首页 发现 帮助
登录
lqb
/
elasticsearch
镜像自地址 https://gitee.com/mirrors/elasticsearch.git
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Add missing description for `transport_client` reserved role (#108633)

This PR adds missing role description for the `transport_client role`, 
and a test to enforce that all reserved roles are described. 
The description also serves as self-documentation for roles, 
thus it is reasonable to make this a requirement for all reserved roles.

Relates to #108422, which included descriptions for other reserved roles.
Slobodan Adamović 1 年之前
父节点
fd2ba451bc
当前提交
0330efb885
共有 2 个文件被更改,包括 20 次插入1 次删除
分列视图 显示文件统计
  1. 11 1
      x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
  2. 9 0
      x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

+ 11 - 1
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
查看文件 

@@ -165,7 +165,17 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
 
                     new String[] { "transport_client" },
 
                     null,
 
                     null,
 
-                    MetadataUtils.DEFAULT_RESERVED_METADATA
 
+                    null,
 
+                    null,
 
+                    MetadataUtils.DEFAULT_RESERVED_METADATA,
 
+                    null,
 
+                    null,
 
+                    null,
 
+                    null,
 
+                    "Grants the privileges required to access the cluster through the Java Transport Client. "
 
+                        + "The Java Transport Client fetches information about the nodes in the cluster using "
 
+                        + "the Node Liveness API and the Cluster State API (when sniffing is enabled). "
 
+                        + "Assign your users this role if they use the Transport Client."
 
                 )
 
             ),
 
             entry("kibana_admin", kibanaAdminUser("kibana_admin", MetadataUtils.DEFAULT_RESERVED_METADATA)),

+ 9 - 0
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
查看文件 

@@ -3723,6 +3723,15 @@ public class ReservedRolesStoreTests extends ESTestCase {
 
         assertThat(rolesWithRemoteIndicesPrivileges, containsInAnyOrder("kibana_system", "monitoring_user"));
 
     }
 
 
+    /**
 
+     * Ensures that all reserved roles are self-documented with a brief description.
 
+     */
 
+    public void testAllReservedRolesHaveDescription() {
 
+        for (RoleDescriptor role : ReservedRolesStore.roleDescriptors()) {
 
+            assertThat("reserved role [" + role.getName() + "] must have description", role.hasDescription(), is(true));
 
+        }
 
+    }
 
+
 
     private void assertAllIndicesAccessAllowed(Role role, String index) {
 
         logger.info("index name [{}]", index);
 
         assertThat(role.indices().allowedIndicesMatcher("indices:foo").test(mockIndexAbstraction(index)), is(true));