Skip to content

Move role validation to REST layer instead of transport #74549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Move role validation to REST layer instead of transport #74549

wants to merge 6 commits into from

Conversation

@pgomulka
Copy link
Contributor

@pgomulka pgomulka commented Jun 24, 2021
edited
Loading

At the moment role validation is performed in TransportPutRoleAction. The RestApiVersion is not available there - intended to be in REST layer - and because of this the validation of a role with a query using v7 features will not work.
For instance

security.put_role:
      name: "role"
      body: "{\n  \"cluster\": [\"all\"],\n  \"indices\": [\n    {\n      \"names\"\
        : \"index\",\n      \"privileges\": [\"all\"],\n      \"query\" : {\n    \
        \    \"terms\" : { \"field\" : { \"index\" : \"_index\", \"type\" : \"_type\"\
        , \"id\" : \"_id\", \"path\" : \"_path\"} }\n      }\n    }\n  ]\n}\n"

woudl fail because it contains a Terms query with a type field which was removed in v8

follow up from #74544 (comment)
relates relates main meta issue #51816

pgomulka added 6 commits June 24, 2021 09:37
@pgomulka
[Rest Api Compatibility] Typed TermLookups
3812672 
Previously removed in elastic#46943
parsing type field in term lookup is now possible with rest
compatible api. The type field is ignored

relates main meta issue elastic#51816
relates type removal meta issue elastic#54160
@pgomulka
role validation
3fd6d42
@pgomulka
precommit
e04630b
@pgomulka
rest putrole action tests
8b2b49e
@pgomulka
malformed queries tests
3cfec42
@pgomulka
Merge remote-tracking branch 'upstream/master' into compat/terms_look…
8cf77c4 
…up_and_role_validation
@pgomulka pgomulka changed the title Compat/terms lookup and role validation Move role validation to REST layer instead of transport Jun 28, 2021
@elasticsearchmachine elasticsearchmachine changed the base branch from master to main July 22, 2022 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pgomulka