Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support updates of API key attributes [service layer] #87924

Merged
merged 113 commits into from
Jun 29, 2022
Merged

Support updates of API key attributes [service layer] #87924

merged 113 commits into from
Jun 29, 2022

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Jun 22, 2022
edited
Loading

Service level implementation to add support for updating attributes of
existing API keys. This allows end-users to modify privileges and
metadata associated with API keys dynamically, without requiring
rolling out new API keys every time there is a change.

Updatable attributes are role_descriptors and metadata. Several
other attributes are updated automatically, on every update call,
including limited_by_role_descriptors, creator, and version. API
key attributes are replaced, not merged.

On every update, the API key doc cache is cleared for the updated API
key.

This PR implements the necessary service layer changes in
ApiKeyService. I will integrate this with the REST and transport
layers in a subsequent PR.

Relates: #87870

Note: labeling >non-issue since I would rather include a >feature
tag and changelog entry on the REST & transport layer PR.

@n1v0lg n1v0lg requested a review from ywangd June 27, 2022 15:46
ywangd
ywangd reviewed Jun 28, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is almost ready. I don't have major points. Other than below comments, I also felt we are a bit light on debug loggings. For example, when the version number gets updated, I think it's worth for a logging message.

...e/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequest.java Outdated Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequest.java Show resolved Hide resolved
.../test/java/org/elasticsearch/xpack/core/security/action/apikey/UpdateApiKeyRequestTests.java Outdated Show resolved Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Outdated Show resolved Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Outdated Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Outdated Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Outdated Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Outdated Show resolved Hide resolved
...ty/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java Outdated Show resolved Hide resolved
@n1v0lg
Copy link
Contributor Author

n1v0lg commented Jun 28, 2022

Build failure is unrelated and tracked here

@n1v0lg n1v0lg requested a review from ywangd June 28, 2022 10:32
@n1v0lg n1v0lg mentioned this pull request Jun 28, 2022
Merged
ywangd
ywangd approved these changes Jun 28, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks for the iterations!

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Outdated Show resolved Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Outdated Show resolved Hide resolved
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java Outdated Show resolved Hide resolved
@n1v0lg
Copy link
Contributor Author

n1v0lg commented Jun 28, 2022

@elasticmachine run elasticsearch-ci/part-1-fips

@n1v0lg n1v0lg merged commit a0c9026 into elastic:master Jun 29, 2022
@n1v0lg n1v0lg deleted the update-api-keys-service-level branch June 29, 2022 10:00
@ywangd ywangd mentioned this pull request Nov 12, 2022
Merged
ywangd added a commit that referenced this pull request Nov 14, 2022
@ywangd
Fix variable placeholder for Strings.format calls (#91531)
7b71c94 
The curly bracket placeholder works for LoggerMessageFormat.format and
ParameterizedMessage.format, but Not for Strings.format which requires
Java's string format syntax. This PR fixes the incorrect usages.

Relates: #86549, #87924
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

@n1v0lg n1v0lg

Labels
>non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@n1v0lg @elasticmachine @ywangd