Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serverless role and privilege model updates #2547

Merged
merged 27 commits into from
Jun 10, 2024
Merged

Serverless role and privilege model updates #2547

merged 27 commits into from
Jun 10, 2024

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented May 7, 2024
edited
Loading

Brings back #2491 with a few corrected annotations.

The changes included in this PR are ready to be published: the privileges pertain to the API key APIs which are already public in Serverless. However, the visibility of the Create or Update Roles API (as well as other Role-related APIs) remains private until the feature is ready. I will open a separate PR for those when the time has come.

n1v0lg added 25 commits April 5, 2024 11:22
@n1v0lg
WIP serverless custom role API changes
96f2095
@n1v0lg
Mark privileges
a7d7842
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
bfa055e
@n1v0lg
Visibility
f0384dd
@n1v0lg
Undo privileges
857309c
@n1v0lg
Revert "Undo privileges"
9f79faf 
This reverts commit 857309c.
@n1v0lg
Schema
dab3173
@n1v0lg
Maybe not
1536fd0
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
514c24f
@n1v0lg
Output schema
eb781af
@n1v0lg
OpenAPI spec
2671a7f
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
8475edb
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
e21caa6
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
9a776a7
@n1v0lg
Merge branch 'custom-roles-api-spec-changes' of https://github.com/el…
f61229c 
…astic/elasticsearch-specification into custom-roles-api-spec-changes
@n1v0lg
Clarify run-as
eb6f6d8
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
1f39249
@n1v0lg
Missed privilege
d86706c
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
41d804e
@n1v0lg
Merge branch 'custom-roles-api-spec-changes' of https://github.com/el…
8a8f906 
…astic/elasticsearch-specification into custom-roles-api-spec-changes
@n1v0lg
Re-gen
b8ef493
@n1v0lg
Merge
3fa41d7
@n1v0lg
Clean up
c2073b8
@n1v0lg
Merge branch 'main' into custom-roles-api-spec-changes
98fba04
@n1v0lg
Fixes
8b0ed04
@n1v0lg n1v0lg self-assigned this May 7, 2024
@n1v0lg n1v0lg changed the title API specification changes for custom roles Serverless role and privilege model updates Jun 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

Following you can find the validation results for the APIs you have changed.

API Status Request Response
security.activate_user_profile 🔴 8/9 8/9
security.authenticate 🔴 28/29 28/29
security.bulk_update_api_keys 🟠 Missing type Missing type
security.change_password 🔴 8/9 8/9
security.clear_api_key_cache 🔴 12/13 12/13
security.clear_cached_privileges 🔴 2/3 2/3
security.clear_cached_realms 🔴 0/1 0/1
security.clear_cached_roles 🔴 1/2 1/2
security.clear_cached_service_tokens 🔴 3/4 3/4
security.create_api_key 🔴 56/57 47/48
security.create_cross_cluster_api_key 🟠 Missing type Missing type
security.create_service_token 🔴 2/3 2/3
security.delete_privileges 🔴 5/6 5/6
security.delete_role_mapping 🔴 8/9 8/9
security.delete_role 🔴 7/8 7/8
security.delete_service_token Missing test Missing test
security.delete_user 🔴 8/9 8/9
security.disable_user_profile 🔴 0/1 0/1
security.disable_user 🔴 2/3 2/3
security.enable_user_profile 🔴 0/1 0/1
security.enable_user 🔴 3/4 3/4
security.enroll_kibana Missing test Missing test
security.enroll_node Missing test Missing test
security.get_api_key 🔴 36/37 13/37
security.get_builtin_privileges 🔴 1/2 0/2
security.get_privileges 🔴 11/12 11/12
security.get_role_mapping 🔴 17/18 9/18
security.get_role 🔴 21/22 19/22
security.get_service_accounts Missing test Missing test
security.get_service_credentials 🔴 0/1 0/1
security.get_settings 🟠 Missing type Missing type
security.get_token 🔴 24/25 23/24
security.get_user_privileges 🔴 7/8 6/8
security.get_user_profile 🔴 7/8 7/8
security.get_user 🔴 24/25 24/25
security.grant_api_key 🔴 6/7 6/7
security.has_privileges_user_profile 🔴 2/3 2/3
security.has_privileges 🔴 23/24 23/24
security.invalidate_api_key 🔴 11/12 11/12
security.invalidate_token 🔴 10/11 10/11
security.oidc_authenticate 🟠 Missing type Missing type
security.oidc_logout 🟠 Missing type Missing type
security.oidc_prepare_authentication 🟠 Missing type Missing type
security.put_privileges 🔴 9/10 9/10
security.put_role_mapping 🔴 1/11 10/11
security.put_role 🔴 37/40 38/39
security.put_user 🔴 48/49 47/48
security.query_api_keys 🔴 12/14 0/14
security.saml_authenticate Missing test Missing test
security.saml_complete_logout Missing test Missing test
security.saml_invalidate Missing test Missing test
security.saml_logout Missing test Missing test
security.saml_prepare_authentication Missing test Missing test
security.saml_service_provider_metadata Missing test Missing test
security.suggest_user_profiles 🔴 0/1 0/1
security.update_api_key 🔴 4/5 4/5
security.update_cross_cluster_api_key 🟠 Missing type Missing type
security.update_settings 🟠 Missing type Missing type
security.update_user_profile_data 🔴 0/1 0/1

You can validate these APIs yourself by using the make validate target.

