Cleanup and refactoring

- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms) - fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache - used action name constants where possible in `InternalShieldUser` Original commit: elastic/x-pack-elasticsearch@d1481de389
2016-02-01 19:37:37 +01:00 · 2016-02-01 19:37:37 +01:00 · c9d54c0c83
parent 3893ad9c5f
commit c9d54c0c83
5 changed files with 8 additions and 9 deletions
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/InternalShieldUser.java
@ -6,6 +6,8 @@
 package org.elasticsearch.shield;

 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction;
+import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
+import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
 import org.elasticsearch.shield.audit.index.IndexAuditTrail;
 import org.elasticsearch.shield.authz.permission.Role;
 import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
@ -22,7 +24,7 @@ public class InternalShieldUser extends User {
    public static final String NAME = "__es_internal_user";

    public static final Role ROLE = Role.builder("__es_internal_role")
-            .cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, "cluster:admin/shield/realm/cache/clear*", "cluster:admin/shield/roles/cache/clear*")))
+            .cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, ClearRealmCacheAction.NAME + "*", ClearRolesCacheAction.NAME + "*")))
            .add(IndexPrivilege.ALL, ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME)
            .add(IndexPrivilege.ALL, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
            .build();
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
@ -20,6 +20,7 @@ import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.common.xcontent.json.JsonXContent;
 import org.elasticsearch.common.xcontent.yaml.YamlXContent;
 import org.elasticsearch.env.Environment;
+import org.elasticsearch.shield.InternalShieldUser;
 import org.elasticsearch.shield.ShieldPlugin;
 import org.elasticsearch.shield.InternalSystemUser;
 import org.elasticsearch.shield.authc.support.RefreshListener;
@ -143,7 +144,7 @@ public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> imple
                    Role role = parseRole(segment, path, logger, resolvePermission, settings);
                    if (role != null) {
                        if (InternalSystemUser.ROLE_NAME.equals(role.name())) {
-                            logger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", InternalSystemUser.ROLE_NAME);
+                            logger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", role.name());
                        } else {
                            roles.put(role.name(), role);
                        }
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestGetRolesAction.java
@ -32,8 +32,6 @@ public class RestGetRolesAction extends BaseRestHandler {
        super(settings, client);
        controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this);
        controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this);
-        controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/", this);
-        controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/{id}", this);
    }

    @Override
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestGetUsersAction.java
@ -32,14 +32,12 @@ public class RestGetUsersAction extends BaseRestHandler {
    public RestGetUsersAction(Settings settings, RestController controller, Client client) {
        super(settings, client);
        controller.registerHandler(RestRequest.Method.GET, "/_shield/user/", this);
-        controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{user}", this);
-        controller.registerHandler(RestRequest.Method.GET, "/_shield/users/", this);
-        controller.registerHandler(RestRequest.Method.GET, "/_shield/users/{user}", this);
+        controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{username}", this);
    }

    @Override
    protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
-        String[] users = Strings.splitStringByCommaToArray(request.param("user"));
+        String[] users = Strings.splitStringByCommaToArray(request.param("username"));

        new ShieldClient(client).prepareGetUsers().users(users).execute(new RestBuilderListener<GetUsersResponse>(channel) {
            @Override
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
@ -106,7 +106,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {

            @Override
            public void executeRequest() throws Exception {
-                executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_cache/clear", Collections.<String, String>emptyMap());
+                executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.<String, String>emptyMap());
            }
        },