Skip to content

Enable caching of roles from the api keys #36387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 10, 2018
Merged

Enable caching of roles from the api keys #36387

merged 3 commits into from
Dec 10, 2018

Conversation

@jaymode
Copy link
Member

@jaymode jaymode commented Dec 7, 2018

This commit enables api keys to share the same cache for roles that is
already in use for roles from other sources. In order to avoid the
possibility of a key collision with roles that do not belong to api
keys, the key for the roles cache now includes a source field that
prevents these collisions.

@jaymode
Enable caching of roles from the api keys
95e167b 
This commit enables api keys to share the same cache for roles that is
already in use for roles from other sources. In order to avoid the
possibility of a key collision with roles that do not belong to api
keys, the key for the roles cache now includes a source field that
prevents these collisions.
@jaymode jaymode added >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC labels Dec 7, 2018
@jaymode jaymode requested a review from tvernum December 7, 2018 19:24
@elasticmachine
Copy link
Collaborator

elasticmachine commented Dec 7, 2018

Pinging @elastic/es-security

tvernum
tvernum approved these changes Dec 10, 2018
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

...security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
}
listener.onResponse(role);
}, listener::onFailure));
}
Copy link
Contributor

@tvernum tvernum Dec 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Needs a blank line.

Copy link
Member Author

@jaymode jaymode Dec 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jaymode jaymode merged commit 554bf23 into elastic:security_api_keys Dec 10, 2018
@jaymode jaymode deleted the api_key_role_cache branch December 10, 2018 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

No one assigned

Labels

>non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaymode @elasticmachine @tvernum