-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HLRC] Support for role mapper expression dsl #33745
Merged
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
8df2db7
[HLRC] Support for role mapper expression dsl
44e8338
Refactored code to address review comment
eb599bc
Forgot to address precommit errors.
c60f6f0
Merge branch 'master' into expressiondsl-hl-api
797d5eb
Address review comments
e23103a
Merge branch 'master' into expressiondsl-hl-api
11244ee
Merge branch 'master' into expressiondsl-hl-api
0858771
Address review comment
cc405b4
Address review comments
3f0f46a
Merge branch 'master' into expressiondsl-hl-api
c4ccdd7
Merge branch 'master' into expressiondsl-hl-api
bc842be
Merge branch 'master' into expressiondsl-hl-api
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
30 changes: 30 additions & 0 deletions
30
...in/java/org/elasticsearch/client/security/support/expressiondsl/RoleMapperExpression.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl; | ||
|
||
import org.elasticsearch.common.xcontent.ToXContentObject; | ||
|
||
/** | ||
* Implementations of this interface represent an expression used for user role mapping | ||
* that can later be resolved to a boolean value. | ||
*/ | ||
public interface RoleMapperExpression extends ToXContentObject { | ||
|
||
} |
55 changes: 55 additions & 0 deletions
55
...sticsearch/client/security/support/expressiondsl/expressions/AllRoleMapperExpression.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl.expressions; | ||
|
||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
/** | ||
* An expression that evaluates to <code>true</code> if-and-only-if all its children | ||
* evaluate to <code>true</code>. | ||
* An <em>all</em> expression with no children is always <code>true</code>. | ||
*/ | ||
public final class AllRoleMapperExpression extends CompositeRoleMapperExpression { | ||
|
||
private AllRoleMapperExpression(String name, RoleMapperExpression[] elements) { | ||
super(name, elements); | ||
} | ||
|
||
public static Builder builder() { | ||
return new Builder(); | ||
} | ||
|
||
public static final class Builder { | ||
private List<RoleMapperExpression> elements = new ArrayList<>(); | ||
|
||
public Builder addExpression(final RoleMapperExpression expression) { | ||
assert expression != null : "expression cannot be null"; | ||
elements.add(expression); | ||
return this; | ||
} | ||
|
||
public AllRoleMapperExpression build() { | ||
return new AllRoleMapperExpression(CompositeType.ALL.getName(), elements.toArray(new RoleMapperExpression[0])); | ||
} | ||
} | ||
} |
55 changes: 55 additions & 0 deletions
55
...sticsearch/client/security/support/expressiondsl/expressions/AnyRoleMapperExpression.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl.expressions; | ||
|
||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
/** | ||
* An expression that evaluates to <code>true</code> if at least one of its children | ||
* evaluate to <code>true</code>. | ||
* An <em>any</em> expression with no children is never <code>true</code>. | ||
*/ | ||
public final class AnyRoleMapperExpression extends CompositeRoleMapperExpression { | ||
|
||
private AnyRoleMapperExpression(String name, RoleMapperExpression[] elements) { | ||
super(name, elements); | ||
} | ||
|
||
public static Builder builder() { | ||
return new Builder(); | ||
} | ||
|
||
public static final class Builder { | ||
private List<RoleMapperExpression> elements = new ArrayList<>(); | ||
|
||
public Builder addExpression(final RoleMapperExpression expression) { | ||
assert expression != null : "expression cannot be null"; | ||
elements.add(expression); | ||
return this; | ||
} | ||
|
||
public AnyRoleMapperExpression build() { | ||
return new AnyRoleMapperExpression(CompositeType.ANY.getName(), elements.toArray(new RoleMapperExpression[0])); | ||
} | ||
} | ||
} |
100 changes: 100 additions & 0 deletions
100
...arch/client/security/support/expressiondsl/expressions/CompositeRoleMapperExpression.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl.expressions; | ||
|
||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression; | ||
import org.elasticsearch.common.xcontent.XContentBuilder; | ||
|
||
import java.io.IOException; | ||
import java.util.Arrays; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.Objects; | ||
|
||
/** | ||
* Expression of role mapper expressions which can be combined by operators like AND, OR | ||
* <p> | ||
* Expression builder example: | ||
* <pre> | ||
* {@code | ||
* final RoleMapperExpression allExpression = AllRoleMapperExpression.builder() | ||
.addExpression(AnyRoleMapperExpression.builder() | ||
.addExpression(FieldRoleMapperExpression.ofUsername("user1@example.org")) | ||
.addExpression(FieldRoleMapperExpression.ofUsername("user2@example.org")) | ||
.build()) | ||
