CORE: Make Pattern Exclusion Work with Aliases #33518
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
original-brownbear
commented
Sep 7, 2018
original-brownbear
commented
- Adds the pattern exclusion logic to finding aliases
- Closes Multi-Index pattern exclusions do not work on aliases #33395
* Adds the pattern exclusion logic to finding aliases * Closes elastic#33395
original-brownbear
added
>bug
:Data Management/Indices APIs
|
Pinging @elastic/es-core-infra |
bleskes
suggested changes
Sep 8, 2018
There was a problem hiding this comment.
I'm afraid this is not good enough. Think about something like ["a*", "-*b", "b*"] - this should start with adding all the aliases which start with a, remove those who end with a b and then add all aliases that start with a b. This means that an alias bob will be added. I believe the current version of the code doesn't do that.
Another problem I see is when people say ["a*", "-ab"] which should mean - all aliases that start with an by not ab. Note that alias names can't start with a - for this reason. See MetaDataCreateIndexService#validateIndexOrAliasName
Yea you're right. Sorry didn't think (or know :)) about that case yet :( => will fix very soon.
This case works fine already I think (see the added test). |
bleskes
approved these changes
Sep 9, 2018
|
@bleskes np + thanks for the review :) |
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Sep 9, 2018
* master: CORE: Make Pattern Exclusion Work with Aliases (elastic#33518) Reverse logic for CCR license checks (elastic#33549) Add latch countdown on failure in CCR license tests (elastic#33548) HLRC: Add put stored script support to high-level rest client (elastic#31323) Create temporary directory if needed in CCR test Add license checks for auto-follow implementation (elastic#33496) Bootstrap a new history_uuid when force allocating a stale primary (elastic#33432) INGEST: Remove Outdated TODOs (elastic#33458) Logging: Clean up skipping test Logging: Skip test if it'd fail CRUD: AwaitsFix entire wait_for_refresh close test Painless: Add Imported Static Method (elastic#33440)
This was referenced Sep 28, 2018
albertzaharovits
added a commit
that referenced
this pull request
Oct 4, 2018
The Security plugin authorizes actions on indices. Authorization happens on a per index/alias basis. Therefore a request with a Multi Index Expression (containing wildcards) has to be first evaluated in the authorization layer, before the request is handled. For authorization purposes, wildcards in expressions will only be expanded to indices/aliases that are visible by the authenticated user. However, this "constrained" evaluation has to be compatible with the expression evaluation that a cluster without the Security plugin would do. Therefore any change in the evaluation logic in any of these sites has to be mirrored in the other site. This commit mirrors the changes in core from #33518 that allowed for Multi Index Expression in the Get Alias API, loosely speaking.
albertzaharovits
added a commit
that referenced
this pull request
Oct 4, 2018
The Security plugin authorizes actions on indices. Authorization happens on a per index/alias basis. Therefore a request with a Multi Index Expression (containing wildcards) has to be first evaluated in the authorization layer, before the request is handled. For authorization purposes, wildcards in expressions will only be expanded to indices/aliases that are visible by the authenticated user. However, this "constrained" evaluation has to be compatible with the expression evaluation that a cluster without the Security plugin would do. Therefore any change in the evaluation logic in any of these sites has to be mirrored in the other site. This commit mirrors the changes in core from #33518 that allowed for Multi Index Expression in the Get Alias API, loosely speaking.
kcm
pushed a commit
that referenced
this pull request
Oct 30, 2018
The Security plugin authorizes actions on indices. Authorization happens on a per index/alias basis. Therefore a request with a Multi Index Expression (containing wildcards) has to be first evaluated in the authorization layer, before the request is handled. For authorization purposes, wildcards in expressions will only be expanded to indices/aliases that are visible by the authenticated user. However, this "constrained" evaluation has to be compatible with the expression evaluation that a cluster without the Security plugin would do. Therefore any change in the evaluation logic in any of these sites has to be mirrored in the other site. This commit mirrors the changes in core from #33518 that allowed for Multi Index Expression in the Get Alias API, loosely speaking.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.