-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix FieldRule #2362
Fix FieldRule #2362
Conversation
* `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a few comments, unsure about the non_exhaustive
tag but this seems the way to go. I'll defer to @swallez for confirmation.
Co-authored-by: Laurent Saint-Félix <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Co-authored-by: Laurent Saint-Félix <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fixing this @pquentin. 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the ES code, a field rule is a single key/value pair where the value can be a single scalar value or an array of scalar values. So in theory that should just be type FieldRule = SingleKeyDictionary<String, ScalarValue|ScalarValue[]>
.
However, the approach used in this PR consisting in just adding @non_exhaustive
is the one that limits the breaking changes in strongly typed clients. It will be a bit less easy to use and may allow users to provide arbitrary values and not only scalar values, but that's the tradeoff to limit breaking changes.
We should however add a code comment (and not jsdoc comment that ends up in API docs) explaining this decision. Something like:
// This should have been defined as SingleKeyDictionary<String, ScalarValue|ScalarValue[]>
// However, this was initially defined as a container with a limited number of variants,
// and was later made non_exhaustive to limit breaking changes.
Finally, we should remove realm.name
that was added in this PR. It's very specific and covered by the @non_exhaustive
.
Thanks for the review! Please take another look. |
Following you can find the validation results for the APIs you have changed.
You can validate these APIs yourself by using the |
1 similar comment
Following you can find the validation results for the APIs you have changed.
You can validate these APIs yourself by using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
Closes #2344
This fixes three issues with
FieldRule
:username
can also be a list,realm.name
is the field name, using an intermediaterealm
object leads to a parsing exception,metadata
is not an object: values are of the formmetadata.key = value
.Sources:
POST /_security/role_mapping/<name>
, including complete examplesI only tested in Kibana, as the Python client only exposes
rules
and does not go deeper.Regarding the backports,
realm.name
andmetadata
are unusable today, butusername
is. Should this be separated in two pull requests, so that therealm.name
andmetadata
get backported to 8.12, 8.11 and 7.17?