Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spec for the new Query Role API #2676

Merged
merged 6 commits into from
Jul 9, 2024
Merged

Spec for the new Query Role API #2676

merged 6 commits into from
Jul 9, 2024

Conversation

albertzaharovits
Copy link
Contributor

The rest specs for the new query role API in 8.15 elastic/elasticsearch#108733 .
The docs for it are at elastic/elasticsearch#110473 .

@@ -52,6 +52,7 @@ export class RoleDescriptor {
* @doc_id run-as-privilege
*/
run_as?: string[]
description?: string
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not related to the new API.
Role Descriptors have a description field since elastic/elasticsearch#107088 .


/**
* Retrieves roles in a paginated manner. You can optionally filter the results with a query.
* @rest_spec_name security.query_role
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note this is singular here query_role, but the specs dir is plural (query_roles).
ES endpoints are singular, eg https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html , but I see it in the specs that the dir is named query_api_keys.

* under the License.
*/

import { RoleAggregationContainer } from './types'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this import should be RoleQueryContainer right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, good catch!

@l-trotta
Copy link
Contributor

l-trotta commented Jul 8, 2024

is there no json spec for this in the server code? we cannot validate this nor generate the output without that at the moment nevermind it's because of the plural thing, @albertzaharovits the endpoint names should all match, like query_api_keys is plural everywhere. I'd change everything to be query_role (so just the folder should be changed)

@albertzaharovits
Copy link
Contributor Author

Thanks @l-trotta . I've addressed your review. Please take another look.

@l-trotta
Copy link
Contributor

l-trotta commented Jul 8, 2024

following what the validator is saying, description should also be added as property to RoleDescriptorRead

Copy link
Contributor

github-actions bot commented Jul 8, 2024

Following you can find the validation results for the APIs you have changed.

API Status Request Response
security.activate_user_profile 🟢 9/9 9/9
security.authenticate 🟢 30/30 30/30
security.bulk_delete_role 🟠 Missing type Missing type
security.bulk_put_role 🟠 Missing type Missing type
security.bulk_update_api_keys 🟠 Missing type Missing type
security.change_password 🟢 9/9 9/9
security.clear_api_key_cache 🟢 13/13 13/13
security.clear_cached_privileges 🟢 3/3 3/3
security.clear_cached_realms 🟢 1/1 1/1
security.clear_cached_roles 🟢 2/2 2/2
security.clear_cached_service_tokens 🟢 4/4 4/4
security.create_api_key 🔴 67/69 60/60
security.create_cross_cluster_api_key 🟠 Missing type Missing type
security.create_service_token 🟢 3/3 3/3
security.delete_privileges 🟢 6/6 6/6
security.delete_role_mapping 🟢 9/9 9/9
security.delete_role 🟢 8/8 8/8
security.delete_service_token Missing test Missing test
security.delete_user 🟢 9/9 9/9
security.disable_user_profile 🟢 1/1 1/1
security.disable_user 🟢 3/3 3/3
security.enable_user_profile 🟢 1/1 1/1
security.enable_user 🟢 4/4 4/4
security.enroll_kibana Missing test Missing test
security.enroll_node Missing test Missing test
security.get_api_key 🔴 38/38 15/38
security.get_builtin_privileges 🔴 2/2 1/2
security.get_privileges 🟢 12/12 12/12
security.get_role_mapping 🔴 18/18 10/18
security.get_role 🔴 24/24 21/24
security.get_service_accounts Missing test Missing test
security.get_service_credentials 🟢 1/1 1/1
security.get_settings 🟠 Missing type Missing type
security.get_token 🟢 25/25 24/24
security.get_user_privileges 🔴 8/8 7/8
security.get_user_profile 🟢 8/8 8/8
security.get_user 🟢 25/25 25/25
security.grant_api_key 🟢 7/7 7/7
security.has_privileges_user_profile 🟢 3/3 3/3
security.has_privileges 🟢 24/24 24/24
security.invalidate_api_key 🟢 12/12 12/12
security.invalidate_token 🟢 11/11 11/11
security.oidc_authenticate 🟠 Missing type Missing type
security.oidc_logout 🟠 Missing type Missing type
security.oidc_prepare_authentication 🟠 Missing type Missing type
security.put_privileges 🟢 10/10 10/10
security.put_role_mapping 🔴 2/11 11/11
security.put_role 🔴 38/40 39/39
security.put_user 🟢 49/49 48/48
security.query_api_keys 🔴 14/14 1/14
security.query_role 🔴 3/3 0/3
security.query_user 🟠 Missing type Missing type
security.saml_authenticate Missing test Missing test
security.saml_complete_logout Missing test Missing test
security.saml_invalidate Missing test Missing test
security.saml_logout Missing test Missing test
security.saml_prepare_authentication Missing test Missing test
security.saml_service_provider_metadata Missing test Missing test
security.suggest_user_profiles 🟢 1/1 1/1
security.update_api_key 🟢 5/5 5/5
security.update_cross_cluster_api_key 🟠 Missing type Missing type
security.update_settings 🟠 Missing type Missing type
security.update_user_profile_data 🟢 1/1 1/1

You can validate these APIs yourself by using the make validate target.

