elastic · bizybot · Oct 16, 2018 · Sep 21, 2018 · Oct 1, 2018 · Oct 1, 2018
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java
@@ -20,6 +20,8 @@
 package org.elasticsearch.client;
 
 import org.elasticsearch.action.ActionListener;
+import org.elasticsearch.client.security.PutRoleMappingRequest;
+import org.elasticsearch.client.security.PutRoleMappingResponse;
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.GetSslCertificatesRequest;
@@ -75,6 +77,34 @@ public void putUserAsync(PutUserRequest request, RequestOptions options, ActionL
             PutUserResponse::fromXContent, listener, emptySet());
     }
 
+    /**
+     * Create/Update a role mapping.
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html">
+     * the docs</a> for more.
+     * @param request the request with the role mapping information
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @return the response from the put role mapping call
+     * @throws IOException in case there is a problem sending the request or parsing back the response
+     */
+    public PutRoleMappingResponse putRoleMapping(final PutRoleMappingRequest request, final RequestOptions options) throws IOException {
+        return restHighLevelClient.performRequestAndParseEntity(request, SecurityRequestConverters::putRoleMapping, options,
+                PutRoleMappingResponse::fromXContent, emptySet());
+    }
+
+    /**
+     * Asynchronously create/update a role mapping.
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html">
+     * the docs</a> for more.
+     * @param request the request with the role mapping information
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @param listener the listener to be notified upon request completion
+     */
+    public void putRoleMappingAsync(final PutRoleMappingRequest request, final RequestOptions options,
+            final ActionListener<PutRoleMappingResponse> listener) {
+        restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::putRoleMapping, options,
+                PutRoleMappingResponse::fromXContent, listener, emptySet());
+    }
+
     /**
      * Enable a native realm or built-in user synchronously.
      * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html">

diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java
@@ -21,6 +21,7 @@
 
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpPut;
+import org.elasticsearch.client.security.PutRoleMappingRequest;
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.ChangePasswordRequest;
@@ -61,6 +62,18 @@ static Request putUser(PutUserRequest putUserRequest) throws IOException {
         return request;
     }
 
+    static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest) throws IOException {
+        final String endpoint = new RequestConverters.EndpointBuilder()
+            .addPathPartAsIs("_xpack/security/role_mapping")
+            .addPathPart(putRoleMappingRequest.getName())
+            .build();
+        final Request request = new Request(HttpPut.METHOD_NAME, endpoint);
+        request.setEntity(createEntity(putRoleMappingRequest, REQUEST_BODY_CONTENT_TYPE));
+        final RequestConverters.Params params = new RequestConverters.Params(request);
+        params.withRefreshPolicy(putRoleMappingRequest.getRefreshPolicy());
+        return request;
+    }
+
     static Request enableUser(EnableUserRequest enableUserRequest) {
         return setUserEnabled(enableUserRequest);
     }

diff --git a/...est-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingRequest.java b/...est-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingRequest.java
@@ -0,0 +1,124 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.Validatable;
+import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
+import org.elasticsearch.common.Nullable;
+import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.xcontent.ToXContentObject;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Request object to create or update a role mapping.
+ */
+public final class PutRoleMappingRequest implements Validatable, ToXContentObject {
+
+    private final String name;
+    private final boolean enabled;
+    private final List<String> roles;
+    private final RoleMapperExpression rules;
+
+    private final Map<String, Object> metadata;
+    private final RefreshPolicy refreshPolicy;
+
+    public PutRoleMappingRequest(final String name, final boolean enabled, final List<String> roles, final RoleMapperExpression rules,
+            @Nullable final Map<String, Object> metadata, @Nullable final RefreshPolicy refreshPolicy) {
+        if (Strings.hasText(name) == false) {
+            throw new IllegalArgumentException("role-mapping name is missing");
+        }
+        this.name = name;
+        this.enabled = enabled;
+        if (roles == null || roles.isEmpty()) {
+            throw new IllegalArgumentException("role-mapping roles are missing");
+        }
+        this.roles = Collections.unmodifiableList(roles);
+        this.rules = Objects.requireNonNull(rules, "role-mapping rules are missing");
+        this.metadata = (metadata == null) ? Collections.emptyMap() : metadata;
+        this.refreshPolicy = (refreshPolicy == null) ? RefreshPolicy.getDefault() : refreshPolicy;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public List<String> getRoles() {
+        return roles;
+    }
+
+    public RoleMapperExpression getRules() {
+        return rules;
+    }
+
+    public Map<String, Object> getMetadata() {
+        return metadata;
+    }
+
+    public RefreshPolicy getRefreshPolicy() {
+        return refreshPolicy;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(name, enabled, refreshPolicy, roles, rules, metadata);
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final PutRoleMappingRequest other = (PutRoleMappingRequest) obj;
+
+        return (enabled == other.enabled) &&
+               (refreshPolicy == other.refreshPolicy) &&
+               Objects.equals(name, other.name) &&
+               Objects.equals(roles, other.roles) &&
+               Objects.equals(rules, other.rules) &&
+               Objects.equals(metadata, other.metadata);
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        builder.startObject();
+        builder.field("enabled", enabled);
+        builder.field("roles", roles);
+        builder.field("rules", rules);
+        builder.field("metadata", metadata);
+        return builder.endObject();
+    }
+
+}
diff --git a/...st-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingResponse.java b/...st-high-level/src/main/java/org/elasticsearch/client/security/PutRoleMappingResponse.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.common.ParseField;
+import org.elasticsearch.common.xcontent.ConstructingObjectParser;
+import org.elasticsearch.common.xcontent.XContentParser;
+
+import java.io.IOException;
+import java.util.Objects;
+
+import static org.elasticsearch.common.xcontent.ConstructingObjectParser.constructorArg;
+
+/**
+ * Response when adding/updating a role mapping. Returns a boolean field for
+ * whether the role mapping was created or updated.
+ */
+public final class PutRoleMappingResponse {
+
+    private final boolean created;
+
+    public PutRoleMappingResponse(boolean created) {
+        this.created = created;
+    }
+
+    public boolean isCreated() {
+        return created;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        final PutRoleMappingResponse that = (PutRoleMappingResponse) o;
+        return created == that.created;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(created);
+    }
+
+    private static final ConstructingObjectParser<PutRoleMappingResponse, Void> PARSER = new ConstructingObjectParser<>(
+            "put_role_mapping_response", true, args -> new PutRoleMappingResponse((boolean) args[0]));
+    static {
+        PARSER.declareBoolean(constructorArg(), new ParseField("created"));
+        // To parse the "created" field we declare "role_mapping" field object.
+        // Once the nested field "created" is found parser constructs the target object and
+        // ignores the role_mapping object.
+        PARSER.declareObject((a,b) -> {}, (parser, context) -> null, new ParseField("role_mapping"));
+    }
+
+    public static PutRoleMappingResponse fromXContent(XContentParser parser) throws IOException {
+        return PARSER.parse(parser, null);
+    }
+}
diff --git a/...arch/client/security/support/expressiondsl/expressions/CompositeRoleMapperExpression.java b/...arch/client/security/support/expressiondsl/expressions/CompositeRoleMapperExpression.java
@@ -57,7 +57,7 @@ public abstract class CompositeRoleMapperExpression implements RoleMapperExpress
     }
 
