Create or update privileges API

edit

Application privileges can be created or updated using this API.

Request

edit

A PutPrivilegesRequest contains list of application privileges that need to be created or updated. Each application privilege consists of an application name, application privilege, set of actions and optional metadata.

final List<ApplicationPrivilege> privileges = new ArrayList<>();
privileges.add(ApplicationPrivilege.builder()
    .application("app01")
    .privilege("all")
    .actions(Sets.newHashSet("action:login"))
    .metadata(Collections.singletonMap("k1", "v1"))
    .build());
privileges.add(ApplicationPrivilege.builder()
    .application("app01")
    .privilege("write")
    .actions(Sets.newHashSet("action:write"))
    .build());
final PutPrivilegesRequest putPrivilegesRequest = new PutPrivilegesRequest(privileges, RefreshPolicy.IMMEDIATE);

Synchronous execution

edit

When executing a PutPrivilegesRequest in the following manner, the client waits for the PutPrivilegesResponse to be returned before continuing with code execution:

final PutPrivilegesResponse putPrivilegesResponse = client.security().putPrivileges(putPrivilegesRequest,
    RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous execution

edit

Executing a PutPrivilegesRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous put-privileges method:

client.security().putPrivilegesAsync(putPrivilegesRequest, RequestOptions.DEFAULT, listener); 

The PutPrivilegesRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for put-privileges looks like:

ActionListener<PutPrivilegesResponse> listener = new ActionListener<PutPrivilegesResponse>() {
    @Override
    public void onResponse(PutPrivilegesResponse response) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution is successfully completed.

Called when the whole PutPrivilegesRequest fails.

Response

edit

The returned PutPrivilegesResponse contains the information about the status for each privilege present in the PutPrivilegesRequest. The status would be true if the privilege was created, false if the privilege was updated.

final boolean status = putPrivilegesResponse.wasCreated(applicationName, privilegeName); 

The response contains the status for given application name and privilege name. The status would be true if the privilege was created, false if the privilege was updated.