Skip to content

Delegated authorization using Microsoft Graph (SDK) #128396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 73 commits into from
Jun 12, 2025
Merged

Delegated authorization using Microsoft Graph (SDK) #128396

Changes from 1 commit
Commits
Show all changes
73 commits
Select commit Hold shift + click to select a range
a4d85f6
basic MS graph authz implementation
richard-dennehy May 6, 2025
cfd2906
[CI] Auto commit changes from spotless
elasticsearchmachine May 19, 2025
9182858
move client_secret to keystore
richard-dennehy May 20, 2025
34b6276
use JSONObjectUtils for parsing json
richard-dennehy May 20, 2025
11cd43a
(not working) attempt to use official graph SDK
richard-dennehy May 21, 2025
aae596e
WIP at least it runs; if only it didn't mysteriously hang
richard-dennehy May 22, 2025
5c337b2
WIP unit tests (for debugging the plugin)
richard-dennehy May 22, 2025
108f462
WIP at least it works against real azure
richard-dennehy May 23, 2025
c39c3f6
document assorted hacks required to get this thing working
richard-dennehy May 23, 2025
5984ada
passing IT tests
richard-dennehy May 23, 2025
219aa17
slight clean up
richard-dennehy May 23, 2025
c230ed6
[CI] Auto commit changes from spotless
elasticsearchmachine May 23, 2025
6d907e5
update comment about mystery includes to be more accurate
richard-dennehy May 23, 2025
0b9a449
[CI] Auto commit changes from spotless
elasticsearchmachine May 23, 2025
451a553
clean up some TODOs
richard-dennehy May 27, 2025
85d123a
[CI] Auto commit changes from spotless
elasticsearchmachine May 27, 2025
a0bba42
implement unit tests
richard-dennehy May 27, 2025
bec682e
test retry handling
richard-dennehy May 28, 2025
3798b98
[CI] Auto commit changes from spotless
elasticsearchmachine May 28, 2025
4552b3e
fetch transitive group membership
richard-dennehy May 28, 2025
d1c22bf
[CI] Auto commit changes from spotless
elasticsearchmachine May 28, 2025
ab0c69d
support multiple test users in graph http fixture
richard-dennehy May 29, 2025
227e0d9
[CI] Auto commit changes from spotless
elasticsearchmachine May 29, 2025
668c441
move manifest patching into Utils.patchJar
richard-dennehy May 29, 2025
be296be
add test for concurrent login
richard-dennehy May 29, 2025
681d095
[CI] Auto commit changes from spotless
elasticsearchmachine May 29, 2025
128f954
remove hard-coded version from azure-core patcher
richard-dennehy May 29, 2025
e2cb3ca
add missing NOTICE file
richard-dennehy May 29, 2025
de8a31e
remove unused licenses
richard-dennehy May 29, 2025
48e180c
fix license mapping
richard-dennehy May 29, 2025
e856b86
rewrite azure-core jar unsigner
richard-dennehy May 30, 2025
a81018e
[CI] Auto commit changes from spotless
elasticsearchmachine May 30, 2025
09ca5ca
restore missing license
richard-dennehy May 30, 2025
b44eddb
restore missing notice
richard-dennehy May 30, 2025
a7d4102
fix license mapping
richard-dennehy May 30, 2025
6e2869f
fix license mapping
richard-dennehy May 30, 2025
bdd9aa1
execute blocking graph calls on generic thread pool
richard-dennehy May 30, 2025
0ed032c
[CI] Auto commit changes from spotless
elasticsearchmachine May 30, 2025
3100eeb
fetch only security group membership
richard-dennehy May 30, 2025
af348fd
Update docs/changelog/128396.yaml
richard-dennehy May 30, 2025
55fb5df
[CI] Auto commit changes from spotless
elasticsearchmachine May 30, 2025
71782a9
Merge branch 'main' into microsoft-graph-implementation-sdk
richard-dennehy May 30, 2025
f5ac899
fix security thirdPartyAudit task
richard-dennehy Jun 2, 2025
9b17cb6
fix license mapping
richard-dennehy Jun 2, 2025
1f6b713
ignore IT in FIPS mode
richard-dennehy Jun 2, 2025
2c7cc90
fix build file
richard-dennehy Jun 2, 2025
fc93217
fix thirdPartyAudit
richard-dennehy Jun 2, 2025
2fc5fcd
address review comments
richard-dennehy Jun 2, 2025
64a7eb5
[CI] Auto commit changes from spotless
elasticsearchmachine Jun 2, 2025
f3865b2
address review comments
richard-dennehy Jun 3, 2025
2ec60f6
[CI] Auto commit changes from spotless
elasticsearchmachine Jun 3, 2025
65a751c
set default request timeout of 10 seconds
richard-dennehy Jun 5, 2025
5d9c358
[CI] Auto commit changes from spotless
elasticsearchmachine Jun 5, 2025
b8581e2
cancel graph authorization tasks that are pending too long
richard-dennehy Jun 5, 2025
26d2594
[CI] Auto commit changes from spotless
elasticsearchmachine Jun 5, 2025
9decc75
fix string interpolator
richard-dennehy Jun 5, 2025
612ad1f
fixup! Register missing settings
jfreden Jun 9, 2025
9af95a3
Merge remote-tracking branch 'upstream/main' into microsoft-graph-imp…
jfreden Jun 9, 2025
35e9ce4
fixup! Test issue
jfreden Jun 9, 2025
02feaa0
Merge branch 'main' into microsoft-graph-implementation-sdk
jfreden Jun 9, 2025
4c2e54d
fixup! Test
jfreden Jun 10, 2025
bfd2e09
Merge remote-tracking branch 'upstream/main' into microsoft-graph-imp…
jfreden Jun 10, 2025
e5e12ca
Move plugin to new x-pack home
jfreden Jun 11, 2025
d753954
Merge remote-tracking branch 'upstream/main' into microsoft-graph-imp…
jfreden Jun 11, 2025
35d2d62
fixup! Code review comment
jfreden Jun 11, 2025
78388f2
fixup! Add build.gradle
jfreden Jun 11, 2025
b134b33
fixup! File extension
jfreden Jun 11, 2025
b3a9ff9
fixup! File extension
jfreden Jun 11, 2025
6a41e78
fixup! File extension
jfreden Jun 11, 2025
bdf0784
fixup! License headers
jfreden Jun 11, 2025
2a9ba66
Merge remote-tracking branch 'upstream/main' into microsoft-graph-imp…
jfreden Jun 11, 2025
8a76115
fixup! Race condition in test
jfreden Jun 12, 2025
6d1821a
Merge branch 'main' into microsoft-graph-implementation-sdk
jfreden Jun 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fixup! Test
  • Loading branch information
@jfreden
jfreden committed Jun 10, 2025
commit 4c2e54d6b4376d67a76364d30e226fe95a7bea88
26 changes: 13 additions & 13 deletions .../java/org/elasticsearch/xpack/security/authz/microsoft/MicrosoftGraphAuthzRealmTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,25 +117,25 @@ public void tearDown() throws Exception {
}

