-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Application Privileges to Roles #30164
Merged
tvernum
merged 39 commits into
elastic:security-app-privs
from
tvernum:feature/2767-custom-priv
Jun 7, 2018
Merged
Changes from all commits
Commits
Show all changes
39 commits
Select commit
Hold shift + click to select a range
fdf628b
Support application (custom) privileges
tvernum f7463bc
Static caches are evil
tvernum 1af402c
Merge branch 'master' into feature/2767-custom-priv
tvernum 9b1ff6e
Grant all application privileges to superuser
tvernum 662fd50
Address review feedback
tvernum ccbb6eb
Merge branch 'master' into feature/2767-custom-priv
tvernum 80977b0
Merge branch 'master' into feature/2767-custom-priv
tvernum c1cff59
Merge branch 'master' into feature/2767-custom-priv
tvernum ef62161
Fix merge
tvernum 66c0d46
Merge branch 'master' into feature/2767-custom-priv
tvernum 39c1222
Clear role cache on app privilege changes
tvernum bf0e7b3
Merge branch 'master' into feature/2767-custom-priv
tvernum 5b37049
Merge branch 'master' into feature/2767-custom-priv
tvernum 4526db1
Address feedback
tvernum 15cf7b1
Merge branch 'master' into feature/2767-custom-priv
tvernum a2bad11
Address feedback
tvernum b9a5c41
Merge branch 'master' into feature/2767-custom-priv
tvernum e0a2013
Fix checkstyle
tvernum 22418cc
Address feedback
tvernum e201c91
Address feedback
tvernum 48820a2
Infer app/privilege name in PutPrivileges request
tvernum 99d4dd1
Merge branch 'master' into feature/2767-custom-priv
tvernum 502dd4b
Fix fragile test
tvernum 24fcff9
Merge branch 'master' into feature/2767-custom-priv
tvernum 2bcdadb
Fix import
tvernum ffd3058
Merge branch 'master' into feature/2767-custom-priv
tvernum 85a11e0
Merge branch 'master' into feature/2767-custom-priv
tvernum 26629a2
Merge branch 'master' into feature/2767-custom-priv
tvernum f9a47a4
Address feedback
tvernum 63512f1
Merge branch 'master' into feature/2767-custom-priv
tvernum 8098b96
Update for #30966
tvernum d40da46
Merge branch 'master' into feature/2767-custom-priv
tvernum 92e8307
Merge branch 'security-app-privs' into feature/2767-custom-priv
tvernum 5d80b39
Fix ML use of HasPrivileges
tvernum 6f6bf4c
Update doc snippets for API changes
tvernum e8191a0
Fix RoleDescriptor.toString
tvernum 4ebba4a
Merge branch 'master' into feature/2767-custom-priv
tvernum ea5eeab
Merge branch 'security-app-privs' into feature/2767-custom-priv
tvernum f43f04c
Fix broken test
tvernum File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
...n/java/org/elasticsearch/xpack/core/security/action/privilege/DeletePrivilegesAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.Action; | ||
import org.elasticsearch.client.ElasticsearchClient; | ||
|
||
/** | ||
* Action for deleting application privileges. | ||
*/ | ||
public final class DeletePrivilegesAction extends Action<DeletePrivilegesRequest, DeletePrivilegesResponse> { | ||
|
||
public static final DeletePrivilegesAction INSTANCE = new DeletePrivilegesAction(); | ||
public static final String NAME = "cluster:admin/xpack/security/privilege/delete"; | ||
|
||
private DeletePrivilegesAction() { | ||
super(NAME); | ||
} | ||
|
||
@Override | ||
public DeletePrivilegesResponse newResponse() { | ||
return new DeletePrivilegesResponse(); | ||
} | ||
} |
93 changes: 93 additions & 0 deletions
93
.../java/org/elasticsearch/xpack/core/security/action/privilege/DeletePrivilegesRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.ActionRequest; | ||
import org.elasticsearch.action.ActionRequestValidationException; | ||
import org.elasticsearch.action.support.WriteRequest; | ||
import org.elasticsearch.common.Strings; | ||
import org.elasticsearch.common.io.stream.StreamInput; | ||
