Cleanup Security Roles
- Renamed `AddRoleAction/Request/Response` to `PutRoleAction/Request/Response` - also renamed the user/roles rest actions Original commit: elastic/x-pack-elasticsearch@ae0ccd61e5
This commit is contained in:
uboness
parent
7e334a5e4b
commit
8ff6b93a3c
|
|
@ -20,18 +20,18 @@ import org.elasticsearch.shield.action.ShieldActionFilter;
|
|||
import org.elasticsearch.shield.action.ShieldActionModule;
|
||||
import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
|
||||
import org.elasticsearch.shield.action.realm.TransportClearRealmCacheAction;
|
||||
import org.elasticsearch.shield.action.role.AddRoleAction;
|
||||
import org.elasticsearch.shield.action.role.PutRoleAction;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
|
||||
import org.elasticsearch.shield.action.role.DeleteRoleAction;
|
||||
import org.elasticsearch.shield.action.role.GetRolesAction;
|
||||
import org.elasticsearch.shield.action.role.TransportAddRoleAction;
|
||||
import org.elasticsearch.shield.action.role.TransportPutRoleAction;
|
||||
import org.elasticsearch.shield.action.role.TransportClearRolesCacheAction;
|
||||
import org.elasticsearch.shield.action.role.TransportDeleteRoleAction;
|
||||
import org.elasticsearch.shield.action.role.TransportGetRolesAction;
|
||||
import org.elasticsearch.shield.action.user.PutUserAction;
|
||||
import org.elasticsearch.shield.action.user.DeleteUserAction;
|
||||
import org.elasticsearch.shield.action.user.GetUsersAction;
|
||||
import org.elasticsearch.shield.action.user.TransportAddUserAction;
|
||||
import org.elasticsearch.shield.action.user.TransportPutUserAction;
|
||||
import org.elasticsearch.shield.action.user.TransportDeleteUserAction;
|
||||
import org.elasticsearch.shield.action.user.TransportGetUsersAction;
|
||||
import org.elasticsearch.shield.audit.AuditTrailModule;
|
||||
|
|
@ -55,7 +55,7 @@ import org.elasticsearch.shield.rest.ShieldRestModule;
|
|||
import org.elasticsearch.shield.rest.action.RestAuthenticateAction;
|
||||
import org.elasticsearch.shield.rest.action.RestShieldInfoAction;
|
||||
import org.elasticsearch.shield.rest.action.realm.RestClearRealmCacheAction;
|
||||
import org.elasticsearch.shield.rest.action.role.RestAddRoleAction;
|
||||
import org.elasticsearch.shield.rest.action.role.RestPutRoleAction;
|
||||
import org.elasticsearch.shield.rest.action.role.RestClearRolesCacheAction;
|
||||
import org.elasticsearch.shield.rest.action.role.RestDeleteRoleAction;
|
||||
import org.elasticsearch.shield.rest.action.role.RestGetRolesAction;
|
||||
|
|
@ -242,10 +242,10 @@ public class Shield {
|
|||
module.registerAction(ClearRealmCacheAction.INSTANCE, TransportClearRealmCacheAction.class);
|
||||
module.registerAction(ClearRolesCacheAction.INSTANCE, TransportClearRolesCacheAction.class);
|
||||
module.registerAction(GetUsersAction.INSTANCE, TransportGetUsersAction.class);
|
||||
module.registerAction(PutUserAction.INSTANCE, TransportAddUserAction.class);
|
||||
module.registerAction(PutUserAction.INSTANCE, TransportPutUserAction.class);
|
||||
module.registerAction(DeleteUserAction.INSTANCE, TransportDeleteUserAction.class);
|
||||
module.registerAction(GetRolesAction.INSTANCE, TransportGetRolesAction.class);
|
||||
module.registerAction(AddRoleAction.INSTANCE, TransportAddRoleAction.class);
|
||||
module.registerAction(PutRoleAction.INSTANCE, TransportPutRoleAction.class);
|
||||
module.registerAction(DeleteRoleAction.INSTANCE, TransportDeleteRoleAction.class);
|
||||
}
|
||||
|
||||
|
|
@ -272,7 +272,7 @@ public class Shield {
|
|||
module.registerRestHandler(RestPutUserAction.class);
|
||||
module.registerRestHandler(RestDeleteUserAction.class);
|
||||
module.registerRestHandler(RestGetRolesAction.class);
|
||||
module.registerRestHandler(RestAddRoleAction.class);
|
||||
module.registerRestHandler(RestPutRoleAction.class);
|
||||
module.registerRestHandler(RestDeleteRoleAction.class);
|
||||
module.registerHttpTransport(Shield.NAME, ShieldNettyHttpServerTransport.class);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ public class DeleteRoleRequestBuilder extends ActionRequestBuilder<DeleteRoleReq
|
|||
super(client, action, new DeleteRoleRequest());
|
||||
}
|
||||
|
||||
public DeleteRoleRequestBuilder role(String roleName) {
|
||||
public DeleteRoleRequestBuilder name(String roleName) {
|
||||
request.role(roleName);
|
||||
return this;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ public class GetRolesRequestBuilder extends ActionRequestBuilder<GetRolesRequest
|
|||
super(client, action, new GetRolesRequest());