     public String getName() {
-        return this.getName();
+        return this.name;
     }
 
     public List<RoleMapperExpression> getElements() {

diff --git a/...elasticsearch/client/security/support/expressiondsl/fields/FieldRoleMapperExpression.java b/...elasticsearch/client/security/support/expressiondsl/fields/FieldRoleMapperExpression.java
@@ -50,7 +50,7 @@ public FieldRoleMapperExpression(final String field, final Object... values) {
             throw new IllegalArgumentException("null or empty field name (" + field + ")");
         }
         if (values == null || values.length == 0) {
-            throw new IllegalArgumentException("null or empty values (" + values + ")");
+            throw new IllegalArgumentException("null or empty values for field (" + field + ")");
         }
         this.field = field;
         this.values = Collections.unmodifiableList(Arrays.asList(values));

diff --git a/...est-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/...est-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java
@@ -24,8 +24,12 @@
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.ChangePasswordRequest;
+import org.elasticsearch.client.security.PutRoleMappingRequest;
 import org.elasticsearch.client.security.PutUserRequest;
 import org.elasticsearch.client.security.RefreshPolicy;
+import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
+import org.elasticsearch.client.security.support.expressiondsl.expressions.AnyRoleMapperExpression;
+import org.elasticsearch.client.security.support.expressiondsl.fields.FieldRoleMapperExpression;
 import org.elasticsearch.test.ESTestCase;
 
 import java.io.IOException;
@@ -67,6 +71,34 @@ public void testPutUser() throws IOException {
         assertToXContentBody(putUserRequest, request.getEntity());
     }
 
+    public void testPutRoleMapping() throws IOException {
+        final String username = randomAlphaOfLengthBetween(4, 7);
+        final String rolename = randomAlphaOfLengthBetween(4, 7);
+        final String roleMappingName = randomAlphaOfLengthBetween(4, 7);
+        final String groupname = "cn="+randomAlphaOfLengthBetween(4, 7)+",dc=example,dc=com";
+        final RefreshPolicy refreshPolicy = randomFrom(RefreshPolicy.values());
+        final Map<String, String> expectedParams;
+        if (refreshPolicy != RefreshPolicy.NONE) {
+            expectedParams = Collections.singletonMap("refresh", refreshPolicy.getValue());
+        } else {
+            expectedParams = Collections.emptyMap();
+        }
+
+        final RoleMapperExpression rules = AnyRoleMapperExpression.builder()
+                .addExpression(FieldRoleMapperExpression.ofUsername(username))
+                .addExpression(FieldRoleMapperExpression.ofGroups(groupname))
+                .build();
+        final PutRoleMappingRequest putRoleMappingRequest = new PutRoleMappingRequest(roleMappingName, true, Collections.singletonList(
+                rolename), rules, null, refreshPolicy);
+
+        final Request request = SecurityRequestConverters.putRoleMapping(putRoleMappingRequest);
+
+        assertEquals(HttpPut.METHOD_NAME, request.getMethod());
+        assertEquals("/_xpack/security/role_mapping/" + roleMappingName, request.getEndpoint());
+        assertEquals(expectedParams, request.getParameters());
+        assertToXContentBody(putRoleMappingRequest, request.getEntity());
+    }
+
     public void testEnableUser() {
         final String username = randomAlphaOfLengthBetween(1, 12);
         final RefreshPolicy refreshPolicy = randomFrom(RefreshPolicy.values());