Deprecate /_xpack/security/* in favor of /_security/* (#36293)

* This commit is part of our plan to deprecate and ultimately remove the use of _xpack in the REST APIs.

- REST API docs
- HLRC docs and doc tests
- Handle REST actions with deprecation warnings
- Changed endpoints in rest-api-spec and relevant file names
This commit is contained in:
Ioannis Kakavas 2018-12-11 11:13:10 +02:00 committed by GitHub
parent bf42cedc13
commit d7c5d8049a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
158 changed files with 968 additions and 692 deletions

View File

@ -56,7 +56,7 @@ final class SecurityRequestConverters {
static Request changePassword(ChangePasswordRequest changePasswordRequest) throws IOException {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/user")
.addPathPartAsIs("_security/user")
.addPathPart(changePasswordRequest.getUsername())
.addPathPartAsIs("_password")
.build();
@ -69,7 +69,7 @@ final class SecurityRequestConverters {
static Request putUser(PutUserRequest putUserRequest) throws IOException {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/user")
.addPathPartAsIs("_security/user")
.addPathPart(putUserRequest.getUser().getUsername())
.build();
Request request = new Request(HttpPut.METHOD_NAME, endpoint);
@ -81,7 +81,7 @@ final class SecurityRequestConverters {
static Request deleteUser(DeleteUserRequest deleteUserRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack","security", "user")
.addPathPartAsIs("_security", "user")
.addPathPart(deleteUserRequest.getName())
.build();
Request request = new Request(HttpDelete.METHOD_NAME, endpoint);
@ -92,7 +92,7 @@ final class SecurityRequestConverters {
static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest) throws IOException {
final String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/role_mapping")
.addPathPartAsIs("_security/role_mapping")
.addPathPart(putRoleMappingRequest.getName())
.build();
final Request request = new Request(HttpPut.METHOD_NAME, endpoint);
@ -104,7 +104,7 @@ final class SecurityRequestConverters {
static Request getRoleMappings(final GetRoleMappingsRequest getRoleMappingRequest) throws IOException {
RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder();
builder.addPathPartAsIs("_xpack/security/role_mapping");
builder.addPathPartAsIs("_security/role_mapping");
if (getRoleMappingRequest.getRoleMappingNames().size() > 0) {
builder.addPathPart(Strings.collectionToCommaDelimitedString(getRoleMappingRequest.getRoleMappingNames()));
}
@ -121,7 +121,7 @@ final class SecurityRequestConverters {
private static Request setUserEnabled(SetUserEnabledRequest setUserEnabledRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/user")
.addPathPartAsIs("_security/user")
.addPathPart(setUserEnabledRequest.getUsername())
.addPathPart(setUserEnabledRequest.isEnabled() ? "_enable" : "_disable")
.build();
@ -132,14 +132,14 @@ final class SecurityRequestConverters {
}
static Request hasPrivileges(HasPrivilegesRequest hasPrivilegesRequest) throws IOException {
Request request = new Request(HttpGet.METHOD_NAME, "/_xpack/security/user/_has_privileges");
Request request = new Request(HttpGet.METHOD_NAME, "/_security/user/_has_privileges");
request.setEntity(createEntity(hasPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE));
return request;
}
static Request clearRealmCache(ClearRealmCacheRequest clearRealmCacheRequest) {
RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/realm");
.addPathPartAsIs("_security/realm");
if (clearRealmCacheRequest.getRealms().isEmpty() == false) {
builder.addCommaSeparatedPathParts(clearRealmCacheRequest.getRealms().toArray(Strings.EMPTY_ARRAY));
} else {
@ -156,7 +156,7 @@ final class SecurityRequestConverters {
static Request clearRolesCache(ClearRolesCacheRequest disableCacheRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/role")
.addPathPartAsIs("_security/role")
.addCommaSeparatedPathParts(disableCacheRequest.names())
.addPathPart("_clear_cache")
.build();
@ -165,7 +165,7 @@ final class SecurityRequestConverters {
static Request deleteRoleMapping(DeleteRoleMappingRequest deleteRoleMappingRequest) {
final String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/role_mapping")
.addPathPartAsIs("_security/role_mapping")
.addPathPart(deleteRoleMappingRequest.getName())
.build();
final Request request = new Request(HttpDelete.METHOD_NAME, endpoint);
@ -176,7 +176,7 @@ final class SecurityRequestConverters {
static Request deleteRole(DeleteRoleRequest deleteRoleRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/role")
.addPathPartAsIs("_security/role")
.addPathPart(deleteRoleRequest.getName())
.build();
Request request = new Request(HttpDelete.METHOD_NAME, endpoint);
@ -187,7 +187,7 @@ final class SecurityRequestConverters {
static Request getRoles(GetRolesRequest getRolesRequest) {
RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder();
builder.addPathPartAsIs("_xpack/security/role");
builder.addPathPartAsIs("_security/role");
if (getRolesRequest.getRoleNames().size() > 0) {
builder.addPathPart(Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()));
}
@ -195,20 +195,20 @@ final class SecurityRequestConverters {
}
static Request createToken(CreateTokenRequest createTokenRequest) throws IOException {
Request request = new Request(HttpPost.METHOD_NAME, "/_xpack/security/oauth2/token");
Request request = new Request(HttpPost.METHOD_NAME, "/_security/oauth2/token");
request.setEntity(createEntity(createTokenRequest, REQUEST_BODY_CONTENT_TYPE));
return request;
}
static Request invalidateToken(InvalidateTokenRequest invalidateTokenRequest) throws IOException {
Request request = new Request(HttpDelete.METHOD_NAME, "/_xpack/security/oauth2/token");
Request request = new Request(HttpDelete.METHOD_NAME, "/_security/oauth2/token");
request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE));
return request;
}
static Request getPrivileges(GetPrivilegesRequest getPrivilegesRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/privilege")
.addPathPartAsIs("_security/privilege")
.addPathPart(getPrivilegesRequest.getApplicationName())
.addCommaSeparatedPathParts(getPrivilegesRequest.getPrivilegeNames())
.build();
@ -216,7 +216,7 @@ final class SecurityRequestConverters {
}
static Request putPrivileges(final PutPrivilegesRequest putPrivilegesRequest) throws IOException {
Request request = new Request(HttpPut.METHOD_NAME, "/_xpack/security/privilege");
Request request = new Request(HttpPut.METHOD_NAME, "/_security/privilege");
request.setEntity(createEntity(putPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE));
RequestConverters.Params params = new RequestConverters.Params(request);
params.withRefreshPolicy(putPrivilegesRequest.getRefreshPolicy());
@ -225,7 +225,7 @@ final class SecurityRequestConverters {
static Request deletePrivileges(DeletePrivilegesRequest deletePrivilegeRequest) {
String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/privilege")
.addPathPartAsIs("_security/privilege")
.addPathPart(deletePrivilegeRequest.getApplication())
.addCommaSeparatedPathParts(deletePrivilegeRequest.getPrivileges())
.build();
@ -237,7 +237,7 @@ final class SecurityRequestConverters {
static Request putRole(final PutRoleRequest putRoleRequest) throws IOException {
final String endpoint = new RequestConverters.EndpointBuilder()
.addPathPartAsIs("_xpack/security/role")
.addPathPartAsIs("_security/role")
.addPathPart(putRoleRequest.getRole().getName())
.build();
final Request request = new Request(HttpPut.METHOD_NAME, endpoint);

View File

@ -35,7 +35,7 @@ public final class AuthenticateRequest implements Validatable {
}
public Request getRequest() {
return new Request(HttpGet.METHOD_NAME, "/_xpack/security/_authenticate");
return new Request(HttpGet.METHOD_NAME, "/_security/_authenticate");
}
}

View File

@ -34,7 +34,7 @@ public final class GetSslCertificatesRequest implements Validatable{
}
public Request getRequest() {
return new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates");
return new Request(HttpGet.METHOD_NAME, "/_ssl/certificates");
}
}

View File

@ -70,7 +70,7 @@ public class SecurityIT extends ESRestHighLevelClientTestCase {
assertThat(updateUserResponse.isCreated(), is(false));
// delete user
final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME,
"/_xpack/security/user/" + putUserRequest.getUser().getUsername());
"/_security/user/" + putUserRequest.getUser().getUsername());
highLevelClient().getLowLevelClient().performRequest(deleteUserRequest);
}

View File

@ -84,7 +84,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
PutUserRequest putUserRequest = new PutUserRequest(user, password, enabled, refreshPolicy);
Request request = SecurityRequestConverters.putUser(putUserRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint());
assertEquals("/_security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(putUserRequest, request.getEntity());
}
@ -96,7 +96,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
DeleteUserRequest deleteUserRequest = new DeleteUserRequest(name, refreshPolicy);
Request request = SecurityRequestConverters.deleteUser(deleteUserRequest);
assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/" + name, request.getEndpoint());
assertEquals("/_security/user/" + name, request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
}
@ -124,7 +124,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
final Request request = SecurityRequestConverters.putRoleMapping(putRoleMappingRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint());
assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(putRoleMappingRequest, request.getEntity());
}
@ -139,9 +139,9 @@ public class SecurityRequestConvertersTests extends ESTestCase {
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
if (noOfRoleMappingNames == 0) {
assertEquals("/_xpack/security/role_mapping", request.getEndpoint());
assertEquals("/_security/role_mapping", request.getEndpoint());
} else {
assertEquals("/_xpack/security/role_mapping/" +
assertEquals("/_security/role_mapping/" +
Strings.collectionToCommaDelimitedString(getRoleMappingsRequest.getRoleMappingNames()), request.getEndpoint());
}
assertEquals(Collections.emptyMap(), request.getParameters());
@ -155,7 +155,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
EnableUserRequest enableUserRequest = new EnableUserRequest(username, refreshPolicy);
Request request = SecurityRequestConverters.enableUser(enableUserRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/" + username + "/_enable", request.getEndpoint());
assertEquals("/_security/user/" + username + "/_enable", request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
}
@ -167,7 +167,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
DisableUserRequest disableUserRequest = new DisableUserRequest(username, refreshPolicy);
Request request = SecurityRequestConverters.disableUser(disableUserRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/" + username + "/_disable", request.getEndpoint());
assertEquals("/_security/user/" + username + "/_disable", request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
}
@ -188,7 +188,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(username, password, refreshPolicy);
Request request = SecurityRequestConverters.changePassword(changePasswordRequest);
assertEquals(HttpPost.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint());
assertEquals("/_security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(changePasswordRequest, request.getEntity());
}
@ -200,7 +200,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(null, password, refreshPolicy);
Request request = SecurityRequestConverters.changePassword(changePasswordRequest);
assertEquals(HttpPost.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/user/_password", request.getEndpoint());
assertEquals("/_security/user/_password", request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(changePasswordRequest, request.getEntity());
}
@ -219,7 +219,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
final Request request = SecurityRequestConverters.deleteRoleMapping(deleteRoleMappingRequest);
assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint());
assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
}
@ -231,9 +231,9 @@ public class SecurityRequestConvertersTests extends ESTestCase {
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
if (roles.length == 0) {
assertEquals("/_xpack/security/role", request.getEndpoint());
assertEquals("/_security/role", request.getEndpoint());
} else {
assertEquals("/_xpack/security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()),
assertEquals("/_security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()),
request.getEndpoint());
}
assertNull(request.getEntity());
@ -247,7 +247,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest(name, refreshPolicy);
Request request = SecurityRequestConverters.deleteRole(deleteRoleRequest);
assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/role/" + name, request.getEndpoint());
assertEquals("/_security/role/" + name, request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
}
@ -258,7 +258,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
CreateTokenRequest createTokenRequest = CreateTokenRequest.passwordGrant(username, password.toCharArray());
Request request = SecurityRequestConverters.createToken(createTokenRequest);
assertEquals(HttpPost.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/oauth2/token", request.getEndpoint());
assertEquals("/_security/oauth2/token", request.getEndpoint());
assertEquals(0, request.getParameters().size());
assertToXContentBody(createTokenRequest, request.getEntity());
}
@ -268,7 +268,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
CreateTokenRequest createTokenRequest = CreateTokenRequest.refreshTokenGrant(refreshToken);
Request request = SecurityRequestConverters.createToken(createTokenRequest);
assertEquals(HttpPost.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/oauth2/token", request.getEndpoint());
assertEquals("/_security/oauth2/token", request.getEndpoint());
assertEquals(0, request.getParameters().size());
assertToXContentBody(createTokenRequest, request.getEntity());
}
@ -277,7 +277,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
CreateTokenRequest createTokenRequest = CreateTokenRequest.clientCredentialsGrant();
Request request = SecurityRequestConverters.createToken(createTokenRequest);
assertEquals(HttpPost.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/oauth2/token", request.getEndpoint());
assertEquals("/_security/oauth2/token", request.getEndpoint());
assertEquals(0, request.getParameters().size());
assertToXContentBody(createTokenRequest, request.getEntity());
}
@ -288,7 +288,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilege);
Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest);
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege/" + application + "/" + privilege, request.getEndpoint());
assertEquals("/_security/privilege/" + application + "/" + privilege, request.getEndpoint());
assertEquals(Collections.emptyMap(), request.getParameters());
assertNull(request.getEntity());
}
@ -298,7 +298,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getApplicationPrivileges(application);
Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest);
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege/" + application, request.getEndpoint());
assertEquals("/_security/privilege/" + application, request.getEndpoint());
assertEquals(Collections.emptyMap(), request.getParameters());
assertNull(request.getEntity());
}
@ -311,7 +311,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilegeNames);
Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest);
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames),
assertEquals("/_security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames),
request.getEndpoint());
assertEquals(Collections.emptyMap(), request.getParameters());
assertNull(request.getEntity());
@ -321,7 +321,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getAllPrivileges();
Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest);
assertEquals(HttpGet.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege", request.getEndpoint());
assertEquals("/_security/privilege", request.getEndpoint());
assertEquals(Collections.emptyMap(), request.getParameters());
assertNull(request.getEntity());
}
@ -342,7 +342,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, refreshPolicy);
final Request request = SecurityRequestConverters.putPrivileges(putPrivilegesRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege", request.getEndpoint());
assertEquals("/_security/privilege", request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(putPrivilegesRequest, request.getEntity());
}
@ -356,7 +356,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
new DeletePrivilegesRequest(application, privileges.toArray(Strings.EMPTY_ARRAY), refreshPolicy);
Request request = SecurityRequestConverters.deletePrivileges(deletePrivilegesRequest);
assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges),
assertEquals("/_security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges),
request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertNull(request.getEntity());
@ -390,7 +390,7 @@ public class SecurityRequestConvertersTests extends ESTestCase {
final PutRoleRequest putRoleRequest = new PutRoleRequest(role, refreshPolicy);
final Request request = SecurityRequestConverters.putRole(putRoleRequest);
assertEquals(HttpPut.METHOD_NAME, request.getMethod());
assertEquals("/_xpack/security/role/" + roleName, request.getEndpoint());
assertEquals("/_security/role/" + roleName, request.getEndpoint());
assertEquals(expectedParams, request.getParameters());
assertToXContentBody(putRoleRequest, request.getEntity());
}

View File

@ -446,7 +446,7 @@ setups['calendar_outages_addevent'] = setups['calendar_outages_addjob'] + '''
'''
setups['role_mapping'] = '''
- do:
xpack.security.put_role_mapping:
security.put_role_mapping:
name: "mapping1"
body: >
{
@ -712,7 +712,7 @@ setups['sensor_prefab_data'] = '''
'''
setups['admin_role'] = '''
- do:
xpack.security.put_role:
security.put_role:
name: "my_admin_role"
body: >
{
@ -726,7 +726,7 @@ setups['admin_role'] = '''
'''
setups['jacknich_user'] = '''
- do:
xpack.security.put_user:
security.put_user:
username: "jacknich"
body: >
{
@ -739,7 +739,7 @@ setups['jacknich_user'] = '''
'''
setups['app0102_privileges'] = '''
- do:
xpack.security.put_privileges:
security.put_privileges:
body: >
{
"myapp": {

View File

@ -8,7 +8,7 @@ authenticate a user and retrieve information about the authenticated user.
==== Request
`GET _xpack/security/_authenticate`
`GET /_security/_authenticate`
==== Description
@ -21,11 +21,11 @@ If the user cannot be authenticated, this API returns a 401 status code.
==== Examples
To authenticate a user, submit a GET request to the
`_xpack/security/_authenticate` endpoint:
`/_security/_authenticate` endpoint:
[source,js]
--------------------------------------------------
GET _xpack/security/_authenticate
GET /_security/_authenticate
--------------------------------------------------
// CONSOLE

View File

@ -6,9 +6,9 @@ Changes the passwords of users in the native realm.
==== Request
`POST _xpack/security/user/_password` +
`POST /_security/user/_password` +
`POST _xpack/security/user/<username>/_password`
`POST /_security/user/<username>/_password`
==== Description
@ -45,7 +45,7 @@ The following example updates the password for the `jacknich` user:
[source,js]
--------------------------------------------------
POST /_xpack/security/user/jacknich/_password
POST /_security/user/jacknich/_password
{
"password" : "s3cr3t"
}

View File

@ -7,9 +7,9 @@ the cache or evict specific users.
==== Request
`POST _xpack/security/realm/<realms>/_clear_cache` +
`POST /_security/realm/<realms>/_clear_cache` +
`POST _xpack/security/realm/<realms>/_clear_cache?usernames=<usernames>`
`POST /_security/realm/<realms>/_clear_cache?usernames=<usernames>`
==== Description
@ -37,7 +37,7 @@ For example, to evict all users cached by the `file` realm:
[source,js]
--------------------------------------------------
POST _xpack/security/realm/default_file/_clear_cache
POST /_security/realm/default_file/_clear_cache
--------------------------------------------------
// CONSOLE
@ -45,7 +45,7 @@ To evict selected users, specify the `usernames` parameter:
[source,js]
--------------------------------------------------
POST _xpack/security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino
POST /_security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino
--------------------------------------------------
// CONSOLE
@ -54,6 +54,6 @@ list:
[source, js]
------------------------------------------------------------
POST _xpack/security/realm/default_file,ldap1/_clear_cache
POST /_security/realm/default_file,ldap1/_clear_cache
------------------------------------------------------------
// CONSOLE

