diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/CreateApiKeyRequestBuilderFactory.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/CreateApiKeyRequestBuilderFactory.java index ff5592e339634..cfdf8147d8439 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/CreateApiKeyRequestBuilderFactory.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/CreateApiKeyRequestBuilderFactory.java @@ -10,12 +10,11 @@ import org.elasticsearch.client.internal.Client; public interface CreateApiKeyRequestBuilderFactory { - CreateApiKeyRequestBuilder create(Client client, boolean restrictRequest); + CreateApiKeyRequestBuilder create(Client client); class Default implements CreateApiKeyRequestBuilderFactory { @Override - public CreateApiKeyRequestBuilder create(Client client, boolean restrictRequest) { - assert false == restrictRequest; + public CreateApiKeyRequestBuilder create(Client client) { return new CreateApiKeyRequestBuilder(client); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/privilege/GetBuiltinPrivilegesResponseTranslator.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/privilege/GetBuiltinPrivilegesResponseTranslator.java index 2d018ae2f1b2f..0a1f49ffa04ef 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/privilege/GetBuiltinPrivilegesResponseTranslator.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/privilege/GetBuiltinPrivilegesResponseTranslator.java @@ -9,11 +9,10 @@ public interface GetBuiltinPrivilegesResponseTranslator { - GetBuiltinPrivilegesResponse translate(GetBuiltinPrivilegesResponse response, boolean restrictResponse); + GetBuiltinPrivilegesResponse translate(GetBuiltinPrivilegesResponse response); class Default implements GetBuiltinPrivilegesResponseTranslator { - public GetBuiltinPrivilegesResponse translate(GetBuiltinPrivilegesResponse response, boolean restrictResponse) { - assert false == restrictResponse; + public GetBuiltinPrivilegesResponse translate(GetBuiltinPrivilegesResponse response) { return response; } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java index 27f7c42d74018..46ba00a4f2768 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java @@ -45,7 +45,6 @@ public class PutRoleRequest extends ActionRequest { private Map metadata; private List remoteIndicesPrivileges = new ArrayList<>(); private RemoteClusterPermissions remoteClusterPermissions = RemoteClusterPermissions.NONE; - private boolean restrictRequest = false; private String description; public PutRoleRequest() {} @@ -84,14 +83,6 @@ public void addRemoteIndex(RoleDescriptor.RemoteIndicesPrivileges... privileges) remoteIndicesPrivileges.addAll(Arrays.asList(privileges)); } - public void restrictRequest(boolean restrictRequest) { - this.restrictRequest = restrictRequest; - } - - public boolean restrictRequest() { - return restrictRequest; - } - public void putRemoteCluster(RemoteClusterPermissions remoteClusterPermissions) { this.remoteClusterPermissions = remoteClusterPermissions; } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilderFactory.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilderFactory.java index 169bd5d4cc1f7..e8c5b465ace36 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilderFactory.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestBuilderFactory.java @@ -10,13 +10,11 @@ import org.elasticsearch.client.internal.Client; public interface PutRoleRequestBuilderFactory { - PutRoleRequestBuilder create(Client client, boolean restrictRequest); + PutRoleRequestBuilder create(Client client); class Default implements PutRoleRequestBuilderFactory { @Override - public PutRoleRequestBuilder create(Client client, boolean restrictRequest) { - // by default, we don't apply extra restrictions to Put Role requests and don't require checks against file-based roles - // these dependencies are only used by our stateless implementation + public PutRoleRequestBuilder create(Client client) { return new PutRoleRequestBuilder(client); } } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestCreateApiKeyAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestCreateApiKeyAction.java index 217afdb3cfea2..29ffc76425060 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestCreateApiKeyAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/apikey/RestCreateApiKeyAction.java @@ -55,8 +55,7 @@ public String getName() { @Override protected RestChannelConsumer innerPrepareRequest(final RestRequest request, final NodeClient client) throws IOException { - CreateApiKeyRequestBuilder builder = builderFactory.create(client, request.hasParam(RestRequest.PATH_RESTRICTED)) - .source(request.requiredContent(), request.getXContentType()); + CreateApiKeyRequestBuilder builder = builderFactory.create(client).source(request.requiredContent(), request.getXContentType()); String refresh = request.param("refresh"); if (refresh != null) { builder.setRefreshPolicy(WriteRequest.RefreshPolicy.parse(request.param("refresh"))); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetBuiltinPrivilegesAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetBuiltinPrivilegesAction.java index d804559bba0ec..5f0657079e694 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetBuiltinPrivilegesAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetBuiltinPrivilegesAction.java @@ -62,14 +62,13 @@ public String getName() { @Override public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { - final boolean restrictResponse = request.hasParam(RestRequest.PATH_RESTRICTED); return channel -> client.execute( GetBuiltinPrivilegesAction.INSTANCE, new GetBuiltinPrivilegesRequest(), new RestBuilderListener<>(channel) { @Override public RestResponse buildResponse(GetBuiltinPrivilegesResponse response, XContentBuilder builder) throws Exception { - final var translatedResponse = responseTranslator.translate(response, restrictResponse); + final var translatedResponse = responseTranslator.translate(response); builder.startObject(); builder.array("cluster", translatedResponse.getClusterPrivileges()); builder.array("index", translatedResponse.getIndexPrivileges()); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java index 82596738e95a7..6a819c098e9f1 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/role/RestPutRoleAction.java @@ -55,8 +55,7 @@ public String getName() { @Override public RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException { - final boolean restrictRequest = request.hasParam(RestRequest.PATH_RESTRICTED); - final PutRoleRequestBuilder requestBuilder = builderFactory.create(client, restrictRequest) + final PutRoleRequestBuilder requestBuilder = builderFactory.create(client) .source(request.param("name"), request.requiredContent(), request.getXContentType()) .setRefreshPolicy(request.param("refresh")); return channel -> requestBuilder.execute(new RestBuilderListener<>(channel) { diff --git a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/40_view_role_descriptors.yml b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/40_view_role_descriptors.yml index a7fb00a052528..e9f8359e41ce3 100644 --- a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/40_view_role_descriptors.yml +++ b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/40_view_role_descriptors.yml @@ -21,7 +21,7 @@ setup: ], "applications": [ { - "application": "myapp", + "application": "apm", "privileges": ["*"], "resources": ["*"] } @@ -497,7 +497,7 @@ teardown: ], "applications" : [ { - "application" : "myapp", + "application" : "apm", "privileges" : [ "*" ], diff --git a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/60_admin_user.yml b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/60_admin_user.yml index 1a85dda7379be..643287bad4833 100644 --- a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/60_admin_user.yml +++ b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/api_key/60_admin_user.yml @@ -15,14 +15,14 @@ setup: security.put_privileges: body: > { - "myapp": { + "apm": { "read": { - "application": "myapp", + "application": "apm", "name": "read", "actions": [ "data:read/*" ] }, "write": { - "application": "myapp", + "application": "apm", "name": "write", "actions": [ "data:write/*" ] } @@ -33,7 +33,7 @@ setup: teardown: - do: security.delete_privileges: - application: myapp + application: apm name: "read,write" ignore: 404 @@ -254,7 +254,7 @@ teardown: ], "applications": [ { - "application": "myapp", + "application": "apm", "privileges": ["read"], "resources": ["*"] } @@ -299,7 +299,7 @@ teardown: ], "application": [ { - "application" : "myapp", + "application" : "apm", "resources" : [ "*", "some-other-res" ], "privileges" : [ "data:read/me", "data:write/me" ] } @@ -324,7 +324,7 @@ teardown: } } } - match: { "application" : { - "myapp" : { + "apm" : { "*" : { "data:read/me" : true, "data:write/me" : false