honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cleanup and refactoring 

- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms)
 - fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache
 - used action name constants where possible in `InternalShieldUser`

Original commit: elastic/x-pack-elasticsearch@d1481de389
This commit is contained in:
uboness 2016-02-01 19:37:37 +01:00
parent 3893ad9c5f
commit c9d54c0c83
5 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java
View File

@ -6,6 +6,8 @@
package org.elasticsearch.shield; package org.elasticsearch.shield;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction; import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction;
import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
import org.elasticsearch.shield.audit.index.IndexAuditTrail; import org.elasticsearch.shield.audit.index.IndexAuditTrail;
import org.elasticsearch.shield.authz.permission.Role; import org.elasticsearch.shield.authz.permission.Role;
import org.elasticsearch.shield.authz.privilege.ClusterPrivilege; import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
@ -22,7 +24,7 @@ public class InternalShieldUser extends User {
public static final String NAME = "__es_internal_user"; public static final String NAME = "__es_internal_user";
public static final Role ROLE = Role.builder("__es_internal_role") public static final Role ROLE = Role.builder("__es_internal_role")
.cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, "cluster:admin/shield/realm/cache/clear*", "cluster:admin/shield/roles/cache/clear*"))) .cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, ClearRealmCacheAction.NAME + "*", ClearRolesCacheAction.NAME + "*")))
.add(IndexPrivilege.ALL, ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME) .add(IndexPrivilege.ALL, ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME)
.add(IndexPrivilege.ALL, IndexAuditTrail.INDEX_NAME_PREFIX + "*") .add(IndexPrivilege.ALL, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
.build(); .build();

3
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
View File

@ -20,6 +20,7 @@ import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.common.xcontent.yaml.YamlXContent; import org.elasticsearch.common.xcontent.yaml.YamlXContent;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.InternalShieldUser;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.InternalSystemUser; import org.elasticsearch.shield.InternalSystemUser;
import org.elasticsearch.shield.authc.support.RefreshListener; import org.elasticsearch.shield.authc.support.RefreshListener;
@ -143,7 +144,7 @@ public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> imple
Role role = parseRole(segment, path, logger, resolvePermission, settings); Role role = parseRole(segment, path, logger, resolvePermission, settings);
if (role != null) { if (role != null) {
if (InternalSystemUser.ROLE_NAME.equals(role.name())) { if (InternalSystemUser.ROLE_NAME.equals(role.name())) {
logger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", InternalSystemUser.ROLE_NAME); logger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", role.name());
} else { } else {
roles.put(role.name(), role); roles.put(role.name(), role);
} }

2
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java
View File

@ -32,8 +32,6 @@ public class RestGetRolesAction extends BaseRestHandler {
super(settings, client); super(settings, client);
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this); controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this); controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/{id}", this);
} }
@Override @Override

6
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java
View File

@ -32,14 +32,12 @@ public class RestGetUsersAction extends BaseRestHandler {
public RestGetUsersAction(Settings settings, RestController controller, Client client) { public RestGetUsersAction(Settings settings, RestController controller, Client client) {
super(settings, client); super(settings, client);
controller.registerHandler(RestRequest.Method.GET, "/_shield/user/", this); controller.registerHandler(RestRequest.Method.GET, "/_shield/user/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{user}", this); controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{username}", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/users/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/users/{user}", this);
} }
@Override @Override
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception { protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
String[] users = Strings.splitStringByCommaToArray(request.param("user")); String[] users = Strings.splitStringByCommaToArray(request.param("username"));
new ShieldClient(client).prepareGetUsers().users(users).execute(new RestBuilderListener<GetUsersResponse>(channel) { new ShieldClient(client).prepareGetUsers().users(users).execute(new RestBuilderListener<GetUsersResponse>(channel) {
@Override @Override

2
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
View File

@ -106,7 +106,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
@Override @Override
public void executeRequest() throws Exception { public void executeRequest() throws Exception {
executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_cache/clear", Collections.<String, String>emptyMap()); executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.<String, String>emptyMap());
} }
}, },