Skip to content

Fix unique realm name check to cover default realms #87999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 24, 2022
Merged

Fix unique realm name check to cover default realms #87999

merged 5 commits into from
Jun 24, 2022

Conversation

@ywangd
Copy link
Member

@ywangd ywangd commented Jun 24, 2022

All enabled realms must have unique names. This PR tightened the logic
for ensuring realm name uniqueness. Previously the unique name check
does not cover realms that are automatically enabled.

Relates: #69096

@ywangd
Fix unique realm names check to cover default realms
664354f 
All enabled realms must have unique names. This PR tightened the logic
for ensuring realm name uniqueness. Previously the unique name check
does not cover realms that are automatically enabled.

Relates: elastic#69096
@ywangd ywangd added >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v8.4.0 labels Jun 24, 2022
@ywangd ywangd requested a review from tvernum June 24, 2022 02:51
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jun 24, 2022
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 24, 2022

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Jun 24, 2022

Hi @ywangd, I've created a changelog YAML for you.

ywangd
ywangd commented Jun 24, 2022
View reviewed changes
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
)
);

// It is OK if the explicitly configured realm is disabled
Copy link
Member Author

@ywangd ywangd Jun 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and a few other test scenarios below can be seen as a leniency. Ideally these names should not be used at all. We may want to do something about it, e.g. log warnings. But it is a separate issue from what we are trying to fix here.

@ywangd
Copy link
Member Author

ywangd commented Jun 24, 2022

@elasticmachine update branch

tvernum
tvernum approved these changes Jun 24, 2022
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

n1v0lg
n1v0lg approved these changes Jun 24, 2022
View reviewed changes
Copy link
Contributor

@n1v0lg n1v0lg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the fix.

@ywangd @n1v0lg
Update x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/s…
466583a 
…ecurity/authc/Realms.java

Co-authored-by: Nikolaj Volgushev <[email protected]>
@ywangd ywangd added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Jun 24, 2022
@ywangd
Copy link
Member Author

ywangd commented Jun 24, 2022

@elasticmachine run elasticsearch-ci/part-2-fips

@elasticsearchmachine elasticsearchmachine merged commit a298645 into elastic:master Jun 24, 2022
@ywangd ywangd deleted the actually-no-duplicate-realm-names branch June 24, 2022 10:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@n1v0lg n1v0lg n1v0lg approved these changes

Assignees

No one assigned

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >bug :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team v8.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ywangd @elasticmachine @elasticsearchmachine @tvernum @n1v0lg