-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Application Privileges to Roles #30164
Changes from 15 commits
fdf628b
f7463bc
1af402c
9b1ff6e
662fd50
ccbb6eb
80977b0
c1cff59
ef62161
66c0d46
39c1222
bf0e7b3
5b37049
4526db1
15cf7b1
a2bad11
b9a5c41
e0a2013
22418cc
e201c91
48820a2
99d4dd1
502dd4b
24fcff9
2bcdadb
ffd3058
85a11e0
26629a2
f9a47a4
63512f1
8098b96
d40da46
92e8307
5d80b39
6f6bf4c
e8191a0
4ebba4a
ea5eeab
f43f04c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.Action; | ||
import org.elasticsearch.client.ElasticsearchClient; | ||
|
||
/** | ||
* Action for deleting application privileges. | ||
*/ | ||
public final class DeletePrivilegesAction | ||
extends Action<DeletePrivilegesRequest, DeletePrivilegesResponse, DeletePrivilegesRequestBuilder> { | ||
|
||
public static final DeletePrivilegesAction INSTANCE = new DeletePrivilegesAction(); | ||
public static final String NAME = "cluster:admin/xpack/security/privilege/delete"; | ||
|
||
private DeletePrivilegesAction() { | ||
super(NAME); | ||
} | ||
|
||
@Override | ||
public DeletePrivilegesRequestBuilder newRequestBuilder(ElasticsearchClient client) { | ||
return new DeletePrivilegesRequestBuilder(client, this); | ||
} | ||
|
||
@Override | ||
public DeletePrivilegesResponse newResponse() { | ||
return new DeletePrivilegesResponse(); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.ActionRequest; | ||
import org.elasticsearch.action.ActionRequestValidationException; | ||
import org.elasticsearch.action.support.WriteRequest; | ||
import org.elasticsearch.common.Strings; | ||
import org.elasticsearch.common.io.stream.StreamInput; | ||
import org.elasticsearch.common.io.stream.StreamOutput; | ||
|
||
import java.io.IOException; | ||
|
||
import static org.elasticsearch.action.ValidateActions.addValidationError; | ||
|
||
/** | ||
* A request to delete an application privilege. | ||
*/ | ||
public final class DeletePrivilegesRequest extends ActionRequest implements WriteRequest<DeletePrivilegesRequest> { | ||
|
||
private String application; | ||
private String[] privileges; | ||
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE; | ||
|
||
public DeletePrivilegesRequest() { | ||
this(null, Strings.EMPTY_ARRAY); | ||
} | ||
|
||
public DeletePrivilegesRequest(String application, String[] privileges) { | ||
this.application = application; | ||
this.privileges = privileges; | ||
} | ||
|
||
@Override | ||
public DeletePrivilegesRequest setRefreshPolicy(RefreshPolicy refreshPolicy) { | ||
this.refreshPolicy = refreshPolicy; | ||
return this; | ||
} | ||
|
||
@Override | ||
public RefreshPolicy getRefreshPolicy() { | ||
return refreshPolicy; | ||
} | ||
|
||
@Override | ||
public ActionRequestValidationException validate() { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. lets add tests around validation |
||
ActionRequestValidationException validationException = null; | ||
if (Strings.isNullOrEmpty(application)) { | ||
validationException = addValidationError("application name is missing", validationException); | ||
} | ||
if (privileges == null || privileges.length == 0) { | ||
validationException = addValidationError("privileges are missing", validationException); | ||
} | ||
return validationException; | ||
} | ||
|
||
public void application(String application) { | ||
this.application = application; | ||
} | ||
|
||
public String application() { | ||
return application; | ||
} | ||
|
||
public String[] privileges() { | ||
return this.privileges; | ||
} | ||
|
||
public void privileges(String[] privileges) { | ||
this.privileges = privileges; | ||
} | ||
|
||
@Override | ||
public void readFrom(StreamInput in) throws IOException { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. add tests for serialization |
||
super.readFrom(in); | ||
application = in.readString(); | ||
privileges = in.readStringArray(); | ||
refreshPolicy = RefreshPolicy.readFrom(in); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
super.writeTo(out); | ||
out.writeString(application); | ||
out.writeStringArray(privileges); | ||
refreshPolicy.writeTo(out); | ||
} | ||
|
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
package org.elasticsearch.xpack.core.security.action.privilege; | ||
|
||
import org.elasticsearch.action.ActionRequestBuilder; | ||
import org.elasticsearch.action.support.WriteRequestBuilder; | ||
import org.elasticsearch.client.ElasticsearchClient; | ||
|
||
import java.util.Collection; | ||
|
||
/** | ||
* Builder for {@link DeletePrivilegesRequest} | ||
*/ | ||
public class DeletePrivilegesRequestBuilder | ||
extends ActionRequestBuilder<DeletePrivilegesRequest, DeletePrivilegesResponse, DeletePrivilegesRequestBuilder> | ||
implements WriteRequestBuilder<DeletePrivilegesRequestBuilder> { | ||
|
||
public DeletePrivilegesRequestBuilder(ElasticsearchClient client, DeletePrivilegesAction action) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think we need this constructor and can just use the one above and call super with a instance of the request There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Unfortunately need it in order to implement |
||
super(client, action, new DeletePrivilegesRequest()); | ||
} | ||
|
||
public DeletePrivilegesRequestBuilder privileges(String[] privileges) { | ||
request.privileges(privileges); | ||
return this; | ||
} | ||
|
||
public DeletePrivilegesRequestBuilder application(String applicationName) { | ||
request.application(applicationName); | ||
return this; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/list/collection