View File

@ -6,7 +6,7 @@ Evicts roles from the native role cache.
==== Request
`POST /_xpack/security/role/<name>/_clear_cache`
`POST /_security/role/<name>/_clear_cache`
==== Description
@ -34,6 +34,6 @@ to clear the cache for `my_admin_role`:
[source,js]
--------------------------------------------------
POST /_xpack/security/role/my_admin_role/_clear_cache
POST /_security/role/my_admin_role/_clear_cache
--------------------------------------------------
// CONSOLE

View File

@ -6,9 +6,9 @@ Creates and updates role mappings.
==== Request
`POST /_xpack/security/role_mapping/<name>` +
`POST /_security/role_mapping/<name>` +
`PUT /_xpack/security/role_mapping/<name>`
`PUT /_security/role_mapping/<name>`
==== Description
@ -68,7 +68,7 @@ The following example assigns the "user" role to all users:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping1
POST /_security/role_mapping/mapping1
{
"roles": [ "user"],
"enabled": true, <1>
@ -103,7 +103,7 @@ The following example assigns the "user" and "admin" roles to specific users:
[source,js]
--------------------------------------------------
POST /_xpack/security/role_mapping/mapping2
POST /_security/role_mapping/mapping2
{
"roles": [ "user", "admin" ],
"enabled": true,
@ -119,7 +119,7 @@ or the user is in the `cn=admin,dc=example,dc=com` group:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping3
POST /_security/role_mapping/mapping3
{
"roles": [ "superuser" ],
"enabled": true,
@ -144,7 +144,7 @@ POST /_xpack/security/role_mapping/mapping3
The following example matches users who authenticated against a specific realm:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping4
POST /_security/role_mapping/mapping4
{
"roles": [ "ldap-user" ],
"enabled": true,
@ -159,7 +159,7 @@ The following example matches users within a specific LDAP sub-tree:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping5
POST /_security/role_mapping/mapping5
{
"roles": [ "example-user" ],
"enabled": true,
@ -175,7 +175,7 @@ specific realm:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping6
POST /_security/role_mapping/mapping6
{
"roles": [ "ldap-example-user" ],
"enabled": true,
@ -200,7 +200,7 @@ following mapping matches any user where *all* of these conditions are met:
[source, js]
------------------------------------------------------------
POST /_xpack/security/role_mapping/mapping7
POST /_security/role_mapping/mapping7
{
"roles": [ "superuser" ],
"enabled": true,

View File

@ -6,9 +6,9 @@ Adds and updates roles in the native realm.
==== Request
`POST /_xpack/security/role/<name>` +
`POST /_security/role/<name>` +
`PUT /_xpack/security/role/<name>`
`PUT /_security/role/<name>`
==== Description
@ -77,7 +77,7 @@ The following example adds a role called `my_admin_role`:
[source,js]
--------------------------------------------------
POST /_xpack/security/role/my_admin_role
POST /_security/role/my_admin_role
{
"cluster": ["all"],
"indices": [

View File

@ -8,9 +8,9 @@ to as _native users_.
==== Request
`POST /_xpack/security/user/<username>` +
`POST /_security/user/<username>` +
`PUT /_xpack/security/user/<username>`
`PUT /_security/user/<username>`
==== Description
@ -95,7 +95,7 @@ The following example creates a user `jacknich`:
[source,js]
--------------------------------------------------
POST /_xpack/security/user/jacknich
POST /_security/user/jacknich
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],

View File

@ -7,7 +7,7 @@ Removes
==== Request
`DELETE /_xpack/security/privilege/<application>/<privilege>`
`DELETE /_security/privilege/<application>/<privilege>`
//==== Description
@ -37,7 +37,7 @@ The following example deletes the `read` application privilege from the
[source,js]
--------------------------------------------------
DELETE /_xpack/security/privilege/myapp/read
DELETE /_security/privilege/myapp/read
--------------------------------------------------
// CONSOLE
// TEST[setup:app0102_privileges]

View File

@ -6,7 +6,7 @@ Removes role mappings.
==== Request
`DELETE /_xpack/security/role_mapping/<name>`
`DELETE /_security/role_mapping/<name>`
==== Description
@ -33,7 +33,7 @@ The following example delete a role mapping:
[source,js]
--------------------------------------------------
DELETE /_xpack/security/role_mapping/mapping1
DELETE /_security/role_mapping/mapping1
--------------------------------------------------
// CONSOLE
// TEST[setup:role_mapping]

View File

@ -6,7 +6,7 @@ Removes roles in the native realm.
==== Request
`DELETE /_xpack/security/role/<name>`
`DELETE /_security/role/<name>`
==== Description
@ -35,7 +35,7 @@ The following example deletes a `my_admin_role` role:
[source,js]
--------------------------------------------------
DELETE /_xpack/security/role/my_admin_role
DELETE /_security/role/my_admin_role
--------------------------------------------------
// CONSOLE
// TEST[setup:admin_role]

View File

@ -6,7 +6,7 @@ Deletes users from the native realm.
==== Request
`DELETE /_xpack/security/user/<username>`
`DELETE /_security/user/<username>`
==== Description
@ -31,7 +31,7 @@ The following example deletes the user `jacknich`:
[source,js]
--------------------------------------------------
DELETE /_xpack/security/user/jacknich
DELETE /_security/user/jacknich
--------------------------------------------------
// CONSOLE
// TEST[setup:jacknich_user]

View File

@ -7,7 +7,7 @@ Disables users in the native realm.
==== Request
`PUT /_xpack/security/user/<username>/_disable`
`PUT /_security/user/<username>/_disable`
==== Description
@ -37,7 +37,7 @@ The following example disables the user `jacknich`:
[source,js]
--------------------------------------------------
PUT /_xpack/security/user/jacknich/_disable
PUT /_security/user/jacknich/_disable
--------------------------------------------------
// CONSOLE
// TEST[setup:jacknich_user]

View File

@ -7,7 +7,7 @@ Enables users in the native realm.
==== Request
`PUT /_xpack/security/user/<username>/_enable`
`PUT /_security/user/<username>/_enable`
==== Description
@ -36,7 +36,7 @@ The following example enables the user `jacknich`:
[source,js]
--------------------------------------------------
PUT /_xpack/security/user/jacknich/_enable
PUT /_security/user/jacknich/_enable
--------------------------------------------------
// CONSOLE
// TEST[setup:jacknich_user]

View File

@ -7,11 +7,11 @@ Retrieves
==== Request
`GET /_xpack/security/privilege` +
`GET /_security/privilege` +
`GET /_xpack/security/privilege/<application>` +
`GET /_security/privilege/<application>` +
`GET /_xpack/security/privilege/<application>/<privilege>`
`GET /_security/privilege/<application>/<privilege>`
==== Description
@ -49,7 +49,7 @@ The following example retrieves information about the `read` privilege for the
[source,js]
--------------------------------------------------
GET /_xpack/security/privilege/myapp/read
GET /_security/privilege/myapp/read
--------------------------------------------------
// CONSOLE
// TEST[setup:app0102_privileges]
@ -81,7 +81,7 @@ To retrieve all privileges for an application, omit the privilege name:
[source,js]
--------------------------------------------------
GET /_xpack/security/privilege/myapp/
GET /_security/privilege/myapp/
--------------------------------------------------
// CONSOLE
@ -89,6 +89,6 @@ To retrieve every privilege, omit both the application and privilege names:
[source,js]
--------------------------------------------------
GET /_xpack/security/privilege/
GET /_security/privilege/
--------------------------------------------------
// CONSOLE

View File

@ -6,9 +6,9 @@ Retrieves role mappings.
==== Request
`GET /_xpack/security/role_mapping` +
`GET /_security/role_mapping` +
`GET /_xpack/security/role_mapping/<name>`
`GET /_security/role_mapping/<name>`
==== Description
@ -48,7 +48,7 @@ The following example retrieves information about the `mapping1` role mapping:
[source,js]
--------------------------------------------------
GET /_xpack/security/role_mapping/mapping1
GET /_security/role_mapping/mapping1
--------------------------------------------------
// CONSOLE
// TEST[setup:role_mapping]

View File

@ -6,9 +6,9 @@ Retrieves roles in the native realm.
==== Request
`GET /_xpack/security/role` +
`GET /_security/role` +
`GET /_xpack/security/role/<name>` +
`GET /_security/role/<name>` +
==== Description
@ -37,7 +37,7 @@ the native realm:
[source,js]
--------------------------------------------------
GET /_xpack/security/role/my_admin_role
GET /_security/role/my_admin_role
--------------------------------------------------
// CONSOLE
// TEST[setup:admin_role]
@ -75,7 +75,7 @@ To retrieve all roles, omit the role name:
[source,js]
--------------------------------------------------
GET /_xpack/security/role
GET /_security/role
--------------------------------------------------
// CONSOLE
// TEST[continued]

