elastic · bizybot · Mar 15, 2019 · May 1, 2019 · May 2, 2019 · May 2, 2019
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java
@@ -43,6 +43,7 @@
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.GetApiKeyRequest;
 import org.elasticsearch.client.security.GetApiKeyResponse;
+import org.elasticsearch.client.security.GetMyApiKeyRequest;
 import org.elasticsearch.client.security.GetPrivilegesRequest;
 import org.elasticsearch.client.security.GetPrivilegesResponse;
 import org.elasticsearch.client.security.GetRoleMappingsRequest;
@@ -59,6 +60,7 @@
 import org.elasticsearch.client.security.HasPrivilegesResponse;
 import org.elasticsearch.client.security.InvalidateApiKeyRequest;
 import org.elasticsearch.client.security.InvalidateApiKeyResponse;
+import org.elasticsearch.client.security.InvalidateMyApiKeyRequest;
 import org.elasticsearch.client.security.InvalidateTokenRequest;
 import org.elasticsearch.client.security.InvalidateTokenResponse;
 import org.elasticsearch.client.security.PutPrivilegesRequest;
@@ -909,6 +911,36 @@ public void getApiKeyAsync(final GetApiKeyRequest request, final RequestOptions
                 GetApiKeyResponse::fromXContent, listener, emptySet());
     }
 
+    /**
+     * Retrieve information for API key(s) owned by authenticated user.<br>
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-my-api-key.html">
+     * the docs</a> for more.
+     *
+     * @param request the request to retrieve API key(s)
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @return the response from the create API key call
+     * @throws IOException in case there is a problem sending the request or parsing back the response
+     */
+    public GetApiKeyResponse getMyApiKey(final GetMyApiKeyRequest request, final RequestOptions options) throws IOException {
+        return restHighLevelClient.performRequestAndParseEntity(request, SecurityRequestConverters::getMyApiKey, options,
+                GetApiKeyResponse::fromXContent, emptySet());
+    }
+
+    /**
+     * Asynchronously retrieve information for API key(s) owned by authenticated user.<br>
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-my-api-key.html">
+     * the docs</a> for more.
+     *
+     * @param request the request to retrieve API key(s)
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @param listener the listener to be notified upon request completion
+     */
+    public void getMyApiKeyAsync(final GetMyApiKeyRequest request, final RequestOptions options,
+            final ActionListener<GetApiKeyResponse> listener) {
+        restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::getMyApiKey, options,
+                GetApiKeyResponse::fromXContent, listener, emptySet());
+    }
+
     /**
      * Invalidate API Key(s).<br>
      * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html">
@@ -939,4 +971,35 @@ public void invalidateApiKeyAsync(final InvalidateApiKeyRequest request, final R
         restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::invalidateApiKey, options,
                 InvalidateApiKeyResponse::fromXContent, listener, emptySet());
     }
+
+    /**
+     * Invalidate API key(s) owned by authenticated user.<br>
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-my-api-key.html">
+     * the docs</a> for more.
+     *
+     * @param request the request to invalidate API key(s)
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @return the response from the invalidate API key call
+     * @throws IOException in case there is a problem sending the request or parsing back the response
+     */
+    public InvalidateApiKeyResponse invalidateMyApiKey(final InvalidateMyApiKeyRequest request, final RequestOptions options)
+            throws IOException {
+        return restHighLevelClient.performRequestAndParseEntity(request, SecurityRequestConverters::invalidateMyApiKey, options,
+                InvalidateApiKeyResponse::fromXContent, emptySet());
+    }
+
+    /**
+     * Asynchronously invalidates API key(s) owned by authenticated user.<br>
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-my-api-key.html">
+     * the docs</a> for more.
