* feat(plugins): add security client plugin Signed-off-by: florian <florian@harfanglab.fr> * test(plugins): skip security plugin tests when disabled Signed-off-by: florian <florian@harfanglab.fr> * fix(security): remove non-ASCII character Signed-off-by: florian <florian@harfanglab.fr> * chore(CHANGELOG): added entry for security api support in changelog Signed-off-by: florian <florian@harfanglab.fr> * test(plugins): add asynchronous tests version Signed-off-by: florian <florian@harfanglab.fr> * test: remove some warnings Signed-off-by: florian <florian@harfanglab.fr> * chore(USER_GUIDE): add a security plugin part Signed-off-by: florian <florian@harfanglab.fr> * test(security): Split out security plugin tests in its own file Signed-off-by: florian <florian@harfanglab.fr> * chore: apply reviews Signed-off-by: florian <florian@harfanglab.fr> --------- Signed-off-by: florian <florian@harfanglab.fr>
675 lines
21 KiB
Python
675 lines
21 KiB
Python
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# The OpenSearch Contributors require contributions made to
|
|
# this file be licensed under the Apache-2.0 license or a
|
|
# compatible open source license.
|
|
#
|
|
# Modifications Copyright OpenSearch Contributors. See
|
|
# GitHub history for details.
|
|
|
|
from ..client.utils import SKIP_IN_PATH, NamespacedClient, _make_path, query_params
|
|
|
|
|
|
class SecurityClient(NamespacedClient):
|
|
@query_params()
|
|
async def get_account_details(self, params=None, headers=None):
|
|
"""
|
|
Returns account details for the current user.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "account"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def change_password(
|
|
self, current_password, password, params=None, headers=None
|
|
):
|
|
"""
|
|
Changes the password for the current user.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "account"),
|
|
params=params,
|
|
headers=headers,
|
|
body={
|
|
"current_password": current_password,
|
|
"password": password,
|
|
},
|
|
)
|
|
|
|
@query_params()
|
|
async def get_action_group(self, action_group, params=None, headers=None):
|
|
"""
|
|
Retrieves one action group.
|
|
"""
|
|
if action_group in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'action-group'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "actiongroups", action_group),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_action_groups(self, params=None, headers=None):
|
|
"""
|
|
Retrieves all action groups.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "actiongroups"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_action_group(self, action_group, params=None, headers=None):
|
|
"""
|
|
Deletes the specified action group.
|
|
"""
|
|
if action_group in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'action-group'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "actiongroups", action_group),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_action_group(self, action_group, body, params=None, headers=None):
|
|
"""
|
|
Creates or replaces the specified action group.
|
|
"""
|
|
if action_group in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'action-group'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "actiongroups", action_group),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_action_group(self, action_group, body, params=None, headers=None):
|
|
"""
|
|
Updates individual attributes of an action group.
|
|
"""
|
|
if action_group in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'action-group'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "actiongroups", action_group),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_action_groups(self, body, params=None, headers=None):
|
|
"""
|
|
Creates, updates, or deletes multiple action groups in a single call.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "actiongroups"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_user(self, username, params=None, headers=None):
|
|
"""
|
|
Retrieves one user.
|
|
"""
|
|
if username in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'username'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "internalusers", username),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_users(self, params=None, headers=None):
|
|
"""
|
|
Retrieves all users.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "internalusers"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_user(self, username, params=None, headers=None):
|
|
"""
|
|
Deletes the specified user.
|
|
"""
|
|
if username in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'username'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "internalusers", username),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_user(self, username, body, params=None, headers=None):
|
|
"""
|
|
Creates or replaces the specified user.
|
|
"""
|
|
if username in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'username'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "internalusers", username),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_user(self, username, body, params=None, headers=None):
|
|
"""
|
|
Updates individual attributes of an internal user.
|
|
"""
|
|
if username in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'username'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "internalusers", username),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_users(self, body, params=None, headers=None):
|
|
"""
|
|
Creates, updates, or deletes multiple internal users in a single call.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "internalusers"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_role(self, role, params=None, headers=None):
|
|
"""
|
|
Retrieves one role.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "roles", role),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_roles(self, params=None, headers=None):
|
|
"""
|
|
Retrieves all roles.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "roles"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_role(self, role, params=None, headers=None):
|
|
"""
|
|
Deletes the specified role.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "roles", role),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_role(self, role, body, params=None, headers=None):
|
|
"""
|
|
Creates or replaces the specified role.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "roles", role),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_role(self, role, body, params=None, headers=None):
|
|
"""
|
|
Updates individual attributes of a role.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "roles", role),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_roles(self, body, params=None, headers=None):
|
|
"""
|
|
Creates, updates, or deletes multiple roles in a single call.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "roles"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_role_mapping(self, role, params=None, headers=None):
|
|
"""
|
|
Retrieves one role mapping.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping", role),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_role_mappings(self, params=None, headers=None):
|
|
"""
|
|
Retrieves all role mappings.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_role_mappings(self, role, params=None, headers=None):
|
|
"""
|
|
Deletes the specified role mapping.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping", role),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_role_mappings(self, role, body, params=None, headers=None):
|
|
"""
|
|
Creates or replaces the specified role mapping.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping", role),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_role_mapping(self, role, body, params=None, headers=None):
|
|
"""
|
|
Updates individual attributes of a role mapping.