.addExpression(FieldRoleMapperExpression.ofMetadata("metadata.location", "AMER")) | ||
.addExpression(new ExceptRoleMapperExpression(FieldRoleMapperExpression.ofUsername("user3@example.org"))) | ||
.build(); | ||
* } | ||
* </pre> | ||
*/ | ||
public abstract class CompositeRoleMapperExpression implements RoleMapperExpression { | ||
private final String name; | ||
private final List<RoleMapperExpression> elements; | ||
|
||
CompositeRoleMapperExpression(final String name, final RoleMapperExpression... elements) { | ||
assert name != null : "field name cannot be null"; | ||
assert elements != null : "at least one field expression is required"; | ||
this.name = name; | ||
this.elements = Collections.unmodifiableList(Arrays.asList(elements)); | ||
} | ||
|
||
public String getName() { | ||
return this.getName(); | ||
} | ||
|
||
public List<RoleMapperExpression> getElements() { | ||
return elements; | ||
} | ||
|
||
@Override | ||
public boolean equals(Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (o == null || getClass() != o.getClass()) { | ||
return false; | ||
} | ||
|
||
final CompositeRoleMapperExpression that = (CompositeRoleMapperExpression) o; | ||
if (Objects.equals(this.getName(), that.getName()) == false) { | ||
return false; | ||
} | ||
return Objects.equals(this.getElements(), that.getElements()); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(name, elements); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(final XContentBuilder builder, final Params params) throws IOException { | ||
builder.startObject(); | ||
builder.startArray(name); | ||
for (RoleMapperExpression e : elements) { | ||
e.toXContent(builder, params); | ||
} | ||
builder.endArray(); | ||
return builder.endObject(); | ||
} | ||
|
||
} | ||
|
59 changes: 59 additions & 0 deletions
59
...va/org/elasticsearch/client/security/support/expressiondsl/expressions/CompositeType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl.expressions; | ||
|
||
import org.elasticsearch.common.ParseField; | ||
|
||
import java.util.Collections; | ||
import java.util.HashMap; | ||
import java.util.Map; | ||
|
||
public enum CompositeType { | ||
|
||
ANY("any"), ALL("all"), EXCEPT("except"); | ||
|
||
private static Map<String, CompositeType> nameToType = Collections.unmodifiableMap(initialize()); | ||
private ParseField field; | ||
|
||
CompositeType(String name) { | ||
this.field = new ParseField(name); | ||
} | ||
|
||
public String getName() { | ||
return field.getPreferredName(); | ||
} | ||
|
||
public ParseField getParseField() { | ||
return field; | ||
} | ||
|
||
public static CompositeType fromName(String name) { | ||
return nameToType.get(name); | ||
} | ||
|
||
private static Map<String, CompositeType> initialize() { | ||
Map<String, CompositeType> map = new HashMap<>(); | ||
for (CompositeType field : values()) { | ||
map.put(field.getName(), field); | ||
} | ||
return map; | ||
} | ||
|
||
} |
47 changes: 47 additions & 0 deletions
47
...csearch/client/security/support/expressiondsl/expressions/ExceptRoleMapperExpression.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Licensed to Elasticsearch under one or more contributor | ||
* license agreements. See the NOTICE file distributed with | ||
* this work for additional information regarding copyright | ||
* ownership. Elasticsearch licenses this file to you under | ||
* the Apache License, Version 2.0 (the "License"); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
|
||
package org.elasticsearch.client.security.support.expressiondsl.expressions; | ||
|
||
import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression; | ||
import org.elasticsearch.common.xcontent.XContentBuilder; | ||
|
||
import java.io.IOException; | ||
|
||
/** | ||
* A negating expression. That is, this expression evaluates to <code>true</code> if-and-only-if | ||
* its delegate expression evaluate to <code>false</code>. | ||
* Syntactically, <em>except</em> expressions are intended to be children of <em>all</em> | ||
* expressions ({@link AllRoleMapperExpression}). | ||
*/ | ||
public final class ExceptRoleMapperExpression extends CompositeRoleMapperExpression { | ||
|
||
public ExceptRoleMapperExpression(final RoleMapperExpression expression) { | ||
super(CompositeType.EXCEPT.getName(), expression); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(final XContentBuilder builder, final Params params) throws IOException { | ||
builder.startObject(); | ||
builder.field(CompositeType.EXCEPT.getName()); | ||
builder.value(getElements().get(0)); | ||
return builder.endObject(); | ||
} | ||
|
||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/
return this.getName();
/return this.name;
/Noticed this when reviewing #34171 , maybe you can correct this there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I will address in the other review for the create role mapping API. Thank you.