elastic
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java
Lines changed: 36 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java
Lines changed: 36 additions & 0 deletions
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java
Lines changed: 12 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java
Lines changed: 12 additions & 0 deletions
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/ExpressionRoleMapping.java
Lines changed: 153 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/ExpressionRoleMapping.java
Lines changed: 153 additions & 0 deletions
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRoleMappingsRequest.java
Lines changed: 68 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRoleMappingsRequest.java
Lines changed: 68 additions & 0 deletions
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRoleMappingsResponse.java
Lines changed: 70 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRoleMappingsResponse.java
Lines changed: 70 additions & 0 deletions
diff --git a/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/expressiondsl/parser/RoleMapperExpressionParser.java
Lines changed: 12 additions & 0 deletions b/‎client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/expressiondsl/parser/RoleMapperExpressionParser.java
Lines changed: 12 additions & 0 deletions
@@ -29,6 +29,8 @@
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EmptyResponse;
 import org.elasticsearch.client.security.EnableUserRequest;
+import org.elasticsearch.client.security.GetRoleMappingsRequest;
+import org.elasticsearch.client.security.GetRoleMappingsResponse;
 import org.elasticsearch.client.security.GetSslCertificatesRequest;
 import org.elasticsearch.client.security.GetSslCertificatesResponse;
 import org.elasticsearch.client.security.PutUserRequest;
@@ -112,6 +114,40 @@ public void putRoleMappingAsync(final PutRoleMappingRequest request, final Reque
                 PutRoleMappingResponse::fromXContent, listener, emptySet());
     }
 
+    /**
+     * Synchronously get role mapping(s).
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html">
+     * the docs</a> for more.
+     *
+     * @param request {@link GetRoleMappingsRequest} with role mapping name(s).
+     * If no role mapping name is provided then retrieves all role mappings.
+     * @param options the request options (e.g. headers), use
+     * {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @return the response from the get role mapping call
+     * @throws IOException in case there is a problem sending the request or
+     * parsing back the response
+     */
+    public GetRoleMappingsResponse getRoleMappings(final GetRoleMappingsRequest request, final RequestOptions options) throws IOException {
+        return restHighLevelClient.performRequestAndParseEntity(request, SecurityRequestConverters::getRoleMappings,
+            options, GetRoleMappingsResponse::fromXContent, emptySet());
+    }
+
+    /**
+     * Asynchronously get role mapping(s).
+     * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html">
+     * the docs</a> for more.
+     *
+     * @param request {@link GetRoleMappingsRequest} with role mapping name(s).
+     * If no role mapping name is provided then retrieves all role mappings.
+     * @param options  the request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+     * @param listener the listener to be notified upon request completion
+     */
+    public void getRoleMappingsAsync(final GetRoleMappingsRequest request, final RequestOptions options,
+            final ActionListener<GetRoleMappingsResponse> listener) {
+        restHighLevelClient.performRequestAsyncAndParseEntity(request, SecurityRequestConverters::getRoleMappings,
+                options, GetRoleMappingsResponse::fromXContent, listener, emptySet());
+    }
+
     /**
      * Enable a native realm or built-in user synchronously.
      * See <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html">
 
@@ -19,6 +19,7 @@
 
 package org.elasticsearch.client;
 
+import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpDelete;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpPut;
@@ -28,9 +29,11 @@
 import org.elasticsearch.client.security.PutRoleMappingRequest;
 import org.elasticsearch.client.security.DisableUserRequest;
 import org.elasticsearch.client.security.EnableUserRequest;
+import org.elasticsearch.client.security.GetRoleMappingsRequest;
 import org.elasticsearch.client.security.ChangePasswordRequest;
 import org.elasticsearch.client.security.PutUserRequest;
 import org.elasticsearch.client.security.SetUserEnabledRequest;
+import org.elasticsearch.common.Strings;
 
 import java.io.IOException;
 
