-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor Security code to use TransportVersion #93089
Conversation
Add initial set of javadocs
Add initial set of javadocs
TransportVersion tests
@@ -87,7 +87,7 @@ public Map<String, Object> getMetadata() { | |||
return metadata; | |||
} | |||
|
|||
public Version getVersion() { | |||
public TransportVersion getTransportVersion() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In other places, when replacing existing version methods, I've just left it as getVersion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tended to replace the method name too. I feel it might read better
} | ||
|
||
public Subject(User user, Authentication.RealmRef realm, Version version, Map<String, Object> metadata) { | ||
public Subject(User user, Authentication.RealmRef realm, TransportVersion version, Map<String, Object> metadata) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this version number actually mean in the security code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
judging by when this is called I would suspect that this has the same meaning as a transport version in StreamInput
https://github.com/pgomulka/elasticsearch/blob/1db5baa41b5c933ead5cba9a848b9aa95e749546/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java#L155
once this PR is ready for review I will follow up with security team
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as discussed ofline: Version in Subject and UserToken is used for serialisation into a Base64 strings. It does not use transport protocol (serialisation is into ThreadContext or XContent) but is using StreamInput/StreamOutput api
@@ -110,7 +110,7 @@ public String getId() { | |||
/** | |||
* The version of the node this token was created on | |||
*/ | |||
Version getVersion() { | |||
TransportVersion getTransportVersion() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the comment, this is the actual node version. Do we want to change this to TransportVersion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the comment. I think this should be a transportVersion as per https://github.com/elastic/elasticsearch/pull/93089/files#r1087901056
@elastic/es-security would you be able to take a look at the PR? Similar question to |
Pinging @elastic/es-security (Team:Security) |
Pinging @elastic/es-core-infra (Team:Core/Infra) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's get this in the codebase for now, and see how it evolves.
With the introduction of TransportVersion we want to use this object in transport protocol related code (usages of StreamInput, StreamOutput).
Also with serverless release being more frequent then on-prem the code changes that relied on Node's Version to perform a conditional logic are also refactored to use TransportVersion which has higher granularity