Add support for _shield related API's (#2053)

* authenticate
* clear cached realms
* roles
  * clear cached roles
  * delete role(s)
  * put role
  * get role(s)
* user
  * delete user(s)
  * put user
  * get user(s)

This also adds support for any request to be able to specify the `es-shield-runas-user`
http header though the `RunAs` property on `RequestConfiguration`

The OIS version of requests now directly exposes `RequestConfiguration`

Author: Mpdreamz

Diff for: src/CodeGeneration/CodeGeneration.LowLevelClient/Domain/ApiUrlPart.cs

@@ -29,7 +29,12 @@ public string ClrTypeName
 					case "repository":
 					case "snapshot":
 					case "lang":
-					case "name": return this.Type == "string" ? "Name" : "Names";
+					case "username":
+					case "usernames":
+					case "realm":
+					case "realms":
+					case "name":
+						return this.Type == "string" ? "Name" : "Names";
 					case "task_id": return "TaskId";
 					default: return this.Type + "_";
 				}

Diff for: src/CodeGeneration/CodeGeneration.LowLevelClient/Program.cs

@@ -28,7 +28,7 @@ static void Main(string[] args)
 			if (redownloadCoreSpecification)
 				RestSpecDownloader.Download(downloadBranch);
 
-			ApiGenerator.Generate("Core", "DeleteByQuery", "Graph", "License");
+			ApiGenerator.Generate("Core", "DeleteByQuery", "Graph", "License", "Shield");
 			//ApiGenerator.Generate("Core", "Graph", "License");
 			//ApiGenerator.Generate(); //generates everything under ApiSpecification
 		}

Diff for: src/CodeGeneration/CodeGeneration.LowLevelClient/RestSpecification/XPack/Shield/shield.clear_cached_realms.json

@@ -7,14 +7,14 @@
       "paths": [ "/_shield/realm/{realms}/_clear_cache" ],
       "parts": {
         "realms": {
-          "type" : "string",
+          "type" : "list",
           "description" : "Comma-separated list of realms to clear",
           "required" : true
         }
       },
       "params": {
         "usernames": {
-          "type" : "string",
+          "type" : "list",
           "description" : "Comma-separated list of usernames to clear from the cache",
           "required" : false
         }

Diff for: src/CodeGeneration/CodeGeneration.LowLevelClient/RestSpecification/XPack/Shield/shield.clear_cached_roles.json

@@ -1,13 +1,13 @@
 {
   "shield.clear_cached_roles": {
     "documentation": "Clears the internal caches for specified roles",
-    "methods": [ "PUT", "POST" ],
+    "methods": [ "POST" ],
     "url": {
       "path": "/_shield/role/{name}/_clear_cache",
       "paths": [ "/_shield/role/{name}/_clear_cache" ],
       "parts": {
         "name": {
-          "type" : "string",
+          "type" : "list",
           "description" : "Role name",
           "required" : true
         }

Diff for: src/CodeGeneration/CodeGeneration.LowLevelClient/Views/_Requests.Generated.cshtml

@@ -43,7 +43,7 @@ namespace Nest
 	<text> } </text>
 	}
 	<text>///<summary>Request parameters for @method.FullName <pre>@method.Documentation</pre></summary>
-	public partial class @Raw(method.RequestType + method.RequestTypeGeneric) @Raw(string.Format(" : RequestBase<{0}>, {1}", method.QueryStringParamName, method.InterfaceType))
+	public partial class @Raw(method.RequestType + method.RequestTypeGeneric) @Raw(string.Format(" : PlainRequestBase<{0}>, {1}", method.QueryStringParamName, method.InterfaceType))
 	{
 		protected @(Raw(method.InterfaceType)) Self => this;
 	@foreach (ApiUrlPart part in method.AllParts.Where(p=>!ApiUrl.BlackListRouteValues.Contains(p.Name)))

Diff for: src/Elasticsearch.Net/Configuration/ConnectionConfiguration.cs

@@ -13,7 +13,7 @@
 namespace Elasticsearch.Net
 {
 	/// <summary>
-	/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects 
+	/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects
 	/// to elasticsearch
 	/// </summary>
 	public class ConnectionConfiguration : ConnectionConfiguration<ConnectionConfiguration>
@@ -23,7 +23,7 @@ public class ConnectionConfiguration : ConnectionConfiguration<ConnectionConfigu
 		public static readonly TimeSpan DefaultPingTimeoutOnSSL = TimeSpan.FromSeconds(5);
 
