArrayList<>(originalUser.getRoles());
|
||||
wrongRoles.add(randomAlphaOfLengthBetween(1, 4));
|
||||
return new AuthenticateResponse(new User(originalUser.username(), wrongRoles, originalUser.metadata(),
|
||||
originalUser.fullName(), originalUser.email()), response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername(), wrongRoles, originalUser.getMetadata(),
|
||||
originalUser.getFullName(), originalUser.getEmail()), response.enabled());
|
||||
case 3:
|
||||
final Map<String, Object> wrongMetadata = new HashMap<>(originalUser.metadata());
|
||||
final Map<String, Object> wrongMetadata = new HashMap<>(originalUser.getMetadata());
|
||||
wrongMetadata.put("wrong_string", randomAlphaOfLengthBetween(0, 4));
|
||||
return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), wrongMetadata,
|
||||
originalUser.fullName(), originalUser.email()), response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), wrongMetadata,
|
||||
originalUser.getFullName(), originalUser.getEmail()), response.enabled());
|
||||
case 4:
|
||||
return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
|
||||
originalUser.fullName() + "wrong", originalUser.email()), response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
|
||||
originalUser.getFullName() + "wrong", originalUser.getEmail()), response.enabled());
|
||||
case 5:
|
||||
return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
|
||||
originalUser.fullName(), originalUser.email() + "wrong"), response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
|
||||
originalUser.getFullName(), originalUser.getEmail() + "wrong"), response.enabled());
|
||||
case 6:
|
||||
return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
|
||||
originalUser.fullName(), originalUser.email()), !response.enabled());
|
||||
return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
|
||||
originalUser.getFullName(), originalUser.getEmail()), !response.enabled());
|
||||
}
|
||||
throw new IllegalStateException("Bad random number");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue