-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CORE-7152] Admin: Introduce GET /v1/features/enterprise
endpoint
#23314
[CORE-7152] Admin: Introduce GET /v1/features/enterprise
endpoint
#23314
Conversation
cc05a65
to
23b1634
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks really good
violation = rsp.get('violation', None) | ||
assert type( | ||
violation) == bool, f"Ill-formed violation flag {type(violation)}" | ||
assert not violation, "Config unexpectedly in violation" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix/test: will probably in FIPS CDT as FIPS is enabled in the FIPS CDT environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right, right, we talked about this the other day. per below, will give a run through CDT and see what happens.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added fips_ok_to_fail
to avoid too much mucking around. lmk if you think it's worth refactoring the tests to account for this.
Once initial CI completes let's run a "/cdt fips " |
new failures in https://buildkite.com/redpanda/redpanda/builds/54529#0191fc48-b238-4427-9ff6-97c8d35ff9a1:
new failures in https://buildkite.com/redpanda/redpanda/builds/54529#0191fc4b-47f3-4c1f-8d94-c1278905b7e1:
new failures in https://buildkite.com/redpanda/redpanda/builds/54545#0191fd0d-6347-47ad-a2f6-a8f7862da9cf:
new failures in https://buildkite.com/redpanda/redpanda/builds/54570#0191feb1-8056-482d-8eb3-fac453fd76f5:
|
oh, whoops, my license tests are bugged - forgot to populate the env var on the last few runs. back to draft for a sec |
ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/54529#0191fc48-b23b-4879-ae17-d30346b9eb12 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/54545#0191fd0d-634c-436d-b50e-9142b27aa051 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/54545#0191fd0d-6347-47ad-a2f6-a8f7862da9cf ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/54545#0191fd0d-6344-4217-bbc9-e463daf7dd26 ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/54631#01920249-e915-46ff-aedf-03a23a2ca4c8 |
23b1634
to
6943ee6
Compare
force push contents:
|
src/v/redpanda/admin/server.cc
Outdated
res.license_status = license_status; | ||
res.violation = license_status != status::valid && report.any(); | ||
for (std::size_t i = 0; i < report.size(); ++i) { | ||
auto feat = static_cast<model::license_required_feature>(i); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the feature set were represented as a vector of enum then we could avoid this casting from integer to enum, right? is the size of the feature set important? it seems like right now it would be about 20 bytes max and one would only exist in memory for the lifetime of the request?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
feature set were represented as a vector of enum
we want both enabled and disabled features, so I was choosing between bitset
and map<enum,bool>
, both of which are kinda smelly IMO. not really about size, just teasing out a "natural" representation for both the state of each feature and whether any enterprise feature is ON.
that said I think the answer is neither - 2x vector<enum>
is 👌
6943ee6
to
b0afb4b
Compare
force push move report bits to v/features and clean up interface |
b0afb4b
to
9b13050
Compare
force push bazel flub |
9b13050
to
77e64c4
Compare
force push another bazel flub |
77e64c4
to
f60fc59
Compare
bool any() const { return !_enabled.empty(); } | ||
|
||
private: | ||
vtype _enabled; | ||
vtype _disabled; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
|
||
return cfg.audit_enabled || cfg.cloud_storage_enabled | ||
|| cfg.partition_autobalancing_mode | ||
== model::partition_autobalancing_mode::continuous | ||
|| cfg.core_balancing_continuous() || has_gssapi() || has_oidc() | ||
|| has_schma_id_validation() || has_non_default_roles | ||
|| fips_enabled(); | ||
features::enterprise_feature_report report; | ||
report.set( | ||
features::license_required_feature::audit_logging, cfg.audit_enabled()); | ||
report.set( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome. this diff is great
ss::httpd::features_json::enterprise_feature elt; | ||
elt.name = fmt::format("{}", feat); | ||
elt.enabled = enabled; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, mainly nits and test-related suggestions (nit: the PR header is slightly out of date as a bitset)
What's the reasoning behind only backporting this to v24.2.x?
force push minor test improvements (formatting, fips_ok_to_fail) and some asserts in feature report |
689e482
to
44e8f6c
Compare
- features::license_required_feature Enumeration of redpanda features that require an enterprise license. - features::enterprise_feature_report A thin wrapper around a couple of sets to account for the status of enterprise features (usually based on cluster configs). Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Also refactor feature_manager::license_required_feature_enabled to use the report rather than calculating feature status on its own. Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Useful for testing enterprise features, since a condition for "RBAC enabled" is the presence of one or more non-default roles. Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
Includes scenarios both with and without a valid license loaded up. Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
44e8f6c
to
ebfdd7f
Compare
|
CI Failure:
|
/backport v24.2.x |
Failed to create a backport PR to v24.2.x branch. I tried:
|
/cdt |
/backport v24.1.x |
Failed to create a backport PR to v24.1.x branch. I tried:
|
This PR introduces an Admin API endpoint to expose
Includes integration tests for the endpoint and a "feature report" representation for config state.
Fixes CORE-7152
Backports Required
Release Notes
Features
GET /v1/features/enterprise