 		/// <summary>
-		/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects 
+		/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects
 		/// to elasticsearch
 		/// </summary>
 		/// <param name="uri">The root of the elasticsearch node we want to connect to. Defaults to http://localhost:9200</param>
@@ -33,12 +33,12 @@ public ConnectionConfiguration(Uri uri = null)
 		{ }
 
 		/// <summary>
-		/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects 
+		/// ConnectionConfiguration allows you to control how ElasticLowLevelClient behaves and where/how it connects
 		/// to elasticsearch
 		/// </summary>
 		/// <param name="connectionPool">A connection pool implementation that'll tell the client what nodes are available</param>
 		public ConnectionConfiguration(IConnectionPool connectionPool)
-			// ReSharper disable once IntroduceOptionalParameters.Global 
+			// ReSharper disable once IntroduceOptionalParameters.Global
 			: this(connectionPool, null, null)
 		{ }
 
@@ -208,7 +208,7 @@ public T EnableTcpKeepAlive(TimeSpan keepAliveTime, TimeSpan keepAliveInterval)
 
 		/// <summary>
 		/// Instead of following a c/go like error checking on response.IsValid always throw an exception
-		/// on the client when a call resulted in an exception on either the client or the Elasticsearch server. 
+		/// on the client when a call resulted in an exception on either the client or the Elasticsearch server.
 		/// <para>Reasons for such exceptions could be search parser errors, index missing exceptions, etc...</para>
 		/// </summary>
 		public T ThrowExceptions(bool alwaysThrow = true) => Assign(a => a._throwExceptions = alwaysThrow);
@@ -252,7 +252,7 @@ public T EnableTcpKeepAlive(TimeSpan keepAliveTime, TimeSpan keepAliveInterval)
 		public T DeadTimeout(TimeSpan timeout) => Assign(a => a._deadTimeout = timeout);
 
 		/// <summary>
-		/// Sets the maximum time a node can be marked dead. 
+		/// Sets the maximum time a node can be marked dead.
 		/// Different implementations of IConnectionPool may choose a different default.
 		/// </summary>
 		/// <param name="timeout">The timeout in milliseconds</param>
@@ -279,7 +279,7 @@ public T Proxy(Uri proxyAdress, string username, string password)
 		}
 
 		/// <summary>
-		/// Forces all requests to have ?pretty=true, causing elasticsearch to return formatted json. 
+		/// Forces all requests to have ?pretty=true, causing elasticsearch to return formatted json.
 		/// Also forces the client to send out formatted json. Defaults to false
 		/// </summary>
 		public T PrettyJson(bool b = true) => Assign(a =>
@@ -310,7 +310,7 @@ public T BasicAuthentication(string userName, string password)
 		{
 			this._basicAuthCredentials = new BasicAuthenticationCredentials
 			{
-				UserName = userName,
+				Username = userName,
 				Password = password
 			};
 			return (T)this;

Diff for: src/Elasticsearch.Net/Configuration/IConnectionConfigurationValues.cs

@@ -11,10 +11,10 @@ public interface IConnectionConfigurationValues : IDisposable
 
 		/// <summary> The connection pool to use when talking with elasticsearch </summary>
 		IConnectionPool ConnectionPool { get; }
-		
+
 		/// <summary> The connection implementation to use when talking with elasticsearch </summary>
 		IConnection Connection { get; }
-		
+
 		/// <summary>The serializer to use to serialize requests and deserialize responses</summary>
 		IElasticsearchSerializer Serializer { get; }
 
@@ -32,7 +32,7 @@ public interface IConnectionConfigurationValues : IDisposable
 		/// The time to put dead nodes out of rotation (this will be multiplied by the number of times they've been dead)
 		/// </summary>
 		TimeSpan? DeadTimeout { get; }
-		
+
 		/// <summary>
 		/// The maximum ammount of time a node is allowed to marked dead
 		/// </summary>
@@ -63,16 +63,16 @@ public interface IConnectionConfigurationValues : IDisposable
 		/// <para>http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html</para>
 		/// </summary>
 		bool EnableHttpCompression { get; }
-		
+
 		/// <summary>
 		/// When set will force all connections through this proxy
 		/// </summary>
 		string ProxyAddress { get; }
 		string ProxyUsername { get; }
 		string ProxyPassword { get; }
-		
+
 		/// <summary>
-		/// Forces all requests to have ?pretty=true, causing elasticsearch to return formatted json. 
+		/// Forces all requests to have ?pretty=true, causing elasticsearch to return formatted json.
 		/// Also forces the client to send out formatted json. Defaults to false
 		/// </summary>
 		bool PrettyJson { get; }
@@ -97,10 +97,10 @@ public interface IConnectionConfigurationValues : IDisposable
 
