Add realm information for Authenticate API#35648
Conversation
|
Pinging @elastic/es-security |
tvernum
left a comment
There was a problem hiding this comment.
I left a couple of comments
...re/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java
Outdated
Show resolved
Hide resolved
...ck/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java
Outdated
Show resolved
Hide resolved
...nt/rest-high-level/src/main/java/org/elasticsearch/client/security/AuthenticateResponse.java
Outdated
Show resolved
Hide resolved
.../src/main/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.java
Outdated
Show resolved
Hide resolved
...ck/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java
Outdated
Show resolved
Hide resolved
...ity/src/test/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealmIntegTests.java
Show resolved
Hide resolved
...st-high-level/src/test/java/org/elasticsearch/client/security/AuthenticateResponseTests.java
Show resolved
Hide resolved
|
Left some notes, it does look more complicated than at first sight! |
|
Thanks for the feedback @albertzaharovits , @tvernum . I addressed your comments and removed the WIP, this is ready for a final round |
| public void writeTo(StreamOutput out) throws IOException { | ||
| super.writeTo(out); | ||
| User.writeTo(user, out); | ||
| if (out.getVersion().before(Version.V_6_6_0)) { |
There was a problem hiding this comment.
I think you have to keep Version.V_7_0_0 and change on backport. I don't know how CI passed, it should've failed in the bwc tests. To not lose any extra time I think you can try to push to both branches simultaneously, Tom Cruise style. Squash locally and run the precommit tests on 6.x, then merge on master, and do a fast cherry-pick and push origin on the 6.x . 🤞
There was a problem hiding this comment.
Good catch. I'll address this now and take advantage of CI split and the fact that Tim won't wake up for another 6 hours :)
|
I addressed @tvernum 's suggestion to add the name and type in a nested object. I left out node name from the realm information on purpose as I'm not sure it adds value but I have no strong objections in adding that too. |
| final String authenticationRealmName = randomAlphaOfLength(5); | ||
| final String authenticationRealmType = randomFrom("file", "native", "ldap", "ad", "saml", "kerberos"); | ||
| final String lookupRealmName = randomAlphaOfLength(5); | ||
| final String lookupRealmType = randomFrom("file", "native", "ldap", "ad", "saml", "kerberos"); |
There was a problem hiding this comment.
It's totally insignificant, but the actual AD realm type is active_directory.
this does not reproduce locally. @elasticmachine run the gradle build tests 1 |
* master: DOCS Audit event attributes in new format (elastic#35510) Scripting: Actually add joda time back to whitelist (elastic#35965) [DOCS] fix HLRC ILM doc misreferenced tag Add realm information for Authenticate API (elastic#35648) [ILM] add HLRC docs to remove-policy-from-index (elastic#35759) [Rollup] Update serialization version after backport [Rollup] Add more diagnostic stats to job (elastic#35471) Build: Fix gradle build for Mac OS (elastic#35968) Adds deprecation logging to ScriptDocValues#getValues. (elastic#34279) [Monitoring] Make Exporters Async (elastic#35765) [ILM] reduce time restriction on IndexLifecycleExplainResponse (elastic#35954) Remove use of AbstractComponent in xpack (elastic#35394) Deprecate types in search and multi search templates. (elastic#35669) Remove fromXContent from IndexUpgradeInfoResponse (elastic#35934)
- Add the authentication realm and lookup realm name and type in the response for the _authenticate API - The authentication realm is set as the lookup realm too (instead of setting the lookup realm to null or empty ) when no lookup realm is used.
_authenticateAPI