[UII] Allow Fleet post secret and get secret to accept array of strings #124607
Conversation
Add tests Fix tests [CI] Auto commit changes from spotless
jen-huang
force-pushed
the
jh/fleet-multi-secrets
branch
from
b6ac015 to
4fe3ef9
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR updates the Fleet secret APIs to allow storing and retrieving secrets as an array of strings in addition to a single string. Key changes include updating the secret request/response classes to support multiple value types, adding appropriate parser logic, and extending YAML tests to cover the multi-value scenarios.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/action/TransportGetSecretAction.java | Adjusts GET secret handling to support a list of strings |
| x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/action/PostSecretRequest.java | Updates parsing, serialization, and validation to handle multi-value secrets |
| x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/action/GetSecretResponse.java | Modifies response serialization to support returning a string array |
| x-pack/plugin/fleet/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/fleet/40_secrets_get.yml | Adds integration test for retrieving multi-value secrets |
| x-pack/plugin/fleet/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/fleet/30_secrets_post.yml | Adds integration test for creating multi-value secrets |
| x-pack/plugin/fleet/src/test/java/org/elasticsearch/xpack/fleet/action/PostSecretRequestTests.java | Introduces unit tests for validating behavior with multiple and invalid secret values |
Comments suppressed due to low confidence (1)
x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/action/PostSecretRequest.java:60
- The StreamInput deserialization only reads a String, which does not support the new array type. Update the deserialization logic to distinguish between a single string and an array of strings.
this.value = in.readString();
| id = in.readString(); | ||
| value = in.readString(); | ||
| this.id = in.readString(); | ||
| this.value = in.readString(); |
There was a problem hiding this comment.
The StreamInput deserialization for 'value' only handles a single String. When a multi-value secret is returned, the stream reading should be updated to properly deserialize a String array.
| this.value = in.readString(); | |
| if (in.readBoolean()) { | |
| this.value = in.readString(); | |
| } else { | |
| this.value = in.readStringArray(); | |
| } |
There was a problem hiding this comment.
I tried this but it makes tests fail with error about unexpected byte
I also tried this.value = in.readGenericValue(); and tests also fail with errors like:
unexpected error expanding serialized delayed writeable
tried to read: 119 bytes but only 9 remaining
(tests can be run with ./gradlew ":x-pack:plugin:fleet:test" --tests "org.elasticsearch.xpack.fleet.action.GetSecretResponseTests.*")
I tried similar for PostSecretResponse as well with the same errors.
but it seems that this constructor is not used by REST endpoints, so it may be safe to leave readString() only here?
jen-huang
changed the title
jen-huang
added
external-contributor
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
jen-huang
added
>enhancement
and removed
Team:Core/Infra
|
Hi @jen-huang, I've created a changelog YAML for you. |
|
Closing, going to handle this on Kibana side instead (elastic/kibana#205102 (comment)). |
Description
Part of elastic/kibana#205102. This PR aims to modify
POST /_fleet/secretto accept a string or an array of strings (it currently only supports a string) so that Fleet can support integrations which have multi-secret fields. Similarly,GET /_fleet/secret/<secret id>should return string or array of strings.Testing