HLRC: Implement get-user-privileges API (#36292)

This adds the _security/user/_privileges API to the High
Level Rest Client.

This also makes some changes to the Java model for the Role APIs
in order to better accommodate the GetPrivileges API

Author: tvernum

client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java

@@ -48,6 +48,8 @@
 import org.elasticsearch.client.security.GetRolesResponse;
 import org.elasticsearch.client.security.GetSslCertificatesRequest;
 import org.elasticsearch.client.security.GetSslCertificatesResponse;
+import org.elasticsearch.client.security.GetUserPrivilegesRequest;
+import org.elasticsearch.client.security.GetUserPrivilegesResponse;
 import org.elasticsearch.client.security.GetUsersRequest;
 import org.elasticsearch.client.security.GetUsersResponse;
 import org.elasticsearch.client.security.HasPrivilegesRequest;
@@ -340,6 +342,25 @@ public void hasPrivilegesAsync(HasPrivilegesRequest request, RequestOptions opti
             HasPrivilegesResponse::fromXContent, listener, emptySet());
     }
 
+    /**
+     * Retrieve the set of effective privileges held by the current user.
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     */
+    public GetUserPrivilegesResponse getUserPrivileges(RequestOptions options) throws IOException {
+        return restHighLevelClient.performRequestAndParseEntity(GetUserPrivilegesRequest.INSTANCE, GetUserPrivilegesRequest::getRequest,
+            options, GetUserPrivilegesResponse::fromXContent, emptySet());
+    }
+
+    /**
+     * Asynchronously retrieve the set of effective privileges held by the current user.
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @param listener the listener to be notified upon request completion
+     */
+    public void getUserPrivilegesAsync(RequestOptions options, ActionListener<GetUserPrivilegesResponse> listener) {
+        restHighLevelClient.performRequestAsyncAndParseEntity(GetUserPrivilegesRequest.INSTANCE, GetUserPrivilegesRequest::getRequest,
+            options, GetUserPrivilegesResponse::fromXContent, listener, emptySet());
+    }
+
     /**
      * Clears the cache in one or more realms.
      * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html">
@@ -726,5 +747,4 @@ public void deletePrivilegesAsync(DeletePrivilegesRequest request, RequestOption
         restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::deletePrivileges, options,
             DeletePrivilegesResponse::fromXContent, listener, singleton(404));
     }
-
 }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetUserPrivilegesRequest.java

@@ -0,0 +1,41 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.apache.http.client.methods.HttpGet;
+import org.elasticsearch.client.Request;
+import org.elasticsearch.client.RequestOptions;
+import org.elasticsearch.client.Validatable;
+
+/**
+ * A request object for the {@link org.elasticsearch.client.SecurityClient#getUserPrivileges(RequestOptions)} API.
+ * This request takes no parameters, and has a singleton {@link #INSTANCE}.
+ */
+public class GetUserPrivilegesRequest implements Validatable {
+
+    public static final GetUserPrivilegesRequest INSTANCE = new GetUserPrivilegesRequest();
+
+    private GetUserPrivilegesRequest() {
+    }
+
+    public Request getRequest() {
+        return new Request(HttpGet.METHOD_NAME, "/_security/user/_privileges");
+    }
+}

client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetUserPrivilegesResponse.java

