Merge remote-tracking branch 'elastic/master' into geosql

Author: imotov

buildSrc/src/main/groovy/org/elasticsearch/gradle/test/ClusterConfiguration.groovy

@@ -110,6 +110,14 @@ class ClusterConfiguration {
         return seedNode.transportUri()
     }
 
+    /**
+     * A closure to call which returns a manually supplied list of unicast seed hosts.
+     */
+    @Input
+    Closure<List<String>> otherUnicastHostAddresses = {
+        Collections.emptyList()
+    }
+
     /**
      * A closure to call before the cluster is considered ready. The closure is passed the node info,
      * as well as a groovy AntBuilder, to enable running ant condition checks. The default wait

buildSrc/src/main/groovy/org/elasticsearch/gradle/test/ClusterFormationTasks.groovy

@@ -715,8 +715,9 @@ class ClusterFormationTasks {
         wait.doLast {
 
             Collection<String> unicastHosts = new HashSet<>()
-            nodes.forEach { otherNode ->
-                String unicastHost = otherNode.config.unicastTransportUri(otherNode, null, project.ant)
+            nodes.forEach { node ->
+                unicastHosts.addAll(node.config.otherUnicastHostAddresses.call())
+                String unicastHost = node.config.unicastTransportUri(node, null, project.ant)
                 if (unicastHost != null) {
                     unicastHosts.addAll(Arrays.asList(unicastHost.split(",")))
                 }

client/benchmark/README.md

@@ -1,7 +1,7 @@
 ### Steps to execute the benchmark
 
-1. Build `client-benchmark-noop-api-plugin` with `gradle :client:client-benchmark-noop-api-plugin:assemble`
-2. Install it on the target host with `bin/elasticsearch-plugin install file:///full/path/to/client-benchmark-noop-api-plugin.zip`
+1. Build `client-benchmark-noop-api-plugin` with `./gradlew :client:client-benchmark-noop-api-plugin:assemble`
+2. Install it on the target host with `bin/elasticsearch-plugin install file:///full/path/to/client-benchmark-noop-api-plugin.zip`.
 3. Start Elasticsearch on the target host (ideally *not* on the machine
 that runs the benchmarks)
 4. Run the benchmark with
@@ -49,7 +49,7 @@ The parameters are all in the `'`s and are in order:
 Example invocation:
 
 ```
-gradlew -p client/benchmark run --args ' rest search localhost geonames {"query":{"match_phrase":{"name":"Sankt Georgen"}}} 500,1000,1100,1200'
+./gradlew -p client/benchmark run --args ' rest search localhost geonames {"query":{"match_phrase":{"name":"Sankt Georgen"}}} 500,1000,1100,1200'
 ```
 
 The parameters are in order:

client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java

@@ -63,7 +63,7 @@ static Request changePassword(ChangePasswordRequest changePasswordRequest) throw
     static Request putUser(PutUserRequest putUserRequest) throws IOException {
         String endpoint = new RequestConverters.EndpointBuilder()
             .addPathPartAsIs("_xpack/security/user")
-            .addPathPart(putUserRequest.getUsername())
+            .addPathPart(putUserRequest.getUser().getUsername())
             .build();
         Request request = new Request(HttpPut.METHOD_NAME, endpoint);
         request.setEntity(createEntity(putUserRequest, REQUEST_BODY_CONTENT_TYPE));

client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutUserRequest.java

@@ -21,15 +21,14 @@
 
 import org.elasticsearch.client.Validatable;
 import org.elasticsearch.client.ValidationException;
+import org.elasticsearch.client.security.user.User;
 import org.elasticsearch.common.CharArrays;
+import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.xcontent.ToXContentObject;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 
 import java.io.IOException;
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 
@@ -38,62 +37,33 @@
  */
 public final class PutUserRequest implements Validatable, ToXContentObject {
 
-    private final String username;
-    private final List<String> roles;
-    private final String fullName;
-    private final String email;
-    private final Map<String, Object> metadata;
-    private final char[] password;
+    private final User user;
+    private final @Nullable char[] password;
     private final boolean enabled;
     private final RefreshPolicy refreshPolicy;
 
