putrolemapping

package
v9.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Create or update role mappings.

Role mappings define which roles are assigned to each user. Each mapping has rules that identify users and a list of roles that are granted to those users. The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.

NOTE: This API does not create roles. Rather, it maps users to existing roles. Roles can be created by using the create or update roles API or roles files.

**Role templates**

The most common use for role mappings is to create a mapping from a known value on the user to a fixed role name. For example, all users in the `cn=admin,dc=example,dc=com` LDAP group should be given the superuser role in Elasticsearch. The `roles` field is used for this purpose.

For more complex needs, it is possible to use Mustache templates to dynamically determine the names of the roles that should be granted to the user. The `role_templates` field is used for this purpose.

NOTE: To use role templates successfully, the relevant scripting feature must be enabled. Otherwise, all attempts to create a role mapping with role templates fail.

All of the user fields that are available in the role mapping rules are also available in the role templates. Thus it is possible to assign a user to a role that reflects their username, their groups, or the name of the realm to which they authenticated.

By default a template is evaluated to produce a single string that is the name of the role which should be assigned to the user. If the format of the template is set to "json" then the template is expected to produce a JSON string or an array of JSON strings for the role names.

Index

Constants

This section is empty.

Variables

View Source 
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions

This section is empty.

Types

type NewPutRoleMapping 

type NewPutRoleMapping func(name string) *PutRoleMapping

NewPutRoleMapping type alias for index.

func NewPutRoleMappingFunc 

func NewPutRoleMappingFunc(tp elastictransport.Interface) NewPutRoleMapping

NewPutRoleMappingFunc returns a new instance of PutRoleMapping with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type PutRoleMapping 

type PutRoleMapping struct {
	// contains filtered or unexported fields
}

func New 

func New(tp elastictransport.Interface) *PutRoleMapping

Create or update role mappings.

Role mappings define which roles are assigned to each user. Each mapping has rules that identify users and a list of roles that are granted to those users. The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.

NOTE: This API does not create roles. Rather, it maps users to existing roles. Roles can be created by using the create or update roles API or roles files.

**Role templates**

The most common use for role mappings is to create a mapping from a known value on the user to a fixed role name. For example, all users in the `cn=admin,dc=example,dc=com` LDAP group should be given the superuser role in Elasticsearch. The `roles` field is used for this purpose.

For more complex needs, it is possible to use Mustache templates to dynamically determine the names of the roles that should be granted to the user. The `role_templates` field is used for this purpose.

NOTE: To use role templates successfully, the relevant scripting feature must be enabled. Otherwise, all attempts to create a role mapping with role templates fail.

All of the user fields that are available in the role mapping rules are also available in the role templates. Thus it is possible to assign a user to a role that reflects their username, their groups, or the name of the realm to which they authenticated.

By default a template is evaluated to produce a single string that is the name of the role which should be assigned to the user. If the format of the template is set to "json" then the template is expected to produce a JSON string or an array of JSON strings for the role names.

https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-security-put-role-mapping

func (PutRoleMapping) Do 

func (r PutRoleMapping) Do(providedCtx context.Context) (*Response, error)

Do runs the request through the transport, handle the response and returns a putrolemapping.Response

func (*PutRoleMapping) Enabled 

func (r *PutRoleMapping) Enabled(enabled bool) *PutRoleMapping

Mappings that have `enabled` set to `false` are ignored when role mapping is performed. API name: enabled

func (*PutRoleMapping) ErrorTrace 

func (r *PutRoleMapping) ErrorTrace(errortrace bool) *PutRoleMapping

ErrorTrace When set to `true` Elasticsearch will include the full stack trace of errors when they occur. API name: error_trace

func (*PutRoleMapping) FilterPath 

func (r *PutRoleMapping) FilterPath(filterpaths ...string) *PutRoleMapping

FilterPath Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch. API name: filter_path

func (*PutRoleMapping) Header 

func (r *PutRoleMapping) Header(key, value string) *PutRoleMapping

Header set a key, value pair in the PutRoleMapping headers map.

func (*PutRoleMapping) HttpRequest 

func (r *PutRoleMapping) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*PutRoleMapping) Human 

func (r *PutRoleMapping) Human(human bool) *PutRoleMapping

Human When set to `true` will return statistics in a format suitable for humans. For example `"exists_time": "1h"` for humans and `"eixsts_time_in_millis": 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines. API name: human

func (*PutRoleMapping) Metadata 

func (r *PutRoleMapping) Metadata(metadata types.MetadataVariant) *PutRoleMapping

