github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-22 14:17:51 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/x-pack/qa
History
Exact
Albert Zaharovits 566f5f831a
Query Roles API (#108733) 
This adds the Query Roles API:

```
POST /_security/_query/role
GET /_security/_query/role
```

This is similar to the currently existing:  * [Query API key
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html)
* [Query User
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html)

Sample request:

```
POST /_security/_query/role
{
  "query": { 
    "bool": {
      "filter": [
        {
          "terms": {
            "applications.application": ["app-1", "app-2" ]
          }
        }
      ],
      "must_not": [
        {
          "match": {
            "description": {
              "query": "test match on role description (which is mapped as a text field)"
            }
          }
        }
      ]
    }
  },
  "sort": [ 
    "name"
  ],
  "search_after": [
    "role-name-1"
  ]
}
```

The query supports a subset of query types, including match_all, bool,
term, terms, match, ids, prefix, wildcard, exists, range, and simple
query string.

Currently, the supported fields are:  * name  * description  * metadata 
* applications.application  * applications.resources  *
applications.privileges

The query also supports pagination-related fields (`from`, `size`,
`search_after`), analogous to the generic [Search
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html).

The response format is similar to that of the [Query API
key](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html)
and [Query
User](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html)
APIs. It contains a **list** of roles, in the sorted order (if
specified). Unlike the [Get Roles
API](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html),
the role **name** is an attribute of the element in the list of roles
(in the get-roles API case, the role name was the key in the response
map, and the value was the rest of the role descriptor). In addition,
the element in the list of roles also contains the optional `_sort`
field, eg (sample response):

```
{
  "total": 3,
  "count": 3,
  "roles": [
    {
      "name": "LYdz2",
      "cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "ejYWvGQTF",
          "privileges": [
            "pRCfBMgOy",
            "zDhFtMQfc",
            "roudxado"
          ],
          "resources": [
            "nWHEpmgxy",
            "SOML/hMYrqx",
            "YIqP/*",
            "ueEomwsA"
          ]
        },
        {
          "application": "ampUW9",
          "privileges": [
            "jDvRtp"
          ],
          "resources": [
            "99"
          ]
        }
      ],
      "run_as": [],
      "metadata": {
        "nFKc": [
          1,
          0
        ],
        "PExF": [],
        "qlqY": -433239865,
        "IQXm": []
      },
      "transient_metadata": {
        "enabled": true
      },
      "description": "KoLlsEbq",
      "_sort": [
        "LYdz2"
      ]
    },
    {
      "name": "oaxW0",
      "cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "*",
          "privileges": [
            "qZYb"
          ],
          "resources": [
            "tFrSULaKb"
          ]
        },
        {
          "application": "aLaEN9",
          "privileges": [
            "fCOc"
          ],
          "resources": [
            "gozqXtSgE",
            "UX/JgydeIM",
            "sjUp",
            "Ivdz/UAmuNrQAG"
          ]
        },
        {
          "application": "rbxyuKIMPAp",
          "privileges": [
            "lluqieFRu",
            "xKU",
            "gHlb"
          ],
          "resources": [
            "99"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      },
      "_sort": [
        "oaxW0"
      ]
    },
    {
      "name": "vWAV1",
      "cluster": [],
      "indices": [],
      "applications": [
        {
          "application": "*",
          "privileges": [
            "kWBWjCAc"
          ],
          "resources": [
            "hvEtV",
            "gZJ"
          ]
        },
        {
          "application": "avVUV9",
          "privileges": [
            "newZTa",
            "gQpxNm"
          ],
          "resources": [
            "99"
          ]
        }
      ],
      "run_as": [],
      "metadata": {},
      "transient_metadata": {
        "enabled": true
      },
      "_sort": [
        "vWAV1"
      ]
    }
  ]
}
```
2024-07-03 01:59:11 +10:00
..
core-rest-tests-with-security Migrate YAML REST tests to synthetic cluster feature check (#107068) 2024-04-11 18:22:38 +02:00
evil-tests More unsupported locales in Kerberos tests for CLDR (#109670) 2024-06-14 01:01:15 +10:00
freeze-plugin Fix up misc master-node timeouts in xpack/plugin (#109232) 2024-05-31 15:54:11 +01:00
full-cluster-restart ESQL: Stop sending version in tests (#108961) 2024-05-23 14:32:13 -04:00
kerberos-tests Port krb5kdc to test container and rework hdfs handling (#106228) 2024-03-26 08:39:39 +01:00
mixed-tier-cluster Revert "Require DLM enabled in the mixed-cluster QA cluster (#96391)" 2023-06-07 10:54:11 +01:00
multi-cluster-search-security ESQL: Stop sending version in tests (#108961) 2024-05-23 14:32:13 -04:00
multi-node Disallow new rollup jobs in clusters with no rollup usage. (#108624) 2024-05-21 09:38:10 +02:00
oidc-op-tests AwaitsFix for #109871 2024-06-18 15:42:46 +01:00
openldap-tests Port smb fixture from test fixture plugin to testcontainer (#103440) 2023-12-20 04:01:52 -05:00
password-protected-keystore Fix failing CI due to warning in Secure Settings Validation (#103307) 2023-12-14 11:20:08 +01:00
reindex-tests-with-security Refactor REST tests to the new internal cluster rule orchestration (#100399) 2023-10-17 07:42:43 -04:00
repository-old-versions Remove trappy timeouts in snapshot APIs (#109828) 2024-06-21 07:11:12 +10:00
rolling-upgrade Query Roles API (#108733) 2024-07-03 01:59:11 +10:00
rolling-upgrade-basic Extract constant for ?ignore pseudo-parameter (#102365) 2023-11-20 03:37:02 -05:00
rolling-upgrade-multi-cluster Validate versions for CCR snapshot on matching index version. (#107179) 2024-04-16 14:19:12 +02:00
runtime-fields Aggs: Scripted metric allow list (#109444) 2024-06-12 14:23:03 +02:00
saml-idp-tests Cleanup SamlAuthenticationIT (#106227) 2024-03-13 08:51:42 -04:00
security-example-spi-extension Abstract realm cache clear for role mappers (#107360) 2024-04-19 12:15:41 +03:00
security-setup-password-tests Use Strings.format instead of String.format(Locale.ROOT, ...) in tests (#92106) 2023-01-03 19:28:27 +01:00
security-tools-tests Avoid NPE if users_roles file does not exist (#109606) 2024-06-13 10:52:26 +10:00
smoke-test-plugins Add JUnit rule based integration test cluster orchestration framework (#92379) 2022-12-21 15:33:46 -08:00
smoke-test-plugins-ssl Remove gradle references to the rest-high-level client (#104871) 2024-01-29 14:13:06 -05:00
smoke-test-security-with-mustache Add JUnit rule based integration test cluster orchestration framework (#92379) 2022-12-21 15:33:46 -08:00
src/main/java/org/elasticsearch/xpack/test [ML] Decouple ML template versioning from product version (#99921) 2023-09-26 18:48:31 +01:00
third-party Cluster state role mapper file settings service (#108555) 2024-05-14 09:06:23 +03:00
xpack-prefix-rest-compat Fix trailing slash in ml.get_categories specification (#110146) 2024-06-25 22:00:31 +04:00
build.gradle Remove usages of elasticsearch.build plugin in non-production projects (#84890) 2022-03-14 11:27:24 -07:00