From 8fba0775f6f0388d7961b58e623232c363bffa5c Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 10:03:57 +0200 Subject: [PATCH 01/16] This commit is part of our plan to deprecate and ultimately remove the use of _xpack in the REST APIs. - REST api docs - HLRC docs and doc tests - Handle REST actions with deprecation warnings - Changed endpoints in rest-api-spec and relevant file names Relates #35958 --- .../client/SecurityRequestConverters.java | 32 +++++++------- .../client/security/AuthenticateRequest.java | 2 +- .../org/elasticsearch/client/SecurityIT.java | 2 +- .../SecurityRequestConvertersTests.java | 42 +++++++++---------- .../SecurityDocumentationIT.java | 6 +-- .../rest-api/security/authenticate.asciidoc | 6 +-- .../security/change-password.asciidoc | 6 +-- .../en/rest-api/security/clear-cache.asciidoc | 10 ++--- .../security/clear-roles-cache.asciidoc | 4 +- .../security/create-role-mappings.asciidoc | 18 ++++---- .../rest-api/security/create-roles.asciidoc | 6 +-- .../rest-api/security/create-users.asciidoc | 6 +-- .../security/delete-app-privileges.asciidoc | 4 +- .../security/delete-role-mappings.asciidoc | 4 +- .../rest-api/security/delete-roles.asciidoc | 4 +- .../rest-api/security/delete-users.asciidoc | 4 +- .../rest-api/security/disable-users.asciidoc | 4 +- .../rest-api/security/enable-users.asciidoc | 4 +- .../security/get-app-privileges.asciidoc | 12 +++--- .../security/get-role-mappings.asciidoc | 6 +-- .../en/rest-api/security/get-roles.asciidoc | 8 ++-- .../en/rest-api/security/get-tokens.asciidoc | 8 ++-- .../en/rest-api/security/get-users.asciidoc | 10 ++--- .../rest-api/security/has-privileges.asciidoc | 4 +- .../security/invalidate-tokens.asciidoc | 6 +-- .../security/put-app-privileges.asciidoc | 12 +++--- x-pack/docs/en/rest-api/security/ssl.asciidoc | 4 +- ...onfiguring-active-directory-realm.asciidoc | 4 +- .../configuring-kerberos-realm.asciidoc | 2 +- .../configuring-ldap-realm.asciidoc | 4 +- .../configuring-pki-realm.asciidoc | 2 +- .../authentication/saml-guide.asciidoc | 4 +- .../authentication/user-cache.asciidoc | 6 +-- .../authorization/managing-roles.asciidoc | 2 +- .../authorization/mapping-roles.asciidoc | 8 ++-- .../authorization/role-templates.asciidoc | 4 +- .../cross-cluster.asciidoc | 6 +-- .../docs/en/security/configuring-es.asciidoc | 4 +- .../ml/integration/DatafeedJobsRestIT.java | 6 +-- .../esnative/ESNativeRealmMigrateTool.java | 8 ++-- .../esnative/tool/SetupPasswordTool.java | 4 +- .../rest/action/RestAuthenticateAction.java | 10 ++++- .../action/oauth2/RestGetTokenAction.java | 10 ++++- .../oauth2/RestInvalidateTokenAction.java | 10 ++++- .../privilege/RestDeletePrivilegesAction.java | 12 +++++- .../privilege/RestGetPrivilegesAction.java | 19 +++++++-- .../privilege/RestPutPrivilegesAction.java | 14 +++++-- .../realm/RestClearRealmCacheAction.java | 11 ++++- .../role/RestClearRolesCacheAction.java | 11 ++++- .../action/role/RestDeleteRoleAction.java | 11 ++++- .../rest/action/role/RestGetRolesAction.java | 16 +++++-- .../rest/action/role/RestPutRoleAction.java | 15 +++++-- .../RestDeleteRoleMappingAction.java | 12 +++++- .../RestGetRoleMappingsAction.java | 15 +++++-- .../rolemapping/RestPutRoleMappingAction.java | 15 +++++-- .../saml/RestSamlAuthenticateAction.java | 11 ++++- .../saml/RestSamlInvalidateSessionAction.java | 11 ++++- .../action/saml/RestSamlLogoutAction.java | 10 ++++- .../RestSamlPrepareAuthenticationAction.java | 11 ++++- .../action/user/RestChangePasswordAction.java | 22 +++++++--- .../action/user/RestDeleteUserAction.java | 11 ++++- .../user/RestGetUserPrivilegesAction.java | 11 ++++- .../rest/action/user/RestGetUsersAction.java | 15 +++++-- .../action/user/RestHasPrivilegesAction.java | 22 +++++++--- .../rest/action/user/RestPutUserAction.java | 14 +++++-- .../action/user/RestSetEnabledAction.java | 23 +++++++--- .../integration/ClearRealmsCacheTests.java | 4 +- .../elasticsearch/license/LicensingTests.java | 6 +-- .../test/NativeRealmIntegTestCase.java | 4 +- .../esnative/tool/SetupPasswordToolTests.java | 4 +- .../action/RestAuthenticateActionTests.java | 4 +- .../sql/qa/security/SqlSecurityTestCase.java | 2 +- .../xpack/sql/qa/security/UserFunctionIT.java | 4 +- ...ticate.json => security.authenticate.json} | 8 ++-- ...ord.json => security.change_password.json} | 7 +++- ...json => security.clear_cached_realms.json} | 8 ++-- ....json => security.clear_cached_roles.json} | 8 ++-- ...s.json => security.delete_privileges.json} | 8 ++-- ...te_role.json => security.delete_role.json} | 8 ++-- ...json => security.delete_role_mapping.json} | 8 ++-- ...te_user.json => security.delete_user.json} | 8 ++-- ...e_user.json => security.disable_user.json} | 8 ++-- ...le_user.json => security.enable_user.json} | 8 ++-- ...eges.json => security.get_privileges.json} | 8 ++-- ...y.get_role.json => security.get_role.json} | 9 ++-- ...ng.json => security.get_role_mapping.json} | 9 ++-- ...get_token.json => security.get_token.json} | 8 ++-- ...y.get_user.json => security.get_user.json} | 9 ++-- ...json => security.get_user_privileges.json} | 8 ++-- ...eges.json => security.has_privileges.json} | 9 ++-- ...en.json => security.invalidate_token.json} | 8 ++-- ...eges.json => security.put_privileges.json} | 6 +-- ...y.put_role.json => security.put_role.json} | 8 ++-- ...ng.json => security.put_role_mapping.json} | 8 ++-- ...y.put_user.json => security.put_user.json} | 8 ++-- ...ertificates.json => ssl.certificates.json} | 8 ++-- .../test/authenticate/10_basic.yml | 6 +-- .../authenticate/10_field_level_security.yml | 16 +++---- .../test/change_password/10_basic.yml | 18 ++++---- .../test/monitoring/bulk/20_privileges.yml | 16 +++---- .../test/privileges/10_basic.yml | 32 +++++++------- .../privileges/20_has_application_privs.yml | 22 +++++----- .../test/privileges/30_superuser.yml | 14 +++---- .../test/privileges/40_get_user_privs.yml | 30 ++++++------- .../test/role_mapping/10_basic.yml | 8 ++-- .../test/role_mapping/20_get_missing.yml | 4 +- .../test/role_mapping/30_delete.yml | 10 ++--- .../rest-api-spec/test/roles/10_basic.yml | 14 +++---- .../test/roles/11_idx_arrays.yml | 10 ++--- .../test/roles/20_get_missing.yml | 4 +- .../test/roles/30_prohibited_role_query.yml | 8 ++-- .../test/roles/40_global_privileges.yml | 10 ++--- .../test/rollup/security_tests.yml | 12 +++--- .../test/security/authz/10_index_doc.yml | 8 ++-- .../test/security/authz/11_delete_doc.yml | 8 ++-- .../test/security/authz/12_index_alias.yml | 8 ++-- .../test/security/authz/13_index_datemath.yml | 8 ++-- .../test/security/authz/20_get_doc.yml | 8 ++-- .../test/security/authz/21_search_doc.yml | 8 ++-- .../security/authz/30_dynamic_put_mapping.yml | 8 ++-- .../authz/40_condtional_cluster_priv.yml | 26 ++++++------ .../hidden-index/10_security_read.yml | 8 ++-- .../hidden-index/11_security-6_read.yml | 8 ++-- .../10_small_users_one_index.yml | 16 +++---- .../rest-api-spec/test/token/10_basic.yml | 16 +++---- .../rest-api-spec/test/users/10_basic.yml | 22 +++++----- .../test/users/15_overwrite_user.yml | 10 ++--- .../test/users/16_update_user.yml | 16 +++---- .../test/users/20_get_missing.yml | 4 +- .../test/users/30_enable_disable.yml | 18 ++++---- .../test/users/31_create_disabled.yml | 6 +-- .../xpack/restart/FullClusterRestartIT.java | 8 ++-- .../kerberos/KerberosAuthenticationIT.java | 4 +- .../test/multi_cluster/10_basic.yml | 8 ++-- .../test/multi_cluster/20_info.yml | 8 ++-- .../test/multi_cluster/30_field_caps.yml | 8 ++-- .../test/multi_cluster/40_scroll.yml | 8 ++-- .../test/multi_cluster/50_missing.yml | 8 ++-- .../test/multi_cluster/60_skip_shards.yml | 8 ++-- .../test/remote_cluster/10_basic.yml | 6 +-- .../TokenBackwardsCompatibilityIT.java | 20 ++++----- .../test/mixed_cluster/20_security.yml | 10 ++--- .../test/mixed_cluster/50_token_auth.yml | 2 +- .../test/old_cluster/20_security.yml | 18 ++++---- .../test/old_cluster/50_token_auth.yml | 6 +-- .../test/upgraded_cluster/20_security.yml | 4 +- .../test/upgraded_cluster/50_token_auth.yml | 2 +- .../authc/saml/SamlAuthenticationIT.java | 14 +++---- .../esnative/tool/SetupPasswordToolIT.java | 2 +- .../test/10_templated_role_query.yml | 24 +++++------ .../test/11_templated_role_query_runas.yml | 24 +++++------ .../test/20_small_users_one_index.yml | 14 +++---- .../rest-api-spec/test/30_search_template.yml | 6 +-- 153 files changed, 880 insertions(+), 625 deletions(-) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.authenticate.json => security.authenticate.json} (62%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.change_password.json => security.change_password.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.clear_cached_realms.json => security.clear_cached_realms.json} (76%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.clear_cached_roles.json => security.clear_cached_roles.json} (68%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_privileges.json => security.delete_privileges.json} (81%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_role.json => security.delete_role.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_role_mapping.json => security.delete_role_mapping.json} (82%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.delete_user.json => security.delete_user.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.disable_user.json => security.disable_user.json} (82%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.enable_user.json => security.enable_user.json} (83%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_privileges.json => security.get_privileges.json} (70%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_role.json => security.get_role.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_role_mapping.json => security.get_role_mapping.json} (66%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_token.json => security.get_token.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_user.json => security.get_user.json} (70%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.get_user_privileges.json => security.get_user_privileges.json} (61%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.has_privileges.json => security.has_privileges.json} (68%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.invalidate_token.json => security.invalidate_token.json} (69%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_privileges.json => security.put_privileges.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_role.json => security.put_role.json} (86%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_role_mapping.json => security.put_role_mapping.json} (84%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.security.put_user.json => security.put_user.json} (85%) rename x-pack/plugin/src/test/resources/rest-api-spec/api/{xpack.ssl.certificates.json => ssl.certificates.json} (64%) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java index 6485899acf947..533de79e75c52 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java @@ -54,7 +54,7 @@ private SecurityRequestConverters() {} static Request changePassword(ChangePasswordRequest changePasswordRequest) throws IOException { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(changePasswordRequest.getUsername()) .addPathPartAsIs("_password") .build(); @@ -67,7 +67,7 @@ static Request changePassword(ChangePasswordRequest changePasswordRequest) throw static Request putUser(PutUserRequest putUserRequest) throws IOException { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(putUserRequest.getUser().getUsername()) .build(); Request request = new Request(HttpPut.METHOD_NAME, endpoint); @@ -79,7 +79,7 @@ static Request putUser(PutUserRequest putUserRequest) throws IOException { static Request deleteUser(DeleteUserRequest deleteUserRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack","security", "user") + .addPathPartAsIs("_security", "user") .addPathPart(deleteUserRequest.getName()) .build(); Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -90,7 +90,7 @@ static Request deleteUser(DeleteUserRequest deleteUserRequest) { static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest) throws IOException { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role_mapping") + .addPathPartAsIs("_security/role_mapping") .addPathPart(putRoleMappingRequest.getName()) .build(); final Request request = new Request(HttpPut.METHOD_NAME, endpoint); @@ -102,7 +102,7 @@ static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest) static Request getRoleMappings(final GetRoleMappingsRequest getRoleMappingRequest) throws IOException { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder(); - builder.addPathPartAsIs("_xpack/security/role_mapping"); + builder.addPathPartAsIs("_security/role_mapping"); if (getRoleMappingRequest.getRoleMappingNames().size() > 0) { builder.addPathPart(Strings.collectionToCommaDelimitedString(getRoleMappingRequest.getRoleMappingNames())); } @@ -119,7 +119,7 @@ static Request disableUser(DisableUserRequest disableUserRequest) { private static Request setUserEnabled(SetUserEnabledRequest setUserEnabledRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/user") + .addPathPartAsIs("_security/user") .addPathPart(setUserEnabledRequest.getUsername()) .addPathPart(setUserEnabledRequest.isEnabled() ? "_enable" : "_disable") .build(); @@ -130,14 +130,14 @@ private static Request setUserEnabled(SetUserEnabledRequest setUserEnabledReques } static Request hasPrivileges(HasPrivilegesRequest hasPrivilegesRequest) throws IOException { - Request request = new Request(HttpGet.METHOD_NAME, "/_xpack/security/user/_has_privileges"); + Request request = new Request(HttpGet.METHOD_NAME, "_security/user/_has_privileges"); request.setEntity(createEntity(hasPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request clearRealmCache(ClearRealmCacheRequest clearRealmCacheRequest) { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/realm"); + .addPathPartAsIs("_security/realm"); if (clearRealmCacheRequest.getRealms().isEmpty() == false) { builder.addCommaSeparatedPathParts(clearRealmCacheRequest.getRealms().toArray(Strings.EMPTY_ARRAY)); } else { @@ -154,7 +154,7 @@ static Request clearRealmCache(ClearRealmCacheRequest clearRealmCacheRequest) { static Request clearRolesCache(ClearRolesCacheRequest disableCacheRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addCommaSeparatedPathParts(disableCacheRequest.names()) .addPathPart("_clear_cache") .build(); @@ -163,7 +163,7 @@ static Request clearRolesCache(ClearRolesCacheRequest disableCacheRequest) { static Request deleteRoleMapping(DeleteRoleMappingRequest deleteRoleMappingRequest) { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role_mapping") + .addPathPartAsIs("_security/role_mapping") .addPathPart(deleteRoleMappingRequest.getName()) .build(); final Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -174,7 +174,7 @@ static Request deleteRoleMapping(DeleteRoleMappingRequest deleteRoleMappingReque static Request deleteRole(DeleteRoleRequest deleteRoleRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addPathPart(deleteRoleRequest.getName()) .build(); Request request = new Request(HttpDelete.METHOD_NAME, endpoint); @@ -185,7 +185,7 @@ static Request deleteRole(DeleteRoleRequest deleteRoleRequest) { static Request getRoles(GetRolesRequest getRolesRequest) { RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder(); - builder.addPathPartAsIs("_xpack/security/role"); + builder.addPathPartAsIs("_security/role"); if (getRolesRequest.getRoleNames().size() > 0) { builder.addPathPart(Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames())); } @@ -193,20 +193,20 @@ static Request getRoles(GetRolesRequest getRolesRequest) { } static Request createToken(CreateTokenRequest createTokenRequest) throws IOException { - Request request = new Request(HttpPost.METHOD_NAME, "/_xpack/security/oauth2/token"); + Request request = new Request(HttpPost.METHOD_NAME, "_security/oauth2/token"); request.setEntity(createEntity(createTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request invalidateToken(InvalidateTokenRequest invalidateTokenRequest) throws IOException { - Request request = new Request(HttpDelete.METHOD_NAME, "/_xpack/security/oauth2/token"); + Request request = new Request(HttpDelete.METHOD_NAME, "_security/oauth2/token"); request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request getPrivileges(GetPrivilegesRequest getPrivilegesRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/privilege") + .addPathPartAsIs("_security/privilege") .addPathPart(getPrivilegesRequest.getApplicationName()) .addCommaSeparatedPathParts(getPrivilegesRequest.getPrivilegeNames()) .build(); @@ -215,7 +215,7 @@ static Request getPrivileges(GetPrivilegesRequest getPrivilegesRequest) { static Request deletePrivileges(DeletePrivilegesRequest deletePrivilegeRequest) { String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/privilege") + .addPathPartAsIs("_security/privilege") .addPathPart(deletePrivilegeRequest.getApplication()) .addCommaSeparatedPathParts(deletePrivilegeRequest.getPrivileges()) .build(); diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java index 2aefa97cb8bf1..24e4384bd376f 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateRequest.java @@ -35,7 +35,7 @@ private AuthenticateRequest() { } public Request getRequest() { - return new Request(HttpGet.METHOD_NAME, "/_xpack/security/_authenticate"); + return new Request(HttpGet.METHOD_NAME, "/_security/_authenticate"); } } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java index 27b1d31e6d7d5..08903b2768802 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java @@ -56,7 +56,7 @@ public void testPutUser() throws Exception { assertThat(updateUserResponse.isCreated(), is(false)); // delete user final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME, - "/_xpack/security/user/" + putUserRequest.getUser().getUsername()); + "/_security/user/" + putUserRequest.getUser().getUsername()); highLevelClient().getLowLevelClient().performRequest(deleteUserRequest); } diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java index 110e0cc56c986..55d5b7cda3a7b 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java @@ -76,7 +76,7 @@ public void testPutUser() throws IOException { PutUserRequest putUserRequest = new PutUserRequest(user, password, enabled, refreshPolicy); Request request = SecurityRequestConverters.putUser(putUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint()); + assertEquals("/_security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putUserRequest, request.getEntity()); } @@ -88,7 +88,7 @@ public void testDeleteUser() { DeleteUserRequest deleteUserRequest = new DeleteUserRequest(name, refreshPolicy); Request request = SecurityRequestConverters.deleteUser(deleteUserRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + name, request.getEndpoint()); + assertEquals("/_security/user/" + name, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -116,7 +116,7 @@ public void testPutRoleMapping() throws IOException { final Request request = SecurityRequestConverters.putRoleMapping(putRoleMappingRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint()); + assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putRoleMappingRequest, request.getEntity()); } @@ -131,9 +131,9 @@ public void testGetRoleMappings() throws IOException { assertEquals(HttpGet.METHOD_NAME, request.getMethod()); if (noOfRoleMappingNames == 0) { - assertEquals("/_xpack/security/role_mapping", request.getEndpoint()); + assertEquals("/_security/role_mapping", request.getEndpoint()); } else { - assertEquals("/_xpack/security/role_mapping/" + + assertEquals("/_security/role_mapping/" + Strings.collectionToCommaDelimitedString(getRoleMappingsRequest.getRoleMappingNames()), request.getEndpoint()); } assertEquals(Collections.emptyMap(), request.getParameters()); @@ -147,7 +147,7 @@ public void testEnableUser() { EnableUserRequest enableUserRequest = new EnableUserRequest(username, refreshPolicy); Request request = SecurityRequestConverters.enableUser(enableUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + username + "/_enable", request.getEndpoint()); + assertEquals("/_security/user/" + username + "/_enable", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -159,7 +159,7 @@ public void testDisableUser() { DisableUserRequest disableUserRequest = new DisableUserRequest(username, refreshPolicy); Request request = SecurityRequestConverters.disableUser(disableUserRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + username + "/_disable", request.getEndpoint()); + assertEquals("/_security/user/" + username + "/_disable", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -180,7 +180,7 @@ public void testChangePassword() throws IOException { ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(username, password, refreshPolicy); Request request = SecurityRequestConverters.changePassword(changePasswordRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint()); + assertEquals("/_security/user/" + changePasswordRequest.getUsername() + "/_password", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(changePasswordRequest, request.getEntity()); } @@ -192,7 +192,7 @@ public void testSelfChangePassword() throws IOException { ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(null, password, refreshPolicy); Request request = SecurityRequestConverters.changePassword(changePasswordRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/user/_password", request.getEndpoint()); + assertEquals("/_security/user/_password", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(changePasswordRequest, request.getEntity()); } @@ -211,7 +211,7 @@ public void testDeleteRoleMapping() throws IOException { final Request request = SecurityRequestConverters.deleteRoleMapping(deleteRoleMappingRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint()); + assertEquals("/_security/role_mapping/" + roleMappingName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -223,9 +223,9 @@ public void testGetRoles() { assertEquals(HttpGet.METHOD_NAME, request.getMethod()); if (roles.length == 0) { - assertEquals("/_xpack/security/role", request.getEndpoint()); + assertEquals("/_security/role", request.getEndpoint()); } else { - assertEquals("/_xpack/security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()), + assertEquals("/_security/role/" + Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()), request.getEndpoint()); } assertNull(request.getEntity()); @@ -239,7 +239,7 @@ public void testDeleteRole() { DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest(name, refreshPolicy); Request request = SecurityRequestConverters.deleteRole(deleteRoleRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role/" + name, request.getEndpoint()); + assertEquals("/_security/role/" + name, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); } @@ -250,7 +250,7 @@ public void testCreateTokenWithPasswordGrant() throws Exception { CreateTokenRequest createTokenRequest = CreateTokenRequest.passwordGrant(username, password.toCharArray()); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -260,7 +260,7 @@ public void testCreateTokenWithRefreshTokenGrant() throws Exception { CreateTokenRequest createTokenRequest = CreateTokenRequest.refreshTokenGrant(refreshToken); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -269,7 +269,7 @@ public void testCreateTokenWithClientCredentialsGrant() throws Exception { CreateTokenRequest createTokenRequest = CreateTokenRequest.clientCredentialsGrant(); Request request = SecurityRequestConverters.createToken(createTokenRequest); assertEquals(HttpPost.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/oauth2/token", request.getEndpoint()); + assertEquals("/_security/oauth2/token", request.getEndpoint()); assertEquals(0, request.getParameters().size()); assertToXContentBody(createTokenRequest, request.getEntity()); } @@ -280,7 +280,7 @@ public void testGetApplicationPrivilege() throws Exception { GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilege); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + privilege, request.getEndpoint()); + assertEquals("/_security/privilege/" + application + "/" + privilege, request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -290,7 +290,7 @@ public void testGetAllApplicationPrivileges() throws Exception { GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getApplicationPrivileges(application); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application, request.getEndpoint()); + assertEquals("/_security/privilege/" + application, request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -303,7 +303,7 @@ public void testGetMultipleApplicationPrivileges() throws Exception { GetPrivilegesRequest getPrivilegesRequest = new GetPrivilegesRequest(application, privilegeNames); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames), + assertEquals("/_security/privilege/" + application + "/" + Strings.arrayToCommaDelimitedString(privilegeNames), request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); @@ -313,7 +313,7 @@ public void testGetAllPrivileges() throws Exception { GetPrivilegesRequest getPrivilegesRequest = GetPrivilegesRequest.getAllPrivileges(); Request request = SecurityRequestConverters.getPrivileges(getPrivilegesRequest); assertEquals(HttpGet.