     /**
      * Creates a new request that is used to create or update a user in the native realm.
      *
-     * @param username the username of the user to be created or updated
+     * @param user the user to be created or updated
      * @param password the password of the user. The password array is not modified by this class.
      *                 It is the responsibility of the caller to clear the password after receiving
      *                 a response.
-     * @param roles the roles that this user is assigned
-     * @param fullName the full name of the user that may be used for display purposes
-     * @param email the email address of the user
      * @param enabled true if the user is enabled and allowed to access elasticsearch
-     * @param metadata a map of additional user attributes that may be used in templating roles
      * @param refreshPolicy the refresh policy for the request.
      */
-    public PutUserRequest(String username, char[] password, List<String> roles, String fullName, String email, boolean enabled,
-                          Map<String, Object> metadata, RefreshPolicy refreshPolicy) {
-        this.username = Objects.requireNonNull(username, "username is required");
+    public PutUserRequest(User user, @Nullable char[] password, boolean enabled, @Nullable RefreshPolicy refreshPolicy) {
+        this.user = Objects.requireNonNull(user, "user is required, cannot be null");
         this.password = password;
-        this.roles = Collections.unmodifiableList(Objects.requireNonNull(roles, "roles must be specified"));
-        this.fullName = fullName;
-        this.email = email;
         this.enabled = enabled;
-        this.metadata = metadata == null ? Collections.emptyMap() : Collections.unmodifiableMap(metadata);
         this.refreshPolicy = refreshPolicy == null ? RefreshPolicy.getDefault() : refreshPolicy;
     }
 
-    public String getUsername() {
-        return username;
+    public User getUser() {
+        return user;
     }
 
-    public List<String> getRoles() {
-        return roles;
-    }
-
-    public String getFullName() {
-        return fullName;
-    }
-
-    public String getEmail() {
-        return email;
-    }
-
-    public Map<String, Object> getMetadata() {
-        return metadata;
-    }
-
-    public char[] getPassword() {
+    public @Nullable char[] getPassword() {
         return password;
     }
 
@@ -109,29 +79,25 @@ public RefreshPolicy getRefreshPolicy() {
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
-        PutUserRequest that = (PutUserRequest) o;
-        return enabled == that.enabled &&
-            Objects.equals(username, that.username) &&
-            Objects.equals(roles, that.roles) &&
-            Objects.equals(fullName, that.fullName) &&
-            Objects.equals(email, that.email) &&
-            Objects.equals(metadata, that.metadata) &&
-            Arrays.equals(password, that.password) &&
-            refreshPolicy == that.refreshPolicy;
+        final PutUserRequest that = (PutUserRequest) o;
+        return Objects.equals(user, that.user)
+                && Arrays.equals(password, that.password)
+                && enabled == that.enabled
+                && refreshPolicy == that.refreshPolicy;
     }
 
     @Override
     public int hashCode() {
-        int result = Objects.hash(username, roles, fullName, email, metadata, enabled, refreshPolicy);
+        int result = Objects.hash(user, enabled, refreshPolicy);
         result = 31 * result + Arrays.hashCode(password);
         return result;
     }
 
     @Override
     public Optional<ValidationException> validate() {
-        if (metadata != null && metadata.keySet().stream().anyMatch(s -> s.startsWith("_"))) {
+        if (user.getMetadata() != null && user.getMetadata().keySet().stream().anyMatch(s -> s.startsWith("_"))) {
             ValidationException validationException = new ValidationException();
-            validationException.addValidationError("metadata keys may not start with [_]");
+            validationException.addValidationError("user metadata keys may not start with [_]");
             return Optional.of(validationException);
         }
         return Optional.empty();
@@ -140,7 +106,7 @@ public Optional<ValidationException> validate() {
     @Override
     public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
         builder.startObject();
-        builder.field("username", username);
+        builder.field("username", user.getUsername());
         if (password != null) {
             byte[] charBytes = CharArrays.toUtf8Bytes(password);
             try {
@@ -149,18 +115,15 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
                 Arrays.fill(charBytes, (byte) 0);
             }
         }
-        if (roles != null) {
-            builder.field("roles", roles);
-        }
-        if (fullName != null) {
-            builder.field("full_name", fullName);
-        }
-        if (email != null) {
-            builder.field("email", email);
+        builder.field("roles", user.getRoles());
+        if (user.getFullName() != null) {
+            builder.field("full_name", user.getFullName());
         }
-        if (metadata != null) {
-            builder.field("metadata", metadata);
+        if (user.getEmail() != null) {
+            builder.field("email", user.getEmail());
         }
+        builder.field("metadata", user.getMetadata());
+        builder.field("enabled", enabled);
         return builder.endObject();
     }
 }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/user/User.java