@n1v0lg n1v0lg marked this pull request as ready for review June 10, 2024 09:17
@n1v0lg n1v0lg requested a review from pquentin June 10, 2024 09:20
pquentin
pquentin approved these changes Jun 10, 2024
View reviewed changes
Copy link
Member

@pquentin pquentin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM. Triple-checking: can I merge this now?

@n1v0lg
Copy link
Contributor Author

n1v0lg commented Jun 10, 2024

Thanks! LGTM. Triple-checking: can I merge this now?

Hehe yup, this is good to merge 👍 thanks for the reviews!

@github-actions GitHub Actions
Copy link
Contributor

Following you can find the validation results for the APIs you have changed.

API Status Request Response
security.activate_user_profile 🔴 8/9 8/9
security.authenticate 🔴 28/29 28/29
security.bulk_update_api_keys 🟠 Missing type Missing type
security.change_password 🔴 8/9 8/9
security.clear_api_key_cache 🔴 12/13 12/13
security.clear_cached_privileges 🔴 2/3 2/3
security.clear_cached_realms 🔴 0/1 0/1
security.clear_cached_roles 🔴 1/2 1/2
security.clear_cached_service_tokens 🔴 3/4 3/4
security.create_api_key 🔴 56/57 47/48
security.create_cross_cluster_api_key 🟠 Missing type Missing type
security.create_service_token 🔴 2/3 2/3
security.delete_privileges 🔴 5/6 5/6
security.delete_role_mapping 🔴 8/9 8/9
security.delete_role 🔴 7/8 7/8
security.delete_service_token Missing test Missing test
security.delete_user 🔴 8/9 8/9
security.disable_user_profile 🔴 0/1 0/1
security.disable_user 🔴 2/3 2/3
security.enable_user_profile 🔴 0/1 0/1
security.enable_user 🔴 3/4 3/4
security.enroll_kibana Missing test Missing test
security.enroll_node Missing test Missing test
security.get_api_key 🔴 36/37 13/37
security.get_builtin_privileges 🔴 1/2 0/2
security.get_privileges 🔴 11/12 11/12
security.get_role_mapping 🔴 17/18 9/18
security.get_role 🔴 21/22 19/22
security.get_service_accounts Missing test Missing test
security.get_service_credentials 🔴 0/1 0/1
security.get_settings 🟠 Missing type Missing type
security.get_token 🔴 24/25 23/24
security.get_user_privileges 🔴 7/8 6/8
security.get_user_profile 🔴 7/8 7/8
security.get_user 🔴 24/25 24/25
security.grant_api_key 🔴 6/7 6/7
security.has_privileges_user_profile 🔴 2/3 2/3
security.has_privileges 🔴 23/24 23/24
security.invalidate_api_key 🔴 11/12 11/12
security.invalidate_token 🔴 10/11 10/11
security.oidc_authenticate 🟠 Missing type Missing type
security.oidc_logout 🟠 Missing type Missing type
security.oidc_prepare_authentication 🟠 Missing type Missing type
security.put_privileges 🔴 9/10 9/10
security.put_role_mapping 🔴 1/11 10/11
security.put_role 🔴 37/40 38/39
security.put_user 🔴 48/49 47/48
security.query_api_keys 🔴 12/14 0/14
security.saml_authenticate Missing test Missing test
security.saml_complete_logout Missing test Missing test
security.saml_invalidate Missing test Missing test
security.saml_logout Missing test Missing test
security.saml_prepare_authentication Missing test Missing test
security.saml_service_provider_metadata Missing test Missing test
security.suggest_user_profiles 🔴 0/1 0/1
security.update_api_key 🔴 4/5 4/5
security.update_cross_cluster_api_key 🟠 Missing type Missing type
security.update_settings 🟠 Missing type Missing type
security.update_user_profile_data 🔴 0/1 0/1

You can validate these APIs yourself by using the make validate target.

@n1v0lg n1v0lg merged commit e4a4823 into main Jun 10, 2024
6 checks passed
@n1v0lg n1v0lg deleted the more-custom-roles-api-spec-changes branch June 10, 2024 14:32
@n1v0lg n1v0lg mentioned this pull request Jun 10, 2024
Merged
n1v0lg added a commit that referenced this pull request Jun 11, 2024
@n1v0lg
Remove duplicate privilege (#2611)
f906c66 
`read_slm` was defined twice in #2547. Removing the dup.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pquentin pquentin pquentin approved these changes

Assignees

@n1v0lg n1v0lg

Labels
specification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@n1v0lg @pquentin