Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always use create op_type with ES 7.5+ #13936

Merged
merged 1 commit into from
Oct 14, 2019
Merged

Always use create op_type with ES 7.5+ #13936

merged 1 commit into from
Oct 14, 2019

Conversation

urso
Copy link

@urso urso commented Oct 7, 2019
edited
Loading

Elasticsearch introduces the create_doc privilege, which always
requires the op_type to be create. We would like to take advantage of
this, in order to reduces the privileges Beats users have to set for
Beats.

In the future Elasticsearch will support op_type == create if
documents without ID are indexed, but older Elasticsearch versions
don't.

This change always uses op_type == create when the Elasticsearch
version is 7.5+.

Related ES changes:

@urso urso requested a review from a team October 7, 2019 12:16
@bizybot bizybot mentioned this pull request Oct 7, 2019
Merged
@cwurm cwurm mentioned this pull request Oct 8, 2019
Merged
Always use create op_type with ES 7.5+
f0e52a8 
Elasticsearch introduces the `create_doc` privilege, which always
requires the op_type to be `create`. We would like to take advantage of
this, in order to reduces the privileges Beats users have to set for
Beats.

In the future Elasticsearch will support `op_type == create` if
documents without ID are indexed, but older Elasticsearch versions
don't.

This change always uses `op_type == create` when the Elasticsearch
version is 7.5+.
@urso urso force-pushed the always-create-with-es75 branch from 262d12f to f0e52a8 Compare October 11, 2019 12:17
ph
ph approved these changes Oct 11, 2019
View reviewed changes
Copy link
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@urso urso merged commit a428d4d into elastic:master Oct 14, 2019
@cwurm cwurm mentioned this pull request Oct 14, 2019
Closed
@urso urso added the v7.5.0 label Oct 22, 2019
@cwurm
Copy link
Contributor

cwurm commented Oct 29, 2019

@urso Can we add this for publishing monitoring events as well? Even with this change, that still requires a create privilege.

@cwurm cwurm mentioned this pull request Oct 29, 2019
Merged
@urso
Copy link
Author

urso commented Oct 29, 2019

@cwurm Not sure. The internal monitoring approach pushes to a special X-Pack endpoint, that is provided by a plugin in Elasticsearch. Some logic for creating indices and such is in the plugin, not on the Beats side.

@cwurm
Copy link
Contributor

cwurm commented Oct 29, 2019

@urso I think since #9260 we ship monitoring data directly using the standard _bulk endpoint?

@urso
Copy link
Author

urso commented Oct 29, 2019

#9260 selects the bulk API based on configuration. Didn't notice that it uses another API as is modified here.

@ycombinator can you follow up on the monitoring output?

@ycombinator
Copy link
Contributor

Yes, thanks for the ping. I will follow up with a PR to make the necessary changes for the monitoring output.

@ycombinator ycombinator mentioned this pull request Oct 29, 2019
Merged
@ycombinator
Copy link
Contributor

PR for the analogous change in the libbeat monitoring ES client is up: #14313

@ycombinator ycombinator mentioned this pull request Jan 15, 2020
Closed
@urso urso deleted the always-create-with-es75 branch February 10, 2020 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ph ph ph approved these changes

Assignees
No one assigned
Labels
libbeat :Outputs review v7.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@urso @cwurm @ycombinator @ph