Skip to content

Commit 3470565

Browse files
Make the Get API keys API local only (#105497)
The Get API Key transport action is always executed locally, which means that the transport requests and responses are never serialized over the wire between cluster nodes. This PR removes the serialization dead code. Relates: #100111 #104653
1 parent bdf32e3 commit 3470565

File tree

7 files changed

+20
-421
lines changed

7 files changed

+20
-421
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/ApiKey.java

Lines changed: 1 addition & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,6 @@
77

88
package org.elasticsearch.xpack.core.security.action.apikey;
99

10-
import org.elasticsearch.TransportVersion;
11-
import org.elasticsearch.TransportVersions;
12-
import org.elasticsearch.common.io.stream.StreamInput;
13-
import org.elasticsearch.common.io.stream.StreamOutput;
14-
import org.elasticsearch.common.io.stream.Writeable;
1510
import org.elasticsearch.common.xcontent.XContentParserUtils;
1611
import org.elasticsearch.core.Assertions;
1712
import org.elasticsearch.core.Nullable;
@@ -44,9 +39,7 @@
4439
/**
4540
* API key information
4641
*/
47-
public final class ApiKey implements ToXContentObject, Writeable {
48-
49-
public static final TransportVersion CROSS_CLUSTER_KEY_VERSION = TransportVersions.V_8_9_X;
42+
public final class ApiKey implements ToXContentObject {
5043

5144
public enum Type {
5245
/**
@@ -164,47 +157,6 @@ private ApiKey(
164157
this.limitedBy = limitedBy;
165158
}
166159

167-
public ApiKey(StreamInput in) throws IOException {
168-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_5_0)) {
169-
this.name = in.readOptionalString();
170-
} else {
171-
this.name = in.readString();
172-
}
173-
this.id = in.readString();
174-
if (in.getTransportVersion().onOrAfter(CROSS_CLUSTER_KEY_VERSION)) {
175-
this.type = in.readEnum(Type.class);
176-
} else {
177-
// This default is safe because
178-
// 1. ApiKey objects never transfer between nodes
179-
// 2. Creating cross-cluster API keys mandates minimal node version that understands the API key type
180-
this.type = Type.REST;
181-
}
182-
this.creation = in.readInstant();
183-
this.expiration = in.readOptionalInstant();
184-
this.invalidated = in.readBoolean();
185-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_12_0)) {
186-
this.invalidation = in.readOptionalInstant();
187-
} else {
188-
this.invalidation = null;
189-
}
190-
191-
this.username = in.readString();
192-
this.realm = in.readString();
193-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
194-
this.metadata = in.readGenericMap();
195-
} else {
196-
this.metadata = Map.of();
197-
}
198-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
199-
final List<RoleDescriptor> roleDescriptors = in.readOptionalCollectionAsList(RoleDescriptor::new);
200-
this.roleDescriptors = roleDescriptors != null ? List.copyOf(roleDescriptors) : null;
201-
this.limitedBy = in.readOptionalWriteable(RoleDescriptorsIntersection::new);
202-
} else {
203-
this.roleDescriptors = null;
204-
this.limitedBy = null;
205-
}
206-
}
207-
208160
public String getId() {
209161
return id;
210162
}
@@ -323,34 +275,6 @@ private void buildXContentForCrossClusterApiKeyAccess(XContentBuilder builder, R
323275
builder.endObject();
324276
}
325277

326-
@Override
327-
public void writeTo(StreamOutput out) throws IOException {
328-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_5_0)) {
329-
out.writeOptionalString(name);
330-
} else {
331-
out.writeString(name);
332-
}
333-
out.writeString(id);
334-
if (out.getTransportVersion().onOrAfter(CROSS_CLUSTER_KEY_VERSION)) {
335-
out.writeEnum(type);
336-
}
337-
out.writeInstant(creation);
338-
out.writeOptionalInstant(expiration);
339-
out.writeBoolean(invalidated);
340-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_12_0)) {
341-
out.writeOptionalInstant(invalidation);
342-
}
343-
out.writeString(username);
344-
out.writeString(realm);
345-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
346-
out.writeGenericMap(metadata);
347-
}
348-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
349-
out.writeOptionalCollection(roleDescriptors);
350-
out.writeOptionalWriteable(limitedBy);
351-
}
352-
}
353-
354278
@Override
355279
public int hashCode() {
356280
return Objects.hash(

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/GetApiKeyRequest.java

Lines changed: 2 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,10 @@
77

88
package org.elasticsearch.xpack.core.security.action.apikey;
99

10-
import org.elasticsearch.TransportVersion;
11-
import org.elasticsearch.TransportVersions;
1210
import org.elasticsearch.action.ActionRequest;
1311
import org.elasticsearch.action.ActionRequestValidationException;
12+
import org.elasticsearch.action.support.TransportAction;
1413
import org.elasticsearch.common.Strings;
15-
import org.elasticsearch.common.io.stream.StreamInput;
1614
import org.elasticsearch.common.io.stream.StreamOutput;
1715
import org.elasticsearch.core.Nullable;
1816

