-
Notifications
You must be signed in to change notification settings - Fork 24.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HLRC: Create/Update role mapping API (#34171)
We added support for role mapper expression DSL in #33745, that allows us to build the role mapper expression used in the role mapping (as rules for determining user roles based on what the boolean expression resolves to). This change now adds support for create/update role mapping API to the high-level rest client.
- Loading branch information
Showing
12 changed files
with
569 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
...est-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security; | ||
|
||
import org.elasticsearch.client.Validatable; | ||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression; | ||
import org.elasticsearch.common.Nullable; | ||
import org.elasticsearch.common.Strings; | ||
import org.elasticsearch.common.xcontent.ToXContentObject; | ||
import org.elasticsearch.common.xcontent.XContentBuilder; | ||
|
||
import java.io.IOException; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.Objects; | ||
|
||
/** | ||
* Request object to create or update a role mapping. | ||
*/ | ||
public final class PutRoleMappingRequest implements Validatable, ToXContentObject { | ||
|
||
private final String name; | ||
private final boolean enabled; | ||
private final List<String> roles; | ||
private final RoleMapperExpression rules; | ||
|
||
private final Map<String, Object> metadata; | ||
private final RefreshPolicy refreshPolicy; | ||
|
||
public PutRoleMappingRequest(final String name, final boolean enabled, final List<String> roles, final RoleMapperExpression rules, | ||
@Nullable final Map<String, Object> metadata, @Nullable final RefreshPolicy refreshPolicy) { | ||
if (Strings.hasText(name) == false) { | ||
throw new IllegalArgumentException("role-mapping name is missing"); | ||
} | ||
this.name = name; | ||
this.enabled = enabled; | ||
if (roles == null || roles.isEmpty()) { | ||
throw new IllegalArgumentException("role-mapping roles are missing"); | ||
} | ||
this.roles = Collections.unmodifiableList(roles); | ||
this.rules = Objects.requireNonNull(rules, "role-mapping rules are missing"); | ||
this.metadata = (metadata == null) ? Collections.emptyMap() : metadata; | ||
this.refreshPolicy = (refreshPolicy == null) ? RefreshPolicy.getDefault() : refreshPolicy; | ||
} | ||
|
||
public String getName() { | ||
return name; | ||
} | ||
|
||
public boolean isEnabled() { | ||
return enabled; | ||
} | ||
|
||
public List<String> getRoles() { | ||
return roles; | ||
} | ||
|
||
public RoleMapperExpression getRules() { | ||
return rules; | ||
} | ||
|
||
public Map<String, Object> getMetadata() { | ||
return metadata; | ||
} | ||
|
||
public RefreshPolicy getRefreshPolicy() { | ||
return refreshPolicy; | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(name, enabled, refreshPolicy, roles, rules, metadata); | ||
} | ||
|
||
@Override | ||
public boolean equals(Object obj) { | ||
if (this == obj) { | ||
return true; | ||
} | ||
if (obj == null) { | ||
return false; | ||
} | ||
if (getClass() != obj.getClass()) { | ||
return false; | ||
} | ||
final PutRoleMappingRequest other = (PutRoleMappingRequest) obj; | ||
|
||
return (enabled == other.enabled) && | ||
(refreshPolicy == other.refreshPolicy) && | ||
Objects.equals(name, other.name) && | ||
Objects.equals(roles, other.roles) && | ||
Objects.equals(rules, other.rules) && | ||
Objects.equals(metadata, other.metadata); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { | ||
builder.startObject(); | ||
builder.field("enabled", enabled); | ||
builder.field("roles", roles); | ||
builder.field("rules", rules); | ||
builder.field("metadata", metadata); | ||
return builder.endObject(); | ||
} | ||
|
||
} |
77 changes: 77 additions & 0 deletions
77
...st-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security; | ||
|
||
import org.elasticsearch.common.ParseField; | ||
import org.elasticsearch.common.xcontent.ConstructingObjectParser; | ||
import org.elasticsearch.common.xcontent.XContentParser; | ||
|
||
import java.io.IOException; | ||
import java.util.Objects; | ||
|
||
import static org.elasticsearch.common.xcontent.ConstructingObjectParser.constructorArg; | ||
|
||
/** | ||
* Response when adding/updating a role mapping. Returns a boolean field for | ||
* whether the role mapping was created or updated. | ||
*/ | ||
public final class PutRoleMappingResponse { | ||
|
||
private final boolean created; | ||
|
||
public PutRoleMappingResponse(boolean created) { | ||
this.created = created; | ||
} | ||
|
||
public boolean isCreated() { | ||
return created; | ||
} | ||
|
||
@Override | ||
public boolean equals(Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (o == null || getClass() != o.getClass()) { | ||
return false; | ||
} | ||
final PutRoleMappingResponse that = (PutRoleMappingResponse) o; | ||
return created == that.created; | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(created); | ||
} | ||
|
||
private static final ConstructingObjectParser<PutRoleMappingResponse, Void> PARSER = new ConstructingObjectParser<>( | ||
"put_role_mapping_response", true, args -> new PutRoleMappingResponse((boolean) args[0])); | ||
static { | ||
PARSER.declareBoolean(constructorArg(), new ParseField("created")); | ||
// To parse the "created" field we declare "role_mapping" field object. | ||
// Once the nested field "created" is found parser constructs the target object and | ||
// ignores the role_mapping object. | ||
PARSER.declareObject((a,b) -> {}, (parser, context) -> null, new ParseField("role_mapping")); | ||
} | ||
|
||
public static PutRoleMappingResponse fromXContent(XContentParser parser) throws IOException { | ||
return PARSER.parse(parser, null); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.