Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Watcher Account "unsecure" settings #36736

Merged

Conversation

albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented Dec 17, 2018

Removes all the settings for watcher notifications accounts that are dynamic cluster filtered, and have a corresponding secure sibling.
They are deprecated in favor of the sibling that is stored in the keystore.

Some documentation is still pending.

Follow-up on #36403

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-features

Copy link
Contributor

@hub-cap hub-cap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a general question on the PR

throw requiredSettingException(accountName, settingName);
}
value = secureString.toString();
private static String getSetting(String accountName, Settings settings, Setting<SecureString> secureSetting) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like something we could put in Account

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but I think that's a job for another PR (see prev comment)

} else {
return new SecureString(value.toCharArray());
return null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems a bit different from the other getSecureSettings that are in the other *Account classes, and somewhat trappy. Why would we be returning null instead of throwing up like we do in the others? I ask because I hope we can consolidate the functionality into only Account, if thats at all possible, instead of having a method that does this validation in every *Account class.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hub-cap There is no Account base class. Also I tried to touch as less as possible to make reviewing easier. IMO we should be using the SecureSetting from the corresponding Service (EmailService in this case). But I prefer to leave this for another time. WDYT?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds great to me

@albertzaharovits
Copy link
Contributor Author

test this please

1 similar comment
@albertzaharovits
Copy link
Contributor Author

test this please

@albertzaharovits
Copy link
Contributor Author

@hub-cap is this LGTMd or you still need to look into it?

Copy link
Contributor

@hub-cap hub-cap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! sorry about the wait :(

@albertzaharovits
Copy link
Contributor Author

@elasticmachine run elasticsearch-ci-1

@albertzaharovits
Copy link
Contributor Author

run gradle build test 1

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 1

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 2

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 1

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 2

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 1

@albertzaharovits
Copy link
Contributor Author

Hey @hub-cap ,

Apparently I've not adapted the tests, waiting for the reviews (a bad habit I got into), and then forgot about it. I have done it now. It was just grunt work but it was more extensive than I thought it would be.

May I please ask you to cast an eye, maybe it rings some bell, just to be surer I haven't subtly messed smth up.

Nevertheless, I will be crawling through CI...

@albertzaharovits
Copy link
Contributor Author

run gradle build tests 2

@albertzaharovits albertzaharovits merged commit 5308746 into elastic:master Jan 20, 2019
@albertzaharovits albertzaharovits deleted the remove_watcher_secure_settings branch January 20, 2019 10:51
albertzaharovits added a commit that referenced this pull request Jan 20, 2019
Upgrade checks for watcher notifications account
deprecations in #36403 and #36736 .
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Jan 20, 2019
* elastic/master:
  Remove Watcher Account "unsecure" settings (elastic#36736)
  Add cache cleaning task for ML snapshot (elastic#37505)
  Update jdk used by the docker builds (elastic#37621)
  Remove an unused constant in PutMappingRequest.
  Update get users to allow unknown fields (elastic#37593)
  Do not add index event listener if CCR disabled (elastic#37432)
  Add local session timeouts to leader node (elastic#37438)
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Jan 21, 2019
* elastic/master: (104 commits)
  Permission for restricted indices (elastic#37577)
  Remove Watcher Account "unsecure" settings (elastic#36736)
  Add cache cleaning task for ML snapshot (elastic#37505)
  Update jdk used by the docker builds (elastic#37621)
  Remove an unused constant in PutMappingRequest.
  Update get users to allow unknown fields (elastic#37593)
  Do not add index event listener if CCR disabled (elastic#37432)
  Add local session timeouts to leader node (elastic#37438)
  Add some deprecation optimizations (elastic#37597)
  refactor inner geogrid classes to own class files (elastic#37596)
  Remove obsolete deprecation checks (elastic#37510)
  ML: Add support for single bucket aggs in Datafeeds (elastic#37544)
  ML: creating ML State write alias and pointing writes there (elastic#37483)
  Deprecate types in the put mapping API. (elastic#37280)
  [ILM] Add unfollow action (elastic#36970)
  Packaging: Update marker used to allow ELASTIC_PASSWORD (elastic#37243)
  Fix setting openldap realm ssl config
  Document the need for JAVA11_HOME (elastic#37589)
  SQL: fix object extraction from sources (elastic#37502)
  Nit in settings.gradle for Eclipse
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants