Skip to content

Commit

Permalink
role descriptor serialization
Browse files Browse the repository at this point in the history
  • Loading branch information
jakelandis committed Apr 12, 2024
1 parent 9cf1c76 commit 229bb42
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.ExceptExpression;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.FieldExpression;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.RoleMapperExpression;
import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissionGroup;
import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissions;
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivileges;
import org.elasticsearch.xpack.core.slm.SLMFeatureSetUsage;
Expand Down Expand Up @@ -158,6 +160,13 @@ public List<NamedWriteableRegistry.Entry> getNamedWriteables() {
new NamedWriteableRegistry.Entry(RoleMapperExpression.class, AnyExpression.NAME, AnyExpression::new),
new NamedWriteableRegistry.Entry(RoleMapperExpression.class, FieldExpression.NAME, FieldExpression::new),
new NamedWriteableRegistry.Entry(RoleMapperExpression.class, ExceptExpression.NAME, ExceptExpression::new),
// security : role descriptors
new NamedWriteableRegistry.Entry(RemoteClusterPermissions.class, RemoteClusterPermissions.NAME, RemoteClusterPermissions::new),
new NamedWriteableRegistry.Entry(
RemoteClusterPermissionGroup.class,
RemoteClusterPermissionGroup.NAME,
RemoteClusterPermissionGroup::new
),
// eql
new NamedWriteableRegistry.Entry(XPackFeatureSet.Usage.class, XPackField.EQL, EqlFeatureSetUsage::new),
// esql
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,9 @@ public void writeTo(StreamOutput out) throws IOException {
if (out.getTransportVersion().onOrAfter(WORKFLOWS_RESTRICTION_VERSION)) {
restriction.writeTo(out);
}
if(out.getTransportVersion().onOrAfter(TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS)) {
remoteClusterPermissions.writeTo(out);
}
}

public static RoleDescriptor parse(String name, BytesReference source, boolean allow2xFormat, XContentType xContentType)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

package org.elasticsearch.xpack.core.security.authz.permission;

import org.elasticsearch.common.io.stream.NamedWriteable;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
Expand All @@ -28,8 +29,9 @@
}
* </code>
*/
public class RemoteClusterPermissionGroup implements Writeable, ToXContentObject {
public class RemoteClusterPermissionGroup implements NamedWriteable, ToXContentObject {

public static final String NAME = "remote_cluster_permission_group";
private final String[] clusterPrivileges;
private final String[] remoteClusterAliases;
private final StringMatcher remoteClusterAliasMatcher;
Expand Down Expand Up @@ -112,4 +114,9 @@ public String toString() {
", remoteClusterAliasMatcher=" + remoteClusterAliasMatcher +
'}';
}

@Override
public String getWriteableName() {
return NAME;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

package org.elasticsearch.xpack.core.security.authz.permission;

import org.elasticsearch.common.io.stream.NamedWriteable;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
Expand Down Expand Up @@ -52,8 +53,9 @@
* "cluster": ["bar"]
* </code>
*/
public class RemoteClusterPermissions implements Writeable, ToXContentObject {
public class RemoteClusterPermissions implements NamedWriteable, ToXContentObject {

public static final String NAME = "remote_cluster_permissions";
private final List<RemoteClusterPermissionGroup> remoteClusterPermissionGroups;
private static final Set<String> allowedRemoteClusterPermissions = Set.of("monitor_enrich");
static{
Expand All @@ -68,7 +70,7 @@ public static Set<String> getSupportRemoteClusterPermissions() {
}

public RemoteClusterPermissions(StreamInput in) throws IOException {
remoteClusterPermissionGroups = in.readCollectionAsList(RemoteClusterPermissionGroup::new);
remoteClusterPermissionGroups = in.readNamedWriteableCollectionAsList(RemoteClusterPermissionGroup.class);
}

public RemoteClusterPermissions() {
Expand Down Expand Up @@ -154,7 +156,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeCollection(remoteClusterPermissionGroups);
out.writeNamedWriteableCollection(remoteClusterPermissionGroups);
}

@Override
Expand All @@ -176,4 +178,9 @@ public String toString() {
"remoteClusterPermissionGroups=" + remoteClusterPermissionGroups +
'}';
}

@Override
public String getWriteableName() {
return NAME;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -497,12 +497,8 @@ public void testParsingFieldPermissionsUsesCache() throws IOException {
assertThat(afterStats.getHits(), equalTo(beforeStats.getHits() + numberOfFieldSecurityBlocks * iterations));
}

@AwaitsFix(bugUrl = "TOOD!")
public void testSerializationForCurrentVersion() throws Exception {
//TODO: replace this .. this test is busted cuase the production code is wrong
TransportVersion version = TransportVersionUtils.randomCompatibleVersion(random());
System.out.println(version);
version = TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS;
final TransportVersion version = TransportVersionUtils.randomCompatibleVersion(random());
final boolean canIncludeRemoteIndices = version.onOrAfter(TransportVersions.V_8_8_0);
final boolean canIncludeRemoteClusters = version.onOrAfter(TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS);
final boolean canIncludeWorkflows = version.onOrAfter(WORKFLOWS_RESTRICTION_VERSION);
Expand Down Expand Up @@ -572,13 +568,13 @@ public void testSerializationWithRemoteIndicesWithElderVersion() throws IOExcept
}

public void testSerializationWithRemoteClusterWithElderVersion() throws IOException {
final TransportVersion versionBeforeRemoteIndices = TransportVersionUtils.getPreviousVersion(
final TransportVersion versionBeforeRemoteCluster = TransportVersionUtils.getPreviousVersion(
TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS
);
final TransportVersion version = TransportVersionUtils.randomVersionBetween(
random(),
TransportVersions.V_7_17_0,
versionBeforeRemoteIndices
versionBeforeRemoteCluster
);
final BytesStreamOutput output = new BytesStreamOutput();
output.setTransportVersion(version);
Expand Down

0 comments on commit 229bb42

Please sign in to comment.