From d7c5d8049afa2edea2cf13c1ec423647bea6cae5 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 11 Dec 2018 11:13:10 +0200 Subject: [PATCH] Deprecate /_xpack/security/* in favor of /_security/* (#36293) * This commit is part of our plan to deprecate and ultimately remove the use of _xpack in the REST APIs. - REST API docs - HLRC docs and doc tests - Handle REST actions with deprecation warnings - Changed endpoints in rest-api-spec and relevant file names --- .../client/SecurityRequestConverters.java | 36 +++++----- .../client/security/AuthenticateRequest.java | 2 +- .../security/GetSslCertificatesRequest.java | 6 +- .../org/elasticsearch/client/SecurityIT.java | 2 +- .../SecurityRequestConvertersTests.java | 46 ++++++------ .../SecurityDocumentationIT.java | 72 +++++++++---------- x-pack/docs/build.gradle | 8 +-- .../rest-api/security/authenticate.asciidoc | 6 +- .../security/change-password.asciidoc | 6 +- .../en/rest-api/security/clear-cache.asciidoc | 10 +-- .../security/clear-roles-cache.asciidoc | 4 +- .../security/create-role-mappings.asciidoc | 18 ++--- .../rest-api/security/create-roles.asciidoc | 6 +- .../rest-api/security/create-users.asciidoc | 6 +- .../security/delete-app-privileges.asciidoc | 4 +- .../security/delete-role-mappings.asciidoc | 4 +- .../rest-api/security/delete-roles.asciidoc | 4 +- .../rest-api/security/delete-users.asciidoc | 4 +- .../rest-api/security/disable-users.asciidoc | 4 +- .../rest-api/security/enable-users.asciidoc | 4 +- .../security/get-app-privileges.asciidoc | 12 ++-- .../security/get-role-mappings.asciidoc | 6 +- .../en/rest-api/security/get-roles.asciidoc | 8 +-- .../en/rest-api/security/get-tokens.asciidoc | 8 +-- .../en/rest-api/security/get-users.asciidoc | 10 +-- .../rest-api/security/has-privileges.asciidoc | 4 +- .../security/invalidate-tokens.asciidoc | 6 +- .../security/put-app-privileges.asciidoc | 12 ++-- x-pack/docs/en/rest-api/security/ssl.asciidoc | 4 +- ...onfiguring-active-directory-realm.asciidoc | 4 +- .../configuring-kerberos-realm.asciidoc | 2 +- .../configuring-ldap-realm.asciidoc | 4 +- .../configuring-pki-realm.asciidoc | 2 +- .../authentication/saml-guide.asciidoc | 4 +- .../authentication/user-cache.asciidoc | 6 +- .../authorization/managing-roles.asciidoc | 2 +- .../authorization/mapping-roles.asciidoc | 8 +-- .../authorization/role-templates.asciidoc | 4 +- .../cross-cluster.asciidoc | 6 +- .../docs/en/security/configuring-es.asciidoc | 4 +- .../smoketest/XDocsClientYamlTestSuiteIT.java | 4 +- .../rest/RestGetCertificateInfoAction.java | 14 +++- .../ml/integration/DatafeedJobsRestIT.java | 6 +- .../esnative/ESNativeRealmMigrateTool.java | 8 +-- .../esnative/tool/SetupPasswordTool.java | 4 +- .../rest/action/RestAuthenticateAction.java | 10 ++- .../action/oauth2/RestGetTokenAction.java | 10 ++- .../oauth2/RestInvalidateTokenAction.java | 10 ++- .../privilege/RestDeletePrivilegesAction.java | 12 +++- .../privilege/RestGetPrivilegesAction.java | 19 +++-- .../privilege/RestPutPrivilegesAction.java | 14 +++- .../realm/RestClearRealmCacheAction.java | 11 ++- .../role/RestClearRolesCacheAction.java | 11 ++- .../action/role/RestDeleteRoleAction.java | 11 ++- .../rest/action/role/RestGetRolesAction.java | 16 ++++- .../rest/action/role/RestPutRoleAction.java | 15 +++- .../RestDeleteRoleMappingAction.java | 12 +++- .../RestGetRoleMappingsAction.java | 15 +++- .../rolemapping/RestPutRoleMappingAction.java | 15 +++- .../saml/RestSamlAuthenticateAction.java | 11 ++- .../saml/RestSamlInvalidateSessionAction.java | 11 ++- .../action/saml/RestSamlLogoutAction.java | 10 ++- .../RestSamlPrepareAuthenticationAction.java | 11 ++- .../action/user/RestChangePasswordAction.java | 22 ++++-- .../action/user/RestDeleteUserAction.java | 11 ++- .../user/RestGetUserPrivilegesAction.java | 11 ++- .../rest/action/user/RestGetUsersAction.java | 15 +++- .../action/user/RestHasPrivilegesAction.java | 22 ++++-- .../rest/action/user/RestPutUserAction.java | 14 +++- .../action/user/RestSetEnabledAction.java | 23 ++++-- .../integration/ClearRealmsCacheTests.java | 4 +- .../elasticsearch/license/LicensingTests.java | 6 +- .../test/NativeRealmIntegTestCase.java | 4 +- .../esnative/tool/SetupPasswordToolTests.java | 4 +- .../action/RestAuthenticateActionTests.java | 4 +- .../sql/qa/security/SqlSecurityTestCase.java | 2 +- .../xpack/sql/qa/security/UserFunctionIT.java | 4 +- ...ticate.json => security.authenticate.json} | 8 ++- ...ord.json => security.change_password.json} | 9 ++- ...json => security.clear_cached_realms.json} | 8 ++- ....json => security.clear_cached_roles.json} | 8 ++- ...s.json => security.delete_privileges.json} | 8 ++- ...te_role.json => security.delete_role.json} | 8 ++- ...json => security.delete_role_mapping.json} | 8 ++- ...te_user.json => security.delete_user.json} | 8 ++- ...e_user.json => security.disable_user.json} | 8 ++- ...le_user.json => security.enable_user.json} | 8 ++- ...eges.json => security.get_privileges.json} | 8 ++- ...y.get_role.json => security.get_role.json} | 9 ++- ...ng.json => security.get_role_mapping.json} | 9 ++- ...get_token.json => security.get_token.json} | 8 ++- ...y.get_user.json => security.get_user.json} | 9 ++- ...json => security.get_user_privileges.json} | 8 ++- ...eges.json => security.has_privileges.json} | 9 ++- ...en.json => security.invalidate_token.json} | 8 ++- ...eges.json => security.put_privileges.json} | 6 +- ...y.put_role.json => security.put_role.json} | 8 ++- ...ng.json => security.put_role_mapping.json} | 8 ++- ...y.put_user.json => security.put_user.json} | 8 ++- ...ertificates.json => ssl.certificates.json} | 8 ++- .../test/authenticate/10_basic.yml | 6 +- .../authenticate/10_field_level_security.yml | 16 ++--- .../test/change_password/10_basic.yml | 18 ++--- .../test/monitoring/bulk/20_privileges.yml | 16 ++--- .../test/privileges/10_basic.yml | 32 ++++----- .../privileges/20_has_application_privs.yml | 22 +++--- .../test/privileges/30_superuser.yml | 14 ++-- .../test/privileges/40_get_user_privs.yml | 30 ++++---- .../test/role_mapping/10_basic.yml | 8 +-- .../test/role_mapping/20_get_missing.yml | 4 +- .../test/role_mapping/30_delete.yml | 10 +-- .../rest-api-spec/test/roles/10_basic.yml | 14 ++-- .../test/roles/11_idx_arrays.yml | 10 +-- .../test/roles/20_get_missing.yml | 4 +- .../test/roles/30_prohibited_role_query.yml | 8 +-- .../test/roles/40_global_privileges.yml | 10 +-- .../test/rollup/security_tests.yml | 12 ++-- .../test/security/authz/10_index_doc.yml | 8 +-- .../test/security/authz/11_delete_doc.yml | 8 +-- .../test/security/authz/12_index_alias.yml | 8 +-- .../test/security/authz/13_index_datemath.yml | 8 +-- .../test/security/authz/20_get_doc.yml | 8 +-- .../test/security/authz/21_search_doc.yml | 8 +-- .../security/authz/30_dynamic_put_mapping.yml | 8 +-- .../authz/40_condtional_cluster_priv.yml | 26 +++---- .../hidden-index/10_security_read.yml | 8 +-- .../hidden-index/11_security-6_read.yml | 8 +-- .../10_small_users_one_index.yml | 16 ++--- .../rest-api-spec/test/ssl/10_basic.yml | 2 +- .../rest-api-spec/test/token/10_basic.yml | 16 ++--- .../rest-api-spec/test/users/10_basic.yml | 22 +++--- .../test/users/15_overwrite_user.yml | 10 +-- .../test/users/16_update_user.yml | 16 ++--- .../test/users/20_get_missing.yml | 4 +- .../test/users/30_enable_disable.yml | 18 ++--- .../test/users/31_create_disabled.yml | 6 +- .../xpack/restart/FullClusterRestartIT.java | 53 ++++++++------ .../kerberos/KerberosAuthenticationIT.java | 4 +- .../test/multi_cluster/10_basic.yml | 8 +-- .../test/multi_cluster/20_info.yml | 8 +-- .../test/multi_cluster/30_field_caps.yml | 8 +-- .../test/multi_cluster/40_scroll.yml | 8 +-- .../test/multi_cluster/50_missing.yml | 8 +-- .../test/multi_cluster/60_skip_shards.yml | 8 +-- .../test/remote_cluster/10_basic.yml | 6 +- .../TokenBackwardsCompatibilityIT.java | 20 +++--- .../test/mixed_cluster/20_security.yml | 10 +-- .../test/mixed_cluster/50_token_auth.yml | 2 +- .../test/old_cluster/20_security.yml | 18 ++--- .../test/old_cluster/50_token_auth.yml | 6 +- .../test/upgraded_cluster/20_security.yml | 4 +- .../test/upgraded_cluster/50_token_auth.yml | 2 +- .../authc/saml/SamlAuthenticationIT.java | 14 ++-- .../esnative/tool/SetupPasswordToolIT.java | 2 +- .../test/10_templated_role_query.yml | 24 +++---- .../test/11_templated_role_query_runas.yml | 24 +++---- .../test/20_small_users_one_index.yml | 14 ++-- .../rest-api-spec/test/30_search_template.yml | 6 +- 158 files changed, 968 insertions(+), 692 deletions(-) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.authenticate.json => security.authenticate.json} (62%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.change_password.json => security.change_password.json} (81%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.clear_cached_realms.json => security.clear_cached_realms.json} (76%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.clear_cached_roles.json => security.clear_cached_roles.json} (68%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_privileges.json => security.delete_privileges.json} (81%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_role.json => security.delete_role.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_role_mapping.json => security.delete_role_mapping.json} (82%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_user.json => security.delete_user.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.disable_user.json => security.disable_user.json} (82%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.enable_user.json => security.enable_user.json} (83%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_privileges.json => security.get_privileges.json} (70%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_role.json => security.get_role.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_role_mapping.json => security.get_role_mapping.json} (66%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_token.json => security.get_token.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_user.json => security.get_user.json} (70%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_user_privileges.json => security.get_user_privileges.json} (61%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.has_privileges.json => security.has_privileges.json} (68%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.invalidate_token.json => security.invalidate_token.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_privileges.json => security.put_privileges.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_role.json => security.put_role.json} (86%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_role_mapping.json => security.put_role_mapping.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_user.json => security.put_user.json} (85%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.ssl.certificates.json => ssl.certificates.json} (64%) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java index a37966d0ff5..aa09b9596a8 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java @@ -56,7 +56,7 @@ final class SecurityRequestConverters { static Request changePassword(ChangePasswordRequest changePasswordRequest) throws IOException { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(changePasswordRequest.getUsername()) .addPathPartAsIs("_password") .build(); @@ -69,7 +69,7 @@ final class SecurityRequestConverters { static Request putUser(PutUserRequest putUserRequest) throws IOException { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(putUserRequest.getUser().getUsername()) .build(); Request request = new Request(HttpPut.METHOD_NAME, endpoint); @@ -81,7 +81,7 @@ final class SecurityRequestConverters { static Request deleteUser(DeleteUserRequest deleteUserRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack","security", "user") + .addPathPartAsIs("_security", "user") .addPathPart(deleteUserRequest.getName()) .build(); Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -92,7 +92,7 @@ final class SecurityRequestConverters { static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest) throws IOException { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role_mapping") + .addPathPartAsIs("_security/role_mapping") .addPathPart(putRoleMappingRequest.getName()) .build(); final Request request = new Request(HttpPut.METHOD_NAME, endpoint); @@ -104,7 +104,7 @@ final class SecurityRequestConverters { static Request getRoleMappings(final GetRoleMappingsRequest getRoleMappingRequest) throws IOException { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder(); - builder.addPathPartAsIs("_xpack/security/role_mapping"); + builder.addPathPartAsIs("_security/role_mapping"); if (getRoleMappingRequest.getRoleMappingNames().size() > 0) { builder.addPathPart(Strings.collectionToCommaDelimitedString(getRoleMappingRequest.getRoleMappingNames())); } @@ -121,7 +121,7 @@ final class SecurityRequestConverters { private static Request setUserEnabled(SetUserEnabledRequest setUserEnabledRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(setUserEnabledRequest.getUsername()) .addPathPart(setUserEnabledRequest.isEnabled() ? "_enable" : "_disable") .build(); @@ -132,14 +132,14 @@ final class SecurityRequestConverters { } static Request hasPrivileges(HasPrivilegesRequest hasPrivilegesRequest) throws IOException { - Request request = new Request(HttpGet.METHOD_NAME, "/_xpack/security/user/_has_privileges"); + Request request = new Request(HttpGet.METHOD_NAME, "/_security/user/_has_privileges"); request.setEntity(createEntity(hasPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request clearRealmCache(ClearRealmCacheRequest clearRealmCacheRequest) { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/realm"); + .addPathPartAsIs("_security/realm"); if (clearRealmCacheRequest.getRealms().isEmpty() == false) { builder.addCommaSeparatedPathParts(clearRealmCacheRequest.getRealms().toArray(Strings.EMPTY_ARRAY)); } else { @@ -156,7 +156,7 @@ final class SecurityRequestConverters { static Request clearRolesCache(ClearRolesCacheRequest disableCacheRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addCommaSeparatedPathParts(disableCacheRequest.names()) .addPathPart("_clear_cache") .build(); @@ -165,7 +165,7 @@ final class SecurityRequestConverters { static Request deleteRoleMapping(DeleteRoleMappingRequest deleteRoleMappingRequest) { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role_mapping") + .addPathPartAsIs("_security/role_mapping") .addPathPart(deleteRoleMappingRequest.getName()) .build(); final Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -176,7 +176,7 @@ final class SecurityRequestConverters { static Request deleteRole(DeleteRoleRequest deleteRoleRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addPathPart(deleteRoleRequest.getName()) .build(); Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -187,7 +187,7 @@ final class SecurityRequestConverters { static Request getRoles(GetRolesRequest getRolesRequest) { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder(); - builder.addPathPartAsIs("_xpack/security/role"); + builder.addPathPartAsIs("_security/role"); if (getRolesRequest.getRoleNames().size() > 0) { builder.addPathPart(Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames())); } @@ -195,20 +195,20 @@ final class SecurityRequestConverters { } static Request createToken(CreateTokenRequest createTokenRequest) throws IOException { - Request request = new Request(HttpPost.METHOD_NAME, "/_xpack/security/oauth2/token"); + Request request = new Request(HttpPost.METHOD_NAME, "/_security/oauth2/token"); request.setEntity(createEntity(createTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request invalidateToken(InvalidateTokenRequest invalidateTokenRequest) throws IOException { - Request request = new Request(HttpDelete.METHOD_NAME, "/_xpack/security/oauth2/token"); + Request request = new Request(HttpDelete.METHOD_NAME, "/_security/oauth2/token"); request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request getPrivileges(GetPrivilegesRequest getPrivilegesRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/privilege") + .addPathPartAsIs("_security/privilege") .addPathPart(getPrivilegesRequest.getApplicationName()) .addCommaSeparatedPathParts(getPrivilegesRequest.getPrivilegeNames()) .build(); @@ -216,7 +216,7 @@ final class SecurityRequestConverters { } static Request putPrivileges(final PutPrivilegesRequest putPrivilegesRequest) throws IOException { - Request request = new Request(HttpPut.METHOD_NAME, "/_xpack/security/privilege"); + Request request = new Request(HttpPut.METHOD_NAME, "/_security/privilege"); request.setEntity(createEntity(putPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE)); RequestConverters.Params params = new RequestConverters.Params(request); params.withRefreshPolicy(putPrivilegesRequest.getRefreshPolicy()); @@ -225,7 +225,7 @@ final class SecurityRequestConverters { static Request deletePrivileges(DeletePrivilegesRequest deletePrivilegeRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/privilege") + .addPathPartAsIs("_security/privilege") .addPathPart(deletePrivilegeRequest.getApplication()) .addCommaSeparatedPathParts(deletePrivilegeRequest.getPrivileges()) .build(); @@ -237,7 +237,7 @@ final class SecurityRequestConverters { static Request putRole(final PutRoleRequest putRoleRequest) throws IOException { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addPathPart(putRoleRequest.getRole().getName()) .build(); final Request request = new Request(HttpPut.METHOD_NAME, endpoint); diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java index 2aefa97cb8b..24e4384bd37 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java @@ -35,7 +35,7 @@ public final class AuthenticateRequest implements Validatable { } public Request getRequest() { - return new Request(HttpGet.METHOD_NAME, "/_xpack/security/_authenticate"); + return new Request(HttpGet.METHOD_NAME, "/_security/_authenticate"); } } diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java index 4a5c6b03534..3395672e663 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java @@ -26,15 +26,15 @@ import org.elasticsearch.client.Validatable; /** * Request object to retrieve the X.509 certificates that are used to encrypt communications in an Elasticsearch cluster. */ -public final class GetSslCertificatesRequest implements Validatable{ +public final class GetSslCertificatesRequest implements Validatable { public static final GetSslCertificatesRequest INSTANCE = new GetSslCertificatesRequest(); - private GetSslCertificatesRequest(){ + private GetSslCertificatesRequest() { } public Request getRequest() { - return new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates"); + return new Request(HttpGet.METHOD_NAME, "/_ssl/certificates"); } } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java index 