Skip to content

Include missing cluster and index privileges #2514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 17, 2024
Merged

Include missing cluster and index privileges #2514

merged 2 commits into from
Apr 17, 2024

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Apr 16, 2024

Relates: #2491 (review)

@n1v0lg n1v0lg self-assigned this Apr 16, 2024
@n1v0lg n1v0lg requested a review from pquentin April 16, 2024 10:25
@n1v0lg n1v0lg changed the title Include missing cluster and index privilegs Include missing cluster and index privileges Apr 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

Following you can find the validation results for the APIs you have changed.

API Status Request Response
security.activate_user_profile 🔴 8/9 8/9
security.authenticate 🔴 28/29 28/29
security.bulk_update_api_keys 🟠 Missing type Missing type
security.change_password 🔴 8/9 8/9
security.clear_api_key_cache 🔴 12/13 12/13
security.clear_cached_privileges 🔴 2/3 2/3
security.clear_cached_realms 🔴 0/1 0/1
security.clear_cached_roles 🔴 1/2 1/2
security.clear_cached_service_tokens 🔴 3/4 3/4
security.create_api_key 🔴 56/57 47/48
security.create_cross_cluster_api_key 🟠 Missing type Missing type
security.create_service_token 🔴 2/3 2/3
security.delete_privileges 🔴 5/6 5/6
security.delete_role_mapping 🔴 8/9 8/9
security.delete_role 🔴 7/8 7/8
security.delete_service_token Missing test Missing test
security.delete_user 🔴 8/9 8/9
security.disable_user_profile 🔴 0/1 0/1
security.disable_user 🔴 2/3 2/3
security.enable_user_profile 🔴 0/1 0/1
security.enable_user 🔴 3/4 3/4
security.enroll_kibana Missing test Missing test
security.enroll_node Missing test Missing test
security.get_api_key 🔴 36/37 13/37
security.get_builtin_privileges 🔴 1/2 1/2
security.get_privileges 🔴 11/12 11/12
security.get_role_mapping 🔴 17/18 9/18
security.get_role 🔴 19/20 19/20
security.get_service_accounts Missing test Missing test
security.get_service_credentials 🔴 0/1 0/1
security.get_settings 🟠 Missing type Missing type
security.get_token 🔴 24/25 23/24
security.get_user_privileges 🔴 6/7 6/7
security.get_user_profile 🔴 7/8 7/8
security.get_user 🔴 24/25 24/25
security.grant_api_key 🔴 6/7 6/7
security.has_privileges_user_profile 🔴 2/3 2/3
security.has_privileges 🔴 23/24 23/24
security.invalidate_api_key 🔴 11/12 11/12
security.invalidate_token 🔴 10/11 10/11
security.oidc_authenticate 🟠 Missing type Missing type
security.oidc_logout 🟠 Missing type Missing type
security.oidc_prepare_authentication 🟠 Missing type Missing type
security.put_privileges 🔴 9/10 9/10
security.put_role_mapping 🔴 1/11 10/11
security.put_role 🔴 38/39 37/38
security.put_user 🔴 49/50 48/49
security.query_api_keys 🔴 12/14 0/14
security.saml_authenticate Missing test Missing test
security.saml_complete_logout Missing test Missing test
security.saml_invalidate Missing test Missing test
security.saml_logout Missing test Missing test
security.saml_prepare_authentication Missing test Missing test
security.saml_service_provider_metadata Missing test Missing test
security.suggest_user_profiles 🔴 0/1 0/1
security.update_api_key 🔴 4/5 4/5
security.update_cross_cluster_api_key 🟠 Missing type Missing type
security.update_settings 🟠 Missing type Missing type
security.update_user_profile_data 🔴 0/1 0/1

You can validate these APIs yourself by using the make validate target.

pquentin
pquentin approved these changes Apr 17, 2024
View reviewed changes
Copy link
Member

@pquentin pquentin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks! Looks good to me. I assume this can be fully backported 8.13?

@n1v0lg
Copy link
Contributor Author

n1v0lg commented Apr 17, 2024

@pquentin thanks for the review!

I assume this can be fully backported 8.13?

Indeed, though we'd have to sanity check if any of the privileges were added in 8.14. I'm wrapping up a couple of things before going on PTO so might not get to it for ~2 weeks.

Is it all good to merge now, and backport later, once I'm back?

@pquentin
Copy link
Member

Sounds good! Actually I found https://github.com/elastic/elasticsearch/commits/f5c7938ab8043383aebeac0998a40967da55f924/docs/reference/rest-api/security/get-builtin-privileges.asciidoc which proves that manage_inference, monitor_inference, manage_data_stream_global_retention and monitor_data_stream_global_retention are 8.14 only. I can manage the backport when you're away.

@pquentin pquentin merged commit dd2e9cb into main Apr 17, 2024
6 checks passed
@pquentin pquentin deleted the add-missing-privilege branch April 17, 2024 08:02
github-actions bot pushed a commit that referenced this pull request Apr 17, 2024
@n1v0lg @github-actions
Include missing cluster and index privilegs (#2514)
d1a5a48 
(cherry picked from commit dd2e9cb)
@github-actions github-actions bot mentioned this pull request Apr 17, 2024
Merged
github-actions bot pushed a commit that referenced this pull request Apr 22, 2024
@n1v0lg @github-actions
Include missing cluster and index privilegs (#2514)
1c6b054 
(cherry picked from commit dd2e9cb)
@github-actions github-actions bot mentioned this pull request Apr 22, 2024
Merged
pquentin pushed a commit that referenced this pull request Apr 22, 2024
@github-actions @n1v0lg
Include missing cluster and index privilegs (#2514) (#2523)
0b1fef9 
(cherry picked from commit dd2e9cb)

Co-authored-by: Nikolaj Volgushev <[email protected]>
@pquentin pquentin mentioned this pull request May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pquentin pquentin pquentin approved these changes

Assignees

@n1v0lg n1v0lg

Labels
backport 8.13 backport 8.14 specification
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@n1v0lg @pquentin