[API] Adds security OIDC endpoints

picandocodigo · picandocodigo · commit 720c102bb963 · 2022-02-21T20:55:40.000Z
diff --git a/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_authenticate.rb b/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_authenticate.rb
@@ -0,0 +1,49 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Exchanges an OpenID Connection authentication response message for an Elasticsearch access token and refresh token pair
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The OpenID Connect response to authenticate (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-oidc-authenticate.html
+        #
+        def oidc_authenticate(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          body = arguments.delete(:body)
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/oidc/authenticate"
+          params = {}
+
+          Elasticsearch::API::Response.new(
+            perform_request(method, path, params, body, headers)
+          )
+        end
+      end
+    end
+  end
+end
diff --git a/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_logout.rb b/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_logout.rb
@@ -0,0 +1,49 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Invalidates a refresh token and access token that was generated from the OpenID Connect Authenticate API
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body Access token and refresh token to invalidate (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-oidc-logout.html
+        #
+        def oidc_logout(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          body = arguments.delete(:body)
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/oidc/logout"
+          params = {}
+
+          Elasticsearch::API::Response.new(
+            perform_request(method, path, params, body, headers)
+          )
+        end
+      end
+    end
+  end
+end
diff --git a/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_prepare_authentication.rb b/elasticsearch-api/lib/elasticsearch/api/actions/security/oidc_prepare_authentication.rb
@@ -0,0 +1,49 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module API
+    module Security
+      module Actions
+        # Creates an OAuth 2.0 authentication request as a URL string
+        #
+        # @option arguments [Hash] :headers Custom HTTP headers
+        # @option arguments [Hash] :body The OpenID Connect authentication realm configuration (*Required*)
+        #
+        # @see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-oidc-prepare-authentication.html
+        #
+        def oidc_prepare_authentication(arguments = {})
+          raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
+
+          headers = arguments.delete(:headers) || {}
+
+          body = arguments.delete(:body)
+
+          arguments = arguments.clone
+
+          method = Elasticsearch::API::HTTP_POST
+          path   = "_security/oidc/prepare"
+          params = {}
+
+          Elasticsearch::API::Response.new(
+            perform_request(method, path, params, body, headers)
+          )
+        end
+      end
+    end
+  end
+end
diff --git a/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_authenticate_test.rb b/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_authenticate_test.rb
@@ -0,0 +1,40 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'test_helper'
+
+module Elasticsearch
+  module Test
+    class SecurityOidcAuthenticateTest < Minitest::Test
+      context 'Security: OIDC Authenticate' do
+        subject { FakeClient.new }
+
+        should 'perform correct request' do
+          subject.expects(:perform_request).with do |method, url, params, body|
+            assert_equal('POST', method)
+            assert_equal('_security/oidc/authenticate', url)
+            assert_equal({}, params)
+            assert_equal(body, {})
+            true
+          end.returns(FakeResponse.new)
+
+          subject.security.oidc_authenticate(body: {})
+        end
+      end
+    end
+  end
+end
diff --git a/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_logout_test.rb b/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_logout_test.rb
@@ -0,0 +1,40 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'test_helper'
+
+module Elasticsearch
+  module Test
+    class SecurityOidcLogoutTest < Minitest::Test
+      context 'Security: OIDC Logout' do
+        subject { FakeClient.new }
+
+        should 'perform correct request' do
+          subject.expects(:perform_request).with do |method, url, params, body|
+            assert_equal('POST', method)
+            assert_equal('_security/oidc/logout', url)
+            assert_equal({}, params)
+            assert_equal(body, {})
+            true
+          end.returns(FakeResponse.new)
+
+          subject.security.oidc_logout(body: {})
+        end
+      end
+    end
+  end
+end
diff --git a/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_prepare_authentication_test.rb b/elasticsearch-api/spec/unit_tests_platinum/unit/security/oidc_prepare_authentication_test.rb
@@ -0,0 +1,40 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'test_helper'
+
+module Elasticsearch
+  module Test
+    class SecurityOidcPrepareAuthenticationTest < Minitest::Test
+      context 'Security: OIDC Prepare_Authentication' do
+        subject { FakeClient.new }
+
+        should 'perform correct request' do
+          subject.expects(:perform_request).with do |method, url, params, body|
+            assert_equal('POST', method)
+            assert_equal('_security/oidc/prepare', url)
+            assert_equal({}, params)
+            assert_equal(body, {})
+            true
+          end.returns(FakeResponse.new)
+
+          subject.security.oidc_prepare_authentication(body: {})
+        end
+      end
+    end
+  end
+end