import org.elasticsearch.common.io.stream.StreamOutput; | ||
|
||
import java.io.IOException; | ||
import java.util.Arrays; | ||
|
||
import static org.elasticsearch.action.ValidateActions.addValidationError; | ||
|
||
/** | ||
* A request to delete an application privilege. | ||
*/ | ||
public final class DeletePrivilegesRequest extends ActionRequest implements WriteRequest<DeletePrivilegesRequest> { | ||
|
||
private String application; | ||
private String[] privileges; | ||
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE; | ||
|
||
public DeletePrivilegesRequest() { | ||
this(null, Strings.EMPTY_ARRAY); | ||
} | ||
|
||
public DeletePrivilegesRequest(String application, String[] privileges) { | ||
this.application = application; | ||
this.privileges = privileges; | ||
} | ||
|
||
@Override | ||
public DeletePrivilegesRequest setRefreshPolicy(RefreshPolicy refreshPolicy) { | ||
this.refreshPolicy = refreshPolicy; | ||
return this; | ||
} | ||
|
||
@Override | ||
public RefreshPolicy getRefreshPolicy() { | ||
return refreshPolicy; | ||
} | ||
|
||
@Override | ||
public ActionRequestValidationException validate() { | ||
ActionRequestValidationException validationException = null; | ||
if (Strings.isNullOrEmpty(application)) { | ||
validationException = addValidationError("application name is missing", validationException); | ||
} | ||
if (privileges == null || privileges.length == 0 || Arrays.stream(privileges).allMatch(Strings::isNullOrEmpty)) { | ||
validationException = addValidationError("privileges are missing", validationException); | ||
} | ||
return validationException; | ||
} | ||
|
||
public void application(String application) { | ||
this.application = application; | ||
} | ||
|
||
public String application() { | ||
return application; | ||
} | ||
|
||
public String[] privileges() { | ||
return this.privileges; | ||
} | ||
|
||
public void privileges(String[] privileges) { | ||
this.privileges = privileges; | ||
} | ||
|
||
@Override | ||
public void readFrom(StreamInput in) throws IOException { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. add tests for serialization |
||
super.readFrom(in); | ||
application = in.readString(); | ||
privileges = in.readStringArray(); | ||
refreshPolicy = RefreshPolicy.readFrom(in); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
super.writeTo(out); | ||
out.writeString(application); | ||
out.writeStringArray(privileges); | ||
refreshPolicy.writeTo(out); | ||
} | ||
|
||
} |
33 changes: 33 additions & 0 deletions
33
...rg/elasticsearch/xpack/core/security/action/privilege/DeletePrivilegesRequestBuilder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.ActionRequestBuilder; | ||
import org.elasticsearch.action.support.WriteRequestBuilder; | ||
import org.elasticsearch.client.ElasticsearchClient; | ||
|
||
import java.util.Collection; | ||
|
||
/** | ||
* Builder for {@link DeletePrivilegesRequest} | ||
*/ | ||
public final class DeletePrivilegesRequestBuilder extends ActionRequestBuilder<DeletePrivilegesRequest, DeletePrivilegesResponse> | ||
implements WriteRequestBuilder<DeletePrivilegesRequestBuilder> { | ||
|
||
public DeletePrivilegesRequestBuilder(ElasticsearchClient client, DeletePrivilegesAction action) { | ||
super(client, action, new DeletePrivilegesRequest()); | ||
} | ||
|
||
public DeletePrivilegesRequestBuilder privileges(String[] privileges) { | ||
request.privileges(privileges); | ||
return this; | ||
} | ||
|
||
public DeletePrivilegesRequestBuilder application(String applicationName) { | ||
request.application(applicationName); | ||
return this; | ||
} | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets add tests around validation