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege", request.getEndpoint()); + assertEquals("/_security/privilege", request.getEndpoint()); assertEquals(Collections.emptyMap(), request.getParameters()); assertNull(request.getEntity()); } @@ -327,7 +327,7 @@ public void testDeletePrivileges() { new DeletePrivilegesRequest(application, privileges.toArray(Strings.EMPTY_ARRAY), refreshPolicy); Request request = SecurityRequestConverters.deletePrivileges(deletePrivilegesRequest); assertEquals(HttpDelete.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges), + assertEquals("/_security/privilege/" + application + "/" + Strings.collectionToCommaDelimitedString(privileges), request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertNull(request.getEntity()); diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java index 79258b314510c..0d8eb3e0da5c0 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java @@ -1025,7 +1025,7 @@ public void onFailure(Exception e) { // TODO: move all calls to high-level REST client once APIs for adding new role exist private void addRole(String roleName) throws IOException { - Request addRoleRequest = new Request(HttpPost.METHOD_NAME, "/_xpack/security/role/" + roleName); + Request addRoleRequest = new Request(HttpPost.METHOD_NAME, "/_security/role/" + roleName); try (XContentBuilder builder = jsonBuilder()) { builder.startObject(); { @@ -1206,7 +1206,7 @@ public void testGetPrivileges() throws Exception { { //TODO Replace this with a call to PutPrivileges once it is implemented - final Request createPrivilegeRequest = new Request("POST", "/_xpack/security/privilege"); + final Request createPrivilegeRequest = new Request("POST", "/_security/privilege"); createPrivilegeRequest.setJsonEntity("{" + " \"testapp\": {" + " \"read\": {" + @@ -1330,7 +1330,7 @@ public void onFailure(Exception e) { public void testDeletePrivilege() throws Exception { RestHighLevelClient client = highLevelClient(); { - final Request createPrivilegeRequest = new Request("POST", "/_xpack/security/privilege"); + final Request createPrivilegeRequest = new Request("POST", "/_security/privilege"); createPrivilegeRequest.setJsonEntity("{" + " \"testapp\": {" + " \"read\": {" + diff --git a/x-pack/docs/en/rest-api/security/authenticate.asciidoc b/x-pack/docs/en/rest-api/security/authenticate.asciidoc index 1975a9dde790b..a556d3854a538 100644 --- a/x-pack/docs/en/rest-api/security/authenticate.asciidoc +++ b/x-pack/docs/en/rest-api/security/authenticate.asciidoc @@ -8,7 +8,7 @@ authenticate a user and retrieve information about the authenticated user. ==== Request -`GET _xpack/security/_authenticate` +`GET /_security/_authenticate` ==== Description @@ -21,11 +21,11 @@ If the user cannot be authenticated, this API returns a 401 status code. ==== Examples To authenticate a user, submit a GET request to the -`_xpack/security/_authenticate` endpoint: +`/_security/_authenticate` endpoint: [source,js] -------------------------------------------------- -GET _xpack/security/_authenticate +GET /_security/_authenticate -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/change-password.asciidoc b/x-pack/docs/en/rest-api/security/change-password.asciidoc index 6e6e8cf7375e4..f33c6f1e51907 100644 --- a/x-pack/docs/en/rest-api/security/change-password.asciidoc +++ b/x-pack/docs/en/rest-api/security/change-password.asciidoc @@ -6,9 +6,9 @@ Changes the passwords of users in the native realm. ==== Request -`POST _xpack/security/user/_password` + +`POST /_security/user/_password` + -`POST _xpack/security/user//_password` +`POST /_security/user//_password` ==== Description @@ -45,7 +45,7 @@ The following example updates the password for the `jacknich` user: [source,js] -------------------------------------------------- -POST /_xpack/security/user/jacknich/_password +POST /_security/user/jacknich/_password { "password" : "s3cr3t" } diff --git a/x-pack/docs/en/rest-api/security/clear-cache.asciidoc b/x-pack/docs/en/rest-api/security/clear-cache.asciidoc index 03fac3ba2c44a..c8dcb4cfca98c 100644 --- a/x-pack/docs/en/rest-api/security/clear-cache.asciidoc +++ b/x-pack/docs/en/rest-api/security/clear-cache.asciidoc @@ -7,9 +7,9 @@ the cache or evict specific users. ==== Request -`POST _xpack/security/realm//_clear_cache` + +`POST /_security/realm//_clear_cache` + -`POST _xpack/security/realm//_clear_cache?usernames=` +`POST /_security/realm//_clear_cache?usernames=` ==== Description @@ -37,7 +37,7 @@ For example, to evict all users cached by the `file` realm: [source,js] -------------------------------------------------- -POST _xpack/security/realm/default_file/_clear_cache +POST /_security/realm/default_file/_clear_cache -------------------------------------------------- // CONSOLE @@ -45,7 +45,7 @@ To evict selected users, specify the `usernames` parameter: [source,js] -------------------------------------------------- -POST _xpack/security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino +POST /_security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino -------------------------------------------------- // CONSOLE @@ -54,6 +54,6 @@ list: [source, js] ------------------------------------------------------------ -POST _xpack/security/realm/default_file,ldap1/_clear_cache +POST /_security/realm/default_file,ldap1/_clear_cache ------------------------------------------------------------ // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc b/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc index 591d7eb2d11e4..500d629976019 100644 --- a/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc +++ b/x-pack/docs/en/rest-api/security/clear-roles-cache.asciidoc @@ -6,7 +6,7 @@ Evicts roles from the native role cache. ==== Request -`POST /_xpack/security/role//_clear_cache` +`POST /_security/role//_clear_cache` ==== Description @@ -34,6 +34,6 @@ to clear the cache for `my_admin_role`: [source,js] -------------------------------------------------- -POST /_xpack/security/role/my_admin_role/_clear_cache +POST /_security/role/my_admin_role/_clear_cache -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc index 87dedbba4f7cf..91a94050b592b 100644 --- a/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-role-mappings.asciidoc @@ -6,9 +6,9 @@ Creates and updates role mappings. ==== Request -`POST /_xpack/security/role_mapping/` + +`POST /_security/role_mapping/` + -`PUT /_xpack/security/role_mapping/` +`PUT /_security/role_mapping/` ==== Description @@ -68,7 +68,7 @@ The following example assigns the "user" role to all users: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping1 +POST /_security/role_mapping/mapping1 { "roles": [ "user"], "enabled": true, <1> @@ -103,7 +103,7 @@ The following example assigns the "user" and "admin" roles to specific users: [source,js] -------------------------------------------------- -POST /_xpack/security/role_mapping/mapping2 +POST /_security/role_mapping/mapping2 { "roles": [ "user", "admin" ], "enabled": true, @@ -119,7 +119,7 @@ or the user is in the `cn=admin,dc=example,dc=com` group: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping3 +POST /_security/role_mapping/mapping3 { "roles": [ "superuser" ], "enabled": true, @@ -144,7 +144,7 @@ POST /_xpack/security/role_mapping/mapping3 The following example matches users who authenticated against a specific realm: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping4 +POST /_security/role_mapping/mapping4 { "roles": [ "ldap-user" ], "enabled": true, @@ -159,7 +159,7 @@ The following example matches users within a specific LDAP sub-tree: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping5 +POST /_security/role_mapping/mapping5 { "roles": [ "example-user" ], "enabled": true, @@ -175,7 +175,7 @@ specific realm: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping6 +POST /_security/role_mapping/mapping6 { "roles": [ "ldap-example-user" ], "enabled": true, @@ -200,7 +200,7 @@ following mapping matches any user where *all* of these conditions are met: [source, js] ------------------------------------------------------------ -POST /_xpack/security/role_mapping/mapping7 +POST /_security/role_mapping/mapping7 { "roles": [ "superuser" ], "enabled": true, diff --git a/x-pack/docs/en/rest-api/security/create-roles.asciidoc b/x-pack/docs/en/rest-api/security/create-roles.asciidoc index fc3c613557ef0..345fe00dcfc47 100644 --- a/x-pack/docs/en/rest-api/security/create-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-roles.asciidoc @@ -6,9 +6,9 @@ Adds and updates roles in the native realm. ==== Request -`POST /_xpack/security/role/` + +`POST /_security/role/` + -`PUT /_xpack/security/role/` +`PUT /_security/role/` ==== Description @@ -77,7 +77,7 @@ The following example adds a role called `my_admin_role`: [source,js] -------------------------------------------------- -POST /_xpack/security/role/my_admin_role +POST /_security/role/my_admin_role { "cluster": ["all"], "indices": [ diff --git a/x-pack/docs/en/rest-api/security/create-users.asciidoc b/x-pack/docs/en/rest-api/security/create-users.asciidoc index f5a7f429277b2..5c03829469967 100644 --- a/x-pack/docs/en/rest-api/security/create-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/create-users.asciidoc @@ -8,9 +8,9 @@ to as _native users_. ==== Request -`POST /_xpack/security/user/` + +`POST /_security/user/` + -`PUT /_xpack/security/user/` +`PUT /_security/user/` ==== Description @@ -95,7 +95,7 @@ The following example creates a user `jacknich`: [source,js] -------------------------------------------------- -POST /_xpack/security/user/jacknich +POST /_security/user/jacknich { "password" : "j@rV1s", "roles" : [ "admin", "other_role1" ], diff --git a/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc index d7f001721b1fd..2274f1dc58fc1 100644 --- a/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-app-privileges.asciidoc @@ -7,7 +7,7 @@ Removes ==== Request -`DELETE /_xpack/security/privilege//` +`DELETE /_security/privilege//` //==== Description @@ -37,7 +37,7 @@ The following example deletes the `read` application privilege from the [source,js] -------------------------------------------------- -DELETE /_xpack/security/privilege/myapp/read +DELETE /_security/privilege/myapp/read -------------------------------------------------- // CONSOLE // TEST[setup:app0102_privileges] diff --git a/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc index dc9bf2ba10904..7a6cf9ad29863 100644 --- a/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-role-mappings.asciidoc @@ -6,7 +6,7 @@ Removes role mappings. ==== Request -`DELETE /_xpack/security/role_mapping/` +`DELETE /_security/role_mapping/` ==== Description @@ -33,7 +33,7 @@ The following example delete a role mapping: [source,js] -------------------------------------------------- -DELETE /_xpack/security/role_mapping/mapping1 +DELETE /_security/role_mapping/mapping1 -------------------------------------------------- // CONSOLE // TEST[setup:role_mapping] diff --git a/x-pack/docs/en/rest-api/security/delete-roles.asciidoc b/x-pack/docs/en/rest-api/security/delete-roles.asciidoc index db42493ca0fb6..2aadc4dcae76a 100644 --- a/x-pack/docs/en/rest-api/security/delete-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-roles.asciidoc @@ -6,7 +6,7 @@ Removes roles in the native realm. ==== Request -`DELETE /_xpack/security/role/` +`DELETE /_security/role/` ==== Description @@ -35,7 +35,7 @@ The following example deletes a `my_admin_role` role: [source,js] -------------------------------------------------- -DELETE /_xpack/security/role/my_admin_role +DELETE /_security/role/my_admin_role -------------------------------------------------- // CONSOLE // TEST[setup:admin_role] diff --git a/x-pack/docs/en/rest-api/security/delete-users.asciidoc b/x-pack/docs/en/rest-api/security/delete-users.asciidoc index 63a66795617bd..ff1a31dbd524b 100644 --- a/x-pack/docs/en/rest-api/security/delete-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/delete-users.asciidoc @@ -6,7 +6,7 @@ Deletes users from the native realm. ==== Request -`DELETE /_xpack/security/user/` +`DELETE /_security/user/` ==== Description @@ -31,7 +31,7 @@ The following example deletes the user `jacknich`: [source,js] -------------------------------------------------- -DELETE /_xpack/security/user/jacknich +DELETE /_security/user/jacknich -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/disable-users.asciidoc b/x-pack/docs/en/rest-api/security/disable-users.asciidoc index f5a6bc7e9a136..b587d485cab30 100644 --- a/x-pack/docs/en/rest-api/security/disable-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/disable-users.asciidoc @@ -7,7 +7,7 @@ Disables users in the native realm. ==== Request -`PUT /_xpack/security/user//_disable` +`PUT /_security/user//_disable` ==== Description @@ -37,7 +37,7 @@ The following example disables the user `jacknich`: [source,js] -------------------------------------------------- -PUT /_xpack/security/user/jacknich/_disable +PUT /_security/user/jacknich/_disable -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/enable-users.asciidoc b/x-pack/docs/en/rest-api/security/enable-users.asciidoc index cebaaffa7b28d..891f9697fc114 100644 --- a/x-pack/docs/en/rest-api/security/enable-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/enable-users.asciidoc @@ -7,7 +7,7 @@ Enables users in the native realm. ==== Request -`PUT /_xpack/security/user//_enable` +`PUT /_security/user//_enable` ==== Description @@ -36,7 +36,7 @@ The following example enables the user `jacknich`: [source,js] -------------------------------------------------- -PUT /_xpack/security/user/jacknich/_enable +PUT /_security/user/jacknich/_enable -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] diff --git a/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc index 5412a4bdceb83..50630b28053f7 100644 --- a/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-app-privileges.asciidoc @@ -7,11 +7,11 @@ Retrieves ==== Request -`GET /_xpack/security/privilege` + +`GET /_security/privilege` + -`GET /_xpack/security/privilege/` + +`GET /_security/privilege/` + -`GET /_xpack/security/privilege//` +`GET /_security/privilege//` ==== Description @@ -49,7 +49,7 @@ The following example retrieves information about the `read` privilege for the [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/myapp/read +GET /_security/privilege/myapp/read -------------------------------------------------- // CONSOLE // TEST[setup:app0102_privileges] @@ -81,7 +81,7 @@ To retrieve all privileges for an application, omit the privilege name: [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/myapp/ +GET /_security/privilege/myapp/ -------------------------------------------------- // CONSOLE @@ -89,6 +89,6 @@ To retrieve every privilege, omit both the application and privilege names: [source,js] -------------------------------------------------- -GET /_xpack/security/privilege/ +GET /_security/privilege/ -------------------------------------------------- // CONSOLE diff --git a/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc b/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc index 7abe34b32f560..433a00d03275e 100644 --- a/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-role-mappings.asciidoc @@ -6,9 +6,9 @@ Retrieves role mappings. ==== Request -`GET /_xpack/security/role_mapping` + +`GET /_security/role_mapping` + -`GET /_xpack/security/role_mapping/` +`GET /_security/role_mapping/` ==== Description @@ -48,7 +48,7 @@ The following example retrieves information about the `mapping1` role mapping: [source,js] -------------------------------------------------- -GET /_xpack/security/role_mapping/mapping1 +GET /_security/role_mapping/mapping1 -------------------------------------------------- // CONSOLE // TEST[setup:role_mapping] diff --git a/x-pack/docs/en/rest-api/security/get-roles.asciidoc b/x-pack/docs/en/rest-api/security/get-roles.asciidoc index fa6e91b519b6f..34f8f32d4fedb 100644 --- a/x-pack/docs/en/rest-api/security/get-roles.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-roles.asciidoc @@ -6,9 +6,9 @@ Retrieves roles in the native realm. ==== Request -`GET /_xpack/security/role` + +`GET /_security/role` + -`GET /_xpack/security/role/` + +`GET /_security/role/` + ==== Description @@ -37,7 +37,7 @@ the native realm: [source,js] -------------------------------------------------- -GET /_xpack/security/role/my_admin_role +GET /_security/role/my_admin_role -------------------------------------------------- // CONSOLE // TEST[setup:admin_role] @@ -75,7 +75,7 @@ To retrieve all roles, omit the role name: [source,js] -------------------------------------------------- -GET /_xpack/security/role +GET /_security/role -------------------------------------------------- // CONSOLE // TEST[continued] diff --git a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc index f0da5700b5a47..64338c101fc27 100644 --- a/x-pack/docs/en/rest-api/security/get-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-tokens.asciidoc @@ -6,7 +6,7 @@ Creates a bearer token for access without requiring basic authentication. ==== Request -`POST /_xpack/security/oauth2/token` +`POST /_security/oauth2/token` ==== Description @@ -68,7 +68,7 @@ which simply creates a token as the authenticated user: [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type" : "client_credentials" } @@ -103,7 +103,7 @@ The following example obtains a token for the `test_admin` user using the [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type" : "password", "username" : "test_admin", @@ -134,7 +134,7 @@ creation. For example: [source,js] -------------------------------------------------- -POST /_xpack/security/oauth2/token +POST /_security/oauth2/token { "grant_type": "refresh_token", "refresh_token": "vLBPvmAB6KvwvJZr27cS" diff --git a/x-pack/docs/en/rest-api/security/get-users.asciidoc b/x-pack/docs/en/rest-api/security/get-users.asciidoc index 2a20baacb0f52..393230f02e71c 100644 --- a/x-pack/docs/en/rest-api/security/get-users.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-users.asciidoc @@ -7,9 +7,9 @@ Retrieves information about users in the native realm. ==== Request -`GET /_xpack/security/user` + +`GET /_security/user` + -`GET /_xpack/security/user/` +`GET /_security/user/` ==== Description @@ -31,12 +31,12 @@ To use this API, you must have at least the `manage_security` cluster privilege. ==== Examples -To retrieve a native user, submit a GET request to the `/_xpack/security/user/` +To retrieve a native user, submit a GET request to the `/_security/user/` endpoint: [source,js] -------------------------------------------------- -GET /_xpack/security/user/jacknich +GET /_security/user/jacknich -------------------------------------------------- // CONSOLE // TEST[setup:jacknich_user] @@ -68,7 +68,7 @@ Omit the username to retrieve all users: [source,js] -------------------------------------------------- -GET /_xpack/security/user +GET /_security/user -------------------------------------------------- // CONSOLE // TEST[continued] diff --git a/x-pack/docs/en/rest-api/security/has-privileges.asciidoc b/x-pack/docs/en/rest-api/security/has-privileges.asciidoc index cae1bc4d303fe..d12b15688f96a 100644 --- a/x-pack/docs/en/rest-api/security/has-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/has-privileges.asciidoc @@ -9,7 +9,7 @@ a specified list of privileges. ==== Request -`GET _xpack/security/user/_has_privileges` +`GET /_security/user/_has_privileges` ==== Description @@ -53,7 +53,7 @@ cluster, index, and application privileges: [source,js] -------------------------------------------------- -GET _xpack/security/user/_has_privileges +GET /_security/user/_has_privileges { "cluster": [ "monitor", "manage" ], "index" : [ diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 915fa7c45d8a7..540f586682595 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -6,7 +6,7 @@ Invalidates an access token or a refresh token. ==== Request -`DELETE /_xpack/security/oauth2/token` +`DELETE /_security/oauth2/token` ==== Description @@ -41,7 +41,7 @@ The following example invalidates the specified token immediately: [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } @@ -52,7 +52,7 @@ whereas the following example invalidates the specified refresh token immediatel [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "refresh_token" : "movUJjPGRRC0PQ7+NW0eag" } diff --git a/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc b/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc index f715a80014bea..e57e3caa1cb22 100644 --- a/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc +++ b/x-pack/docs/en/rest-api/security/put-app-privileges.asciidoc @@ -7,9 +7,9 @@ Adds or updates ==== Request -`POST /_xpack/security/privilege` + +`POST /_security/privilege` + -`PUT /_xpack/security/privilege` +`PUT /_security/privilege` ==== Description @@ -70,11 +70,11 @@ To use this API, you must have either: ==== Examples To add a single privilege, submit a PUT or POST request to the -`/_xpack/security/privilege//` endpoint. For example: +`/_security/privilege//` endpoint. For example: [source,js] -------------------------------------------------- -PUT /_xpack/security/privilege +PUT /_security/privilege { "myapp": { "read": { @@ -116,11 +116,11 @@ been created or updated. <1> When an existing privilege is updated, `created` is set to false. To add multiple privileges, submit a POST request to the -`/_xpack/security/privilege/` endpoint. For example: +`/_security/privilege/` endpoint. For example: [source,js] -------------------------------------------------- -PUT /_xpack/security/privilege +PUT /_security/privilege { "app01": { "read": { diff --git a/x-pack/docs/en/rest-api/security/ssl.asciidoc b/x-pack/docs/en/rest-api/security/ssl.asciidoc index 3593dbfbbc26d..69541af52b8b5 100644 --- a/x-pack/docs/en/rest-api/security/ssl.asciidoc +++ b/x-pack/docs/en/rest-api/security/ssl.asciidoc @@ -7,7 +7,7 @@ certificates that are used to encrypt communications in your {es} cluster. ==== Request -`GET /_xpack/ssl/certificates` +`GET /_ssl/certificates` ==== Description @@ -75,7 +75,7 @@ node of {es}: [source,js] -------------------------------------------------- -GET /_xpack/ssl/certificates +GET /_xpack/certificates -------------------------------------------------- // CONSOLE // TEST[skip:todo] diff --git a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc index ab8830a64f179..dd2412c7e2dfc 100644 --- a/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-active-directory-realm.asciidoc @@ -187,7 +187,7 @@ role. Configured via the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring" , "user" ], "rules" : { "field" : { @@ -201,7 +201,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "any": [ diff --git a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc index 25245b69cbea7..766ae3392bc99 100644 --- a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc @@ -153,7 +153,7 @@ The following example uses the role mapping API to map `user@REALM` to the roles [source,js] -------------------------------------------------- -POST _xpack/security/role_mapping/kerbrolemapping +POST /_security/role_mapping/kerbrolemapping { "roles" : [ "monitoring_user" ], "enabled": true, diff --git a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc index b198aa4edb97b..c023a8492b166 100644 --- a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc @@ -147,7 +147,7 @@ names. For example, the following mapping configuration maps the LDAP Configured via the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring" , "user" ], "rules" : { "field" : { @@ -161,7 +161,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "field" : { diff --git a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc index 587592b9f2001..4f050cf937f7f 100644 --- a/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-pki-realm.asciidoc @@ -140,7 +140,7 @@ For example, the following mapping configuration maps `John Doe` to the Using the role-mapping API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/users +PUT /_security/role_mapping/users { "roles" : [ "user" ], "rules" : { "field" : { diff --git a/x-pack/docs/en/security/authentication/saml-guide.asciidoc b/x-pack/docs/en/security/authentication/saml-guide.asciidoc index 0b1e5bcc8f48d..fa214dc48b7b1 100644 --- a/x-pack/docs/en/security/authentication/saml-guide.asciidoc +++ b/x-pack/docs/en/security/authentication/saml-guide.asciidoc @@ -630,7 +630,7 @@ to any user who authenticates against the `saml1` realm: [source,js] -------------------------------------------------- -PUT /_xpack/security/role_mapping/saml-kibana +PUT /_security/role_mapping/saml-kibana { "roles": [ "kibana_user" ], "enabled": true, @@ -667,7 +667,7 @@ via the `saml1` realm with the `finance-team` group. [source,js] -------------------------------------------------- -PUT /_xpack/security/role_mapping/saml-finance +PUT /_security/role_mapping/saml-finance { "roles": [ "finance_data" ], "enabled": true, diff --git a/x-pack/docs/en/security/authentication/user-cache.asciidoc b/x-pack/docs/en/security/authentication/user-cache.asciidoc index 716e7af99145c..99cc6c7d6cd6a 100644 --- a/x-pack/docs/en/security/authentication/user-cache.asciidoc +++ b/x-pack/docs/en/security/authentication/user-cache.asciidoc @@ -25,7 +25,7 @@ all users from the `ad1` realm: [source, js] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache' ------------------------------------------------------------ To clear the cache for multiple realms, specify the realms as a comma-separated @@ -33,12 +33,12 @@ list: [source, js] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1,ad2/_clear_cache' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1,ad2/_clear_cache' ------------------------------------------------------------ You can also evict specific users: [source, java] ------------------------------------------------------------ -$ curl -XPOST 'http://localhost:9200/_xpack/security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino' +$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino' ------------------------------------------------------------ diff --git a/x-pack/docs/en/security/authorization/managing-roles.asciidoc b/x-pack/docs/en/security/authorization/managing-roles.asciidoc index 7b30284f58365..453e0809d30ff 100644 --- a/x-pack/docs/en/security/authorization/managing-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/managing-roles.asciidoc @@ -146,7 +146,7 @@ no effect, and will not grant any actions in the The following snippet shows an example definition of a `clicks_admin` role: [source,js] ----------- -POST /_xpack/security/role/clicks_admin +POST /_security/role/clicks_admin { "run_as": [ "clicks_watcher_1" ], "cluster": [ "monitor" ], diff --git a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc index 166238c32ac51..a20c194ef4ea5 100644 --- a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc @@ -92,7 +92,7 @@ user: You can use the role-mapping API to define equivalent mappings as follows: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admins +PUT /_security/role_mapping/admins { "roles" : [ "monitoring", "user" ], "rules" : { "field" : { "groups" : "cn=admins,dc=example,dc=com" } }, @@ -103,7 +103,7 @@ PUT _xpack/security/role_mapping/admins [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_users +PUT /_security/role_mapping/basic_users { "roles" : [ "user" ], "rules" : { "any" : [ @@ -136,7 +136,7 @@ The following example creates equivalent mappings using the API: [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/admin_user +PUT /_security/role_mapping/admin_user { "roles" : [ "monitoring" ], "rules" : { "field" : { "dn" : "cn=Admin,ou=example,o=com" } }, @@ -147,7 +147,7 @@ PUT _xpack/security/role_mapping/admin_user [source,js] -------------------------------------------------- -PUT _xpack/security/role_mapping/basic_user +PUT /_security/role_mapping/basic_user { "roles" : [ "user" ], "rules" : { "field" : { "dn" : "cn=John Doe,ou=example,o=com" } }, diff --git a/x-pack/docs/en/security/authorization/role-templates.asciidoc b/x-pack/docs/en/security/authorization/role-templates.asciidoc index 1bad73a5d1e94..37cece88c6449 100644 --- a/x-pack/docs/en/security/authorization/role-templates.asciidoc +++ b/x-pack/docs/en/security/authorization/role-templates.asciidoc @@ -14,7 +14,7 @@ of the current authenticated user: [source,js] -------------------------------------------------- -POST /_xpack/security/role/example1 +POST /_security/role/example1 { "indices" : [ { @@ -51,7 +51,7 @@ based on the `group.id` field in your documents: [source,js] -------------------------------------------------- -POST /_xpack/security/role/example2 +POST /_security/role/example2 { "indices" : [ { diff --git a/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc b/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc index 2c5b307361395..235af4ea4eb05 100644 --- a/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc +++ b/x-pack/docs/en/security/ccs-clients-integrations/cross-cluster.asciidoc @@ -95,7 +95,7 @@ On cluster `one`, this role does not need any special privileges: [source,js] ----------------------------------------------------------- -POST /_xpack/security/role/cluster_two_logs +POST /_security/role/cluster_two_logs { } ----------------------------------------------------------- @@ -106,7 +106,7 @@ On cluster `two`, this role allows the user to query local indices called [source,js] ----------------------------------------------------------- -POST /_xpack/security/role/cluster_two_logs +POST /_security/role/cluster_two_logs { "cluster": [], "indices": [ @@ -128,7 +128,7 @@ Finally, create a user on cluster `one` and apply the `cluster_two_logs` role: [source,js] ----------------------------------------------------------- -POST /_xpack/security/user/alice +POST /_security/user/alice { "password" : "somepassword", "roles" : [ "cluster_two_logs" ], diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index 1fe51f8ff00d7..22140eb680c9d 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -91,7 +91,7 @@ and assign the role to a new `johndoe` user. -- [source,shell] ---------------------------------------------------------- -curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{ +curl -XPOST -u elastic 'localhost:9200/_security/role/events_admin' -H "Content-Type: application/json" -d '{ "indices" : [ { "names" : [ "events*" ], @@ -104,7 +104,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Co ] }' -curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content-Type: application/json" -d '{ +curl -XPOST -u elastic 'localhost:9200/_security/user/johndoe' -H "Content-Type: application/json" -d '{ "password" : "userpassword", "full_name" : "John Doe", "email" : "john.doe@anony.mous", diff --git a/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java b/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java index 9825189ba64cd..f61cf3df31665 100644 --- a/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java +++ b/x-pack/plugin/ml/qa/native-multi-node-tests/src/test/java/org/elasticsearch/xpack/ml/integration/DatafeedJobsRestIT.java @@ -56,7 +56,7 @@ protected boolean preserveTemplatesUponCompletion() { } private void setupDataAccessRole(String index) throws IOException { - Request request = new Request("PUT", "/_xpack/security/role/test_data_access"); + Request request = new Request("PUT", "/_security/role/test_data_access"); request.setJsonEntity("{" + " \"indices\" : [" + " { \"names\": [\"" + index + "\"], \"privileges\": [\"read\"] }" @@ -66,7 +66,7 @@ private void setupDataAccessRole(String index) throws IOException { } private void setupFullAccessRole(String index) throws IOException { - Request request = new Request("PUT", "/_xpack/security/role/test_data_access"); + Request request = new Request("PUT", "/_security/role/test_data_access"); request.setJsonEntity("{" + " \"indices\" : [" + " { \"names\": [\"" + index + "\"], \"privileges\": [\"all\"] }" @@ -78,7 +78,7 @@ private void setupFullAccessRole(String index) throws IOException { private void setupUser(String user, List roles) throws IOException { String password = new String(SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING.getChars()); - Request request = new Request("PUT", "/_xpack/security/user/" + user); + Request request = new Request("PUT", "/_security/user/" + user); request.setJsonEntity("{" + " \"password\" : \"" + password + "\"," + " \"roles\" : [ " + roles.stream().map(unquoted -> "\"" + unquoted + "\"").collect(Collectors.joining(", ")) + " ]" diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 229c47c763cf6..3cc6c997f282f 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -204,7 +204,7 @@ private String postURL(Settings settings, Environment env, String method, String Set getUsersThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception { Set existingUsers = new HashSet<>(); - String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/user/", options, null); + String allUsersJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/user/", options, null); // EMPTY is safe here because we never use namedObject try (XContentParser parser = JsonXContent.jsonXContent .createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allUsersJson)) { @@ -277,7 +277,7 @@ void importUsers(Terminal terminal, Environment env, OptionSet options) throws F try { reqBody = createUserJson(userToRoles.get(user), userToHashedPW.get(user)); String resp = postURL(env.settings(), env, "POST", - this.url.value(options) + "/_xpack/security/user/" + user, options, reqBody); + this.url.value(options) + "/_security/user/" + user, options, reqBody); terminal.println(resp); } catch (Exception e) { throw new ElasticsearchException("failed to migrate user [" + user + "] with body: " + reqBody, e); @@ -287,7 +287,7 @@ void importUsers(Terminal terminal, Environment env, OptionSet options) throws F Set getRolesThatExist(Terminal terminal, Settings settings, Environment env, OptionSet options) throws Exception { Set existingRoles = new HashSet<>(); - String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_xpack/security/role/", options, null); + String allRolesJson = postURL(settings, env, "GET", this.url.value(options) + "/_security/role/", options, null); // EMPTY is safe here because we never use namedObject try (XContentParser parser = JsonXContent.jsonXContent .createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, allRolesJson)) { @@ -346,7 +346,7 @@ void importRoles(Terminal terminal, Environment env, OptionSet options) throws F try { reqBody = createRoleJson(roles.get(roleName)); String resp = postURL(env.settings(), env, "POST", - this.url.value(options) + "/_xpack/security/role/" + roleName, options, reqBody); + this.url.value(options) + "/_security/role/" + roleName, options, reqBody); terminal.println(resp); } catch (Exception e) { throw new ElasticsearchException("failed to migrate role [" + roleName + "] with body: " + reqBody, e); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java index 691142a9405c2..5926cdbc01cbb 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java @@ -292,7 +292,7 @@ private void setShouldPrompt(OptionSet options) { * @param terminal where to write verbose info. */ void checkElasticKeystorePasswordValid(Terminal terminal, Environment env) throws Exception { - URL route = createURL(url, "/_xpack/security/_authenticate", "?pretty"); + URL route = createURL(url, "/_security/_authenticate", "?pretty"); terminal.println(Verbosity.VERBOSE, ""); terminal.println(Verbosity.VERBOSE, "Testing if bootstrap password is valid for " + route.toString()); try { @@ -449,7 +449,7 @@ void checkClusterHealth(Terminal terminal) throws Exception { * @param password the new password of the user. */ private void changeUserPassword(String user, SecureString password, Terminal terminal) throws Exception { - URL route = createURL(url, "/_xpack/security/user/" + user + "/_password", "?pretty"); + URL route = createURL(url, "/_security/user/" + user + "/_password", "?pretty"); terminal.println(Verbosity.VERBOSE, ""); terminal.println(Verbosity.VERBOSE, "Trying user password change call " + route.toString()); try { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java index 033066b7c159d..09f0679378c54 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -29,17 +31,21 @@ public class RestAuthenticateAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestAuthenticateAction.class)); public RestAuthenticateAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/_authenticate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/_authenticate", this, + GET, "/_xpack/security/_authenticate", deprecationLogger); } @Override public String getName() { - return "xpack_security_authenticate_action"; + return "security_authenticate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java index 636885d73a1c2..94317145b02d8 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestGetTokenAction.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.rest.action.oauth2; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.Action; @@ -12,6 +13,7 @@ import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ConstructingObjectParser; @@ -45,6 +47,7 @@ */ public final class RestGetTokenAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetTokenAction.class)); static final ConstructingObjectParser PARSER = new ConstructingObjectParser<>("token_request", a -> new CreateTokenRequest((String) a[0], (String) a[1], (SecureString) a[2], (String) a[3], (String) a[4])); static { @@ -59,12 +62,15 @@ public final class RestGetTokenAction extends SecurityBaseRestHandler { public RestGetTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) { super(settings, xPackLicenseState); - controller.registerHandler(POST, "/_xpack/security/oauth2/token", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/oauth2/token", this, + POST, "/_xpack/security/oauth2/token", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_token_action"; + return "security_get_token_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java index d76f4da7d8ce0..52228d2823a68 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/RestInvalidateTokenAction.java @@ -5,10 +5,12 @@ */ package org.elasticsearch.xpack.security.rest.action.oauth2; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ConstructingObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,7 @@ */ public final class RestInvalidateTokenAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestInvalidateTokenAction.class)); static final ConstructingObjectParser, Void> PARSER = new ConstructingObjectParser<>("invalidate_token", a -> new Tuple<>((String) a[0], (String) a[1])); static { @@ -43,12 +46,15 @@ public final class RestInvalidateTokenAction extends SecurityBaseRestHandler { public RestInvalidateTokenAction(Settings settings, RestController controller, XPackLicenseState xPackLicenseState) { super(settings, xPackLicenseState); - controller.registerHandler(DELETE, "/_xpack/security/oauth2/token", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/oauth2/token", this, + DELETE, "/_xpack/security/oauth2/token", deprecationLogger); } @Override public String getName() { - return "xpack_security_invalidate_token_action"; + return "security_invalidate_token_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java index d0cee0dd6b902..1f96df23e0e77 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestDeletePrivilegesAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -31,14 +33,20 @@ */ public class RestDeletePrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestDeletePrivilegesAction.class)); + public RestDeletePrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/privilege/{application}/{privilege}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/privilege/{application}/{privilege}", this, + DELETE, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_privilege_action"; + return "security_delete_privilege_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java index 8e3c3bbb87e6e..e0d0898704e3b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetPrivilegesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -36,16 +38,25 @@ */ public class RestGetPrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetPrivilegesAction.class)); + public RestGetPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/privilege/", this); - controller.registerHandler(GET, "/_xpack/security/privilege/{application}", this); - controller.registerHandler(GET, "/_xpack/security/privilege/{application}/{privilege}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/", this, + GET, "/_xpack/security/privilege/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/{application}", this, + GET, "/_xpack/security/privilege/{application}", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/privilege/{application}/{privilege}", this, + GET, "/_xpack/security/privilege/{application}/{privilege}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_privileges_action"; + return "security_get_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java index dc565e3f87339..abc2f00afcd81 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestPutPrivilegesAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.privilege; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -35,16 +37,22 @@ * Rest endpoint to add one or more {@link ApplicationPrivilege} objects to the security index */ public class RestPutPrivilegesAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutPrivilegesAction.class)); public RestPutPrivilegesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(PUT, "/_xpack/security/privilege/", this); - controller.registerHandler(POST, "/_xpack/security/privilege/", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + PUT, "/_security/privilege/", this, + PUT, "/_xpack/security/privilege/", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/privilege/", this, + POST, "/_xpack/security/privilege/", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_privileges_action"; + return "security_put_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java index cc507fdfb517f..da9b1a1828b66 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/realm/RestClearRealmCacheAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.realm; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.rest.RestController; @@ -21,14 +23,19 @@ public final class RestClearRealmCacheAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRealmCacheAction.class)); + public RestClearRealmCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/realm/{realms}/_clear_cache", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/realm/{realms}/_clear_cache", this, + POST, "/_xpack/security/realm/{realms}/_clear_cache", deprecationLogger); } @Override public String getName() { - return "xpack_security_clear_realm_cache_action"; + return "security_clear_realm_cache_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java index e60ce90aa88a4..a51db748ccc29 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestClearRolesCacheAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.rest.RestController; @@ -21,14 +23,19 @@ public final class RestClearRolesCacheAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestClearRolesCacheAction.class)); + public RestClearRolesCacheAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role/{name}/_clear_cache", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role/{name}/_clear_cache", this, + POST, "/_xpack/security/role/{name}/_clear_cache", deprecationLogger); } @Override public String getName() { - return "xpack_security_clear_roles_cache_action"; + return "security_clear_roles_cache_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java index f4ec87747045f..26399f4da9118 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestDeleteRoleAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,19 @@ */ public class RestDeleteRoleAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteRoleAction.class)); + public RestDeleteRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/role/{name}", this, + DELETE, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_role_action"; + return "security_delete_role_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java index b4c394dfa513b..850709eea8634 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestGetRolesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -29,15 +31,23 @@ * Rest endpoint to retrieve a Role from the security index */ public class RestGetRolesAction extends SecurityBaseRestHandler { + + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRolesAction.class)); + public RestGetRolesAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/role/", this); - controller.registerHandler(GET, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/role/", this, + GET, "/_xpack/security/role/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/role/{name}", this, + GET, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_roles_action"; + return "security_get_roles_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java index ea22cdb3cf9f9..10673cd79fac7 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.role; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,15 +32,22 @@ */ public class RestPutRoleAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleAction.class)); + public RestPutRoleAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role/{name}", this); - controller.registerHandler(PUT, "/_xpack/security/role/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role/{name}", this, + POST, "/_xpack/security/role/{name}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/role/{name}", this, + PUT, "/_xpack/security/role/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_role_action"; + return "security_put_role_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java index ce1f9ad05954f..a2be9ba9e041e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestDeleteRoleMappingAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,20 @@ */ public class RestDeleteRoleMappingAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestDeleteRoleMappingAction.class)); + public RestDeleteRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/role_mapping/{name}", this, + DELETE, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_role_mapping_action"; + return "security_delete_role_mapping_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java index 4d1f3d969fa41..ceabeb3a62eb2 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestGetRoleMappingsAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -29,15 +31,22 @@ */ public class RestGetRoleMappingsAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetRoleMappingsAction.class)); + public RestGetRoleMappingsAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/role_mapping/", this); - controller.registerHandler(GET, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/role_mapping/", this, + GET, "/_xpack/security/role_mapping/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/role_mapping/{name}", this, + GET, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_role_mappings_action"; + return "security_get_role_mappings_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java index 088364eb95c02..64c4bc9c52bc1 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/rolemapping/RestPutRoleMappingAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.rolemapping; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -32,15 +34,22 @@ */ public class RestPutRoleMappingAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutRoleMappingAction.class)); + public RestPutRoleMappingAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/role_mapping/{name}", this); - controller.registerHandler(PUT, "/_xpack/security/role_mapping/{name}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/role_mapping/{name}", this, + POST, "/_xpack/security/role_mapping/{name}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/role_mapping/{name}", this, + PUT, "/_xpack/security/role_mapping/{name}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_role_mappings_action"; + return "security_put_role_mappings_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java index 7a0e9a25c5af6..b73fb70c3fa9d 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.java @@ -5,9 +5,11 @@ */ package org.elasticsearch.xpack.security.rest.action.saml; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -35,6 +37,8 @@ */ public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements RestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlAuthenticateAction.class)); static class Input { String content; List ids; @@ -58,12 +62,15 @@ void setIds(List ids) { public RestSamlAuthenticateAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/authenticate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/authenticate", this, + POST, "/_xpack/security/saml/authenticate", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_authenticate_action"; + return "security_saml_authenticate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java index 6d3b41775b140..4fe8e7ac5b256 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlInvalidateSessionAction.java @@ -7,8 +7,10 @@ import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -32,6 +34,8 @@ */ public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlInvalidateSessionAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_invalidate_session", SamlInvalidateSessionRequest::new); @@ -43,12 +47,15 @@ public class RestSamlInvalidateSessionAction extends SamlBaseRestHandler { public RestSamlInvalidateSessionAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/invalidate", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/invalidate", this, + POST, "/_xpack/security/saml/invalidate", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_invalidate_action"; + return "security_saml_invalidate_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java index bc81f2d6babd2..3a584664073b9 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlLogoutAction.java @@ -7,8 +7,10 @@ import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,7 @@ */ public class RestSamlLogoutAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSamlLogoutAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_logout", SamlLogoutRequest::new); static { @@ -43,12 +46,15 @@ public class RestSamlLogoutAction extends SamlBaseRestHandler { public RestSamlLogoutAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/logout", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/logout", this, + POST, "/_xpack/security/saml/logout", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_logout_action"; + return "security_saml_logout_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java index 0860f3648721c..84ff7ba1edf2b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/saml/RestSamlPrepareAuthenticationAction.java @@ -7,8 +7,10 @@ import java.io.IOException; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ObjectParser; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,6 +36,8 @@ */ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestSamlPrepareAuthenticationAction.class)); static final ObjectParser PARSER = new ObjectParser<>("saml_prepare_authn", SamlPrepareAuthenticationRequest::new); @@ -44,12 +48,15 @@ public class RestSamlPrepareAuthenticationAction extends SamlBaseRestHandler { public RestSamlPrepareAuthenticationAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/saml/prepare", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/saml/prepare", this, + POST, "/_xpack/security/saml/prepare", deprecationLogger); } @Override public String getName() { - return "xpack_security_saml_prepare_authentication_action"; + return "security_saml_prepare_authentication_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java index 9907e3345232e..53341ce0b7283 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestChangePasswordAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -33,6 +35,7 @@ public class RestChangePasswordAction extends SecurityBaseRestHandler implements RestRequestFilter { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestChangePasswordAction.class)); private final SecurityContext securityContext; private final Hasher passwordHasher; @@ -41,15 +44,24 @@ public RestChangePasswordAction(Settings settings, RestController controller, Se super(settings, licenseState); this.securityContext = securityContext; passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings)); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_password", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_password", this); - controller.registerHandler(POST, "/_xpack/security/user/_password", this); - controller.registerHandler(PUT, "/_xpack/security/user/_password", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_password", this, + POST, "/_xpack/security/user/{username}/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_password", this, + PUT, "/_xpack/security/user/{username}/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/_password", this, + POST, "/_xpack/security/user/_password", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/_password", this, + PUT, "/_xpack/security/user/_password", deprecationLogger); } @Override public String getName() { - return "xpack_security_change_password_action"; + return "security_change_password_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java index a8590388398d8..3c810ca230830 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestDeleteUserAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -28,14 +30,19 @@ */ public class RestDeleteUserAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestDeleteUserAction.class)); + public RestDeleteUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(DELETE, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + DELETE, "/_security/user/{username}", this, + DELETE, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_delete_user_action"; + return "security_delete_user_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java index 2145b6f39dc59..b073349d842a3 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -39,17 +41,22 @@ public class RestGetUserPrivilegesAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestGetUserPrivilegesAction.class)); public RestGetUserPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/user/_privileges", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/_privileges", this, + GET, "/_xpack/security/user/_privileges", deprecationLogger); } @Override public String getName() { - return "xpack_security_user_privileges_action"; + return "security_user_privileges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java index 1ab80954e9b53..2751022d9f007 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUsersAction.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,15 +32,22 @@ */ public class RestGetUsersAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestGetUsersAction.class)); + public RestGetUsersAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(GET, "/_xpack/security/user/", this); - controller.registerHandler(GET, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/", this, + GET, "/_xpack/security/user/", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/user/{username}", this, + GET, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_get_users_action"; + return "security_get_users_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java index 6ec8250420eed..d26d8db206936 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.java @@ -5,10 +5,12 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.collect.Tuple; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -40,20 +42,30 @@ public class RestHasPrivilegesAction extends SecurityBaseRestHandler { private final SecurityContext securityContext; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestHasPrivilegesAction.class)); public RestHasPrivilegesAction(Settings settings, RestController controller, SecurityContext securityContext, XPackLicenseState licenseState) { super(settings, licenseState); this.securityContext = securityContext; - controller.registerHandler(GET, "/_xpack/security/user/{username}/_has_privileges", this); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_has_privileges", this); - controller.registerHandler(GET, "/_xpack/security/user/_has_privileges", this); - controller.registerHandler(POST, "/_xpack/security/user/_has_privileges", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_security/user/{username}/_has_privileges", this, + GET, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_has_privileges", this, + POST, "/_xpack/security/user/{username}/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + GET, "/_security/user/_has_privileges", this, + GET, "/_xpack/security/user/_has_privileges", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/_has_privileges", this, + POST, "/_xpack/security/user/_has_privileges", deprecationLogger); } @Override public String getName() { - return "xpack_security_has_priviledges_action"; + return "security_has_priviledges_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java index 486ac3fa35929..b56daba0bfa4a 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -37,17 +39,23 @@ public class RestPutUserAction extends SecurityBaseRestHandler implements RestRequestFilter { private final Hasher passwordHasher; + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestPutUserAction.class)); public RestPutUserAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); passwordHasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(settings)); - controller.registerHandler(POST, "/_xpack/security/user/{username}", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}", this, + POST, "/_xpack/security/user/{username}", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}", this, + PUT, "/_xpack/security/user/{username}", deprecationLogger); } @Override public String getName() { - return "xpack_security_put_user_action"; + return "security_put_user_action"; } @Override diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java index 8d796b9c6180f..a78b2c85aa62c 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestSetEnabledAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.rest.action.user; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; @@ -30,17 +32,28 @@ */ public class RestSetEnabledAction extends SecurityBaseRestHandler { + private static final DeprecationLogger deprecationLogger = new DeprecationLogger(LogManager.getLogger(RestSetEnabledAction.class)); + public RestSetEnabledAction(Settings settings, RestController controller, XPackLicenseState licenseState) { super(settings, licenseState); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_enable", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_enable", this); - controller.registerHandler(POST, "/_xpack/security/user/{username}/_disable", this); - controller.registerHandler(PUT, "/_xpack/security/user/{username}/_disable", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_enable", this, + POST, "/_xpack/security/user/{username}/_enable", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_enable", this, + PUT, "/_xpack/security/user/{username}/_enable", deprecationLogger); + controller.registerWithDeprecatedHandler( + POST, "/_security/user/{username}/_disable", this, + POST, "/_xpack/security/user/{username}/_disable", deprecationLogger); + controller.registerWithDeprecatedHandler( + PUT, "/_security/user/{username}/_disable", this, + PUT, "/_xpack/security/user/{username}/_disable", deprecationLogger); } @Override public String getName() { - return "xpack_security_set_enabled_action"; + return "security_set_enabled_action"; } @Override diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index fc02a5c4d625e..145213094d1d8 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -99,7 +99,7 @@ public void assertEviction(User prevUser, User newUser) { @Override public void executeRequest() throws Exception { - executeHttpRequest("/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", + executeHttpRequest("/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache", Collections.emptyMap()); } }, @@ -122,7 +122,7 @@ public void assertEviction(User prevUser, User newUser) { @Override public void executeRequest() throws Exception { - String path = "/_xpack/security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache"; + String path = "/_security/realm/" + (randomBoolean() ? "*" : "_all") + "/_clear_cache"; Map params = Collections.singletonMap("usernames", String.join(",", evicted_usernames)); executeHttpRequest(path, params); } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java index 6c1781f3b6e13..859c91ee07086 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -199,7 +199,7 @@ public void testRestAuthenticationByLicenseType() throws Exception { // the default of the licensing tests is basic assertThat(unauthorizedRootResponse.getStatusLine().getStatusCode(), is(200)); ResponseException e = expectThrows(ResponseException.class, - () -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate"))); + () -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403)); // generate a new license with a mode that enables auth @@ -209,7 +209,7 @@ public void testRestAuthenticationByLicenseType() throws Exception { e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); e = expectThrows(ResponseException.class, - () -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate"))); + () -> getRestClient().performRequest(new Request("GET", "/_security/_authenticate"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder(); @@ -221,7 +221,7 @@ public void testRestAuthenticationByLicenseType() throws Exception { rootRequest.setOptions(options); Response authorizedRootResponse = getRestClient().performRequest(rootRequest); assertThat(authorizedRootResponse.getStatusLine().getStatusCode(), is(200)); - Request authenticateRequest = new Request("GET", "/_xpack/security/_authenticate"); + Request authenticateRequest = new Request("GET", "/_security/_authenticate"); authenticateRequest.setOptions(options); Response authorizedAuthenticateResponse = getRestClient().performRequest(authenticateRequest); assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java index bc235e0918e0d..63f5ace535229 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java @@ -80,7 +80,7 @@ public void setupReservedPasswords() throws IOException { public void setupReservedPasswords(RestClient restClient) throws IOException { logger.info("setting up reserved passwords for test"); { - Request request = new Request("PUT", "/_xpack/security/user/elastic/_password"); + Request request = new Request("PUT", "/_security/user/elastic/_password"); request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD)); @@ -94,7 +94,7 @@ public void setupReservedPasswords(RestClient restClient) throws IOException { final List usernames = Arrays.asList(KibanaUser.NAME, LogstashSystemUser.NAME, BeatsSystemUser.NAME, APMSystemUser.NAME, RemoteMonitoringUser.NAME); for (String username : usernames) { - Request request = new Request("PUT", "/_xpack/security/user/" + username + "/_password"); + Request request = new Request("PUT", "/_security/user/" + username + "/_password"); request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}"); request.setOptions(options); restClient.performRequest(request); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java index a359c1ba6ecc1..71685c444ec1c 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolTests.java @@ -459,11 +459,11 @@ private String parsePassword(String value) throws IOException { } private URL authenticateUrl(URL url) throws MalformedURLException, URISyntaxException { - return new URL(url, (url.toURI().getPath() + "/_xpack/security/_authenticate").replaceAll("/+", "/") + "?pretty"); + return new URL(url, (url.toURI().getPath() + "/_security/_authenticate").replaceAll("/+", "/") + "?pretty"); } private URL passwordUrl(URL url, String user) throws MalformedURLException, URISyntaxException { - return new URL(url, (url.toURI().getPath() + "/_xpack/security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty"); + return new URL(url, (url.toURI().getPath() + "/_security/user/" + user + "/_password").replaceAll("/+", "/") + "?pretty"); } private URL clusterHealthUrl(URL url) throws MalformedURLException, URISyntaxException { diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java index a6a304df12378..1e7955175f6d2 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/RestAuthenticateActionTests.java @@ -53,7 +53,7 @@ protected Settings nodeSettings(int nodeOrdinal) { } public void testAuthenticateApi() throws Exception { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME, new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))); @@ -72,7 +72,7 @@ public void testAuthenticateApi() throws Exception { public void testAuthenticateApiWithoutAuthentication() throws Exception { try { - Response response = getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")); + Response response = getRestClient().performRequest(new Request("GET", "/_security/_authenticate")); if (anonymousEnabled) { assertThat(response.getStatusLine().getStatusCode(), is(200)); ObjectPath objectPath = ObjectPath.createFromResponse(response); diff --git a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java index 848fee17c7f1f..1dc765e242a2e 100644 --- a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java +++ b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/SqlSecurityTestCase.java @@ -476,7 +476,7 @@ public void testNoGetIndex() throws Exception { } protected static void createUser(String name, String role) throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/" + name); + Request request = new Request("PUT", "/_security/user/" + name); XContentBuilder user = JsonXContent.contentBuilder().prettyPrint(); user.startObject(); { user.field("password", "testpass"); diff --git a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java index 1538f5302d6bb..4ddeb7d4cdc44 100644 --- a/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java +++ b/x-pack/plugin/sql/qa/security/src/test/java/org/elasticsearch/xpack/sql/qa/security/UserFunctionIT.java @@ -155,7 +155,7 @@ public void testSingleUserSelectFromIndex() throws IOException { } private void createUser(String name, String role) throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/" + name); + Request request = new Request("PUT", "/_security/user/" + name); XContentBuilder user = JsonXContent.contentBuilder().prettyPrint(); user.startObject(); { user.field("password", "testpass"); @@ -167,7 +167,7 @@ private void createUser(String name, String role) throws IOException { } private void deleteUser(String name) throws IOException { - Request request = new Request("DELETE", "/_xpack/security/user/" + name); + Request request = new Request("DELETE", "/_security/user/" + name); client().performRequest(request); } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json similarity index 62% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json index 650f89e89a461..394ad0d8dbe45 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.authenticate.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.authenticate.json @@ -1,10 +1,12 @@ { - "xpack.security.authenticate": { + "security.authenticate": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/_authenticate", - "paths": [ "/_xpack/security/_authenticate" ], + "path": "/_security/_authenticate", + "paths": [ + "/_security/_authenticate" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json index 7cb4277ee5083..3fcc45154fd09 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.change_password.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json @@ -3,8 +3,11 @@ "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_password", - "paths": [ "/_xpack/security/user/{username}/_password", "/_xpack/security/user/_password" ], + "path": "/_security/user/{username}/_password", + "paths": [ + "/_security/user/{username}/_password", + "/_security/user/_password" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json similarity index 76% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json index 059441d654eff..9e986d615a257 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_realms.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_realms.json @@ -1,10 +1,12 @@ { - "xpack.security.clear_cached_realms": { + "security.clear_cached_realms": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/realm/{realms}/_clear_cache", - "paths": [ "/_xpack/security/realm/{realms}/_clear_cache" ], + "path": "/_security/realm/{realms}/_clear_cache", + "paths": [ + "/_security/realm/{realms}/_clear_cache" + ], "parts": { "realms": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json similarity index 68% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json index d945ebe3247e0..1c39ea9ade349 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.clear_cached_roles.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.clear_cached_roles.json @@ -1,10 +1,12 @@ { - "xpack.security.clear_cached_roles": { + "security.clear_cached_roles": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/role/{name}/_clear_cache", - "paths": [ "/_xpack/security/role/{name}/_clear_cache" ], + "path": "/_security/role/{name}/_clear_cache", + "paths": [ + "/_security/role/{name}/_clear_cache" + ], "parts": { "name": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json similarity index 81% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json index 6086e46eade65..13231572ab79a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_privileges": { + "security.delete_privileges": { "documentation": "TODO", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/privilege/{application}/{name}", - "paths": [ "/_xpack/security/privilege/{application}/{name}" ], + "path": "/_security/privilege/{application}/{name}", + "paths": [ + "/_security/privilege/{application}/{name}" + ], "parts": { "application": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json index 881105d60b8b3..8e4a17988f536 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_role": { + "security.delete_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json similarity index 82% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json index 4c1df6b99db79..5aff743b45bdd 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_role_mapping.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_role_mapping": { + "security.delete_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role-mapping.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json index fa1deb3e1ec13..175d9925f00a6 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.delete_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.delete_user.json @@ -1,10 +1,12 @@ { - "xpack.security.delete_user": { + "security.delete_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-user.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json similarity index 82% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json index 0e55e82ead628..cfc04b52ad38d 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.disable_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.disable_user.json @@ -1,10 +1,12 @@ { - "xpack.security.disable_user": { + "security.disable_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_disable", - "paths": [ "/_xpack/security/user/{username}/_disable" ], + "path": "/_security/user/{username}/_disable", + "paths": [ + "/_security/user/{username}/_disable" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json similarity index 83% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json index da2f67adbea37..aa50ddce9ac0a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.enable_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.enable_user.json @@ -1,10 +1,12 @@ { - "xpack.security.enable_user": { + "security.enable_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}/_enable", - "paths": [ "/_xpack/security/user/{username}/_enable" ], + "path": "/_security/user/{username}/_enable", + "paths": [ + "/_security/user/{username}/_enable" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json similarity index 70% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json index 4286ffa954b99..95a39bd313a2b 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.get_privileges": { + "security.get_privileges": { "documentation": "TODO", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/privilege/{application}/{name}", - "paths": [ "/_xpack/security/privilege/{application}/{name}" ], + "path": "/_security/privilege/{application}/{name}", + "paths": [ + "/_security/privilege/{application}/{name}" + ], "parts": { "application": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json index 67bdbb8a911a2..412127ce157e4 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role.json @@ -1,10 +1,13 @@ { - "xpack.security.get_role": { + "security.get_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}", "/_xpack/security/role" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}", + "/_security/role" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json similarity index 66% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json index 7696f6671e489..169ef451b3cb8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_role_mapping.json @@ -1,10 +1,13 @@ { - "xpack.security.get_role_mapping": { + "security.get_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}", "/_xpack/security/role_mapping" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}", + "/_security/role_mapping" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json index 0b6f141d10e6a..9ecc8091797b8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_token.json @@ -1,10 +1,12 @@ { - "xpack.security.get_token": { + "security.get_token": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", "methods": [ "POST" ], "url": { - "path": "/_xpack/security/oauth2/token", - "paths": [ "/_xpack/security/oauth2/token" ], + "path": "/_security/oauth2/token", + "paths": [ + "/_security/oauth2/token" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json similarity index 70% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json index 94dcbca81e18e..ed6e7069dca31 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user.json @@ -1,10 +1,13 @@ { - "xpack.security.get_user": { + "security.get_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}", "/_xpack/security/user" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}", + "/_security/user" + ], "parts": { "username": { "type" : "list", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json similarity index 61% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json index 56b9609c2640d..45f1e4a08c6d8 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.get_user_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.get_user_privileges.json @@ -1,10 +1,12 @@ { - "xpack.security.get_user_privileges": { + "security.get_user_privileges": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/security/user/_privileges", - "paths": [ "/_xpack/security/user/_privileges" ], + "path": "/_security/user/_privileges", + "paths": [ + "/_security/user/_privileges" + ], "parts": { }, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json similarity index 68% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json index 9c75b40e4d1a7..c388f766c9829 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.has_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.has_privileges.json @@ -1,10 +1,13 @@ { - "xpack.security.has_privileges": { + "security.has_privileges": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html", "methods": [ "GET", "POST" ], "url": { - "path": "/_xpack/security/user/_has_privileges", - "paths": [ "/_xpack/security/user/_has_privileges", "/_xpack/security/user/{user}/_has_privileges" ], + "path": "/_security/user/_has_privileges", + "paths": [ + "/_security/user/_has_privileges", + "/_security/user/{user}/_has_privileges" + ], "parts": { "user": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json similarity index 69% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json index 27dd103091422..7938825e5b12e 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.invalidate_token.