Skip to content

[Failure Store] Authorization denial messages #125757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Apr 1, 2025
Merged

[Failure Store] Authorization denial messages #125757

merged 14 commits into from
Apr 1, 2025

Conversation

@n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Mar 27, 2025
edited
Loading

This PR makes authorization denial messages account for privileges that grant access to the failure store. This is a minimal implementation that only displays information around failure store privileges for requests that include concrete names with the ::failures selector. This avoids including irrelevant information in regular non-failures requests. We can improve on this in follow ups.

Closes: ES-11158

@n1v0lg n1v0lg self-assigned this Mar 27, 2025
@elasticsearchmachine elasticsearchmachine added the serverless-linked Added by automation, don't add manually label Mar 28, 2025
@n1v0lg n1v0lg added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-backport Automatically create backport pull requests when merged >non-issue v8.19.0 labels Mar 28, 2025
@n1v0lg n1v0lg marked this pull request as ready for review March 28, 2025 13:54
@n1v0lg n1v0lg requested a review from a team as a code owner March 28, 2025 13:54
@n1v0lg n1v0lg requested a review from slobodanadamovic March 28, 2025 13:54
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

slobodanadamovic
slobodanadamovic approved these changes Mar 31, 2025
View reviewed changes
Copy link
Contributor

@slobodanadamovic slobodanadamovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍
(left optional suggestions)

@n1v0lg n1v0lg added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Apr 1, 2025
@elasticsearchmachine elasticsearchmachine merged commit 4f019d1 into elastic:main Apr 1, 2025
22 checks passed
@n1v0lg n1v0lg deleted the failure-store-authz-messages branch April 1, 2025 11:29
@n1v0lg n1v0lg mentioned this pull request Apr 1, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.x

elasticsearchmachine pushed a commit that referenced this pull request Apr 1, 2025
@n1v0lg
[Failure Store] Authorization denial messages (#125757) (#126033)
c7a85ae 
This PR makes authorization denial messages account for privileges that
grant access to the failure store. This is a minimal implementation that
only displays information around failure store privileges for requests
that include concrete names with the `::failures` selector. This avoids
including irrelevant information in regular non-failures requests. We
can improve on this in follow ups. 

Closes: ES-11158
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slobodanadamovic slobodanadamovic slobodanadamovic approved these changes

Assignees

@n1v0lg n1v0lg

Labels

auto-backport Automatically create backport pull requests when merged auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC serverless-linked Added by automation, don't add manually Team:Security Meta label for security team v8.19.0 v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1v0lg @elasticsearchmachine @slobodanadamovic