This PR adds minimum support for prefix search of API Key name. It only touches API key name and leave all other query parameters, e.g. realm name, username unchanged.
This commit is contained in:
parent
7dcdaeae49
commit
f651487d74
|
@ -35,7 +35,7 @@ pertain to retrieving api keys:
|
|||
|
||||
`name`::
|
||||
(Optional, string) An API key name. This parameter cannot be used with any of
|
||||
`id`, `realm_name` or `username` are used.
|
||||
`id`, `realm_name` or `username` are used. It supports prefix search with wildcard.
|
||||
|
||||
`realm_name`::
|
||||
(Optional, string) The name of an authentication realm. This parameter cannot be
|
||||
|
@ -101,6 +101,14 @@ GET /_security/api_key?name=my-api-key
|
|||
--------------------------------------------------
|
||||
// TEST[continued]
|
||||
|
||||
API key name supports prefix search by using wildcard:
|
||||
|
||||
[source,console]
|
||||
--------------------------------------------------
|
||||
GET /_security/api_key?name=my-*
|
||||
--------------------------------------------------
|
||||
// TEST[continued]
|
||||
|
||||
The following example retrieves all API keys for the `native1` realm:
|
||||
|
||||
[source,console]
|
||||
|
|
|
@ -830,8 +830,12 @@ public class ApiKeyService {
|
|||
if (Strings.hasText(userName)) {
|
||||
boolQuery.filter(QueryBuilders.termQuery("creator.principal", userName));
|
||||
}
|
||||
if (Strings.hasText(apiKeyName)) {
|
||||
boolQuery.filter(QueryBuilders.termQuery("name", apiKeyName));
|
||||
if (Strings.hasText(apiKeyName) && "*".equals(apiKeyName) == false) {
|
||||
if (apiKeyName.endsWith("*")) {
|
||||
boolQuery.filter(QueryBuilders.prefixQuery("name", apiKeyName.substring(0, apiKeyName.length() - 1)));
|
||||
} else {
|
||||
boolQuery.filter(QueryBuilders.termQuery("name", apiKeyName));
|
||||
}
|
||||
}
|
||||
if (Strings.hasText(apiKeyId)) {
|
||||
boolQuery.filter(QueryBuilders.termQuery("_id", apiKeyId));
|
||||
|
|
|
@ -546,14 +546,43 @@ public class ApiKeyIntegTests extends SecurityIntegTestCase {
|
|||
}
|
||||
|
||||
public void testGetApiKeysForApiKeyName() throws InterruptedException, ExecutionException {
|
||||
List<CreateApiKeyResponse> responses = createApiKeys(1, null);
|
||||
Client client = client().filterWithHeader(Collections.singletonMap("Authorization", UsernamePasswordToken
|
||||
.basicAuthHeaderValue(SecuritySettingsSource.TEST_SUPERUSER, SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING)));
|
||||
final Map<String, String> headers = Collections.singletonMap(
|
||||
"Authorization",
|
||||
UsernamePasswordToken.basicAuthHeaderValue(
|
||||
SecuritySettingsSource.TEST_SUPERUSER,
|
||||
SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING));
|
||||
|
||||
final int noOfApiKeys = randomIntBetween(1, 3);
|
||||
final List<CreateApiKeyResponse> createApiKeyResponses1 = createApiKeys(noOfApiKeys, null);
|
||||
final List<CreateApiKeyResponse> createApiKeyResponses2 = createApiKeys(
|
||||
headers, noOfApiKeys, "another-test-key-", null, "monitor");
|
||||
|
||||
Client client = client().filterWithHeader(headers);
|
||||
SecurityClient securityClient = new SecurityClient(client);
|
||||
PlainActionFuture<GetApiKeyResponse> listener = new PlainActionFuture<>();
|
||||
List<CreateApiKeyResponse> responses = randomFrom(createApiKeyResponses1, createApiKeyResponses2);
|
||||
