Migrate security routes to a new Elasticsearch client.

elastic · Dec 1, 2020 · a5b198c · a5b198c
1 parent 67564b9
commit a5b198c
Show file tree

Hide file tree

Showing 36 changed files with 610 additions and 1,093 deletions.
diff --git a/x-pack/plugins/security/server/elasticsearch/elasticsearch_client_plugin.ts b/x-pack/plugins/security/server/elasticsearch/elasticsearch_client_plugin.ts
@@ -22,133 +22,6 @@ export function elasticsearchClientPlugin(Client: any, config: unknown, componen
     },
   });
 
-  /**
-   * Perform a [shield.changePassword](Change the password of a user) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {Boolean} params.refresh - Refresh the index after performing the operation
-   * @param {String} params.username - The username of the user to change the password for
-   */
-  shield.changePassword = ca({
-    params: {
-      refresh: {
-        type: 'boolean',
-      },
-    },
-    urls: [
-      {
-        fmt: '/_security/user/<%=username%>/_password',
-        req: {
-          username: {
-            type: 'string',
-            required: false,
-          },
-        },
-      },
-      {
-        fmt: '/_security/user/_password',
-      },
-    ],
-    needBody: true,
-    method: 'POST',
-  });
-
-  /**
-   * Perform a [shield.clearCachedRealms](Clears the internal user caches for specified realms) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {String} params.usernames - Comma-separated list of usernames to clear from the cache
-   * @param {String} params.realms - Comma-separated list of realms to clear
-   */
-  shield.clearCachedRealms = ca({
-    params: {
-      usernames: {
-        type: 'string',
-        required: false,
-      },
-    },
-    url: {
-      fmt: '/_security/realm/<%=realms%>/_clear_cache',
-      req: {
-        realms: {
-          type: 'string',
-          required: true,
-        },
-      },
-    },
-    method: 'POST',
-  });
-
-  /**
-   * Perform a [shield.clearCachedRoles](Clears the internal caches for specified roles) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {String} params.name - Role name
-   */
-  shield.clearCachedRoles = ca({
-    params: {},
-    url: {
-      fmt: '/_security/role/<%=name%>/_clear_cache',
-      req: {
-        name: {
-          type: 'string',
-          required: true,
-        },
-      },
-    },
-    method: 'POST',
-  });
-
-  /**
-   * Perform a [shield.deleteRole](Remove a role from the native shield realm) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {Boolean} params.refresh - Refresh the index after performing the operation
-   * @param {String} params.name - Role name
-   */
-  shield.deleteRole = ca({
-    params: {
-      refresh: {
-        type: 'boolean',
-      },
-    },
-    url: {
-      fmt: '/_security/role/<%=name%>',
-      req: {
-        name: {
-          type: 'string',
-          required: true,
-        },
-      },
-    },
-    method: 'DELETE',
-  });
-
-  /**
-   * Perform a [shield.deleteUser](Remove a user from the native shield realm) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {Boolean} params.refresh - Refresh the index after performing the operation
-   * @param {String} params.username - username
-   */
-  shield.deleteUser = ca({
-    params: {
-      refresh: {
-        type: 'boolean',
-      },
-    },
-    url: {
-      fmt: '/_security/user/<%=username%>',
-      req: {
-        username: {
-          type: 'string',
-          required: true,
-        },
-      },
-    },
-    method: 'DELETE',
-  });
-
   /**
    * Perform a [shield.getRole](Retrieve one or more roles from the native shield realm) request
    *
@@ -173,30 +46,6 @@ export function elasticsearchClientPlugin(Client: any, config: unknown, componen
     ],
   });
 
-  /**
-   * Perform a [shield.getUser](Retrieve one or more users from the native shield realm) request
-   *
-   * @param {Object} params - An object with parameters used to carry out this action
-   * @param {String, String[], Boolean} params.username - A comma-separated list of usernames
-   */
-  shield.getUser = ca({
-    params: {},
-    urls: [
-      {
-        fmt: '/_security/user/<%=username%>',
-        req: {
-          username: {
-            type: 'list',
-            required: false,
-          },
-        },
-      },
-      {
-        fmt: '/_security/user',
-      },
-    ],
-  });
-
   /**
    * Perform a [shield.putRole](Update or create a role for the native shield realm) request
    *
@@ -249,19 +98,6 @@ export function elasticsearchClientPlugin(Client: any, config: unknown, componen
     method: 'PUT',
   });
 
-  /**
-   * Perform a [shield.getUserPrivileges](Retrieve a user's list of privileges) request
-   *
-   */
-  shield.getUserPrivileges = ca({
-    params: {},
-    urls: [
-      {
-        fmt: '/_security/user/_privileges',
-      },
-    ],
-  });
-
   /**
    * Asks Elasticsearch to prepare SAML authentication request to be sent to
    * the 3rd-party SAML identity provider.
@@ -489,36 +325,6 @@ export function elasticsearchClientPlugin(Client: any, config: unknown, componen
     },
   });
 
-  shield.getBuiltinPrivileges = ca({
-    params: {},
-    urls: [
-      {
-        fmt: '/_security/privilege/_builtin',
-      },
-    ],
-  });
-
-  /**
-   * Gets API keys in Elasticsearch
-   * @param {boolean} owner A boolean flag that can be used to query API keys owned by the currently authenticated user.
-   * Defaults to false. The realm_name or username parameters cannot be specified when this parameter is set to true as
-   * they are assumed to be the currently authenticated ones.
-   */
-  shield.getAPIKeys = ca({
-    method: 'GET',
-    urls: [
-      {
-        fmt: `/_security/api_key?owner=<%=owner%>`,
-        req: {
-          owner: {
-            type: 'boolean',
-            required: true,
-          },
-        },
-      },
-    ],
-  });
-
   /**
    * Creates an API key in Elasticsearch for the current user.
    *
@@ -591,64 +397,4 @@ export function elasticsearchClientPlugin(Client: any, config: unknown, componen
       fmt: '/_security/delegate_pki',
     },
   });
-
-  /**
-   * Retrieves all configured role mappings.
-   *
-   * @returns {{ [roleMappingName]: { enabled: boolean; roles: string[]; rules: Record<string, any>} }}
-   */
-  shield.getRoleMappings = ca({
-    method: 'GET',
-    urls: [
-      {
-        fmt: '/_security/role_mapping',
-      },
-      {
-        fmt: '/_security/role_mapping/<%=name%>',
-        req: {
-          name: {
-            type: 'string',
-            required: true,
-          },
-        },
-      },
-    ],
-  });
-
-  /**
-   * Saves the specified role mapping.
-   */
-  shield.saveRoleMapping = ca({
-    method: 'POST',
-    needBody: true,
-    urls: [
-      {
-        fmt: '/_security/role_mapping/<%=name%>',
-        req: {
-          name: {
-            type: 'string',
-            required: true,
-          },
-        },
-      },
-    ],
-  });
-
-  /**
-   * Deletes the specified role mapping.
-   */
-  shield.deleteRoleMapping = ca({
-    method: 'DELETE',
-    urls: [
-      {
-        fmt: '/_security/role_mapping/<%=name%>',
-        req: {
-          name: {
-            type: 'string',
-            required: true,
-          },
-        },
-      },
-    ],
-  });
 }
diff --git a/x-pack/plugins/security/server/plugin.ts b/x-pack/plugins/security/server/plugin.ts
@@ -230,7 +230,6 @@ export class Plugin {
       basePath: core.http.basePath,
       httpResources: core.http.resources,
       logger: this.initializerContext.logger.get('routes'),
-      clusterClient,
       config,
       authc: this.authc,
       authz,