@@ -78,6 +81,15 @@ static Request putRoleMapping(final PutRoleMappingRequest putRoleMappingRequest)
         return request;
     }
 
+    static Request getRoleMappings(final GetRoleMappingsRequest getRoleMappingRequest) throws IOException {
+        RequestConverters.EndpointBuilder builder = new RequestConverters.EndpointBuilder();
+        builder.addPathPartAsIs("_xpack/security/role_mapping");
+        if (getRoleMappingRequest.getRoleMappingNames().size() > 0) {
+            builder.addPathPart(Strings.collectionToCommaDelimitedString(getRoleMappingRequest.getRoleMappingNames()));
+        }
+        return new Request(HttpGet.METHOD_NAME, builder.build());
+    }
+
     static Request enableUser(EnableUserRequest enableUserRequest) {
         return setUserEnabled(enableUserRequest);
     }
 
@@ -0,0 +1,153 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
+import org.elasticsearch.client.security.support.expressiondsl.parser.RoleMapperExpressionParser;
+import org.elasticsearch.common.ParseField;
+import org.elasticsearch.common.xcontent.ConstructingObjectParser;
+import org.elasticsearch.common.xcontent.ObjectParser;
+import org.elasticsearch.common.xcontent.XContentParser;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import static org.elasticsearch.common.xcontent.ConstructingObjectParser.constructorArg;
+
+/**
+ * A representation of a single role-mapping.
+ *
+ * @see RoleMapperExpression
+ * @see RoleMapperExpressionParser
+ */
+public final class ExpressionRoleMapping {
+
+    @SuppressWarnings("unchecked")
+    static final ConstructingObjectParser<ExpressionRoleMapping, String> PARSER = new ConstructingObjectParser<>("role-mapping", true,
+            (args, name) -> new ExpressionRoleMapping(name, (RoleMapperExpression) args[0], (List<String>) args[1],
+                    (Map<String, Object>) args[2], (boolean) args[3]));
+
+    static {
+        PARSER.declareField(constructorArg(), (parser, context) -> RoleMapperExpressionParser.fromXContent(parser), Fields.RULES,
+                ObjectParser.ValueType.OBJECT);
+        PARSER.declareStringArray(constructorArg(), Fields.ROLES);
+        PARSER.declareField(constructorArg(), XContentParser::map, Fields.METADATA, ObjectParser.ValueType.OBJECT);
+        PARSER.declareBoolean(constructorArg(), Fields.ENABLED);
+    }
+
+    private final String name;
+    private final RoleMapperExpression expression;
+    private final List<String> roles;
+    private final Map<String, Object> metadata;
+    private final boolean enabled;
+
+    /**
+     * Constructor for role mapping
+     *
+     * @param name role mapping name
+     * @param expr {@link RoleMapperExpression} Expression used for role mapping
+     * @param roles list of roles to be associated with the user
+     * @param metadata metadata that helps to identify which roles are assigned
+     * to the user
+     * @param enabled a flag when {@code true} signifies the role mapping is active
+     */
+    public ExpressionRoleMapping(final String name, final RoleMapperExpression expr, final List<String> roles,
+            final Map<String, Object> metadata, boolean enabled) {
+        this.name = name;
+        this.expression = expr;
+        this.roles = Collections.unmodifiableList(roles);
+        this.metadata = (metadata == null) ? Collections.emptyMap() : Collections.unmodifiableMap(metadata);
+        this.enabled = enabled;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public RoleMapperExpression getExpression() {
+        return expression;
+    }
+
+    public List<String> getRoles() {
+        return roles;
+    }
+
+    public Map<String, Object> getMetadata() {
+        return metadata;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + (enabled ? 1231 : 1237);
+        result = prime * result + ((expression == null) ? 0 : expression.hashCode());
+        result = prime * result + ((metadata == null) ? 0 : metadata.hashCode());
+        result = prime * result + ((name == null) ? 0 : name.hashCode());
+        result = prime * result + ((roles == null) ? 0 : roles.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        final ExpressionRoleMapping other = (ExpressionRoleMapping) obj;
+        if (enabled != other.enabled)
+            return false;
+        if (expression == null) {
+            if (other.expression != null)