|
|
"""
|
|
if role in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'role'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping", role),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_role_mappings(self, body, params=None, headers=None):
|
|
"""
|
|
Creates or updates multiple role mappings in a single call.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "rolesmapping"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_tenant(self, tenant, params=None, headers=None):
|
|
"""
|
|
Retrieves one tenant.
|
|
"""
|
|
if tenant in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'tenant'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "tenants", tenant),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_tenants(self, params=None, headers=None):
|
|
"""
|
|
Retrieves all tenants.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "tenants"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_tenant(self, tenant, params=None, headers=None):
|
|
"""
|
|
Deletes the specified tenant.
|
|
"""
|
|
if tenant in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'tenant'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "tenants", tenant),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_tenant(self, tenant, body, params=None, headers=None):
|
|
"""
|
|
Creates or replaces the specified tenant.
|
|
"""
|
|
if tenant in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'tenant'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "tenants", tenant),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_tenant(self, tenant, body, params=None, headers=None):
|
|
"""
|
|
Add, delete, or modify a single tenant.
|
|
"""
|
|
if tenant in SKIP_IN_PATH:
|
|
raise ValueError("Empty value passed for a required argument 'tenant'.")
|
|
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "tenants", tenant),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_tenants(self, body, params=None, headers=None):
|
|
"""
|
|
Add, delete, or modify multiple tenants in a single call.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "tenants"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_configuration(self, params=None, headers=None):
|
|
"""
|
|
Retrieves the current Security plugin configuration in JSON format.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "securityconfig"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_configuration(self, body, params=None, headers=None):
|
|
"""
|
|
Retrieves the current Security plugin configuration in JSON format.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "securityconfig", "config"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_configuration(self, body, params=None, headers=None):
|
|
"""
|
|
Updates the existing configuration using the REST API.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_plugins", "_security", "api", "securityconfig"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_distinguished_names(
|
|
self, cluster_name=None, params=None, headers=None
|
|
):
|
|
"""
|
|
Retrieves all distinguished names in the allow list.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "nodesdn", cluster_name),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_distinguished_names(
|
|
self, cluster_name, body, params=None, headers=None
|
|
):
|
|
"""
|
|
Adds or updates the specified distinguished names in the cluster's or node's allow list.
|
|
"""
|
|
if cluster_name in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'cluster-name'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_plugins", "_security", "api", "nodesdn", cluster_name),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def delete_distinguished_names(self, cluster_name, params=None, headers=None):
|
|
"""
|
|
Deletes all distinguished names in the specified cluster's or node's allow list.
|
|
"""
|
|
if cluster_name in SKIP_IN_PATH:
|
|
raise ValueError(
|
|
"Empty value passed for a required argument 'cluster-name'."
|
|
)
|
|
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "nodesdn", cluster_name),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_certificates(self, params=None, headers=None):
|
|
"""
|
|
Retrieves the cluster's security certificates.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "api", "ssl", "certs"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def reload_transport_certificates(self, params=None, headers=None):
|
|
"""
|
|
Reloads SSL certificates that are about to expire without restarting the OpenSearch node.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path(
|
|
"_opendistro", "_security", "api", "ssl", "transport", "reloadcerts"
|
|
),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def reload_http_certificates(self, params=None, headers=None):
|
|
"""
|
|
Reloads SSL certificates that are about to expire without restarting the OpenSearch node.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_opendistro", "_security", "api", "ssl", "http", "reloadcerts"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def flush_cache(self, params=None, headers=None):
|
|
"""
|
|
Flushes the Security plugin user, authentication, and authorization cache.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"DELETE",
|
|
_make_path("_plugins", "_security", "api", "cache"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def health_check(self, params=None, headers=None):
|
|
"""
|
|
Checks to see if the Security plugin is up and running.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_plugins", "_security", "health"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def get_audit_configuration(self, params=None, headers=None):
|
|
"""
|
|
A GET call retrieves the audit configuration.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"GET",
|
|
_make_path("_opendistro", "_security", "api", "audit"),
|
|
params=params,
|
|
headers=headers,
|
|
)
|
|
|
|
@query_params()
|
|
async def put_audit_configuration(self, body, params=None, headers=None):
|
|
"""
|
|
A PUT call updates the audit configuration.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PUT",
|
|
_make_path("_opendistro", "_security", "api", "audit", "config"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|
|
|
|
@query_params()
|
|
async def patch_audit_configuration(self, body, params=None, headers=None):
|
|
"""
|
|
A PATCH call is used to update specified fields in the audit configuration.
|
|
"""
|
|
return await self.transport.perform_request(
|
|
"PATCH",
|
|
_make_path("_opendistro", "_security", "api", "audit"),
|
|
params=params,
|
|
headers=headers,
|
|
body=body,
|
|
)
|