View File

@ -6,7 +6,7 @@ Creates a bearer token for access without requiring basic authentication.
==== Request
`POST /_xpack/security/oauth2/token`
`POST /_security/oauth2/token`
==== Description
@ -68,7 +68,7 @@ which simply creates a token as the authenticated user:
[source,js]
--------------------------------------------------
POST /_xpack/security/oauth2/token
POST /_security/oauth2/token
{
"grant_type" : "client_credentials"
}
@ -103,7 +103,7 @@ The following example obtains a token for the `test_admin` user using the
[source,js]
--------------------------------------------------
POST /_xpack/security/oauth2/token
POST /_security/oauth2/token
{
"grant_type" : "password",
"username" : "test_admin",
@ -134,7 +134,7 @@ creation. For example:
[source,js]
--------------------------------------------------
POST /_xpack/security/oauth2/token
POST /_security/oauth2/token
{
"grant_type": "refresh_token",
"refresh_token": "vLBPvmAB6KvwvJZr27cS"

View File

@ -7,9 +7,9 @@ Retrieves information about users in the native realm.
==== Request
`GET /_xpack/security/user` +
`GET /_security/user` +
`GET /_xpack/security/user/<username>`
`GET /_security/user/<username>`
==== Description
@ -31,12 +31,12 @@ To use this API, you must have at least the `manage_security` cluster privilege.
==== Examples
To retrieve a native user, submit a GET request to the `/_xpack/security/user/<username>`
To retrieve a native user, submit a GET request to the `/_security/user/<username>`
endpoint:
[source,js]
--------------------------------------------------
GET /_xpack/security/user/jacknich
GET /_security/user/jacknich
--------------------------------------------------
// CONSOLE
// TEST[setup:jacknich_user]
@ -68,7 +68,7 @@ Omit the username to retrieve all users:
[source,js]
--------------------------------------------------
GET /_xpack/security/user
GET /_security/user
--------------------------------------------------
// CONSOLE
// TEST[continued]

View File

@ -9,7 +9,7 @@ a specified list of privileges.
==== Request
`GET _xpack/security/user/_has_privileges`
`GET /_security/user/_has_privileges`
==== Description
@ -53,7 +53,7 @@ cluster, index, and application privileges:
[source,js]
--------------------------------------------------
GET _xpack/security/user/_has_privileges
GET /_security/user/_has_privileges
{
"cluster": [ "monitor", "manage" ],
"index" : [

View File

@ -6,7 +6,7 @@ Invalidates an access token or a refresh token.
==== Request
`DELETE /_xpack/security/oauth2/token`
`DELETE /_security/oauth2/token`
==== Description
@ -41,7 +41,7 @@ The following example invalidates the specified token immediately:
[source,js]
--------------------------------------------------
DELETE /_xpack/security/oauth2/token
DELETE /_security/oauth2/token
{
"token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
}
@ -52,7 +52,7 @@ whereas the following example invalidates the specified refresh token immediatel
[source,js]
--------------------------------------------------
DELETE /_xpack/security/oauth2/token
DELETE /_security/oauth2/token
{
"refresh_token" : "movUJjPGRRC0PQ7+NW0eag"
}

View File

@ -7,9 +7,9 @@ Adds or updates
==== Request
`POST /_xpack/security/privilege` +
`POST /_security/privilege` +
`PUT /_xpack/security/privilege`
`PUT /_security/privilege`
==== Description
@ -70,11 +70,11 @@ To use this API, you must have either:
==== Examples
To add a single privilege, submit a PUT or POST request to the
`/_xpack/security/privilege/<application>/<privilege>` endpoint. For example:
`/_security/privilege/<application>/<privilege>` endpoint. For example:
[source,js]
--------------------------------------------------
PUT /_xpack/security/privilege
PUT /_security/privilege
{
"myapp": {
"read": {
@ -116,11 +116,11 @@ been created or updated.
<1> When an existing privilege is updated, `created` is set to false.
To add multiple privileges, submit a POST request to the
`/_xpack/security/privilege/` endpoint. For example:
`/_security/privilege/` endpoint. For example:
[source,js]
--------------------------------------------------
PUT /_xpack/security/privilege
PUT /_security/privilege
{
"app01": {
"read": {

View File

@ -7,7 +7,7 @@ certificates that are used to encrypt communications in your {es} cluster.
==== Request
`GET /_xpack/ssl/certificates`
`GET /_ssl/certificates`
==== Description
@ -75,7 +75,7 @@ node of {es}:
[source,js]
--------------------------------------------------
GET /_xpack/ssl/certificates
GET /_xpack/certificates
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]

View File

@ -187,7 +187,7 @@ role.
Configured via the role-mapping API:
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/admins
PUT /_security/role_mapping/admins
{
"roles" : [ "monitoring" , "user" ],
"rules" : { "field" : {
@ -201,7 +201,7 @@ PUT _xpack/security/role_mapping/admins
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/basic_users
PUT /_security/role_mapping/basic_users
{
"roles" : [ "user" ],
"rules" : { "any": [

View File

@ -153,7 +153,7 @@ The following example uses the role mapping API to map `user@REALM` to the roles
[source,js]
--------------------------------------------------
POST _xpack/security/role_mapping/kerbrolemapping
POST /_security/role_mapping/kerbrolemapping
{
"roles" : [ "monitoring_user" ],
"enabled": true,

View File

@ -147,7 +147,7 @@ names. For example, the following mapping configuration maps the LDAP
Configured via the role-mapping API:
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/admins
PUT /_security/role_mapping/admins
{
"roles" : [ "monitoring" , "user" ],
"rules" : { "field" : {
@ -161,7 +161,7 @@ PUT _xpack/security/role_mapping/admins
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/basic_users
PUT /_security/role_mapping/basic_users
{
"roles" : [ "user" ],
"rules" : { "field" : {

View File

@ -140,7 +140,7 @@ For example, the following mapping configuration maps `John Doe` to the
Using the role-mapping API:
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/users
PUT /_security/role_mapping/users
{
"roles" : [ "user" ],
"rules" : { "field" : {

View File

@ -630,7 +630,7 @@ to any user who authenticates against the `saml1` realm:
[source,js]
--------------------------------------------------
PUT /_xpack/security/role_mapping/saml-kibana
PUT /_security/role_mapping/saml-kibana
{
"roles": [ "kibana_user" ],
"enabled": true,
@ -667,7 +667,7 @@ via the `saml1` realm with the `finance-team` group.
[source,js]
--------------------------------------------------
PUT /_xpack/security/role_mapping/saml-finance
PUT /_security/role_mapping/saml-finance
{
"roles": [ "finance_data" ],
"enabled": true,

View File

@ -25,7 +25,7 @@ all users from the `ad1` realm:
[source, js]
------------------------------------------------------------
$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache'
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache'
------------------------------------------------------------
To clear the cache for multiple realms, specify the realms as a comma-separated
@ -33,12 +33,12 @@ list:
[source, js]
------------------------------------------------------------
$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1,ad2/_clear_cache'
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1,ad2/_clear_cache'
------------------------------------------------------------
You can also evict specific users:
[source, java]
------------------------------------------------------------
$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino'
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino'
------------------------------------------------------------

View File

@ -146,7 +146,7 @@ no effect, and will not grant any actions in the
The following snippet shows an example definition of a `clicks_admin` role:
[source,js]
-----------
POST /_xpack/security/role/clicks_admin
POST /_security/role/clicks_admin
{
"run_as": [ "clicks_watcher_1" ],
"cluster": [ "monitor" ],

View File

@ -92,7 +92,7 @@ user:
You can use the role-mapping API to define equivalent mappings as follows:
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/admins
PUT /_security/role_mapping/admins
{
"roles" : [ "monitoring", "user" ],
"rules" : { "field" : { "groups" : "cn=admins,dc=example,dc=com" } },
@ -103,7 +103,7 @@ PUT _xpack/security/role_mapping/admins
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/basic_users
PUT /_security/role_mapping/basic_users
{
"roles" : [ "user" ],
"rules" : { "any" : [
@ -136,7 +136,7 @@ The following example creates equivalent mappings using the API:
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/admin_user
PUT /_security/role_mapping/admin_user
{
"roles" : [ "monitoring" ],
"rules" : { "field" : { "dn" : "cn=Admin,ou=example,o=com" } },
@ -147,7 +147,7 @@ PUT _xpack/security/role_mapping/admin_user
[source,js]
--------------------------------------------------
PUT _xpack/security/role_mapping/basic_user
PUT /_security/role_mapping/basic_user
{
"roles" : [ "user" ],
"rules" : { "field" : { "dn" : "cn=John Doe,ou=example,o=com" } },

View File

@ -14,7 +14,7 @@ of the current authenticated user:
[source,js]
--------------------------------------------------
POST /_xpack/security/role/example1
POST /_security/role/example1
{
"indices" : [
{
@ -51,7 +51,7 @@ based on the `group.id` field in your documents:
[source,js]
--------------------------------------------------
POST /_xpack/security/role/example2
POST /_security/role/example2
{
"indices" : [
{

