APISonar


org.elasticsearch.client.RestHighLevelClient.security

> org > elasticsearch > client > RestHighLevelClient > security
org APIs elasticsearch APIs client APIs RestHighLevelClient APIs security APIs

Example 1
private RestHighLevelClient client;

  private void setupUser() {
    final User user = new User(username, Collections.singleton("zeebe-exporter"));

    try {
      createRole(client);
      client
          .security()
          .putUser(
              PutUserRequest.withPassword(
                  user, password.toCharArray(), true, RefreshPolicy.IMMEDIATE),
              RequestOptions.DEFAULT);
    } catch (final IOException e) {
      throw new RuntimeException(e);
    }
  }
Example 2
public void stopESNativeStores() throws Exception {
        deleteSecurityIndex();

        if (getCurrentClusterScope() == Scope.SUITE) {
            // Clear the realm cache for all realms since we use a SUITE scoped cluster
            RestHighLevelClient restClient = new TestRestHighLevelClient();
            restClient.security()
                .clearRealmCache(new ClearRealmCacheRequest(Collections.emptyList(), Collections.emptyList()), SECURITY_REQUEST_OPTIONS);
        }
    }
Example 3
private RestHighLevelClient client;

  private void createRole(final RestHighLevelClient client) throws IOException {
    final Role role = Role.builder().name("zeebe-exporter").build();

    client
        .security()
        .putRole(new PutRoleRequest(role, RefreshPolicy.IMMEDIATE), RequestOptions.DEFAULT);
  }
Example 4
public void testDeletingViaApiClearsCache() throws Exception {
        final RestHighLevelClient restClient = new TestRestHighLevelClient();
        final int rolesToDelete = randomIntBetween(1, roles.length - 1);
        List<String> toDelete = randomSubsetOf(rolesToDelete, roles);
        for (String role : toDelete) {
            DeleteRoleResponse response = restClient.security()
                .deleteRole(new DeleteRoleRequest(role, RefreshPolicy.IMMEDIATE), SECURITY_REQUEST_OPTIONS);
            assertTrue(response.isFound());
        }

        GetRolesResponse roleResponse = restClient.security().getRoles(new GetRolesRequest(roles), SECURITY_REQUEST_OPTIONS);
        assertFalse(roleResponse.getRoles().isEmpty());
        assertThat(roleResponse.getRoles().size(), is(roles.length - rolesToDelete));
    }
Example 5
private void assertRolesAreCorrect(RestHighLevelClient restClient, List<String> toModify) throws IOException {
        for (String role : roles) {
            logger.debug("--> getting role [{}]", role);
            GetRolesResponse roleResponse = restClient.security().getRoles(new GetRolesRequest(role), SECURITY_REQUEST_OPTIONS);
            assertThat(roleResponse.getRoles().isEmpty(), is(false));
            final Set<String> runAs = roleResponse.getRoles().get(0).getRunAsPrivilege();
            if (toModify.contains(role)) {
                assertThat("role [" + role + "] should be modified and have run as", runAs == null || runAs.size() == 0, is(false));
                assertThat(runAs.contains(role), is(true));
            } else {
                assertThat("role [" + role + "] should be cached and not have run as set but does!", runAs == null || runAs.size() == 0,
                        is(true));
            }
        }
    }
Example 6
public void testRefreshAsDifferentUser() throws IOException {
        final RestHighLevelClient restClient = new TestRestHighLevelClient();
        CreateTokenResponse createTokenResponse = restClient.security().createToken(CreateTokenRequest.passwordGrant(
            SecuritySettingsSource.TEST_USER_NAME, SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()), SECURITY_REQUEST_OPTIONS);
        assertNotNull(createTokenResponse.getRefreshToken());

        ElasticsearchStatusException e = expectThrows(ElasticsearchStatusException.class,
                () -> restClient.security().createToken(CreateTokenRequest.refreshTokenGrant(createTokenResponse.getRefreshToken()),
                    RequestOptions.DEFAULT.toBuilder().addHeader("Authorization",
                        UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_SUPERUSER,
                        SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING)).build()));
        assertThat(e.getCause().getMessage(), containsString("invalid_grant"));
        assertEquals(RestStatus.BAD_REQUEST, e.status());
        assertThat(e.getCause().getMessage(), containsString("tokens must be refreshed by the creating client"));
    }
Example 7
private void addUser(RestHighLevelClient client, String userName, String password) throws IOException {
        User user = new User(userName, Collections.singletonList(userName));
        PutUserRequest request = PutUserRequest.withPassword(user, password.toCharArray(), true, RefreshPolicy.NONE);
        PutUserResponse response = client.security().putUser(request, RequestOptions.DEFAULT);
        assertTrue(response.isCreated());
    }
Example 8
public void testSnapshotUserRoleIsReserved() {
        final RestHighLevelClient restClient = new TestRestHighLevelClient();
        ElasticsearchStatusException e = expectThrows(ElasticsearchStatusException.class,
                () -> restClient.security().putRole(
                    new PutRoleRequest(Role.builder().name("snapshot_user").build(), RefreshPolicy.IMMEDIATE), SECURITY_REQUEST_OPTIONS));
        assertThat(e.getMessage(), containsString("role [snapshot_user] is reserved and cannot be modified"));
        e = expectThrows(ElasticsearchStatusException.class,
                () -> restClient.security().deleteRole(
                    new DeleteRoleRequest("snapshot_user", RefreshPolicy.IMMEDIATE), SECURITY_REQUEST_OPTIONS));
        assertThat(e.getMessage(), containsString("role [snapshot_user] is reserved and cannot be deleted"));
    }