Skip to content

Support updates of API key attributes [service layer]#87924

Merged
n1v0lg merged 113 commits intoelastic:masterfrom
n1v0lg:update-api-keys-service-level
Jun 29, 2022
Merged

Support updates of API key attributes [service layer]#87924
n1v0lg merged 113 commits intoelastic:masterfrom
n1v0lg:update-api-keys-service-level

Conversation

@n1v0lg
Copy link
Copy Markdown
Contributor

@n1v0lg n1v0lg commented Jun 22, 2022
edited
Loading

Service level implementation to add support for updating attributes of
existing API keys. This allows end-users to modify privileges and
metadata associated with API keys dynamically, without requiring
rolling out new API keys every time there is a change.

Updatable attributes are role_descriptors and metadata. Several
other attributes are updated automatically, on every update call,
including limited_by_role_descriptors, creator, and version. API
key attributes are replaced, not merged.

On every update, the API key doc cache is cleared for the updated API
key.

This PR implements the necessary service layer changes in
ApiKeyService. I will integrate this with the REST and transport
layers in a subsequent PR.

Relates: #87870

Note: labeling >non-issue since I would rather include a >feature
tag and changelog entry on the REST & transport layer PR.

@n1v0lg n1v0lg requested a review from ywangd June 27, 2022 15:46
ywangd
ywangd reviewed Jun 28, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is almost ready. I don't have major points. Other than below comments, I also felt we are a bit light on debug loggings. For example, when the version number gets updated, I think it's worth for a logging message.

@n1v0lg
Copy link
Copy Markdown
Contributor Author

n1v0lg commented Jun 28, 2022

Build failure is unrelated and tracked here

@n1v0lg n1v0lg requested a review from ywangd June 28, 2022 10:32
@n1v0lg n1v0lg mentioned this pull request Jun 28, 2022
Merged
ywangd
ywangd approved these changes Jun 28, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks for the iterations!

@n1v0lg
Copy link
Copy Markdown
Contributor Author

n1v0lg commented Jun 28, 2022

@elasticmachine run elasticsearch-ci/part-1-fips

@n1v0lg n1v0lg merged commit a0c9026 into elastic:master Jun 29, 2022
@n1v0lg n1v0lg deleted the update-api-keys-service-level branch June 29, 2022 10:00
@ywangd ywangd mentioned this pull request Nov 12, 2022
Merged
ywangd added a commit that referenced this pull request Nov 14, 2022
@ywangd
Fix variable placeholder for Strings.format calls (#91531)
7b71c94 
The curly bracket placeholder works for LoggerMessageFormat.format and
ParameterizedMessage.format, but Not for Strings.format which requires
Java's string format syntax. This PR fixes the incorrect usages.

Relates: #86549, #87924
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

@n1v0lg n1v0lg

Labels

>non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1v0lg @elasticmachine @ywangd