-
Notifications
You must be signed in to change notification settings - Fork 25k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add extensionName() to security extension #79329
Conversation
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new name() method is added which defaults to the class name of the extension, but can be customized by implementations
Pinging @elastic/es-security (Team:Security) |
This comment has been minimized.
This comment has been minimized.
+ "both set an authorization engine"); | ||
} | ||
authorizationEngine = extensionEngine; | ||
extensionName = extension.toString(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This old code was buggy.
If you have 3 extensions "a", "b", "c" and "a" & "b" both return an engine (but "c" doesn't) then the result would depend on the order of the extension list.
- "a" "b" "c" ⇒ exception
- "a" "c" "b" ⇒ return the engine from "b"
Because we set authorizationEngine
and extensionName
to the current extension in the list, even if that extension didn't return an engine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -115,4 +115,8 @@ default AuthenticationFailureHandler getAuthenticationFailureHandler(SecurityCom | |||
default AuthorizationEngine getAuthorizationEngine(Settings settings) { | |||
return null; | |||
} | |||
|
|||
default String extensionName() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: why not just name()
since the word extension
is already part of the class name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because I didn't think it would be as clear to people implementing security extensions what "name" was supposed to be, and what behaviour it should have.
extensionName
is self describing
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
Outdated
Show resolved
Hide resolved
…ecurity/Security.java Co-authored-by: Yang Wang <[email protected]>
FIPS tests are failing for an unrelated reason. Merging this PR while we work on fixing them. |
💔 Backport failed
You can use sqren/backport to manually backport by running |
* upstream/master: (34 commits) Add extensionName() to security extension (elastic#79329) More robust and consistent allowAll indicesAccessControl (elastic#79415) Fix circuit breaker leak in MultiTerms aggregation (elastic#79362) guard geoline aggregation from parents aggegator that emit empty buckets (elastic#79129) Vector tiles: increase the size of the envelope used to clip geometries (elastic#79030) Revert "[ML] Add queue_capacity setting to start deployment API (elastic#79369)" (elastic#79374) Convert token service license object to LicensedFeature (elastic#79284) [TEST] Fix ShardPathTests for MDP (elastic#79393) Fix fleet search API with no checkpints (elastic#79400) Reduce BWC version for transient settings (elastic#79396) EQL: Rename a test class for eclipse (elastic#79254) Use search_coordination threadpool in field caps (elastic#79378) Use query param instead of a system property for opting in for new cluster health response code (elastic#79351) Add new kNN search endpoint (elastic#79013) Disable BWC tests Convert auditing license object to LicensedFeature (elastic#79280) Update BWC versions after backport of elastic#78551 Enable InstantiatingObjectParser to pass context as a first argument (elastic#79206) Move xcontent filtering tests (elastic#79298) Update links to Fleet/Agent docs (elastic#79303) ...
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new extensionName() method is added which defaults to the class name of the extension, but can be customized by implementations Backport of: elastic#79329
Extension loading code needs to know how to refer to an extension at runtime. It previously used "toString()", but there was no contract that required that this method be implemented in a meaningful way. A new extensionName() method is added which defaults to the class name of the extension, but can be customized by implementations Backport of: #79329
Extension loading code needs to know how to refer to an extension at
runtime. It previously used "toString()", but there was no contract
that required that this method be implemented in a meaningful way.
A new
extensionName()
method is added which defaults to the class name of theextension, but can be customized by implementations