+     *
+     * @param request the request to invalidate API key(s)
+     * @param options the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @param listener the listener to be notified upon request completion
+     */
+    public void invalidateMyApiKeyAsync(final InvalidateMyApiKeyRequest request, final RequestOptions options,
+                                      final ActionListener<InvalidateApiKeyResponse> listener) {
+        restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::invalidateMyApiKey, options,
+                InvalidateApiKeyResponse::fromXContent, listener, emptySet());
+    }
 }
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java
@@ -35,12 +35,14 @@
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.GetApiKeyRequest;
+import org.elasticsearch.client.security.GetMyApiKeyRequest;
 import org.elasticsearch.client.security.GetPrivilegesRequest;
 import org.elasticsearch.client.security.GetRoleMappingsRequest;
 import org.elasticsearch.client.security.GetRolesRequest;
 import org.elasticsearch.client.security.GetUsersRequest;
 import org.elasticsearch.client.security.HasPrivilegesRequest;
 import org.elasticsearch.client.security.InvalidateApiKeyRequest;
+import org.elasticsearch.client.security.InvalidateMyApiKeyRequest;
 import org.elasticsearch.client.security.InvalidateTokenRequest;
 import org.elasticsearch.client.security.PutPrivilegesRequest;
 import org.elasticsearch.client.security.PutRoleMappingRequest;
@@ -285,10 +287,26 @@ static Request getApiKey(final GetApiKeyRequest getApiKeyRequest) throws IOExcep
         return request;
     }
 
+    static Request getMyApiKey(final GetMyApiKeyRequest getMyApiKeyRequest) throws IOException {
+        final Request request = new Request(HttpGet.METHOD_NAME, "/_security/api_key/my");
+        if (Strings.hasText(getMyApiKeyRequest.getId())) {
+            request.addParameter("id", getMyApiKeyRequest.getId());
+        }
+        if (Strings.hasText(getMyApiKeyRequest.getName())) {
+            request.addParameter("name", getMyApiKeyRequest.getName());
+        }
+        return request;
+    }
+
     static Request invalidateApiKey(final InvalidateApiKeyRequest invalidateApiKeyRequest) throws IOException {
         final Request request = new Request(HttpDelete.METHOD_NAME, "/_security/api_key");
         request.setEntity(createEntity(invalidateApiKeyRequest, REQUEST_BODY_CONTENT_TYPE));
-        final RequestConverters.Params params = new RequestConverters.Params(request);
+        return request;
+    }
+
+    static Request invalidateMyApiKey(final InvalidateMyApiKeyRequest invalidateMyApiKeyRequest) throws IOException {
+        final Request request = new Request(HttpDelete.METHOD_NAME, "/_security/api_key/my");
+        request.setEntity(createEntity(invalidateMyApiKeyRequest, REQUEST_BODY_CONTENT_TYPE));
         return request;
     }
 }
diff --git a/...t/rest-high-level/src/main/java/org/elasticsearch/client/security/GetMyApiKeyRequest.java b/...t/rest-high-level/src/main/java/org/elasticsearch/client/security/GetMyApiKeyRequest.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.Validatable;
+import org.elasticsearch.common.Nullable;
+import org.elasticsearch.common.xcontent.ToXContentObject;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+
+import java.io.IOException;
+
+/**
+ * Request for retrieving information for API key(s) owned by the authenticated user.
+ */
+public final class GetMyApiKeyRequest implements Validatable, ToXContentObject {
+
+    private final String id;
+    private final String name;
+
+    public GetMyApiKeyRequest(@Nullable String apiKeyId, @Nullable String apiKeyName) {
+        this.id = apiKeyId;
+        this.name = apiKeyName;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Creates request for given api key id
+     * @param apiKeyId api key id
+     * @return {@link GetMyApiKeyRequest}
+     */
+    public static GetMyApiKeyRequest usingApiKeyId(String apiKeyId) {
+        return new GetMyApiKeyRequest(apiKeyId, null);
+    }
+
+    /**
+     * Creates request for given api key name
+     * @param apiKeyName api key name
+     * @return {@link GetMyApiKeyRequest}
+     */
+    public static GetMyApiKeyRequest usingApiKeyName(String apiKeyName) {
+        return new GetMyApiKeyRequest(null, apiKeyName);
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        return builder;
+    }
+
+}
diff --git a/...high-level/src/main/java/org/elasticsearch/client/security/InvalidateMyApiKeyRequest.java b/...high-level/src/main/java/org/elasticsearch/client/security/InvalidateMyApiKeyRequest.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.Validatable;
+import org.elasticsearch.common.Nullable;
+import org.elasticsearch.common.xcontent.ToXContentObject;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+
+import java.io.IOException;
+
+/**
+ * Request for invalidating API key(s) for the authenticated user so that it can no longer be used.