466cc5b0135..05a854299a6 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java @@ -70,7 +70,7 @@ public class SecurityIT extends ESRestHighLevelClientTestCase { assertThat(updateUserResponse.isCreated(), is(false)); // delete user final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME, - "/_xpack/security/user/" + putUserRequest.getUser().getUsername()); + "/_security/user/" + putUserRequest.getUser().getUsername()); highLevelClient().getLowLevelClient().performRequest(deleteUserRequest); } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java index 489b52468ea..87c692d9f2a 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java @@ -84,7 +84,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { PutUserRequest putUserRequest = new PutUserRequest(user, password, enabled, refreshPolicy); Request request = SecurityRequestConverters.putUser(putUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint()); + assertEquals("/_security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putUserRequest, request.getEntity()); } @@ -96,7 +96,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { DeleteUserRequest deleteUserRequest = new DeleteUserRequest(name, refreshPolicy); Request request = SecurityRequestConverters.deleteUser(deleteUserRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + name, request.getEndpoint()); + assertEquals("/_security/user/" + name, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -124,7 +124,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { final Request request = SecurityRequestConverters.putRoleMapping(putRoleMappingRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint()); + assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putRoleMappingRequest, request.getEntity()); } @@ -139,9 +139,9 @@ public class SecurityRequestConvertersTests extends ESTestCase { assertEquals(HttpGet.METHOD_NAME, request.getMethod()); if (noOfRoleMappingNames == 0) { - assertEquals("/_xpack/security/role_mapping", request.getEndpoint()); + assertEquals("/_security/role_mapping", request.getEndpoint()); } else { - assertEquals("/_xpack/security/role_mapping/" + + assertEquals("/_security/role_mapping/" + Strings.collectionToCommaDelimitedString(getRoleMappingsRequest.getRoleMappingNames()), request.getEndpoint()); } assertEquals(Collections.emptyMap(), request.getParameters()); @@ -155,7 +155,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { EnableUserRequest enableUserRequest = new EnableUserRequest(username, refreshPolicy); Request request = SecurityRequestConverters.enableUser(enableUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + username + "/_enable", request.getEndpoint()); + assertEquals("/_security/user/" + username + "/_enable", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -167,7 +167,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { DisableUserRequest disableUserRequest = new DisableUserRequest(username, refreshPolicy); Request request = SecurityRequestConverters.disableUser(disableUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + username + "/_disable", request.getEndpoint()); + assertEquals("/_security/user/" + username + "/_disable", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -188,7 +188,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(username, password, refreshPolicy); Request request = SecurityRequestConverters.changePassword(changePasswordRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint()); + assertEquals("/_security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(changePasswordRequest, request.getEntity()); } @@ -200,7 +200,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(null, password, refreshPolicy); Request request = SecurityRequestConverters.changePassword(changePasswordRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/_password", request.getEndpoint()); + assertEquals("/_security/user/_password", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(changePasswordRequest, request.getEntity()); } @@ -219,7 +219,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { final Request request = SecurityRequestConverters.deleteRoleMapping(deleteRoleMappingRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint()); + assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -231,9 +231,9 @@ public class SecurityRequestConvertersTests extends ESTestCase { assertEquals(HttpGet.METHOD_NAME, request.getMethod()); if (roles.length == 0) { - assertEquals("/_xpack/security/role", request.getEndpoint()); + assertEquals("/_security/role", request.getEndpoint()); } else { - assertEquals("/_xpack/security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()), + assertEquals("/_security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()), request.getEndpoint()); } assertNull(request.getEntity()); @@ -247,7 +247,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest(name, refreshPolicy); Request request = SecurityRequestConverters.deleteRole(deleteRoleRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role/" + name, request.getEndpoint()); + assertEquals("/_security/role/" + name, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -258,7 +258,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { CreateTokenRequest createTokenRequest = CreateTokenRequest.passwordGrant(username, password.toCharArray()); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -268,7 +268,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { CreateTokenRequest createTokenRequest = CreateTokenRequest.refreshTokenGrant(refreshToken); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -277,7 +277,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { CreateTokenRequest createTokenRequest = CreateTokenRequest.clientCredentialsGrant(); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -288,7 +288,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilege); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + privilege, request.getEndpoint()); + assertEquals("/_security/privilege/" + application + "/" + privilege, request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -298,7 +298,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getApplicationPrivileges(application); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application, request.getEndpoint()); + assertEquals("/_security/privilege/" + application, request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -311,7 +311,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilegeNames); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames), + assertEquals("/_security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames), request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); @@ -321,7 +321,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getAllPrivileges(); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege", request.getEndpoint()); + assertEquals("/_security/privilege", request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -342,7 +342,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, refreshPolicy); final Request request = SecurityRequestConverters.putPrivileges(putPrivilegesRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege", request.getEndpoint()); + assertEquals("/_security/privilege", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putPrivilegesRequest, request.getEntity()); } @@ -356,7 +356,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { new DeletePrivilegesRequest(application, privileges.toArray(Strings.EMPTY_ARRAY), refreshPolicy); Request request = SecurityRequestConverters.deletePrivileges(deletePrivilegesRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges), + assertEquals("/_security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges), request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); @@ -390,7 +390,7 @@ public class SecurityRequestConvertersTests extends ESTestCase { final PutRoleRequest putRoleRequest = new PutRoleRequest(role, refreshPolicy); final Request request = SecurityRequestConverters.putRole(putRoleRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role/" + roleName, request.getEndpoint()); + assertEquals("/_security/role/" + roleName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putRoleRequest, request.getEntity()); } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java index 21015fadf07..c0c5ad95421 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java @@ -1025,9 +1025,9 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { { // tag::put-role-request final Role role = Role.builder() - .name("testPutRole") - .clusterPrivileges(randomSubsetOf(1, Role.ClusterPrivilegeName.ALL_ARRAY)) - .build(); + .name("testPutRole") + .clusterPrivileges(randomSubsetOf(1, Role.ClusterPrivilegeName.ALL_ARRAY)) + .build(); final PutRoleRequest request = new PutRoleRequest(role, RefreshPolicy.NONE); // end::put-role-request // tag::put-role-execute @@ -1041,9 +1041,9 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { { final Role role = Role.builder() - .name("testPutRole") - .clusterPrivileges(randomSubsetOf(1, Role.ClusterPrivilegeName.ALL_ARRAY)) - .build(); + .name("testPutRole") + .clusterPrivileges(randomSubsetOf(1, Role.ClusterPrivilegeName.ALL_ARRAY)) + .build(); final PutRoleRequest request = new PutRoleRequest(role, RefreshPolicy.NONE); // tag::put-role-execute-listener ActionListener listener = new ActionListener() { @@ -1077,9 +1077,9 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { private void addRole(String roleName) throws IOException { final Role role = Role.builder() - .name(roleName) - .clusterPrivileges("all") - .build(); + .name(roleName) + .clusterPrivileges("all") + .build(); final PutRoleRequest request = new PutRoleRequest(role, RefreshPolicy.IMMEDIATE); highLevelClient().security().putRole(request, RequestOptions.DEFAULT); } @@ -1368,22 +1368,22 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { // tag::put-privileges-request final List privileges = new ArrayList<>(); privileges.add(ApplicationPrivilege.builder() - .application("app01") - .privilege("all") - .actions(Sets.newHashSet("action:login")) - .metadata(Collections.singletonMap("k1", "v1")) - .build()); + .application("app01") + .privilege("all") + .actions(Sets.newHashSet("action:login")) + .metadata(Collections.singletonMap("k1", "v1")) + .build()); privileges.add(ApplicationPrivilege.builder() - .application("app01") - .privilege("write") - .actions(Sets.newHashSet("action:write")) - .build()); + .application("app01") + .privilege("write") + .actions(Sets.newHashSet("action:write")) + .build()); final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, RefreshPolicy.IMMEDIATE); // end::put-privileges-request // tag::put-privileges-execute final PutPrivilegesResponse putPrivilegesResponse = client.security().putPrivileges(putPrivilegesRequest, - RequestOptions.DEFAULT); + RequestOptions.DEFAULT); // end::put-privileges-execute final String applicationName = "app01"; @@ -1397,11 +1397,11 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { { final List privileges = new ArrayList<>(); privileges.add(ApplicationPrivilege.builder() - .application("app01") - .privilege("all") - .actions(Sets.newHashSet("action:login")) - .metadata(Collections.singletonMap("k1", "v1")) - .build()); + .application("app01") + .privilege("all") + .actions(Sets.newHashSet("action:login")) + .metadata(Collections.singletonMap("k1", "v1")) + .build()); final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, RefreshPolicy.IMMEDIATE); // tag::put-privileges-execute-listener @@ -1439,20 +1439,20 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase { { List applicationPrivileges = new ArrayList<>(); applicationPrivileges.add(ApplicationPrivilege.builder() - .application("testapp") - .privilege("read") - .actions("action:login", "data:read/*") - .build()); + .application("testapp") + .privilege("read") + .actions("action:login", "data:read/*") + .build()); applicationPrivileges.add(ApplicationPrivilege.builder() - .application("testapp") - .privilege("write") - .actions("action:login", "data:write/*") - .build()); + .application("testapp") + .privilege("write") + .actions("action:login", "data:write/*") + .build()); applicationPrivileges.add(ApplicationPrivilege.builder() - .application("testapp") - .privilege("all") - .actions("action:login", "data:write/*") - .build()); + .application("testapp") + .privilege("all") + .actions("action:login", "data:write/*") + .build()); PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(applicationPrivileges, RefreshPolicy.IMMEDIATE); PutPrivilegesResponse putPrivilegesResponse = client.security().putPrivileges(putPrivilegesRequest, RequestOptions.DEFAULT); diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle index 59d89024db5..de2400c0e85 100644 --- a/x-pack/docs/build.gradle +++ b/x-pack/docs/build.gradle @@ -446,7 +446,7 @@ setups['calendar_outages_addevent'] = setups['calendar_outages_addjob'] + ''' ''' setups['role_mapping'] = ''' - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "mapping1" body: > { @@ -712,7 +712,7 @@ setups['sensor_prefab_data'] = ''' ''' setups['admin_role'] = ''' - do: - xpack.security.put_role: + security.put_role: name: "my_admin_role" body: > { @@ -726,7 +726,7 @@ setups['admin_role'] = ''' ''' setups['jacknich_user'] = ''' - do: - xpack.security.put_user: + security.put_user: username: "jacknich" body: > { @@ -739,7 +739,7 @@ setups['jacknich_user'] = ''' ''' setups['app0102_privileges'] = ''' - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "myapp": { diff --git a/x-pack/docs/en/rest-api/security/authenticate.asciidoc b/x-pack/docs/en/rest-api/security/authenticate.asciidoc index 1975a9dde79..a556d3854a5 100644 --- a/x-pack/docs/en/rest-api/security/authenticate.asciidoc +++ b/x-pack/docs/en/rest-api/security/authenticate.asciidoc @@ -8,7 +8,7 @@ authenticate a user and retrieve information about the authenticated user. ==== Request -`GET _xpack/security/_authenticate` +`GET /_security/_authenticate` ==== Description @@ -21,11 +21,11 @@ If the user cannot be authenticated, this API returns a 401 status code. ==== Examples To authenticate a user, submit a GET request to the -`_xpack/security/_authenticate` endpoint: +`/_security/_authenticate` endpoint: [source,js] -------------------------------------------------- -GET _xpack/security/_authenticate +GET /_security/_authenticate -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/change-password.asciidoc b/x-pack/docs/en/rest-api/security/change-password.asciidoc index 6e6e8cf7375..f33c6f1e519 100644 --- a/x-pack/docs/en/rest-api/security/change-password.asciidoc +++ b/x-pack/docs/en/rest-api/security/change-password.asciidoc @@ -6,9 +6,9 @@ Changes the passwords of users in the native realm. ==== Request -`POST _xpack/security/user/_password` + +`POST /_security/user/_password` + -`POST _xpack/security/user//_password` +`POST /_security/user//_password` ==== Description @@ -45,7 +45,7 @@ The following example updates the password for the `jacknich` user: [source,js] -------------------------------------------------- -POST /_xpack/security/user/jacknich/_password +POST /_security/user/jacknich/_password { "password" : "s3cr3t" } diff --git a/x-pack/docs/en/rest-api/security/clear-cache.asciidoc b/x-pack/docs/en/rest-api/security/clear-cache.asciidoc index 03fac3ba2c4..c8dcb4cfca9 100644 --- a/x-pack/docs/en/rest-api/security/clear-cache.asciidoc +++ b/x-pack/docs/en/rest-api/security/clear-cache.asciidoc @@ -7,9 +7,9 @@ the cache or evict specific users. ==== Request -`POST _xpack/security/realm//_clear_cache` + +`POST /_security/realm//_clear_cache` + -`POST _xpack/security/realm//_clear_cache?usernames=` +`POST /_security/realm//_clear_cache?usernames=` ==== Description @@ -37,7 +37,7 @@ For example, to evict all users cached by the `file` realm: [source,js] -------------------------------------------------- -POST _xpack/security/realm/default_file/_clear_cache +POST /_security/realm/default_file/_clear_cache -------------------------------------------------- // CONSOLE @@ -45,7 +45,7 @@ To evict selected users, specify the `usernames` parameter: [source,js] -------------------------------------------------- -POST _xpack/security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino +POST /_security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino -------------------------------------------------- // CONSOLE @@ -54,6 +54,6 @@ list: [source, js] ------------------------------------------------------------ -POST _xpack/security/realm/default_file,ldap1/_clear_cache +POST /_security/realm/default_file,ldap1/_clear_cache ------------------------------------------------------------ // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc b/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc index 591d7eb2d11..500d6299760 100644 --- a/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc +++ b/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc @@ -6,7 +6,7 @@ Evicts roles from the native role cache. ==== Request -`POST /_xpack/security/role//_clear_cache` +`POST /_security/role//_clear_cache` ==== Description @@ -34,6 +34,6 @@ to clear the cache for `my_admin_role`: [source,js] -------------------------------------------------- -POST /_xpack/security/role/my_admin_role/_clear_cache +POST /_security/role/my_admin_role/_clear_cache -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc index 87dedbba4f7..91a94050b59 100644 --- a/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc @@ -6,9 +6,9 @@ Creates and updates role mappings. ==== Request -`POST /_xpack/security/role_mapping/` + +`POST /_security/role_mapping/` + -`PUT /_xpack/security/role_mapping/` +`PUT /_security/role_mapping/` ==== Description @@ -68,7 +68,7 @@ The following example assigns the "user" role to all users: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping1 +POST /_security/role_mapping/mapping1 { "roles": [ "user"], "enabled": true, <1> @@ -103,7 +103,7 @@ The following example assigns the "user" and "admin" roles to specific users: [source,js] -------------------------------------------------- -POST /_xpack/security/role_mapping/mapping2 +POST /_security/role_mapping/mapping2 { "roles": [ "user", "admin" ], "enabled": true, @@ -119,7 +119,7 @@ or the user is in the `cn=admin,dc=example,dc=com` group: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping3 +POST /_security/role_mapping/mapping3 { "roles": [ "superuser" ], "enabled": true, @@ -144,7 +144,7 @@ POST /_xpack/security/role_mapping/mapping3 The following example matches users who authenticated against a specific realm: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping4 +POST /_security/role_mapping/mapping4 { "roles": [ "ldap-user" ], "enabled": true, @@ -159,7 +159,7 @@ The following example matches users within a specific LDAP sub-tree: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping5 +POST /_security/role_mapping/mapping5 { "roles": [ "example-user" ], "enabled": true, @@ -175,7 +175,7 @@ specific realm: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping6 +POST /_security/role_mapping/mapping6 { "roles": [ "ldap-example-user" ], "enabled": true, @@ -200,7 +200,7 @@ following mapping matches any user where *all* of these conditions are met: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping7 +POST /_security/role_mapping/mapping7 { "roles": [ "superuser" ], "enabled": true, diff --git a/x-pack/docs/en/rest-api/security/create-roles.asciidoc b/x-pack/docs/en/rest-api/security/create-roles.asciidoc index fc3c613557e..345fe00dcfc 100644 --- a/x-pack/docs/en/rest-api/security/create-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-roles.asciidoc @@ -6,9 +6,9 @@ Adds and updates roles in the native realm. ==== Request -`POST /_xpack/security/role/` + +`POST /_security/role/` + -`PUT /_xpack/security/role/` +`PUT /_security/role/` ==== Description @@ -77,7 +77,7 @@ The following example adds a role called `my_admin_role`: [source,js] -------------------------------------------------- -POST /_xpack/security/role/my_admin_role +POST /_security/role/my_admin_role { "cluster": ["all"], "indices": [ diff --git a/x-pack/docs/en/rest-api/security/create-users.asciidoc b/x-pack/docs/en/rest-api/security/create-users.asciidoc index f5a7f429277..5c038294699 100644 --- a/x-pack/docs/en/rest-api/security/create-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-users.asciidoc @@ -8,9 +8,9 @@ to as _native users_. ==== Request -`POST /_xpack/security/user/` + +`POST /_security/user/` + -`PUT /_xpack/security/user/` +`PUT /_security/user/` ==== Description @@ -95,7 +95,7 @@ The following example creates a user `jacknich`: [source,js] -------------------------------------------------- -POST /_xpack/security/user/jacknich +POST /_security/user/jacknich { "password" : "j@rV1s", "roles" : [ "admin", "other_role1" ], diff --git a/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc index d7f001721b1..2274f1dc58f 100644 --- a/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc @@ -7,7 +7,7 @@ Removes ==== Request -`DELETE /_xpack/security/privilege//` +`DELETE /_security/privilege//` //==== Description @@ -37,7 +37,7 @@ The following example deletes the `read` application privilege from the [source,js] -------------------------------------------------- -DELETE /_xpack/security/privilege/myapp/read +DELETE /_security/privilege/myapp/read -------------------------------------------------- // CONSOLE // TEST[setup:app0102_privileges] diff --git a/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc index dc9bf2ba109..7a6cf9ad298 100644 --- a/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc @@ -6,7 +6,7 @@ Removes role mappings. ==== Request -`DELETE /_xpack/security/role_mapping/` +`DELETE /_security/role_mapping/` ==== Description @@ -33,7 +33,7 @@ The following example delete a role mapping: [source,js] -------------------------------------------------- -DELETE /_xpack/security/role_mapping/mapping1 +DELETE /_security/role_mapping/mapping1 -------------------------------------------------- // CONSOLE // TEST[setup:role_mapping] diff --git a/x-pack/docs/en/rest-api/security/delete-roles.asciidoc b/x-pack/docs/en/rest-api/security/delete-roles.asciidoc index db42493ca0f..2aadc4dcae7 100644 --- a/x-pack/docs/en/rest-api/security/delete-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-roles.asciidoc @@ -6,7 +6,7 @@ Removes roles in the native realm. ==== Request -`DELETE /_xpack/security/role/` +`DELETE /_security/role/` ==== Description @@ -35,7 +35,7 @@ The following example deletes a `my_admin_role` role: [source,js] -------------------------------------------------- -DELETE /_xpack/security/role/my_admin_role +DELETE /_security/role/my_admin_role -------------------------------------------------- // CONSOLE // TEST[setup:admin_role] diff --git a/x-pack/docs/en/rest-api/security/delete-users.asciidoc b/x-pack/docs/en/rest-api/security/delete-users.asciidoc index 63a66795617..ff1a31dbd52 100644 --- a/x-pack/docs/en/rest-api/security/delete-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-users.asciidoc @@ -6,7 +6,7 @@ Deletes users from the native realm. ==== Request -`DELETE /_xpack/security/user/` +`DELETE /_security/user/` ==== Description @@ -31,7 +31,7 @@ The following example deletes the user `jacknich`: [source,js] -------------------------------------------------- -DELETE /_xpack/security/user/jacknich +DELETE /_security/user/jacknich -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/disable-users.asciidoc b/x-pack/docs/en/rest-api/security/disable-users.asciidoc index f5a6bc7e9a1..b587d485cab 100644 --- a/x-pack/docs/en/rest-api/security/disable-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/disable-users.asciidoc @@ -7,7 +7,7 @@ Disables users in the native realm. ==== Request -`PUT /_xpack/security/user//_disable` +`PUT /_security/user//_disable` ==== Description @@ -37,7 +37,7 @@ The following example disables the user `jacknich`: [source,js] -------------------------------------------------- -PUT /_xpack/security/user/jacknich/_disable +PUT /_security/user/jacknich/_disable -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/enable-users.asciidoc b/x-pack/docs/en/rest-api/security/enable-users.asciidoc index cebaaffa7b2..891f9697fc1 100644 --- a/x-pack/docs/en/rest-api/security/enable-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/enable-users.asciidoc @@ -7,7 +7,7 @@ Enables users in the native realm. ==== Request -`PUT /_xpack/security/user//_enable` +`PUT /_security/user//_enable` ==== Description @@ -36,7 +36,7 @@ The following example enables the user `jacknich`: [source,js] -------------------------------------------------- -PUT /_xpack/security/user/jacknich/_enable +PUT /_security/user/jacknich/_enable -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc index 5412a4bdceb..50630b28053 100644 --- a/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc @@ -7,11 +7,11 @@ Retrieves ==== Request -`GET /_xpack/security/privilege` + +`GET /_security/privilege` + -`GET /_xpack/security/privilege/` + +`GET /_security/privilege/` + -`GET /_xpack/security/privilege//` +`GET /_security/privilege//` ==== Description @@ -49,7 +49,7 @@ The following example retrieves information about the `read` privilege for the [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/myapp/read +GET /_security/privilege/myapp/read -------------------------------------------------- // CONSOLE // TEST[setup:app0102_privileges] @@ -81,7 +81,7 @@ To retrieve all privileges for an application, omit the privilege name: [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/myapp/ +GET /_security/privilege/myapp/ -------------------------------------------------- // CONSOLE @@ -89,6 +89,6 @@ To retrieve every privilege, omit both the application and privilege names: [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/ +GET /_security/privilege/ -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc index 7abe34b32f5..433a00d0327 100644 --- a/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc @@ -6,9 +6,9 @@ Retrieves role mappings. ==== Request -`GET /_xpack/security/role_mapping` + +`GET /_security/role_mapping` + -`GET /_xpack/security/role_mapping/` +`GET /_security/role_mapping/` ==== Description @@ -48,7 +48,7 @@ The following example retrieves information about the `mapping1` role mapping: [source,js] -------------------------------------------------- -GET /_xpack/security/role_mapping/mapping1 +GET /_security/role_mapping/mapping1 -------------------------------------------------- // CONSOLE // TEST[setup:role_mapping] diff --git a/x-pack/docs/en/rest-api/security/get-roles.asciidoc b/x-pack/docs/en/rest-api/security/get-roles.asciidoc index fa6e91b519b..34f8f32d4fe 100644 --- a/x-pack/docs/en/rest-api/security/get-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-roles.asciidoc @@ -6,9 +6,9 @@ Retrieves roles in the native realm. ==== Request -`GET /_xpack/security/role` + +`GET /_security/role` + -`GET /_xpack/security/role/` + +`GET /_security/role/` + ==== Description @@ -37,7 +37,7 @@ the native realm: [source,js] -------------------------------------------------- -GET /_xpack/security/role/my_admin_role +GET /_security/role/my_admin_role -------------------------------------------------- // CONSOLE // TEST[setup:admin_role] @@ -75,7 +75,7 @@ To retrieve all roles, omit the role name: [source,js] -------------------------------------------------- -GET /_xpack/security/role +GET /_security/role -------------------------------------------------- // CONSOLE // TEST[continued] diff --git a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc index f0da5700b5a..64338c101fc 100644 --- a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc @@ -6,7 +6,7 @@ Creates a bearer token for access without requiring basic authentication. ==== Request -`POST /_xpack/security/oauth2/token` +`POST /_security/oauth2/token` ==== Description @@ -68,7 +68,7 @@ which simply creates a token as the authenticated user: [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type" : "client_credentials" } @@ -103,7 +103,7 @@ The following example obtains a token for the `test_admin` user using the [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type" : "password", "username" : "test_admin", @@ -134,7 +134,7 @@ creation. For example: [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type": "refresh_token", "refresh_token": "vLBPvmAB6KvwvJZr27cS" diff --git a/x-pack/docs/en/rest-api/security/get-users.asciidoc b/x-pack/docs/en/rest-api/security/get-users.asciidoc index 2a20baacb0f..393230f02e7 100644 --- a/x-pack/docs/en/rest-api/security/get-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-users.asciidoc @@ -7,9 +7,9 @@ Retrieves information about users in the native realm. ==== Request -`GET /_xpack/security/user` + +`GET /_security/user` + -`GET /_xpack/security/user/` +`GET /_security/user/` ==== Description @@ -31,12 +31,12 @@ To use this API, you must have at least the `manage_security` cluster privilege. ==== Examples -To retrieve a native user, submit a GET request to the `/_xpack/security/user/` +To retrieve a native user, submit a GET request to the `/_security/user/` endpoint: [source,js] -------------------------------------------------- -GET /_xpack/security/user/jacknich +GET /_security/user/jacknich -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] @@ -68,7 +68,7 @@ Omit the username to retrieve all users: [source,js] -------------------------------------------------- -GET /_xpack/security/user +GET /_security/user -------------------------------------------------- // CONSOLE // TEST[continued] diff --git a/x-pack/docs/en/rest-api/security/has-privileges.asciidoc b/x-pack/docs/en/rest-api/security/has-privileges.asciidoc index cae1bc4d303..d12b15688f9 100644 --- a/x-pack/docs/en/rest-api/security/has-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/has-privileges.asciidoc @@ -9,7 +9,7 @@ a specified list of privileges. ==== Request -`GET _xpack/security/user/_has_privileges` +`GET /_security/user/_has_privileges` ==== Description @@ -53,7 +53,7 @@ cluster, index, and application privileges: [source,js] -------------------------------------------------- -GET _xpack/security/user/_has_privileges +GET /_security/user/_has_privileges { "cluster": [ "monitor", "manage" ], "index" : [ diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 915fa7c45d8..540f5866825 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -6,7 +6,7 @@ Invalidates an access token or a refresh token. ==== Request -`DELETE /_xpack/security/oauth2/token` +`DELETE /_security/oauth2/token` ==== Description @@ -41,7 +41,7 @@ The following example invalidates the specified token immediately: [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } @@ -52,7 +52,7 @@ whereas the following example invalidates the specified refresh token immediatel [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "refresh_token" : "movUJjPGRRC0PQ7+NW0eag" } diff --git a/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc index f715a80014b..e57e3caa1cb 100644 --- a/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc @@ -7,9 +7,9 @@ Adds or updates ==== Request -`POST /_xpack/security/privilege` + +`POST /_security/privilege` + -`PUT /_xpack/security/privilege` +`PUT /_security/privilege` ==== Description @@ -70,11 +70,11 @@ To use this API, you must have either: ==== Examples To add a single privilege, submit a PUT or POST request to the -`/_xpack/security/privilege//` endpoint. For example: +`/_security/privilege//` endpoint. For example: [source,js] -------------------------------------------------- -PUT /_xpack/security/privilege +PUT /_security/privilege { "myapp": { "read": { @@ -116,11 +116,11 @@ been created or updated. <1> When an existing privilege is updated, `created` is set to false. To add multiple privileges, submit a POST request to the -`/_xpack/security/privilege/` endpoint. For example: +`/_security/privilege/` endpoint. For example: [source,js] -------------------------------------------------- -PUT /_xpack/security/privilege +PUT /_security/privilege { "app01": { "read": { diff --git a/x-pack/docs/en/rest-api/security/ssl.asciidoc b/x-pack/docs/en/rest-api/security/ssl.asciidoc index 3593dbfbbc2..69541af52b8 100644 --- a/x-pack/docs/en/rest-api/security/ssl.asciidoc +++ b/x-pack/docs/en/rest-api/security/ssl.asciidoc @@ -7,7 +7,7 @@ certificates that are used to encrypt communications in your {es} cluster. ==== Request -`GET /_xpack/ssl/certificates` +`GET /_ssl/certificates` ==== Description @@ -75,7 +75,7 @@ node of {es}: [source,js] -------------------------------------------------- -GET /_xpack/ssl/certificates +GET /_xpack/certificates -------------------------------------------------- // CONSOLE // TEST[skip:todo] diff --git a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc index ab8830a64f1..dd2412c7e2d 100644 --- a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc @@ -187,7 +187,7 @@ role. Configured via the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring" , "user" ], "rules" : { "field" : { @@ -201,7 +201,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "any": [ diff --git a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc index 25245b69cbe..766ae3392bc 100644 --- a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc @@ -153,7 +153,7 @@ The following example uses the role mapping API to map `user@REALM` to the roles [source,js] -------------------------------------------------- -POST _xpack/security/role_mapping/kerbrolemapping +POST /_security/role_mapping/kerbrolemapping { "roles" : [ "monitoring_user" ], "enabled": true, diff --git a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc index b198aa4edb9..c023a8492b1 100644 --- a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc @@ -147,7 +147,7 @@ names. For example, the following mapping configuration maps the LDAP Configured via the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring" , "user" ], "rules" : { "field" : { @@ -161,7 +161,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "field" : { diff --git a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc index 587592b9f20..4f050cf937f 100644 --- a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc @@ -140,7 +140,7 @@ For example, the following mapping configuration maps `John Doe` to the Using the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/users +PUT /_security/role_mapping/users { "roles" : [ "user" ], "rules" : { "field" : { diff --git a/x-pack/docs/en/security/authentication/saml-guide.asciidoc b/x-pack/docs/en/security/authentication/saml-guide.asciidoc index 0b1e5bcc8f4..fa214dc48b7 100644 --- a/x-pack/docs/en/security/authentication/saml-guide.asciidoc +++ b/x-pack/docs/en/security/authentication/saml-guide.asciidoc @@ -630,7 +630,7 @@ to any user who authenticates against the `saml1` realm: [source,js] -------------------------------------------------- -PUT /_xpack/security/role_mapping/saml-kibana +PUT /_security/role_mapping/saml-kibana { "roles": [ "kibana_user" ], "enabled": true, @@ -667,7 +667,7 @@ via the `saml1` realm with the `finance-team` group. [source,js] -------------------------------------------------- -PUT /_xpack/security/role_mapping/saml-finance +PUT /_security/role_mapping/saml-finance { "roles": [ "finance_data" ], "enabled": true, diff --git a/x-pack/docs/en/security/authentication/user-cache.asciidoc b/x-pack/docs/en/security/authentication/user-cache.asciidoc index 716e7af9914..99cc6c7d6cd 100644 --- a/x-pack/docs/en/security/authentication/user-cache.asciidoc +++ b/x-pack/docs/en/security/authentication/user-cache.asciidoc @@ -25,7 +25,7 @@ all users from the `ad1` realm: [source, js] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache' ------------------------------------------------------------ To clear the cache for multiple realms, specify the realms as a comma-separated @@ -33,12 +33,12 @@ list: [source, js] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1,ad2/_clear_cache' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1,ad2/_clear_cache' ------------------------------------------------------------ You can also evict specific users: [source, java] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino' ------------------------------------------------------------ diff --git a/x-pack/docs/en/security/authorization/managing-roles.asciidoc b/x-pack/docs/en/security/authorization/managing-roles.asciidoc index 7b30284f583..453e0809d30 100644 --- a/x-pack/docs/en/security/authorization/managing-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/managing-roles.asciidoc @@ -146,7 +146,7 @@ no effect, and will not grant any actions in the The following snippet shows an example definition of a `clicks_admin` role: [source,js] ----------- -POST /_xpack/security/role/clicks_admin +POST /_security/role/clicks_admin { "run_as": [ "clicks_watcher_1" ], "cluster": [ "monitor" ], diff --git a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc index 166238c32ac..a20c194ef4e 100644 --- a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc @@ -92,7 +92,7 @@ user: You can use the role-mapping API to define equivalent mappings as follows: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring", "user" ], "rules" : { "field" : { "groups" : "cn=admins,dc=example,dc=com" } }, @@ -103,7 +103,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "any" : [ @@ -136,7 +136,7 @@ The following example creates equivalent mappings using the API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admin_user +PUT /_security/role_mapping/admin_user { "roles" : [ "monitoring" ], "rules" : { "field" : { "dn" : "cn=Admin,ou=example,o=com" } }, @@ -147,7 +147,7 @@ PUT _xpack/security/role_mapping/admin_user [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_user +PUT /_security/role_mapping/basic_user { "roles" : [ "user" ], "rules" : { "field" : { "dn" : "cn=John Doe,ou=example,o=com" } }, diff --git a/x-pack/docs/en/security/authorization/role-templates.asciidoc b/x-pack/docs/en/security/authorization/role-templates.asciidoc index 1bad73a5d1e..37cece88c64 100644 --- a/x-pack/docs/en/security/authorization/role-templates.asciidoc +++ b/x-pack/docs/en/security/authorization/role-templates.asciidoc @@ -14,7 +14,7 @@ of the current authenticated user: [source,js] -------------------------------------------------- -POST /_xpack/security/role/example1 +POST /_security/role/example1 { "indices" : [ { @@ -51,7 +51,7 @@ based on the `group.id` field in your documents: [source,js] -------------------------------------------------- -POST /_xpack/security/role/example2 +POST /_security/role/example2 { "indices" : [ { diff --git a/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc b/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc index 2c5b3073613..235af4ea4eb 100644 --- a/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc +++ b/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc @@ -95,7 +95,7 @@ On cluster `one`, this role does not need any special privileges: [source,js] ----------------------------------------------------------- -POST /_xpack/security/role/cluster_two_logs +POST /_security/role/cluster_two_logs { } ----------------------------------------------------------- @@ -106,7 +106,7 @@ On cluster `two`, this role allows the user to query local indices called [source,js] ----------------------------------------------------------- -POST /_xpack/security/role/cluster_two_logs +POST /_security/role/cluster_two_logs { "cluster": [], "indices": [ @@ -128,7 +128,7 @@ Finally, create a user on cluster `one` and apply the `cluster_two_logs` role: [source,js] ----------------------------------------------------------- -POST /_xpack/security/user/alice +POST /_security/user/alice { "password" : "somepassword", "roles" : [ "cluster_two_logs" ], diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index 1fe51f8ff00..22140eb680c 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -91,7 +91,7 @@ and assign the role to a new `johndoe` user. -- [source,shell] ---------------------------------------------------------- -curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{ +curl -XPOST -u elastic 'localhost:9200/_security/role/events_admin' -H "Content-Type: application/json" -d '{ "indices" : [ { "names" : [ "events*" ], @@ -104,7 +104,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Co ] }' -curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content-Type: application/json" -d '{ +curl -XPOST -u elastic 'localhost:9200/_security/user/johndoe' -H "Content-Type: application/json" -d '{ "password" : "userpassword", "full_name" : "John Doe", "email" : "john.doe@anony.mous", diff --git a/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java b/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java index 383630c106d..e57f57174a8 100644 --- a/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java +++ b/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java @@ -125,7 +125,7 @@ public class XDocsClientYamlTestSuiteIT extends XPackRestIT { */ @After public void deleteUsers() throws Exception { - ClientYamlTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), + ClientYamlTestResponse response = getAdminExecutionContext().callApi("security.get_user", emptyMap(), emptyList(), emptyMap()); @SuppressWarnings("unchecked") Map users = (Map) response.getBody(); @@ -134,7 +134,7 @@ public class XDocsClientYamlTestSuiteIT extends XPackRestIT { Boolean reserved = metaDataMap == null ? null : (Boolean) metaDataMap.get("_reserved"); if (reserved == null || reserved == false) { logger.warn("Deleting leftover user {}", user); - getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap()); + getAdminExecutionContext().callApi("security.delete_user", singletonMap("username", user), emptyList(), emptyMap()); } } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java index d7d7d7042ed..2d038011e6c 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.core.ssl.rest; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.rest.BaseRestHandler; @@ -28,14 +30,20 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; */ public class RestGetCertificateInfoAction extends BaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestGetCertificateInfoAction.class)); + public RestGetCertificateInfoAction(Settings settings, RestController controller) { super(settings); - controller.registerHandler(GET, "/_xpack/ssl/certificates", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_ssl/certificates", this, + GET, "/_xpack/ssl/certificates", deprecationLogger); } @Override public String getName() { - return "xpack_ssl_get_certificates"; + return "ssl_get_certificates"; } @Override @@ -48,4 +56,4 @@ public class RestGetCertificateInfoAction extends BaseRestHandler { } }); } -} \ No newline at end of file +} diff --git a/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java b/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java index 37c44b6ecf0..a54a34169d6 100644 --- a/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java +++ b/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java @@ -56,7 +56,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase { } private void setupDataAccessRole(String index) throws IOException { - Request request = new Request("PUT", "/_xpack/security/role/test_data_access"); + Request request = new Request("PUT", "/_security/role/test_data_access"); request.setJsonEntity("{" + " \"indices\" : [" + " { \"names\": [\"" + index + "\"], \"privileges\": [\"read\"] }" @@ -66,7 +66,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase { } private void setupFullAccessRole(String index) throws IOException { - Request request = new Request("PUT", "/_xpack/security/role/test_data_access"); + Request request = new Request("PUT", "/_security/role/test_data_access"); request.setJsonEntity("{" + " \"indices\" : [" + " { \"names\": [\"" + index + "\"], \"privileges\": [\"all\"] }" @@ -78,7 +78,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase { private void setupUser(String user, List roles) throws IOException { String password = new String(SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING.getChars()); - Request request = new Request("PUT", "/_xpack/security/user/" + user); + Request request = new Request("PUT", "/_security/user/" + user); request.setJsonEntity("{" + " \"password\" : \"" + password + "\"," + " \"roles\" : [ " + roles.stream().map(unquoted -> "\"" + unquoted + "\"").collect(Collectors.joining(", ")) + " ]" diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 229c47c763c..3cc6c997f28 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -204,7 +204,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand { Set getUsersThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception { Set existingUsers = new HashSet<>(); - String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/user/", options, null); + String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/user/", options, null); // EMPTY is safe here because we never use namedObject try (XContentParser parser = JsonXContent.jsonXContent .createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allUsersJson)) { @@ -277,7 +277,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand { try { reqBody = createUserJson(userToRoles.get(user), userToHashedPW.get(user)); String resp = postURL(env.settings(), env, "POST", - this.url.value(options) + "/_xpack/security/user/" + user, options, reqBody); + this.url.value(options) + "/_security/user/" + user, options, reqBody); terminal.println(resp); } catch (Exception e) { throw new ElasticsearchException("failed to migrate user [" + user + "] with body: " + reqBody, e); @@ -287,7 +287,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand { Set getRolesThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception { Set existingRoles = new HashSet<>(); - String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/role/", options, null); + String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/role/", options, null); // EMPTY is safe here because we never use namedObject try (XContentParser parser = JsonXContent.jsonXContent .createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allRolesJson)) { @@ -346,7 +346,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand { try { reqBody = createRoleJson(roles.get(roleName)); String resp = postURL(env.settings(), env, "POST", - this.url.value(options) + "/_xpack/security/role/" + roleName, options, reqBody); + this.url.value(options) + "/_security/role/" + roleName, options, reqBody); terminal.println(resp); } catch (Exception e) { throw new ElasticsearchException("failed to migrate role [" + roleName + "] with body: " + reqBody, e); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java index 691142a9405..5926cdbc01c 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java @@ -292,7 +292,7 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand { * @param terminal where to write verbose info. */ void checkElasticKeystorePasswordValid(Terminal terminal, Environment env) throws Exception { - URL route = createURL(url, "/_xpack/security/_authenticate", "?pretty"); + URL route = createURL(url, "/_security/_authenticate", "?pretty"); terminal.println(Verbosity.VERBOSE, ""); terminal.println(Verbosity.VERBOSE, "Testing if bootstrap password is valid for " + route.toString()); try { @@ -449,7 +449,7 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand { * @param password the new password of the user. */ private void changeUserPassword(String user, SecureString password, Terminal terminal) throws Exception { - URL route = createURL(url, "/_xpack/security/user/" + user + "/_password", "?pretty"); + URL route = createURL(url, "/_security/user/" + user + "/_password", "?pretty"); terminal.println(Verbosity.VERBOSE, ""); terminal.println(Verbosity.VERBOSE, "Trying user password change call " + route.toString()); try { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java index 033066b7c15..09f0679378c 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -29,17 +31,21 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; public class RestAuthenticateAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestAuthenticateAction.class)); public RestAuthenticateAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/_authenticate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/_authenticate", this, + GET, "/_xpack/security/_authenticate", deprecationLogger); } @Override public String getName() { - return "xpack_security_authenticate_action"; + return "security_authenticate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java index 636885d73a1..94317145b02 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.rest.action.oauth2; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.Action; @@ -12,6 +13,7 @@ import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ConstructingObjectParser; @@ -45,6 +47,7 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; */ public final class RestGetTokenAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetTokenAction.class)); static final ConstructingObjectParser PARSER = new ConstructingObjectParser<>("token_request", a -> new CreateTokenRequest((String) a[0], (String) a[1], (SecureString) a[2], (String) a[3], (String) a[4])); static { @@ -59,12 +62,15 @@ public final class RestGetTokenAction extends SecurityBaseRestHandler { public RestGetTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) { super(settings, xPackLicenseState); - controller.registerHandler(POST, "/_xpack/security/oauth2/token", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/oauth2/token", this, + POST, "/_xpack/security/oauth2/token", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_token_action"; + return "security_get_token_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java index d76f4da7d8c..52228d2823a 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java @@ -5,10 +5,12 @@ */ package org.elasticsearch.xpack.security.rest.action.oauth2; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ConstructingObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,7 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE; */ public final class RestInvalidateTokenAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestInvalidateTokenAction.class)); static final ConstructingObjectParser, Void> PARSER = new ConstructingObjectParser<>("invalidate_token", a -> new Tuple<>((String) a[0], (String) a[1])); static { @@ -43,12 +46,15 @@ public final class RestInvalidateTokenAction extends SecurityBaseRestHandler { public RestInvalidateTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) { super(settings, xPackLicenseState); - controller.registerHandler(DELETE, "/_xpack/security/oauth2/token", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/oauth2/token", this, + DELETE, "/_xpack/security/oauth2/token", deprecationLogger); } @Override public String getName() { - return "xpack_security_invalidate_token_action"; + return "security_invalidate_token_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java index d0cee0dd6b9..1f96df23e0e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -31,14 +33,20 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE; */ public class RestDeletePrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestDeletePrivilegesAction.class)); + public RestDeletePrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/privilege/{application}/{privilege}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/privilege/{application}/{privilege}", this, + DELETE, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_privilege_action"; + return "security_delete_privilege_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java index 8e3c3bbb87e..e0d0898704e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -36,16 +38,25 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; */ public class RestGetPrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetPrivilegesAction.class)); + public RestGetPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/privilege/", this); - controller.registerHandler(GET, "/_xpack/security/privilege/{application}", this); - controller.registerHandler(GET, "/_xpack/security/privilege/{application}/{privilege}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/", this, + GET, "/_xpack/security/privilege/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/{application}", this, + GET, "/_xpack/security/privilege/{application}", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/{application}/{privilege}", this, + GET, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_privileges_action"; + return "security_get_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java index dc565e3f873..abc2f00afcd 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -35,16 +37,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; * Rest endpoint to add one or more {@link ApplicationPrivilege} objects to the security index */ public class RestPutPrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutPrivilegesAction.class)); public RestPutPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(PUT, "/_xpack/security/privilege/", this); - controller.registerHandler(POST, "/_xpack/security/privilege/", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + PUT, "/_security/privilege/", this, + PUT, "/_xpack/security/privilege/", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/privilege/", this, + POST, "/_xpack/security/privilege/", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_privileges_action"; + return "security_put_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java index cc507fdfb51..da9b1a1828b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.realm; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.rest.RestController; @@ -21,14 +23,19 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; public final class RestClearRealmCacheAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRealmCacheAction.class)); + public RestClearRealmCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/realm/{realms}/_clear_cache", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/realm/{realms}/_clear_cache", this, + POST, "/_xpack/security/realm/{realms}/_clear_cache", deprecationLogger); } @Override public String getName() { - return "xpack_security_clear_realm_cache_action"; + return "security_clear_realm_cache_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java index e60ce90aa88..a51db748ccc 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.rest.RestController; @@ -21,14 +23,19 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; public final class RestClearRolesCacheAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRolesCacheAction.class)); + public RestClearRolesCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role/{name}/_clear_cache", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role/{name}/_clear_cache", this, + POST, "/_xpack/security/role/{name}/_clear_cache", deprecationLogger); } @Override public String getName() { - return "xpack_security_clear_roles_cache_action"; + return "security_clear_roles_cache_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java index f4ec8774704..26399f4da91 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,19 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE; */ public class RestDeleteRoleAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteRoleAction.class)); + public RestDeleteRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/role/{name}", this, + DELETE, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_role_action"; + return "security_delete_role_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java index b4c394dfa51..850709eea86 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -29,15 +31,23 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; * Rest endpoint to retrieve a Role from the security index */ public class RestGetRolesAction extends SecurityBaseRestHandler { + + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRolesAction.class)); + public RestGetRolesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/role/", this); - controller.registerHandler(GET, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/role/", this, + GET, "/_xpack/security/role/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/role/{name}", this, + GET, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_roles_action"; + return "security_get_roles_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java index ea22cdb3cf9..10673cd79fa 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,15 +32,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; */ public class RestPutRoleAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleAction.class)); + public RestPutRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role/{name}", this); - controller.registerHandler(PUT, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role/{name}", this, + POST, "/_xpack/security/role/{name}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/role/{name}", this, + PUT, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_role_action"; + return "security_put_role_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java index ce1f9ad0595..a2be9ba9e04 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,20 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE; */ public class RestDeleteRoleMappingAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestDeleteRoleMappingAction.class)); + public RestDeleteRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/role_mapping/{name}", this, + DELETE, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_role_mapping_action"; + return "security_delete_role_mapping_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java index 4d1f3d969fa..ceabeb3a62e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -29,15 +31,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; */ public class RestGetRoleMappingsAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRoleMappingsAction.class)); + public RestGetRoleMappingsAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/role_mapping/", this); - controller.registerHandler(GET, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/role_mapping/", this, + GET, "/_xpack/security/role_mapping/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/role_mapping/{name}", this, + GET, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_role_mappings_action"; + return "security_get_role_mappings_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java index 088364eb95c..64c4bc9c52b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -32,15 +34,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; */ public class RestPutRoleMappingAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleMappingAction.class)); + public RestPutRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role_mapping/{name}", this); - controller.registerHandler(PUT, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role_mapping/{name}", this, + POST, "/_xpack/security/role_mapping/{name}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/role_mapping/{name}", this, + PUT, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_role_mappings_action"; + return "security_put_role_mappings_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java index 7a0e9a25c5a..b73fb70c3fa 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java @@ -5,9 +5,11 @@ */ package org.elasticsearch.xpack.security.rest.action.saml; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -35,6 +37,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; */ public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements RestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlAuthenticateAction.class)); static class Input { String content; List ids; @@ -58,12 +62,15 @@ public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements R public RestSamlAuthenticateAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/authenticate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/authenticate", this, + POST, "/_xpack/security/saml/authenticate", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_authenticate_action"; + return "security_saml_authenticate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java index 6d3b41775b1..4fe8e7ac5b2 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java @@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml; import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -32,6 +34,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; */ public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlInvalidateSessionAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_invalidate_session", SamlInvalidateSessionRequest::new); @@ -43,12 +47,15 @@ public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler { public RestSamlInvalidateSessionAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/invalidate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/invalidate", this, + POST, "/_xpack/security/saml/invalidate", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_invalidate_action"; + return "security_saml_invalidate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java index bc81f2d6bab..3a584664073 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java @@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml; import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,7 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; */ public class RestSamlLogoutAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSamlLogoutAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_logout", SamlLogoutRequest::new); static { @@ -43,12 +46,15 @@ public class RestSamlLogoutAction extends SamlBaseRestHandler { public RestSamlLogoutAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/logout", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/logout", this, + POST, "/_xpack/security/saml/logout", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_logout_action"; + return "security_saml_logout_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java index 0860f364872..84ff7ba1edf 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java @@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml; import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; */ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlPrepareAuthenticationAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_prepare_authn", SamlPrepareAuthenticationRequest::new); @@ -44,12 +48,15 @@ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler { public RestSamlPrepareAuthenticationAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/prepare", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/prepare", this, + POST, "/_xpack/security/saml/prepare", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_prepare_authentication_action"; + return "security_saml_prepare_authentication_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java index 9907e334523..53341ce0b72 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -33,6 +35,7 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; public class RestChangePasswordAction extends SecurityBaseRestHandler implements RestRequestFilter { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestChangePasswordAction.class)); private final SecurityContext securityContext; private final Hasher passwordHasher; @@ -41,15 +44,24 @@ public class RestChangePasswordAction extends SecurityBaseRestHandler implements super(settings, licenseState); this.securityContext = securityContext; passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings)); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_password", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_password", this); - controller.registerHandler(POST, "/_xpack/security/user/_password", this); - controller.registerHandler(PUT, "/_xpack/security/user/_password", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_password", this, + POST, "/_xpack/security/user/{username}/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_password", this, + PUT, "/_xpack/security/user/{username}/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/_password", this, + POST, "/_xpack/security/user/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/_password", this, + PUT, "/_xpack/security/user/_password", deprecationLogger); } @Override public String getName() { - return "xpack_security_change_password_action"; + return "security_change_password_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java index a8590388398..3c810ca2308 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,19 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE; */ public class RestDeleteUserAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteUserAction.class)); + public RestDeleteUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/user/{username}", this, + DELETE, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_user_action"; + return "security_delete_user_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java index 2145b6f39dc..b073349d842 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -39,17 +41,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; public class RestGetUserPrivilegesAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestGetUserPrivilegesAction.class)); public RestGetUserPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/user/_privileges", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/_privileges", this, + GET, "/_xpack/security/user/_privileges", deprecationLogger); } @Override public String getName() { - return "xpack_security_user_privileges_action"; + return "security_user_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java index 1ab80954e9b..2751022d9f0 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,15 +32,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET; */ public class RestGetUsersAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetUsersAction.class)); + public RestGetUsersAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/user/", this); - controller.registerHandler(GET, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/", this, + GET, "/_xpack/security/user/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/user/{username}", this, + GET, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_users_action"; + return "security_get_users_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java index 6ec8250420e..d26d8db2069 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java @@ -5,10 +5,12 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.collect.Tuple; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -40,20 +42,30 @@ import static org.elasticsearch.rest.RestRequest.Method.POST; public class RestHasPrivilegesAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestHasPrivilegesAction.class)); public RestHasPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/user/{username}/_has_privileges", this); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_has_privileges", this); - controller.registerHandler(GET, "/_xpack/security/user/_has_privileges", this); - controller.registerHandler(POST, "/_xpack/security/user/_has_privileges", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/{username}/_has_privileges", this, + GET, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_has_privileges", this, + POST, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/user/_has_privileges", this, + GET, "/_xpack/security/user/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/_has_privileges", this, + POST, "/_xpack/security/user/_has_privileges", deprecationLogger); } @Override public String getName() { - return "xpack_security_has_priviledges_action"; + return "security_has_priviledges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java index 486ac3fa359..b56daba0bfa 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -37,17 +39,23 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; public class RestPutUserAction extends SecurityBaseRestHandler implements RestRequestFilter { private final Hasher passwordHasher; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutUserAction.class)); public RestPutUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings)); - controller.registerHandler(POST, "/_xpack/security/user/{username}", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}", this, + POST, "/_xpack/security/user/{username}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}", this, + PUT, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_user_action"; + return "security_put_user_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java index 8d796b9c618..a78b2c85aa6 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,17 +32,28 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT; */ public class RestSetEnabledAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSetEnabledAction.class)); + public RestSetEnabledAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_enable", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_enable", this); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_disable", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_disable", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_enable", this, + POST, "/_xpack/security/user/{username}/_enable", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_enable", this, + PUT, "/_xpack/security/user/{username}/_enable", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_disable", this, + POST, "/_xpack/security/user/{username}/_disable", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_disable", this, + PUT, "/_xpack/security/user/{username}/_disable", deprecationLogger); } @Override public String getName() { - return "xpack_security_set_enabled_action"; + return "security_set_enabled_action"; } @Override diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index fc02a5c4d62..145213094d1 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -99,7 +99,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase { @Override public void executeRequest() throws Exception { - executeHttpRequest("/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", + executeHttpRequest("/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.emptyMap()); } }, @@ -122,7 +122,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase { @Override public void executeRequest() throws Exception { - String path = "/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache"; + String path = "/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache"; Map params = Collections.singletonMap("usernames", String.join(",", evicted_usernames)); executeHttpRequest(path, params); } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java index 7027a789a23..e79ec2e2fc0 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -199,7 +199,7 @@ public class LicensingTests extends SecurityIntegTestCase { // the default of the licensing tests is basic assertThat(unauthorizedRootResponse.getStatusLine().getStatusCode(), is(200)); ResponseException e = expectThrows(ResponseException.class, - () -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate"))); + () -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403)); // generate a new license with a mode that enables auth @@ -209,7 +209,7 @@ public class LicensingTests extends SecurityIntegTestCase { e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); e = expectThrows(ResponseException.class, - () -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate"))); + () -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder(); @@ -221,7 +221,7 @@ public class LicensingTests extends SecurityIntegTestCase { rootRequest.setOptions(options); Response authorizedRootResponse = getRestClient().performRequest(rootRequest); assertThat(authorizedRootResponse.getStatusLine().getStatusCode(), is(200)); - Request authenticateRequest = new Request("GET", "/_xpack/security/_authenticate"); + Request authenticateRequest = new Request("GET", "/_security/_authenticate"); authenticateRequest.setOptions(options); Response authorizedAuthenticateResponse = getRestClient().performRequest(authenticateRequest); assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java index bc235e0918e..63f5ace5352 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java @@ -80,7 +80,7 @@ public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase { public void setupReservedPasswords(RestClient restClient) throws IOException { logger.info("setting up reserved passwords for test"); { - Request request = new Request("PUT", "/_xpack/security/user/elastic/_password"); + Request request = new Request("PUT", "/_security/user/elastic/_password"); request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD)); @@ -94,7 +94,7 @@ public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase { final List usernames = Arrays.asList(KibanaUser.NAME, LogstashSystemUser.NAME, BeatsSystemUser.NAME, APMSystemUser.NAME, RemoteMonitoringUser.NAME); for (String username : usernames) { - Request request = new Request("PUT", "/_xpack/security/user/" + username + "/_password"); + Request request = new Request("PUT", "/_security/user/" + username + "/_password"); request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}"); request.setOptions(options); restClient.performRequest(request); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java index a359c1ba6ec..71685c444ec 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java @@ -459,11 +459,11 @@ public class SetupPasswordToolTests extends CommandTestCase { } private URL authenticateUrl(URL url) throws MalformedURLException, URISyntaxException { - return new URL(url, (url.toURI().getPath() + "/_xpack/security/_authenticate").replaceAll("/+", "/") + "?pretty"); + return new URL(url, (url.toURI().getPath() + "/_security/_authenticate").replaceAll("/+", "/") + "?pretty"); } private URL passwordUrl(URL url, String user) throws MalformedURLException, URISyntaxException { - return new URL(url, (url.toURI().getPath() + "/_xpack/security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty"); + return new URL(url, (url.toURI().getPath() + "/_security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty"); } private URL clusterHealthUrl(URL url) throws MalformedURLException, URISyntaxException { diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java index a6a304df123..1e7955175f6 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java @@ -53,7 +53,7 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase { } public void testAuthenticateApi() throws Exception { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME, new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))); @@ -72,7 +72,7 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase { public void testAuthenticateApiWithoutAuthentication() throws Exception { try { - Response response = getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")); + Response response = getRestClient().performRequest(new Request("GET", "/_security/_authenticate")); if (anonymousEnabled) { assertThat(response.getStatusLine().getStatusCode(), is(200)); ObjectPath objectPath = ObjectPath.createFromResponse(response); diff --git a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java