• Home
• org.elasticsearch.plugin
• x-pack-core
• 7.12.1
• source code
• PutPrivilegesRequest.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.elasticsearch.xpack.core.security.action.privilege.PutPrivilegesRequest Maven / Gradle / Ivy

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
package org.elasticsearch.xpack.core.security.action.privilege;

import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilege;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeDescriptor;
import org.elasticsearch.xpack.core.security.support.MetadataUtils;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;

import static org.elasticsearch.action.ValidateActions.addValidationError;

/**
 * Request object to put a one or more application privileges.
 */
public final class PutPrivilegesRequest extends ActionRequest implements ApplicationPrivilegesRequest, WriteRequest {

    private List privileges;
    private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;

    public PutPrivilegesRequest(StreamInput in) throws IOException {
        super(in);
        privileges = Collections.unmodifiableList(in.readList(ApplicationPrivilegeDescriptor::new));
        refreshPolicy = RefreshPolicy.readFrom(in);
    }

    public PutPrivilegesRequest() {
        privileges = Collections.emptyList();
    }

    @Override
    public ActionRequestValidationException validate() {
        ActionRequestValidationException validationException = null;
        if (privileges.isEmpty()) {
            validationException = addValidationError("At least one application privilege must be provided", validationException);
        } else {
            for (ApplicationPrivilegeDescriptor privilege : privileges) {
                try {
                    ApplicationPrivilege.validateApplicationName(privilege.getApplication());
                } catch (IllegalArgumentException e) {
                    validationException = addValidationError(e.getMessage(), validationException);
                }
                try {
                    ApplicationPrivilege.validatePrivilegeName(privilege.getName());
                } catch (IllegalArgumentException e) {
                    validationException = addValidationError(e.getMessage(), validationException);
                }
                if (privilege.getActions().isEmpty()) {
                    validationException = addValidationError("Application privileges must have at least one action", validationException);
                }
                for (String action : privilege.getActions()) {
                    if (action.indexOf('/') == -1 && action.indexOf('*') == -1 && action.indexOf(':') == -1) {
                        validationException = addValidationError("action [" + action + "] must contain one of [ '/' , '*' , ':' ]",
                            validationException);
                    }
                    try {
                        ApplicationPrivilege.validatePrivilegeOrActionName(action);
                    } catch (IllegalArgumentException e) {
                        validationException = addValidationError(e.getMessage(), validationException);
                    }
                }
                if (MetadataUtils.containsReservedMetadata(privilege.getMetadata())) {
                    validationException = addValidationError("metadata keys may not start with [" + MetadataUtils.RESERVED_PREFIX
                        + "] (in privilege " + privilege.getApplication() + ' ' + privilege.getName() + ")", validationException);
                }
            }
        }
        return validationException;
    }

    /**
     * Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
     * {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
     */
    @Override
    public RefreshPolicy getRefreshPolicy() {
        return refreshPolicy;
    }

    @Override
    public PutPrivilegesRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
        this.refreshPolicy = refreshPolicy;
        return this;
    }

    public List getPrivileges() {
        return privileges;
    }

    public void setPrivileges(Collection privileges) {
        this.privileges = Collections.unmodifiableList(new ArrayList<>(privileges));
    }

    @Override
    public Collection getApplicationNames() {
        return Collections.unmodifiableSet(privileges.stream()
            .map(ApplicationPrivilegeDescriptor::getApplication)
            .collect(Collectors.toSet()));
    }

    @Override
    public String toString() {
        return getClass().getSimpleName() + "{[" + privileges.stream().map(Strings::toString).collect(Collectors.joining(","))
            + "];" + refreshPolicy + "}";
    }

    @Override
    public void writeTo(StreamOutput out) throws IOException {
        super.writeTo(out);
        out.writeList(privileges);
        refreshPolicy.writeTo(out);
    }
}