 		/// <summary>
 		/// Instead of following a c/go like error checking on response.IsValid always throw an exception
-		/// on the client when a call resulted in an exception on either the client or the Elasticsearch server. 
+		/// on the client when a call resulted in an exception on either the client or the Elasticsearch server.
 		/// <para>Reasons for such exceptions could be search parser errors, index missing exceptions, etc...</para>
 		/// </summary>
-		bool ThrowExceptions { get;  }
+		bool ThrowExceptions { get; }
 
 		/// <summary>
 		/// Sniff the cluster state immediatly on startup
@@ -137,18 +137,18 @@ public interface IConnectionConfigurationValues : IDisposable
 		/// Basic access authorization credentials to specify with all requests.
 		/// </summary>
 		BasicAuthenticationCredentials BasicAuthenticationCredentials { get; }
-		
+
 		/// <summary>
 		/// KeepAliveTime - specifies the timeout, in milliseconds, with no
-        /// activity until the first keep-alive packet is sent. 
+		/// activity until the first keep-alive packet is sent.
 		/// </summary>
 		TimeSpan? KeepAliveTime { get; }
 
 		/// <summary>
 		/// KeepAliveInterval - specifies the interval, in milliseconds, between
-        /// when successive keep-alive packets are sent if no acknowledgement is
-        /// received. 
+		/// when successive keep-alive packets are sent if no acknowledgement is
+		/// received.
 		/// </summary>
 		TimeSpan? KeepAliveInterval { get; }
 	}
-}
+}

Diff for: src/Elasticsearch.Net/Configuration/RequestConfiguration.cs

@@ -4,7 +4,7 @@
 
 namespace Elasticsearch.Net
 {
-	public interface IRequestConfiguration 
+	public interface IRequestConfiguration
 	{
 		/// <summary>
 		/// The timeout for this specific request, takes precedence over the global timeout settings
@@ -20,7 +20,7 @@ public interface IRequestConfiguration
 		/// Force a difference content type header on the request
 		/// </summary>
 		string ContentType { get; set; }
-		
+
 		/// <summary>
 		/// This will override whatever is set on the connection configuration or whatever default the connectionpool has.
 		/// </summary>
@@ -32,13 +32,13 @@ public interface IRequestConfiguration
 		Uri ForceNode { get; set; }
 
 		/// <summary>
-		/// Forces no sniffing to occur on the request no matter what configuration is in place 
+		/// Forces no sniffing to occur on the request no matter what configuration is in place
 		/// globally
 		/// </summary>
 		bool? DisableSniff { get; set; }
 
 		/// <summary>
-		/// Under no circumstance do a ping before the actual call. If a node was previously dead a small ping with 
+		/// Under no circumstance do a ping before the actual call. If a node was previously dead a small ping with
 		/// low connect timeout will be tried first in normal circumstances
 		/// </summary>
 		bool? DisablePing { get; set; }
@@ -63,48 +63,76 @@ public interface IRequestConfiguration
 		/// The cancellation token to use to internally to cancel async operations
 		/// </summary>
 		CancellationToken CancellationToken { get; set; }
+
+		/// <summary>
+		/// Submit the request on behalf in the context of a different shield user
+		/// <pre/>https://www.elastic.co/guide/en/shield/current/submitting-requests-for-other-users.html
+		/// </summary>
+		string RunAs { get; set; }
 	}
 
 	public class RequestConfiguration : IRequestConfiguration
 	{
 		public TimeSpan? RequestTimeout { get; set; }
 		public TimeSpan? PingTimeout { get; set; }
-		public string ContentType { get; set; }
+		public string ContentType { get; set; }
 		public int? MaxRetries { get; set; }
 		public Uri ForceNode { get; set; }
 		public bool? DisableSniff { get; set; }
 		public bool? DisablePing { get; set; }
 		public IEnumerable<int> AllowedStatusCodes { get; set; }
 		public BasicAuthenticationCredentials BasicAuthenticationCredentials { get; set; }
 		public bool EnableHttpPipelining { get; set; } = true;
-		public CancellationToken CancellationToken { get; set; }
+		public CancellationToken CancellationToken { get; set; }
+		/// <summary>
+		/// Submit the request on behalf in the context of a different user
+		/// https://www.elastic.co/guide/en/shield/current/submitting-requests-for-other-users.html
+		/// </summary>
+		public string RunAs { get; set; }
 	}
 
 	public class RequestConfigurationDescriptor : IRequestConfiguration
 	{
-		private IRequestConfiguration Self => this;
 