+                return false;
+        } else if (!expression.equals(other.expression))
+            return false;
+        if (metadata == null) {
+            if (other.metadata != null)
+                return false;
+        } else if (!metadata.equals(other.metadata))
+            return false;
+        if (name == null) {
+            if (other.name != null)
+                return false;
+        } else if (!name.equals(other.name))
+            return false;
+        if (roles == null) {
+            if (other.roles != null)
+                return false;
+        } else if (!roles.equals(other.roles))
+            return false;
+        return true;
+    }
+
+    public interface Fields {
+        ParseField ROLES = new ParseField("roles");
+        ParseField ENABLED = new ParseField("enabled");
+        ParseField RULES = new ParseField("rules");
+        ParseField METADATA = new ParseField("metadata");
+    }
+}
@@ -0,0 +1,68 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.Validatable;
+import org.elasticsearch.common.util.set.Sets;
+
+import java.util.Collections;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * Request object to get role mappings
+ */
+public final class GetRoleMappingsRequest implements Validatable {
+    private final Set<String> roleMappingNames;
+
+    public GetRoleMappingsRequest(final String... roleMappingNames) {
+        if (roleMappingNames != null) {
+           this.roleMappingNames = Collections.unmodifiableSet(Sets.newHashSet(roleMappingNames));
+        } else {
+           this.roleMappingNames = Collections.emptySet();
+        }
+    }
+
+    public Set<String> getRoleMappingNames() {
+        return roleMappingNames;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(roleMappingNames);
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final GetRoleMappingsRequest other = (GetRoleMappingsRequest) obj;
+
+        return Objects.equals(roleMappingNames, other.roleMappingNames);
+    }
+
+}
@@ -0,0 +1,70 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.common.xcontent.XContentParser;
+import org.elasticsearch.common.xcontent.XContentParserUtils;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Get role mappings response
+ */
+public final class GetRoleMappingsResponse {
+
+    private final List<ExpressionRoleMapping> mappings;
+
+    public GetRoleMappingsResponse(List<ExpressionRoleMapping> mappings) {
+        this.mappings = Collections.unmodifiableList(mappings);
+    }
+
+    public List<ExpressionRoleMapping> getMappings() {
+        return mappings;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        final GetRoleMappingsResponse that = (GetRoleMappingsResponse) o;
+        return this.mappings.equals(that.mappings);
+    }
+
+    @Override
+    public int hashCode() {
+        return mappings.hashCode();
+    }
+
+    public static GetRoleMappingsResponse fromXContent(XContentParser parser) throws IOException {
+        final List<ExpressionRoleMapping> roleMappings = new ArrayList<>();
+
+        XContentParserUtils.ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.nextToken(), parser::getTokenLocation);
+        XContentParser.Token token;
+        while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
+            XContentParserUtils.ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser::getTokenLocation);
+            roleMappings.add(ExpressionRoleMapping.PARSER.parse(parser, parser.currentName()));
+        }
+
+        return new GetRoleMappingsResponse(roleMappings);
+    }
+}
@@ -45,6 +45,18 @@
 public final class RoleMapperExpressionParser {
     public static final ParseField FIELD = new ParseField("field");
 
+    public static RoleMapperExpression fromXContent(final XContentParser parser) throws IOException {
+        return new RoleMapperExpressionParser().parse("rules", parser);
+    }
+
+    /**
+     * This function exists to be compatible with
+     * {@link org.elasticsearch.common.xcontent.ContextParser#parse(XContentParser, Object)}
+     */
+    public static RoleMapperExpression parseObject(XContentParser parser, String id) throws IOException {
+        return new RoleMapperExpressionParser().parse(id, parser);
+    }
+
     /**
      * @param name The name of the expression tree within its containing object.
      * Used to provide descriptive error messages.