From 335cf91bb9929866b8e94f06bc0c961a2846bf01 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad <902768+bizybot@users.noreply.github.com> Date: Thu, 14 Feb 2019 23:08:52 +1100 Subject: [PATCH] Add enabled status for token and api key service (#38687) (#38882) Right now there is no way to determine whether the token service or API key service is enabled or not. This commit adds support for the enabled status of token and API key service to the security feature set usage API `/_xpack/usage`. Closes #38535 --- .../security/SecurityFeatureSetUsage.java | 18 ++++++++++++- .../xpack/security/SecurityFeatureSet.java | 18 ++++++++++--- .../security/SecurityFeatureSetTests.java | 26 +++++++++++++++++++ 3 files changed, 58 insertions(+), 4 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java index f615fbd0b5306..bbbbc635ac253 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java @@ -22,6 +22,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private static final String ROLES_XFIELD = "roles"; private static final String ROLE_MAPPING_XFIELD = "role_mapping"; private static final String SSL_XFIELD = "ssl"; + private static final String TOKEN_SERVICE_XFIELD = "token_service"; + private static final String API_KEY_SERVICE_XFIELD = "api_key_service"; private static final String AUDIT_XFIELD = "audit"; private static final String IP_FILTER_XFIELD = "ipfilter"; private static final String ANONYMOUS_XFIELD = "anonymous"; @@ -29,6 +31,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private Map realmsUsage; private Map rolesStoreUsage; private Map sslUsage; + private Map tokenServiceUsage; + private Map apiKeyServiceUsage; private Map auditUsage; private Map ipFilterUsage; private Map anonymousUsage; @@ -39,6 +43,10 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { realmsUsage = in.readMap(); rolesStoreUsage = in.readMap(); sslUsage = in.readMap(); + if (in.getVersion().onOrAfter(Version.V_7_1_0)) { + tokenServiceUsage = in.readMap(); + apiKeyServiceUsage = in.readMap(); + } auditUsage = in.readMap(); ipFilterUsage = in.readMap(); if (in.getVersion().before(Version.V_6_0_0_beta1)) { @@ -52,12 +60,15 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException { public SecurityFeatureSetUsage(boolean available, boolean enabled, Map realmsUsage, Map rolesStoreUsage, Map roleMappingStoreUsage, Map sslUsage, Map auditUsage, - Map ipFilterUsage, Map anonymousUsage) { + Map ipFilterUsage, Map anonymousUsage, + Map tokenServiceUsage, Map apiKeyServiceUsage) { super(XPackField.SECURITY, available, enabled); this.realmsUsage = realmsUsage; this.rolesStoreUsage = rolesStoreUsage; this.roleMappingStoreUsage = roleMappingStoreUsage; this.sslUsage = sslUsage; + this.tokenServiceUsage = tokenServiceUsage; + this.apiKeyServiceUsage = apiKeyServiceUsage; this.auditUsage = auditUsage; this.ipFilterUsage = ipFilterUsage; this.anonymousUsage = anonymousUsage; @@ -69,6 +80,8 @@ public void writeTo(StreamOutput out) throws IOException { out.writeMap(realmsUsage); out.writeMap(rolesStoreUsage); out.writeMap(sslUsage); + out.writeMap(tokenServiceUsage); + out.writeMap(apiKeyServiceUsage); out.writeMap(auditUsage); out.writeMap(ipFilterUsage); if (out.getVersion().before(Version.V_6_0_0_beta1)) { @@ -87,6 +100,8 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx builder.field(ROLES_XFIELD, rolesStoreUsage); builder.field(ROLE_MAPPING_XFIELD, roleMappingStoreUsage); builder.field(SSL_XFIELD, sslUsage); + builder.field(TOKEN_SERVICE_XFIELD, tokenServiceUsage); + builder.field(API_KEY_SERVICE_XFIELD, apiKeyServiceUsage); builder.field(AUDIT_XFIELD, auditUsage); builder.field(IP_FILTER_XFIELD, ipFilterUsage); builder.field(ANONYMOUS_XFIELD, anonymousUsage); @@ -96,4 +111,5 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx public Map getRealmsUsage() { return Collections.unmodifiableMap(realmsUsage); } + } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java