Skip to content

Make reserved built-in roles queryable #117581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 68 commits into from
Dec 16, 2024
Merged

Make reserved built-in roles queryable #117581

Changes from 1 commit
Commits
Show all changes
68 commits
Select commit Hold shift + click to select a range
73f0307
Make reserved built-in roles queryable
slobodanadamovic Nov 26, 2024
784a922
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Nov 26, 2024
3c78126
export queryable classes
slobodanadamovic Nov 27, 2024
5a1c233
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Nov 28, 2024
252e140
suppress 'this-escape' warning
slobodanadamovic Nov 28, 2024
9bba1aa
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Nov 28, 2024
c3b41ab
introduce a factory interface in order to be able to inject different…
slobodanadamovic Nov 28, 2024
b83410c
export org.elasticsearch.xpack.security.authz.store
slobodanadamovic Nov 28, 2024
cb70eff
allow returning all file role definitions
slobodanadamovic Nov 28, 2024
31b4fb2
mark query roles API as public in serverless
slobodanadamovic Nov 29, 2024
4d6bd57
imports are important
slobodanadamovic Nov 29, 2024
8ca36ad
remove assertion as it's not true in all use cases
slobodanadamovic Nov 29, 2024
7b278e6
remove unused import
slobodanadamovic Nov 29, 2024
8c71c73
test reserved roles are all indexed and cannot be modified via API
slobodanadamovic Dec 2, 2024
58f132e
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 2, 2024
c679261
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 2, 2024
9cae158
document feature flag
slobodanadamovic Dec 2, 2024
57cac14
code cleanup
slobodanadamovic Dec 3, 2024
1330265
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 3, 2024
e821710
test that hash calculation produces consistent hash digest
slobodanadamovic Dec 3, 2024
d27c91b
update log message
slobodanadamovic Dec 3, 2024
9e7076d
simple unit test for reserved roles provider
slobodanadamovic Dec 3, 2024
0e85b77
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 3, 2024
1b56b95
make collections immutable
slobodanadamovic Dec 3, 2024
f35ba07
fix failing test
slobodanadamovic Dec 3, 2024
71ed79b
remove unused import
slobodanadamovic Dec 3, 2024
f4e0292
Update docs/changelog/117581.yaml
slobodanadamovic Dec 3, 2024
d94da64
mark query API as internal for now
slobodanadamovic Dec 3, 2024
ada74e1
mark correct API as internal
slobodanadamovic Dec 3, 2024
2defd9b
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 3, 2024
32d4494
test get reserved roles
slobodanadamovic Dec 3, 2024
ba7541c
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 3, 2024
56d49b3
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Dec 4, 2024
21646f5
remove QueryableBuiltInRolesStore and depend on NativeRolesStore
slobodanadamovic Dec 9, 2024
a229e82
move concrete index name resolution after index gets created
slobodanadamovic Dec 9, 2024
8e551b7
revert changes to QueryRoleIT
slobodanadamovic Dec 9, 2024
c633037
test that bulk delete of built-in roles fails
slobodanadamovic Dec 9, 2024
d4f99f2
log 'expected' errors at info level
slobodanadamovic Dec 9, 2024
8cc05ab
use delegateFailureAndWrap
slobodanadamovic Dec 10, 2024
085755d
sanity check rolesToDelete and rolesToUpsert
slobodanadamovic Dec 10, 2024
c3ee0b5
return empty query result if native roles are disabled
slobodanadamovic Dec 10, 2024
a6bc077
naming nit validateRoles -> allowReservedRoleNames
slobodanadamovic Dec 10, 2024
e12c3e8
trace -> debug
slobodanadamovic Dec 10, 2024
70181d6
change role hashing implementation to hash ordered and flattened JSON…
slobodanadamovic Dec 10, 2024
aa64c4d
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 10, 2024
7dce761
avoid magic numbers in assertion
slobodanadamovic Dec 11, 2024
d400669
introduce a test plugin in order to test reserved roles change
slobodanadamovic Dec 11, 2024
78ea695
ignore javadoc in test plugin
slobodanadamovic Dec 11, 2024
cde5382
test closing and deleting .security index
slobodanadamovic Dec 12, 2024
1b54b5c
imports
slobodanadamovic Dec 12, 2024
f0d4810
wait a bit longer after cluster restart
slobodanadamovic Dec 12, 2024
1b88a5d
move static methods to utility class
slobodanadamovic Dec 12, 2024
fec25ae
better exception handling and code cleanup
slobodanadamovic Dec 13, 2024
a771b52
Merge branch 'main' of github.com:elastic/elasticsearch into sa-query…
slobodanadamovic Dec 13, 2024
1fa03d7
fix logger usage
slobodanadamovic Dec 13, 2024
36f1085
unit test rolesToUpsert and rolesToDelete
slobodanadamovic Dec 13, 2024
5aacc30
wait for the index to be deleted
slobodanadamovic Dec 13, 2024
ac5c837
handle cases when .security index gets deleted in the mean time
slobodanadamovic Dec 13, 2024
9d5982b
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Dec 16, 2024
123c890
switch to LinkedHashSet to keep ordering same as before (when List wa…
slobodanadamovic Dec 16, 2024
ee484b3
validateRoleDescriptors
slobodanadamovic Dec 16, 2024
5cd4e81
deduplicate log messages
slobodanadamovic Dec 16, 2024
7d09bbf
validateRoleNames
slobodanadamovic Dec 16, 2024
ca6485a
test with randomized metadata order
slobodanadamovic Dec 16, 2024
d9f69f7
test no updates with different digests instances
slobodanadamovic Dec 16, 2024
d691466
test no updates needed with randomized role and its copy
slobodanadamovic Dec 16, 2024
8343448
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Dec 16, 2024
a253252
Merge branch 'main' into sa-queryable-built-in-roles
slobodanadamovic Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Merge branch 'main' into sa-queryable-built-in-roles
  • Loading branch information
@slobodanadamovic
slobodanadamovic authored Nov 28, 2024
commit 5a1c233f571d6db24c03ba5685e8893f1088f1ec

This merge commit was added into this branch cleanly.

There are no new changes to show, but you can still view the diff.