|
||||
}
|
||||
|
||||
public GetRolesRequestBuilder roles(String... roles) {
|
||||
public GetRolesRequestBuilder names(String... roles) {
|
||||
request.roles(roles);
|
||||
return this;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,23 +11,23 @@ import org.elasticsearch.client.ElasticsearchClient;
|
|||
/**
|
||||
* Action for adding a role to the shield administrative index
|
||||
*/
|
||||
public class AddRoleAction extends Action<AddRoleRequest, AddRoleResponse, AddRoleRequestBuilder> {
|
||||
public class PutRoleAction extends Action<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder> {
|
||||
|
||||
public static final AddRoleAction INSTANCE = new AddRoleAction();
|
||||
public static final String NAME = "cluster:admin/shield/role/add";
|
||||
public static final PutRoleAction INSTANCE = new PutRoleAction();
|
||||
public static final String NAME = "cluster:admin/shield/role/put";
|
||||
|
||||
|
||||
protected AddRoleAction() {
|
||||
protected PutRoleAction() {
|
||||
super(NAME);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AddRoleRequestBuilder newRequestBuilder(ElasticsearchClient client) {
|
||||
return new AddRoleRequestBuilder(client, this);
|
||||
public PutRoleRequestBuilder newRequestBuilder(ElasticsearchClient client) {
|
||||
return new PutRoleRequestBuilder(client, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AddRoleResponse newResponse() {
|
||||
return new AddRoleResponse();
|
||||
public PutRoleResponse newResponse() {
|
||||
return new PutRoleResponse();
|
||||
}
|
||||
}
|
||||
|
|
@ -26,7 +26,7 @@ import static org.elasticsearch.action.ValidateActions.addValidationError;
|
|||
/**
|
||||
* Request object for adding a role to the shield index
|
||||
*/
|
||||
public class AddRoleRequest extends ActionRequest<AddRoleRequest> implements ToXContent {
|
||||
public class PutRoleRequest extends ActionRequest<PutRoleRequest> implements ToXContent {
|
||||
|
||||
private String name;
|
||||
private List<String> clusterPriv;
|
||||
|
|
@ -35,10 +35,10 @@ public class AddRoleRequest extends ActionRequest<AddRoleRequest> implements ToX
|
|||
private List<String> runAs = new ArrayList<>();
|
||||
private RoleDescriptor roleDescriptor;
|
||||
|
||||
public AddRoleRequest() {
|
||||
public PutRoleRequest() {
|
||||
}
|
||||
|
||||
public AddRoleRequest(BytesReference source) throws Exception {
|
||||
public PutRoleRequest(BytesReference source) throws Exception {
|
||||
this.roleDescriptor = RoleDescriptor.source(source);
|
||||
}
|
||||
|
||||
|
|
@ -15,32 +15,32 @@ import java.util.Arrays;
|
|||
/**
|
||||
* Builder for requests to add a role to the administrative index
|
||||
*/
|
||||
public class AddRoleRequestBuilder extends ActionRequestBuilder<AddRoleRequest, AddRoleResponse, AddRoleRequestBuilder> {
|
||||
public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder> {
|
||||
|
||||
public AddRoleRequestBuilder(ElasticsearchClient client) {
|
||||
this(client, AddRoleAction.INSTANCE);
|
||||
public PutRoleRequestBuilder(ElasticsearchClient client) {
|
||||
this(client, PutRoleAction.INSTANCE);
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder(ElasticsearchClient client, AddRoleAction action) {
|
||||
super(client, action, new AddRoleRequest());
|
||||
public PutRoleRequestBuilder(ElasticsearchClient client, PutRoleAction action) {
|
||||
super(client, action, new PutRoleRequest());
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder name(String name) {
|
||||
public PutRoleRequestBuilder name(String name) {
|
||||
request.name(name);
|
||||
return this;
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder cluster(String... cluster) {
|
||||
public PutRoleRequestBuilder cluster(String... cluster) {
|
||||
request.cluster(Arrays.asList(cluster));
|
||||
return this;
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder runAs(String... runAsUsers) {
|
||||
public PutRoleRequestBuilder runAs(String... runAsUsers) {
|
||||
request.runAs(Arrays.asList(runAsUsers));
|
||||
return this;
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder addIndices(String[] indices, String[] privileges, @Nullable String[] fields,
|
||||
public PutRoleRequestBuilder addIndices(String[] indices, String[] privileges, @Nullable String[] fields,
|
||||
@Nullable BytesReference query) {
|
||||
request.addIndex(indices, privileges, fields, query);
|
||||
return this;
|
||||
|
|
@ -17,14 +17,14 @@ import java.io.IOException;
|
|||
* Response when adding a role, includes a boolean for whether the role was
|
||||
* created or updated.
