From d227f8ed054cee3362f8031c35c32ad8f7cff033 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad <902768+bizybot@users.noreply.github.com> Date: Thu, 14 Feb 2019 18:54:20 +1100 Subject: [PATCH] Add enabled status for token and api key service (#38687) Right now there is no way to determine whether the token service or API key service is enabled or not. This commit adds support for the enabled status of token and API key service to the security feature set usage API `/_xpack/usage`. Closes #38535 --- build.gradle | 4 +-- .../security/SecurityFeatureSetUsage.java | 18 ++++++++++++- .../xpack/security/SecurityFeatureSet.java | 18 ++++++++++--- .../security/SecurityFeatureSetTests.java | 26 +++++++++++++++++++ 4 files changed, 60 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index d50801bd207f4..2a75ea9d12dac 100644 --- a/build.gradle +++ b/build.gradle @@ -159,8 +159,8 @@ task verifyVersions { * the enabled state of every bwc task. It should be set back to true * after the backport of the backcompat code is complete. */ -final boolean bwc_tests_enabled = true -final String bwc_tests_disabled_issue = "" /* place a PR link here when committing bwc changes */ +final boolean bwc_tests_enabled = false +final String bwc_tests_disabled_issue = "https://github.com/elastic/elasticsearch/pull/38687" /* place a PR link here when committing bwc changes */ if (bwc_tests_enabled == false) { if (bwc_tests_disabled_issue.isEmpty()) { throw new GradleException("bwc_tests_disabled_issue must be set when bwc_tests_enabled == false") diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java index f615fbd0b5306..a9054f18f5487 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java @@ -22,6 +22,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private static final String ROLES_XFIELD = "roles"; private static final String ROLE_MAPPING_XFIELD = "role_mapping"; private static final String SSL_XFIELD = "ssl"; + private static final String TOKEN_SERVICE_XFIELD = "token_service"; + private static final String API_KEY_SERVICE_XFIELD = "api_key_service"; private static final String AUDIT_XFIELD = "audit"; private static final String IP_FILTER_XFIELD = "ipfilter"; private static final String ANONYMOUS_XFIELD = "anonymous"; @@ -29,6 +31,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private Map realmsUsage; private Map rolesStoreUsage; private Map sslUsage; + private Map tokenServiceUsage; + private Map apiKeyServiceUsage; private Map auditUsage; private Map ipFilterUsage; private Map anonymousUsage; @@ -39,6 +43,10 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { realmsUsage = in.readMap(); rolesStoreUsage = in.readMap(); sslUsage = in.readMap(); + if (in.getVersion().onOrAfter(Version.V_8_0_0)) { // TODO change the version to V_7_1_0 on backporting + tokenServiceUsage = in.readMap(); + apiKeyServiceUsage = in.readMap(); + } auditUsage = in.readMap(); ipFilterUsage = in.readMap(); if (in.getVersion().before(Version.V_6_0_0_beta1)) { @@ -52,12 +60,15 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { public SecurityFeatureSetUsage(boolean available, boolean enabled, Map realmsUsage, Map rolesStoreUsage, Map roleMappingStoreUsage, Map sslUsage, Map auditUsage, - Map ipFilterUsage, Map anonymousUsage) { + Map ipFilterUsage, Map anonymousUsage, + Map tokenServiceUsage, Map apiKeyServiceUsage) { super(XPackField.SECURITY, available, enabled); this.realmsUsage = realmsUsage; this.rolesStoreUsage = rolesStoreUsage; this.roleMappingStoreUsage = roleMappingStoreUsage; this.sslUsage = sslUsage; + this.tokenServiceUsage = tokenServiceUsage; + this.apiKeyServiceUsage = apiKeyServiceUsage; this.auditUsage = auditUsage; this.ipFilterUsage = ipFilterUsage; this.anonymousUsage = anonymousUsage; @@ -69,6 +80,8 @@ public void writeTo(StreamOutput out) throws IOException { out.writeMap(realmsUsage); out.writeMap(rolesStoreUsage); out.writeMap(sslUsage); + out.writeMap(tokenServiceUsage); + out.writeMap(apiKeyServiceUsage); out.writeMap(auditUsage); out.writeMap(ipFilterUsage); if (out.getVersion().before(Version.V_6_0_0_beta1)) { @@ -87,6 +100,8 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx