Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Security code to use TransportVersion #93089

Merged
merged 49 commits into from
Jan 26, 2023
Merged

Refactor Security code to use TransportVersion #93089

merged 49 commits into from
Jan 26, 2023

Conversation

pgomulka
Copy link
Contributor

@pgomulka pgomulka commented Jan 19, 2023
edited
Loading

With the introduction of TransportVersion we want to use this object in transport protocol related code (usages of StreamInput, StreamOutput).
Also with serverless release being more frequent then on-prem the code changes that relied on Node's Version to perform a conditional logic are also refactored to use TransportVersion which has higher granularity

thecoop and others added 30 commits January 12, 2023 11:31
@thecoop
Add TransportVersion file
fd3dde1
@thecoop
Update docs/changelog/92869.yaml
b75f0de
@thecoop
Update for 8.6.1
0bffdf2
@thecoop
Fix id numbers
591f740 
Add initial set of javadocs
@thecoop
Delete docs/changelog/92869.yaml
719ff87
@thecoop
Fix id numbers
5f0462e 
Add initial set of javadocs
@thecoop
Add initial methods to StreamInput and StreamOutput
0346113
@pgomulka
test
3fcbd3b
@pgomulka
remove compatibility test
dc9ae45
@thecoop
PR comments
9689954
@pgomulka
test cleanup
c64e813
@pgomulka
cleanup
7e9690a
@thecoop
Merge pull request #1 from pgomulka/transportversion
064b1f2 
TransportVersion tests
@thecoop
Convert TcpTransport infrastructure to TransportVersion
8115fb6
@thecoop
Add isCompatible method
a545a63
@thecoop
Update tests
e3dd6d2
@thecoop
Add full compatibility method to get things working
576d58a
@thecoop
Spread calculateMinimumCompatVersion around
20f5b81
@thecoop
More test fixes
600783f
@thecoop
Splotless
fc515c7
@thecoop
Some hacks around TcpTransport.getVersion to make some tests pass
c9b8ee2
@thecoop
More PR comments
8b12530
@pgomulka
draft
8a8146f
@thecoop
Convert TcpTransport infrastructure to TransportVersion
6d3a1a4
@thecoop
Add isCompatible method
f220765
@thecoop
Update tests
d7e919b
@thecoop
Add full compatibility method to get things working
7f865ad
@thecoop
Spread calculateMinimumCompatVersion around
2b40f4b
@thecoop
More test fixes
ea1d729
@thecoop
Splotless
4de6681
@pgomulka pgomulka changed the title Security trasnport version Security transport version Jan 19, 2023
@thecoop thecoop mentioned this pull request Jan 23, 2023
Closed
12 tasks
thecoop
thecoop reviewed Jan 23, 2023
View reviewed changes
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Subject.java
@@ -87,7 +87,7 @@ public Map<String, Object> getMetadata() {
return metadata;
}

public Version getVersion() {
public TransportVersion getTransportVersion() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In other places, when replacing existing version methods, I've just left it as getVersion

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tended to replace the method name too. I feel it might read better

thecoop
thecoop reviewed Jan 23, 2023
View reviewed changes
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Subject.java
}

public Subject(User user, Authentication.RealmRef realm, Version version, Map<String, Object> metadata) {
public Subject(User user, Authentication.RealmRef realm, TransportVersion version, Map<String, Object> metadata) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does this version number actually mean in the security code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

judging by when this is called I would suspect that this has the same meaning as a transport version in StreamInput
https://github.com/pgomulka/elasticsearch/blob/1db5baa41b5c933ead5cba9a848b9aa95e749546/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java#L155

once this PR is ready for review I will follow up with security team

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed ofline: Version in Subject and UserToken is used for serialisation into a Base64 strings. It does not use transport protocol (serialisation is into ThreadContext or XContent) but is using StreamInput/StreamOutput api

thecoop
thecoop reviewed Jan 23, 2023
View reviewed changes
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java
@@ -110,7 +110,7 @@ public String getId() {
/**
* The version of the node this token was created on
*/
Version getVersion() {
TransportVersion getTransportVersion() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the comment, this is the actual node version. Do we want to change this to TransportVersion?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the comment. I think this should be a transportVersion as per https://github.com/elastic/elasticsearch/pull/93089/files#r1087901056

@pgomulka pgomulka changed the title Security transport version Refactor Security code to use TransportVersion Jan 24, 2023
@pgomulka pgomulka added :Core/Infra/Core Core issues without another label :Security/Security Security issues without another label >refactoring labels Jan 24, 2023
@pgomulka
Copy link
Contributor Author

pgomulka commented Jan 24, 2023
edited
Loading

@elastic/es-security would you be able to take a look at the PR?
we were wondering if you could put some light on the meaning of Version in security code. For instance https://github.com/elastic/elasticsearch/pull/93089/files#r1084169354
in Subject there is a Version field, what is the purpose of this field? Should we expect any other use of Version than transport protocol ?

Similar question to UserToken #93089 (comment)

@pgomulka pgomulka marked this pull request as ready for review January 24, 2023 14:13
@elasticsearchmachine elasticsearchmachine added Team:Core/Infra Meta label for core/infra team Team:Security Meta label for security team labels Jan 24, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

thecoop
thecoop approved these changes Jan 26, 2023
View reviewed changes
Copy link
Member

@thecoop thecoop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's get this in the codebase for now, and see how it evolves.

@pgomulka pgomulka merged commit da01691 into elastic:main Jan 26, 2023
@pgomulka pgomulka mentioned this pull request Feb 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thecoop thecoop thecoop approved these changes

Assignees
No one assigned
Labels
:Core/Infra/Core Core issues without another label >refactoring :Security/Security Security issues without another label Team:Core/Infra Meta label for core/infra team Team:Security Meta label for security team v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pgomulka @elasticsearchmachine @thecoop