Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to add and remove multiple keystore keys in a single operation #15612

Merged
merged 3 commits into from
Nov 30, 2023
Merged

Add support to add and remove multiple keystore keys in a single operation #15612

merged 3 commits into from
Nov 30, 2023

Conversation

edmocosta
Copy link
Contributor

Release notes

  • Added support to add and remove multiple keystore keys in a single operation
  • Fixed the empty value validation for editing existing key values
  • Added ASCII validation for key values

What does this PR do?

  • Added support to add and remove multiple keys in a single operation, example: 
    bin/logstash-keystore add FOO BAR
bin/logstash-keystore remove FOO BAR
  • Fixed the empty value validation for editing existing key values
  • Added ASCII validation for key values

Why is it important/What is the impact to the user?

Currently, adding keys to the keystore need to call command logstash-keystore add YOUR_KEY one by one for each key, which is very time-consuming because it starts and stops JVM each time.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files (and/or docker env variables)
  • I have added tests that prove my fix is effective or that my feature works

How to test this PR locally

  • Add and remove multiple keys

Related issues

@edmocosta edmocosta force-pushed the add-keystore-multi-operation-support branch from 9463fee to 2385532 Compare November 24, 2023 13:24
@edmocosta
Added support to add and remove multiple keys in a single operation
f36a46d 
Fixed/Added empty and ASCII value validation
@edmocosta edmocosta force-pushed the add-keystore-multi-operation-support branch from 2385532 to f36a46d Compare November 24, 2023 14:38
edmocosta
edmocosta commented Nov 24, 2023
View reviewed changes
logstash-core/src/main/java/org/logstash/secret/cli/SecretStoreCli.java
final SecretIdentifier id = new SecretIdentifier(argument);
final byte[] existingValue = secretStore.retrieveSecret(id);
if (existingValue != null) {
SecretStoreUtil.clearBytes(existingValue);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering if it's really needed?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to keep it to avoid jvm dump leak the value

@edmocosta edmocosta changed the title [WIP] Add support to add and remove multiple keystore keys in a single operation Add support to add and remove multiple keystore keys in a single operation Nov 24, 2023
@edmocosta edmocosta marked this pull request as ready for review November 24, 2023 16:08
kaisecheng
kaisecheng reviewed Nov 29, 2023
View reviewed changes
Copy link
Contributor

@kaisecheng kaisecheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work. It works as described. I suggested to add ASCII limitation to the docs.
Otherwise, LGTM

docs/static/keystore.asciidoc

["source","sh",subs="attributes"]
----------------------------------------------------------------
bin/logstash-keystore remove ES_PWD
bin/logstash-keystore remove ES_USER ES_PWD
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a note to remind user that the value should only be ASCII.

logstash-core/src/main/java/org/logstash/secret/cli/SecretStoreCli.java
final SecretIdentifier id = new SecretIdentifier(argument);
final byte[] existingValue = secretStore.retrieveSecret(id);
if (existingValue != null) {
SecretStoreUtil.clearBytes(existingValue);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to keep it to avoid jvm dump leak the value

kaisecheng
kaisecheng approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@kaisecheng kaisecheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

docs/static/keystore.asciidoc Outdated Show resolved Hide resolved
@elastic-sonarqube Elastic SonarQube
Copy link

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 4 Code Smells

88.9% 88.9% Coverage
0.0% 0.0% Duplication

@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 29, 2023
edited
Loading

💔 Build Failed

Failed CI Steps

History

@edmocosta edmocosta merged commit 5543e3c into elastic:main Nov 30, 2023
5 of 6 checks passed
@edmocosta edmocosta deleted the add-keystore-multi-operation-support branch November 30, 2023 09:21
@thbkrkr thbkrkr mentioned this pull request Dec 22, 2023
Closed
@kaisecheng kaisecheng mentioned this pull request Dec 22, 2023
Closed
@edmocosta edmocosta mentioned this pull request Jan 2, 2024
Merged
5 tasks
@github-actions github-actions bot mentioned this pull request Jan 3, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaisecheng kaisecheng kaisecheng approved these changes

Assignees
No one assigned
Labels
status:needs-review
Projects
None yet
Milestone
No milestone
4 participants
@edmocosta @elasticmachine @kaisecheng @roaksoax