Fix FieldRule #2362
Merged
Fix FieldRule #2362
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value`
Anaethelion
requested changes
Dec 8, 2023
There was a problem hiding this comment.
Left a few comments, unsure about the non_exhaustive tag but this seems the way to go. I'll defer to @swallez for confirmation.
Co-authored-by: Laurent Saint-Félix <[email protected]>
Anaethelion
reviewed
Dec 13, 2023
Co-authored-by: Laurent Saint-Félix <[email protected]>
swallez
reviewed
Dec 21, 2023
There was a problem hiding this comment.
Looking at the ES code, a field rule is a single key/value pair where the value can be a single scalar value or an array of scalar values. So in theory that should just be type FieldRule = SingleKeyDictionary<String, ScalarValue|ScalarValue[]>.
However, the approach used in this PR consisting in just adding @non_exhaustive is the one that limits the breaking changes in strongly typed clients. It will be a bit less easy to use and may allow users to provide arbitrary values and not only scalar values, but that's the tradeoff to limit breaking changes.
We should however add a code comment (and not jsdoc comment that ends up in API docs) explaining this decision. Something like:
// This should have been defined as SingleKeyDictionary<String, ScalarValue|ScalarValue[]>
// However, this was initially defined as a container with a limited number of variants,
// and was later made non_exhaustive to limit breaking changes.
Finally, we should remove realm.name that was added in this PR. It's very specific and covered by the @non_exhaustive.
|
Thanks for the review! Please take another look. |
|
Following you can find the validation results for the APIs you have changed.
You can validate these APIs yourself by using the |
1 similar comment
|
Following you can find the validation results for the APIs you have changed.
You can validate these APIs yourself by using the |
github-actions bot
pushed a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
github-actions bot
pushed a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
github-actions bot
pushed a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a)
pquentin
added a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
pquentin
added a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
pquentin
added a commit
that referenced
this pull request
Jan 15, 2024
* Fix FieldRule * `username` can also be a list, * `realm.name` is the field name, using an intermediate `realm` object does not work. * `metadata` is not a key: keys are of the form `metadata.key = value` * Apply suggestions from code review Co-authored-by: Laurent Saint-Félix <[email protected]> * Run `make contrib` * Update RoleMappingRule.ts Co-authored-by: Laurent Saint-Félix <[email protected]> * Address review comments --------- Co-authored-by: Laurent Saint-Félix <[email protected]> (cherry picked from commit 383d22a) Co-authored-by: Quentin Pradet <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #2344
This fixes three issues with
FieldRule:usernamecan also be a list,realm.nameis the field name, using an intermediaterealmobject leads to a parsing exception,metadatais not an object: values are of the formmetadata.key = value.Sources:
POST /_security/role_mapping/<name>, including complete examplesI only tested in Kibana, as the Python client only exposes
rulesand does not go deeper.Regarding the backports,
realm.nameandmetadataare unusable today, butusernameis. Should this be separated in two pull requests, so that therealm.nameandmetadataget backported to 8.12, 8.11 and 7.17?