@@ -26,8 +24,6 @@
2624
*/
2725
public final class GetApiKeyRequest extends ActionRequest {
2826

29-
static TransportVersion API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION = TransportVersions.V_8_10_X;
30-
3127
private final String realmName;
3228
private final String userName;
3329
private final String apiKeyId;
@@ -36,29 +32,6 @@ public final class GetApiKeyRequest extends ActionRequest {
3632
private final boolean withLimitedBy;
3733
private final boolean activeOnly;
3834

39-
public GetApiKeyRequest(StreamInput in) throws IOException {
40-
super(in);
41-
realmName = textOrNull(in.readOptionalString());
42-
userName = textOrNull(in.readOptionalString());
43-
apiKeyId = textOrNull(in.readOptionalString());
44-
apiKeyName = textOrNull(in.readOptionalString());
45-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_4_0)) {
46-
ownedByAuthenticatedUser = in.readOptionalBoolean();
47-
} else {
48-
ownedByAuthenticatedUser = false;
49-
}
50-
if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
51-
withLimitedBy = in.readBoolean();
52-
} else {
53-
withLimitedBy = false;
54-
}
55-
if (in.getTransportVersion().onOrAfter(API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION)) {
56-
activeOnly = in.readBoolean();
57-
} else {
58-
activeOnly = false;
59-
}
60-
}
61-
6235
private GetApiKeyRequest(
6336
@Nullable String realmName,
6437
@Nullable String userName,
@@ -136,20 +109,7 @@ public ActionRequestValidationException validate() {
136109

137110
@Override
138111
public void writeTo(StreamOutput out) throws IOException {
139-
super.writeTo(out);
140-
out.writeOptionalString(realmName);
141-
out.writeOptionalString(userName);
142-
out.writeOptionalString(apiKeyId);
143-
out.writeOptionalString(apiKeyName);
144-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_4_0)) {
145-
out.writeOptionalBoolean(ownedByAuthenticatedUser);
146-
}
147-
if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
148-
out.writeBoolean(withLimitedBy);
149-
}
150-
if (out.getTransportVersion().onOrAfter(API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION)) {
151-
out.writeBoolean(activeOnly);
152-
}
112+
TransportAction.localOnly();
153113
}
154114

155115
@Override

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/GetApiKeyResponse.java

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,8 @@
88
package org.elasticsearch.xpack.core.security.action.apikey;
99

1010
import org.elasticsearch.action.ActionResponse;
11-
import org.elasticsearch.common.io.stream.StreamInput;
11+
import org.elasticsearch.action.support.TransportAction;
1212
import org.elasticsearch.common.io.stream.StreamOutput;
13-
import org.elasticsearch.common.io.stream.Writeable;
1413
import org.elasticsearch.xcontent.ConstructingObjectParser;
1514
import org.elasticsearch.xcontent.ParseField;
1615
import org.elasticsearch.xcontent.ToXContentObject;
@@ -19,7 +18,6 @@
1918

2019
import java.io.IOException;
2120
import java.util.Collection;
22-
import java.util.Collections;
2321
import java.util.List;
2422
import java.util.Objects;
2523

@@ -29,22 +27,17 @@
2927
* Response for get API keys.<br>
3028
* The result contains information about the API keys that were found.
3129
*/
32-
public final class GetApiKeyResponse extends ActionResponse implements ToXContentObject, Writeable {
30+
public final class GetApiKeyResponse extends ActionResponse implements ToXContentObject {
3331

3432
private final ApiKey[] foundApiKeysInfo;
3533

36-
public GetApiKeyResponse(StreamInput in) throws IOException {
37-
super(in);
38-
this.foundApiKeysInfo = in.readArray(ApiKey::new, ApiKey[]::new);
39-
}
40-
4134
public GetApiKeyResponse(Collection<ApiKey> foundApiKeysInfo) {
4235
Objects.requireNonNull(foundApiKeysInfo, "found_api_keys_info must be provided");
4336
this.foundApiKeysInfo = foundApiKeysInfo.toArray(new ApiKey[0]);
4437
}
4538

4639
public static GetApiKeyResponse emptyResponse() {
47-
return new GetApiKeyResponse(Collections.emptyList());
40+
return new GetApiKeyResponse(List.of());
4841
}
4942

5043
public ApiKey[] getApiKeyInfos() {
@@ -59,7 +52,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
5952

6053
@Override
6154
public void writeTo(StreamOutput out) throws IOException {
62-
out.writeArray(foundApiKeysInfo);
55+
TransportAction.localOnly();
6356
}
6457

6558
@SuppressWarnings("unchecked")

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/apikey/ApiKeySerializationTests.java

Lines changed: 0 additions & 81 deletions
This file was deleted.

0 commit comments

Comments
 (0)