Cleanup and refactoring

- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms)
 - fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache
 - used action name constants where possible in `InternalShieldUser`

Original commit: elastic/x-pack-elasticsearch@d1481de389
This commit is contained in:
uboness 2016-02-01 19:37:37 +01:00
parent 3893ad9c5f
commit c9d54c0c83
5 changed files with 8 additions and 9 deletions

View File

@ -6,6 +6,8 @@
package org.elasticsearch.shield;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction;
import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
import org.elasticsearch.shield.audit.index.IndexAuditTrail;
import org.elasticsearch.shield.authz.permission.Role;
import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
@ -22,7 +24,7 @@ public class InternalShieldUser extends User {
public static final String NAME = "__es_internal_user";
public static final Role ROLE = Role.builder("__es_internal_role")
.cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, "cluster:admin/shield/realm/cache/clear*", "cluster:admin/shield/roles/cache/clear*")))
.cluster(ClusterPrivilege.get(new Privilege.Name(PutIndexTemplateAction.NAME, ClearRealmCacheAction.NAME + "*", ClearRolesCacheAction.NAME + "*")))
.add(IndexPrivilege.ALL, ShieldTemplateService.SHIELD_ADMIN_INDEX_NAME)
.add(IndexPrivilege.ALL, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
.build();

View File

@ -20,6 +20,7 @@ import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.common.xcontent.yaml.YamlXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.InternalShieldUser;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.InternalSystemUser;
import org.elasticsearch.shield.authc.support.RefreshListener;
@ -143,7 +144,7 @@ public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> imple
Role role = parseRole(segment, path, logger, resolvePermission, settings);
if (role != null) {
if (InternalSystemUser.ROLE_NAME.equals(role.name())) {
logger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", InternalSystemUser.ROLE_NAME);
logger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", role.name());
} else {
roles.put(role.name(), role);
}

View File

@ -32,8 +32,6 @@ public class RestGetRolesAction extends BaseRestHandler {
super(settings, client);
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/role/{id}", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/roles/{id}", this);
}
@Override

View File

@ -32,14 +32,12 @@ public class RestGetUsersAction extends BaseRestHandler {
public RestGetUsersAction(Settings settings, RestController controller, Client client) {
super(settings, client);
controller.registerHandler(RestRequest.Method.GET, "/_shield/user/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{user}", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/users/", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/users/{user}", this);
controller.registerHandler(RestRequest.Method.GET, "/_shield/user/{username}", this);
}
@Override
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
String[] users = Strings.splitStringByCommaToArray(request.param("user"));
String[] users = Strings.splitStringByCommaToArray(request.param("username"));
new ShieldClient(client).prepareGetUsers().users(users).execute(new RestBuilderListener<GetUsersResponse>(channel) {
@Override

View File

@ -106,7 +106,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
@Override
public void executeRequest() throws Exception {
executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_cache/clear", Collections.<String, String>emptyMap());
executeHttpRequest("/_shield/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.<String, String>emptyMap());
}
},