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.invalidate_token.json @@ -1,10 +1,12 @@ { - "xpack.security.invalidate_token": { + "security.invalidate_token": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", "methods": [ "DELETE" ], "url": { - "path": "/_xpack/security/oauth2/token", - "paths": [ "/_xpack/security/oauth2/token" ], + "path": "/_security/oauth2/token", + "paths": [ + "/_security/oauth2/token" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json index 312db3c9a1821..20b8d8418ab1f 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_privileges.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_privileges.json @@ -1,11 +1,11 @@ { - "xpack.security.put_privileges": { + "security.put_privileges": { "documentation": "TODO", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/privilege/", + "path": "/_security/privilege/", "paths": [ - "/_xpack/security/privilege/" + "/_security/privilege/" ], "params": { "refresh": { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json similarity index 86% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json index 63ef5ee37867c..8539d198c70e7 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role.json @@ -1,10 +1,12 @@ { - "xpack.security.put_role": { + "security.put_role": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ "/_xpack/security/role/{name}" ], + "path": "/_security/role/{name}", + "paths": [ + "/_security/role/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json similarity index 84% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json index 98e723d80e9b0..626ff0d6da80c 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_role_mapping.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_role_mapping.json @@ -1,10 +1,12 @@ { - "xpack.security.put_role_mapping": { + "security.put_role_mapping": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/role_mapping/{name}", - "paths": [ "/_xpack/security/role_mapping/{name}" ], + "path": "/_security/role_mapping/{name}", + "paths": [ + "/_security/role_mapping/{name}" + ], "parts": { "name": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json similarity index 85% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json index 1b51783a05ef5..a1a77c5bb4e9f 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.security.put_user.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.put_user.json @@ -1,10 +1,12 @@ { - "xpack.security.put_user": { + "security.put_user": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", "methods": [ "PUT", "POST" ], "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ "/_xpack/security/user/{username}" ], + "path": "/_security/user/{username}", + "paths": [ + "/_security/user/{username}" + ], "parts": { "username": { "type" : "string", diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json similarity index 64% rename from x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json rename to x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json index b9ad98b172bae..10715cd5380fe 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/xpack.ssl.certificates.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/ssl.certificates.json @@ -1,10 +1,12 @@ { - "xpack.ssl.certificates": { + "ssl.certificates": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html", "methods": [ "GET" ], "url": { - "path": "/_xpack/ssl/certificates", - "paths": [ "/_xpack/ssl/certificates" ], + "path": "/_ssl/certificates", + "paths": [ + "/_ssl/certificates" + ], "parts": {}, "params": {} }, diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml index 103bfe55c3078..ea4f2f592c67e 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_basic.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "authenticate_user" body: > { @@ -20,7 +20,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "authenticate_user" ignore: 404 @@ -30,7 +30,7 @@ teardown: - do: headers: Authorization: "Basic YXV0aGVudGljYXRlX3VzZXI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ=" - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "authenticate_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml index acb2daf3ae97e..c1d30fb1f31a4 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/authenticate/10_field_level_security.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "readall" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "limitread" body: > { @@ -35,7 +35,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "full" body: > { @@ -45,7 +45,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "limited" body: > { @@ -56,22 +56,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "full" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "limited" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "readall" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "limitread" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml index 562a56f41547b..7b465426350c4 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/change_password/10_basic.yml @@ -6,7 +6,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -14,7 +14,7 @@ setup: "roles" : [ "superuser" ] } - do: - xpack.security.put_role: + security.put_role: name: "user" body: > { @@ -27,7 +27,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "unprivileged_user" body: > { @@ -38,15 +38,15 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "unprivileged_user" ignore: 404 @@ -62,7 +62,7 @@ teardown: # change password - do: - xpack.security.change_password: + security.change_password: username: "joe" body: > { @@ -98,7 +98,7 @@ teardown: - do: headers: Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0" - xpack.security.change_password: + security.change_password: body: > { "password" : "s3krit2" @@ -132,7 +132,7 @@ teardown: headers: Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0" catch: forbidden - xpack.security.change_password: + security.change_password: username: "anotheruser" body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml index 07cd7d259365d..53be35343a2fd 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/monitoring/bulk/20_privileges.yml @@ -9,7 +9,7 @@ setup: # Creates a role and a user "Logstash Agent" who can use # the Monitoring Bulk API and read the monitoring indices. - do: - xpack.security.put_role: + security.put_role: name: "logstash_agent_role" body: > { @@ -22,7 +22,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "logstash_agent" body: > { @@ -33,7 +33,7 @@ setup: # Creates a role and a user "Unknown Agent" who can only # read the monitoring indices. - do: - xpack.security.put_role: + security.put_role: name: "unknown_agent_role" body: > { @@ -46,7 +46,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "unknown_agent" body: > { @@ -57,19 +57,19 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "logstash_agent" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "logstash_agent_role" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "unknown_agent" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "unknown_agent_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml index 30fa3a8d07840..e003dba2c2185 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/10_basic.yml @@ -9,22 +9,22 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app name: "p1,p2,p3" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app2 name: "p1" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: "p1,p2,p3,p4" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app4 name: "p1" ignore: 404 @@ -32,7 +32,7 @@ teardown: "Test put and get privileges": # Single privilege - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -51,7 +51,7 @@ teardown: # Multiple privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -88,7 +88,7 @@ teardown: # Update existing privilege - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -104,7 +104,7 @@ teardown: # Get the privilege back - do: - xpack.security.get_privileges: + security.get_privileges: application: app name: p1 @@ -121,7 +121,7 @@ teardown: # Get 2 privileges back - do: - xpack.security.get_privileges: + security.get_privileges: application: app name: p1,p2 @@ -149,7 +149,7 @@ teardown: # Get all (3) privileges back for "app" - do: - xpack.security.get_privileges: + security.get_privileges: application: "app" name: "" @@ -188,7 +188,7 @@ teardown: # Get all (4) privileges back for all apps - do: - xpack.security.get_privileges: + security.get_privileges: application: "" name: "" @@ -237,7 +237,7 @@ teardown: "Test put and delete privileges": # Store some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app3": { @@ -278,7 +278,7 @@ teardown: # Delete 1 privilege - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: p1 @@ -287,7 +287,7 @@ teardown: # Delete 2 more privileges (p2, p3) # and try to delete two that don't exist (p1, p0) - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app3 name: p1,p2,p3,p0 @@ -299,13 +299,13 @@ teardown: # Check the deleted privileges are gone - do: catch: missing - xpack.security.get_privileges: + security.get_privileges: application: app3 name: p1,p2,p3 # Check the non-deleted privileges are there - do: - xpack.security.get_privileges: + security.get_privileges: application: "" name: "" - match: { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml index 1860564863fb2..85ac286c3f025 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/20_has_application_privs.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "myapp": { @@ -33,7 +33,7 @@ setup: # Store 2 test roles - do: - xpack.security.put_role: + security.put_role: name: "myapp_engineering_read" body: > { @@ -59,7 +59,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "myapp_engineering_write" body: > { @@ -86,7 +86,7 @@ setup: # And a user for each role - do: - xpack.security.put_user: + security.put_user: username: "eng_read" body: > { @@ -94,7 +94,7 @@ setup: "roles" : [ "myapp_engineering_read" ] } - do: - xpack.security.put_user: + security.put_user: username: "eng_write" body: > { @@ -105,35 +105,35 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: myapp name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "eng_read" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "eng_write" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "myapp_engineering_read" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "myapp_engineering_write" ignore: 404 --- "Test has_privileges with application-privileges": - do: headers: { Authorization: "Basic ZW5nX3JlYWQ6cEBzc3cwcmQ=" } # eng_read - xpack.security.has_privileges: + security.has_privileges: user: null body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml index 912a27884bf61..f51c045f6c610 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/30_superuser.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app01": { @@ -50,7 +50,7 @@ setup: # And a superuser - do: - xpack.security.put_user: + security.put_user: username: "my_admin" body: > { @@ -58,7 +58,7 @@ setup: "roles" : [ "superuser" ] } - do: - xpack.security.put_user: + security.put_user: username: "eng_write" body: > { @@ -69,18 +69,18 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app01 name: "user,read,write" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app02 name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "my_admin" ignore: 404 @@ -88,7 +88,7 @@ teardown: "Test superuser has all application-privileges": - do: headers: { Authorization: "Basic bXlfYWRtaW46YWRtaW4wMQ==" } # my_admin - xpack.security.has_privileges: + security.has_privileges: user: null body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml index 80123ea7c3c58..430bbdb5f2925 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/privileges/40_get_user_privs.yml @@ -9,7 +9,7 @@ setup: # Create some privileges - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "test-app": { @@ -27,7 +27,7 @@ setup: # Store 2 test roles - do: - xpack.security.put_role: + security.put_role: name: "test-role-1" body: > { @@ -82,7 +82,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "test-role-2" body: > { @@ -142,7 +142,7 @@ setup: # And a user for each role combination - do: - xpack.security.put_user: + security.put_user: username: "test-1" body: > { @@ -150,7 +150,7 @@ setup: "roles" : [ "test-role-1" ] } - do: - xpack.security.put_user: + security.put_user: username: "test-2" body: > { @@ -158,7 +158,7 @@ setup: "roles" : [ "test-role-2" ] } - do: - xpack.security.put_user: + security.put_user: username: "test-3" body: > { @@ -169,33 +169,33 @@ setup: --- teardown: - do: - xpack.security.delete_privileges: + security.delete_privileges: application: test-app name: "user,read,write" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-1" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-2" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "test-3" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "test-role-1" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "test-role-2" ignore: 404 @@ -207,7 +207,7 @@ teardown: features: contains - do: headers: { Authorization: "Basic dGVzdC0xOjEyMzQ1Njc4" } # test-1 - xpack.security.get_user_privileges: {} + security.get_user_privileges: {} - match: { "cluster" : [ "monitor" ] } @@ -235,7 +235,7 @@ teardown: - do: headers: { Authorization: "Basic dGVzdC0yOjEyMzQ1Njc4" } # test-2 - xpack.security.get_user_privileges: + security.get_user_privileges: username: null - match: { "cluster" : [ "manage", "manage_security" ] } @@ -269,7 +269,7 @@ teardown: features: contains - do: headers: { Authorization: "Basic dGVzdC0zOjEyMzQ1Njc4" } # test-3 - xpack.security.get_user_privileges: {} + security.get_user_privileges: {} - match: { "cluster" : [ "manage", "manage_security", "monitor" ] } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml index 8c64e995c96ed..73eae3d7976de 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/10_basic.yml @@ -10,13 +10,13 @@ setup: --- teardown: - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "everyone" ignore: 404 --- "Test put role_mapping api": - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "everyone" body: > { @@ -31,7 +31,7 @@ teardown: # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "everyone" - match: { everyone.enabled: true } - match: { everyone.roles.0: "kibana_user" } @@ -39,7 +39,7 @@ teardown: # Get all - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: null - match: { everyone.enabled: true } - match: { everyone.roles.0: "kibana_user" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml index 31208ceaf2ea2..cda9987e43224 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing role-mapping": - do: catch: missing - xpack.security.get_role_mapping: + security.get_role_mapping: name: 'does-not-exist' --- "Get missing (multiple) role-mappings": - do: catch: missing - xpack.security.get_role_mapping: + security.get_role_mapping: name: [ 'dne1', 'dne2' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml index 0939fdfb1f757..0bd49ee8a796b 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/role_mapping/30_delete.yml @@ -10,13 +10,13 @@ setup: --- teardown: - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "test_delete" ignore: 404 --- "Test delete role_mapping api": - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "test_delete" body: > { @@ -28,18 +28,18 @@ teardown: # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "test_delete" - match: { test_delete.enabled: true } # Delete it - do: - xpack.security.delete_role_mapping: + security.delete_role_mapping: name: "test_delete" - match: { found: true } # Get by name - do: - xpack.security.get_role_mapping: + security.get_role_mapping: name: "test_delete" catch: missing diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml index badfcec6406e5..f34546c7cda48 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,22 +18,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "admin_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "backwards_role" ignore: 404 --- "Test put role api": - do: - xpack.security.put_role: + security.put_role: name: "admin_role" body: > { @@ -52,7 +52,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.put_role: + security.put_role: name: "backwards_role" body: > { @@ -73,7 +73,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_role: + security.get_role: name: "admin_role" - match: { admin_role.cluster.0: "all" } - match: { admin_role.metadata.key1: "val1" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml index 84e2ae4d41243..1046be6a1b6eb 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml @@ -9,12 +9,12 @@ setup: --- teardown: - do: - xpack.security.delete_role: + security.delete_role: name: "admin_role2" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -29,7 +29,7 @@ teardown: "Test put role api using as array of index names": - do: - xpack.security.put_role: + security.put_role: name: "admin_role2" body: > { @@ -44,7 +44,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -80,7 +80,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_role: + security.get_role: name: "admin_role2" - match: { admin_role2.cluster.0: "all" } - match: { admin_role2.indices.0.names.0: "foo" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml index ebe0a5d9df3de..557af73d51e2a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing role": - do: catch: missing - xpack.security.get_role: + security.get_role: name: 'foo' --- "Get missing (multiple) roles": - do: catch: missing - xpack.security.get_role: + security.get_role: name: [ 'foo', 'bar' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml index fd90474a1fbb2..f9a9eef5cd396 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/30_prohibited_role_query.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "role" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -36,11 +36,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml index b89efdfe56c33..570f23930f1e5 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/roles/40_global_privileges.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,11 +18,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "with_global" ignore: 404 @@ -30,7 +30,7 @@ teardown: --- "Test put role with conditional security privileges": - do: - xpack.security.put_role: + security.put_role: name: "with_global" body: > { @@ -45,7 +45,7 @@ teardown: - match: { role: { created: true } } - do: - xpack.security.get_role: + security.get_role: name: "with_global" - match: { with_global.global.application.manage.applications.0: "app1-*" } - match: { with_global.global.application.manage.applications.1: "app2-*" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml index 3db0fa34ae2ea..8c8c122e4bd31 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/rollup/security_tests.yml @@ -9,12 +9,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "foo_only_access" ignore: 404 @@ -22,7 +22,7 @@ teardown: "Index-based access": - do: - xpack.security.put_role: + security.put_role: name: "foo_only_access" body: > { @@ -34,7 +34,7 @@ teardown: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -184,7 +184,7 @@ teardown: "Attribute-based access": - do: - xpack.security.put_role: + security.put_role: name: "foo_only_access" body: > { @@ -204,7 +204,7 @@ teardown: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml index b5132fc75e084..1ab6ca155a32b 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/10_index_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -87,12 +87,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml index 3fd523ac495ce..67f98cb061859 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/11_delete_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -21,7 +21,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -113,12 +113,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml index 1e947c5639d77..ebb08c8a759d5 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/12_index_alias.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -98,12 +98,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml index 7f3a20a607452..f8a13b897ae24 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/13_index_datemath.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml index 3767ca5dd27f1..5b6a0e2d331e1 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/20_get_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -22,7 +22,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -116,12 +116,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml index b26b797bd297a..82355a2742558 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/21_search_doc.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "mixed_role" body: > { @@ -22,7 +22,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -134,12 +134,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "mixed_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml index 3fca1ee563305..a0fbed057bc73 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/30_dynamic_put_mapping.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "alias_write_role" body: > { @@ -18,7 +18,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -44,12 +44,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "alias_write_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml index a7d3fabd2a282..ba32459111471 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/authz/40_condtional_cluster_priv.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -17,7 +17,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "app_manage" body: > { @@ -31,7 +31,7 @@ setup: } - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app-allow": { @@ -42,7 +42,7 @@ setup: } - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "app-deny": { @@ -55,28 +55,28 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "app_manage" ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app name: read ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app-allow name: read ignore: 404 - do: - xpack.security.delete_privileges: + security.delete_privileges: application: app_deny name: read ignore: 404 @@ -86,7 +86,7 @@ teardown: - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.put_privileges: + security.put_privileges: body: > { "app": { @@ -101,7 +101,7 @@ teardown: "Test get application privileges when allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.get_privileges: + security.get_privileges: application: app-allow name: read @@ -118,7 +118,7 @@ teardown: "Test put application privileges when not allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.put_privileges: + security.put_privileges: body: > { "app_deny": { @@ -133,7 +133,7 @@ teardown: "Test get application privileges when not allowed": - do: headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user - xpack.security.get_privileges: + security.get_privileges: application: app_deny name: read catch: forbidden diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml index dd81f4dc35fa5..e437cdaedca56 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/10_security_read.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "all_access" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "all_access" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml index 8d88211d2a1c3..be4925d1638c3 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/security/hidden-index/11_security-6_read.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_role: + security.put_role: name: "all_access" body: > { @@ -19,7 +19,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "test_user" body: > { @@ -31,12 +31,12 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "test_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "all_access" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml index 24ea7c03c802e..1415faee97d50 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/set_security_user/10_small_users_one_index.yml @@ -21,7 +21,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -29,7 +29,7 @@ setup: "roles" : [ "company_x_logs_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "john" body: > { @@ -38,7 +38,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "company_x_logs_role" body: > { @@ -55,7 +55,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "company_y_logs_role" body: > { @@ -74,19 +74,19 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "john" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "company_x_logs_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "company_y_logs_role" ignore: 404 diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml index 62e32cdaed2b6..43f25a11db07a 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/token/10_basic.