Add extensionName() to security extension #79329
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new name() method is added which defaults to the class name of the extension, but can be customized by implementations
tvernum
added
>enhancement
:Security/Security
|
Pinging @elastic/es-security (Team:Security) |
This comment has been minimized.
This comment has been minimized.
tvernum
changed the title
tvernum
commented
Oct 18, 2021
| + "both set an authorization engine"); | ||
| } | ||
| authorizationEngine = extensionEngine; | ||
| extensionName = extension.toString(); |
There was a problem hiding this comment.
This old code was buggy.
If you have 3 extensions "a", "b", "c" and "a" & "b" both return an engine (but "c" doesn't) then the result would depend on the order of the extension list.
- "a" "b" "c" ⇒ exception
- "a" "c" "b" ⇒ return the engine from "b"
Because we set authorizationEngine and extensionName to the current extension in the list, even if that extension didn't return an engine.
ywangd
approved these changes
Oct 18, 2021
| @@ -115,4 +115,8 @@ default AuthenticationFailureHandler getAuthenticationFailureHandler(SecurityCom | |||
| default AuthorizationEngine getAuthorizationEngine(Settings settings) { | |||
| return null; | |||
| } | |||
|
|
|||
| default String extensionName() { | |||
There was a problem hiding this comment.
Nit: why not just name() since the word extension is already part of the class name?
There was a problem hiding this comment.
Because I didn't think it would be as clear to people implementing security extensions what "name" was supposed to be, and what behaviour it should have.
extensionName is self describing
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Outdated
Show resolved
Hide resolved
…ecurity/Security.java Co-authored-by: Yang Wang <[email protected]>
|
FIPS tests are failing for an unrelated reason. Merging this PR while we work on fixing them. |
💔 Backport failed
You can use sqren/backport to manually backport by running |
weizijun
added a commit
to weizijun/elasticsearch
that referenced
this pull request
Oct 19, 2021
* upstream/master: (34 commits) Add extensionName() to security extension (elastic#79329) More robust and consistent allowAll indicesAccessControl (elastic#79415) Fix circuit breaker leak in MultiTerms aggregation (elastic#79362) guard geoline aggregation from parents aggegator that emit empty buckets (elastic#79129) Vector tiles: increase the size of the envelope used to clip geometries (elastic#79030) Revert "[ML] Add queue_capacity setting to start deployment API (elastic#79369)" (elastic#79374) Convert token service license object to LicensedFeature (elastic#79284) [TEST] Fix ShardPathTests for MDP (elastic#79393) Fix fleet search API with no checkpints (elastic#79400) Reduce BWC version for transient settings (elastic#79396) EQL: Rename a test class for eclipse (elastic#79254) Use search_coordination threadpool in field caps (elastic#79378) Use query param instead of a system property for opting in for new cluster health response code (elastic#79351) Add new kNN search endpoint (elastic#79013) Disable BWC tests Convert auditing license object to LicensedFeature (elastic#79280) Update BWC versions after backport of elastic#78551 Enable InstantiatingObjectParser to pass context as a first argument (elastic#79206) Move xcontent filtering tests (elastic#79298) Update links to Fleet/Agent docs (elastic#79303) ...
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Oct 19, 2021
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new extensionName() method is added which defaults to the class name of the extension, but can be customized by implementations Backport of: elastic#79329
elasticsearchmachine
pushed a commit
that referenced
this pull request
Oct 19, 2021
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new extensionName() method is added which defaults to the class name of the extension, but can be customized by implementations Backport of: #79329
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extension loading code needs to know how to refer to an extension at
runtime. It previously used "toString()", but there was no contract
that required that this method be implemented in a meaningful way.
A new
extensionName()method is added which defaults to the class name of theextension, but can be customized by implementations