index bc79fab0043aa..2e5832d0834e7 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java @@ -29,7 +29,9 @@ import java.util.concurrent.atomic.AtomicReference; import static java.util.Collections.singletonMap; +import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED; +import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED; /** @@ -93,6 +95,8 @@ public Map nativeCodeInfo() { @Override public void usage(ActionListener listener) { Map sslUsage = sslUsage(settings); + Map tokenServiceUsage = tokenServiceUsage(settings); + Map apiKeyServiceUsage = apiKeyServiceUsage(settings); Map auditUsage = auditUsage(settings); Map ipFilterUsage = ipFilterUsage(ipFilter); Map anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings)); @@ -103,9 +107,9 @@ public void usage(ActionListener listener) { final CountDown countDown = new CountDown(3); final Runnable doCountDown = () -> { if (countDown.countDown()) { - listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), - rolesUsageRef.get(), roleMappingUsageRef.get(), - sslUsage, auditUsage, ipFilterUsage, anonymousUsage)); + listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(), + roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage, + apiKeyServiceUsage)); } }; @@ -152,6 +156,14 @@ static Map sslUsage(Settings settings) { return map; } + static Map tokenServiceUsage(Settings settings) { + return singletonMap("enabled", TOKEN_SERVICE_ENABLED_SETTING.get(settings)); + } + + static Map apiKeyServiceUsage(Settings settings) { + return singletonMap("enabled", API_KEY_SERVICE_ENABLED_SETTING.get(settings)); + } + static Map auditUsage(Settings settings) { Map map = new HashMap<>(2); map.put("enabled", XPackSettings.AUDIT_ENABLED.get(settings)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java index a8b2bf4b5350d..146dc78698eca 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java @@ -96,6 +96,24 @@ public void testUsage() throws Exception { settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled); final boolean transportSSLEnabled = randomBoolean(); settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled); + + boolean configureEnabledFlagForTokenService = randomBoolean(); + final boolean tokenServiceEnabled; + if (configureEnabledFlagForTokenService) { + tokenServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.token.enabled", tokenServiceEnabled); + } else { + tokenServiceEnabled = httpSSLEnabled; + } + boolean configureEnabledFlagForApiKeyService = randomBoolean(); + final boolean apiKeyServiceEnabled; + if (configureEnabledFlagForApiKeyService) { + apiKeyServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.api_key.enabled", apiKeyServiceEnabled); + } else { + apiKeyServiceEnabled = httpSSLEnabled; + } + final boolean auditingEnabled = randomBoolean(); settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled); final boolean httpIpFilterEnabled = randomBoolean(); @@ -185,6 +203,12 @@ public void testUsage() throws Exception { assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled)); assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled)); + // check Token service + assertThat(source.getValue("token_service.enabled"), is(tokenServiceEnabled)); + + // check API Key service + assertThat(source.getValue("api_key_service.enabled"), is(apiKeyServiceEnabled)); + // auditing assertThat(source.getValue("audit.enabled"), is(auditingEnabled)); if (auditingEnabled) { @@ -218,6 +242,8 @@ public void testUsage() throws Exception { } else { assertThat(source.getValue("realms"), is(nullValue())); assertThat(source.getValue("ssl"), is(nullValue())); + assertThat(source.getValue("token_service"), is(nullValue())); + assertThat(source.getValue("api_key_service"), is(nullValue())); assertThat(source.getValue("audit"), is(nullValue())); assertThat(source.getValue("anonymous"), is(nullValue())); assertThat(source.getValue("ipfilter"), is(nullValue()));