|
||||
*/
|
||||
public class AddRoleResponse extends ActionResponse implements ToXContent {
|
||||
public class PutRoleResponse extends ActionResponse implements ToXContent {
|
||||
|
||||
private boolean created;
|
||||
|
||||
public AddRoleResponse() {
|
||||
public PutRoleResponse() {
|
||||
}
|
||||
|
||||
public AddRoleResponse(boolean created) {
|
||||
public PutRoleResponse(boolean created) {
|
||||
this.created = created;
|
||||
}
|
||||
|
||||
|
|
@ -15,20 +15,20 @@ import org.elasticsearch.shield.authz.esnative.ESNativeRolesStore;
|
|||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
|
||||
public class TransportAddRoleAction extends HandledTransportAction<AddRoleRequest, AddRoleResponse> {
|
||||
public class TransportPutRoleAction extends HandledTransportAction<PutRoleRequest, PutRoleResponse> {
|
||||
|
||||
private final ESNativeRolesStore rolesStore;
|
||||
|
||||
@Inject
|
||||
public TransportAddRoleAction(Settings settings, ThreadPool threadPool, ActionFilters actionFilters,
|
||||
public TransportPutRoleAction(Settings settings, ThreadPool threadPool, ActionFilters actionFilters,
|
||||
IndexNameExpressionResolver indexNameExpressionResolver,
|
||||
ESNativeRolesStore rolesStore, TransportService transportService) {
|
||||
super(settings, AddRoleAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, AddRoleRequest::new);
|
||||
super(settings, PutRoleAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, PutRoleRequest::new);
|
||||
this.rolesStore = rolesStore;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doExecute(AddRoleRequest request, ActionListener<AddRoleResponse> listener) {
|
||||
protected void doExecute(PutRoleRequest request, ActionListener<PutRoleResponse> listener) {
|
||||
rolesStore.addRole(request, new ActionListener<Boolean>() {
|
||||
@Override
|
||||
public void onResponse(Boolean created) {
|
||||
|
|
@ -37,7 +37,7 @@ public class TransportAddRoleAction extends HandledTransportAction<AddRoleReques
|
|||
} else {
|
||||
logger.info("updated role [{}]", request.name());
|
||||
}
|
||||
listener.onResponse(new AddRoleResponse(created));
|
||||
listener.onResponse(new PutRoleResponse(created));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -15,12 +15,12 @@ import org.elasticsearch.shield.authc.esnative.ESNativeUsersStore;
|
|||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
|
||||
public class TransportAddUserAction extends HandledTransportAction<PutUserRequest, PutUserResponse> {
|
||||
public class TransportPutUserAction extends HandledTransportAction<PutUserRequest, PutUserResponse> {
|
||||
|
||||
private final ESNativeUsersStore usersStore;
|
||||
|
||||
@Inject
|
||||
public TransportAddUserAction(Settings settings, ThreadPool threadPool, ActionFilters actionFilters,
|
||||
public TransportPutUserAction(Settings settings, ThreadPool threadPool, ActionFilters actionFilters,
|
||||
IndexNameExpressionResolver indexNameExpressionResolver,
|
||||
ESNativeUsersStore usersStore, TransportService transportService) {
|
||||
super(settings, PutUserAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, PutUserRequest::new);
|
||||
|
|
@ -40,7 +40,7 @@ import org.elasticsearch.index.query.QueryBuilders;
|
|||
import org.elasticsearch.search.SearchHit;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.ShieldTemplateService;
|
||||
import org.elasticsearch.shield.action.role.AddRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.PutRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheResponse;
|
||||
import org.elasticsearch.shield.action.role.DeleteRoleRequest;
|
||||
|
|
@ -288,15 +288,15 @@ public class ESNativeRolesStore extends AbstractComponent implements RolesStore,
|
|||
return roleAndVersion;
|
||||
}
|
||||
|
||||
public void addRole(final AddRoleRequest addRoleRequest, final ActionListener<Boolean> listener) {
|
||||
public void addRole(final PutRoleRequest putRoleRequest, final ActionListener<Boolean> listener) {
|
||||
if (state() != State.STARTED) {
|
||||
logger.trace("attempted to add role before service was started");
|
||||
listener.onResponse(false);
|
||||
}
|
||||
try {
|
||||
IndexRequest request = client.prepareIndex(ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME,
|
||||
INDEX_ROLE_TYPE, addRoleRequest.name())
|
||||
.setSource(addRoleRequest.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
|
||||
INDEX_ROLE_TYPE, putRoleRequest.name())
|
||||
.setSource(putRoleRequest.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
|
