Allow system privilege to execute proxied actions #37508
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently all proxied actions are denied for the `SystemPrivilege`. Unfortunately, there are use cases (CCR) where we would like to proxy actions to a remote node that are normally performed by the system context. This commit allows the system context to perform proxy actions if they are actions that the system context is normally allowed to execute.
Tim-Brooks
added
>non-issue
v7.0.0
:Security/Authorization
|
Pinging @elastic/es-security |
|
@jaymode indicated to me in an offline conversation that this might be an acceptable approach. |
32 tasks
|
run gradle build tests 2 |
cshtdd
added a commit
to cshtdd/elasticsearch
that referenced
this pull request
Jan 16, 2019
* master: Deprecate _type from LeafDocLookup (elastic#37491) Allow system privilege to execute proxied actions (elastic#37508) Update Put Watch to allow unknown fields (elastic#37494) AwaitsFix testAddNewReplicas SQL: Add protocol tests and remove jdbc_type from drivers response (elastic#37516) SQL: [Docs] Add an ES-SQL column for data types (elastic#37529) IndexMetaData#mappingOrDefault doesn't need to take a type argument. (elastic#37480) Simplify + Cleanup Dead Code in Settings (elastic#37341) Reject all requests that have an unconsumed body (elastic#37504) [Ml] Prevent config snapshot failure blocking migration (elastic#37493) Fix line length for aliases and remove suppression (elastic#37455) Add SSL Configuration Library (elastic#37287) SQL: Remove slightly used meta commands (elastic#37506) Simplify Snapshot Create Request Handling (elastic#37464) Remove the use of AbstracLifecycleComponent constructor elastic#37488 (elastic#37488) [ML] log minimum diskspace setting if forecast fails due to insufficient d… (elastic#37486)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently all proxied actions are denied for the
SystemPrivilege.Unfortunately, there are use cases (CCR) where we would like to proxy
actions to a remote node that are normally performed by the
system context. This commit allows the system context to perform
proxy actions if they are actions that the system context is normally
allowed to execute.