View File

@ -95,7 +95,7 @@ On cluster `one`, this role does not need any special privileges:
[source,js]
-----------------------------------------------------------
POST /_xpack/security/role/cluster_two_logs
POST /_security/role/cluster_two_logs
{
}
-----------------------------------------------------------
@ -106,7 +106,7 @@ On cluster `two`, this role allows the user to query local indices called
[source,js]
-----------------------------------------------------------
POST /_xpack/security/role/cluster_two_logs
POST /_security/role/cluster_two_logs
{
"cluster": [],
"indices": [
@ -128,7 +128,7 @@ Finally, create a user on cluster `one` and apply the `cluster_two_logs` role:
[source,js]
-----------------------------------------------------------
POST /_xpack/security/user/alice
POST /_security/user/alice
{
"password" : "somepassword",
"roles" : [ "cluster_two_logs" ],

View File

@ -91,7 +91,7 @@ and assign the role to a new `johndoe` user.
--
[source,shell]
----------------------------------------------------------
curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{
curl -XPOST -u elastic 'localhost:9200/_security/role/events_admin' -H "Content-Type: application/json" -d '{
"indices" : [
{
"names" : [ "events*" ],
@ -104,7 +104,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Co
]
}'
curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content-Type: application/json" -d '{
curl -XPOST -u elastic 'localhost:9200/_security/user/johndoe' -H "Content-Type: application/json" -d '{
"password" : "userpassword",
"full_name" : "John Doe",
"email" : "john.doe@anony.mous",

View File

@ -125,7 +125,7 @@ public class XDocsClientYamlTestSuiteIT extends XPackRestIT {
*/
@After
public void deleteUsers() throws Exception {
ClientYamlTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(),
ClientYamlTestResponse response = getAdminExecutionContext().callApi("security.get_user", emptyMap(), emptyList(),
emptyMap());
@SuppressWarnings("unchecked")
Map<String, Object> users = (Map<String, Object>) response.getBody();
@ -134,7 +134,7 @@ public class XDocsClientYamlTestSuiteIT extends XPackRestIT {
Boolean reserved = metaDataMap == null ? null : (Boolean) metaDataMap.get("_reserved");
if (reserved == null || reserved == false) {
logger.warn("Deleting leftover user {}", user);
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
getAdminExecutionContext().callApi("security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
}
}
}

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.core.ssl.rest;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BaseRestHandler;
@ -28,14 +30,20 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
*/
public class RestGetCertificateInfoAction extends BaseRestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestGetCertificateInfoAction.class));
public RestGetCertificateInfoAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(GET, "/_xpack/ssl/certificates", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_ssl/certificates", this,
GET, "/_xpack/ssl/certificates", deprecationLogger);
}
@Override
public String getName() {
return "xpack_ssl_get_certificates";
return "ssl_get_certificates";
}
@Override

View File

@ -56,7 +56,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase {
}
private void setupDataAccessRole(String index) throws IOException {
Request request = new Request("PUT", "/_xpack/security/role/test_data_access");
Request request = new Request("PUT", "/_security/role/test_data_access");
request.setJsonEntity("{"
+ " \"indices\" : ["
+ " { \"names\": [\"" + index + "\"], \"privileges\": [\"read\"] }"
@ -66,7 +66,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase {
}
private void setupFullAccessRole(String index) throws IOException {
Request request = new Request("PUT", "/_xpack/security/role/test_data_access");
Request request = new Request("PUT", "/_security/role/test_data_access");
request.setJsonEntity("{"
+ " \"indices\" : ["
+ " { \"names\": [\"" + index + "\"], \"privileges\": [\"all\"] }"
@ -78,7 +78,7 @@ public class DatafeedJobsRestIT extends ESRestTestCase {
private void setupUser(String user, List<String> roles) throws IOException {
String password = new String(SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING.getChars());
Request request = new Request("PUT", "/_xpack/security/user/" + user);
Request request = new Request("PUT", "/_security/user/" + user);
request.setJsonEntity("{"
+ " \"password\" : \"" + password + "\","
+ " \"roles\" : [ " + roles.stream().map(unquoted -> "\"" + unquoted + "\"").collect(Collectors.joining(", ")) + " ]"

View File

@ -204,7 +204,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand {
Set<String> getUsersThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception {
Set<String> existingUsers = new HashSet<>();
String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/user/", options, null);
String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/user/", options, null);
// EMPTY is safe here because we never use namedObject
try (XContentParser parser = JsonXContent.jsonXContent
.createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allUsersJson)) {
@ -277,7 +277,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand {
try {
reqBody = createUserJson(userToRoles.get(user), userToHashedPW.get(user));
String resp = postURL(env.settings(), env, "POST",
this.url.value(options) + "/_xpack/security/user/" + user, options, reqBody);
this.url.value(options) + "/_security/user/" + user, options, reqBody);
terminal.println(resp);
} catch (Exception e) {
throw new ElasticsearchException("failed to migrate user [" + user + "] with body: " + reqBody, e);
@ -287,7 +287,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand {
Set<String> getRolesThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception {
Set<String> existingRoles = new HashSet<>();
String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/role/", options, null);
String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/role/", options, null);
// EMPTY is safe here because we never use namedObject
try (XContentParser parser = JsonXContent.jsonXContent
.createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allRolesJson)) {
@ -346,7 +346,7 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand {
try {
reqBody = createRoleJson(roles.get(roleName));
String resp = postURL(env.settings(), env, "POST",
this.url.value(options) + "/_xpack/security/role/" + roleName, options, reqBody);
this.url.value(options) + "/_security/role/" + roleName, options, reqBody);
terminal.println(resp);
} catch (Exception e) {
throw new ElasticsearchException("failed to migrate role [" + roleName + "] with body: " + reqBody, e);

View File

@ -292,7 +292,7 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand {
* @param terminal where to write verbose info.
*/
void checkElasticKeystorePasswordValid(Terminal terminal, Environment env) throws Exception {
URL route = createURL(url, "/_xpack/security/_authenticate", "?pretty");
URL route = createURL(url, "/_security/_authenticate", "?pretty");
terminal.println(Verbosity.VERBOSE, "");
terminal.println(Verbosity.VERBOSE, "Testing if bootstrap password is valid for " + route.toString());
try {
@ -449,7 +449,7 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand {
* @param password the new password of the user.
*/
private void changeUserPassword(String user, SecureString password, Terminal terminal) throws Exception {
URL route = createURL(url, "/_xpack/security/user/" + user + "/_password", "?pretty");
URL route = createURL(url, "/_security/user/" + user + "/_password", "?pretty");
terminal.println(Verbosity.VERBOSE, "");
terminal.println(Verbosity.VERBOSE, "Trying user password change call " + route.toString());
try {

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -29,17 +31,21 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
public class RestAuthenticateAction extends SecurityBaseRestHandler {
private final SecurityContext securityContext;
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestAuthenticateAction.class));
public RestAuthenticateAction(Settings settings, RestController controller, SecurityContext securityContext,
XPackLicenseState licenseState) {
super(settings, licenseState);
this.securityContext = securityContext;
controller.registerHandler(GET, "/_xpack/security/_authenticate", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/_authenticate", this,
GET, "/_xpack/security/_authenticate", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_authenticate_action";
return "security_authenticate_action";
}
@Override

View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.xpack.security.rest.action.oauth2;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.Action;
@ -12,6 +13,7 @@ import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ConstructingObjectParser;
@ -45,6 +47,7 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
*/
public final class RestGetTokenAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetTokenAction.class));
static final ConstructingObjectParser<CreateTokenRequest, Void> PARSER = new ConstructingObjectParser<>("token_request",
a -> new CreateTokenRequest((String) a[0], (String) a[1], (SecureString) a[2], (String) a[3], (String) a[4]));
static {
@ -59,12 +62,15 @@ public final class RestGetTokenAction extends SecurityBaseRestHandler {
public RestGetTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) {
super(settings, xPackLicenseState);
controller.registerHandler(POST, "/_xpack/security/oauth2/token", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/oauth2/token", this,
POST, "/_xpack/security/oauth2/token", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_get_token_action";
return "security_get_token_action";
}
@Override

View File

@ -5,10 +5,12 @@
*/
package org.elasticsearch.xpack.security.rest.action.oauth2;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ConstructingObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -34,6 +36,7 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE;
*/
public final class RestInvalidateTokenAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestInvalidateTokenAction.class));
static final ConstructingObjectParser<Tuple<String, String>, Void> PARSER =
new ConstructingObjectParser<>("invalidate_token", a -> new Tuple<>((String) a[0], (String) a[1]));
static {
@ -43,12 +46,15 @@ public final class RestInvalidateTokenAction extends SecurityBaseRestHandler {
public RestInvalidateTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) {
super(settings, xPackLicenseState);
controller.registerHandler(DELETE, "/_xpack/security/oauth2/token", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
DELETE, "/_security/oauth2/token", this,
DELETE, "/_xpack/security/oauth2/token", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_invalidate_token_action";
return "security_invalidate_token_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.privilege;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -31,14 +33,20 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE;
*/
public class RestDeletePrivilegesAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestDeletePrivilegesAction.class));
public RestDeletePrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(DELETE, "/_xpack/security/privilege/{application}/{privilege}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
DELETE, "/_security/privilege/{application}/{privilege}", this,
DELETE, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_delete_privilege_action";
return "security_delete_privilege_action";
}
@Override

