Module org.elasticsearch.xcore
Class ExpressionRoleMapping
java.lang.Object
org.elasticsearch.xpack.core.security.authc.support.mapper.ExpressionRoleMapping
- All Implemented Interfaces:
Writeable,org.elasticsearch.xcontent.ToXContent,org.elasticsearch.xcontent.ToXContentObject
public class ExpressionRoleMapping
extends Object
implements org.elasticsearch.xcontent.ToXContentObject, Writeable
A representation of a single role-mapping for use in NativeRoleMappingStore.
Logically, this represents a set of roles that should be applied to any user where a boolean
expression evaluates to
true.- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from interface org.elasticsearch.xcontent.ToXContent
org.elasticsearch.xcontent.ToXContent.DelegatingMapParams, org.elasticsearch.xcontent.ToXContent.MapParams, org.elasticsearch.xcontent.ToXContent.ParamsNested classes/interfaces inherited from interface org.elasticsearch.common.io.stream.Writeable
Writeable.Reader<V>, Writeable.Writer<V> -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringReserved metadata field to mark role mappings as read-only.static final StringReserved suffix for read-only operator-defined role mappings.Fields inherited from interface org.elasticsearch.xcontent.ToXContent
EMPTY, EMPTY_PARAMS -
Constructor Summary
ConstructorsConstructorDescriptionExpressionRoleMapping(String name, RoleMapperExpression expr, List<String> roles, List<TemplateRoleName> templates, Map<String, Object> metadata, boolean enabled) -
Method Summary
Modifier and TypeMethodDescriptionstatic StringaddReadOnlySuffix(String name) booleanThe expression that determines whether the roles in this mapping should be applied to any given user.Meta-data for this mapping.getName()The name of this mapping.getRoleNames(ScriptService scriptService, ExpressionModel model) getRoles()The list ofroles(specified by name) that should be assigned to users that match theexpressionin this mapping.The list ofroles(specified by atemplatethat evaluates to one or more names) that should be assigned to users that match theexpressionin this mapping.inthashCode()static booleanhasReadOnlySuffix(String name) booleanWhether this mapping is enabled.booleanWhether this mapping is an operator defined/read only role mappingstatic ExpressionRoleMappingparse(String name, BytesReference source, org.elasticsearch.xcontent.XContentType xContentType) Parse anExpressionRoleMappingfrom the provided XContentstatic ExpressionRoleMappingParse anExpressionRoleMappingfrom the provided XContentstatic StringresolveRoles(UserRoleMapper.UserData user, Collection<ExpressionRoleMapping> mappings, ScriptService scriptService, org.apache.logging.log4j.Logger logger) Given the user information (in the form ofUserRoleMapper.UserData) and a collection ofExpressionRoleMappings, this returns the set of role names that should be mapped to the user, according to the provided role mapping rules.toString()org.elasticsearch.xcontent.XContentBuildertoXContent(org.elasticsearch.xcontent.XContentBuilder builder, org.elasticsearch.xcontent.ToXContent.Params params) Converts thisExpressionRoleMappinginto XContent that is compatible with the format handled byparse(String, BytesReference, XContentType).org.elasticsearch.xcontent.XContentBuildertoXContent(org.elasticsearch.xcontent.XContentBuilder builder, org.elasticsearch.xcontent.ToXContent.Params params, boolean indexFormat) static voidvoidwriteTo(StreamOutput out) Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.elasticsearch.xcontent.ToXContentObject
isFragment
-
Field Details
-
READ_ONLY_ROLE_MAPPING_SUFFIX
Reserved suffix for read-only operator-defined role mappings. This suffix is added to the name of all cluster-state role mappings returned via theTransportGetRoleMappingsActionaction.- See Also:
-
READ_ONLY_ROLE_MAPPING_METADATA_FLAG
Reserved metadata field to mark role mappings as read-only. This field is added to the metadata of all cluster-state role mappings returned via theTransportGetRoleMappingsActionaction.- See Also:
-
-
Constructor Details
-
ExpressionRoleMapping
public ExpressionRoleMapping(String name, RoleMapperExpression expr, List<String> roles, List<TemplateRoleName> templates, Map<String, Object> metadata, boolean enabled) -
ExpressionRoleMapping
- Throws:
IOException
-
-
Method Details
-
resolveRoles
public static Set<String> resolveRoles(UserRoleMapper.UserData user, Collection<ExpressionRoleMapping> mappings, ScriptService scriptService, org.apache.logging.log4j.Logger logger) Given the user information (in the form ofUserRoleMapper.UserData) and a collection ofExpressionRoleMappings, this returns the set of role names that should be mapped to the user, according to the provided role mapping rules. -
hasReadOnlySuffix
-
validateNoReadOnlySuffix
-
addReadOnlySuffix
-
removeReadOnlySuffixIfPresent
-
writeTo
- Specified by:
writeToin interfaceWriteable- Throws:
IOException
-
getName
The name of this mapping. The name exists for the sole purpose of providing a meaningful identifier for each mapping, so that it may be referred to for update, retrieval or deletion. The name does not affect the set of roles that a mapping provides. -
getExpression
-
getRoles
The list ofroles(specified by name) that should be assigned to users that match theexpressionin this mapping. -
getRoleTemplates
The list ofroles(specified by atemplatethat evaluates to one or more names) that should be assigned to users that match theexpressionin this mapping. -
getMetadata
Meta-data for this mapping. This exists for external systems of user to track information about this mapping such as where it was sourced from, when it was loaded, etc. This is not used within the mapping process, and does not affect whether the expression matches, nor which roles are assigned. -
isEnabled
public boolean isEnabled()Whether this mapping is enabled. Mappings that are not enabled are not applied to users. -
isReadOnly
public boolean isReadOnly()Whether this mapping is an operator defined/read only role mapping -
toString
-
equals
-
hashCode
public int hashCode() -
parse
public static ExpressionRoleMapping parse(String name, BytesReference source, org.elasticsearch.xcontent.XContentType xContentType) throws IOException Parse anExpressionRoleMappingfrom the provided XContent- Throws:
IOException
-
parse
public static ExpressionRoleMapping parse(String name, org.elasticsearch.xcontent.XContentParser parser) throws IOException Parse anExpressionRoleMappingfrom the provided XContent- Throws:
IOException
-
toXContent
public org.elasticsearch.xcontent.XContentBuilder toXContent(org.elasticsearch.xcontent.XContentBuilder builder, org.elasticsearch.xcontent.ToXContent.Params params) throws IOException Converts thisExpressionRoleMappinginto XContent that is compatible with the format handled byparse(String, BytesReference, XContentType).- Specified by:
toXContentin interfaceorg.elasticsearch.xcontent.ToXContent- Throws:
IOException
-
toXContent
public org.elasticsearch.xcontent.XContentBuilder toXContent(org.elasticsearch.xcontent.XContentBuilder builder, org.elasticsearch.xcontent.ToXContent.Params params, boolean indexFormat) throws IOException - Throws:
IOException
-
getRoleNames
-