From 335cf91bb9929866b8e94f06bc0c961a2846bf01 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad <902768+bizybot@users.noreply.github.com> Date: Thu, 14 Feb 2019 23:08:52 +1100 Subject: [PATCH] Add enabled status for token and api key service (#38687) (#38882) Right now there is no way to determine whether the token service or API key service is enabled or not. This commit adds support for the enabled status of token and API key service to the security feature set usage API `/_xpack/usage`. Closes #38535 --- .../security/SecurityFeatureSetUsage.java | 18 ++++++++++++- .../xpack/security/SecurityFeatureSet.java | 18 ++++++++++--- .../security/SecurityFeatureSetTests.java | 26 +++++++++++++++++++ 3 files changed, 58 insertions(+), 4 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java index f615fbd0b53..bbbbc635ac2 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java @@ -22,6 +22,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private static final String ROLES_XFIELD = "roles"; private static final String ROLE_MAPPING_XFIELD = "role_mapping"; private static final String SSL_XFIELD = "ssl"; + private static final String TOKEN_SERVICE_XFIELD = "token_service"; + private static final String API_KEY_SERVICE_XFIELD = "api_key_service"; private static final String AUDIT_XFIELD = "audit"; private static final String IP_FILTER_XFIELD = "ipfilter"; private static final String ANONYMOUS_XFIELD = "anonymous"; @@ -29,6 +31,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { private Map realmsUsage; private Map rolesStoreUsage; private Map sslUsage; + private Map tokenServiceUsage; + private Map apiKeyServiceUsage; private Map auditUsage; private Map ipFilterUsage; private Map anonymousUsage; @@ -39,6 +43,10 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { realmsUsage = in.readMap(); rolesStoreUsage = in.readMap(); sslUsage = in.readMap(); + if (in.getVersion().onOrAfter(Version.V_7_1_0)) { + tokenServiceUsage = in.readMap(); + apiKeyServiceUsage = in.readMap(); + } auditUsage = in.readMap(); ipFilterUsage = in.readMap(); if (in.getVersion().before(Version.V_6_0_0_beta1)) { @@ -52,12 +60,15 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { public SecurityFeatureSetUsage(boolean available, boolean enabled, Map realmsUsage, Map rolesStoreUsage, Map roleMappingStoreUsage, Map sslUsage, Map auditUsage, - Map ipFilterUsage, Map anonymousUsage) { + Map ipFilterUsage, Map anonymousUsage, + Map tokenServiceUsage, Map apiKeyServiceUsage) { super(XPackField.SECURITY, available, enabled); this.realmsUsage = realmsUsage; this.rolesStoreUsage = rolesStoreUsage; this.roleMappingStoreUsage = roleMappingStoreUsage; this.sslUsage = sslUsage; + this.tokenServiceUsage = tokenServiceUsage; + this.apiKeyServiceUsage = apiKeyServiceUsage; this.auditUsage = auditUsage; this.ipFilterUsage = ipFilterUsage; this.anonymousUsage = anonymousUsage; @@ -69,6 +80,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { out.writeMap(realmsUsage); out.writeMap(rolesStoreUsage); out.writeMap(sslUsage); + out.writeMap(tokenServiceUsage); + out.writeMap(apiKeyServiceUsage); out.writeMap(auditUsage); out.writeMap(ipFilterUsage); if (out.getVersion().before(Version.V_6_0_0_beta1)) { @@ -87,6 +100,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { builder.field(ROLES_XFIELD, rolesStoreUsage); builder.field(ROLE_MAPPING_XFIELD, roleMappingStoreUsage); builder.field(SSL_XFIELD, sslUsage); + builder.field(TOKEN_SERVICE_XFIELD, tokenServiceUsage); + builder.field(API_KEY_SERVICE_XFIELD, apiKeyServiceUsage); builder.field(AUDIT_XFIELD, auditUsage); builder.field(IP_FILTER_XFIELD, ipFilterUsage); builder.field(ANONYMOUS_XFIELD, anonymousUsage); @@ -96,4 +111,5 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage { public Map getRealmsUsage() { return Collections.unmodifiableMap(realmsUsage); } + } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java index bc79fab0043..2e5832d0834 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java @@ -29,7 +29,9 @@ import java.util.Map; import java.util.concurrent.atomic.AtomicReference; import static java.util.Collections.singletonMap; +import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED; +import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED; /** @@ -93,6 +95,8 @@ public class SecurityFeatureSet implements XPackFeatureSet { @Override public void usage(ActionListener listener) { Map sslUsage = sslUsage(settings); + Map tokenServiceUsage = tokenServiceUsage(settings); + Map apiKeyServiceUsage = apiKeyServiceUsage(settings); Map auditUsage = auditUsage(settings); Map ipFilterUsage = ipFilterUsage(ipFilter); Map anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings)); @@ -103,9 +107,9 @@ public class SecurityFeatureSet implements XPackFeatureSet { final CountDown countDown = new CountDown(3); final Runnable doCountDown = () -> { if (countDown.countDown()) { - listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), - rolesUsageRef.get(), roleMappingUsageRef.get(), - sslUsage, auditUsage, ipFilterUsage, anonymousUsage)); + listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(), + roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage, + apiKeyServiceUsage)); } }; @@ -152,6 +156,14 @@ public class SecurityFeatureSet implements XPackFeatureSet { return map; } + static Map tokenServiceUsage(Settings settings) { + return singletonMap("enabled", TOKEN_SERVICE_ENABLED_SETTING.get(settings)); + } + + static Map apiKeyServiceUsage(Settings settings) { + return singletonMap("enabled", API_KEY_SERVICE_ENABLED_SETTING.get(settings)); + } + static Map auditUsage(Settings settings) { Map map = new HashMap<>(2); map.put("enabled", XPackSettings.AUDIT_ENABLED.get(settings)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java index a8b2bf4b535..146dc78698e 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java @@ -96,6 +96,24 @@ public class SecurityFeatureSetTests extends ESTestCase { settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled); final boolean transportSSLEnabled = randomBoolean(); settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled); + + boolean configureEnabledFlagForTokenService = randomBoolean(); + final boolean tokenServiceEnabled; + if (configureEnabledFlagForTokenService) { + tokenServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.token.enabled", tokenServiceEnabled); + } else { + tokenServiceEnabled = httpSSLEnabled; + } + boolean configureEnabledFlagForApiKeyService = randomBoolean(); + final boolean apiKeyServiceEnabled; + if (configureEnabledFlagForApiKeyService) { + apiKeyServiceEnabled = randomBoolean(); + settings.put("xpack.security.authc.api_key.enabled", apiKeyServiceEnabled); + } else { + apiKeyServiceEnabled = httpSSLEnabled; + } + final boolean auditingEnabled = randomBoolean(); settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled); final boolean httpIpFilterEnabled = randomBoolean(); @@ -185,6 +203,12 @@ public class SecurityFeatureSetTests extends ESTestCase { assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled)); assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled)); + // check Token service + assertThat(source.getValue("token_service.enabled"), is(tokenServiceEnabled)); + + // check API Key service + assertThat(source.getValue("api_key_service.enabled"), is(apiKeyServiceEnabled)); + // auditing assertThat(source.getValue("audit.enabled"), is(auditingEnabled)); if (auditingEnabled) { @@ -218,6 +242,8 @@ public class SecurityFeatureSetTests extends ESTestCase { } else { assertThat(source.getValue("realms"), is(nullValue())); assertThat(source.getValue("ssl"), is(nullValue())); + assertThat(source.getValue("token_service"), is(nullValue())); + assertThat(source.getValue("api_key_service"), is(nullValue())); assertThat(source.getValue("audit"), is(nullValue())); assertThat(source.getValue("anonymous"), is(nullValue())); assertThat(source.getValue("ipfilter"), is(nullValue()));