Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Connector API] Fix bug with with wrong target index for access control sync #109097

Merged
merged 2 commits into from
May 29, 2024
Merged

[Connector API] Fix bug with with wrong target index for access control sync #109097

merged 2 commits into from
May 29, 2024
+54 −4

Conversation

jedrazb
Copy link
Member

@jedrazb jedrazb commented May 28, 2024
edited
Loading

Bug overview

  • When executing access_control sync, the connector.index_name should point to a special index, prefixed with .search-acl-filter- that is intended to hold access control data
    • This special index takes form .search-acl-filter-{index-name}, where index-name references the currently attached index.
    • See how this is handled "correctly" in Kibana and connector framework
  • Current bug causes access control data to be written to the target index that holds source docs, when starting access control syncs with Connector API

Changes

  • Prefix index name correctly when creating new access control sync document

Validation

  • unit tests
  • yaml tests
  • verified locally

@elasticsearchmachine
Copy link
Collaborator

Hi @jedrazb, I've created a changelog YAML for you.

@jedrazb jedrazb marked this pull request as ready for review May 28, 2024 11:27
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/ent-search-eng (Team:Enterprise Search)

artem-shelkovnikov
artem-shelkovnikov reviewed May 28, 2024
View reviewed changes
Copy link
Member

@artem-shelkovnikov artem-shelkovnikov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to make sure I understand it - the problem happens if in Kibana somebody is scheduling an access control sync manually?

@jedrazb
Copy link
Member Author

jedrazb commented May 29, 2024
edited
Loading

Just to make sure I understand it - the problem happens if in Kibana somebody is scheduling an access control sync manually?

@artem-shelkovnikov as of now Kibana doesn't make use of Connector API to create on-demand syncs. Everything works as expected (Kibana UI, scheduled AC syncs, etc. ) except for Connector API POST _connector/_sync_job endpoint for access control syncs. This bug only affected Connector API.

We need to fix this bug before integrating Kibana with this endpoint.

@jedrazb jedrazb merged commit d9e6f54 into elastic:main May 29, 2024
15 checks passed
@elasticsearchmachine
Copy link
Collaborator

💔 Backport failed

Status Branch Result
8.13 Commit could not be cherrypicked due to conflicts
8.14 Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 109097

@jedrazb jedrazb mentioned this pull request May 29, 2024
Merged
jedrazb added a commit to jedrazb/elasticsearch that referenced this pull request May 29, 2024
@jedrazb
[Connector API] Fix bug with with wrong target index for access contr…
31ecb8f 
…ol sync (elastic#109097)

(cherry picked from commit d9e6f54)

# Conflicts:
#	x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/syncjob/ConnectorSyncJobIndexService.java
@jedrazb
Copy link
Member Author

jedrazb commented May 29, 2024

💔 Some backports could not be created

Status Branch Result
8.14
8.13 Conflict resolution was aborted by the user

Manual backport

To create the backport manually run:

backport --pr 109097

Questions ?

Please refer to the Backport tool documentation

@jedrazb jedrazb removed the v8.13.0 label May 29, 2024
@jedrazb
Copy link
Member Author

jedrazb commented May 29, 2024

Not backporting to 8.13 since no more 8.13.x patch releases seem to be planned

jedrazb added a commit that referenced this pull request May 31, 2024
@jedrazb
[Connector API] Fix bug with with wrong target index for access contr…
c2b4093 
…ol sync (#109097) (#109157)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@artem-shelkovnikov artem-shelkovnikov artem-shelkovnikov approved these changes

@efegurkan efegurkan Awaiting requested review from efegurkan

@timgrein timgrein Awaiting requested review from timgrein

Assignees
No one assigned
Labels
>bug :EnterpriseSearch/Application Enterprise Search Team:Enterprise Search Meta label for Enterprise Search team v8.14.0 v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jedrazb @elasticsearchmachine @artem-shelkovnikov