[API] Adds SAML security endpoints

Author: picandocodigo

elasticsearch-api/lib/elasticsearch/api.rb

@@ -74,7 +74,8 @@ def self.included(base)
                 Elasticsearch::API::Remote,
                 Elasticsearch::API::DanglingIndices,
                 Elasticsearch::API::Features,
-                Elasticsearch::API::Shutdown
+                Elasticsearch::API::Shutdown,
+                Elasticsearch::API::Security
     end
 
     # The serializer class

elasticsearch-api/lib/elasticsearch/api/actions/security/params_registry.rb

@@ -0,0 +1,60 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        module ParamsRegistry
+          extend self
+
+          # A Mapping of all the actions to their list of valid params.
+          #
+          # @since 6.1.1
+          PARAMS = {}
+
+          # Register an action with its list of valid params.
+          #
+          # @example Register the action.
+          #   ParamsRegistry.register(:benchmark, [ :verbose ])
+          #
+          # @param [ Symbol ] action The action to register.
+          # @param [ Array[Symbol] ] valid_params The list of valid params.
+          #
+          # @since 6.1.1
+          def register(action, valid_params)
+            PARAMS[action.to_sym] = valid_params
+          end
+
+          # Get the list of valid params for a given action.
+          #
+          # @example Get the list of valid params.
+          #   ParamsRegistry.get(:benchmark)
+          #
+          # @param [ Symbol ] action The action.
+          #
+          # @return [ Array<Symbol> ] The list of valid params for the action.
+          #
+          # @since 6.1.1
+          def get(action)
+            PARAMS.fetch(action, [])
+          end
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_authenticate.rb

@@ -0,0 +1,46 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Exchanges a SAML Response message for an Elasticsearch access token and refresh token pair
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The SAML response to authenticate (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-authenticate.html
+        #
+        def saml_authenticate(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/saml/authenticate"
+          params = {}
+
+          body = arguments[:body]
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_complete_logout.rb

@@ -0,0 +1,46 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Verifies the logout response sent from the SAML IdP
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The logout response to verify (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-complete-logout.html
+        #
+        def saml_complete_logout(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/saml/complete_logout"
+          params = {}
+
+          body = arguments[:body]
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_invalidate.rb

@@ -0,0 +1,46 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Consumes a SAML LogoutRequest
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The LogoutRequest message (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-invalidate.html
+        #
+        def saml_invalidate(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/saml/invalidate"
+          params = {}
+
+          body = arguments[:body]
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_logout.rb

@@ -0,0 +1,46 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Invalidates an access token and a refresh token that were generated via the SAML Authenticate API
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The tokens to invalidate (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-logout.html
+        #
+        def saml_logout(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/saml/logout"
+          params = {}
+
+          body = arguments[:body]
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_prepare_authentication.rb

@@ -0,0 +1,46 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Creates a SAML authentication request
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The realm for which to create the authentication request, identified by either its name or the ACS URL (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-prepare-authentication.html
+        #
+        def saml_prepare_authentication(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/saml/prepare"
+          params = {}
+
+          body = arguments[:body]
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/actions/security/saml_service_provider_metadata.rb

@@ -0,0 +1,48 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider
+        #
+        # @option arguments [String] :realm_name The name of the SAML realm to get the metadata for
+        # @option arguments [Hash] :headers Custom HTTP headers
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-saml-sp-metadata.html
+        #
+        def saml_service_provider_metadata(arguments = {})
+          raise ArgumentError, "Required argument 'realm_name' missing" unless arguments[:realm_name]
+
+          headers = arguments.delete(:headers) || {}
+
+          arguments = arguments.clone
+
+          _realm_name = arguments.delete(:realm_name)
+
+          method = Elasticsearch::API::HTTP_GET
+          path   = "_security/saml/metadata/#{Elasticsearch::API::Utils.__listify(_realm_name)}"
+          params = {}
+
+          body = nil
+          perform_request(method, path, params, body, headers).body
+        end
+      end
+    end
+  end
+end

elasticsearch-api/lib/elasticsearch/api/namespace/security.rb

@@ -0,0 +1,36 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions; end
+
+      # Client for the "security" namespace (includes the {Security::Actions} methods)
+      #
+      class SecurityClient
+        include Common::Client, Common::Client::Base, Security::Actions
+      end
+
+      # Proxy method for {SecurityClient}, available in the receiving object
+      #
+      def security
+        @security ||= SecurityClient.new(self)
+      end
+    end
+  end
+end