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "token_user" body: > { @@ -20,7 +20,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "token_user" ignore: 404 @@ -28,7 +28,7 @@ teardown: "Test get and use token": - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -43,7 +43,7 @@ teardown: - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } @@ -53,7 +53,7 @@ teardown: "Test invalidate token": - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -68,14 +68,14 @@ teardown: - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } - match: { full_name: "Token User" } - do: - xpack.security.invalidate_token: + security.invalidate_token: body: token: $token @@ -85,4 +85,4 @@ teardown: catch: unauthorized headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml index fd41df11ac4f8..e101ca8729aab 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml @@ -10,18 +10,18 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "bob" ignore: 404 --- "Test put user api": - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -43,7 +43,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -55,7 +55,7 @@ teardown: --- "Test put user with username in body": - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -78,7 +78,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -91,7 +91,7 @@ teardown: "Test put user with different username in body": - do: catch: bad_request - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -113,7 +113,7 @@ teardown: # But it has the nice side effect of automatically adjusting to any changes in the default hasher for # the ES cluster - do: - xpack.security.put_user: + security.put_user: username: "bob" body: > { @@ -129,7 +129,7 @@ teardown: - set: { _source.password: "hash" } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -141,11 +141,11 @@ teardown: - do: headers: Authorization: "Basic am9lOmNvcnJlY3QgaG9yc2UgYmF0dGVyeSBzdGFwbGU=" - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "joe" } - do: catch: unauthorized headers: Authorization: "Basic am9lOnMza3JpdA==" - xpack.security.authenticate: {} + security.authenticate: {} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml index efe4d4e4c920f..38fc162be5c0b 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -19,14 +19,14 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 --- "Test overwriting a user": - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -38,7 +38,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -54,7 +54,7 @@ teardown: - match: { created: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml index 2a477e8bfbbd8..41a238766d0fe 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml @@ -5,7 +5,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -16,7 +16,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -24,7 +24,7 @@ teardown: "Test creating a user without password": - do: catch: bad_request - xpack.security.put_user: + security.put_user: username: "no_password_user" body: > { @@ -44,7 +44,7 @@ teardown: - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -54,7 +54,7 @@ teardown: # update the user without a password - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -77,7 +77,7 @@ teardown: # validate other properties - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } @@ -89,7 +89,7 @@ teardown: # update with password - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -121,7 +121,7 @@ teardown: # validate properties - do: - xpack.security.get_user: + security.get_user: username: "joe" - match: { joe.username: "joe" } - match: { joe.roles.0: "superuser" } diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml index 290e612f427da..a8550fa7ff026 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/20_get_missing.yml @@ -1,12 +1,12 @@ "Get missing user": - do: catch: missing - xpack.security.get_user: + security.get_user: username: 'foo' --- "Get missing (multiple) users": - do: catch: missing - xpack.security.get_user: + security.get_user: username: [ 'foo', 'bar' ] diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml index 746aaed73be5b..0ffeeb60ed84f 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/30_enable_disable.yml @@ -7,7 +7,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,7 +18,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -32,7 +32,7 @@ teardown: # disable the user - do: - xpack.security.disable_user: + security.disable_user: username: "joe" # validate user cannot login @@ -44,7 +44,7 @@ teardown: # enable the user - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate that the user can login again @@ -65,7 +65,7 @@ teardown: # enable the user - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate that the user still works @@ -86,7 +86,7 @@ teardown: # disable the user - do: - xpack.security.disable_user: + security.disable_user: username: "joe" # validate user cannot login @@ -98,11 +98,11 @@ teardown: # disable again - do: - xpack.security.disable_user: + security.disable_user: username: "joe" - do: - xpack.security.enable_user: + security.enable_user: username: "joe" --- @@ -119,5 +119,5 @@ teardown: catch: '/users may not update the enabled status of their own account/' headers: Authorization: "Basic am9lOnMza3JpdA==" - xpack.security.disable_user: + security.disable_user: username: "joe" diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml index 50811a3cb698f..716508e590d38 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/users/31_create_disabled.yml @@ -7,7 +7,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -18,7 +18,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 @@ -32,7 +32,7 @@ teardown: # enable - do: - xpack.security.enable_user: + security.enable_user: username: "joe" # validate user can login diff --git a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java index 1192c78017176..8ecca5c5b9fff 100644 --- a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java +++ b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java @@ -568,7 +568,7 @@ static String toStr(Response response) throws IOException { } private void createUser(final String id) throws Exception { - Request request = new Request("PUT", "/_xpack/security/user/" + id); + Request request = new Request("PUT", "/_security/user/" + id); request.setJsonEntity( "{\n" + " \"password\" : \"j@rV1s\",\n" + @@ -581,7 +581,7 @@ private void createUser(final String id) throws Exception { } private void createRole(final String id) throws Exception { - Request request = new Request("PUT", "/_xpack/security/role/" + id); + Request request = new Request("PUT", "/_security/role/" + id); request.setJsonEntity( "{\n" + " \"run_as\": [ \"abc\" ],\n" + @@ -601,7 +601,7 @@ private void createRole(final String id) throws Exception { } private void assertUserInfo(final String user) throws Exception { - Map response = entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))); + Map response = entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); @SuppressWarnings("unchecked") Map userInfo = (Map) response.get(user); assertEquals(user + "@example.com", userInfo.get("email")); assertNotNull(userInfo.get("full_name")); @@ -610,7 +610,7 @@ private void assertUserInfo(final String user) throws Exception { private void assertRoleInfo(final String role) throws Exception { @SuppressWarnings("unchecked") Map response = (Map) - entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role); + entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); assertNotNull(response.get("run_as")); assertNotNull(response.get("cluster")); assertNotNull(response.get("indices")); diff --git a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java index 17eb3592d584a..ff5c24b15edac 100644 --- a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java +++ b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosAuthenticationIT.java @@ -79,7 +79,7 @@ public void setupRoleMapping() throws IOException { .endObject() // "rules" .endObject()); - final Request request = new Request("POST", "/_xpack/security/role_mapping/kerberosrolemapping"); + final Request request = new Request("POST", "/_security/role_mapping/kerberosrolemapping"); request.setJsonEntity(json); final Response response = adminClient().performRequest(request); assertOK(response); @@ -117,7 +117,7 @@ protected HttpHost buildHttpHost(String host, int port) { private void executeRequestAndVerifyResponse(final String userPrincipalName, final SpnegoHttpClientConfigCallbackHandler callbackHandler) throws PrivilegedActionException, IOException { - final Request request = new Request("GET", "/_xpack/security/_authenticate"); + final Request request = new Request("GET", "/_security/_authenticate"); try (RestClient restClient = buildRestClientForKerberos(callbackHandler)) { final AccessControlContext accessControlContext = AccessController.getContext(); final LoginContext lc = callbackHandler.login(); diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml index 35c6212451cf0..d7a9292130f4b 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml index 490edf794f652..87afd871a7ba4 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/20_info.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -24,11 +24,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "monitor_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml index c960f2f1432c8..9bc4daa655c5f 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/30_field_caps.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml index 97e0cfab862cc..a228f246d5553 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/40_scroll.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml index 0b224518782c3..1d3b04e713af1 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/50_missing.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml index ad27f58567a94..6bb543b128fe9 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/multi_cluster/60_skip_shards.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -30,11 +30,11 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "x_cluster_role" ignore: 404 --- diff --git a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml index adcf0cf077057..65adea963ab1d 100644 --- a/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml +++ b/x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml @@ -7,7 +7,7 @@ setup: cluster.health: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -15,7 +15,7 @@ setup: "roles" : [ "x_cluster_role" ] } - do: - xpack.security.put_role: + security.put_role: name: "x_cluster_role" body: > { @@ -188,7 +188,7 @@ setup: # request clears the cached reference to the user so we do not need to do # that manually - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java index 7562589594461..6e2083ffc2c98 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java @@ -49,7 +49,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { } } - Request createTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -70,7 +70,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { "}"); client().performRequest(indexRequest1); - Request createSecondTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createSecondTokenRequest = new Request("POST", "/_security/oauth2/token"); createSecondTokenRequest.setEntity(createTokenRequest.getEntity()); response = client().performRequest(createSecondTokenRequest); responseMap = entityAsMap(response); @@ -102,14 +102,14 @@ public void testMixedCluster() throws Exception { final String token = (String) source.get("token"); assertTokenWorks(token); - Request invalidateRequest = new Request("DELETE", "_xpack/security/oauth2/token"); + Request invalidateRequest = new Request("DELETE", "/_security/oauth2/token"); invalidateRequest.setJsonEntity("{\"token\": \"" + token + "\"}"); invalidateRequest.addParameter("error_trace", "true"); client().performRequest(invalidateRequest); assertTokenDoesNotWork(token); // create token and refresh on version that supports it - Request createTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_/security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -125,7 +125,7 @@ public void testMixedCluster() throws Exception { assertNotNull(refreshToken); assertTokenWorks(accessToken); - Request tokenRefreshRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request tokenRefreshRequest = new Request("POST", "/_security/oauth2/token"); tokenRefreshRequest.setJsonEntity( "{\n" + " \"refresh_token\": \"" + refreshToken + "\",\n" + @@ -152,7 +152,7 @@ public void testUpgradedCluster() throws Exception { final String token = (String) source.get("token"); // invalidate again since this may not have been invalidated in the mixed cluster - Request invalidateRequest = new Request("DELETE", "_xpack/security/oauth2/token"); + Request invalidateRequest = new Request("DELETE", "/_security/oauth2/token"); invalidateRequest.setJsonEntity("{\"token\": \"" + token + "\"}"); invalidateRequest.addParameter("error_trace", "true"); Response invalidationResponse = client().performRequest(invalidateRequest); @@ -164,7 +164,7 @@ public void testUpgradedCluster() throws Exception { final String workingToken = (String) source.get("token"); assertTokenWorks(workingToken); - Request getTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request getTokenRequest = new Request("POST", "/_security/oauth2/token"); getTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -179,7 +179,7 @@ public void testUpgradedCluster() throws Exception { assertNotNull(refreshToken); assertTokenWorks(accessToken); - Request refreshTokenRequest = new Request("POST", "_xpack/security/oauth2/token"); + Request refreshTokenRequest = new Request("POST", "/_security/oauth2/token"); refreshTokenRequest.setJsonEntity( "{\n" + " \"refresh_token\": \"" + refreshToken + "\",\n" + @@ -198,7 +198,7 @@ public void testUpgradedCluster() throws Exception { } private void assertTokenWorks(String token) throws IOException { - Request request = new Request("GET", "_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); @@ -208,7 +208,7 @@ private void assertTokenWorks(String token) throws IOException { } private void assertTokenDoesNotWork(String token) { - Request request = new Request("GET", "_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml index cfe3ca9733044..22291dde1a9cb 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/20_security.yml @@ -1,30 +1,30 @@ --- "Verify user and role in mixed cluster": - do: - xpack.security.get_user: + security.get_user: username: "native_user" - match: { native_user.username: "native_user" } - match: { native_user.roles.0: "native_role" } - do: - xpack.security.get_role: + security.get_role: name: "native_role" - match: { native_role.cluster.0: "all" } - match: { native_role.indices.0.names.0: "test_index" } - match: { native_role.indices.0.privileges.0: "all" } - do: - xpack.security.clear_cached_roles: + security.clear_cached_roles: name: "native_role" - do: - xpack.security.clear_cached_realms: + security.clear_cached_realms: realms: "_all" --- "verify users for default password migration in mixed cluster": - do: - xpack.security.get_user: + security.get_user: username: "kibana,logstash_system" - match: { kibana.enabled: false } - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml index 093902f8d0af0..86001aa0ee35a 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml @@ -18,7 +18,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml index 7350557e82f0c..1cd4ead9db08e 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml @@ -4,7 +4,7 @@ features: headers # create native user and role - do: - xpack.security.put_user: + security.put_user: username: "native_user" body: > { @@ -14,7 +14,7 @@ - match: { created: true } - do: - xpack.security.put_role: + security.put_role: name: "native_role" body: > { @@ -36,11 +36,11 @@ - match: { timed_out: false } - do: - xpack.security.clear_cached_roles: + security.clear_cached_roles: name: "native_role" - do: - xpack.security.clear_cached_realms: + security.clear_cached_realms: realms: "_all" - do: @@ -51,16 +51,16 @@ # Check that enabling a user in old cluster will not prevent the user from having a "default password" in the new cluster. # See: org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator.doConvertDefaultPasswords - do: - xpack.security.disable_user: + security.disable_user: username: "kibana" - do: - xpack.security.get_user: + security.get_user: username: "kibana" - match: { kibana.enabled: false } - do: - xpack.security.change_password: + security.change_password: username: "logstash_system" body: > { @@ -68,10 +68,10 @@ } - do: - xpack.security.enable_user: + security.enable_user: username: "logstash_system" - do: - xpack.security.get_user: + security.get_user: username: "logstash_system" - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml index 864332ecd336a..6981e1323d877 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml @@ -8,7 +8,7 @@ wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "token_user" body: > { @@ -18,7 +18,7 @@ } - do: - xpack.security.get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -33,7 +33,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml index a265605c536d2..f9d1b6c167977 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml @@ -13,13 +13,13 @@ - match: { timed_out: false } - do: - xpack.security.get_user: + security.get_user: username: "native_user" - match: { native_user.username: "native_user" } - match: { native_user.roles.0: "native_role" } - do: - xpack.security.get_role: + security.get_role: name: "native_role" - match: { native_role.cluster.0: "all" } - match: { native_role.indices.0.names.0: "test_index" } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml index 9f576512fc70b..729c95d7864e5 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml @@ -17,7 +17,7 @@ - do: headers: Authorization: Bearer ${token} - xpack.security.authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } diff --git a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java index a4dcfdeb99325..b28c7926c381f 100644 --- a/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java +++ b/x-pack/qa/saml-idp-tests/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticationIT.java @@ -178,7 +178,7 @@ protected Settings restAdminSettings() { */ @Before public void setKibanaPassword() throws IOException { - Request request = new Request("PUT", "/_xpack/security/user/kibana/_password"); + Request request = new Request("PUT", "/_security/user/kibana/_password"); request.setJsonEntity("{ \"password\" : \"" + KIBANA_PASSWORD + "\" }"); adminClient().performRequest(request); } @@ -190,7 +190,7 @@ public void setKibanaPassword() throws IOException { */ @Before public void setupRoleMapping() throws IOException { - Request request = new Request("PUT", "/_xpack/security/role_mapping/thor-kibana"); + Request request = new Request("PUT", "/_security/role_mapping/thor-kibana"); request.setJsonEntity(Strings.toString(XContentBuilder.builder(XContentType.JSON.xContent()) .startObject() .array("roles", new String[] { "kibana_user"} ) @@ -216,7 +216,7 @@ public void setupNativeUser() throws IOException { .put("password", randomAlphaOfLengthBetween(8, 16)) .put("metadata", Collections.singletonMap("is_native", true)) .map(); - final Response response = adminClient().performRequest(buildRequest("PUT", "/_xpack/security/user/thor", body)); + final Response response = adminClient().performRequest(buildRequest("PUT", "/_security/user/thor", body)); assertOK(response); } @@ -312,7 +312,7 @@ private void verifyElasticsearchAccessTokenForAuthorizingRealms(String accessTok } private Map callAuthenticateApiUsingAccessToken(String accessToken) throws IOException { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", "Bearer " + accessToken); request.setOptions(options); @@ -324,7 +324,7 @@ private String verifyElasticsearchRefreshToken(String refreshToken) throws IOExc .put("grant_type", "refresh_token") .put("refresh_token", refreshToken) .map(); - final Response response = client().performRequest(buildRequest("POST", "/_xpack/security/oauth2/token", body, kibanaAuth())); + final Response response = client().performRequest(buildRequest("POST", "/_security/oauth2/token", body, kibanaAuth())); assertOK(response); final Map result = entityAsMap(response); @@ -514,7 +514,7 @@ private String getUrl(String path) { */ private void httpLogin(HttpExchange http) throws IOException { final Map body = Collections.singletonMap("acs", this.acs.toString()); - Request request = buildRequest("POST", "/_xpack/security/saml/prepare", body, kibanaAuth()); + Request request = buildRequest("POST", "/_security/saml/prepare", body, kibanaAuth()); final Response prepare = client().performRequest(request); assertOK(prepare); final Map responseBody = parseResponseAsMap(prepare.getEntity()); @@ -559,7 +559,7 @@ private Response samlAuthenticate(HttpExchange http) throws IOException { .put("content", saml) .put("ids", Collections.singletonList(id)) .map(); - return client().performRequest(buildRequest("POST", "/_xpack/security/saml/authenticate", body, kibanaAuth())); + return client().performRequest(buildRequest("POST", "/_security/saml/authenticate", body, kibanaAuth())); } private List parseRequestForm(HttpExchange http) throws IOException { diff --git a/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java b/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java index 974f67825f7b5..364d1fb1e2d3a 100644 --- a/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java +++ b/x-pack/qa/security-setup-password-tests/src/test/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordToolIT.java @@ -103,7 +103,7 @@ public void testSetupPasswordToolAutoSetup() throws Exception { final String basicHeader = "Basic " + Base64.getEncoder().encodeToString((entry.getKey() + ":" + entry.getValue()).getBytes(StandardCharsets.UTF_8)); try { - Request request = new Request("GET", "/_xpack/security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader("Authorization", basicHeader); request.setOptions(options); diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml index 30284ab1645a3..a06f707cb5a40 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/10_templated_role_query.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -16,7 +16,7 @@ setup: "roles" : [ "inline_template_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "stored_template_user" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "terms_template_user" body: > { @@ -37,7 +37,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "inline_template_role" body: > { @@ -57,7 +57,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "terms_template_role" body: > { @@ -75,7 +75,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "stored_template_role" body: > { @@ -132,27 +132,27 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "stored_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "terms_template_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "inline_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "stored_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "terms_template_role" ignore: 404 --- diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml index 0c6bd4cbdac67..4a4f3c394514b 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/11_templated_role_query_runas.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -16,7 +16,7 @@ setup: "roles" : [ "inline_template_role" ] } - do: - xpack.security.put_user: + security.put_user: username: "stored_template_user" body: > { @@ -25,7 +25,7 @@ setup: } - do: - xpack.security.put_user: + security.put_user: username: "terms_template_user" body: > { @@ -37,7 +37,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "inline_template_role" body: > { @@ -57,7 +57,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "terms_template_role" body: > { @@ -75,7 +75,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "stored_template_role" body: > { @@ -132,27 +132,27 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "stored_template_user" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "terms_template_user" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "inline_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "stored_template_role" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "terms_template_role" ignore: 404 --- diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml index ff5fad0e82d32..1b4315fb1973b 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/20_small_users_one_index.yml @@ -24,7 +24,7 @@ setup: ] } - do: - xpack.security.put_user: + security.put_user: username: "joe" body: > { @@ -35,7 +35,7 @@ setup: } } - do: - xpack.security.put_user: + security.put_user: username: "john" body: > { @@ -49,22 +49,22 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "joe" ignore: 404 - do: - xpack.security.delete_user: + security.delete_user: username: "john" ignore: 404 - do: - xpack.security.delete_role: + security.delete_role: name: "small_companies_role" ignore: 404 --- "Test shared index separating user by using DLS role query with user's username": - do: - xpack.security.put_role: + security.put_role: name: "small_companies_role" body: > { @@ -132,7 +132,7 @@ teardown: --- "Test shared index separating user by using DLS role query with user's metadata": - do: - xpack.security.put_role: + security.put_role: name: "small_companies_role" body: > { diff --git a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml index e6e71b74b602f..d812caaa4d8f9 100644 --- a/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml +++ b/x-pack/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/30_search_template.yml @@ -8,7 +8,7 @@ setup: wait_for_status: yellow - do: - xpack.security.put_user: + security.put_user: username: "inline_template_user" body: > { @@ -17,7 +17,7 @@ setup: } - do: - xpack.security.put_role: + security.put_role: name: "role" body: > { @@ -51,7 +51,7 @@ setup: --- teardown: - do: - xpack.security.delete_user: + security.delete_user: username: "inline_template_user" ignore: 404 From 042f785eda2671447755e78d8f866f07c817f4da Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 10:47:18 +0200 Subject: [PATCH 02/16] Consistent leading slash use --- .../org/elasticsearch/client/SecurityRequestConverters.