index 848fee17c7f..1dc765e242a 100644 --- a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java +++ b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java @@ -476,7 +476,7 @@ public abstract class SqlSecurityTestCase extends ESRestTestCase { } protected static void createUser(String name, String role) throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/" + name); + Request request = new Request("PUT", "/_security/user/" + name); XContentBuilder user = JsonXContent.contentBuilder().prettyPrint(); user.startObject(); { user.field("password", "testpass"); diff --git a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java index 1538f5302d6..4ddeb7d4cdc 100644 --- a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java +++ b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java @@ -155,7 +155,7 @@ public class UserFunctionIT extends ESRestTestCase { } private void createUser(String name, String role) throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/" + name); + Request request = new Request("PUT", "/_security/user/" + name); XContentBuilder user = JsonXContent.contentBuilder().prettyPrint(); user.startObject(); { user.field("password", "testpass"); @@ -167,7 +167,7 @@ public class UserFunctionIT extends ESRestTestCase { } private void deleteUser(String name) throws IOException { - Request request = new Request("DELETE", "/_xpack/security/user/" + name); + Request request = new Request("DELETE", "/_security/user/" + name); client().performRequest(request); } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json similarity index 62% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json index 650f89e89a4..394ad0d8dbe 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json @@ -1,10 +1,12 @@ { - "xpack.security.authenticate": { + "security.authenticate": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/_authenticate", - "paths": [ "/_xpack/security/_authenticate" ], + "path": "/_security/_authenticate", + "paths": [ + "/_security/_authenticate" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json similarity index 81% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json index 7cb4277ee50..9e94102fc23 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json @@ -1,10 +1,13 @@ { - "xpack.security.change_password": { + "security.change_password": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_password", - "paths": [ "/_xpack/security/user/{username}/_password", "/_xpack/security/user/_password" ], + "path": "/_security/user/{username}/_password", + "paths": [ + "/_security/user/{username}/_password", + "/_security/user/_password" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json similarity index 76% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json index 059441d654e..9e986d615a2 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json @@ -1,10 +1,12 @@ { - "xpack.security.clear_cached_realms": { + "security.clear_cached_realms": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/realm/{realms}/_clear_cache", - "paths": [ "/_xpack/security/realm/{realms}/_clear_cache" ], + "path": "/_security/realm/{realms}/_clear_cache", + "paths": [ + "/_security/realm/{realms}/_clear_cache" + ], "parts": { "realms": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json similarity index 68% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json index d945ebe3247..1c39ea9ade3 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json @@ -1,10 +1,12 @@ { - "xpack.security.clear_cached_roles": { + "security.clear_cached_roles": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/role/{name}/_clear_cache", - "paths": [ "/_xpack/security/role/{name}/_clear_cache" ], + "path": "/_security/role/{name}/_clear_cache", + "paths": [ + "/_security/role/{name}/_clear_cache" + ], "parts": { "name": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json similarity index 81% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json index 6086e46eade..13231572ab7 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_privileges": { + "security.delete_privileges": { "documentation": "TODO", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/privilege/{application}/{name}", - "paths": [ "/_xpack/security/privilege/{application}/{name}" ], + "path": "/_security/privilege/{application}/{name}", + "paths": [ + "/_security/privilege/{application}/{name}" + ], "parts": { "application": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json index 881105d60b8..8e4a17988f5 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_role": { + "security.delete_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json similarity index 82% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json index 4c1df6b99db..5aff743b45b 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_role_mapping": { + "security.delete_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role-mapping.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json index fa1deb3e1ec..175d9925f00 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_user": { + "security.delete_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-user.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json similarity index 82% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json index 0e55e82ead6..cfc04b52ad3 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json @@ -1,10 +1,12 @@ { - "xpack.security.disable_user": { + "security.disable_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_disable", - "paths": [ "/_xpack/security/user/{username}/_disable" ], + "path": "/_security/user/{username}/_disable", + "paths": [ + "/_security/user/{username}/_disable" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json similarity index 83% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json index da2f67adbea..aa50ddce9ac 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json @@ -1,10 +1,12 @@ { - "xpack.security.enable_user": { + "security.enable_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_enable", - "paths": [ "/_xpack/security/user/{username}/_enable" ], + "path": "/_security/user/{username}/_enable", + "paths": [ + "/_security/user/{username}/_enable" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json similarity index 70% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json index 4286ffa954b..95a39bd313a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.get_privileges": { + "security.get_privileges": { "documentation": "TODO", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/privilege/{application}/{name}", - "paths": [ "/_xpack/security/privilege/{application}/{name}" ], + "path": "/_security/privilege/{application}/{name}", + "paths": [ + "/_security/privilege/{application}/{name}" + ], "parts": { "application": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json index 67bdbb8a911..412127ce157 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json @@ -1,10 +1,13 @@ { - "xpack.security.get_role": { + "security.get_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}", "/_xpack/security/role" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}", + "/_security/role" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json similarity index 66% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json index 7696f6671e4..169ef451b3c 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json @@ -1,10 +1,13 @@ { - "xpack.security.get_role_mapping": { + "security.get_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}", "/_xpack/security/role_mapping" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}", + "/_security/role_mapping" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json index 0b6f141d10e..9ecc8091797 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json @@ -1,10 +1,12 @@ { - "xpack.security.get_token": { + "security.get_token": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/oauth2/token", - "paths": [ "/_xpack/security/oauth2/token" ], + "path": "/_security/oauth2/token", + "paths": [ + "/_security/oauth2/token" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json similarity index 70% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json index 94dcbca81e1..ed6e7069dca 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json @@ -1,10 +1,13 @@ { - "xpack.security.get_user": { + "security.get_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}", "/_xpack/security/user" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}", + "/_security/user" + ], "parts": { "username": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json similarity index 61% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json index 56b9609c264..45f1e4a08c6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.get_user_privileges": { + "security.get_user_privileges": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/user/_privileges", - "paths": [ "/_xpack/security/user/_privileges" ], + "path": "/_security/user/_privileges", + "paths": [ + "/_security/user/_privileges" + ], "parts": { }, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json similarity index 68% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json index 9c75b40e4d1..c388f766c98 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json @@ -1,10 +1,13 @@ { - "xpack.security.has_privileges": { + "security.has_privileges": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html", "methods": [ "GET", "POST" ], "url": { - "path": "/_xpack/security/user/_has_privileges", - "paths": [ "/_xpack/security/user/_has_privileges", "/_xpack/security/user/{user}/_has_privileges" ], + "path": "/_security/user/_has_privileges", + "paths": [ + "/_security/user/_has_privileges", + "/_security/user/{user}/_has_privileges" + ], "parts": { "user": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json index 27dd1030914..7938825e5b1 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json @@ -1,10 +1,12 @@ { - "xpack.security.invalidate_token": { + "security.invalidate_token": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/oauth2/token", - "paths": [ "/_xpack/security/oauth2/token" ], + "path": "/_security/oauth2/token", + "paths": [ + "/_security/oauth2/token" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json index 312db3c9a18..20b8d8418ab 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json @@ -1,11 +1,11 @@ { - "xpack.security.put_privileges": { + "security.put_privileges": { "documentation": "TODO", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/privilege/", + "path": "/_security/privilege/", "paths": [ - "/_xpack/security/privilege/" + "/_security/privilege/" ], "params": { "refresh": { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json similarity index 86% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json index 63ef5ee3786..8539d198c70 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json @@ -1,10 +1,12 @@ { - "xpack.security.put_role": { + "security.put_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json index 98e723d80e9..626ff0d6da8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json @@ -1,10 +1,12 @@ { - "xpack.security.put_role_mapping": { + "security.put_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json similarity index 85% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json index 1b51783a05e..a1a77c5bb4e 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json @@ -1,10 +1,12 @@ { - "xpack.security.put_user": { + "security.put_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json similarity index 64% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json index b9ad98b172b..10715cd5380 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json @@ -1,10 +1,12 @@ { - "xpack.ssl.certificates": { + "ssl.certificates": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/ssl/certificates", - "paths": [ "/_xpack/ssl/certificates" ], + "path": "/_ssl/certificates", + "paths": [ + "/_ssl/certificates" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml index 103bfe55c30..ea4f2f592c6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "authenticate_user" body: > { @@ -20,7 +20,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "authenticate_user" ignore: 404 @@ -30,7 +30,7 @@ teardown: - do: headers: Authorization: "Basic YXV0aGVudGljYXRlX3VzZXI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "authenticate_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml index 22981698d29..4dadd1370da 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "readall" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "limitread" body: > { @@ -35,7 +35,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "full" body: > { @@ -45,7 +45,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "limited" body: > { @@ -56,22 +56,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "full" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "limited" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "readall" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "limitread" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml index 562a56f4154..7b465426350 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml @@ -6,7 +6,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -14,7 +14,7 @@ setup: "roles" : [ "superuser" ] } - do: - xpack.security.put_role: + security.put_role: name: "user" body: > { @@ -27,7 +27,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "unprivileged_user" body: > { @@ -38,15 +38,15 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "unprivileged_user" ignore: 404 @@ -62,7 +62,7 @@ teardown: # change password - do: - xpack.security.change_password: + security.change_password: username: "joe" body: > { @@ -98,7 +98,7 @@ teardown: - do: headers: Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0" - xpack.security.change_password: + security.change_password: body: > { "password" : "s3krit2" @@ -132,7 +132,7 @@ teardown: headers: Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0" catch: forbidden - xpack.security.change_password: + security.change_password: username: "anotheruser" body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml index 128f30f2147..437ce21d0c8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml @@ -9,7 +9,7 @@ setup: # Creates a role and a user "Logstash Agent" who can use # the Monitoring Bulk API and read the monitoring indices. - do: - xpack.security.put_role: + security.put_role: name: "logstash_agent_role" body: > { @@ -22,7 +22,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "logstash_agent" body: > { @@ -33,7 +33,7 @@ setup: # Creates a role and a user "Unknown Agent" who can only # read the monitoring indices. - do: - xpack.security.put_role: + security.put_role: name: "unknown_agent_role" body: > { @@ -46,7 +46,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "unknown_agent" body: > { @@ -57,19 +57,19 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "logstash_agent" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "logstash_agent_role" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "unknown_agent" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "unknown_agent_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml index 30fa3a8d078..e003dba2c21 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml @@ -9,22 +9,22 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app name: "p1,p2,p3" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app2 name: "p1" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: "p1,p2,p3,p4" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app4 name: "p1" ignore: 404 @@ -32,7 +32,7 @@ teardown: "Test put and get privileges": # Single privilege - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -51,7 +51,7 @@ teardown: # Multiple privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -88,7 +88,7 @@ teardown: # Update existing privilege - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -104,7 +104,7 @@ teardown: # Get the privilege back - do: - xpack.security.get_privileges: + security.get_privileges: application: app name: p1 @@ -121,7 +121,7 @@ teardown: # Get 2 privileges back - do: - xpack.security.get_privileges: + security.get_privileges: application: app name: p1,p2 @@ -149,7 +149,7 @@ teardown: # Get all (3) privileges back for "app" - do: - xpack.security.get_privileges: + security.get_privileges: application: "app" name: "" @@ -188,7 +188,7 @@ teardown: # Get all (4) privileges back for all apps - do: - xpack.security.get_privileges: + security.get_privileges: application: "" name: "" @@ -237,7 +237,7 @@ teardown: "Test put and delete privileges": # Store some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app3": { @@ -278,7 +278,7 @@ teardown: # Delete 1 privilege - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: p1 @@ -287,7 +287,7 @@ teardown: # Delete 2 more privileges (p2, p3) # and try to delete two that don't exist (p1, p0) - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: p1,p2,p3,p0 @@ -299,13 +299,13 @@ teardown: # Check the deleted privileges are gone - do: catch: missing - xpack.security.get_privileges: + security.get_privileges: application: app3 name: p1,p2,p3 # Check the non-deleted privileges are there - do: - xpack.security.get_privileges: + security.get_privileges: application: "" name: "" - match: { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml index 1860564863f..85ac286c3f0 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "myapp": { @@ -33,7 +33,7 @@ setup: # Store 2 test roles - do: - xpack.security.put_role: + security.put_role: name: "myapp_engineering_read" body: > { @@ -59,7 +59,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "myapp_engineering_write" body: > { @@ -86,7 +86,7 @@ setup: # And a user for each role - do: - xpack.security.put_user: + security.put_user: username: "eng_read" body: > { @@ -94,7 +94,7 @@ setup: "roles" : [ "myapp_engineering_read" ] } - do: - xpack.security.put_user: + security.put_user: username: "eng_write" body: > { @@ -105,35 +105,35 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: myapp name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "eng_read" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "eng_write" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "myapp_engineering_read" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "myapp_engineering_write" ignore: 404 --- "Test has_privileges with application-privileges": - do: headers: { Authorization: "Basic ZW5nX3JlYWQ6cEBzc3cwcmQ=" } # eng_read - xpack.security.has_privileges: + security.has_privileges: user: null body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml index 912a27884bf..f51c045f6c6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app01": { @@ -50,7 +50,7 @@ setup: # And a superuser - do: - xpack.security.put_user: + security.put_user: username: "my_admin" body: > { @@ -58,7 +58,7 @@ setup: "roles" : [ "superuser" ] } - do: - xpack.security.put_user: + security.put_user: username: "eng_write" body: > { @@ -69,18 +69,18 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app01 name: "user,read,write" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app02 name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "my_admin" ignore: 404 @@ -88,7 +88,7 @@ teardown: "Test superuser has all application-privileges": - do: headers: { Authorization: "Basic bXlfYWRtaW46YWRtaW4wMQ==" } # my_admin - xpack.security.has_privileges: + security.has_privileges: user: null body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml index 80123ea7c3c..430bbdb5f29 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "test-app": { @@ -27,7 +27,7 @@ setup: # Store 2 test roles - do: - xpack.security.put_role: + security.put_role: name: "test-role-1" body: > { @@ -82,7 +82,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "test-role-2" body: > { @@ -142,7 +142,7 @@ setup: # And a user for each role combination - do: - xpack.security.put_user: + security.put_user: username: "test-1" body: > { @@ -150,7 +150,7 @@ setup: "roles" : [ "test-role-1" ] } - do: - xpack.security.put_user: + security.put_user: username: "test-2" body: > { @@ -158,7 +158,7 @@ setup: "roles" : [ "test-role-2" ] } - do: - xpack.security.put_user: + security.put_user: username: "test-3" body: > { @@ -169,33 +169,33 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: test-app name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-1" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-2" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-3" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "test-role-1" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "test-role-2" ignore: 404 @@ -207,7 +207,7 @@ teardown: features: contains - do: headers: { Authorization: "Basic dGVzdC0xOjEyMzQ1Njc4" } # test-1 - xpack.security.get_user_privileges: {} + security.get_user_privileges: {} - match: { "cluster" : [ "monitor" ] } @@ -235,7 +235,7 @@ teardown: - do: headers: { Authorization: "Basic dGVzdC0yOjEyMzQ1Njc4" } # test-2 - xpack.security.get_user_privileges: + security.get_user_privileges: username: null - match: { "cluster" : [ "manage", "manage_security" ] } @@ -269,7 +269,7 @@ teardown: features: contains - do: headers: { Authorization: "Basic dGVzdC0zOjEyMzQ1Njc4" } # test-3 - xpack.security.get_user_privileges: {} + security.get_user_privileges: {} - match: { "cluster" : [ "manage", "manage_security", "monitor" ] } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml index 8c64e995c96..73eae3d7976 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml @@ -10,13 +10,13 @@ setup: --- teardown: - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "everyone" ignore: 404 --- "Test put role_mapping api": - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "everyone" body: > { @@ -31,7 +31,7 @@ teardown: # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "everyone" - match: { everyone.enabled: true } - match: { everyone.roles.0: "kibana_user" } @@ -39,7 +39,7 @@ teardown: # Get all - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: null - match: { everyone.enabled: true } - match: { everyone.roles.0: "kibana_user" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml index 31208ceaf2e..cda9987e432 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing role-mapping": - do: catch: missing - xpack.security.get_role_mapping: + security.get_role_mapping: name: 'does-not-exist' --- "Get missing (multiple) role-mappings": - do: catch: missing - xpack.security.get_role_mapping: + security.get_role_mapping: name: [ 'dne1', 'dne2' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml index 0939fdfb1f7..0bd49ee8a79 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml @@ -10,13 +10,13 @@ setup: --- teardown: - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "test_delete" ignore: 404 --- "Test delete role_mapping api": - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "test_delete" body: > { @@ -28,18 +28,18 @@ teardown: # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "test_delete" - match: { test_delete.enabled: true } # Delete it - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "test_delete" - match: { found: true } # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "test_delete" catch: missing diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml index badfcec6406..f34546c7cda 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,22 +18,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "admin_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "backwards_role" ignore: 404 --- "Test put role api": - do: - xpack.security.put_role: + security.put_role: name: "admin_role" body: > { @@ -52,7 +52,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.put_role: + security.put_role: name: "backwards_role" body: > { @@ -73,7 +73,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_role: + security.get_role: name: "admin_role" - match: { admin_role.cluster.0: "all" } - match: { admin_role.metadata.key1: "val1" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml index 84e2ae4d412..1046be6a1b6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml @@ -9,12 +9,12 @@ setup: --- teardown: - do: - xpack.security.delete_role: + security.delete_role: name: "admin_role2" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -29,7 +29,7 @@ teardown: "Test put role api using as array of index names": - do: - xpack.security.put_role: + security.put_role: name: "admin_role2" body: > { @@ -44,7 +44,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -80,7 +80,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_role: + security.get_role: name: "admin_role2" - match: { admin_role2.cluster.0: "all" } - match: { admin_role2.indices.0.names.0: "foo" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml index ebe0a5d9df3..557af73d51e 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing role": - do: catch: missing - xpack.security.get_role: + security.get_role: name: 'foo' --- "Get missing (multiple) roles": - do: catch: missing - xpack.security.get_role: + security.get_role: name: [ 'foo', 'bar' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml index ea6bc86a7e3..abddcdc6dda 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "role" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -36,11 +36,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml index b89efdfe56c..570f23930f1 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,11 +18,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "with_global" ignore: 404 @@ -30,7 +30,7 @@ teardown: --- "Test put role with conditional security privileges": - do: - xpack.security.put_role: + security.put_role: name: "with_global" body: > { @@ -45,7 +45,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.get_role: + security.get_role: name: "with_global" - match: { with_global.global.application.manage.applications.0: "app1-*" } - match: { with_global.global.application.manage.applications.1: "app2-*" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml index a6708dfa287..c42ab9d06f6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml @@ -9,12 +9,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "foo_only_access" ignore: 404 @@ -22,7 +22,7 @@ teardown: "Index-based access": - do: - xpack.security.put_role: + security.put_role: name: "foo_only_access" body: > { @@ -34,7 +34,7 @@ teardown: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -186,7 +186,7 @@ teardown: "Attribute-based access": - do: - xpack.security.put_role: + security.put_role: name: "foo_only_access" body: > { @@ -206,7 +206,7 @@ teardown: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml index d68493bdcdd..2317d29ee70 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -87,12 +87,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml index defff96601b..560c4a2cfb2 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -113,12 +113,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml index a2e392d9053..71b3275ccab 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -98,12 +98,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml index 5d714415d2a..becef57ec4f 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml index 3767ca5dd27..5b6a0e2d331 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -22,7 +22,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -116,12 +116,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml index 5d7a531a1d9..5901a8c66b2 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -22,7 +22,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -134,12 +134,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml index 3fca1ee5633..a0fbed057bc 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "alias_write_role" body: > { @@ -18,7 +18,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -44,12 +44,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "alias_write_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml index a7d3fabd2a2..ba324591114 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -17,7 +17,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "app_manage" body: > { @@ -31,7 +31,7 @@ setup: } - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app-allow": { @@ -42,7 +42,7 @@ setup: } - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app-deny": { @@ -55,28 +55,28 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "app_manage" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app name: read ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app-allow name: read ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app_deny name: read ignore: 404 @@ -86,7 +86,7 @@ teardown: - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -101,7 +101,7 @@ teardown: "Test get application privileges when allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.get_privileges: + security.get_privileges: application: app-allow name: read @@ -118,7 +118,7 @@ teardown: "Test put application privileges when not allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.put_privileges: + security.put_privileges: body: > { "app_deny": { @@ -133,7 +133,7 @@ teardown: "Test get application privileges when not allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.get_privileges: + security.get_privileges: application: app_deny name: read catch: forbidden diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml index 6701669a379..c0eceee94da 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "all_access" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "all_access" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml index d9f0fff8e11..eb31b56e64d 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "all_access" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "all_access" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml index 2e7617b9b8e..efa74c1d9b8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml @@ -21,7 +21,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -29,7 +29,7 @@ setup: "roles" : [ "company_x_logs_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "john" body: > { @@ -38,7 +38,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "company_x_logs_role" body: > { @@ -55,7 +55,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "company_y_logs_role" body: > { @@ -74,19 +74,19 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "john" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "company_x_logs_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "company_y_logs_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml index 227d341b26d..d3b8face717 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml @@ -1,7 +1,7 @@ --- "Test get SSL certificates": - do: - xpack.ssl.certificates: {} + ssl.certificates: {} - length: { $body: 1 } - match: { $body.0.path: "testnode.crt" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml index 62e32cdaed2..43f25a11db0 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "token_user" body: > { @@ -20,7 +20,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "token_user" ignore: 404 @@ -28,7 +28,7 @@ teardown: "Test get and use token": - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -43,7 +43,7 @@ teardown: - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } @@ -53,7 +53,7 @@ teardown: "Test invalidate token": - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -68,14 +68,14 @@ teardown: - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } - match: { full_name: "Token User" } - do: - xpack.security.invalidate_token: + security.invalidate_token: body: token: $token @@ -85,4 +85,4 @@ teardown: catch: unauthorized headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml index fd41df11ac4..e101ca8729a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml @@ -10,18 +10,18 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "bob" ignore: 404 --- "Test put user api": - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -43,7 +43,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -55,7 +55,7 @@ teardown: --- "Test put user with username in body": - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -78,7 +78,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -91,7 +91,7 @@ teardown: "Test put user with different username in body": - do: catch: bad_request - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -113,7 +113,7 @@ teardown: # But it has the nice side effect of automatically adjusting to any changes in the default hasher for # the ES cluster - do: - xpack.security.put_user: + security.put_user: username: "bob" body: > { @@ -129,7 +129,7 @@ teardown: - set: { _source.password: "hash" } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -141,11 +141,11 @@ teardown: - do: headers: Authorization: "Basic am9lOmNvcnJlY3QgaG9yc2UgYmF0dGVyeSBzdGFwbGU=" - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "joe" } - do: catch: unauthorized headers: Authorization: "Basic am9lOnMza3JpdA==" - xpack.security.authenticate: {} + security.authenticate: {} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml index efe4d4e4c92..38fc162be5c 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -19,14 +19,14 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 --- "Test overwriting a user": - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -38,7 +38,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -54,7 +54,7 @@ teardown: - match: { created: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml index 2a477e8bfbb..41a238766d0 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml @@ -5,7 +5,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -16,7 +16,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -24,7 +24,7 @@ teardown: "Test creating a user without password": - do: catch: bad_request - xpack.security.put_user: + security.put_user: username: "no_password_user" body: > { @@ -44,7 +44,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -54,7 +54,7 @@ teardown: # update the user without a password - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -77,7 +77,7 @@ teardown: # validate other properties - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -89,7 +89,7 @@ teardown: # update with password - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -121,7 +121,7 @@ teardown: # validate properties - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml index 290e612f427..a8550fa7ff0 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing user": - do: catch: missing - xpack.security.get_user: + security.get_user: username: 'foo' --- "Get missing (multiple) users": - do: catch: missing - xpack.security.get_user: + security.get_user: username: [ 'foo', 'bar' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml index 746aaed73be..0ffeeb60ed8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml @@ -7,7 +7,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,7 +18,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -32,7 +32,7 @@ teardown: # disable the user - do: - xpack.security.disable_user: + security.disable_user: username: "joe" # validate user cannot login @@ -44,7 +44,7 @@ teardown: # enable the user - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate that the user can login again @@ -65,7 +65,7 @@ teardown: # enable the user - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate that the user still works @@ -86,7 +86,7 @@ teardown: # disable the user - do: - xpack.security.disable_user: + security.disable_user: username: "joe" # validate user cannot login @@ -98,11 +98,11 @@ teardown: # disable again - do: - xpack.security.disable_user: + security.disable_user: username: "joe" - do: - xpack.security.enable_user: + security.enable_user: username: "joe" --- @@ -119,5 +119,5 @@ teardown: catch: '/users may not update the enabled status of their own account/' headers: Authorization: "Basic am9lOnMza3JpdA==" - xpack.security.disable_user: + security.disable_user: username: "joe" diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml index 50811a3cb69..716508e590d 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml @@ -7,7 +7,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,7 +18,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -32,7 +32,7 @@ teardown: # enable - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate user can login diff --git a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java index e9215602429..a9d47ff4445 100644 --- a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java +++ b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java @@ -96,8 +96,8 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { @SuppressWarnings("unchecked") public void testSecurityNativeRealm() throws Exception { if (isRunningAgainstOldCluster()) { - createUser("preupgrade_user"); - createRole("preupgrade_role"); + createUser(true); + createRole(true); } else { waitForYellow(".security"); Response settingsResponse = client().performRequest(new Request("GET", "/.security/_settings/index.format")); @@ -126,7 +126,7 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { logger.info("upgrading security index {}", concreteSecurityIndex); // without upgrade, an error should be thrown try { - createUser("postupgrade_user"); + createUser(false); fail("should not be able to add a user when upgrade hasn't taken place"); } catch (ResponseException e) { assertThat(e.getMessage(), containsString("Security index is not on the current version - " + @@ -139,16 +139,12 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { } // create additional user and role - createUser("postupgrade_user"); - createRole("postupgrade_role"); + createUser(false); + createRole(false); } - assertUserInfo("preupgrade_user"); - assertRoleInfo("preupgrade_role"); - if (isRunningAgainstOldCluster() == false) { - assertUserInfo("postupgrade_user"); - assertRoleInfo("postupgrade_role"); - } + assertUserInfo(isRunningAgainstOldCluster()); + assertRoleInfo(isRunningAgainstOldCluster()); } public void testWatcher() throws Exception { @@ -578,8 +574,14 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { return EntityUtils.toString(response.getEntity()); } - private void createUser(final String id) throws Exception { - Request request = new Request("PUT", "/_xpack/security/user/" + id); + private void createUser(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/user/" + id); + } else { + request = new Request("PUT", "/_security/user/" + id); + } request.setJsonEntity( "{\n" + " \"password\" : \"j@rV1s\",\n" + @@ -591,8 +593,14 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { client().performRequest(request); } - private void createRole(final String id) throws Exception { - Request request = new Request("PUT", "/_xpack/security/role/" + id); + private void createRole(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_role" : "postupgrade_role"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/role/" + id); + } else { + request = new Request("PUT", "/_security/role/" + id); + } request.setJsonEntity( "{\n" + " \"run_as\": [ \"abc\" ],\n" + @@ -611,17 +619,22 @@ public class FullClusterRestartIT extends AbstractFullClusterRestartTestCase { client().performRequest(request); } - private void assertUserInfo(final String user) throws Exception { - Map response = entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))); + private void assertUserInfo(final boolean oldCluster) throws Exception { + final String user = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Map response = oldCluster ? + entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))) : + entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); @SuppressWarnings("unchecked") Map userInfo = (Map) response.get(user); assertEquals(user + "@example.com", userInfo.get("email")); assertNotNull(userInfo.get("full_name")); assertNotNull(userInfo.get("roles")); } - private void assertRoleInfo(final String role) throws Exception { - @SuppressWarnings("unchecked") Map response = (Map) - entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role); + private void assertRoleInfo(final boolean oldCluster) throws Exception { + final String role = oldCluster ? "preupgrade_role" : "postupgrade_role"; + @SuppressWarnings("unchecked") Map response = oldCluster ? + (Map) entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role) : + (Map) entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); assertNotNull(response.get("run_as")); assertNotNull(response.get("cluster")); assertNotNull(response.get("indices")); diff --git a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java index 17eb3592d58..ff5c24b15ed 100644 --- a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java +++ b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java @@ -79,7 +79,7 @@ public class KerberosAuthenticationIT extends ESRestTestCase { .endObject() // "rules" .endObject()); - final Request request = new Request("POST", "/_xpack/security/role_mapping/kerberosrolemapping"); + final Request request = new Request("POST", "/_security/role_mapping/kerberosrolemapping"); request.setJsonEntity(json); final Response response = adminClient().performRequest(request); assertOK(response); @@ -117,7 +117,7 @@ public class KerberosAuthenticationIT extends ESRestTestCase { private void executeRequestAndVerifyResponse(final String userPrincipalName, final SpnegoHttpClientConfigCallbackHandler callbackHandler) throws PrivilegedActionException, IOException { - final Request request = new Request("GET", "/_xpack/security/_authenticate"); + final Request request = new Request("GET", "/_security/_authenticate"); try (RestClient restClient = buildRestClientForKerberos(callbackHandler)) { final AccessControlContext accessControlContext = AccessController.getContext(); final LoginContext lc = callbackHandler.login(); diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml index 5291b8735ba..1ebd18ccaa3 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml index 2f30a285a70..b2323587325 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -24,11 +24,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "monitor_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml index c960f2f1432..9bc4daa655c 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml index bfc3d0d9950..6875df0847d 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml index 1b35d8546a5..e2a05f3326a 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml index add6f8ac62e..e7842db70d2 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml index dc1b512736d..f9a37dd8294 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -191,7 +191,7 @@ setup: # request clears the cached reference to the user so we do not need to do # that manually - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java index 8fd2135aac5..d959cf2daae 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java @@ -49,7 +49,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { } } - Request createTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -70,7 +70,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { "}"); client().performRequest(indexRequest1); - Request createSecondTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createSecondTokenRequest = new Request("POST", "/_security/oauth2/token"); createSecondTokenRequest.setEntity(createTokenRequest.getEntity()); response = client().performRequest(createSecondTokenRequest); responseMap = entityAsMap(response); @@ -102,14 +102,14 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { final String token = (String) source.get("token"); assertTokenWorks(token); - Request invalidateRequest = new Request("DELETE", "_xpack/security/oauth2/token"); + Request invalidateRequest = new Request("DELETE", "/_security/oauth2/token"); invalidateRequest.setJsonEntity("{\"token\": \"" + token + "\"}"); invalidateRequest.addParameter("error_trace", "true"); client().performRequest(invalidateRequest); assertTokenDoesNotWork(token); // create token and refresh on version that supports it - Request createTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -125,7 +125,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { assertNotNull(refreshToken); assertTokenWorks(accessToken); - Request tokenRefreshRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request tokenRefreshRequest = new Request("POST", "/_security/oauth2/token"); tokenRefreshRequest.setJsonEntity( "{\n" + " \"refresh_token\": \"" + refreshToken + "\",\n" + @@ -152,7 +152,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { final String token = (String) source.get("token"); // invalidate again since this may not have been invalidated in the mixed cluster - Request invalidateRequest = new Request("DELETE", "_xpack/security/oauth2/token"); + Request invalidateRequest = new Request("DELETE", "/_security/oauth2/token"); invalidateRequest.setJsonEntity("{\"token\": \"" + token + "\"}"); invalidateRequest.addParameter("error_trace", "true"); Response invalidationResponse = client().performRequest(invalidateRequest); @@ -164,7 +164,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { final String workingToken = (String) source.get("token"); assertTokenWorks(workingToken); - Request getTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request getTokenRequest = new Request("POST", "/_security/oauth2/token"); getTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -179,7 +179,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { assertNotNull(refreshToken); assertTokenWorks(accessToken); - Request refreshTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request refreshTokenRequest = new Request("POST", "/_security/oauth2/token"); refreshTokenRequest.setJsonEntity( "{\n" + " \"refresh_token\": \"" + refreshToken + "\",\n" + @@ -198,7 +198,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { } private void assertTokenWorks(String token) throws IOException { - Request request = new Request("GET", "_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); @@ -208,7 +208,7 @@ public class TokenBackwardsCompatibilityIT extends AbstractUpgradeTestCase { } private void assertTokenDoesNotWork(String token) { - Request request = new Request("GET", "_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml index cfe3ca97330..22291dde1a9 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml @@ -1,30 +1,30 @@ --- "Verify user and role in mixed cluster": - do: - xpack.security.get_user: + security.get_user: username: "native_user" - match: { native_user.username: "native_user" } - match: { native_user.roles.0: "native_role" } - do: - xpack.security.get_role: + security.get_role: name: "native_role" - match: { native_role.cluster.0: "all" } - match: { native_role.indices.0.names.0: "test_index" } - match: { native_role.indices.0.privileges.0: "all" } - do: - xpack.security.clear_cached_roles: + security.clear_cached_roles: name: "native_role" - do: - xpack.security.clear_cached_realms: + security.clear_cached_realms: realms: "_all" --- "verify users for default password migration in mixed cluster": - do: - xpack.security.get_user: + security.get_user: username: "kibana,logstash_system" - match: { kibana.enabled: false } - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml index 96e6278b358..aae5f308597 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml @@ -18,7 +18,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml index 7350557e82f..1cd4ead9db0 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml @@ -4,7 +4,7 @@ features: headers # create native user and role - do: - xpack.security.put_user: + security.put_user: username: "native_user" body: > { @@ -14,7 +14,7 @@ - match: { created: true } - do: - xpack.security.put_role: + security.put_role: name: "native_role" body: > { @@ -36,11 +36,11 @@ - match: { timed_out: false } - do: - xpack.security.clear_cached_roles: + security.clear_cached_roles: name: "native_role" - do: - xpack.security.clear_cached_realms: + security.clear_cached_realms: realms: "_all" - do: @@ -51,16 +51,16 @@ # Check that enabling a user in old cluster will not prevent the user from having a "default password" in the new cluster. # See: org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator.doConvertDefaultPasswords - do: - xpack.security.disable_user: + security.disable_user: username: "kibana" - do: - xpack.security.get_user: + security.get_user: username: "kibana" - match: { kibana.enabled: false } - do: - xpack.security.change_password: + security.change_password: username: "logstash_system" body: > { @@ -68,10 +68,10 @@ } - do: - xpack.security.enable_user: + security.enable_user: username: "logstash_system" - do: - xpack.security.get_user: + security.get_user: username: "logstash_system" - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml index 974ef56a758..02fa0f31ce3 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml @@ -8,7 +8,7 @@ wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "token_user" body: > { @@ -18,7 +18,7 @@ } - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -33,7 +33,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml index a265605c536..f9d1b6c1679 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml @@ -13,13 +13,13 @@ - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "native_user" - match: { native_user.username: "native_user" } - match: { native_user.roles.0: "native_role" } - do: - xpack.security.get_role: + security.get_role: name: "native_role" - match: { native_role.cluster.0: "all" } - match: { native_role.indices.0.names.0: "test_index" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml index 2598b498f08..fad78b2a085 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml @@ -17,7 +17,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java index a4dcfdeb993..b28c7926c38 100644 --- a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java +++ b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java @@ -178,7 +178,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { */ @Before public void setKibanaPassword() throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/kibana/_password"); + Request request = new Request("PUT", "/_security/user/kibana/_password"); request.setJsonEntity("{ \"password\" : \"" + KIBANA_PASSWORD + "\" }"); adminClient().performRequest(request); } @@ -190,7 +190,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { */ @Before public void setupRoleMapping() throws IOException { - Request request = new Request("PUT", "/_xpack/security/role_mapping/thor-kibana"); + Request request = new Request("PUT", "/_security/role_mapping/thor-kibana"); request.setJsonEntity(Strings.toString(XContentBuilder.builder(XContentType.JSON.xContent()) .startObject() .array("roles", new String[] { "kibana_user"} ) @@ -216,7 +216,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { .put("password", randomAlphaOfLengthBetween(8, 16)) .put("metadata", Collections.singletonMap("is_native", true)) .map(); - final Response response = adminClient().performRequest(buildRequest("PUT", "/_xpack/security/user/thor", body)); + final Response response = adminClient().performRequest(buildRequest("PUT", "/_security/user/thor", body)); assertOK(response); } @@ -312,7 +312,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { } private Map callAuthenticateApiUsingAccessToken(String accessToken) throws IOException { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", "Bearer " + accessToken); request.setOptions(options); @@ -324,7 +324,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { .put("grant_type", "refresh_token") .put("refresh_token", refreshToken) .map(); - final Response response = client().performRequest(buildRequest("POST", "/_xpack/security/oauth2/token", body, kibanaAuth())); + final Response response = client().performRequest(buildRequest("POST", "/_security/oauth2/token", body, kibanaAuth())); assertOK(response); final Map result = entityAsMap(response); @@ -514,7 +514,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { */ private void httpLogin(HttpExchange http) throws IOException { final Map body = Collections.singletonMap("acs", this.acs.toString()); - Request request = buildRequest("POST", "/_xpack/security/saml/prepare", body, kibanaAuth()); + Request request = buildRequest("POST", "/_security/saml/prepare", body, kibanaAuth()); final Response prepare = client().performRequest(request); assertOK(prepare); final Map responseBody = parseResponseAsMap(prepare.getEntity()); @@ -559,7 +559,7 @@ public class SamlAuthenticationIT extends ESRestTestCase { .put("content", saml) .put("ids", Collections.singletonList(id)) .map(); - return client().performRequest(buildRequest("POST", "/_xpack/security/saml/authenticate", body, kibanaAuth())); + return client().performRequest(buildRequest("POST", "/_security/saml/authenticate", body, kibanaAuth())); } private List parseRequestForm(HttpExchange http) throws IOException { diff --git a/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java b/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java index 974f67825f7..364d1fb1e2d 100644 --- a/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java +++ b/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java @@ -103,7 +103,7 @@ public class SetupPasswordToolIT extends ESRestTestCase { final String basicHeader = "Basic " + Base64.getEncoder().encodeToString((entry.getKey() + ":" + entry.getValue()).getBytes(StandardCharsets.UTF_8)); try { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", basicHeader); request.setOptions(options); diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml index f815b58777d..f1f6ab88637 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -16,7 +16,7 @@ setup: "roles" : [ "inline_template_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "stored_template_user" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "terms_template_user" body: > { @@ -37,7 +37,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "inline_template_role" body: > { @@ -57,7 +57,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "terms_template_role" body: > { @@ -75,7 +75,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "stored_template_role" body: > { @@ -132,27 +132,27 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "stored_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "terms_template_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "inline_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "stored_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "terms_template_role" ignore: 404 --- diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml index ef3bc45671b..0011fa7b444 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -16,7 +16,7 @@ setup: "roles" : [ "inline_template_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "stored_template_user" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "terms_template_user" body: > { @@ -37,7 +37,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "inline_template_role" body: > { @@ -57,7 +57,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "terms_template_role" body: > { @@ -75,7 +75,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "stored_template_role" body: > { @@ -132,27 +132,27 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "stored_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "terms_template_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "inline_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "stored_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "terms_template_role" ignore: 404 --- diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml index e63cc02e27c..a8fa79a04fc 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml @@ -24,7 +24,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -35,7 +35,7 @@ setup: } } - do: - xpack.security.put_user: + security.put_user: username: "john" body: > { @@ -49,22 +49,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "john" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "small_companies_role" ignore: 404 --- "Test shared index separating user by using DLS role query with user's username": - do: - xpack.security.put_role: + security.put_role: name: "small_companies_role" body: > { @@ -134,7 +134,7 @@ teardown: --- "Test shared index separating user by using DLS role query with user's metadata": - do: - xpack.security.put_role: + security.put_role: name: "small_companies_role" body: > { diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml index c676615bee0..913979a4bb5 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -17,7 +17,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "role" body: > { @@ -51,7 +51,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404