Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HLRC] Add support for get roles API #35787

Merged
merged 16 commits into from
Nov 26, 2018
Merged

[HLRC] Add support for get roles API #35787

merged 16 commits into from
Nov 26, 2018

Conversation

jkakavas
Copy link
Member

This commits adds support for the Get Roles API to the HLRC

Relates: #29827

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

bizybot
bizybot approved these changes Nov 22, 2018
View reviewed changes
Copy link
Contributor

@bizybot bizybot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, few comments once addressed, good to go. Thank you.

client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRolesResponse.java Show resolved Hide resolved
docs/java-rest/high-level/security/get-roles.asciidoc Show resolved Hide resolved
docs/java-rest/high-level/security/get-roles.asciidoc Outdated Show resolved Hide resolved
...high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java Outdated Show resolved Hide resolved
@jkakavas
Copy link
Member Author

Thanks for the feedback @bizybot

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java Outdated
@@ -407,6 +409,35 @@ public DeleteRoleMappingResponse deleteRoleMapping(DeleteRoleMappingRequest requ
DeleteRoleMappingResponse::fromXContent, emptySet());
}

/**
* Retrieves roles in the native realm.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO s/native realm/native roles store/
(I know this comment uses the lingo from the docs)

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java Outdated
builder.addPathPart(Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()));
}
return new Request(HttpGet.METHOD_NAME, builder.build());

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: extra line

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRolesRequest.java Outdated
import java.util.Set;

/**
* Request object to retrieve roles from the security index
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO s/security index/native roles store

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRolesResponse.java Outdated
XContentParser.Token token;
while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
XContentParserUtils.ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser::getTokenLocation);
roles.add(Role.PARSER.parse(parser, null));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we lose the role name here. The Role should have a name.
For this, the Role#fromXContent could have a name parameter and be called here ; and not implement ToXContentObject (PutRole would build the XContent).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, I agree to have optional name parameter to Role#fromXContent (the javadocs for the Role will need an update)

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
...nt/rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java Outdated
@@ -79,6 +81,7 @@
PARSER.declareFieldArray(optionalConstructorArg(), ApplicationResourcePrivileges.PARSER, APPLICATIONS, ValueType.OBJECT_ARRAY);
PARSER.declareStringArray(optionalConstructorArg(), RUN_AS);
PARSER.declareObject(constructorArg(), (parser, c) -> parser.map(), METADATA);
PARSER.declareObject(optionalConstructorArg(), (parser, c) -> parser.map(), TRANSIENT_METADATA);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a difference between metadata and transient_metadata ? If not I would make them both either optionalConstructorArg (cautious) or constructorArg (confident) :)

albertzaharovits
albertzaharovits requested changes Nov 23, 2018
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have recommended that the Role have a name despite the idiosyncratic Response making it hard.
From the client perspective, it's cumbersome to manipulate a list of roles, from the response, in the order of the role names that have been requested. I would argue that returning a Collection with Roles having a name as attribute follows closer the encapsulation precept.

albertzaharovits
albertzaharovits approved these changes Nov 23, 2018
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Only fished the nits of the nits. These are totally optional.

Thanks for tackling this before put role! 🎩

...nt/rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java Outdated Show resolved Hide resolved
client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java Outdated Show resolved Hide resolved
...nt/rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java Show resolved Hide resolved
@jkakavas
Copy link
Member Author

@elasticmachine run the gradle build tests 1

@jkakavas
Copy link
Member Author 

23:41:29   1> [0030-11-25T14:41:24,539][ERROR][o.e.d.z.ZenDiscovery     ] [node_t0] unexpected exception while failing [master {node_t1}{BEVzq4gKQS64P6VHKriI8w}{zNOAkJu0SVKiSbw9ZL1Vfg}{127.0.0.1}{127.0.0.1:39245} committed version [3]]
23:41:29   1> java.lang.IllegalArgumentException: can't resolve failed cluster state with uuid [pUMf5_JaTfWkxYQpiownGw], version [3]
23:41:29   1> 	at org.elasticsearch.discovery.zen.PendingClusterStatesQueue.markAsFailed(PendingClusterStatesQueue.java:110) ~[main/:?]
23:41:29   1> 	at org.elasticsearch.discovery.zen.ZenDiscovery$3.onFailure(ZenDiscovery.java:817) [main/:?]
23:41:29   1> 	at org.elasticsearch.discovery.zen.ZenDiscovery$3.onSuccess(ZenDiscovery.java:807) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService$SafeClusterApplyListener.onSuccess(ClusterApplierService.java:524) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:476) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:418) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:162) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:627) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:244) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:207) [main/:?]
23:41:29   1> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
23:41:29   1> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
23:41:29   1> 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]
23:41:29   1> 	Suppressed: java.lang.IllegalStateException: can't resolve processed cluster state with uuid [pUMf5_JaTfWkxYQpiownGw], version [3]
23:41:29   1> 		at org.elasticsearch.discovery.zen.PendingClusterStatesQueue.markAsProcessed(PendingClusterStatesQueue.java:147) ~[main/:?]
23:41:29   1> 		at org.elasticsearch.discovery.zen.ZenDiscovery$3.onSuccess(ZenDiscovery.java:805) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService$SafeClusterApplyListener.onSuccess(ClusterApplierService.java:524) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:476) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:418) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:162) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:627) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:244) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:207) [main/:?]
23:41:29   1> 		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
23:41:29   1> 		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
23:41:29   1> 		at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]

@elasticmachine run the gradle build tests 1

@jkakavas jkakavas merged commit 8daa854 into elastic:master Nov 26, 2018
jkakavas added a commit that referenced this pull request Nov 26, 2018
@jkakavas
[HLRC] Add support for get roles API (#35787)
fa04714 
This commits adds support for the Get Roles API to the HLRC

Relates: #29827
@jkakavas jkakavas deleted the hlrc-get-roles branch November 26, 2018 10:00
@tomcallahan tomcallahan added >enhancement and removed :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC labels Dec 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bizybot bizybot bizybot approved these changes

@albertzaharovits albertzaharovits albertzaharovits approved these changes

Assignees
No one assigned
Labels
>enhancement v6.6.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jkakavas @elasticmachine @bizybot @albertzaharovits @colings86 @tomcallahan