Skip to content

Phase 1 support for operator privileges #65256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Dec 3, 2020
Merged

Phase 1 support for operator privileges #65256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
4966365
WIP: operator privileges initial working code with smoke tests
ywangd Nov 19, 2020
3d5f3b0
WIP: working on tests
ywangd Nov 23, 2020
cd5f339
Remove unnecessary file
ywangd Nov 24, 2020
9834e47
Use javaRestTest instead of test to align with recent changes
ywangd Nov 24, 2020
9b63010
Add a test plugin to ensure every action is declared either operator-…
ywangd Nov 24, 2020
be893ec
spotless
ywangd Nov 24, 2020
2d66a05
testingConventions test
ywangd Nov 24, 2020
1b28476
Update x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/s…
ywangd Nov 25, 2020
892840f
address feedback
ywangd Nov 25, 2020
9314789
Simplify the plugin IT test with reflection
ywangd Nov 25, 2020
5dedd54
spotless
ywangd Nov 25, 2020
901ecd2
Refactor as suggested
ywangd Nov 26, 2020
b52c814
Move plugin test package
ywangd Nov 26, 2020
5883923
Fix authenticationService tests
ywangd Nov 26, 2020
1b3344f
Fix tests and telemetry
ywangd Nov 26, 2020
0e170d9
Merge remote-tracking branch 'origin/master' into meta-101-operator-p…
ywangd Nov 26, 2020
1082b13
fix test failures
ywangd Nov 26, 2020
c3fa2ba
Update x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/s…
ywangd Nov 30, 2020
4cf5b08
wip
ywangd Nov 29, 2020
973e7a5
Address feedback
ywangd Nov 30, 2020
2ae1bef
Fix import
ywangd Nov 30, 2020
91d2ef0
Tweak
ywangd Nov 30, 2020
6bddcff
fix test
ywangd Nov 30, 2020
e7042f9
Update x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/s…
ywangd Dec 3, 2020
5807b33
Merge remote-tracking branch 'origin/master' into meta-101-operator-p…
ywangd Dec 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/reference/rest-api/info.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,10 @@ Example response:
"available" : true,
"enabled" : true
},
"operator_privileges": {
"available": true,
"enabled": false
},
"rollup": {
"available": true,
"enabled": true
Expand Down
4 changes: 3 additions & 1 deletion x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,9 @@ public enum Feature {

ANALYTICS(OperationMode.MISSING, true),

SEARCHABLE_SNAPSHOTS(OperationMode.ENTERPRISE, true);
SEARCHABLE_SNAPSHOTS(OperationMode.ENTERPRISE, true),

OPERATOR_PRIVILEGES(OperationMode.ENTERPRISE, true);

final OperationMode minimumOperationMode;
final boolean needsActive;
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackField.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,8 @@ public final class XPackField {
public static final String DATA_TIERS = "data_tiers";
/** Name constant for the aggregate_metric plugin. */
public static final String AGGREGATE_METRIC = "aggregate_metric";
/** Name constant for the operator privileges feature. */
public static final String OPERATOR_PRIVILEGES = "operator_privileges";

private XPackField() {}

Expand Down
3 changes: 2 additions & 1 deletion ...plugin/core/src/main/java/org/elasticsearch/xpack/core/action/XPackInfoFeatureAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,15 @@ public class XPackInfoFeatureAction extends ActionType<XPackInfoFeatureResponse>
public static final XPackInfoFeatureAction DATA_STREAMS = new XPackInfoFeatureAction(XPackField.DATA_STREAMS);
public static final XPackInfoFeatureAction DATA_TIERS = new XPackInfoFeatureAction(XPackField.DATA_TIERS);
public static final XPackInfoFeatureAction AGGREGATE_METRIC = new XPackInfoFeatureAction(XPackField.AGGREGATE_METRIC);
public static final XPackInfoFeatureAction OPERATOR_PRIVILEGES = new XPackInfoFeatureAction(XPackField.OPERATOR_PRIVILEGES);

public static final List<XPackInfoFeatureAction> ALL;
static {
final List<XPackInfoFeatureAction> actions = new ArrayList<>();
actions.addAll(Arrays.asList(
SECURITY, MONITORING, WATCHER, GRAPH, MACHINE_LEARNING, LOGSTASH, EQL, SQL, ROLLUP, INDEX_LIFECYCLE, SNAPSHOT_LIFECYCLE, CCR,
TRANSFORM, VECTORS, VOTING_ONLY, FROZEN_INDICES, SPATIAL, ANALYTICS, ENRICH, DATA_STREAMS, SEARCHABLE_SNAPSHOTS, DATA_TIERS,
AGGREGATE_METRIC
AGGREGATE_METRIC, OPERATOR_PRIVILEGES
));
ALL = Collections.unmodifiableList(actions);
}
Expand Down
2 changes: 2 additions & 0 deletions ...n/core/src/main/java/org/elasticsearch/xpack/core/security/authc/AuthenticationField.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ public final class AuthenticationField {
public static final String AUTHENTICATION_KEY = "_xpack_security_authentication";
public static final String API_KEY_ROLE_DESCRIPTORS_KEY = "_security_api_key_role_descriptors";
public static final String API_KEY_LIMITED_ROLE_DESCRIPTORS_KEY = "_security_api_key_limited_by_role_descriptors";
public static final String PRIVILEGE_CATEGORY_KEY = "_security_privilege_category";
public static final String PRIVILEGE_CATEGORY_VALUE_OPERATOR = "operator";

private AuthenticationField() {}
}
33 changes: 33 additions & 0 deletions x-pack/plugin/security/qa/operator-privileges-tests/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
apply plugin: 'elasticsearch.esplugin'
apply plugin: 'elasticsearch.java-rest-test'

esplugin {
name 'operator-privileges-test'
description 'An test plugin for testing hard to get internals'
classname 'org.elasticsearch.xpack.security.operator.OperatorPrivilegesTestPlugin'
}

dependencies {
compileOnly project(':x-pack:plugin:core')
javaRestTestImplementation project(':x-pack:plugin:core')
javaRestTestImplementation project(':client:rest-high-level')
javaRestTestImplementation project(':x-pack:plugin:security')
// let the javaRestTest see the classpath of main
javaRestTestImplementation project.sourceSets.main.runtimeClasspath
}

testClusters.all {
testDistribution = 'DEFAULT'
numberOfNodes = 3

extraConfigFile 'operator_users.yml', file('src/javaRestTest/resources/operator_users.yml')
extraConfigFile 'roles.yml', file('src/javaRestTest/resources/roles.yml')

setting 'xpack.license.self_generated.type', 'trial'
setting 'xpack.security.enabled', 'true'
setting 'xpack.security.http.ssl.enabled', 'false'
setting 'xpack.security.operator_privileges.enabled', "true"

user username: "test_admin", password: 'x-pack-test-password', role: "superuser"
user username: "test_operator", password: 'x-pack-test-password', role: "limited_operator"
}
Loading