diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackClientPlugin.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackClientPlugin.java index df19648307a0b..da41b7f04e817 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackClientPlugin.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackClientPlugin.java @@ -81,6 +81,8 @@ import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.ExceptExpression; import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.FieldExpression; import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.RoleMapperExpression; +import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissionGroup; +import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissions; import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege; import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivileges; import org.elasticsearch.xpack.core.slm.SLMFeatureSetUsage; @@ -158,6 +160,13 @@ public List getNamedWriteables() { new NamedWriteableRegistry.Entry(RoleMapperExpression.class, AnyExpression.NAME, AnyExpression::new), new NamedWriteableRegistry.Entry(RoleMapperExpression.class, FieldExpression.NAME, FieldExpression::new), new NamedWriteableRegistry.Entry(RoleMapperExpression.class, ExceptExpression.NAME, ExceptExpression::new), + // security : role descriptors + new NamedWriteableRegistry.Entry(RemoteClusterPermissions.class, RemoteClusterPermissions.NAME, RemoteClusterPermissions::new), + new NamedWriteableRegistry.Entry( + RemoteClusterPermissionGroup.class, + RemoteClusterPermissionGroup.NAME, + RemoteClusterPermissionGroup::new + ), // eql new NamedWriteableRegistry.Entry(XPackFeatureSet.Usage.class, XPackField.EQL, EqlFeatureSetUsage::new), // esql diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java index f36fa593395e9..5b0d493acd754 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java @@ -456,6 +456,9 @@ public void writeTo(StreamOutput out) throws IOException { if (out.getTransportVersion().onOrAfter(WORKFLOWS_RESTRICTION_VERSION)) { restriction.writeTo(out); } + if(out.getTransportVersion().onOrAfter(TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS)) { + remoteClusterPermissions.writeTo(out); + } } public static RoleDescriptor parse(String name, BytesReference source, boolean allow2xFormat, XContentType xContentType) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionGroup.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionGroup.java index ffe0a6cfaee02..d4a26ff66cbe2 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionGroup.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionGroup.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.core.security.authz.permission; +import org.elasticsearch.common.io.stream.NamedWriteable; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.io.stream.Writeable; @@ -28,8 +29,9 @@ } * */ -public class RemoteClusterPermissionGroup implements Writeable, ToXContentObject { +public class RemoteClusterPermissionGroup implements NamedWriteable, ToXContentObject { + public static final String NAME = "remote_cluster_permission_group"; private final String[] clusterPrivileges; private final String[] remoteClusterAliases; private final StringMatcher remoteClusterAliasMatcher; @@ -112,4 +114,9 @@ public String toString() { ", remoteClusterAliasMatcher=" + remoteClusterAliasMatcher + '}'; } + + @Override + public String getWriteableName() { + return NAME; + } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java index 130d0b4293085..0c81743256695 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.core.security.authz.permission; +import org.elasticsearch.common.io.stream.NamedWriteable; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.io.stream.Writeable; @@ -52,8 +53,9 @@ * "cluster": ["bar"] * */ -public class RemoteClusterPermissions implements Writeable, ToXContentObject { +public class RemoteClusterPermissions implements NamedWriteable, ToXContentObject { + public static final String NAME = "remote_cluster_permissions"; private final List remoteClusterPermissionGroups; private static final Set allowedRemoteClusterPermissions = Set.of("monitor_enrich"); static{ @@ -68,7 +70,7 @@ public static Set getSupportRemoteClusterPermissions() { } public RemoteClusterPermissions(StreamInput in) throws IOException { - remoteClusterPermissionGroups = in.readCollectionAsList(RemoteClusterPermissionGroup::new); + remoteClusterPermissionGroups = in.readNamedWriteableCollectionAsList(RemoteClusterPermissionGroup.class); } public RemoteClusterPermissions() { @@ -154,7 +156,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws @Override public void writeTo(StreamOutput out) throws IOException { - out.writeCollection(remoteClusterPermissionGroups); + out.writeNamedWriteableCollection(remoteClusterPermissionGroups); } @Override @@ -176,4 +178,9 @@ public String toString() { "remoteClusterPermissionGroups=" + remoteClusterPermissionGroups + '}'; } + + @Override + public String getWriteableName() { + return NAME; + } } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java index e0b1fddd4d2f3..003df18bd2a3a 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptorTests.java @@ -497,12 +497,8 @@ public void testParsingFieldPermissionsUsesCache() throws IOException { assertThat(afterStats.getHits(), equalTo(beforeStats.getHits() + numberOfFieldSecurityBlocks * iterations)); } - @AwaitsFix(bugUrl = "TOOD!") public void testSerializationForCurrentVersion() throws Exception { - //TODO: replace this .. this test is busted cuase the production code is wrong - TransportVersion version = TransportVersionUtils.randomCompatibleVersion(random()); - System.out.println(version); - version = TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS; + final TransportVersion version = TransportVersionUtils.randomCompatibleVersion(random()); final boolean canIncludeRemoteIndices = version.onOrAfter(TransportVersions.V_8_8_0); final boolean canIncludeRemoteClusters = version.onOrAfter(TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS); final boolean canIncludeWorkflows = version.onOrAfter(WORKFLOWS_RESTRICTION_VERSION); @@ -572,13 +568,13 @@ public void testSerializationWithRemoteIndicesWithElderVersion() throws IOExcept } public void testSerializationWithRemoteClusterWithElderVersion() throws IOException { - final TransportVersion versionBeforeRemoteIndices = TransportVersionUtils.getPreviousVersion( + final TransportVersion versionBeforeRemoteCluster = TransportVersionUtils.getPreviousVersion( TransportVersions.ROLE_REMOTE_CLUSTER_PRIVS ); final TransportVersion version = TransportVersionUtils.randomVersionBetween( random(), TransportVersions.V_7_17_0, - versionBeforeRemoteIndices + versionBeforeRemoteCluster ); final BytesStreamOutput output = new BytesStreamOutput(); output.setTransportVersion(version);