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java index 533de79e75c52..daa0c6c0f5978 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java @@ -130,7 +130,7 @@ private static Request setUserEnabled(SetUserEnabledRequest setUserEnabledReques } static Request hasPrivileges(HasPrivilegesRequest hasPrivilegesRequest) throws IOException { - Request request = new Request(HttpGet.METHOD_NAME, "_security/user/_has_privileges"); + Request request = new Request(HttpGet.METHOD_NAME, "/_security/user/_has_privileges"); request.setEntity(createEntity(hasPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } @@ -193,13 +193,13 @@ static Request getRoles(GetRolesRequest getRolesRequest) { } static Request createToken(CreateTokenRequest createTokenRequest) throws IOException { - Request request = new Request(HttpPost.METHOD_NAME, "_security/oauth2/token"); + Request request = new Request(HttpPost.METHOD_NAME, "/_security/oauth2/token"); request.setEntity(createEntity(createTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } static Request invalidateToken(InvalidateTokenRequest invalidateTokenRequest) throws IOException { - Request request = new Request(HttpDelete.METHOD_NAME, "_security/oauth2/token"); + Request request = new Request(HttpDelete.METHOD_NAME, "/_security/oauth2/token"); request.setEntity(createEntity(invalidateTokenRequest, REQUEST_BODY_CONTENT_TYPE)); return request; } From ed7f5ed59424dc811803ce17af606094e422bc03 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 11:49:11 +0200 Subject: [PATCH 03/16] rename missed test --- .../resources/rest-api-spec/api/security.change_password.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json index 3fcc45154fd09..9e94102fc23e9 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.change_password.json @@ -1,5 +1,5 @@ { - "xpack.security.change_password": { + "security.change_password": { "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", "methods": [ "PUT", "POST" ], "url": { From d7f3175e82ce6f65683eb208dbbca6ebe8aa88e7 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 12:14:01 +0200 Subject: [PATCH 04/16] handle _ssl/certificates correctly --- .../client/security/GetSslCertificatesRequest.java | 2 +- .../ssl/rest/RestGetCertificateInfoAction.java | 14 +++++++++++--- .../resources/rest-api-spec/test/ssl/10_basic.yml | 2 +- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java index c4dbef4e422b6..979d7d10e9d4f 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetSslCertificatesRequest.java @@ -36,7 +36,7 @@ public final class GetSslCertificatesRequest implements Validatable, ToXContentO private final Request request; private GetSslCertificatesRequest() { - request = new Request(HttpGet.METHOD_NAME, "/_xpack/ssl/certificates"); + request = new Request(HttpGet.METHOD_NAME, "/_ssl/certificates"); } public Request getRequest() { diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java index d7d7d7042ed3c..2d038011e6c56 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/rest/RestGetCertificateInfoAction.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.core.ssl.rest; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.client.node.NodeClient; +import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.rest.BaseRestHandler; @@ -28,14 +30,20 @@ */ public class RestGetCertificateInfoAction extends BaseRestHandler { + private static final DeprecationLogger deprecationLogger = + new DeprecationLogger(LogManager.getLogger(RestGetCertificateInfoAction.class)); + public RestGetCertificateInfoAction(Settings settings, RestController controller) { super(settings); - controller.registerHandler(GET, "/_xpack/ssl/certificates", this); + // TODO: remove deprecated endpoint in 8.0.0 + controller.registerWithDeprecatedHandler( + GET, "/_ssl/certificates", this, + GET, "/_xpack/ssl/certificates", deprecationLogger); } @Override public String getName() { - return "xpack_ssl_get_certificates"; + return "ssl_get_certificates"; } @Override @@ -48,4 +56,4 @@ public RestResponse buildResponse(Response response, XContentBuilder builder) th } }); } -} \ No newline at end of file +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml index 227d341b26d86..d3b8face71792 100644 --- a/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml +++ b/x-pack/plugin/src/test/resources/rest-api-spec/test/ssl/10_basic.yml @@ -1,7 +1,7 @@ --- "Test get SSL certificates": - do: - xpack.ssl.certificates: {} + ssl.certificates: {} - length: { $body: 1 } - match: { $body.0.path: "testnode.crt" } From 600db960df8fe8d9fdcad990228d0f327cfa79ec Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 13:06:13 +0200 Subject: [PATCH 05/16] Fix XDocsClientYamlTestSuiteIT tests --- .../elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java b/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java index 383630c106d06..e57f57174a883 100644 --- a/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java +++ b/x-pack/docs/src/test/java/org/elasticsearch/smoketest/XDocsClientYamlTestSuiteIT.java @@ -125,7 +125,7 @@ protected boolean isMachineLearningTest() { */ @After public void deleteUsers() throws Exception { - ClientYamlTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), + ClientYamlTestResponse response = getAdminExecutionContext().callApi("security.get_user", emptyMap(), emptyList(), emptyMap()); @SuppressWarnings("unchecked") Map users = (Map) response.getBody(); @@ -134,7 +134,7 @@ public void deleteUsers() throws Exception { Boolean reserved = metaDataMap == null ? null : (Boolean) metaDataMap.get("_reserved"); if (reserved == null || reserved == false) { logger.warn("Deleting leftover user {}", user); - getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap()); + getAdminExecutionContext().callApi("security.delete_user", singletonMap("username", user), emptyList(), emptyMap()); } } } From a77dcd8369f8bade46358af2983f737701752e27 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 14:05:27 +0200 Subject: [PATCH 06/16] (properly) Fix XDocsClientYamlTestSuiteIT tests --- x-pack/docs/build.gradle | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle index 59d89024db5be..de2400c0e85f0 100644 --- a/x-pack/docs/build.gradle +++ b/x-pack/docs/build.gradle @@ -446,7 +446,7 @@ setups['calendar_outages_addevent'] = setups['calendar_outages_addjob'] + ''' ''' setups['role_mapping'] = ''' - do: - xpack.security.put_role_mapping: + security.put_role_mapping: name: "mapping1" body: > { @@ -712,7 +712,7 @@ setups['sensor_prefab_data'] = ''' ''' setups['admin_role'] = ''' - do: - xpack.security.put_role: + security.put_role: name: "my_admin_role" body: > { @@ -726,7 +726,7 @@ setups['admin_role'] = ''' ''' setups['jacknich_user'] = ''' - do: - xpack.security.put_user: + security.put_user: username: "jacknich" body: > { @@ -739,7 +739,7 @@ setups['jacknich_user'] = ''' ''' setups['app0102_privileges'] = ''' - do: - xpack.security.put_privileges: + security.put_privileges: body: > { "myapp": { From ff242e826a2b49207cb6a7346703f0ce710891d8 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Thu, 6 Dec 2018 16:21:51 +0200 Subject: [PATCH 07/16] Fix FullClusterRestartIT --- .../xpack/restart/FullClusterRestartIT.java | 53 ++++++++++++------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java index f0c0d3af77519..84e99ecdc3e3d 100644 --- a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java +++ b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java @@ -96,8 +96,8 @@ public void testSingleDoc() throws IOException { @SuppressWarnings("unchecked") public void testSecurityNativeRealm() throws Exception { if (isRunningAgainstOldCluster()) { - createUser("preupgrade_user"); - createRole("preupgrade_role"); + createUser(true); + createRole(true); } else { waitForYellow(".security"); Response settingsResponse = client().performRequest(new Request("GET", "/.security/_settings/index.format")); @@ -126,7 +126,7 @@ public void testSecurityNativeRealm() throws Exception { logger.info("upgrading security index {}", concreteSecurityIndex); // without upgrade, an error should be thrown try { - createUser("postupgrade_user"); + createUser(false); fail("should not be able to add a user when upgrade hasn't taken place"); } catch (ResponseException e) { assertThat(e.getMessage(), containsString("Security index is not on the current version - " + @@ -139,16 +139,12 @@ public void testSecurityNativeRealm() throws Exception { } // create additional user and role - createUser("postupgrade_user"); - createRole("postupgrade_role"); + createUser(false); + createRole(false); } - assertUserInfo("preupgrade_user"); - assertRoleInfo("preupgrade_role"); - if (isRunningAgainstOldCluster() == false) { - assertUserInfo("postupgrade_user"); - assertRoleInfo("postupgrade_role"); - } + assertUserInfo(isRunningAgainstOldCluster()); + assertRoleInfo(isRunningAgainstOldCluster()); } public void testWatcher() throws Exception { @@ -578,8 +574,14 @@ static String toStr(Response response) throws IOException { return EntityUtils.toString(response.getEntity()); } - private void createUser(final String id) throws Exception { - Request request = new Request("PUT", "/_security/user/" + id); + private void createUser(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/user/" + id); + } else { + request = new Request("PUT", "/_security/user/" + id); + } request.setJsonEntity( "{\n" + " \"password\" : \"j@rV1s\",\n" + @@ -591,8 +593,14 @@ private void createUser(final String id) throws Exception { client().performRequest(request); } - private void createRole(final String id) throws Exception { - Request request = new Request("PUT", "/_security/role/" + id); + private void createRole(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_role" : "postupgrade_role"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/role/" + id); + } else { + request = new Request("PUT", "/_security/role/" + id); + } request.setJsonEntity( "{\n" + " \"run_as\": [ \"abc\" ],\n" + @@ -611,17 +619,22 @@ private void createRole(final String id) throws Exception { client().performRequest(request); } - private void assertUserInfo(final String user) throws Exception { - Map response = entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); + private void assertUserInfo(final boolean oldCluster) throws Exception { + final String user = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Map response = oldCluster ? + entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))) : + entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); @SuppressWarnings("unchecked") Map userInfo = (Map) response.get(user); assertEquals(user + "@example.com", userInfo.get("email")); assertNotNull(userInfo.get("full_name")); assertNotNull(userInfo.get("roles")); } - private void assertRoleInfo(final String role) throws Exception { - @SuppressWarnings("unchecked") Map response = (Map) - entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); + private void assertRoleInfo(final boolean oldCluster) throws Exception { + final String role = oldCluster ? "preupgrade_role" : "postupgrade_role"; + @SuppressWarnings("unchecked") Map response = oldCluster ? + (Map) entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role) : + (Map) entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); assertNotNull(response.get("run_as")); assertNotNull(response.get("cluster")); assertNotNull(response.get("indices")); From 8d1496b87762a359bfd6e40d42151a7ba74000be Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 08:57:15 +0200 Subject: [PATCH 08/16] Fix TokenBackwardsCompatibilityIT --- .../TokenBackwardsCompatibilityIT.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java index 6e2083ffc2c98..fa0e6127b2bd0 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java @@ -49,7 +49,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { } } - Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_xpack/security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -61,7 +61,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { Map responseMap = entityAsMap(response); String token = (String) responseMap.get("access_token"); assertNotNull(token); - assertTokenWorks(token); + assertTokenWorks(token, true); Request indexRequest1 = new Request("PUT", "token_backwards_compatibility_it/doc/old_cluster_token1"); indexRequest1.setJsonEntity( @@ -70,13 +70,13 @@ public void testGeneratingTokenInOldCluster() throws Exception { "}"); client().performRequest(indexRequest1); - Request createSecondTokenRequest = new Request("POST", "/_security/oauth2/token"); + Request createSecondTokenRequest = new Request("POST", "/_xpack/security/oauth2/token"); createSecondTokenRequest.setEntity(createTokenRequest.getEntity()); response = client().performRequest(createSecondTokenRequest); responseMap = entityAsMap(response); token = (String) responseMap.get("access_token"); assertNotNull(token); - assertTokenWorks(token); + assertTokenWorks(token, true); Request indexRequest2 = new Request("PUT", "token_backwards_compatibility_it/doc/old_cluster_token2"); indexRequest2.setJsonEntity( "{\n" + @@ -91,7 +91,7 @@ public void testTokenWorksInMixedOrUpgradedCluster() throws Exception { Response getResponse = client().performRequest(new Request("GET", "token_backwards_compatibility_it/doc/old_cluster_token1")); assertOK(getResponse); Map source = (Map) entityAsMap(getResponse).get("_source"); - assertTokenWorks((String) source.get("token")); + assertTokenWorks((String) source.get("token"), false); } public void testMixedCluster() throws Exception { @@ -109,7 +109,7 @@ public void testMixedCluster() throws Exception { assertTokenDoesNotWork(token); // create token and refresh on version that supports it - Request createTokenRequest = new Request("POST", "/_/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -198,7 +198,12 @@ public void testUpgradedCluster() throws Exception { } private void assertTokenWorks(String token) throws IOException { - Request request = new Request("GET", "/_security/_authenticate"); + assertTokenWorks(token, false); + } + + private void assertTokenWorks(String token, boolean oldCluster) throws IOException { + Request request = oldCluster ? new Request("GET", "/_xpack/security/_authenticate") : + new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); From a50938779984e8423d2c63894e2f9617b9d22ad6 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 10:17:08 +0200 Subject: [PATCH 09/16] Fix Rolling Upgrade tests Adds a number of api calls that use the deprecated endpoints so that these can be used in the `old_cluster` tests --- .../api/security.deprecated_authenticate.json | 17 +++++++++ .../security.deprecated_change_password.json | 38 +++++++++++++++++++ ...curity.deprecated_clear_cached_realms.json | 29 ++++++++++++++ ...ecurity.deprecated_clear_cached_roles.json | 23 +++++++++++ .../api/security.deprecated_disable_user.json | 34 +++++++++++++++++ .../api/security.deprecated_enable_user.json | 34 +++++++++++++++++ .../api/security.deprecated_get_token.json | 20 ++++++++++ .../api/security.deprecated_get_user.json | 24 ++++++++++++ .../api/security.deprecated_put_role.json | 37 ++++++++++++++++++ .../api/security.deprecated_put_user.json | 37 ++++++++++++++++++ .../test/old_cluster/20_security.yml | 18 ++++----- .../test/old_cluster/50_token_auth.yml | 6 +-- 12 files changed, 305 insertions(+), 12 deletions(-) create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json create mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json new file mode 100644 index 0000000000000..c075217f08359 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json @@ -0,0 +1,17 @@ +{ + "security.deprecated_authenticate": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", + "methods": [ + "GET" + ], + "url": { + "path": "/_xpack/security/_authenticate", + "paths": [ + "/_xpack/security/_authenticate" + ], + "parts": {}, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json new file mode 100644 index 0000000000000..f25c4e6d62058 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json @@ -0,0 +1,38 @@ +{ + "security.deprecated_change_password": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_password", + "paths": [ + "/_xpack/security/user/{username}/_password", + "/_xpack/security/user/_password" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to change the password for", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "the new password for the user", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json new file mode 100644 index 0000000000000..1fc2355d92308 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json @@ -0,0 +1,29 @@ +{ + "security.deprecated_clear_cached_realms": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/realm/{realms}/_clear_cache", + "paths": [ + "/_xpack/security/realm/{realms}/_clear_cache" + ], + "parts": { + "realms": { + "type": "list", + "description": "Comma-separated list of realms to clear", + "required": true + } + }, + "params": { + "usernames": { + "type": "list", + "description": "Comma-separated list of usernames to clear from the cache", + "required": false + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json new file mode 100644 index 0000000000000..e62121a3cad34 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json @@ -0,0 +1,23 @@ +{ + "security.deprecated_clear_cached_roles": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/role/{name}/_clear_cache", + "paths": [ + "/_xpack/security/role/{name}/_clear_cache" + ], + "parts": { + "name": { + "type": "list", + "description": "Role name", + "required": true + } + }, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json new file mode 100644 index 0000000000000..ee5d840b2e85e --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json @@ -0,0 +1,34 @@ +{ + "security.deprecated_disable_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_disable", + "paths": [ + "/_xpack/security/user/{username}/_disable" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to disable", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json new file mode 100644 index 0000000000000..21976d6f756c0 --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json @@ -0,0 +1,34 @@ +{ + "security.deprecated_enable_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}/_enable", + "paths": [ + "/_xpack/security/user/{username}/_enable" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the user to enable", + "required": false + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json new file mode 100644 index 0000000000000..0c1da3ebe609c --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json @@ -0,0 +1,20 @@ +{ + "security.deprecated_get_token": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", + "methods": [ + "POST" + ], + "url": { + "path": "/_xpack/security/oauth2/token", + "paths": [ + "/_xpack/security/oauth2/token" + ], + "parts": {}, + "params": {} + }, + "body": { + "description": "The token request to get", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json new file mode 100644 index 0000000000000..a63aa4cac002c --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json @@ -0,0 +1,24 @@ +{ + "security.deprecated_get_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", + "methods": [ + "GET" + ], + "url": { + "path": "/_xpack/security/user/{username}", + "paths": [ + "/_xpack/security/user/{username}", + "/_xpack/security/user" + ], + "parts": { + "username": { + "type": "list", + "description": "A comma-separated list of usernames", + "required": false + } + }, + "params": {} + }, + "body": null + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json new file mode 100644 index 0000000000000..46c42bb10f21b --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json @@ -0,0 +1,37 @@ +{ + "security.deprecated_put_role": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/role/{name}", + "paths": [ + "/_xpack/security/role/{name}" + ], + "parts": { + "name": { + "type": "string", + "description": "Role name", + "required": true + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "The role to add", + "required": true + } + } +} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json new file mode 100644 index 0000000000000..23de31673b26b --- /dev/null +++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json @@ -0,0 +1,37 @@ +{ + "security.deprecated_put_user": { + "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", + "methods": [ + "PUT", + "POST" + ], + "url": { + "path": "/_xpack/security/user/{username}", + "paths": [ + "/_xpack/security/user/{username}" + ], + "parts": { + "username": { + "type": "string", + "description": "The username of the User", + "required": true + } + }, + "params": { + "refresh": { + "type": "enum", + "options": [ + "true", + "false", + "wait_for" + ], + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." + } + } + }, + "body": { + "description": "The user to add", + "required": true + } + } +} \ No newline at end of file diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml index 1cd4ead9db08e..fd986ecbe70ea 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml @@ -4,7 +4,7 @@ features: headers # create native user and role - do: - security.put_user: + security.deprecated_put_user: username: "native_user" body: > { @@ -14,7 +14,7 @@ - match: { created: true } - do: - security.put_role: + security.deprecated_put_role: name: "native_role" body: > { @@ -36,11 +36,11 @@ - match: { timed_out: false } - do: - security.clear_cached_roles: + security.deprecated_clear_cached_roles: name: "native_role" - do: - security.clear_cached_realms: + security.deprecated_clear_cached_realms: realms: "_all" - do: @@ -51,16 +51,16 @@ # Check that enabling a user in old cluster will not prevent the user from having a "default password" in the new cluster. # See: org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator.doConvertDefaultPasswords - do: - security.disable_user: + security.deprecated_disable_user: username: "kibana" - do: - security.get_user: + security.deprecated_get_user: username: "kibana" - match: { kibana.enabled: false } - do: - security.change_password: + security.deprecated_change_password: username: "logstash_system" body: > { @@ -68,10 +68,10 @@ } - do: - security.enable_user: + security.deprecated_enable_user: username: "logstash_system" - do: - security.get_user: + security.deprecated_get_user: username: "logstash_system" - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml index 02fa0f31ce37d..71e003858be82 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml @@ -8,7 +8,7 @@ wait_for_status: yellow - do: - security.put_user: + security.deprecated_put_user: username: "token_user" body: > { @@ -18,7 +18,7 @@ } - do: - security.get_token: + security.deprecated_get_token: body: grant_type: "password" username: "token_user" @@ -33,7 +33,7 @@ - do: headers: Authorization: Bearer ${token} - security.authenticate: {} + security.deprecated_authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } From 5b6ac27290b1e9d3525c88731043c940cbcd0a2b Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 20:12:37 +0200 Subject: [PATCH 10/16] Revert "Fix Rolling Upgrade tests" This reverts commit a50938779984e8423d2c63894e2f9617b9d22ad6. New endpoints can be used for tests and mixed clusters since https://github.com/elastic/elasticsearch/pull/36379 --- .../api/security.deprecated_authenticate.json | 17 --------- .../security.deprecated_change_password.json | 38 ------------------- ...curity.deprecated_clear_cached_realms.json | 29 -------------- ...ecurity.deprecated_clear_cached_roles.json | 23 ----------- .../api/security.deprecated_disable_user.json | 34 ----------------- .../api/security.deprecated_enable_user.json | 34 ----------------- .../api/security.deprecated_get_token.json | 20 ---------- .../api/security.deprecated_get_user.json | 24 ------------ .../api/security.deprecated_put_role.json | 37 ------------------ .../api/security.deprecated_put_user.json | 37 ------------------ .../test/old_cluster/20_security.yml | 18 ++++----- .../test/old_cluster/50_token_auth.yml | 6 +-- 12 files changed, 12 insertions(+), 305 deletions(-) delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json delete mode 100644 x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json deleted file mode 100644 index c075217f08359..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_authenticate.