||||
.request();
|
||||
client.index(request, new ActionListener<IndexResponse>() {
|
||||
@Override
|
||||
|
|
@ -305,7 +305,7 @@ public class ESNativeRolesStore extends AbstractComponent implements RolesStore,
|
|||
listener.onResponse(indexResponse.isCreated());
|
||||
return;
|
||||
}
|
||||
clearRoleCache(addRoleRequest.name(), listener, indexResponse.isCreated());
|
||||
clearRoleCache(putRoleRequest.name(), listener, indexResponse.isCreated());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -13,10 +13,6 @@ import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
|
|||
import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
|
||||
import org.elasticsearch.shield.action.realm.ClearRealmCacheRequestBuilder;
|
||||
import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
|
||||
import org.elasticsearch.shield.action.role.AddRoleAction;
|
||||
import org.elasticsearch.shield.action.role.AddRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.AddRoleRequestBuilder;
|
||||
import org.elasticsearch.shield.action.role.AddRoleResponse;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
|
||||
import org.elasticsearch.shield.action.role.ClearRolesCacheRequestBuilder;
|
||||
|
|
@ -29,6 +25,10 @@ import org.elasticsearch.shield.action.role.GetRolesAction;
|
|||
import org.elasticsearch.shield.action.role.GetRolesRequest;
|
||||
import org.elasticsearch.shield.action.role.GetRolesRequestBuilder;
|
||||
import org.elasticsearch.shield.action.role.GetRolesResponse;
|
||||
import org.elasticsearch.shield.action.role.PutRoleAction;
|
||||
import org.elasticsearch.shield.action.role.PutRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.PutRoleRequestBuilder;
|
||||
import org.elasticsearch.shield.action.role.PutRoleResponse;
|
||||
import org.elasticsearch.shield.action.user.DeleteUserAction;
|
||||
import org.elasticsearch.shield.action.user.DeleteUserRequest;
|
||||
import org.elasticsearch.shield.action.user.DeleteUserRequestBuilder;
|
||||
|
|
@ -149,27 +149,27 @@ public class SecurityClient {
|
|||
|
||||
/** Role Management */
|
||||
|
||||
public GetRolesRequestBuilder prepareGetRoles() {
|
||||
return new GetRolesRequestBuilder(client);
|
||||
public GetRolesRequestBuilder prepareGetRoles(String... names) {
|
||||
return new GetRolesRequestBuilder(client).names(names);
|
||||
}
|
||||
|
||||
public void getRoles(GetRolesRequest request, ActionListener<GetRolesResponse> listener) {
|
||||
client.execute(GetRolesAction.INSTANCE, request, listener);
|
||||
}
|
||||
|
||||
public DeleteRoleRequestBuilder prepareDeleteRole() {
|
||||
return new DeleteRoleRequestBuilder(client);
|
||||
public DeleteRoleRequestBuilder prepareDeleteRole(String name) {
|
||||
return new DeleteRoleRequestBuilder(client).name(name);
|
||||
}
|
||||
|
||||
public void deleteRole(DeleteRoleRequest request, ActionListener<DeleteRoleResponse> listener) {
|
||||
client.execute(DeleteRoleAction.INSTANCE, request, listener);
|
||||
}
|
||||
|
||||
public AddRoleRequestBuilder prepareAddRole() {
|
||||
return new AddRoleRequestBuilder(client);
|
||||
public PutRoleRequestBuilder preparePutRole(String name) {
|
||||
return new PutRoleRequestBuilder(client).name(name);
|
||||
}
|
||||
|
||||
public void addRole(AddRoleRequest request, ActionListener<AddRoleResponse> listener) {
|
||||
client.execute(AddRoleAction.INSTANCE, request, listener);
|
||||
public void putRole(PutRoleRequest request, ActionListener<PutRoleResponse> listener) {
|
||||
client.execute(PutRoleAction.INSTANCE, request, listener);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,13 +32,13 @@ public class RestClearRolesCacheAction extends BaseRestHandler {
|
|||
@Inject
|
||||
public RestClearRolesCacheAction(Settings settings, RestController controller, Client client) {
|
||||
super(settings, client);
|
||||
controller.registerHandler(POST, "/_shield/role/{id}/_clear_cache", this);
|
||||
controller.registerHandler(POST, "/_shield/role/{name}/_clear_cache", this);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
|
||||
String[] roles = request.paramAsStringArrayOrEmptyIfAll("id");
|
||||
String[] roles = request.paramAsStringArrayOrEmptyIfAll("name");
|
||||
|
||||
ClearRolesCacheRequest req = new ClearRolesCacheRequest().roles(roles);
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import org.elasticsearch.rest.RestRequest;
|
|||
import org.elasticsearch.rest.RestResponse;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.rest.action.support.RestBuilderListener;
