Encapsulate request, auth, and action name (#37495)

This change introduces a new class called RequestInfo that encapsulates the common objects that are passed to the authorization engine methods. By doing so, we give ourselves a way of adding additional data without breaking the interface. Additionally, this also reduces the need to ensure we pass these three parameters in the same order everywhere for consistency.
elastic · Jan 18, 2019 · 9a240c6 · 9a240c6
1 parent 6278eab
commit 9a240c6
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 64 deletions.
diff --git a/...in/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationEngine.java b/...in/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationEngine.java
@@ -20,21 +20,17 @@
 
 public interface AuthorizationEngine {
 
-    void resolveAuthorizationInfo(Authentication authentication, TransportRequest request, String action,
-                                  ActionListener<AuthorizationInfo> listener);
+    void resolveAuthorizationInfo(RequestInfo requestInfo, ActionListener<AuthorizationInfo> listener);
 
-    void authorizeRunAs(Authentication authentication, TransportRequest request, String action, AuthorizationInfo authorizationInfo,
-                        ActionListener<AuthorizationResult> listener);
+    void authorizeRunAs(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, ActionListener<AuthorizationResult> listener);
 
-    void authorizeClusterAction(Authentication authentication, TransportRequest request, String action, AuthorizationInfo authorizationInfo,
-                                ActionListener<AuthorizationResult> listener);
+    void authorizeClusterAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo, ActionListener<AuthorizationResult> listener);
 
-    void authorizeIndexAction(Authentication authentication, TransportRequest request, String action,
-                              AuthorizationInfo authorizationInfo, AsyncSupplier<ResolvedIndices> indicesAsyncSupplier,
-                              Function<String, AliasOrIndex> aliasOrIndexFunction,
+    void authorizeIndexAction(RequestInfo requestInfo, AuthorizationInfo authorizationInfo,
+                              AsyncSupplier<ResolvedIndices> indicesAsyncSupplier, Function<String, AliasOrIndex> aliasOrIndexFunction,
                               ActionListener<IndexAuthorizationResult> listener);
 
-    void loadAuthorizedIndices(Authentication authentication, String action, AuthorizationInfo info,
+    void loadAuthorizedIndices(RequestInfo requestInfo, AuthorizationInfo info,
                                Map<String, AliasOrIndex> aliasAndIndexLookup, ActionListener<List<String>> listener);
 
     interface AuthorizationInfo {
@@ -58,6 +54,31 @@ public Map<String, Object> asMap() {
         }
     }
 
+    final class RequestInfo {
+
+        private final Authentication authentication;
+        private final TransportRequest request;
+        private final String action;
+
+        public RequestInfo(Authentication authentication, TransportRequest request, String action) {
+            this.authentication = authentication;
+            this.request = request;
+            this.action = action;
+        }
+
+        public String getAction() {
+            return action;
+        }
+
+        public Authentication getAuthentication() {
+            return authentication;
+        }
+
+        public TransportRequest getRequest() {
+            return request;
+        }
+    }
+
     class AuthorizationResult {
 
         private final boolean granted;