Module org.elasticsearch.security
Class NativeRolesStore
java.lang.Object
org.elasticsearch.xpack.security.authz.store.NativeRolesStore
- All Implemented Interfaces:
BiConsumer<Set<String>,ActionListener<RoleRetrievalResult>>
public class NativeRolesStore
extends Object
implements BiConsumer<Set<String>,ActionListener<RoleRetrievalResult>>
NativeRolesStore is a
RolesStore that, instead of reading from a
file, reads from an Elasticsearch index instead. Unlike the file-based roles
store, ESNativeRolesStore can be used to add a role to the store by inserting
the document into the administrative index.
No caching is done by this class, it is handled at a higher level-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThis setting is never registered by the security plugin - in order to disable the native role APIs another plugin must register it as a boolean setting and cause it to be set to `false`. -
Constructor Summary
ConstructorsConstructorDescriptionNativeRolesStore(Settings settings, Client client, XPackLicenseState licenseState, SecurityIndexManager securityIndex, ClusterService clusterService, ReservedRoleNameChecker reservedRoleNameChecker, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry) -
Method Summary
Modifier and TypeMethodDescriptionvoidaccept(Set<String> names, ActionListener<RoleRetrievalResult> listener) voiddeleteRole(DeleteRoleRequest deleteRoleRequest, ActionListener<Boolean> listener) voiddeleteRoles(Collection<String> roleNames, WriteRequest.RefreshPolicy refreshPolicy, boolean validateRoleNames, ActionListener<BulkRolesResponse> listener) voiddeleteRoles(List<String> roleNames, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<BulkRolesResponse> listener) voidgetRoleDescriptors(Set<String> names, ActionListener<RoleRetrievalResult> listener) Retrieve a list of roles, if rolesToGet is null or empty, fetch all rolesbooleanbooleanvoidputRole(WriteRequest.RefreshPolicy refreshPolicy, RoleDescriptor role, ActionListener<Boolean> listener) voidputRoles(WriteRequest.RefreshPolicy refreshPolicy, Collection<RoleDescriptor> roles, boolean validateRoleDescriptors, ActionListener<BulkRolesResponse> listener) voidputRoles(WriteRequest.RefreshPolicy refreshPolicy, Collection<RoleDescriptor> roles, ActionListener<BulkRolesResponse> listener) voidqueryRoleDescriptors(SearchSourceBuilder searchSourceBuilder, ActionListener<QueryRoleResponse.QueryRoleResult> listener) toString()voidusageStats(ActionListener<Map<String, Object>> listener) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface java.util.function.BiConsumer
andThen
-
Field Details
-
NATIVE_ROLES_ENABLED
This setting is never registered by the security plugin - in order to disable the native role APIs another plugin must register it as a boolean setting and cause it to be set to `false`. If this setting is set tofalsethen- the Rest APIs for native role management are disabled.
- The native roles store will not resolve any roles
- See Also:
-
-
Constructor Details
-
NativeRolesStore
public NativeRolesStore(Settings settings, Client client, XPackLicenseState licenseState, SecurityIndexManager securityIndex, ClusterService clusterService, ReservedRoleNameChecker reservedRoleNameChecker, org.elasticsearch.xcontent.NamedXContentRegistry xContentRegistry)
-
-
Method Details
-
isEnabled
public boolean isEnabled() -
accept
- Specified by:
acceptin interfaceBiConsumer<Set<String>,ActionListener<RoleRetrievalResult>>
-
getRoleDescriptors
Retrieve a list of roles, if rolesToGet is null or empty, fetch all roles -
isMetadataSearchable
public boolean isMetadataSearchable() -
queryRoleDescriptors
public void queryRoleDescriptors(SearchSourceBuilder searchSourceBuilder, ActionListener<QueryRoleResponse.QueryRoleResult> listener) -
deleteRole
-
deleteRoles
public void deleteRoles(List<String> roleNames, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<BulkRolesResponse> listener) -
deleteRoles
public void deleteRoles(Collection<String> roleNames, WriteRequest.RefreshPolicy refreshPolicy, boolean validateRoleNames, ActionListener<BulkRolesResponse> listener) -
putRole
public void putRole(WriteRequest.RefreshPolicy refreshPolicy, RoleDescriptor role, ActionListener<Boolean> listener) -
putRoles
public void putRoles(WriteRequest.RefreshPolicy refreshPolicy, Collection<RoleDescriptor> roles, ActionListener<BulkRolesResponse> listener) -
putRoles
public void putRoles(WriteRequest.RefreshPolicy refreshPolicy, Collection<RoleDescriptor> roles, boolean validateRoleDescriptors, ActionListener<BulkRolesResponse> listener) -
usageStats
-
toString
-