@l-trotta
Copy link
Contributor

l-trotta commented Jul 9, 2024

we're missing the name field from the query role response, should it be added in QueryRole? because in the server I see that's in RoleDescriptor, but then when that class is deserialized the name is usually lifted in the response map

Copy link
Contributor

github-actions bot commented Jul 9, 2024

Following you can find the validation results for the APIs you have changed.

API Status Request Response
security.activate_user_profile 🟢 9/9 9/9
security.authenticate 🟢 30/30 30/30
security.bulk_delete_role 🟠 Missing type Missing type
security.bulk_put_role 🟠 Missing type Missing type
security.bulk_update_api_keys 🟠 Missing type Missing type
security.change_password 🟢 9/9 9/9
security.clear_api_key_cache 🟢 13/13 13/13
security.clear_cached_privileges 🟢 3/3 3/3
security.clear_cached_realms 🟢 1/1 1/1
security.clear_cached_roles 🟢 2/2 2/2
security.clear_cached_service_tokens 🟢 4/4 4/4
security.create_api_key 🔴 67/69 60/60
security.create_cross_cluster_api_key 🟠 Missing type Missing type
security.create_service_token 🟢 3/3 3/3
security.delete_privileges 🟢 6/6 6/6
security.delete_role_mapping 🟢 9/9 9/9
security.delete_role 🟢 8/8 8/8
security.delete_service_token Missing test Missing test
security.delete_user 🟢 9/9 9/9
security.disable_user_profile 🟢 1/1 1/1
security.disable_user 🟢 3/3 3/3
security.enable_user_profile 🟢 1/1 1/1
security.enable_user 🟢 4/4 4/4
security.enroll_kibana Missing test Missing test
security.enroll_node Missing test Missing test
security.get_api_key 🔴 38/38 15/38
security.get_builtin_privileges 🔴 2/2 1/2
security.get_privileges 🟢 12/12 12/12
security.get_role_mapping 🔴 18/18 10/18
security.get_role 🔴 24/24 21/24
security.get_service_accounts Missing test Missing test
security.get_service_credentials 🟢 1/1 1/1
security.get_settings 🟠 Missing type Missing type
security.get_token 🟢 25/25 24/24
security.get_user_privileges 🔴 8/8 7/8
security.get_user_profile 🟢 8/8 8/8
security.get_user 🟢 25/25 25/25
security.grant_api_key 🟢 7/7 7/7
security.has_privileges_user_profile 🟢 3/3 3/3
security.has_privileges 🟢 24/24 24/24
security.invalidate_api_key 🟢 12/12 12/12
security.invalidate_token 🟢 11/11 11/11
security.oidc_authenticate 🟠 Missing type Missing type
security.oidc_logout 🟠 Missing type Missing type
security.oidc_prepare_authentication 🟠 Missing type Missing type
security.put_privileges 🟢 10/10 10/10
security.put_role_mapping 🔴 2/11 11/11
security.put_role 🔴 38/40 39/39
security.put_user 🟢 49/49 48/48
security.query_api_keys 🔴 14/14 1/14
security.query_role 🟢 3/3 3/3
security.query_user 🟠 Missing type Missing type
security.saml_authenticate Missing test Missing test
security.saml_complete_logout Missing test Missing test
security.saml_invalidate Missing test Missing test
security.saml_logout Missing test Missing test
security.saml_prepare_authentication Missing test Missing test
security.saml_service_provider_metadata Missing test Missing test
security.suggest_user_profiles 🟢 1/1 1/1
security.update_api_key 🟢 5/5 5/5
security.update_cross_cluster_api_key 🟠 Missing type Missing type
security.update_settings 🟠 Missing type Missing type
security.update_user_profile_data 🟢 1/1 1/1

You can validate these APIs yourself by using the make validate target.

@l-trotta l-trotta merged commit e021a35 into main Jul 9, 2024
6 checks passed
@l-trotta l-trotta deleted the query-roles-specs branch July 9, 2024 15:26
Copy link
Contributor

github-actions bot commented Jul 9, 2024

The backport to 8.15 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-8.15 8.15
# Navigate to the new working tree
cd .worktrees/backport-8.15
# Create a new branch
git switch --create backport-2676-to-8.15
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e021a35cc234a48828c43e61621ad2c6e99ea625
# Push it to GitHub
git push --set-upstream origin backport-2676-to-8.15
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-8.15

Then, create a pull request where the base branch is 8.15 and the compare/head branch is backport-2676-to-8.15.

@albertzaharovits
Copy link
Contributor Author

Thank you for your help on this @l-trotta ! Much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants