elastic · cee-chen · Oct 22, 2020 · Oct 20, 2020 · Oct 21, 2020 · Oct 21, 2020
diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/credentials.test.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/credentials.test.ts
@@ -41,6 +41,115 @@ describe('credentials routes', () => {
     });
   });
 
+  describe('POST /api/app_search/credentials', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({ method: 'post', payload: 'body' });
+
+      registerCredentialsRoutes({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    it('creates a request handler', () => {
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/as/credentials/collection',
+      });
+    });
+
+    describe('validates', () => {
+      describe('admin keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'admin-key',
+              type: 'admin',
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on unnecessary properties', () => {
+          const request = {
+            body: {
+              name: 'admin-key',
+              type: 'admin',
+              read: true,
+              access_all_engines: true,
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+
+      describe('private keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'private-key',
+              type: 'private',
+              read: true,
+              write: false,
+              access_all_engines: false,
+              engines: ['engine1', 'engine2'],
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on missing keys', () => {
+          const request = {
+            body: {
+              name: 'private-key',
+              type: 'private',
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+
+      describe('search keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+              access_all_engines: true,
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on missing keys', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+
+        it('throws on extra keys', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+              read: true,
+              write: false,
+              access_all_engines: false,
+              engines: ['engine1', 'engine2'],
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+    });
+  });
+
   describe('GET /api/app_search/credentials/details', () => {
     let mockRouter: MockRouter;
 
@@ -61,6 +170,123 @@ describe('credentials routes', () => {
     });
   });
 
+  describe('PUT /api/app_search/credentials/{name}', () => {
+    let mockRouter: MockRouter;
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockRouter = new MockRouter({ method: 'put', payload: 'body' });
+
+      registerCredentialsRoutes({
+        ...mockDependencies,
+        router: mockRouter.router,
+      });
+    });
+
+    it('creates a request to enterprise search', () => {
+      const mockRequest = {
+        params: {
+          name: 'abc123',
+        },
+      };
+
+      mockRouter.callRoute(mockRequest);
+
+      expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({
+        path: '/as/credentials/abc123',
+      });
+    });
+
+    describe('validates', () => {
+      describe('admin keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'admin-key',
+              type: 'admin',
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on unnecessary properties', () => {
+          const request = {
+            body: {
+              name: 'admin-key',
+              type: 'admin',
+              read: true,
+              access_all_engines: true,
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+
+      describe('private keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'private-key',
+              type: 'private',
+              read: true,
+              write: false,
+              access_all_engines: false,
+              engines: ['engine1', 'engine2'],
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on missing keys', () => {
+          const request = {
+            body: {
+              name: 'private-key',
+              type: 'private',
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+
+      describe('search keys', () => {
+        it('correctly', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+              access_all_engines: true,
+            },
+          };
+          mockRouter.shouldValidate(request);
+        });
+
+        it('throws on missing keys', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+
+        it('throws on extra keys', () => {
+          const request = {
+            body: {
+              name: 'search-key',
+              type: 'search',
+              read: true,
+              write: false,
+              access_all_engines: false,
+              engines: ['engine1', 'engine2'],
+            },
+          };
+          mockRouter.shouldThrow(request);
+        });
+      });
+    });
+  });
+
   describe('DELETE /api/app_search/credentials/{name}', () => {
     let mockRouter: MockRouter;
 

diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/credentials.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/credentials.ts
@@ -8,10 +8,32 @@ import { schema } from '@kbn/config-schema';
 
 import { IRouteDependencies } from '../../plugin';
 
+const tokenSchema = schema.oneOf([
+  schema.object({
+    name: schema.string(),
+    type: schema.literal('admin'),
+  }),
+  schema.object({
+    name: schema.string(),
+    type: schema.literal('private'),
+    read: schema.boolean(),
+    write: schema.boolean(),
+    access_all_engines: schema.boolean(),
+    engines: schema.maybe(schema.arrayOf(schema.string())),
+  }),
+  schema.object({
+    name: schema.string(),
+    type: schema.literal('search'),
+    access_all_engines: schema.boolean(),
+    engines: schema.maybe(schema.arrayOf(schema.string())),
+  }),
+]);
+
 export function registerCredentialsRoutes({
   router,
   enterpriseSearchRequestHandler,
 }: IRouteDependencies) {
+  // Credentials API
   router.get(
     {
       path: '/api/app_search/credentials',
@@ -25,6 +47,19 @@ export function registerCredentialsRoutes({
       path: '/as/credentials/collection',
     })
   );
+  router.post(
+    {
+      path: '/api/app_search/credentials',
+      validate: {
+        body: tokenSchema,
+      },
+    },
+    enterpriseSearchRequestHandler.createRequest({
+      path: '/as/credentials/collection',
+    })
+  );
+
+  // TODO: It would be great to remove this someday
   router.get(
     {
       path: '/api/app_search/credentials/details',
@@ -34,6 +69,24 @@ export function registerCredentialsRoutes({
       path: '/as/credentials/details',
     })
   );
+
+  // Single credential API
+  router.put(
+    {
+      path: '/api/app_search/credentials/{name}',
+      validate: {
+        params: schema.object({
+          name: schema.string(),
+        }),
+        body: tokenSchema,
+      },
+    },
+    async (context, request, response) => {
+      return enterpriseSearchRequestHandler.createRequest({
+        path: `/as/credentials/${request.params.name}`,
+      })(context, request, response);
+    }
+  );
   router.delete(
     {
       path: '/api/app_search/credentials/{name}',