diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java index bcd0b51ed05..5e89d72adac 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java @@ -6,6 +6,8 @@ package org.elasticsearch.shield; import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction; +import org.elasticsearch.shield.action.realm.ClearRealmCacheAction; +import org.elasticsearch.shield.action.role.ClearRolesCacheAction; import org.elasticsearch.shield.audit.index.IndexAuditTrail; import org.elasticsearch.shield.authz.permission.Role; import org.elasticsearch.shield.authz.privilege.ClusterPrivilege; @@ -22,7 +24,7 @@ public class InternalShieldUser extends User { public static final String NAME = "__es_internal_user"; public static final Role ROLE = Role.builder("__es_internal_role") - .cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, "cluster:admin/shield/realm/cache/clear*", "cluster:admin/shield/roles/cache/clear*"))) + .cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, ClearRealmCacheAction.NAME + "*", ClearRolesCacheAction.NAME + "*"))) .add(IndexPrivilege.ALL, ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME) .add(IndexPrivilege.ALL, IndexAuditTrail.INDEX_NAME_PREFIX + "*") .build(); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java index ff7788c4ee5..1fd2d40ac42 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java @@ -20,6 +20,7 @@ import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.common.xcontent.yaml.YamlXContent; import org.elasticsearch.env.Environment; +import org.elasticsearch.shield.InternalShieldUser; import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.InternalSystemUser; import org.elasticsearch.shield.authc.support.RefreshListener; @@ -143,7 +144,7 @@ public class FileRolesStore extends AbstractLifecycleComponent imple Role role = parseRole(segment, path, logger, resolvePermission, settings); if (role != null) { if (InternalSystemUser.ROLE_NAME.equals(role.name())) { - logger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", InternalSystemUser.ROLE_NAME); + logger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", role.name()); } else { roles.put(role.name(), role); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java index bd9c01c7c3b..b0700995112 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java @@ -32,8 +32,6 @@ public class RestGetRolesAction extends BaseRestHandler { super(settings, client); controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this); controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this); - controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/", this); - controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/{id}", this); } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java index 47628a9d453..7d6f922ea90 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java @@ -32,14 +32,12 @@ public class RestGetUsersAction extends BaseRestHandler { public RestGetUsersAction(Settings settings, RestController controller, Client client) { super(settings, client); controller.registerHandler(RestRequest.Method.GET, "/_shield/user/", this); - controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{user}", this); - controller.registerHandler(RestRequest.Method.GET, "/_shield/users/", this); - controller.registerHandler(RestRequest.Method.GET, "/_shield/users/{user}", this); + controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{username}", this); } @Override protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception { - String[] users = Strings.splitStringByCommaToArray(request.param("user")); + String[] users = Strings.splitStringByCommaToArray(request.param("username")); new ShieldClient(client).prepareGetUsers().users(users).execute(new RestBuilderListener(channel) { @Override diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index cc18541de9c..0c457de15e5 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -106,7 +106,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase { @Override public void executeRequest() throws Exception { - executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_cache/clear", Collections.emptyMap()); + executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.emptyMap()); } },