Skip to content

Use same system index pattern in restricted names #84180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Feb 22, 2022
Merged

Use same system index pattern in restricted names #84180

merged 8 commits into from
Feb 22, 2022

Conversation

@tvernum
Copy link
Contributor

@tvernum tvernum commented Feb 21, 2022

The index pattern that was used for the ".security" system index was
not identical to the pattern used in RestrictedIndices. The
consequence was that it would be possible for a user without
restricted indices access to create an index that would get caught by
the system indices pattern, which could lead to confusion.

In 8.0 all system indices are automatically restricted, using the
index name pattern from the system index descriptor, so in 7.17 we are
changing the restricted index name to cover the same set of names as
the system index descriptor

@tvernum
Use same system index pattern in restricted names
3c00d26 
The index pattern that was used for the ".security" system index was
not identical to the pattern used in RestrictedIndices. The
consequence was that it would be possible for a user without
restricted indices access to create an index that would get caught by
the system indices pattern, which could lead to confusion.

In 8.0 all system indices are automatically restricted, using the
index name pattern from the system index descriptor, so in 7.17 we are
changing the restricted index name to cover the same set of names as
the system index descriptor
@tvernum tvernum added >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.17.1 labels Feb 21, 2022
@tvernum tvernum requested a review from ywangd February 21, 2022 04:34
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Feb 21, 2022
@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 21, 2022

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Feb 21, 2022

Hi @tvernum, I've created a changelog YAML for you.

ywangd
ywangd approved these changes Feb 21, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tvernum tvernum added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Feb 22, 2022
@tvernum
Copy link
Contributor Author

tvernum commented Feb 22, 2022

@elasticmachine run elasticsearch-ci/packaging-tests-unix-sample please

Timed out waiting for startup to succeed] stderr = []]

@tvernum tvernum removed the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Feb 22, 2022
@tvernum tvernum mentioned this pull request Feb 22, 2022
Closed
@tvernum
Copy link
Contributor Author

tvernum commented Feb 22, 2022

@elasticmachine run elasticsearch-ci/packaging-tests-unix-sample please

@tvernum tvernum merged commit 1861e8a into elastic:7.17 Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v7.17.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tvernum @elasticmachine @elasticsearchmachine @ywangd