|
||||
import org.elasticsearch.shield.action.role.DeleteRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.DeleteRoleResponse;
|
||||
import org.elasticsearch.shield.client.SecurityClient;
|
||||
|
||||
|
|
@ -29,15 +28,12 @@ public class RestDeleteRoleAction extends BaseRestHandler {
|
|||
@Inject
|
||||
public RestDeleteRoleAction(Settings settings, RestController controller, Client client) {
|
||||
super(settings, client);
|
||||
controller.registerHandler(RestRequest.Method.DELETE, "/_shield/role/{id}", this);
|
||||
controller.registerHandler(RestRequest.Method.DELETE, "/_shield/role/{name}", this);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
String role = request.param("id");
|
||||
DeleteRoleRequest delRoleRequest = new DeleteRoleRequest(role);
|
||||
|
||||
new SecurityClient(client).deleteRole(delRoleRequest, new RestBuilderListener<DeleteRoleResponse>(channel) {
|
||||
new SecurityClient(client).prepareDeleteRole(request.param("name")).execute(new RestBuilderListener<DeleteRoleResponse>(channel) {
|
||||
@Override
|
||||
public RestResponse buildResponse(DeleteRoleResponse response, XContentBuilder builder) throws Exception {
|
||||
return new BytesRestResponse(response.found() ? RestStatus.OK : RestStatus.NOT_FOUND,
|
||||
|
|
|
|||
|
|
@ -31,14 +31,14 @@ public class RestGetRolesAction extends BaseRestHandler {
|
|||
public RestGetRolesAction(Settings settings, RestController controller, Client client) {
|
||||
super(settings, client);
|
||||
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this);
|
||||
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this);
|
||||
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{name}", this);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
String[] roles = Strings.splitStringByCommaToArray(request.param("id"));
|
||||
String[] names = request.paramAsStringArrayOrEmptyIfAll("name");
|
||||
|
||||
new SecurityClient(client).prepareGetRoles().roles(roles).execute(new RestBuilderListener<GetRolesResponse>(channel) {
|
||||
new SecurityClient(client).prepareGetRoles(names).execute(new RestBuilderListener<GetRolesResponse>(channel) {
|
||||
@Override
|
||||
public RestResponse buildResponse(GetRolesResponse getRolesResponse, XContentBuilder builder) throws Exception {
|
||||
builder.startObject();
|
||||
|
|
|
|||
|
|
@ -17,33 +17,29 @@ import org.elasticsearch.rest.RestRequest;
|
|||
import org.elasticsearch.rest.RestResponse;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.rest.action.support.RestBuilderListener;
|
||||
import org.elasticsearch.shield.action.role.AddRoleRequest;
|
||||
import org.elasticsearch.shield.action.role.AddRoleResponse;
|
||||
import org.elasticsearch.shield.action.role.PutRoleResponse;
|
||||
import org.elasticsearch.shield.client.SecurityClient;
|
||||
|
||||
/**
|
||||
* Rest endpoint to add a Role to the shield index
|
||||
*/
|
||||
public class RestAddRoleAction extends BaseRestHandler {
|
||||
public class RestPutRoleAction extends BaseRestHandler {
|
||||
|
||||
@Inject
|
||||
public RestAddRoleAction(Settings settings, RestController controller, Client client) {
|
||||
public RestPutRoleAction(Settings settings, RestController controller, Client client) {
|
||||
super(settings, client);
|
||||
controller.registerHandler(RestRequest.Method.POST, "/_shield/role/{id}", this);
|
||||
controller.registerHandler(RestRequest.Method.PUT, "/_shield/role/{id}", this);
|
||||
controller.registerHandler(RestRequest.Method.POST, "/_shield/role/{name}", this);
|
||||
controller.registerHandler(RestRequest.Method.PUT, "/_shield/role/{name}", this);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
AddRoleRequest addRoleReq = new AddRoleRequest(request.content());
|
||||
addRoleReq.name(request.param("id"));
|
||||
|
||||
new SecurityClient(client).addRole(addRoleReq, new RestBuilderListener<AddRoleResponse>(channel) {
|
||||
new SecurityClient(client).preparePutRole(request.param("name")).execute(new RestBuilderListener<PutRoleResponse>(channel) {
|
||||
@Override
|
||||
public RestResponse buildResponse(AddRoleResponse addRoleResponse, XContentBuilder builder) throws Exception {
|
||||
public RestResponse buildResponse(PutRoleResponse putRoleResponse, XContentBuilder builder) throws Exception {
|
||||
return new BytesRestResponse(RestStatus.OK,
|
||||
builder.startObject()
|
||||
.field("role", addRoleResponse)
|
||||
.field("role", putRoleResponse)
|
||||
.endObject());
|
||||
}
|
||||
});
|
||||
|
|
