-
Notifications
You must be signed in to change notification settings - Fork 25.6k
Remove @UpdateForV9 annotations from Security code #123176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 5 commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
c18b3ab
Remove `@UpdateForV9` annotation on code that has been deprecated and…
mattc58 94d6062
[CI] Auto commit changes from spotless
1f236f1
Merge remote-tracking branch 'upstream/main' into remove-security-upd…
mattc58 a402f2b
Change UpdateForV9 to UpdateForV10 for License `hide_enterprise`
mattc58 7edaedc
Merge remote-tracking branch 'origin/remove-security-updateforv9' int…
mattc58 e206c2a
Merge branch 'main' into remove-security-updateforv9
jakelandis 32682ba
kick can down the road for accept_enterprise
jakelandis f3b7c6d
adjust rest api compat for accept_enterprise
jakelandis a3336f2
adjust to no longer rely on rest api compatiblity
jakelandis 2012ab2
full circle back to where I started
jakelandis dc697d4
remove unecessary code
jakelandis e756b91
Merge branch 'main' into remove-security-updateforv9
mattc58 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure that is as simple as it appears since this a marker for some partially removed functionality:
This is related to use and deprecation of "accept_enterprise" for license. This specific string isn't the primary reason for the annotation, rather it a marker for the related code which has been partially removed.
Specifically it is part of the change code via 8.x branch: https://github.com/elastic/elasticsearch/blob/8.x/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java#L82
It also says that if you send "accept_enterprise=false" on or after REST API v8, then raise an exception. To put another way it says it if you send "accept_enterprise=false" before REST API v8 by sending the v7 compatibility header, then don't error.
Since we removed support for v7 compatibility that logic was changed via https://github.com/elastic/elasticsearch/pull/114881/files#diff-f0af8e6057207cbe3628cfbc9bcab24d2d38ad1c39bdb34efb92262dbd3eb8e4L75.
It also appears there was additional related stuff to the v7 REST API compatibility that was removed s
https://github.com/elastic/elasticsearch/blob/8.x/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java#L66-L72 (this part is relevant to this exact string)
So it appears that some of this functionality is already partially removed with the expectation it will be fully removed. Any gates that changed behavior based on the v7 REST API have been removed. I am not familiar enough with the functionality or original change to comment on exactly what functionality is gated by v7 REST API compatibility vs. breaking change vs. the expectations in the current state.
It now says if you send "accept_enterprise=false" for ANY REST API version, then raise an exception. I think this is OK and desired since it still consumes the parameter (avoiding an exception) and will continue emit a warning as it did in v8. However, since there are other parts that have been partially removed I am not sure what happens if you send "accept_enterprise=true". If that doesn't work or it errors, then maybe we are better off just removing fully removing support for
accept_enterprise(which is a bigger change). If we leave it as-is (this PR), then I think should at least ensure no error and correct results for "accept_enterprise=true". Else, we should restore the relevant code from 8.x and bump REST API versions V_7 to V_8 ; and V_8 to V_9 so it behave identically to 8.x.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added back all the original code that we removed via different PRs here: 32682ba , then adjusted the functionality per REST API version needs : a3336f2, simplified the code 2012ab2 ... and ended up right back where @mattc58 left off and I started 🪃 . The only real change since @mattc58's version was some minor clean up of dead code paths: dc697d4