View File

@ -5,8 +5,10 @@
*/
package org.elasticsearch.xpack.security.rest.action.privilege;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -36,16 +38,25 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
*/
public class RestGetPrivilegesAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetPrivilegesAction.class));
public RestGetPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(GET, "/_xpack/security/privilege/", this);
controller.registerHandler(GET, "/_xpack/security/privilege/{application}", this);
controller.registerHandler(GET, "/_xpack/security/privilege/{application}/{privilege}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/privilege/", this,
GET, "/_xpack/security/privilege/", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/privilege/{application}", this,
GET, "/_xpack/security/privilege/{application}", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/privilege/{application}/{privilege}", this,
GET, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_get_privileges_action";
return "security_get_privileges_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.privilege;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -35,16 +37,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
* Rest endpoint to add one or more {@link ApplicationPrivilege} objects to the security index
*/
public class RestPutPrivilegesAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutPrivilegesAction.class));
public RestPutPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(PUT, "/_xpack/security/privilege/", this);
controller.registerHandler(POST, "/_xpack/security/privilege/", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
PUT, "/_security/privilege/", this,
PUT, "/_xpack/security/privilege/", deprecationLogger);
controller.registerWithDeprecatedHandler(
POST, "/_security/privilege/", this,
POST, "/_xpack/security/privilege/", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_put_privileges_action";
return "security_put_privileges_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.realm;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.rest.RestController;
@ -21,14 +23,19 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
public final class RestClearRealmCacheAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRealmCacheAction.class));
public RestClearRealmCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/realm/{realms}/_clear_cache", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/realm/{realms}/_clear_cache", this,
POST, "/_xpack/security/realm/{realms}/_clear_cache", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_clear_realm_cache_action";
return "security_clear_realm_cache_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.role;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.rest.RestController;
@ -21,14 +23,19 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
public final class RestClearRolesCacheAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRolesCacheAction.class));
public RestClearRolesCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/role/{name}/_clear_cache", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/role/{name}/_clear_cache", this,
POST, "/_xpack/security/role/{name}/_clear_cache", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_clear_roles_cache_action";
return "security_clear_roles_cache_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.role;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -28,14 +30,19 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE;
*/
public class RestDeleteRoleAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteRoleAction.class));
public RestDeleteRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(DELETE, "/_xpack/security/role/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
DELETE, "/_security/role/{name}", this,
DELETE, "/_xpack/security/role/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_delete_role_action";
return "security_delete_role_action";
}
@Override

View File

@ -5,8 +5,10 @@
*/
package org.elasticsearch.xpack.security.rest.action.role;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -29,15 +31,23 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
* Rest endpoint to retrieve a Role from the security index
*/
public class RestGetRolesAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRolesAction.class));
public RestGetRolesAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(GET, "/_xpack/security/role/", this);
controller.registerHandler(GET, "/_xpack/security/role/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/role/", this,
GET, "/_xpack/security/role/", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/role/{name}", this,
GET, "/_xpack/security/role/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_get_roles_action";
return "security_get_roles_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.role;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -30,15 +32,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
*/
public class RestPutRoleAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleAction.class));
public RestPutRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/role/{name}", this);
controller.registerHandler(PUT, "/_xpack/security/role/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/role/{name}", this,
POST, "/_xpack/security/role/{name}", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/role/{name}", this,
PUT, "/_xpack/security/role/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_put_role_action";
return "security_put_role_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.rolemapping;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -28,14 +30,20 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE;
*/
public class RestDeleteRoleMappingAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestDeleteRoleMappingAction.class));
public RestDeleteRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(DELETE, "/_xpack/security/role_mapping/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
DELETE, "/_security/role_mapping/{name}", this,
DELETE, "/_xpack/security/role_mapping/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_delete_role_mapping_action";
return "security_delete_role_mapping_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.rolemapping;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -29,15 +31,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
*/
public class RestGetRoleMappingsAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRoleMappingsAction.class));
public RestGetRoleMappingsAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(GET, "/_xpack/security/role_mapping/", this);
controller.registerHandler(GET, "/_xpack/security/role_mapping/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/role_mapping/", this,
GET, "/_xpack/security/role_mapping/", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/role_mapping/{name}", this,
GET, "/_xpack/security/role_mapping/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_get_role_mappings_action";
return "security_get_role_mappings_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.rolemapping;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -32,15 +34,22 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
*/
public class RestPutRoleMappingAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleMappingAction.class));
public RestPutRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/role_mapping/{name}", this);
controller.registerHandler(PUT, "/_xpack/security/role_mapping/{name}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/role_mapping/{name}", this,
POST, "/_xpack/security/role_mapping/{name}", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/role_mapping/{name}", this,
PUT, "/_xpack/security/role_mapping/{name}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_put_role_mappings_action";
return "security_put_role_mappings_action";
}
@Override

View File

@ -5,9 +5,11 @@
*/
package org.elasticsearch.xpack.security.rest.action.saml;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -35,6 +37,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
*/
public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements RestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestSamlAuthenticateAction.class));
static class Input {
String content;
List<String> ids;
@ -58,12 +62,15 @@ public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements R
public RestSamlAuthenticateAction(Settings settings, RestController controller,
XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/saml/authenticate", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/saml/authenticate", this,
POST, "/_xpack/security/saml/authenticate", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_saml_authenticate_action";
return "security_saml_authenticate_action";
}
@Override

View File

@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml;
import java.io.IOException;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -32,6 +34,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
*/
public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestSamlInvalidateSessionAction.class));
static final ObjectParser<SamlInvalidateSessionRequest, RestSamlInvalidateSessionAction> PARSER =
new ObjectParser<>("saml_invalidate_session", SamlInvalidateSessionRequest::new);
@ -43,12 +47,15 @@ public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler {
public RestSamlInvalidateSessionAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/saml/invalidate", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/saml/invalidate", this,
POST, "/_xpack/security/saml/invalidate", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_saml_invalidate_action";
return "security_saml_invalidate_action";
}
@Override

View File

@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml;
import java.io.IOException;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -34,6 +36,7 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
*/
public class RestSamlLogoutAction extends SamlBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSamlLogoutAction.class));
static final ObjectParser<SamlLogoutRequest, Void> PARSER = new ObjectParser<>("saml_logout", SamlLogoutRequest::new);
static {
@ -43,12 +46,15 @@ public class RestSamlLogoutAction extends SamlBaseRestHandler {
public RestSamlLogoutAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/saml/logout", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/saml/logout", this,
POST, "/_xpack/security/saml/logout", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_saml_logout_action";
return "security_saml_logout_action";
}
@Override

View File

@ -7,8 +7,10 @@ package org.elasticsearch.xpack.security.rest.action.saml;
import java.io.IOException;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -34,6 +36,8 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
*/
public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler {
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestSamlPrepareAuthenticationAction.class));
static final ObjectParser<SamlPrepareAuthenticationRequest, Void> PARSER = new ObjectParser<>("saml_prepare_authn",
SamlPrepareAuthenticationRequest::new);
@ -44,12 +48,15 @@ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler {
public RestSamlPrepareAuthenticationAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/saml/prepare", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/saml/prepare", this,
POST, "/_xpack/security/saml/prepare", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_saml_prepare_authentication_action";
return "security_saml_prepare_authentication_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -33,6 +35,7 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
public class RestChangePasswordAction extends SecurityBaseRestHandler implements RestRequestFilter {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestChangePasswordAction.class));
private final SecurityContext securityContext;
private final Hasher passwordHasher;
@ -41,15 +44,24 @@ public class RestChangePasswordAction extends SecurityBaseRestHandler implements
super(settings, licenseState);
this.securityContext = securityContext;
passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings));
controller.registerHandler(POST, "/_xpack/security/user/{username}/_password", this);
controller.registerHandler(PUT, "/_xpack/security/user/{username}/_password", this);
controller.registerHandler(POST, "/_xpack/security/user/_password", this);
controller.registerHandler(PUT, "/_xpack/security/user/_password", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/user/{username}/_password", this,
POST, "/_xpack/security/user/{username}/_password", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/user/{username}/_password", this,
PUT, "/_xpack/security/user/{username}/_password", deprecationLogger);
controller.registerWithDeprecatedHandler(
POST, "/_security/user/_password", this,
POST, "/_xpack/security/user/_password", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/user/_password", this,
PUT, "/_xpack/security/user/_password", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_change_password_action";
return "security_change_password_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -28,14 +30,19 @@ import static org.elasticsearch.rest.RestRequest.Method.DELETE;
*/
public class RestDeleteUserAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteUserAction.class));
public RestDeleteUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(DELETE, "/_xpack/security/user/{username}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
DELETE, "/_security/user/{username}", this,
DELETE, "/_xpack/security/user/{username}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_delete_user_action";
return "security_delete_user_action";
}
@Override