@ -13,7 +13,7 @@ import org.elasticsearch.common.network.NetworkModule;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.shield.action.role.AddRoleResponse;
|
||||
import org.elasticsearch.shield.action.role.PutRoleResponse;
|
||||
import org.elasticsearch.shield.action.role.GetRolesResponse;
|
||||
import org.elasticsearch.shield.ShieldTemplateService;
|
||||
import org.elasticsearch.shield.authc.esnative.ESNativeUsersStore;
|
||||
|
|
@ -81,7 +81,7 @@ public class ClearRolesCacheTests extends ShieldIntegTestCase {
|
|||
SecurityClient c = securityClient();
|
||||
// create roles
|
||||
for (String role : roles) {
|
||||
c.prepareAddRole().name(role)
|
||||
c.preparePutRole(role)
|
||||
.cluster("none")
|
||||
.addIndices(new String[] { "*" }, new String[] { "ALL" }, null, null)
|
||||
.get();
|
||||
|
|
@ -115,7 +115,7 @@ public class ClearRolesCacheTests extends ShieldIntegTestCase {
|
|||
List<String> toModify = randomSubsetOf(modifiedRolesCount, roles);
|
||||
logger.debug("--> modifying roles {} to have run_as", toModify);
|
||||
for (String role : toModify) {
|
||||
AddRoleResponse response = securityClient.prepareAddRole().name(role)
|
||||
PutRoleResponse response = securityClient.preparePutRole(role)
|
||||
.cluster("none")
|
||||
.addIndices(new String[] { "*" }, new String[] { "ALL" }, null, null)
|
||||
.runAs(role)
|
||||
|
|
@ -174,7 +174,7 @@ public class ClearRolesCacheTests extends ShieldIntegTestCase {
|
|||
SecurityClient securityClient = securityClient(client);
|
||||
|
||||
final String role = randomFrom(roles);
|
||||
List<RoleDescriptor> foundRoles = securityClient.prepareGetRoles().roles(role).get().roles();
|
||||
List<RoleDescriptor> foundRoles = securityClient.prepareGetRoles().names(role).get().roles();
|
||||
assertThat(foundRoles.size(), is(1));
|
||||
logger.debug("--> deleting role [{}]", role);
|
||||
DeleteResponse response = client.prepareDelete(ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME,
|
||||
|
|
@ -184,7 +184,7 @@ public class ClearRolesCacheTests extends ShieldIntegTestCase {
|
|||
assertBusy(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
assertThat(securityClient.prepareGetRoles().roles(role).get().roles().isEmpty(), is(true));
|
||||
assertThat(securityClient.prepareGetRoles().names(role).get().roles().isEmpty(), is(true));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
@ -192,7 +192,7 @@ public class ClearRolesCacheTests extends ShieldIntegTestCase {
|
|||
private void assertRolesAreCorrect(SecurityClient securityClient, List<String> toModify) {
|
||||
for (String role : roles) {
|
||||
logger.debug("--> getting role [{}]", role);
|
||||
GetRolesResponse roleResponse = securityClient.prepareGetRoles().roles(role).get();
|
||||
GetRolesResponse roleResponse = securityClient.prepareGetRoles().names(role).get();
|
||||
assertThat(roleResponse.isExists(), is(true));
|
||||
final String[] runAs = roleResponse.roles().get(0).getRunAs();
|
||||
if (toModify.contains(role)) {
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
SecurityClient c = securityClient();
|
||||
DeleteUserResponse resp = c.prepareDeleteUser("joe").get();
|
||||
assertFalse("user shouldn't be found", resp.found());
|
||||
DeleteRoleResponse resp2 = c.prepareDeleteRole().role("role").get();
|
||||
DeleteRoleResponse resp2 = c.prepareDeleteRole("role").get();
|
||||
assertFalse("role shouldn't be found", resp2.found());
|
||||
}
|
||||
|
||||
|
|
@ -54,7 +54,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
SecurityClient c = securityClient();
|
||||
GetUsersResponse resp = c.prepareGetUsers().usernames("joe").get();
|
||||
assertFalse("user should not exist", resp.hasUsers());
|
||||
GetRolesResponse resp2 = c.prepareGetRoles().roles("role").get();
|
||||
GetRolesResponse resp2 = c.prepareGetRoles().names("role").get();
|
||||
assertFalse("role should not exist", resp2.isExists());
|
||||
}
|
||||
|
||||
|
|
@ -107,8 +107,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
public void testAddAndGetRole() throws Exception {
|
||||
SecurityClient c = securityClient();
|
||||
logger.error("--> creating role");
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("all", "none")
|
||||
.runAs("root", "nobody")
|
||||
.addIndices(new String[]{"index"}, new String[]{"read"},
|
||||
|
|
@ -117,20 +116,18 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
logger.error("--> waiting for .shield index");
|
||||
ensureGreen(ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME);
|
||||
