Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "read ingest pipeline" cluster privilege #48028

Closed
tvernum opened this issue Oct 14, 2019 · 1 comment · Fixed by #66137
Closed

Add "read ingest pipeline" cluster privilege #48028

tvernum opened this issue Oct 14, 2019 · 1 comment · Fixed by #66137
Labels
>feature :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team

Comments

@tvernum
Copy link
Contributor

tvernum commented Oct 14, 2019
edited
Loading

The only ingest pipeline we have is full read/write (actually, for historical reasons we have 2 identical privileges for the same thing).

In order to run ingest tools with minimal privilege it would be helpful to be able to check whether a pipeline exists, without being able to modify it.
This would also allow autocomplete of pipeline names Kibana.

This privilege should probably support simulate pipeline too (since it is a readonly operation) but this is open for discussion.
@tvernum tvernum changed the title Add "read ingest pipeline Add "read ingest pipeline" cluster privilege Oct 14, 2019
@tvernum tvernum added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Oct 14, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Authorization)

@elasticmachine elasticmachine mentioned this issue Oct 14, 2019
Open
@tvernum tvernum mentioned this issue Oct 14, 2019
Closed
@rjernst rjernst added the Team:Security Meta label for security team label May 4, 2020
@tvernum tvernum mentioned this issue May 29, 2020
Closed
@albertzaharovits albertzaharovits mentioned this issue Jun 10, 2020
Closed
@BigPandaToo BigPandaToo self-assigned this Dec 9, 2020
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 9, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
1d38ed9 
The new privilege will allow to run ingest tools with minimal
privilege to check whether a
pipeline exists, without being able to modify it.
This privilege also support simulate pipeline too since it is a readonly
 operation.

 Resolve elastic#48028
@BigPandaToo BigPandaToo mentioned this issue Dec 9, 2020
Merged
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 10, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
59f271f 
Fixing tests.

 Resolve elastic#48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 13, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
0c793a9 
Fixing tests.

 Resolve elastic#48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 14, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
148e9c1 
Fixing tests.

 Resolve elastic#48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 14, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
d9952e2 
Resolving bwc, renaming the action

Resolve elastic#48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 14, 2020
@BigPandaToo
Adding "read ingest pipeline" cluster privilege
9185225 
Fixing doc

Resolve elastic#48028
BigPandaToo added a commit that referenced this issue Dec 15, 2020
@BigPandaToo @elasticmachine
Adding "read ingest pipeline" cluster privilege (#66137)
76589f0 
* Adding "read ingest pipeline" cluster privilege

The new privilege will allow to run ingest tools with minimal
privilege to check whether a
pipeline exists, without being able to modify it.
This privilege also support simulate pipeline too since it is a readonly
 operation.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Resolving bwc, renaming the action

Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing doc

Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing test

* Adding ingest pipeline privileges test

Co-authored-by: Elastic Machine <[email protected]>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 15, 2020
@BigPandaToo @elasticmachine
Adding "read ingest pipeline" cluster privilege (elastic#66137)
6f92b6d 
* Adding "read ingest pipeline" cluster privilege

The new privilege will allow to run ingest tools with minimal
privilege to check whether a
pipeline exists, without being able to modify it.
This privilege also support simulate pipeline too since it is a readonly
 operation.

 Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Resolving bwc, renaming the action

Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Fixing doc

Resolve elastic#48028

* Adding "read ingest pipeline" cluster privilege

Fixing test

* Adding ingest pipeline privileges test

Co-authored-by: Elastic Machine <[email protected]>
@BigPandaToo BigPandaToo mentioned this issue Dec 15, 2020
Merged
BigPandaToo added a commit that referenced this issue Dec 15, 2020
@BigPandaToo @elasticmachine
Adding "read ingest pipeline" cluster privilege (#66137) (#66373)
1f611c9 
* Adding "read ingest pipeline" cluster privilege (#66137)

* Adding "read ingest pipeline" cluster privilege

The new privilege will allow to run ingest tools with minimal
privilege to check whether a
pipeline exists, without being able to modify it.
This privilege also support simulate pipeline too since it is a readonly
 operation.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing tests.

 Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Resolving bwc, renaming the action

Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing doc

Resolve #48028

* Adding "read ingest pipeline" cluster privilege

Fixing test

* Adding ingest pipeline privileges test

Co-authored-by: Elastic Machine <[email protected]>

* Adding "read ingest pipeline" cluster privilege (#66137)

Fixing resolution

Co-authored-by: Elastic Machine <[email protected]>
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 16, 2020
@BigPandaToo
Renaming read_ingest_pipelines to read_pipelines
f3ca5b4 
Renaming read_ingest_pipelines to read_pipelines

Related: elastic#48028
@BigPandaToo BigPandaToo mentioned this issue Dec 16, 2020
Merged
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 16, 2020
@BigPandaToo
Renaming read_ingest_pipelines to read_pipelines
c0ca70b 
Renaming read_ingest_pipelines to read_pipelines

Related: elastic#48028
BigPandaToo added a commit that referenced this issue Dec 16, 2020
@BigPandaToo
Rename read_ingest_pipelines to read_pipeline (#66434)
c2c9933 
* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: #48028

* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: #48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 16, 2020
@BigPandaToo
Rename read_ingest_pipelines to read_pipeline (elastic#66434)
b833239 
* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: elastic#48028

* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: elastic#48028
BigPandaToo added a commit to BigPandaToo/elasticsearch that referenced this issue Dec 16, 2020
@BigPandaToo
Rename read_ingest_pipelines to read_pipeline
78420cd 
Renaming read_ingest_pipelines to read_pipelines

Related: elastic#48028
@BigPandaToo BigPandaToo mentioned this issue Dec 16, 2020
Merged
BigPandaToo added a commit that referenced this issue Dec 16, 2020
@BigPandaToo
Rename read_ingest_pipelines to read_pipeline (#66439)
a3d33d7 
* Rename read_ingest_pipelines to read_pipeline (#66434)

* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: #48028

* Renaming read_ingest_pipelines to read_pipelines

Renaming read_ingest_pipelines to read_pipelines

Related: #48028

* Rename read_ingest_pipelines to read_pipeline

Renaming read_ingest_pipelines to read_pipelines

Related: #48028
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>feature :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding "read ingest pipeline" cluster privilege BigPandaToo/elasticsearch
4 participants
@rjernst @tvernum @elasticmachine @BigPandaToo