securityClient.getApiKey(GetApiKeyRequest.usingApiKeyName(responses.get(0).getName(), false), listener);
|
||||
GetApiKeyResponse response = listener.get();
|
||||
verifyGetResponse(1, responses, response, Collections.singleton(responses.get(0).getId()), null);
|
||||
verifyGetResponse(1, responses, listener.get(), Collections.singleton(responses.get(0).getId()), null);
|
||||
|
||||
PlainActionFuture<GetApiKeyResponse> listener2 = new PlainActionFuture<>();
|
||||
securityClient.getApiKey(GetApiKeyRequest.usingApiKeyName("test-key*", false), listener2);
|
||||
verifyGetResponse(noOfApiKeys, createApiKeyResponses1, listener2.get(),
|
||||
createApiKeyResponses1.stream().map(CreateApiKeyResponse::getId).collect(Collectors.toSet()), null);
|
||||
|
||||
PlainActionFuture<GetApiKeyResponse> listener3 = new PlainActionFuture<>();
|
||||
securityClient.getApiKey(GetApiKeyRequest.usingApiKeyName("*", false), listener3);
|
||||
responses = Stream.concat(createApiKeyResponses1.stream(), createApiKeyResponses2.stream()).collect(Collectors.toList());
|
||||
verifyGetResponse(2 * noOfApiKeys, responses, listener3.get(),
|
||||
responses.stream().map(CreateApiKeyResponse::getId).collect(Collectors.toSet()), null);
|
||||
|
||||
PlainActionFuture<GetApiKeyResponse> listener4 = new PlainActionFuture<>();
|
||||
securityClient.getApiKey(GetApiKeyRequest.usingApiKeyName("does-not-exist*", false), listener4);
|
||||
verifyGetResponse(0, Collections.emptyList(), listener4.get(), Collections.emptySet(), null);
|
||||
|
||||
PlainActionFuture<GetApiKeyResponse> listener5 = new PlainActionFuture<>();
|
||||
securityClient.getApiKey(GetApiKeyRequest.usingApiKeyName("another-test-key*", false), listener5);
|
||||
verifyGetResponse(noOfApiKeys, createApiKeyResponses2, listener5.get(),
|
||||
createApiKeyResponses2.stream().map(CreateApiKeyResponse::getId).collect(Collectors.toSet()), null);
|
||||
}
|
||||
|
||||
public void testGetApiKeysOwnedByCurrentAuthenticatedUser() throws InterruptedException, ExecutionException {
|
||||
|
@ -994,13 +1023,18 @@ public class ApiKeyIntegTests extends SecurityIntegTestCase {
|
|||
|
||||
private List<CreateApiKeyResponse> createApiKeys(Map<String, String> headers,
|
||||
int noOfApiKeys, TimeValue expiration, String... clusterPrivileges) {
|
||||
return createApiKeys(headers, noOfApiKeys, "test-key-", expiration, clusterPrivileges);
|
||||
}
|
||||
|
||||
private List<CreateApiKeyResponse> createApiKeys(Map<String, String> headers,
|
||||
int noOfApiKeys, String namePrefix, TimeValue expiration, String... clusterPrivileges) {
|
||||
List<CreateApiKeyResponse> responses = new ArrayList<>();
|
||||
for (int i = 0; i < noOfApiKeys; i++) {
|
||||
final RoleDescriptor descriptor = new RoleDescriptor("role", clusterPrivileges, null, null);
|
||||
Client client = client().filterWithHeader(headers);
|
||||
SecurityClient securityClient = new SecurityClient(client);
|
||||
final CreateApiKeyResponse response = securityClient.prepareCreateApiKey()
|
||||
.setName("test-key-" + randomAlphaOfLengthBetween(5, 9) + i).setExpiration(expiration)
|
||||
.setName(namePrefix + randomAlphaOfLengthBetween(5, 9) + i).setExpiration(expiration)
|
||||
.setRoleDescriptors(Collections.singletonList(descriptor)).get();
|
||||
assertNotNull(response.getId());
|
||||
assertNotNull(response.getKey());
|
||||
|
|
Loading…
Reference in New Issue