Skip to content

[HLRC] Add support for get roles API#35787

Merged
jkakavas merged 16 commits intoelastic:masterfrom
jkakavas:hlrc-get-roles
Nov 26, 2018
Merged

[HLRC] Add support for get roles API#35787
jkakavas merged 16 commits intoelastic:masterfrom
jkakavas:hlrc-get-roles

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented Nov 21, 2018

This commits adds support for the Get Roles API to the HLRC

Relates: #29827

@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Nov 21, 2018

Pinging @elastic/es-security

bizybot
bizybot approved these changes Nov 22, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@bizybot bizybot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, few comments once addressed, good to go. Thank you.

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Nov 22, 2018

Thanks for the feedback @bizybot

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityClient.java Outdated
}

/**
* Retrieves roles in the native realm.
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO s/native realm/native roles store/
(I know this comment uses the lingo from the docs)

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java Outdated
builder.addPathPart(Strings.collectionToCommaDelimitedString(getRolesRequest.getRoleNames()));
}
return new Request(HttpGet.METHOD_NAME, builder.build());

Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: extra line

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRolesRequest.java Outdated
import java.util.Set;

/**
* Request object to retrieve roles from the security index
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO s/security index/native roles store

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetRolesResponse.java Outdated
XContentParser.Token token;
while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
XContentParserUtils.ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser::getTokenLocation);
roles.add(Role.PARSER.parse(parser, null));
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we lose the role name here. The Role should have a name.
For this, the Role#fromXContent could have a name parameter and be called here ; and not implement ToXContentObject (PutRole would build the XContent).

Copy link
Copy Markdown
Contributor

@bizybot bizybot Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch, I agree to have optional name parameter to Role#fromXContent (the javadocs for the Role will need an update)

albertzaharovits
albertzaharovits reviewed Nov 23, 2018
View reviewed changes
...nt/rest-high-level/src/main/java/org/elasticsearch/client/security/user/privileges/Role.java Outdated
PARSER.declareFieldArray(optionalConstructorArg(), ApplicationResourcePrivileges.PARSER, APPLICATIONS, ValueType.OBJECT_ARRAY);
PARSER.declareStringArray(optionalConstructorArg(), RUN_AS);
PARSER.declareObject(constructorArg(), (parser, c) -> parser.map(), METADATA);
PARSER.declareObject(optionalConstructorArg(), (parser, c) -> parser.map(), TRANSIENT_METADATA);
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits Nov 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a difference between metadata and transient_metadata ? If not I would make them both either optionalConstructorArg (cautious) or constructorArg (confident) :)

albertzaharovits
albertzaharovits requested changes Nov 23, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have recommended that the Role have a name despite the idiosyncratic Response making it hard.
From the client perspective, it's cumbersome to manipulate a list of roles, from the response, in the order of the role names that have been requested. I would argue that returning a Collection with Roles having a name as attribute follows closer the encapsulation precept.

albertzaharovits
albertzaharovits approved these changes Nov 23, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Only fished the nits of the nits. These are totally optional.

Thanks for tackling this before put role! 🎩

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Nov 25, 2018

@elasticmachine run the gradle build tests 1

@jkakavas
Copy link
Copy Markdown
Contributor Author

jkakavas commented Nov 26, 2018 

23:41:29   1> [0030-11-25T14:41:24,539][ERROR][o.e.d.z.ZenDiscovery     ] [node_t0] unexpected exception while failing [master {node_t1}{BEVzq4gKQS64P6VHKriI8w}{zNOAkJu0SVKiSbw9ZL1Vfg}{127.0.0.1}{127.0.0.1:39245} committed version [3]]
23:41:29   1> java.lang.IllegalArgumentException: can't resolve failed cluster state with uuid [pUMf5_JaTfWkxYQpiownGw], version [3]
23:41:29   1> 	at org.elasticsearch.discovery.zen.PendingClusterStatesQueue.markAsFailed(PendingClusterStatesQueue.java:110) ~[main/:?]
23:41:29   1> 	at org.elasticsearch.discovery.zen.ZenDiscovery$3.onFailure(ZenDiscovery.java:817) [main/:?]
23:41:29   1> 	at org.elasticsearch.discovery.zen.ZenDiscovery$3.onSuccess(ZenDiscovery.java:807) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService$SafeClusterApplyListener.onSuccess(ClusterApplierService.java:524) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:476) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:418) [main/:?]
23:41:29   1> 	at org.elasticsearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:162) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:627) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:244) [main/:?]
23:41:29   1> 	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:207) [main/:?]
23:41:29   1> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
23:41:29   1> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
23:41:29   1> 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]
23:41:29   1> 	Suppressed: java.lang.IllegalStateException: can't resolve processed cluster state with uuid [pUMf5_JaTfWkxYQpiownGw], version [3]
23:41:29   1> 		at org.elasticsearch.discovery.zen.PendingClusterStatesQueue.markAsProcessed(PendingClusterStatesQueue.java:147) ~[main/:?]
23:41:29   1> 		at org.elasticsearch.discovery.zen.ZenDiscovery$3.onSuccess(ZenDiscovery.java:805) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService$SafeClusterApplyListener.onSuccess(ClusterApplierService.java:524) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:476) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:418) [main/:?]
23:41:29   1> 		at org.elasticsearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:162) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:627) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:244) [main/:?]
23:41:29   1> 		at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:207) [main/:?]
23:41:29   1> 		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_192]
23:41:29   1> 		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_192]
23:41:29   1> 		at java.lang.Thread.run(Thread.java:748) [?:1.8.0_192]

@elasticmachine run the gradle build tests 1

@jkakavas jkakavas merged commit 8daa854 into elastic:master Nov 26, 2018
jkakavas added a commit that referenced this pull request Nov 26, 2018
@jkakavas
[HLRC] Add support for get roles API (#35787)
fa04714 
This commits adds support for the Get Roles API to the HLRC

Relates: #29827
@jkakavas jkakavas deleted the hlrc-get-roles branch November 26, 2018 10:00
@tomcallahan tomcallahan added >enhancement and removed :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC labels Dec 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@albertzaharovits albertzaharovits albertzaharovits approved these changes

+1 more reviewer

@bizybot bizybot bizybot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

>enhancement v6.6.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@jkakavas @elasticmachine @bizybot @albertzaharovits @colings86 @tomcallahan