-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add enabled status for token and api key service #38687
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,13 +22,17 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { | |
private static final String ROLES_XFIELD = "roles"; | ||
private static final String ROLE_MAPPING_XFIELD = "role_mapping"; | ||
private static final String SSL_XFIELD = "ssl"; | ||
private static final String TOKEN_SERVICE_XFIELD = "token_service"; | ||
private static final String API_KEY_SERVICE_XFIELD = "api_key_service"; | ||
private static final String AUDIT_XFIELD = "audit"; | ||
private static final String IP_FILTER_XFIELD = "ipfilter"; | ||
private static final String ANONYMOUS_XFIELD = "anonymous"; | ||
|
||
private Map<String, Object> realmsUsage; | ||
private Map<String, Object> rolesStoreUsage; | ||
private Map<String, Object> sslUsage; | ||
private Map<String, Object> tokenServiceUsage; | ||
private Map<String, Object> apiKeyServiceUsage; | ||
private Map<String, Object> auditUsage; | ||
private Map<String, Object> ipFilterUsage; | ||
private Map<String, Object> anonymousUsage; | ||
|
@@ -39,6 +43,10 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { | |
realmsUsage = in.readMap(); | ||
rolesStoreUsage = in.readMap(); | ||
sslUsage = in.readMap(); | ||
if (in.getVersion().onOrAfter(Version.V_7_1_0)) { | ||
tokenServiceUsage = in.readMap(); | ||
apiKeyServiceUsage = in.readMap(); | ||
} | ||
auditUsage = in.readMap(); | ||
ipFilterUsage = in.readMap(); | ||
if (in.getVersion().before(Version.V_6_0_0_beta1)) { | ||
|
@@ -52,12 +60,15 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { | |
public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, Object> realmsUsage, | ||
Map<String, Object> rolesStoreUsage, Map<String, Object> roleMappingStoreUsage, | ||
Map<String, Object> sslUsage, Map<String, Object> auditUsage, | ||
Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage) { | ||
Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage, | ||
Map<String, Object> tokenServiceUsage, Map<String, Object> apiKeyServiceUsage) { | ||
super(XPackField.SECURITY, available, enabled); | ||
this.realmsUsage = realmsUsage; | ||
this.rolesStoreUsage = rolesStoreUsage; | ||
this.roleMappingStoreUsage = roleMappingStoreUsage; | ||
this.sslUsage = sslUsage; | ||
this.tokenServiceUsage = tokenServiceUsage; | ||
this.apiKeyServiceUsage = apiKeyServiceUsage; | ||
this.auditUsage = auditUsage; | ||
this.ipFilterUsage = ipFilterUsage; | ||
this.anonymousUsage = anonymousUsage; | ||
|
@@ -69,6 +80,8 @@ public void writeTo(StreamOutput out) throws IOException { | |
out.writeMap(realmsUsage); | ||
out.writeMap(rolesStoreUsage); | ||
out.writeMap(sslUsage); | ||
out.writeMap(tokenServiceUsage); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @bizybot I missed this in my review but there is a bug here; we write the map always without checking the version. We need the same guards on both reading and writing There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. True I missed this as well, Thanks for addressing this. |
||
out.writeMap(apiKeyServiceUsage); | ||
out.writeMap(auditUsage); | ||
out.writeMap(ipFilterUsage); | ||
if (out.getVersion().before(Version.V_6_0_0_beta1)) { | ||
|
@@ -87,6 +100,8 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx | |
builder.field(ROLES_XFIELD, rolesStoreUsage); | ||
builder.field(ROLE_MAPPING_XFIELD, roleMappingStoreUsage); | ||
builder.field(SSL_XFIELD, sslUsage); | ||
builder.field(TOKEN_SERVICE_XFIELD, tokenServiceUsage); | ||
builder.field(API_KEY_SERVICE_XFIELD, apiKeyServiceUsage); | ||
builder.field(AUDIT_XFIELD, auditUsage); | ||
builder.field(IP_FILTER_XFIELD, ipFilterUsage); | ||
builder.field(ANONYMOUS_XFIELD, anonymousUsage); | ||
|
@@ -96,4 +111,5 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx | |
public Map<String, Object> getRealmsUsage() { | ||
return Collections.unmodifiableMap(realmsUsage); | ||
} | ||
|
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -96,6 +96,20 @@ public void testUsage() throws Exception { | |
settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled); | ||
final boolean transportSSLEnabled = randomBoolean(); | ||
settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled); | ||
|
||
boolean configureEnabledFlagForTokenAndApiKeyServices = randomBoolean(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it would be best to separate these two services enabled in the test. That way we wouldn't miss a bug that mistakenly reports the wrong value if one service is enabled and the other is not |
||
final boolean tokenServiceEnabled; | ||
final boolean apiKeyServiceEnabled; | ||
if (configureEnabledFlagForTokenAndApiKeyServices) { | ||
tokenServiceEnabled = randomBoolean(); | ||
settings.put("xpack.security.authc.token.enabled", tokenServiceEnabled); | ||
apiKeyServiceEnabled = randomBoolean(); | ||
settings.put("xpack.security.authc.api_key.enabled", apiKeyServiceEnabled); | ||
} else { | ||
tokenServiceEnabled = httpSSLEnabled; | ||
apiKeyServiceEnabled = httpSSLEnabled; | ||
} | ||
|
||
final boolean auditingEnabled = randomBoolean(); | ||
settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled); | ||
final boolean httpIpFilterEnabled = randomBoolean(); | ||
|
@@ -185,6 +199,12 @@ public void testUsage() throws Exception { | |
assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled)); | ||
assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled)); | ||
|
||
// check Token service | ||
assertThat(source.getValue("token_service.enabled"), is(tokenServiceEnabled)); | ||
|
||
// check API Key service | ||
assertThat(source.getValue("api_key_service.enabled"), is(apiKeyServiceEnabled)); | ||
|
||
// auditing | ||
assertThat(source.getValue("audit.enabled"), is(auditingEnabled)); | ||
if (auditingEnabled) { | ||
|
@@ -218,6 +238,8 @@ public void testUsage() throws Exception { | |
} else { | ||
assertThat(source.getValue("realms"), is(nullValue())); | ||
assertThat(source.getValue("ssl"), is(nullValue())); | ||
assertThat(source.getValue("token_service"), is(nullValue())); | ||
assertThat(source.getValue("api_key_service"), is(nullValue())); | ||
assertThat(source.getValue("audit"), is(nullValue())); | ||
assertThat(source.getValue("anonymous"), is(nullValue())); | ||
assertThat(source.getValue("ipfilter"), is(nullValue())); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I got it right should be
Version.CURRENT
and do the dance 😢 : commit to master, change toVersion.V_7_1_0
in the backport commit, disable bwc tests, commit to 7.x, wait for green intake, then change toVersion.V_7_1_0
in the master, and enable bwc tests . If you learn of an easier method lemme know please! I'll admit it, in the past I cut a few corners on this...There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you are right, I have changed this to CURRENT with a TODO, will address it on backport to 7.x.
Thank you for your comment.