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "security.deprecated_authenticate": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", - "methods": [ - "GET" - ], - "url": { - "path": "/_xpack/security/_authenticate", - "paths": [ - "/_xpack/security/_authenticate" - ], - "parts": {}, - "params": {} - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json deleted file mode 100644 index f25c4e6d62058..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_change_password.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "security.deprecated_change_password": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", - "methods": [ - "PUT", - "POST" - ], - "url": { - "path": "/_xpack/security/user/{username}/_password", - "paths": [ - "/_xpack/security/user/{username}/_password", - "/_xpack/security/user/_password" - ], - "parts": { - "username": { - "type": "string", - "description": "The username of the user to change the password for", - "required": false - } - }, - "params": { - "refresh": { - "type": "enum", - "options": [ - "true", - "false", - "wait_for" - ], - "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." - } - } - }, - "body": { - "description": "the new password for the user", - "required": true - } - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json deleted file mode 100644 index 1fc2355d92308..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_realms.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "security.deprecated_clear_cached_realms": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", - "methods": [ - "POST" - ], - "url": { - "path": "/_xpack/security/realm/{realms}/_clear_cache", - "paths": [ - "/_xpack/security/realm/{realms}/_clear_cache" - ], - "parts": { - "realms": { - "type": "list", - "description": "Comma-separated list of realms to clear", - "required": true - } - }, - "params": { - "usernames": { - "type": "list", - "description": "Comma-separated list of usernames to clear from the cache", - "required": false - } - } - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json deleted file mode 100644 index e62121a3cad34..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_clear_cached_roles.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "security.deprecated_clear_cached_roles": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", - "methods": [ - "POST" - ], - "url": { - "path": "/_xpack/security/role/{name}/_clear_cache", - "paths": [ - "/_xpack/security/role/{name}/_clear_cache" - ], - "parts": { - "name": { - "type": "list", - "description": "Role name", - "required": true - } - }, - "params": {} - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json deleted file mode 100644 index ee5d840b2e85e..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_disable_user.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "security.deprecated_disable_user": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", - "methods": [ - "PUT", - "POST" - ], - "url": { - "path": "/_xpack/security/user/{username}/_disable", - "paths": [ - "/_xpack/security/user/{username}/_disable" - ], - "parts": { - "username": { - "type": "string", - "description": "The username of the user to disable", - "required": false - } - }, - "params": { - "refresh": { - "type": "enum", - "options": [ - "true", - "false", - "wait_for" - ], - "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." - } - } - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json deleted file mode 100644 index 21976d6f756c0..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_enable_user.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "security.deprecated_enable_user": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", - "methods": [ - "PUT", - "POST" - ], - "url": { - "path": "/_xpack/security/user/{username}/_enable", - "paths": [ - "/_xpack/security/user/{username}/_enable" - ], - "parts": { - "username": { - "type": "string", - "description": "The username of the user to enable", - "required": false - } - }, - "params": { - "refresh": { - "type": "enum", - "options": [ - "true", - "false", - "wait_for" - ], - "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." - } - } - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json deleted file mode 100644 index 0c1da3ebe609c..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_token.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "security.deprecated_get_token": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", - "methods": [ - "POST" - ], - "url": { - "path": "/_xpack/security/oauth2/token", - "paths": [ - "/_xpack/security/oauth2/token" - ], - "parts": {}, - "params": {} - }, - "body": { - "description": "The token request to get", - "required": true - } - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json deleted file mode 100644 index a63aa4cac002c..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_get_user.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "security.deprecated_get_user": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", - "methods": [ - "GET" - ], - "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ - "/_xpack/security/user/{username}", - "/_xpack/security/user" - ], - "parts": { - "username": { - "type": "list", - "description": "A comma-separated list of usernames", - "required": false - } - }, - "params": {} - }, - "body": null - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json deleted file mode 100644 index 46c42bb10f21b..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_role.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "security.deprecated_put_role": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", - "methods": [ - "PUT", - "POST" - ], - "url": { - "path": "/_xpack/security/role/{name}", - "paths": [ - "/_xpack/security/role/{name}" - ], - "parts": { - "name": { - "type": "string", - "description": "Role name", - "required": true - } - }, - "params": { - "refresh": { - "type": "enum", - "options": [ - "true", - "false", - "wait_for" - ], - "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." - } - } - }, - "body": { - "description": "The role to add", - "required": true - } - } -} diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json deleted file mode 100644 index 23de31673b26b..0000000000000 --- a/x-pack/plugin/src/test/resources/rest-api-spec/api/security.deprecated_put_user.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "security.deprecated_put_user": { - "documentation": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", - "methods": [ - "PUT", - "POST" - ], - "url": { - "path": "/_xpack/security/user/{username}", - "paths": [ - "/_xpack/security/user/{username}" - ], - "parts": { - "username": { - "type": "string", - "description": "The username of the User", - "required": true - } - }, - "params": { - "refresh": { - "type": "enum", - "options": [ - "true", - "false", - "wait_for" - ], - "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes." - } - } - }, - "body": { - "description": "The user to add", - "required": true - } - } -} \ No newline at end of file diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml index fd986ecbe70ea..1cd4ead9db08e 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml @@ -4,7 +4,7 @@ features: headers # create native user and role - do: - security.deprecated_put_user: + security.put_user: username: "native_user" body: > { @@ -14,7 +14,7 @@ - match: { created: true } - do: - security.deprecated_put_role: + security.put_role: name: "native_role" body: > { @@ -36,11 +36,11 @@ - match: { timed_out: false } - do: - security.deprecated_clear_cached_roles: + security.clear_cached_roles: name: "native_role" - do: - security.deprecated_clear_cached_realms: + security.clear_cached_realms: realms: "_all" - do: @@ -51,16 +51,16 @@ # Check that enabling a user in old cluster will not prevent the user from having a "default password" in the new cluster. # See: org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator.doConvertDefaultPasswords - do: - security.deprecated_disable_user: + security.disable_user: username: "kibana" - do: - security.deprecated_get_user: + security.get_user: username: "kibana" - match: { kibana.enabled: false } - do: - security.deprecated_change_password: + security.change_password: username: "logstash_system" body: > { @@ -68,10 +68,10 @@ } - do: - security.deprecated_enable_user: + security.enable_user: username: "logstash_system" - do: - security.deprecated_get_user: + security.get_user: username: "logstash_system" - match: { logstash_system.enabled: true } diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml index 71e003858be82..02fa0f31ce37d 100644 --- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml +++ b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml @@ -8,7 +8,7 @@ wait_for_status: yellow - do: - security.deprecated_put_user: + security.put_user: username: "token_user" body: > { @@ -18,7 +18,7 @@ } - do: - security.deprecated_get_token: + security.get_token: body: grant_type: "password" username: "token_user" @@ -33,7 +33,7 @@ - do: headers: Authorization: Bearer ${token} - security.deprecated_authenticate: {} + security.authenticate: {} - match: { username: "token_user" } - match: { roles.0: "superuser" } From c902e68f4b3aedf9410ae9e377dc4b855de3317f Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 20:19:52 +0200 Subject: [PATCH 11/16] Revert "Fix FullClusterRestartIT" This reverts commit ff242e826a2b49207cb6a7346703f0ce710891d8. --- .../xpack/restart/FullClusterRestartIT.java | 53 +++++++------------ 1 file changed, 20 insertions(+), 33 deletions(-) diff --git a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java index 84e99ecdc3e3d..f0c0d3af77519 100644 --- a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java +++ b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java @@ -96,8 +96,8 @@ public void testSingleDoc() throws IOException { @SuppressWarnings("unchecked") public void testSecurityNativeRealm() throws Exception { if (isRunningAgainstOldCluster()) { - createUser(true); - createRole(true); + createUser("preupgrade_user"); + createRole("preupgrade_role"); } else { waitForYellow(".security"); Response settingsResponse = client().performRequest(new Request("GET", "/.security/_settings/index.format")); @@ -126,7 +126,7 @@ public void testSecurityNativeRealm() throws Exception { logger.info("upgrading security index {}", concreteSecurityIndex); // without upgrade, an error should be thrown try { - createUser(false); + createUser("postupgrade_user"); fail("should not be able to add a user when upgrade hasn't taken place"); } catch (ResponseException e) { assertThat(e.getMessage(), containsString("Security index is not on the current version - " + @@ -139,12 +139,16 @@ public void testSecurityNativeRealm() throws Exception { } // create additional user and role - createUser(false); - createRole(false); + createUser("postupgrade_user"); + createRole("postupgrade_role"); } - assertUserInfo(isRunningAgainstOldCluster()); - assertRoleInfo(isRunningAgainstOldCluster()); + assertUserInfo("preupgrade_user"); + assertRoleInfo("preupgrade_role"); + if (isRunningAgainstOldCluster() == false) { + assertUserInfo("postupgrade_user"); + assertRoleInfo("postupgrade_role"); + } } public void testWatcher() throws Exception { @@ -574,14 +578,8 @@ static String toStr(Response response) throws IOException { return EntityUtils.toString(response.getEntity()); } - private void createUser(final boolean oldCluster) throws Exception { - final String id = oldCluster ? "preupgrade_user" : "postupgrade_user"; - Request request; - if (oldCluster) { - request = new Request("PUT", "/_xpack/security/user/" + id); - } else { - request = new Request("PUT", "/_security/user/" + id); - } + private void createUser(final String id) throws Exception { + Request request = new Request("PUT", "/_security/user/" + id); request.setJsonEntity( "{\n" + " \"password\" : \"j@rV1s\",\n" + @@ -593,14 +591,8 @@ private void createUser(final boolean oldCluster) throws Exception { client().performRequest(request); } - private void createRole(final boolean oldCluster) throws Exception { - final String id = oldCluster ? "preupgrade_role" : "postupgrade_role"; - Request request; - if (oldCluster) { - request = new Request("PUT", "/_xpack/security/role/" + id); - } else { - request = new Request("PUT", "/_security/role/" + id); - } + private void createRole(final String id) throws Exception { + Request request = new Request("PUT", "/_security/role/" + id); request.setJsonEntity( "{\n" + " \"run_as\": [ \"abc\" ],\n" + @@ -619,22 +611,17 @@ private void createRole(final boolean oldCluster) throws Exception { client().performRequest(request); } - private void assertUserInfo(final boolean oldCluster) throws Exception { - final String user = oldCluster ? "preupgrade_user" : "postupgrade_user"; - Map response = oldCluster ? - entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))) : - entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); + private void assertUserInfo(final String user) throws Exception { + Map response = entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); @SuppressWarnings("unchecked") Map userInfo = (Map) response.get(user); assertEquals(user + "@example.com", userInfo.get("email")); assertNotNull(userInfo.get("full_name")); assertNotNull(userInfo.get("roles")); } - private void assertRoleInfo(final boolean oldCluster) throws Exception { - final String role = oldCluster ? "preupgrade_role" : "postupgrade_role"; - @SuppressWarnings("unchecked") Map response = oldCluster ? - (Map) entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role) : - (Map) entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); + private void assertRoleInfo(final String role) throws Exception { + @SuppressWarnings("unchecked") Map response = (Map) + entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); assertNotNull(response.get("run_as")); assertNotNull(response.get("cluster")); assertNotNull(response.get("indices")); From f1ef84367e5f00e16b8e4c6cea6ecc49f2bb0fd7 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 7 Dec 2018 20:21:01 +0200 Subject: [PATCH 12/16] Revert "Fix TokenBackwardsCompatibilityIT" This reverts commit 8d1496b87762a359bfd6e40d42151a7ba74000be. --- .../upgrades/TokenBackwardsCompatibilityIT.java | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java index fa0e6127b2bd0..80f8689bdcb0c 100644 --- a/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java +++ b/x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/TokenBackwardsCompatibilityIT.java @@ -49,7 +49,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { } } - Request createTokenRequest = new Request("POST", "/_xpack/security/oauth2/token"); + Request createTokenRequest = new Request("POST", "/_security/oauth2/token"); createTokenRequest.setJsonEntity( "{\n" + " \"username\": \"test_user\",\n" + @@ -61,7 +61,7 @@ public void testGeneratingTokenInOldCluster() throws Exception { Map responseMap = entityAsMap(response); String token = (String) responseMap.get("access_token"); assertNotNull(token); - assertTokenWorks(token, true); + assertTokenWorks(token); Request indexRequest1 = new Request("PUT", "token_backwards_compatibility_it/doc/old_cluster_token1"); indexRequest1.setJsonEntity( @@ -70,13 +70,13 @@ public void testGeneratingTokenInOldCluster() throws Exception { "}"); client().performRequest(indexRequest1); - Request createSecondTokenRequest = new Request("POST", "/_xpack/security/oauth2/token"); + Request createSecondTokenRequest = new Request("POST", "/_security/oauth2/token"); createSecondTokenRequest.setEntity(createTokenRequest.getEntity()); response = client().performRequest(createSecondTokenRequest); responseMap = entityAsMap(response); token = (String) responseMap.get("access_token"); assertNotNull(token); - assertTokenWorks(token, true); + assertTokenWorks(token); Request indexRequest2 = new Request("PUT", "token_backwards_compatibility_it/doc/old_cluster_token2"); indexRequest2.setJsonEntity( "{\n" + @@ -91,7 +91,7 @@ public void testTokenWorksInMixedOrUpgradedCluster() throws Exception { Response getResponse = client().performRequest(new Request("GET", "token_backwards_compatibility_it/doc/old_cluster_token1")); assertOK(getResponse); Map source = (Map) entityAsMap(getResponse).get("_source"); - assertTokenWorks((String) source.get("token"), false); + assertTokenWorks((String) source.get("token")); } public void testMixedCluster() throws Exception { @@ -198,12 +198,7 @@ public void testUpgradedCluster() throws Exception { } private void assertTokenWorks(String token) throws IOException { - assertTokenWorks(token, false); - } - - private void assertTokenWorks(String token, boolean oldCluster) throws IOException { - Request request = oldCluster ? new Request("GET", "/_xpack/security/_authenticate") : - new Request("GET", "/_security/_authenticate"); + Request request = new Request("GET", "/_security/_authenticate"); RequestOptions.Builder options = request.getOptions().toBuilder(); options.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token); request.setOptions(options); From cdd4751bf1b1023ecd3e1bb624f2df849d17c72e Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Sun, 9 Dec 2018 22:19:37 +0200 Subject: [PATCH 13/16] Handle put privilege HLRC --- .../org/elasticsearch/client/SecurityRequestConverters.java | 2 +- .../elasticsearch/client/SecurityRequestConvertersTests.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java index fa687e0cf125f..93fa7db471efd 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java @@ -215,7 +215,7 @@ static Request getPrivileges(GetPrivilegesRequest getPrivilegesRequest) { } static Request putPrivileges(final PutPrivilegesRequest putPrivilegesRequest) throws IOException { - Request request = new Request(HttpPut.METHOD_NAME, "/_xpack/security/privilege"); + Request request = new Request(HttpPut.METHOD_NAME, "/_security/privilege"); request.setEntity(createEntity(putPrivilegesRequest, REQUEST_BODY_CONTENT_TYPE)); RequestConverters.Params params = new RequestConverters.Params(request); params.withRefreshPolicy(putPrivilegesRequest.getRefreshPolicy()); diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java index 46754cd4423cf..d66c385da0b80 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java @@ -338,7 +338,7 @@ public void testPutPrivileges() throws Exception { final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, refreshPolicy); final Request request = SecurityRequestConverters.putPrivileges(putPrivilegesRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/privilege", request.getEndpoint()); + assertEquals("/_security/privilege", request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putPrivilegesRequest, request.getEntity()); } From 106be66852f74354403e198693cbd3867460f69a Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Mon, 10 Dec 2018 22:28:22 +0200 Subject: [PATCH 14/16] Revert "Revert "Fix FullClusterRestartIT"" This reverts commit c902e68f4b3aedf9410ae9e377dc4b855de3317f and thus reintroduces ff242e826a2b49207cb6a7346703f0ce710891d8. --- .../xpack/restart/FullClusterRestartIT.java | 53 ++++++++++++------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java index b977bffa6f96e..106cad2f30382 100644 --- a/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java +++ b/x-pack/qa/full-cluster-restart/src/test/java/org/elasticsearch/xpack/restart/FullClusterRestartIT.java @@ -96,8 +96,8 @@ public void testSingleDoc() throws IOException { @SuppressWarnings("unchecked") public void testSecurityNativeRealm() throws Exception { if (isRunningAgainstOldCluster()) { - createUser("preupgrade_user"); - createRole("preupgrade_role"); + createUser(true); + createRole(true); } else { waitForYellow(".security"); Response settingsResponse = client().performRequest(new Request("GET", "/.security/_settings/index.format")); @@ -126,7 +126,7 @@ public void testSecurityNativeRealm() throws Exception { logger.info("upgrading security index {}", concreteSecurityIndex); // without upgrade, an error should be thrown try { - createUser("postupgrade_user"); + createUser(false); fail("should not be able to add a user when upgrade hasn't taken place"); } catch (ResponseException e) { assertThat(e.getMessage(), containsString("Security index is not on the current version - " + @@ -139,16 +139,12 @@ public void testSecurityNativeRealm() throws Exception { } // create additional user and role - createUser("postupgrade_user"); - createRole("postupgrade_role"); + createUser(false); + createRole(false); } - assertUserInfo("preupgrade_user"); - assertRoleInfo("preupgrade_role"); - if (isRunningAgainstOldCluster() == false) { - assertUserInfo("postupgrade_user"); - assertRoleInfo("postupgrade_role"); - } + assertUserInfo(isRunningAgainstOldCluster()); + assertRoleInfo(isRunningAgainstOldCluster()); } public void testWatcher() throws Exception { @@ -578,8 +574,14 @@ static String toStr(Response response) throws IOException { return EntityUtils.toString(response.getEntity()); } - private void createUser(final String id) throws Exception { - Request request = new Request("PUT", "/_security/user/" + id); + private void createUser(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/user/" + id); + } else { + request = new Request("PUT", "/_security/user/" + id); + } request.setJsonEntity( "{\n" + " \"password\" : \"j@rV1s\",\n" + @@ -591,8 +593,14 @@ private void createUser(final String id) throws Exception { client().performRequest(request); } - private void createRole(final String id) throws Exception { - Request request = new Request("PUT", "/_security/role/" + id); + private void createRole(final boolean oldCluster) throws Exception { + final String id = oldCluster ? "preupgrade_role" : "postupgrade_role"; + Request request; + if (oldCluster) { + request = new Request("PUT", "/_xpack/security/role/" + id); + } else { + request = new Request("PUT", "/_security/role/" + id); + } request.setJsonEntity( "{\n" + " \"run_as\": [ \"abc\" ],\n" + @@ -611,17 +619,22 @@ private void createRole(final String id) throws Exception { client().performRequest(request); } - private void assertUserInfo(final String user) throws Exception { - Map response = entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); + private void assertUserInfo(final boolean oldCluster) throws Exception { + final String user = oldCluster ? "preupgrade_user" : "postupgrade_user"; + Map response = oldCluster ? + entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/user/" + user))) : + entityAsMap(client().performRequest(new Request("GET", "/_security/user/" + user))); @SuppressWarnings("unchecked") Map userInfo = (Map) response.get(user); assertEquals(user + "@example.com", userInfo.get("email")); assertNotNull(userInfo.get("full_name")); assertNotNull(userInfo.get("roles")); } - private void assertRoleInfo(final String role) throws Exception { - @SuppressWarnings("unchecked") Map response = (Map) - entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); + private void assertRoleInfo(final boolean oldCluster) throws Exception { + final String role = oldCluster ? "preupgrade_role" : "postupgrade_role"; + @SuppressWarnings("unchecked") Map response = oldCluster ? + (Map) entityAsMap(client().performRequest(new Request("GET", "/_xpack/security/role/" + role))).get(role) : + (Map) entityAsMap(client().performRequest(new Request("GET", "/_security/role/" + role))).get(role); assertNotNull(response.get("run_as")); assertNotNull(response.get("cluster")); assertNotNull(response.get("indices")); From 32c97cb7e9ba88f8f928e46d472ac618ea5de10f Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 11 Dec 2018 08:19:26 +0200 Subject: [PATCH 15/16] Deprecate _xpack/security/role rest endpoint --- .../org/elasticsearch/client/SecurityRequestConverters.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java index 607e3c7939775..aa09b9596a83f 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java @@ -237,7 +237,7 @@ static Request deletePrivileges(DeletePrivilegesRequest deletePrivilegeRequest) static Request putRole(final PutRoleRequest putRoleRequest) throws IOException { final String endpoint = new RequestConverters.EndpointBuilder() - .addPathPartAsIs("_xpack/security/role") + .addPathPartAsIs("_security/role") .addPathPart(putRoleRequest.getRole().getName()) .build(); final Request request = new Request(HttpPut.METHOD_NAME, endpoint); From 20498176282261ae147bb5c336c97c57482bc0f1 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Tue, 11 Dec 2018 09:14:56 +0200 Subject: [PATCH 16/16] Fix SecurityRequestConvertersTests --- .../elasticsearch/client/SecurityRequestConvertersTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java index 2cf24282619fd..87c692d9f2a3b 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java @@ -390,7 +390,7 @@ public void testPutRole() throws IOException { final PutRoleRequest putRoleRequest = new PutRoleRequest(role, refreshPolicy); final Request request = SecurityRequestConverters.putRole(putRoleRequest); assertEquals(HttpPut.METHOD_NAME, request.getMethod()); - assertEquals("/_xpack/security/role/" + roleName, request.getEndpoint()); + assertEquals("/_security/role/" + roleName, request.getEndpoint()); assertEquals(expectedParams, request.getParameters()); assertToXContentBody(putRoleRequest, request.getEntity()); }