logger.info("--> retrieving role");
|
||||
GetRolesResponse resp = c.prepareGetRoles().roles("test_role").get();
|
||||
GetRolesResponse resp = c.prepareGetRoles().names("test_role").get();
|
||||
assertTrue("role should exist", resp.isExists());
|
||||
RoleDescriptor testRole = resp.roles().get(0);
|
||||
assertNotNull(testRole);
|
||||
|
||||
c.prepareAddRole()
|
||||
.name("test_role2")
|
||||
c.preparePutRole("test_role2")
|
||||
.cluster("all", "none")
|
||||
.runAs("root", "nobody")
|
||||
.addIndices(new String[]{"index"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"query\": {\"match_all\": {}}}"))
|
||||
.get();
|
||||
c.prepareAddRole()
|
||||
.name("test_role3")
|
||||
c.preparePutRole("test_role3")
|
||||
.cluster("all", "none")
|
||||
.runAs("root", "nobody")
|
||||
.addIndices(new String[]{"index"}, new String[]{"read"},
|
||||
|
|
@ -146,23 +143,22 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
assertEquals("should be 3 roles total", 3, allRolesResp.roles().size());
|
||||
|
||||
logger.info("--> retrieving all roles");
|
||||
GetRolesResponse someRolesResp = c.prepareGetRoles().roles("test_role", "test_role3").get();
|
||||
GetRolesResponse someRolesResp = c.prepareGetRoles().names("test_role", "test_role3").get();
|
||||
assertTrue("roles should exist", someRolesResp.isExists());
|
||||
assertEquals("should be 2 roles total", 2, someRolesResp.roles().size());
|
||||
|
||||
logger.info("--> deleting role");
|
||||
DeleteRoleResponse delResp = c.prepareDeleteRole().role("test_role").get();
|
||||
DeleteRoleResponse delResp = c.prepareDeleteRole("test_role").get();
|
||||
assertTrue(delResp.found());
|
||||
logger.info("--> retrieving role");
|
||||
GetRolesResponse resp2 = c.prepareGetRoles().roles("test_role").get();
|
||||
GetRolesResponse resp2 = c.prepareGetRoles().names("test_role").get();
|
||||
assertFalse("role should not exist after being deleted", resp2.isExists());
|
||||
}
|
||||
|
||||
public void testAddUserAndRoleThenAuth() throws Exception {
|
||||
SecurityClient c = securityClient();
|
||||
logger.error("--> creating role");
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("all")
|
||||
.addIndices(new String[]{"*"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
|
||||
|
|
@ -259,8 +255,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
final boolean authenticate = randomBoolean();
|
||||
SecurityClient c = securityClient();
|
||||
logger.error("--> creating role");
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("all")
|
||||
.addIndices(new String[]{"*"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
|
||||
|
|
@ -276,8 +271,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
|
||||
.prepareHealth().get();
|
||||
assertFalse(response.isTimedOut());
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("none")
|
||||
.addIndices(new String[]{"*"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
|
||||
|
|
@ -289,17 +283,16 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
assertThat(e.status(), is(RestStatus.FORBIDDEN));
|
||||
}
|
||||
} else {
|
||||
GetRolesResponse getRolesResponse = c.prepareGetRoles().roles("test_role").get();
|
||||
GetRolesResponse getRolesResponse = c.prepareGetRoles().names("test_role").get();
|
||||
assertTrue("test_role does not exist!", getRolesResponse.isExists());
|
||||
assertTrue("any cluster permission should be authorized",
|
||||
Role.builder(getRolesResponse.roles().get(0)).build().cluster().check("cluster:admin/foo"));
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("none")
|
||||
.addIndices(new String[]{"*"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
|
||||
.get();
|
||||
getRolesResponse = c.prepareGetRoles().roles("test_role").get();
|
||||
getRolesResponse = c.prepareGetRoles().names("test_role").get();
|
||||
assertTrue("test_role does not exist!", getRolesResponse.isExists());
|
||||
|
||||
assertFalse("no cluster permission should be authorized",
|
||||
|
|
@ -310,8 +303,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
public void testAuthenticateWithDeletedRole() {
|
||||
SecurityClient c = securityClient();
|
||||
logger.error("--> creating role");
|
||||
c.prepareAddRole()
|
||||
.name("test_role")
|
||||
c.preparePutRole("test_role")
|
||||
.cluster("all")
|
||||
.addIndices(new String[]{"*"}, new String[]{"read"},
|
||||
new String[]{"body", "title"}, new BytesArray("{\"match_all\": {}}"))
|
||||
|
|
@ -325,7 +317,7 @@ public class ESNativeTests extends ShieldIntegTestCase {
|
|||
