[API] Adds service accounts endpoints

Author: picandocodigo

elasticsearch-xpack/lib/elasticsearch/xpack/api/actions/security/clear_cached_service_tokens.rb

@@ -0,0 +1,62 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module XPack
+    module API
+      module Security
+        module Actions
+          # Evicts tokens from the service account token caches.
+          # This functionality is in Beta and is subject to change. The design and
+          # code is less mature than official GA features and is being provided
+          # as-is with no warranties. Beta features are not subject to the support
+          # SLA of official GA features.
+          #
+          # @option arguments [String] :namespace An identifier for the namespace
+          # @option arguments [String] :service An identifier for the service name
+          # @option arguments [List] :name A comma-separated list of service token names
+          # @option arguments [Hash] :headers Custom HTTP headers
+          #
+          # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-clear-service-token-caches.html
+          #
+          def clear_cached_service_tokens(arguments = {})
+            raise ArgumentError, "Required argument 'namespace' missing" unless arguments[:namespace]
+            raise ArgumentError, "Required argument 'service' missing" unless arguments[:service]
+            raise ArgumentError, "Required argument 'name' missing" unless arguments[:name]
+
+            headers = arguments.delete(:headers) || {}
+
+            arguments = arguments.clone
+
+            _namespace = arguments.delete(:namespace)
+
+            _service = arguments.delete(:service)
+
+            _name = arguments.delete(:name)
+
+            method = Elasticsearch::API::HTTP_POST
+            path   = "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}/credential/token/#{Elasticsearch::API::Utils.__listify(_name)}/_clear_cache"
+            params = {}
+
+            body = nil
+            perform_request(method, path, params, body, headers).body
+          end
+        end
+      end
+    end
+  end
+end

elasticsearch-xpack/lib/elasticsearch/xpack/api/actions/security/create_service_token.rb

@@ -0,0 +1,73 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module XPack
+    module API
+      module Security
+        module Actions
+          # Creates a service account token for access without requiring basic authentication.
+          # This functionality is in Beta and is subject to change. The design and
+          # code is less mature than official GA features and is being provided
+          # as-is with no warranties. Beta features are not subject to the support
+          # SLA of official GA features.
+          #
+          # @option arguments [String] :namespace An identifier for the namespace
+          # @option arguments [String] :service An identifier for the service name
+          # @option arguments [String] :name An identifier for the token name
+          # @option arguments [String] :refresh If `true` then refresh the affected shards to make this operation visible to search, if `wait_for` (the default) then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. (options: true, false, wait_for)
+          # @option arguments [Hash] :headers Custom HTTP headers
+          #
+          # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-create-service-token.html
+          #
+          def create_service_token(arguments = {})
+            raise ArgumentError, "Required argument 'namespace' missing" unless arguments[:namespace]
+            raise ArgumentError, "Required argument 'service' missing" unless arguments[:service]
+
+            headers = arguments.delete(:headers) || {}
+
+            arguments = arguments.clone
+
+            _namespace = arguments.delete(:namespace)
+
+            _service = arguments.delete(:service)
+
+            _name = arguments.delete(:name)
+
+            method = Elasticsearch::API::HTTP_PUT
+            path   = if _namespace && _service && _name
+                       "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}/credential/token/#{Elasticsearch::API::Utils.__listify(_name)}"
+                     else
+                       "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}/credential/token"
+                     end
+            params = Elasticsearch::API::Utils.__validate_and_extract_params arguments, ParamsRegistry.get(__method__)
+
+            body = nil
+            perform_request(method, path, params, body, headers).body
+          end
+
+          # Register this action with its valid params when the module is loaded.
+          #
+          # @since 6.2.0
+          ParamsRegistry.register(:create_service_token, [
+            :refresh
+          ].freeze)
+        end
+      end
+    end
+  end
+end

elasticsearch-xpack/lib/elasticsearch/xpack/api/actions/security/delete_service_token.rb

@@ -0,0 +1,70 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module XPack
+    module API
+      module Security
+        module Actions
+          # Deletes a service account token.
+          # This functionality is in Beta and is subject to change. The design and
+          # code is less mature than official GA features and is being provided
+          # as-is with no warranties. Beta features are not subject to the support
+          # SLA of official GA features.
+          #
+          # @option arguments [String] :namespace An identifier for the namespace
+          # @option arguments [String] :service An identifier for the service name
+          # @option arguments [String] :name An identifier for the token name
+          # @option arguments [String] :refresh If `true` then refresh the affected shards to make this operation visible to search, if `wait_for` (the default) then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. (options: true, false, wait_for)
+          # @option arguments [Hash] :headers Custom HTTP headers
+          #
+          # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-delete-service-token.html
+          #
+          def delete_service_token(arguments = {})
+            raise ArgumentError, "Required argument 'namespace' missing" unless arguments[:namespace]
+            raise ArgumentError, "Required argument 'service' missing" unless arguments[:service]
+            raise ArgumentError, "Required argument 'name' missing" unless arguments[:name]
+
+            headers = arguments.delete(:headers) || {}
+
+            arguments = arguments.clone
+
+            _namespace = arguments.delete(:namespace)
+
+            _service = arguments.delete(:service)
+
+            _name = arguments.delete(:name)
+
+            method = Elasticsearch::API::HTTP_DELETE
+            path   = "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}/credential/token/#{Elasticsearch::API::Utils.__listify(_name)}"
+            params = Elasticsearch::API::Utils.__validate_and_extract_params arguments, ParamsRegistry.get(__method__)
+
+            body = nil
+            perform_request(method, path, params, body, headers).body
+          end
+
+          # Register this action with its valid params when the module is loaded.
+          #
+          # @since 6.2.0
+          ParamsRegistry.register(:delete_service_token, [
+            :refresh
+          ].freeze)
+        end
+      end
+    end
+  end
+end

