Support updates of API key attributes [service layer]

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequest.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+package org.elasticsearch.xpack.core.security.action.apikey;
+
+import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+import org.elasticsearch.core.Nullable;
+import org.elasticsearch.xpack.core.security.action.role.RoleDescriptorRequestValidator;
+import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.core.security.support.MetadataUtils;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+import static org.elasticsearch.action.ValidateActions.addValidationError;
+
+public final class UpdateApiKeyRequest extends ActionRequest {
+
+    private final String id;
+    @Nullable
+    private final Map<String, Object> metadata;
+    @Nullable
+    private final List<RoleDescriptor> roleDescriptors;
+
+    public UpdateApiKeyRequest(String id, @Nullable List<RoleDescriptor> roleDescriptors, @Nullable Map<String, Object> metadata) {
+        this.id = Objects.requireNonNull(id, "API key ID must not be null");
+        this.roleDescriptors = roleDescriptors;
+        this.metadata = metadata;
+    }
+
+    public UpdateApiKeyRequest(StreamInput in) throws IOException {
+        super(in);
+        this.id = in.readString();
+        this.roleDescriptors = readOptionalList(in);
+        this.metadata = in.readMap();
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        ActionRequestValidationException validationException = null;
+        if (metadata != null && MetadataUtils.containsReservedMetadata(metadata)) {
+            validationException = addValidationError(
+                "API key metadata keys may not start with [" + MetadataUtils.RESERVED_PREFIX + "]",
+                validationException
+            );
+        }
+        if (roleDescriptors != null) {
+            for (RoleDescriptor roleDescriptor : roleDescriptors) {
+                validationException = RoleDescriptorRequestValidator.validate(roleDescriptor, validationException);
+            }
+        }
+        return validationException;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(id);
+        writeOptionalList(out);
+        out.writeGenericMap(metadata);
+    }
+
+    private List<RoleDescriptor> readOptionalList(StreamInput in) throws IOException {
+        return in.readBoolean() ? in.readList(RoleDescriptor::new) : null;
+    }
+
+    private void writeOptionalList(StreamOutput out) throws IOException {
+        if (roleDescriptors == null) {
+            out.writeBoolean(false);
+        } else {
+            out.writeBoolean(true);
+            out.writeList(roleDescriptors);
+        }
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public Map<String, Object> getMetadata() {
+        return metadata;
+    }
+
+    public List<RoleDescriptor> getRoleDescriptors() {
+        return roleDescriptors;
+    }
+}

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyResponse.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+package org.elasticsearch.xpack.core.security.action.apikey;
+
+import org.elasticsearch.action.ActionResponse;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+import org.elasticsearch.common.io.stream.Writeable;
+import org.elasticsearch.xcontent.ToXContentObject;
+import org.elasticsearch.xcontent.XContentBuilder;
+
+import java.io.IOException;
+import java.util.Objects;
+
+public final class UpdateApiKeyResponse extends ActionResponse implements ToXContentObject, Writeable {
+    private final boolean updated;
+
+    public UpdateApiKeyResponse(boolean updated) {
+        this.updated = updated;
+    }
+
+    public UpdateApiKeyResponse(StreamInput in) throws IOException {
+        super(in);
+        this.updated = in.readBoolean();
+    }
+
+    public boolean isUpdated() {
+        return updated;
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        return builder.startObject().field("updated", updated).endObject();
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        out.writeBoolean(updated);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        UpdateApiKeyResponse that = (UpdateApiKeyResponse) o;
+        return updated == that.updated;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(updated);
+    }
+}

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequestTests.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+package org.elasticsearch.xpack.core.security.action.apikey;
+
+import org.elasticsearch.common.io.stream.BytesStreamOutput;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class UpdateApiKeyRequestTests extends ESTestCase {
+
+    public void testNullValuesValid() {
+        final var request = new UpdateApiKeyRequest("id", null, null);
+        assertNull(request.validate());
+    }
+
+    public void testSerialization() throws IOException {
+        final boolean roleDescriptorsPresent = randomBoolean();
+        final List<RoleDescriptor> descriptorList;
+        if (roleDescriptorsPresent == false) {
+            descriptorList = null;
+        } else {
+            final int numDescriptors = randomIntBetween(0, 4);
+            descriptorList = new ArrayList<>();
+            for (int i = 0; i < numDescriptors; i++) {
+                descriptorList.add(new RoleDescriptor("role_" + i, new String[] { "all" }, null, null));
+            }
+        }
+
+        final var id = randomAlphaOfLength(10);
+        final var metadata = ApiKeyTests.randomMetadata();
+        final var request = new UpdateApiKeyRequest(id, descriptorList, metadata);
+
+        try (BytesStreamOutput out = new BytesStreamOutput()) {
+            request.writeTo(out);
+            try (StreamInput in = out.bytes().streamInput()) {
+                final var serialized = new UpdateApiKeyRequest(in);
+                assertEquals(id, serialized.getId());
+                assertEquals(descriptorList, serialized.getRoleDescriptors());
+                assertEquals(metadata, request.getMetadata());
+            }
+        }
+    }
+}