@@ -0,0 +1,141 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.RequestOptions;
+import org.elasticsearch.client.security.user.privileges.ApplicationResourcePrivileges;
+import org.elasticsearch.client.security.user.privileges.GlobalPrivileges;
+import org.elasticsearch.client.security.user.privileges.UserIndicesPrivileges;
+import org.elasticsearch.common.ParseField;
+import org.elasticsearch.common.xcontent.ConstructingObjectParser;
+import org.elasticsearch.common.xcontent.XContentParser;
+
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Objects;
+import java.util.Set;
+
+import static org.elasticsearch.common.xcontent.ConstructingObjectParser.constructorArg;
+
+/**
+ * The response for the {@link org.elasticsearch.client.SecurityClient#getUserPrivileges(RequestOptions)} API.
+ * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html">the API docs</a>
+ */
+public class GetUserPrivilegesResponse {
+
+    private static final ConstructingObjectParser<GetUserPrivilegesResponse, Void> PARSER = new ConstructingObjectParser<>(
+        "get_user_privileges_response", true, GetUserPrivilegesResponse::buildResponseFromParserArgs);
+
+    @SuppressWarnings("unchecked")
+    private static GetUserPrivilegesResponse buildResponseFromParserArgs(Object[] args) {
+        return new GetUserPrivilegesResponse(
+            (Collection<String>) args[0],
+            (Collection<GlobalPrivileges>) args[1],
+            (Collection<UserIndicesPrivileges>) args[2],
+            (Collection<ApplicationResourcePrivileges>) args[3],
+            (Collection<String>) args[4]
+        );
+    }
+
+    static {
+        PARSER.declareStringArray(constructorArg(), new ParseField("cluster"));
+        PARSER.declareObjectArray(constructorArg(), (parser, ignore) -> GlobalPrivileges.fromXContent(parser),
+            new ParseField("global"));
+        PARSER.declareObjectArray(constructorArg(), (parser, ignore) -> UserIndicesPrivileges.fromXContent(parser),
+            new ParseField("indices"));
+        PARSER.declareObjectArray(constructorArg(), (parser, ignore) -> ApplicationResourcePrivileges.fromXContent(parser),
+            new ParseField("applications"));
+        PARSER.declareStringArray(constructorArg(), new ParseField("run_as"));
+    }
+
+    public static GetUserPrivilegesResponse fromXContent(XContentParser parser) throws IOException {
+        return PARSER.parse(parser, null);
+    }
+
+    private Set<String> clusterPrivileges;
+    private Set<GlobalPrivileges> globalPrivileges;
+    private Set<UserIndicesPrivileges> indicesPrivileges;
+    private Set<ApplicationResourcePrivileges> applicationPrivileges;
+    private Set<String> runAsPrivilege;
+
+    public GetUserPrivilegesResponse(Collection<String> clusterPrivileges, Collection<GlobalPrivileges> globalPrivileges,
+                                     Collection<UserIndicesPrivileges> indicesPrivileges,
+                                     Collection<ApplicationResourcePrivileges> applicationPrivileges, Collection<String> runAsPrivilege) {
+        this.clusterPrivileges = Collections.unmodifiableSet(new LinkedHashSet<>(clusterPrivileges));
+        this.globalPrivileges = Collections.unmodifiableSet(new LinkedHashSet<>(globalPrivileges));
+        this.indicesPrivileges = Collections.unmodifiableSet(new LinkedHashSet<>(indicesPrivileges));
+        this.applicationPrivileges = Collections.unmodifiableSet(new LinkedHashSet<>(applicationPrivileges));
+        this.runAsPrivilege = Collections.unmodifiableSet(new LinkedHashSet<>(runAsPrivilege));
+    }
+
+    public Set<String> getClusterPrivileges() {
+        return clusterPrivileges;
+    }
+
+    public Set<GlobalPrivileges> getGlobalPrivileges() {
+        return globalPrivileges;
+    }
+
+    public Set<UserIndicesPrivileges> getIndicesPrivileges() {
+        return indicesPrivileges;
+    }
+
+    public Set<ApplicationResourcePrivileges> getApplicationPrivileges() {
+        return applicationPrivileges;
+    }
+
+    public Set<String> getRunAsPrivilege() {
+        return runAsPrivilege;
+    }
+
+    @Override
+    public String toString() {
+        return "GetUserPrivilegesResponse{" +
+            "clusterPrivileges=" + clusterPrivileges +
+            ", globalPrivileges=" + globalPrivileges +
+            ", indicesPrivileges=" + indicesPrivileges +
+            ", applicationPrivileges=" + applicationPrivileges +
+            ", runAsPrivilege=" + runAsPrivilege +
+            '}';
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        final GetUserPrivilegesResponse that = (GetUserPrivilegesResponse) o;
+        return Objects.equals(this.clusterPrivileges, that.clusterPrivileges) &&
+            Objects.equals(this.globalPrivileges, that.globalPrivileges) &&
+            Objects.equals(this.indicesPrivileges, that.indicesPrivileges) &&
+            Objects.equals(this.applicationPrivileges, that.applicationPrivileges) &&
+            Objects.equals(this.runAsPrivilege, that.runAsPrivilege);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(clusterPrivileges, globalPrivileges, indicesPrivileges, applicationPrivileges, runAsPrivilege);
+    }
+}

client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutRoleRequest.java

@@ -74,14 +74,14 @@ public boolean equals(Object obj) {
     @Override
     public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
         builder.startObject();
-        if (role.getApplicationResourcePrivileges() != null) {
-            builder.field(Role.APPLICATIONS.getPreferredName(), role.getApplicationResourcePrivileges());
+        if (role.getApplicationPrivileges() != null) {
+            builder.field(Role.APPLICATIONS.getPreferredName(), role.getApplicationPrivileges());
         }
         if (role.getClusterPrivileges() != null) {
             builder.field(Role.CLUSTER.getPreferredName(), role.getClusterPrivileges());
         }
-        if (role.getGlobalApplicationPrivileges() != null) {
-            builder.field(Role.GLOBAL.getPreferredName(), role.getGlobalApplicationPrivileges());
+        if (role.getGlobalPrivileges() != null) {
+            builder.field(Role.GLOBAL.getPreferredName(), role.getGlobalPrivileges());
         }
         if (role.getIndicesPrivileges() != null) {
             builder.field(Role.INDICES.getPreferredName(), role.getIndicesPrivileges());