builder.field(ROLES_XFIELD, rolesStoreUsage); builder.field(ROLE_MAPPING_XFIELD, roleMappingStoreUsage); builder.field(SSL_XFIELD, sslUsage); + builder.field(TOKEN_SERVICE_XFIELD, tokenServiceUsage); + builder.field(API_KEY_SERVICE_XFIELD, apiKeyServiceUsage); builder.field(AUDIT_XFIELD, auditUsage); builder.field(IP_FILTER_XFIELD, ipFilterUsage); builder.field(ANONYMOUS_XFIELD, anonymousUsage); @@ -96,4 +111,5 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx public Map getRealmsUsage() { return Collections.unmodifiableMap(realmsUsage); } + } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java index bc79fab0043aa..2e5832d0834e7 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java @@ -29,7 +29,9 @@ import java.util.concurrent.atomic.AtomicReference; import static java.util.Collections.singletonMap; +import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED; +import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED; /** @@ -93,6 +95,8 @@ public Map nativeCodeInfo() { @Override public void usage(ActionListener listener) { Map sslUsage = sslUsage(settings); + Map tokenServiceUsage = tokenServiceUsage(settings); + Map apiKeyServiceUsage = apiKeyServiceUsage(settings); Map auditUsage = auditUsage(settings); Map ipFilterUsage = ipFilterUsage(ipFilter); Map anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings)); @@ -103,9 +107,9 @@ public void usage(ActionListener listener) { final CountDown countDown = new CountDown(3); final Runnable doCountDown = () -> { if (countDown.countDown()) { - listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), - rolesUsageRef.get(), roleMappingUsageRef.get(), - sslUsage, auditUsage, ipFilterUsage, anonymousUsage)); + listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(), + roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage, + apiKeyServiceUsage)); } }; @@ -152,6 +156,14 @@ static Map sslUsage(Settings settings) { return map; } + static Map tokenServiceUsage(Settings settings) { + return singletonMap("enabled", TOKEN_SERVICE_ENABLED_SETTING.get(settings)); + } + + static Map apiKeyServiceUsage(Settings settings) { + return singletonMap("enabled", API_KEY_SERVICE_ENABLED_SETTING.get(settings)); + } + static Map auditUsage(Settings settings) { Map map = new HashMap<>(2); map.put("enabled", XPackSettings.AUDIT_ENABLED.get(settings)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java index a8b2bf4b5350d..146dc78698eca 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java @@ -96,6 +96,24 @@ public void testUsage() throws Exception { settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled); final boolean transportSSLEnabled = randomBoolean(); settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled); + + boolean configureEnabledFlagForTokenService = randomBoolean(); + final boolean tokenServiceEnabled; + if (configureEnabledFlagForTokenService) { + tokenServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.token.enabled", tokenServiceEnabled); + } else { + tokenServiceEnabled = httpSSLEnabled; + } + boolean configureEnabledFlagForApiKeyService = randomBoolean(); + final boolean apiKeyServiceEnabled; + if (configureEnabledFlagForApiKeyService) { + apiKeyServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.api_key.enabled", apiKeyServiceEnabled); + } else { + apiKeyServiceEnabled = httpSSLEnabled; + } + final boolean auditingEnabled = randomBoolean(); settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled); final boolean httpIpFilterEnabled = randomBoolean(); @@ -185,6 +203,12 @@ public void testUsage() throws Exception { assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled)); assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled)); + // check Token service + assertThat(source.getValue("token_service.enabled"), is(tokenServiceEnabled)); + + // check API Key service + assertThat(source.getValue("api_key_service.enabled"), is(apiKeyServiceEnabled)); + // auditing assertThat(source.getValue("audit.enabled"), is(auditingEnabled)); if (auditingEnabled) { @@ -218,6 +242,8 @@ public void testUsage() throws Exception { } else { assertThat(source.getValue("realms"), is(nullValue())); assertThat(source.getValue("ssl"), is(nullValue())); + assertThat(source.getValue("token_service"), is(nullValue())); + assertThat(source.getValue("api_key_service"), is(nullValue())); assertThat(source.getValue("audit"), is(nullValue())); assertThat(source.getValue("anonymous"), is(nullValue())); assertThat(source.getValue("ipfilter"), is(nullValue()));