-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up for superuser role name references #83627
Conversation
The _xpack_security user no longer has the superuser role since elastic#81400
Pinging @elastic/es-security (Team:Security) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Should we backport to 8.1?
It's kind of a bugfix, even if it's a non-issue.
If we backport it to 8.1, should we also backport it to 8.0.1? If we consider it sorta of a bug, it makes sense to do so. |
The _xpack_security user no longer has the superuser role since elastic#81400
The _xpack_security user no longer has the superuser role since elastic#81400
This reverts commit a9cdbf4.
…lastic#84096) This reverts commit a9cdbf4. The role name change does not play well with API key creation.
…lastic#84096) This reverts commit a9cdbf4. The role name change does not play well with API key creation.
* upstream/master: (167 commits) Mute FrozenSearchableSnapshotsIntegTests#testCreateAndRestorePartialSearchableSnapshot Mute LdapSessionFactoryTests#testSslTrustIsReloaded Fix spotless violation from last commit Mute GeoGridTilerTestCase#testGeoGridSetValuesBoundingBoxes_UnboundedGeoShapeCellValues Small formatting clean up (elastic#84144) Always re-run Feature migrations which have encountered errors (elastic#83918) [DOCS] Clarify `orientation` usage for WKT and GeoJSON polygons (elastic#84025) Group field caps response by index mapping hash (elastic#83494) Shrink join queries in slow log (elastic#83914) TSDB: Reject the nested object fields that are configured time_series_dimension (elastic#83920) [DOCS] Remove note about partial response from Bulk API docs (elastic#84053) Allow regular data streams to be migrated to tsdb data streams. (elastic#83843) [DOCS] Fix `ignore_unavailable` parameter definition (elastic#84071) Make Metadata extend AbstractCollection (elastic#83791) Add API specs for OpenID Connect APIs Revert "Clean up for superuser role name references (elastic#83627)" (elastic#84096) Update Lucene analysis base url (elastic#84094) Avoid null threadContext in ResultDeduplicator (elastic#84093) Use static empty store files metadata (elastic#84034) Preserve context in snapshotDeletionListeners (elastic#84089) ... # Conflicts: # x-pack/plugin/rollup/build.gradle
…lastic#84096) This reverts commit a9cdbf4. The role name change does not play well with API key creation.
Internal users have hard-coded role descriptors which are not registered with any role store. This means they cannot simply be retrieved by names. This PR adds logic to check for internal users and return their role descriptor accordingly. This change also makes it possible to finally correct the role name used by the _xpack_security user. A test for enrollment token is also added to ensure the change to _xpack_security user do not break the enrollment flow. Relates: elastic#83627, elastic#84096
Internal users have hard-coded role descriptors which are not registered with any role store. This means they cannot simply be retrieved by names. This PR adds logic to check for internal users and return their role descriptor accordingly. This change also makes it possible to finally correct the role name used by the _xpack_security user. A test for enrollment token is also added to ensure the change to _xpack_security user do not break the enrollment flow. Relates: #83627, #84096
The _xpack_security user no longer has the superuser role since #81400