Module org.elasticsearch.security
Class NativeRoleMappingStore
java.lang.Object
org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore
- All Implemented Interfaces:
UserRoleMapper
This store reads + writes
The store is responsible for all read and write operations as well as
role mappings in an Elasticsearch
index.
The store is responsible for all read and write operations as well as
resolving roles.
No caching is done by this class, it is handled at a higher level and no polling for changes is done by this class. Modification operations make a best effort attempt to clear the cache on all nodes for the user that was modified.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper
UserRoleMapper.DistinguishedNameNormalizer, UserRoleMapper.DistinguishedNamePredicate, UserRoleMapper.UserData -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThis setting is never registered by the security plugin - in order to disable the native role APIs another plugin must register it as a boolean setting and cause it to be set to `false`. -
Constructor Summary
ConstructorsConstructorDescriptionNativeRoleMappingStore(Settings settings, Client client, SecurityIndexManager securityIndex, ScriptService scriptService) -
Method Summary
Modifier and TypeMethodDescriptionprotected static ExpressionRoleMappingbuildMapping(String id, BytesReference source) voiddeleteRoleMapping(DeleteRoleMappingRequest request, ActionListener<Boolean> listener) Deletes a named mapping from the indexvoidgetRoleMappings(Set<String> names, ActionListener<List<ExpressionRoleMapping>> listener) Retrieves one or more mappings from the index.protected voidloadMappings(ActionListener<List<ExpressionRoleMapping>> listener) Loads all mappings from the index.voidonSecurityIndexStateChange(ProjectId projectId, SecurityIndexManager.IndexState previousState, SecurityIndexManager.IndexState currentState) voidputRoleMapping(PutRoleMappingRequest request, ActionListener<Boolean> listener) Stores (create or update) a single mapping in the indexvoidresolveRoles(UserRoleMapper.UserData user, ActionListener<Set<String>> listener) voidusageStats(ActionListener<Map<String, Object>> listener) Provides usage statistics for this store.Methods inherited from class org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
clearRealmCacheOnChange, clearRealmCachesOnAllNodes, clearRealmCachesOnLocalNode
-
Field Details
-
NATIVE_ROLE_MAPPINGS_ENABLED
This setting is never registered by the security plugin - in order to disable the native role APIs another plugin must register it as a boolean setting and cause it to be set to `false`. If this setting is set tofalsethen- the Rest APIs for native role mappings management are disabled.
- The native role mappings store will not map any roles to any user.
- See Also:
-
LAST_LOAD_CACHE_ENABLED_SETTING
-
-
Constructor Details
-
NativeRoleMappingStore
public NativeRoleMappingStore(Settings settings, Client client, SecurityIndexManager securityIndex, ScriptService scriptService)
-
-
Method Details
-
loadMappings
Loads all mappings from the index. package private for unit testing -
putRoleMapping
Stores (create or update) a single mapping in the index -
deleteRoleMapping
Deletes a named mapping from the index -
getRoleMappings
public void getRoleMappings(Set<String> names, ActionListener<List<ExpressionRoleMapping>> listener) Retrieves one or more mappings from the index. Ifnamesisnullorempty, then this retrieves all mappings. Otherwise it retrieves the specified mappings by name. -
usageStats
Provides usage statistics for this store. The resulting map contains the keyssize- The total number of mappings stored in the indexenabled- The number of mappings that areenabled
-
onSecurityIndexStateChange
public void onSecurityIndexStateChange(ProjectId projectId, SecurityIndexManager.IndexState previousState, SecurityIndexManager.IndexState currentState) -
resolveRoles
-
buildMapping
-