Skip to content

[Failure Store] Access for internal users #125660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 27, 2025
Merged

[Failure Store] Access for internal users #125660

merged 7 commits into from
Mar 27, 2025

Conversation

@n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Mar 26, 2025
edited
Loading

This PR grants manage_failure_store to the internal user _data_stream_lifecycle to enable life-cycle management for the failure indices of data stream, which includes rollovers using the failures selector.

I'm only unit testing this but we also need to add DLM tests for the failure store with security enabled.

Relates: ES-11355

@n1v0lg n1v0lg added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Mar 26, 2025
@n1v0lg n1v0lg self-assigned this Mar 26, 2025
n1v0lg
n1v0lg commented Mar 26, 2025
View reviewed changes
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/InternalUsers.java
new RoleDescriptor(
UsernamesField.LAZY_ROLLOVER_ROLE,
new String[] {},
DataStream.isFailureStoreFeatureFlagEnabled()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just refactoring, no actual changes for this user.

@n1v0lg n1v0lg added the auto-backport Automatically create backport pull requests when merged label Mar 26, 2025
@n1v0lg n1v0lg added the v8.19.0 label Mar 27, 2025
@n1v0lg n1v0lg marked this pull request as ready for review March 27, 2025 09:34
@n1v0lg n1v0lg requested a review from slobodanadamovic March 27, 2025 09:34
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Mar 27, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

slobodanadamovic
slobodanadamovic approved these changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@slobodanadamovic slobodanadamovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@n1v0lg n1v0lg added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Mar 27, 2025
@elasticsearchmachine elasticsearchmachine merged commit fa46aab into elastic:main Mar 27, 2025
22 checks passed
@n1v0lg n1v0lg deleted the failure-store-internal-user-access branch March 27, 2025 14:17
@n1v0lg n1v0lg mentioned this pull request Mar 27, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.x

omricohenn pushed a commit to omricohenn/elasticsearch that referenced this pull request Mar 28, 2025
@n1v0lg @omricohenn
[Failure Store] Access for internal users (elastic#125660)
702d80a 
This PR grants `manage_failure_store` to the internal user
`_data_stream_lifecycle` to enable life-cycle management for the failure
indices of data stream, which includes rollovers using the failures
selector.

I'm only unit testing this but we also need to add DLM tests for the
failure store with security enabled. 

Relates: ES-11355
elasticsearchmachine pushed a commit that referenced this pull request Mar 31, 2025
@n1v0lg @slobodanadamovic
[Failure Store] Access for internal users (#125660) (#125780)
34c24df 
This PR grants `manage_failure_store` to the internal user
`_data_stream_lifecycle` to enable life-cycle management for the failure
indices of data stream, which includes rollovers using the failures
selector.

I'm only unit testing this but we also need to add DLM tests for the
failure store with security enabled. 

Relates: ES-11355

Co-authored-by: Slobodan Adamović <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slobodanadamovic slobodanadamovic slobodanadamovic approved these changes

Assignees

@n1v0lg n1v0lg

Labels

auto-backport Automatically create backport pull requests when merged auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.19.0 v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1v0lg @elasticsearchmachine @slobodanadamovic