elasticsearch-xpack/lib/elasticsearch/xpack/api/actions/security/get_service_accounts.rb

@@ -0,0 +1,61 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module XPack
+    module API
+      module Security
+        module Actions
+          # Retrieves information about service accounts.
+          # This functionality is in Beta and is subject to change. The design and
+          # code is less mature than official GA features and is being provided
+          # as-is with no warranties. Beta features are not subject to the support
+          # SLA of official GA features.
+          #
+          # @option arguments [String] :namespace An identifier for the namespace
+          # @option arguments [String] :service An identifier for the service name
+          # @option arguments [Hash] :headers Custom HTTP headers
+          #
+          # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-service-accounts.html
+          #
+          def get_service_accounts(arguments = {})
+            headers = arguments.delete(:headers) || {}
+
+            arguments = arguments.clone
+
+            _namespace = arguments.delete(:namespace)
+
+            _service = arguments.delete(:service)
+
+            method = Elasticsearch::API::HTTP_GET
+            path   = if _namespace && _service
+                       "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}"
+                     elsif _namespace
+                       "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}"
+                     else
+                       "_security/service"
+                     end
+            params = {}
+
+            body = nil
+            perform_request(method, path, params, body, headers).body
+          end
+        end
+      end
+    end
+  end
+end

elasticsearch-xpack/lib/elasticsearch/xpack/api/actions/security/get_service_credentials.rb

@@ -0,0 +1,58 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+module Elasticsearch
+  module XPack
+    module API
+      module Security
+        module Actions
+          # Retrieves information of all service credentials for a service account.
+          # This functionality is in Beta and is subject to change. The design and
+          # code is less mature than official GA features and is being provided
+          # as-is with no warranties. Beta features are not subject to the support
+          # SLA of official GA features.
+          #
+          # @option arguments [String] :namespace An identifier for the namespace
+          # @option arguments [String] :service An identifier for the service name
+          # @option arguments [Hash] :headers Custom HTTP headers
+          #
+          # @see https://www.elastic.co/guide/en/elasticsearch/reference/7.x/security-api-get-service-credentials.html
+          #
+          def get_service_credentials(arguments = {})
+            raise ArgumentError, "Required argument 'namespace' missing" unless arguments[:namespace]
+            raise ArgumentError, "Required argument 'service' missing" unless arguments[:service]
+
+            headers = arguments.delete(:headers) || {}
+
+            arguments = arguments.clone
+
+            _namespace = arguments.delete(:namespace)
+
+            _service = arguments.delete(:service)
+
+            method = Elasticsearch::API::HTTP_GET
+            path   = "_security/service/#{Elasticsearch::API::Utils.__listify(_namespace)}/#{Elasticsearch::API::Utils.__listify(_service)}/credential"
+            params = {}
+
+            body = nil
+            perform_request(method, path, params, body, headers).body
+          end
+        end
+      end
+    end
+  end
+end

elasticsearch-xpack/spec/xpack/security/clear_cached_service_tokens_spec.rb

@@ -0,0 +1,58 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'spec_helper'
+
+describe 'client#security#clear_cached_service_tokens' do
+  let(:expected_args) do
+    [
+      'POST',
+      '_security/service/foo/bar/credential/token/service_token/_clear_cache',
+      {},
+      nil,
+      {}
+    ]
+  end
+
+  it 'performs the request' do
+    expect(client_double.security.clear_cached_service_tokens(
+             namespace: 'foo', service: 'bar', name: 'service_token')
+          ).to eq({})
+  end
+
+  let(:client) do
+    Class.new { include Elasticsearch::XPack::API }.new
+  end
+
+  it 'requires the :namespace argument' do
+    expect {
+      client.security.clear_cached_service_tokens(service: 'bar', name: 'service_token')
+    }.to raise_exception(ArgumentError)
+  end
+
+  it 'requires the :service argument' do
+    expect {
+      client.security.clear_cached_service_tokens(namespace: 'foo', name: 'service_token')
+    }.to raise_exception(ArgumentError)
+  end
+
+  it 'requires the :name argument' do
+    expect {
+      client.security.clear_cached_service_tokens(service: 'bar', namespace: 'foo')
+    }.to raise_exception(ArgumentError)
+  end
+end