-
Notifications
You must be signed in to change notification settings - Fork 25.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reload Secure Settings REST specs & docs #32990
Merged
albertzaharovits
merged 3 commits into
elastic:master
from
albertzaharovits:rest-docs-reload-secure-settings
Aug 26, 2018
Merged
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
57 changes: 57 additions & 0 deletions
57
docs/reference/cluster/nodes-reload-secure-settings.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| [[cluster-nodes-reload-secure-settings]] | ||
| == Nodes Reload Secure Settings | ||
|
|
||
| The cluster nodes reload secure settings API is used to re-read the | ||
| local node's encrypted keystore. Specifically, it broadcasts a password | ||
| which is used to decrypt the contents of the node's keystore. The keystore's | ||
| plain content is then used to reinitialize compatible plugins. The operation is | ||
| complete when all compatible plugins have finished reinitilizing. Subsequently, | ||
| the keystore is closed and any modifications will not be reflected by plugins. | ||
|
|
||
| Note: At the moment, the password parameter is not supported. The empty password | ||
| is the only valid value. Consequently, the request body is empty. | ||
|
|
||
| [source,js] | ||
| -------------------------------------------------- | ||
| POST _nodes/reload_secure_settings | ||
| POST _nodes/nodeId1,nodeId2/reload_secure_settings | ||
| -------------------------------------------------- | ||
| // CONSOLE | ||
| // TEST[setup:node] | ||
| // TEST[s/nodeId1,nodeId2/*/] | ||
|
|
||
| The first command reloads the keystore on each node. The seconds allows | ||
| to selectively target `nodeId1` and `nodeId2`. The node selection options are | ||
| detailed <<cluster-nodes,here>>. | ||
|
|
||
| Note: It is an error if secure settings are inconsistent across the cluster | ||
| nodes, yet consistency is not enforced whatsoever. Hence, reloading specific | ||
| nodes is not standard. It is only justifiable when retrying failed reload operations. | ||
|
|
||
| [float] | ||
| [[rest-reload-secure-settings]] | ||
| ==== REST Reload Secure Settings Response | ||
|
|
||
| The response contains the `nodes` object, which is a map, keyed by the | ||
| node id. Each value has the node `name` and an optional `reload_exception` | ||
| field. The `reload_exception` field is a serialization of the exception | ||
| that was thrown during the reload process, if any. | ||
|
|
||
| [source,js] | ||
| -------------------------------------------------- | ||
| { | ||
| "_nodes": { | ||
| "total": 1, | ||
| "successful": 1, | ||
| "failed": 0 | ||
| }, | ||
| "cluster_name": "my_cluster", | ||
| "nodes": { | ||
| "pQHNt5rXTTWNvUgOrdynKg": { | ||
| "name": "node-0" | ||
| } | ||
| } | ||
| } | ||
| -------------------------------------------------- | ||
| // TESTRESPONSE[s/"my_cluster"/$body.cluster_name/] | ||
| // TESTRESPONSE[s/"pQHNt5rXTTWNvUgOrdynKg"/\$node_name/] | ||
23 changes: 23 additions & 0 deletions
23
rest-api-spec/src/main/resources/rest-api-spec/api/nodes.reload_secure_settings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| { | ||
| "nodes.reload_secure_settings": { | ||
| "documentation": "http://www.elastic.co/guide/en/elasticsearch/reference/master/cluster-nodes-reload-secure-settings.html", | ||
| "methods": ["POST"], | ||
| "url": { | ||
| "path": "/_nodes/reload_secure_settings", | ||
| "paths": ["/_nodes/reload_secure_settings", "/_nodes/{node_id}/reload_secure_settings"], | ||
| "parts": { | ||
| "node_id": { | ||
| "type": "list", | ||
| "description": "A comma-separated list of node IDs to span the reload/reinit call. Should stay empty because reloading usually involves all cluster nodes." | ||
| } | ||
| }, | ||
| "params": { | ||
| "timeout": { | ||
| "type" : "time", | ||
| "description" : "Explicit operation timeout" | ||
| } | ||
| } | ||
| }, | ||
| "body": null | ||
| } | ||
| } |
8 changes: 8 additions & 0 deletions
8
...-api-spec/src/main/resources/rest-api-spec/test/nodes.reload_secure_settings/10_basic.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| "node_reload_secure_settings test": | ||
|
|
||
| - do: | ||
| nodes.reload_secure_settings: {} | ||
|
|
||
| - is_true: nodes | ||
| - is_true: cluster_name |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this action no longer broadcasts a password. @jasontedor and I discussed that removing this made the most sense until we actually implement passwords for the keystore. See #32889
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hah... I have checked the code of course, and I felt something was missing, I recalled adding the password in the request body, yet now it wasn't there, though I haven't investigated further. Thanks for the pointer Jay!
There is a note after this paragraph, disclaiming the password broadcast statement:
I presume you have noticed it, but, in order to be consistent with the pointed change, you wish to banish the mention of 'password'.
I will make the changes.