@@ -24,38 +24,59 @@
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 
 
 /**
- * An authenticated user
+ * A user to be utilized with security APIs.
+ * Can be an existing authenticated user or it can be a new user to be enrolled to the native realm.
  */
 public final class User {
 
     private final String username;
-    private final Collection<String> roles;
+    private final Set<String> roles;
     private final Map<String, Object> metadata;
     @Nullable private final String fullName;
     @Nullable private final String email;
 
+    /**
+     * Builds the user to be utilized with security APIs.
+     *
+     * @param username the username, also known as the principal, unique for in the scope of a realm
+     * @param roles the roles that this user is assigned
+     * @param metadata a map of additional user attributes that may be used in templating roles
+     * @param fullName the full name of the user that may be used for display purposes
+     * @param email the email address of the user
+     */
     public User(String username, Collection<String> roles, Map<String, Object> metadata, @Nullable String fullName,
             @Nullable String email) {
-        Objects.requireNonNull(username, "`username` cannot be null");
-        Objects.requireNonNull(roles, "`roles` cannot be null. Pass an empty collection instead.");
-        Objects.requireNonNull(roles, "`metadata` cannot be null. Pass an empty map instead.");
-        this.username = username;
-        this.roles = roles;
-        this.metadata = Collections.unmodifiableMap(metadata);
+        this.username = username = Objects.requireNonNull(username, "`username` is required, cannot be null");
+        this.roles = Collections.unmodifiableSet(new HashSet<>(
+                Objects.requireNonNull(roles, "`roles` is required, cannot be null. Pass an empty Collection instead.")));
+        this.metadata = Collections
+                .unmodifiableMap(Objects.requireNonNull(metadata, "`metadata` is required, cannot be null. Pass an empty map instead."));
         this.fullName = fullName;
         this.email = email;
     }
 
+    /**
+     * Builds the user to be utilized with security APIs.
+     *
+     * @param username the username, also known as the principal, unique for in the scope of a realm
+     * @param roles the roles that this user is assigned
+     */
+    public User(String username, Collection<String> roles) {
+        this(username, roles, Collections.emptyMap(), null, null);
+    }
+
     /**
      * @return  The principal of this user - effectively serving as the
      *          unique identity of the user. Can never be {@code null}.
      */
-    public String username() {
+    public String getUsername() {
         return this.username;
     }
 
@@ -64,28 +85,28 @@ public String username() {
      *          identified by their unique names and each represents as
      *          set of permissions. Can never be {@code null}.
      */
-    public Collection<String> roles() {
+    public Set<String> getRoles() {
         return this.roles;
     }
 
     /**
      * @return  The metadata that is associated with this user. Can never be {@code null}.
      */
-    public Map<String, Object> metadata() {
+    public Map<String, Object> getMetadata() {
         return metadata;
     }
 
     /**
      * @return  The full name of this user. May be {@code null}.
      */
-    public @Nullable String fullName() {
+    public @Nullable String getFullName() {
         return fullName;
     }
 
     /**
      * @return  The email of this user. May be {@code null}.
      */
-    public @Nullable String email() {
+    public @Nullable String getEmail() {
         return email;
     }
 
@@ -103,28 +124,14 @@ public String toString() {
 
     @Override
     public boolean equals(Object o) {
-        if (this == o) {
-            return true;
-        }
-        if (o instanceof User == false) {
-            return false;
-        }
-
-        final User user = (User) o;
-
-        if (!username.equals(user.username)) {
-            return false;
-        }
-        if (!roles.equals(user.roles)) {
-            return false;
-        }
-        if (!metadata.equals(user.metadata)) {
-            return false;
-        }
-        if (fullName != null ? !fullName.equals(user.fullName) : user.fullName != null) {
-            return false;
-        }
-        return !(email != null ? !email.equals(user.email) : user.email != null);
+        if (this == o) return true;
+        if (o == null || this.getClass() != o.getClass()) return false;
+        final User that = (User) o;
+        return Objects.equals(username, that.username)
+                && Objects.equals(roles, that.roles)
+                && Objects.equals(metadata, that.metadata)
+                && Objects.equals(fullName, that.fullName)
+                && Objects.equals(email, that.email);
     }
 
     @Override