Additional metadata that helps define which roles are assigned to each user. Within the metadata object, keys beginning with `_` are reserved for system usage. API name: metadata

func (PutRoleMapping) Perform 

func (r PutRoleMapping) Perform(providedCtx context.Context) (*http.Response, error)

Perform runs the http.Request through the provided transport and returns an http.Response.

func (*PutRoleMapping) Pretty 

func (r *PutRoleMapping) Pretty(pretty bool) *PutRoleMapping

Pretty If set to `true` the returned JSON will be "pretty-formatted". Only use this option for debugging only. API name: pretty

func (*PutRoleMapping) Raw 

func (r *PutRoleMapping) Raw(raw io.Reader) *PutRoleMapping

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*PutRoleMapping) Refresh 

func (r *PutRoleMapping) Refresh(refresh refresh.Refresh) *PutRoleMapping

Refresh If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. API name: refresh

func (*PutRoleMapping) Request 

func (r *PutRoleMapping) Request(req *Request) *PutRoleMapping

Request allows to set the request property with the appropriate payload.

func (*PutRoleMapping) RoleTemplates 

func (r *PutRoleMapping) RoleTemplates(roletemplates ...types.RoleTemplateVariant) *PutRoleMapping

A list of Mustache templates that will be evaluated to determine the roles names that should granted to the users that match the role mapping rules. Exactly one of `roles` or `role_templates` must be specified. API name: role_templates

func (*PutRoleMapping) Roles 

func (r *PutRoleMapping) Roles(roles ...string) *PutRoleMapping

A list of role names that are granted to the users that match the role mapping rules. Exactly one of `roles` or `role_templates` must be specified. API name: roles

func (*PutRoleMapping) Rules 

func (r *PutRoleMapping) Rules(rules types.RoleMappingRuleVariant) *PutRoleMapping

The rules that determine which users should be matched by the mapping. A rule is a logical condition that is expressed by using a JSON DSL. API name: rules

func (*PutRoleMapping) RunAs 

func (r *PutRoleMapping) RunAs(runas ...string) *PutRoleMapping

API name: run_as

type Request 

type Request struct {

	// Enabled Mappings that have `enabled` set to `false` are ignored when role mapping is
	// performed.
	Enabled *bool `json:"enabled,omitempty"`
	// Metadata Additional metadata that helps define which roles are assigned to each user.
	// Within the metadata object, keys beginning with `_` are reserved for system
	// usage.
	Metadata types.Metadata `json:"metadata,omitempty"`
	// RoleTemplates A list of Mustache templates that will be evaluated to determine the roles
	// names that should granted to the users that match the role mapping rules.
	// Exactly one of `roles` or `role_templates` must be specified.
	RoleTemplates []types.RoleTemplate `json:"role_templates,omitempty"`
	// Roles A list of role names that are granted to the users that match the role
	// mapping rules.
	// Exactly one of `roles` or `role_templates` must be specified.
	Roles []string `json:"roles,omitempty"`
	// Rules The rules that determine which users should be matched by the mapping.
	// A rule is a logical condition that is expressed by using a JSON DSL.
	Rules *types.RoleMappingRule `json:"rules,omitempty"`
	RunAs []string               `json:"run_as,omitempty"`
}

Request holds the request body struct for the package putrolemapping

https://github.com/elastic/elasticsearch-specification/blob/52c473efb1fb5320a5bac12572d0b285882862fb/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L103

func NewRequest 

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON 

func (r *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

func (*Request) UnmarshalJSON 

func (s *Request) UnmarshalJSON(data []byte) error

type Response 

type Response struct {
	Created     *bool               `json:"created,omitempty"`
	RoleMapping types.CreatedStatus `json:"role_mapping"`
}

Response holds the response body struct for the package putrolemapping

https://github.com/elastic/elasticsearch-specification/blob/52c473efb1fb5320a5bac12572d0b285882862fb/specification/security/put_role_mapping/SecurityPutRoleMappingResponse.ts#L22-L24

func NewResponse 

func NewResponse() *Response

NewResponse returns a Response

Source Files

View all Source files
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
close