+		private IRequestConfiguration Self => this;
 		TimeSpan? IRequestConfiguration.RequestTimeout { get; set; }
-
 		TimeSpan? IRequestConfiguration.PingTimeout { get; set; }
-	
 		string IRequestConfiguration.ContentType { get; set; }
-		
 		int? IRequestConfiguration.MaxRetries { get; set; }
-		
 		Uri IRequestConfiguration.ForceNode { get; set; }
-		
 		bool? IRequestConfiguration.DisableSniff { get; set; }
-		
 		bool? IRequestConfiguration.DisablePing { get; set; }
-		
 		IEnumerable<int> IRequestConfiguration.AllowedStatusCodes { get; set; }
-
 		BasicAuthenticationCredentials IRequestConfiguration.BasicAuthenticationCredentials { get; set; }
-
 		bool IRequestConfiguration.EnableHttpPipelining { get; set; } = true;
-
 		CancellationToken IRequestConfiguration.CancellationToken { get; set; }
+		string IRequestConfiguration.RunAs { get; set; }
+
+		public RequestConfigurationDescriptor(IRequestConfiguration config)
+		{
+			Self.RequestTimeout = config?.RequestTimeout;
+			Self.PingTimeout = config?.PingTimeout;
+			Self.ContentType = config?.ContentType;
+			Self.MaxRetries = config?.MaxRetries;
+			Self.ForceNode = config?.ForceNode;
+			Self.DisableSniff = config?.DisableSniff;
+			Self.DisablePing = config?.DisablePing;
+			Self.AllowedStatusCodes = config?.AllowedStatusCodes;
+			Self.BasicAuthenticationCredentials = config?.BasicAuthenticationCredentials;
+			Self.EnableHttpPipelining = config?.EnableHttpPipelining ?? true;
+			Self.CancellationToken = config?.CancellationToken ?? default(CancellationToken);
+			Self.RunAs = config?.RunAs;
+		}
+
+		/// <summary>
+		/// Submit the request on behalf in the context of a different shield user
+		/// <pre/>https://www.elastic.co/guide/en/shield/current/submitting-requests-for-other-users.html
+		/// </summary>
+		public RequestConfigurationDescriptor RunAs(string username)
+		{
+			Self.RunAs = username;
+			return this;
+		}
 
 		public RequestConfigurationDescriptor RequestTimeout(TimeSpan requestTimeout)
 		{
@@ -168,7 +196,7 @@ public RequestConfigurationDescriptor BasicAuthentication(string userName, strin
 		{
 			if (Self.BasicAuthenticationCredentials == null)
 				Self.BasicAuthenticationCredentials = new BasicAuthenticationCredentials();
-			Self.BasicAuthenticationCredentials.UserName = userName;
+			Self.BasicAuthenticationCredentials.Username = userName;
 			Self.BasicAuthenticationCredentials.Password = password;
 			return this;
 		}
@@ -179,4 +207,4 @@ public RequestConfigurationDescriptor EnableHttpPipelining(bool enable = true)
 			return this;
 		}
 	}
-}
+}

Diff for: src/Elasticsearch.Net/Configuration/Security/BasicAuthenticationCredentials.cs

@@ -0,0 +1,17 @@
+using System;
+
+namespace Elasticsearch.Net
+{
+	public class BasicAuthenticationCredentials
+	{
+		public string Username { get; set; }
+		[Obsolete("Scheduled to be removed use Username instead, note the lowercase n")]
+		public string UserName { get { return Username; } set { Username = value; } }
+		public string Password { get; set; }
+
+		public override string ToString()
+		{
+			return this.Username + ":" + this.Password;
+		}
+	}
+}

Diff for: src/Elasticsearch.Net/Configuration/Security/BasicAuthorizationCredentials.cs

@@ -49,6 +49,8 @@ protected virtual HttpWebRequest CreateWebRequest(RequestData requestData)
 				request.Headers.Add("Accept-Encoding", "gzip,deflate");
 				request.Headers.Add("Content-Encoding", "gzip");
 			}
+			if (!requestData.RunAs.IsNullOrEmpty())
+				request.Headers.Add("es-shield-runas-user", requestData.RunAs);
 
 			if (requestData.Headers != null && requestData.Headers.HasKeys())
 				request.Headers.Add(requestData.Headers);