public void testLookupUser() {
final var roleMapper = mockRoleMapper(Set.of(groupId), Set.of(roleName));
try (var mockLog = MockLog.capture(MicrosoftGraphAuthzRealm.class)) {
final var roleMapper = mockRoleMapper(Set.of(groupId), Set.of(roleName));

final var realmSettings = realmSettings().build();
final var realmSettings = realmSettings().build();

final var config = new RealmConfig(realmId, realmSettings, env, threadContext);
final var client = mock(GraphServiceClient.class);
when(client.getRequestAdapter()).thenReturn(mock(RequestAdapter.class));
final var config = new RealmConfig(realmId, realmSettings, env, threadContext);
final var client = mock(GraphServiceClient.class);
when(client.getRequestAdapter()).thenReturn(mock(RequestAdapter.class));

final var userRequestBuilder = mockGetUser(client);
when(userRequestBuilder.get(any())).thenReturn(user(name, email));
final var userRequestBuilder = mockGetUser(client);
when(userRequestBuilder.get(any())).thenReturn(user(name, email));

final var graphGroupRequestBuilder = mockGetGroupMembership(userRequestBuilder);
when(graphGroupRequestBuilder.get(any())).thenReturn(groupMembership(groupId));
final var graphGroupRequestBuilder = mockGetGroupMembership(userRequestBuilder);
when(graphGroupRequestBuilder.get(any())).thenReturn(groupMembership(groupId));

final var licenseState = mockLicense(true);
final var licenseState = mockLicense(true);

final var realm = new MicrosoftGraphAuthzRealm(roleMapper, config, client, licenseState, threadPool);
final var future = new PlainActionFuture<User>();
try (var mockLog = MockLog.capture(MicrosoftGraphAuthzRealm.class)) {
final var realm = new MicrosoftGraphAuthzRealm(roleMapper, config, client, licenseState, threadPool);
final var future = new PlainActionFuture<User>();
realm.lookupUser(username, future);

mockLog.addExpectation(
Expand Down