View File

@ -5,8 +5,10 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -39,17 +41,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
public class RestGetUserPrivilegesAction extends SecurityBaseRestHandler {
private final SecurityContext securityContext;
private static final DeprecationLogger deprecationLogger =
new DeprecationLogger(LogManager.getLogger(RestGetUserPrivilegesAction.class));
public RestGetUserPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext,
XPackLicenseState licenseState) {
super(settings, licenseState);
this.securityContext = securityContext;
controller.registerHandler(GET, "/_xpack/security/user/_privileges", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/user/_privileges", this,
GET, "/_xpack/security/user/_privileges", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_user_privileges_action";
return "security_user_privileges_action";
}
@Override

View File

@ -5,8 +5,10 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -30,15 +32,22 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
*/
public class RestGetUsersAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetUsersAction.class));
public RestGetUsersAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(GET, "/_xpack/security/user/", this);
controller.registerHandler(GET, "/_xpack/security/user/{username}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/user/", this,
GET, "/_xpack/security/user/", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/user/{username}", this,
GET, "/_xpack/security/user/{username}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_get_users_action";
return "security_get_users_action";
}
@Override

View File

@ -5,10 +5,12 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -40,20 +42,30 @@ import static org.elasticsearch.rest.RestRequest.Method.POST;
public class RestHasPrivilegesAction extends SecurityBaseRestHandler {
private final SecurityContext securityContext;
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestHasPrivilegesAction.class));
public RestHasPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext,
XPackLicenseState licenseState) {
super(settings, licenseState);
this.securityContext = securityContext;
controller.registerHandler(GET, "/_xpack/security/user/{username}/_has_privileges", this);
controller.registerHandler(POST, "/_xpack/security/user/{username}/_has_privileges", this);
controller.registerHandler(GET, "/_xpack/security/user/_has_privileges", this);
controller.registerHandler(POST, "/_xpack/security/user/_has_privileges", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
GET, "/_security/user/{username}/_has_privileges", this,
GET, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger);
controller.registerWithDeprecatedHandler(
POST, "/_security/user/{username}/_has_privileges", this,
POST, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger);
controller.registerWithDeprecatedHandler(
GET, "/_security/user/_has_privileges", this,
GET, "/_xpack/security/user/_has_privileges", deprecationLogger);
controller.registerWithDeprecatedHandler(
POST, "/_security/user/_has_privileges", this,
POST, "/_xpack/security/user/_has_privileges", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_has_priviledges_action";
return "security_has_priviledges_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -37,17 +39,23 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
public class RestPutUserAction extends SecurityBaseRestHandler implements RestRequestFilter {
private final Hasher passwordHasher;
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutUserAction.class));
public RestPutUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings));
controller.registerHandler(POST, "/_xpack/security/user/{username}", this);
controller.registerHandler(PUT, "/_xpack/security/user/{username}", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/user/{username}", this,
POST, "/_xpack/security/user/{username}", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/user/{username}", this,
PUT, "/_xpack/security/user/{username}", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_put_user_action";
return "security_put_user_action";
}
@Override

View File

@ -5,7 +5,9 @@
*/
package org.elasticsearch.xpack.security.rest.action.user;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.XPackLicenseState;
@ -30,17 +32,28 @@ import static org.elasticsearch.rest.RestRequest.Method.PUT;
*/
public class RestSetEnabledAction extends SecurityBaseRestHandler {
private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSetEnabledAction.class));
public RestSetEnabledAction(Settings settings, RestController controller, XPackLicenseState licenseState) {
super(settings, licenseState);
controller.registerHandler(POST, "/_xpack/security/user/{username}/_enable", this);
controller.registerHandler(PUT, "/_xpack/security/user/{username}/_enable", this);
controller.registerHandler(POST, "/_xpack/security/user/{username}/_disable", this);
controller.registerHandler(PUT, "/_xpack/security/user/{username}/_disable", this);
// TODO: remove deprecated endpoint in 8.0.0
controller.registerWithDeprecatedHandler(
POST, "/_security/user/{username}/_enable", this,
POST, "/_xpack/security/user/{username}/_enable", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/user/{username}/_enable", this,
PUT, "/_xpack/security/user/{username}/_enable", deprecationLogger);
controller.registerWithDeprecatedHandler(
POST, "/_security/user/{username}/_disable", this,
POST, "/_xpack/security/user/{username}/_disable", deprecationLogger);
controller.registerWithDeprecatedHandler(
PUT, "/_security/user/{username}/_disable", this,
PUT, "/_xpack/security/user/{username}/_disable", deprecationLogger);
}
@Override
public String getName() {
return "xpack_security_set_enabled_action";
return "security_set_enabled_action";
}
@Override

View File

@ -99,7 +99,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
@Override
public void executeRequest() throws Exception {
executeHttpRequest("/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache",
executeHttpRequest("/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache",
Collections.<String, String>emptyMap());
}
},
@ -122,7 +122,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
@Override
public void executeRequest() throws Exception {
String path = "/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache";
String path = "/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache";
Map<String, String> params = Collections.singletonMap("usernames", String.join(",", evicted_usernames));
executeHttpRequest(path, params);
}

View File

@ -199,7 +199,7 @@ public class LicensingTests extends SecurityIntegTestCase {
// the default of the licensing tests is basic
assertThat(unauthorizedRootResponse.getStatusLine().getStatusCode(), is(200));
ResponseException e = expectThrows(ResponseException.class,
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
() -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate")));
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
// generate a new license with a mode that enables auth
@ -209,7 +209,7 @@ public class LicensingTests extends SecurityIntegTestCase {
e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/")));
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
e = expectThrows(ResponseException.class,
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
() -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate")));
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
@ -221,7 +221,7 @@ public class LicensingTests extends SecurityIntegTestCase {
rootRequest.setOptions(options);
Response authorizedRootResponse = getRestClient().performRequest(rootRequest);
assertThat(authorizedRootResponse.getStatusLine().getStatusCode(), is(200));
Request authenticateRequest = new Request("GET", "/_xpack/security/_authenticate");
Request authenticateRequest = new Request("GET", "/_security/_authenticate");
authenticateRequest.setOptions(options);
Response authorizedAuthenticateResponse = getRestClient().performRequest(authenticateRequest);
assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200));

View File

@ -80,7 +80,7 @@ public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase {
public void setupReservedPasswords(RestClient restClient) throws IOException {
logger.info("setting up reserved passwords for test");
{
Request request = new Request("PUT", "/_xpack/security/user/elastic/_password");
Request request = new Request("PUT", "/_security/user/elastic/_password");
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
RequestOptions.Builder options = request.getOptions().toBuilder();
options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD));
@ -94,7 +94,7 @@ public abstract class NativeRealmIntegTestCase extends SecurityIntegTestCase {
final List<String> usernames = Arrays.asList(KibanaUser.NAME, LogstashSystemUser.NAME, BeatsSystemUser.NAME, APMSystemUser.NAME,
RemoteMonitoringUser.NAME);
for (String username : usernames) {
Request request = new Request("PUT", "/_xpack/security/user/" + username + "/_password");
Request request = new Request("PUT", "/_security/user/" + username + "/_password");
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
request.setOptions(options);
restClient.performRequest(request);

View File

@ -459,11 +459,11 @@ public class SetupPasswordToolTests extends CommandTestCase {
}
private URL authenticateUrl(URL url) throws MalformedURLException, URISyntaxException {
return new URL(url, (url.toURI().getPath() + "/_xpack/security/_authenticate").replaceAll("/+", "/") + "?pretty");
return new URL(url, (url.toURI().getPath() + "/_security/_authenticate").replaceAll("/+", "/") + "?pretty");
}
private URL passwordUrl(URL url, String user) throws MalformedURLException, URISyntaxException {
return new URL(url, (url.toURI().getPath() + "/_xpack/security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty");
return new URL(url, (url.toURI().getPath() + "/_security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty");
}
private URL clusterHealthUrl(URL url) throws MalformedURLException, URISyntaxException {

View File

@ -53,7 +53,7 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
}
public void testAuthenticateApi() throws Exception {
Request request = new Request("GET", "/_xpack/security/_authenticate");
Request request = new Request("GET", "/_security/_authenticate");
RequestOptions.Builder options = request.getOptions().toBuilder();
options.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
@ -72,7 +72,7 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
public void testAuthenticateApiWithoutAuthentication() throws Exception {
try {
Response response = getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate"));
Response response = getRestClient().performRequest(new Request("GET", "/_security/_authenticate"));
if (anonymousEnabled) {
assertThat(response.getStatusLine().getStatusCode(), is(200));
ObjectPath objectPath = ObjectPath.createFromResponse(response);

View File

@ -476,7 +476,7 @@ public abstract class SqlSecurityTestCase extends ESRestTestCase {
}
protected static void createUser(String name, String role) throws IOException {
Request request = new Request("PUT", "/_xpack/security/user/" + name);
Request request = new Request("PUT", "/_security/user/" + name);
XContentBuilder user = JsonXContent.contentBuilder().prettyPrint();
user.startObject(); {
user.field("password", "testpass");

View File

@ -155,7 +155,7 @@ public class UserFunctionIT extends ESRestTestCase {
}
private void createUser(String name, String role) throws IOException {
Request request = new Request("PUT", "/_xpack/security/user/" + name);
Request request = new Request("PUT", "/_security/user/" + name);
XContentBuilder user = JsonXContent.contentBuilder().prettyPrint();
user.startObject(); {
user.field("password", "testpass");
@ -167,7 +167,7 @@ public class UserFunctionIT extends ESRestTestCase {
}
private void deleteUser(String name) throws IOException {
Request request = new Request("DELETE", "/_xpack/security/user/" + name);
Request request = new Request("DELETE", "/_security/user/" + name);
client().performRequest(request);
}