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
|
||||
.prepareHealth().get();
|
||||
assertFalse(response.isTimedOut());
|
||||
c.prepareDeleteRole().role("test_role").get();
|
||||
c.prepareDeleteRole("test_role").get();
|
||||
try {
|
||||
client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster().prepareHealth().get();
|
||||
fail("user should not be able to execute any actions!");
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ cluster:admin/shield/roles/cache/clear
|
|||
cluster:admin/shield/user/put
|
||||
cluster:admin/shield/user/delete
|
||||
cluster:admin/shield/user/get
|
||||
cluster:admin/shield/role/add
|
||||
cluster:admin/shield/role/put
|
||||
cluster:admin/shield/role/delete
|
||||
cluster:admin/shield/role/get
|
||||
internal:indices/admin/upgrade
|
||||
|
|
|
|||
|
|
@ -12,12 +12,12 @@ cluster:admin/shield/realm/cache/clear
|
|||
cluster:admin/shield/realm/cache/clear[n]
|
||||
cluster:admin/shield/roles/cache/clear
|
||||
cluster:admin/shield/roles/cache/clear[n]
|
||||
cluster:admin/shield/role/add
|
||||
cluster:admin/shield/role/delete
|
||||
cluster:admin/shield/role/get
|
||||
cluster:admin/shield/user/put
|
||||
cluster:admin/shield/user/delete
|
||||
cluster:admin/shield/user/get
|
||||
cluster:admin/shield/role/put
|
||||
cluster:admin/shield/role/delete
|
||||
cluster:admin/shield/role/get
|
||||
indices:admin/analyze[s]
|
||||
indices:admin/cache/clear[n]
|
||||
indices:admin/forcemerge[n]
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
"documentation": "Clears the internal caches for specified roles",
|
||||
"methods": [ "PUT", "POST" ],
|
||||
"url": {
|
||||
"path": "/_shield/role/{id}/_clear_cache",
|
||||
"paths": [ "/_shield/role/{id}/_clear_cache" ],
|
||||
"path": "/_shield/role/{name}/_clear_cache",
|
||||
"paths": [ "/_shield/role/{name}/_clear_cache" ],
|
||||
"parts": {
|
||||
"id": {
|
||||
"name": {
|
||||
"type" : "string",
|
||||
"description" : "Role ID",
|
||||
"description" : "Role name",
|
||||
"required" : true
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
"documentation": "Remove a role from the native shield realm",
|
||||
"methods": [ "DELETE" ],
|
||||
"url": {
|
||||
"path": "/_shield/role/{id}",
|
||||
"paths": [ "/_shield/role/{id}" ],
|
||||
"path": "/_shield/role/{name}",
|
||||
"paths": [ "/_shield/role/{name}" ],
|
||||
"parts": {
|
||||
"id": {
|
||||
"name": {
|
||||
"type" : "string",
|
||||
"description" : "Role ID",
|
||||
"description" : "Role name",
|
||||
"required" : true
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
"documentation": "Retrieve one or more roles from the native shield realm",
|
||||
"methods": [ "GET" ],
|
||||
"url": {
|
||||
"path": "/_shield/role/{id}",
|
||||
"paths": [ "/_shield/role/{id}" ],
|
||||
"path": "/_shield/role/{name}",
|
||||
"paths": [ "/_shield/role/{name}" ],
|
||||
"parts": {
|
||||
"id": {
|
||||
"name": {
|
||||
"type" : "string",
|
||||
"description" : "Role ID",
|
||||
"description" : "Role name",
|
||||
"required" : false
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -3,12 +3,12 @@
|
|||
"documentation": "Update or create a role for the native shield realm",
|
||||
"methods": [ "PUT", "POST" ],
|
||||
"url": {
|
||||
"path": "/_shield/role/{id}",
|
||||
"paths": [ "/_shield/role/{id}" ],
|
||||
"path": "/_shield/role/{name}",
|
||||
"paths": [ "/_shield/role/{name}" ],
|
||||
"parts": {
|
||||
"id": {
|
||||
"name": {
|
||||
"type" : "string",
|
||||
"description" : "Role ID",
|
||||
"description" : "Role Name",
|
||||
"required" : true
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
- do:
|
||||
shield.put_role:
|
||||
id: "admin_role"
|
||||
name: "admin_role"
|
||||
body: >
|
||||
{
|
||||
"name": "admin_role",
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
|
||||
- do:
|
||||
shield.get_role:
|
||||
id: "admin_role"
|
||||
name: "admin_role"
|
||||
- match: { found: true }
|
||||
- match: { roles.0.name: "admin_role" }
|
||||
- match: { roles.0.cluster.0: "all" }
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
- do:
|
||||
shield.put_role:
|
||||
id: "admin_role2"
|
||||
name: "admin_role2"
|
||||
body: >
|
||||
{
|
||||
"name": "admin_role2",
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
|
||||
- do:
|
||||
shield.get_role:
|
||||
id: "admin_role2"
|
||||
name: "admin_role2"
|
||||
- match: { found: true }
|
||||
- match: { roles.0.name: "admin_role2" }
|
||||
- match: { roles.0.cluster.0: "all" }
|
||||
|
|
|
|||
Loading…
Reference in New Issue