Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] Replaced single invalidateApiKey request with the bulk. #87401

Merged
merged 4 commits into from
Jan 7, 2021
Merged

[Alerting] Replaced single invalidateApiKey request with the bulk. #87401

merged 4 commits into from
Jan 7, 2021

Conversation

YulNaumenko
Copy link
Contributor

@YulNaumenko YulNaumenko commented Jan 5, 2021
edited
Loading

Changes introduced based on the adding support to invalidate API keys in a bulk operation.

invalidateApiKey<InvalidateAPIKeyResult>({
          body: { ids: params.ids },
        })

Extended methods invalidate:

/**
   * Tries to invalidate an API keys.
   * @param request Request instance.
   * @param params The params to invalidate an API keys.
   */
  async invalidate(request: KibanaRequest, params: InvalidateAPIKeysParams) {

and invalidateAsInternalUser:

/**
   * Tries to invalidate the API keys by using the internal user.
   * @param params The params to invalidate the API keys.
   */
  async invalidateAsInternalUser(params: InvalidateAPIKeysParams) {
    if (!this.license.isEnabled()) {
      return null;
    }

of x-pack/plugins/security/server/authentication/api_keys/api_keys.ts to support invalidation by multiple ids parameters.
Introduced proper changes in the plugins which are using this API.
Resolves #83224

@YulNaumenko YulNaumenko added Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.12.0 labels Jan 5, 2021
@YulNaumenko YulNaumenko self-assigned this Jan 5, 2021
@YulNaumenko YulNaumenko requested review from a team as code owners January 5, 2021 22:46
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@legrego legrego requested a review from azasypkin January 5, 2021 23:15
azasypkin
azasypkin approved these changes Jan 6, 2021
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with few nits, thanks!

x-pack/plugins/security/server/authentication/api_keys/api_keys.ts Outdated Show resolved Hide resolved
x-pack/plugins/security/server/authentication/api_keys/api_keys.ts Outdated
@@ -253,10 +260,10 @@ export class APIKeys {
}

/**
* Tries to invalidate an API key by using the internal user.
* @param params The params to invalidate an API key.
* Tries to invalidate an API keys by using the internal user.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: would you mind updating the signature/log-messages/etc for invalidate method as well to keep them consistent? I see only one place in fleet that uses invalidate, so hopefully it won't require too much work. But if not, feel free to keep it as is and I'll update it in the follow-up.

ymao1
ymao1 approved these changes Jan 6, 2021
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Left some minor comments about updating the log message and maybe adding a check for whether there are keys to invalidate before calling the bulk invalidate request.

x-pack/plugins/alerts/server/invalidate_pending_api_keys/task.ts Outdated Show resolved Hide resolved
x-pack/plugins/alerts/server/invalidate_pending_api_keys/task.ts Outdated Show resolved Hide resolved
@YulNaumenko YulNaumenko requested a review from a team January 7, 2021 01:48
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Jan 7, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/ingest-management (Team:Ingest Management)

jfsiii
jfsiii reviewed Jan 7, 2021
View reviewed changes
x-pack/plugins/fleet/server/services/api_keys/security.ts Outdated
@@ -64,7 +64,7 @@ export async function authenticate(callCluster: CallESAsCurrentUser) {
}
}

export async function invalidateAPIKey(soClient: SavedObjectsClientContract, id: string) {
export async function invalidateAPIKey(soClient: SavedObjectsClientContract, ids: string[]) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this now accepts ids: string[] I think the function should be pluralized to invalidateAPIKeys

@YulNaumenko YulNaumenko requested a review from jfsiii January 7, 2021 04:00
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Distributable file count

id before after diff
default 47260 48020 +760

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

jfsiii
jfsiii approved these changes Jan 7, 2021
View reviewed changes
Copy link
Contributor

@jfsiii jfsiii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚚 Thanks!

mikecote
mikecote approved these changes Jan 7, 2021
View reviewed changes
Copy link
Contributor

@mikecote mikecote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes in the alerts plugin LGTM!

x-pack/plugins/alerts/server/invalidate_pending_api_keys/task.ts
if (apiKeyIds.length > 0) {
const response = await invalidateAPIKeys({ ids: apiKeyIds }, securityPluginStart);
if (response.apiKeysEnabled === true && response.result.error_count > 0) {
logger.error(`Failed to invalidate API Keys [ids="${apiKeyIds.join(', ')}"]`);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think the intent was to join with double quotes?

Suggested change
logger.error(`Failed to invalidate API Keys [ids="${apiKeyIds.join(', ')}"]`);
logger.error(`Failed to invalidate API Keys [ids="${apiKeyIds.join(", ")}"]`);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TS formatter trying to replace back to a single quotes.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohh I see, I was thinking the quotes were part of the logs, oops. All good.

@YulNaumenko YulNaumenko merged commit 794c6b3 into elastic:master Jan 7, 2021
@YulNaumenko YulNaumenko mentioned this pull request Jan 7, 2021
Merged
@jen-huang jen-huang mentioned this pull request Jan 7, 2021
Closed
YulNaumenko added a commit that referenced this pull request Jan 7, 2021
@YulNaumenko
[7.x] [Alerting] Replaced single invalidateApiKey request with the bu…
3d275fe 
…lk. (#87401) (#87657)

* resolve merge conflicts

* fixed faling tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikecote mikecote mikecote approved these changes

@ymao1 ymao1 ymao1 approved these changes

@azasypkin azasypkin azasypkin approved these changes

@jfsiii jfsiii jfsiii approved these changes

Assignees

@YulNaumenko YulNaumenko

Labels
Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.12.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Alerting] Replace single invalidateApiKey request with the batch
7 participants
@YulNaumenko @elasticmachine @kibanamachine @jfsiii @azasypkin @mikecote @ymao1