View File

@ -1,10 +1,12 @@
{
"xpack.security.authenticate": {
"security.authenticate": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/_authenticate",
"paths": [ "/_xpack/security/_authenticate" ],
"path": "/_security/_authenticate",
"paths": [
"/_security/_authenticate"
],
"parts": {},
"params": {}
},

View File

@ -1,10 +1,13 @@
{
"xpack.security.change_password": {
"security.change_password": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/user/{username}/_password",
"paths": [ "/_xpack/security/user/{username}/_password", "/_xpack/security/user/_password" ],
"path": "/_security/user/{username}/_password",
"paths": [
"/_security/user/{username}/_password",
"/_security/user/_password"
],
"parts": {
"username": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.clear_cached_realms": {
"security.clear_cached_realms": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html",
"methods": [ "POST" ],
"url": {
"path": "/_xpack/security/realm/{realms}/_clear_cache",
"paths": [ "/_xpack/security/realm/{realms}/_clear_cache" ],
"path": "/_security/realm/{realms}/_clear_cache",
"paths": [
"/_security/realm/{realms}/_clear_cache"
],
"parts": {
"realms": {
"type" : "list",

View File

@ -1,10 +1,12 @@
{
"xpack.security.clear_cached_roles": {
"security.clear_cached_roles": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html",
"methods": [ "POST" ],
"url": {
"path": "/_xpack/security/role/{name}/_clear_cache",
"paths": [ "/_xpack/security/role/{name}/_clear_cache" ],
"path": "/_security/role/{name}/_clear_cache",
"paths": [
"/_security/role/{name}/_clear_cache"
],
"parts": {
"name": {
"type" : "list",

View File

@ -1,10 +1,12 @@
{
"xpack.security.delete_privileges": {
"security.delete_privileges": {
"documentation": "TODO",
"methods": [ "DELETE" ],
"url": {
"path": "/_xpack/security/privilege/{application}/{name}",
"paths": [ "/_xpack/security/privilege/{application}/{name}" ],
"path": "/_security/privilege/{application}/{name}",
"paths": [
"/_security/privilege/{application}/{name}"
],
"parts": {
"application": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.delete_role": {
"security.delete_role": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html",
"methods": [ "DELETE" ],
"url": {
"path": "/_xpack/security/role/{name}",
"paths": [ "/_xpack/security/role/{name}" ],
"path": "/_security/role/{name}",
"paths": [
"/_security/role/{name}"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.delete_role_mapping": {
"security.delete_role_mapping": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role-mapping.html",
"methods": [ "DELETE" ],
"url": {
"path": "/_xpack/security/role_mapping/{name}",
"paths": [ "/_xpack/security/role_mapping/{name}" ],
"path": "/_security/role_mapping/{name}",
"paths": [
"/_security/role_mapping/{name}"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.delete_user": {
"security.delete_user": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-user.html",
"methods": [ "DELETE" ],
"url": {
"path": "/_xpack/security/user/{username}",
"paths": [ "/_xpack/security/user/{username}" ],
"path": "/_security/user/{username}",
"paths": [
"/_security/user/{username}"
],
"parts": {
"username": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.disable_user": {
"security.disable_user": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/user/{username}/_disable",
"paths": [ "/_xpack/security/user/{username}/_disable" ],
"path": "/_security/user/{username}/_disable",
"paths": [
"/_security/user/{username}/_disable"
],
"parts": {
"username": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.enable_user": {
"security.enable_user": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/user/{username}/_enable",
"paths": [ "/_xpack/security/user/{username}/_enable" ],
"path": "/_security/user/{username}/_enable",
"paths": [
"/_security/user/{username}/_enable"
],
"parts": {
"username": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.get_privileges": {
"security.get_privileges": {
"documentation": "TODO",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/privilege/{application}/{name}",
"paths": [ "/_xpack/security/privilege/{application}/{name}" ],
"path": "/_security/privilege/{application}/{name}",
"paths": [
"/_security/privilege/{application}/{name}"
],
"parts": {
"application": {
"type" : "string",

View File

@ -1,10 +1,13 @@
{
"xpack.security.get_role": {
"security.get_role": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/role/{name}",
"paths": [ "/_xpack/security/role/{name}", "/_xpack/security/role" ],
"path": "/_security/role/{name}",
"paths": [
"/_security/role/{name}",
"/_security/role"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,13 @@
{
"xpack.security.get_role_mapping": {
"security.get_role_mapping": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/role_mapping/{name}",
"paths": [ "/_xpack/security/role_mapping/{name}", "/_xpack/security/role_mapping" ],
"path": "/_security/role_mapping/{name}",
"paths": [
"/_security/role_mapping/{name}",
"/_security/role_mapping"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.get_token": {
"security.get_token": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html",
"methods": [ "POST" ],
"url": {
"path": "/_xpack/security/oauth2/token",
"paths": [ "/_xpack/security/oauth2/token" ],
"path": "/_security/oauth2/token",
"paths": [
"/_security/oauth2/token"
],
"parts": {},
"params": {}
},

View File

@ -1,10 +1,13 @@
{
"xpack.security.get_user": {
"security.get_user": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/user/{username}",
"paths": [ "/_xpack/security/user/{username}", "/_xpack/security/user" ],
"path": "/_security/user/{username}",
"paths": [
"/_security/user/{username}",
"/_security/user"
],
"parts": {
"username": {
"type" : "list",

View File

@ -1,10 +1,12 @@
{
"xpack.security.get_user_privileges": {
"security.get_user_privileges": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/security/user/_privileges",
"paths": [ "/_xpack/security/user/_privileges" ],
"path": "/_security/user/_privileges",
"paths": [
"/_security/user/_privileges"
],
"parts": { },
"params": {}
},

View File

@ -1,10 +1,13 @@
{
"xpack.security.has_privileges": {
"security.has_privileges": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html",
"methods": [ "GET", "POST" ],
"url": {
"path": "/_xpack/security/user/_has_privileges",
"paths": [ "/_xpack/security/user/_has_privileges", "/_xpack/security/user/{user}/_has_privileges" ],
"path": "/_security/user/_has_privileges",
"paths": [
"/_security/user/_has_privileges",
"/_security/user/{user}/_has_privileges"
],
"parts": {
"user": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.invalidate_token": {
"security.invalidate_token": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html",
"methods": [ "DELETE" ],
"url": {
"path": "/_xpack/security/oauth2/token",
"paths": [ "/_xpack/security/oauth2/token" ],
"path": "/_security/oauth2/token",
"paths": [
"/_security/oauth2/token"
],
"parts": {},
"params": {}
},

View File

@ -1,11 +1,11 @@
{
"xpack.security.put_privileges": {
"security.put_privileges": {
"documentation": "TODO",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/privilege/",
"path": "/_security/privilege/",
"paths": [
"/_xpack/security/privilege/"
"/_security/privilege/"
],
"params": {
"refresh": {

View File

@ -1,10 +1,12 @@
{
"xpack.security.put_role": {
"security.put_role": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/role/{name}",
"paths": [ "/_xpack/security/role/{name}" ],
"path": "/_security/role/{name}",
"paths": [
"/_security/role/{name}"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.put_role_mapping": {
"security.put_role_mapping": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/role_mapping/{name}",
"paths": [ "/_xpack/security/role_mapping/{name}" ],
"path": "/_security/role_mapping/{name}",
"paths": [
"/_security/role_mapping/{name}"
],
"parts": {
"name": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.security.put_user": {
"security.put_user": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html",
"methods": [ "PUT", "POST" ],
"url": {
"path": "/_xpack/security/user/{username}",
"paths": [ "/_xpack/security/user/{username}" ],
"path": "/_security/user/{username}",
"paths": [
"/_security/user/{username}"
],
"parts": {
"username": {
"type" : "string",

View File

@ -1,10 +1,12 @@
{
"xpack.ssl.certificates": {
"ssl.certificates": {
"documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html",
"methods": [ "GET" ],
"url": {
"path": "/_xpack/ssl/certificates",
"paths": [ "/_xpack/ssl/certificates" ],
"path": "/_ssl/certificates",
"paths": [
"/_ssl/certificates"
],
"parts": {},
"params": {}
},

View File

@ -8,7 +8,7 @@ setup:
wait_for_status: yellow
- do:
xpack.security.put_user:
security.put_user:
username: "authenticate_user"
body: >
{
@ -20,7 +20,7 @@ setup:
---
teardown:
- do:
xpack.security.delete_user:
security.delete_user:
username: "authenticate_user"
ignore: 404
@ -30,7 +30,7 @@ teardown:
- do:
headers:
Authorization: "Basic YXV0aGVudGljYXRlX3VzZXI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ="
xpack.security.authenticate: {}
security.authenticate: {}
- match: { username: "authenticate_user" }
- match: { roles.0: "superuser" }

Some files were not shown because too many files have changed in this diff Show More