+ */
+public final class InvalidateMyApiKeyRequest implements Validatable, ToXContentObject {
+
+    private final String id;
+    private final String name;
+
+    public InvalidateMyApiKeyRequest(@Nullable String apiKeyId, @Nullable String apiKeyName) {
+        this.id = apiKeyId;
+        this.name = apiKeyName;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Creates invalidate API key request for given api key id
+     * @param apiKeyId api key id
+     * @return {@link InvalidateMyApiKeyRequest}
+     */
+    public static InvalidateMyApiKeyRequest usingApiKeyId(String apiKeyId) {
+        return new InvalidateMyApiKeyRequest(apiKeyId, null);
+    }
+
+    /**
+     * Creates invalidate API key request for given api key name
+     * @param apiKeyName api key name
+     * @return {@link InvalidateMyApiKeyRequest}
+     */
+    public static InvalidateMyApiKeyRequest usingApiKeyName(String apiKeyName) {
+        return new InvalidateMyApiKeyRequest(null, apiKeyName);
+    }
+
+    @Override
+    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+        builder.startObject();
+        if (id != null) {
+            builder.field("id", id);
+        }
+        if (name != null) {
+            builder.field("name", name);
+        }
+        return builder.endObject();
+    }
+}
diff --git a/...rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java b/...rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java
@@ -311,6 +311,9 @@ public static class ClusterPrivilegeName {
         public static final String TRANSPORT_CLIENT = "transport_client";
         public static final String MANAGE_SECURITY = "manage_security";
         public static final String MANAGE_SAML = "manage_saml";
+        public static final String MANAGE_API_KEY = "manage_api_key";
+        public static final String OWNER_MANAGE_API_KEY = "owner_manage_api_key";
+        public static final String CREATE_API_KEY = "create_api_key";
         public static final String MANAGE_TOKEN = "manage_token";
         public static final String MANAGE_PIPELINE = "manage_pipeline";
         public static final String MANAGE_CCR = "manage_ccr";
@@ -319,7 +322,8 @@ public static class ClusterPrivilegeName {
         public static final String READ_ILM = "read_ilm";
         public static final String[] ALL_ARRAY = new String[] { NONE, ALL, MONITOR, MONITOR_ML, MONITOR_WATCHER, MONITOR_ROLLUP, MANAGE,
                 MANAGE_ML, MANAGE_WATCHER, MANAGE_ROLLUP, MANAGE_INDEX_TEMPLATES, MANAGE_INGEST_PIPELINES, TRANSPORT_CLIENT,
-                MANAGE_SECURITY, MANAGE_SAML, MANAGE_TOKEN, MANAGE_PIPELINE, MANAGE_CCR, READ_CCR, MANAGE_ILM, READ_ILM };
+                MANAGE_SECURITY, MANAGE_SAML, MANAGE_API_KEY, OWNER_MANAGE_API_KEY, CREATE_API_KEY, MANAGE_TOKEN, MANAGE_PIPELINE,
+                MANAGE_CCR, READ_CCR, MANAGE_ILM, READ_ILM };
     }
 
     /**

diff --git a/...est-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java b/...est-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java
@@ -33,11 +33,13 @@
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
 import org.elasticsearch.client.security.GetApiKeyRequest;
+import org.elasticsearch.client.security.GetMyApiKeyRequest;
 import org.elasticsearch.client.security.GetPrivilegesRequest;
 import org.elasticsearch.client.security.GetRoleMappingsRequest;
 import org.elasticsearch.client.security.GetRolesRequest;
 import org.elasticsearch.client.security.GetUsersRequest;
 import org.elasticsearch.client.security.InvalidateApiKeyRequest;
+import org.elasticsearch.client.security.InvalidateMyApiKeyRequest;
 import org.elasticsearch.client.security.PutPrivilegesRequest;
 import org.elasticsearch.client.security.PutRoleMappingRequest;
 import org.elasticsearch.client.security.PutRoleRequest;
@@ -461,4 +463,24 @@ public void testInvalidateApiKey() throws IOException {
         assertEquals("/_security/api_key", request.getEndpoint());
         assertToXContentBody(invalidateApiKeyRequest, request.getEntity());
     }
+
+    public void testGetMyApiKey() throws IOException {
+        String apiKeyId = randomAlphaOfLength(5);
+        final GetMyApiKeyRequest getApiKeyRequest = GetMyApiKeyRequest.usingApiKeyId(apiKeyId);
+        final Request request = SecurityRequestConverters.getMyApiKey(getApiKeyRequest);
+        assertEquals(HttpGet.METHOD_NAME, request.getMethod());
+        assertEquals("/_security/api_key/my", request.getEndpoint());
+        Map<String, String> mapOfParameters = new HashMap<>();
+        mapOfParameters.put("id", apiKeyId);
+        assertThat(request.getParameters(), equalTo(mapOfParameters));
+    }
+
+    public void testInvalidateMyApiKey() throws IOException {
+        String apiKeyId = randomAlphaOfLength(5);
+        final InvalidateMyApiKeyRequest invalidateApiKeyRequest = new InvalidateMyApiKeyRequest(apiKeyId, null);
+        final Request request = SecurityRequestConverters.invalidateMyApiKey(invalidateApiKeyRequest);
+        assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
+        assertEquals("/_security/api_key/my", request.getEndpoint());
+        assertToXContentBody(invalidateApiKeyRequest, request.getEntity());
+    }
  }