Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean up for superuser role name references #83627

Merged
merged 1 commit into from
Feb 14, 2022

Conversation

ywangd
Copy link
Member

@ywangd ywangd commented Feb 8, 2022

The _xpack_security user no longer has the superuser role since #81400

The _xpack_security user no longer has the superuser role since elastic#81400
@ywangd ywangd added >non-issue :Security/Security Security issues without another label v8.2.0 labels Feb 8, 2022
@ywangd ywangd requested a review from tvernum February 8, 2022 04:03
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Feb 8, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Should we backport to 8.1?
It's kind of a bugfix, even if it's a non-issue.

@ywangd
Copy link
Member Author

ywangd commented Feb 8, 2022

Should we backport to 8.1? It's kind of a bugfix, even if it's a non-issue.

If we backport it to 8.1, should we also backport it to 8.0.1? If we consider it sorta of a bug, it makes sense to do so.

@ywangd ywangd merged commit a9cdbf4 into elastic:master Feb 14, 2022
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 14, 2022
The _xpack_security user no longer has the superuser role since elastic#81400
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 14, 2022
The _xpack_security user no longer has the superuser role since elastic#81400
elasticsearchmachine pushed a commit that referenced this pull request Feb 14, 2022
The _xpack_security user no longer has the superuser role since #81400
elasticsearchmachine pushed a commit that referenced this pull request Feb 14, 2022
The _xpack_security user no longer has the superuser role since #81400
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 17, 2022
elasticsearchmachine pushed a commit that referenced this pull request Feb 17, 2022
This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 17, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 17, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
elasticsearchmachine pushed a commit that referenced this pull request Feb 17, 2022
#84101)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
elasticsearchmachine pushed a commit that referenced this pull request Feb 17, 2022
#84102)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
weizijun added a commit to weizijun/elasticsearch that referenced this pull request Feb 18, 2022
* upstream/master: (167 commits)
  Mute FrozenSearchableSnapshotsIntegTests#testCreateAndRestorePartialSearchableSnapshot
  Mute LdapSessionFactoryTests#testSslTrustIsReloaded
  Fix spotless violation from last commit
  Mute GeoGridTilerTestCase#testGeoGridSetValuesBoundingBoxes_UnboundedGeoShapeCellValues
  Small formatting clean up (elastic#84144)
  Always re-run Feature migrations which have encountered errors (elastic#83918)
  [DOCS] Clarify `orientation` usage for WKT and GeoJSON polygons (elastic#84025)
  Group field caps response by index mapping hash (elastic#83494)
  Shrink join queries in slow log (elastic#83914)
  TSDB: Reject the nested object fields that are configured time_series_dimension (elastic#83920)
  [DOCS] Remove note about partial response from Bulk API docs (elastic#84053)
  Allow regular data streams to be migrated to tsdb data streams. (elastic#83843)
  [DOCS] Fix `ignore_unavailable` parameter definition (elastic#84071)
  Make Metadata extend AbstractCollection (elastic#83791)
  Add API specs for OpenID Connect APIs
  Revert "Clean up for superuser role name references (elastic#83627)" (elastic#84096)
  Update Lucene analysis base url (elastic#84094)
  Avoid null threadContext in ResultDeduplicator (elastic#84093)
  Use static empty store files metadata (elastic#84034)
  Preserve context in snapshotDeletionListeners (elastic#84089)
  ...

# Conflicts:
#	x-pack/plugin/rollup/build.gradle
probakowski pushed a commit to probakowski/elasticsearch that referenced this pull request Feb 23, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Mar 17, 2022
Internal users have hard-coded role descriptors which are not registered
with any role store. This means they cannot simply be retrieved by
names. This PR adds logic to check for internal users and return their
role descriptor accordingly. This change also makes it possible to
finally correct the role name used by the _xpack_security user. A test
for enrollment token is also added to ensure the change to
_xpack_security user do not break the enrollment flow.

Relates: elastic#83627, elastic#84096
ywangd added a commit that referenced this pull request Mar 18, 2022
Internal users have hard-coded role descriptors which are not registered
with any role store. This means they cannot simply be retrieved by
names. This PR adds logic to check for internal users and return their
role descriptor accordingly. This change also makes it possible to
finally correct the role name used by the _xpack_security user. A test
for enrollment token is also added to ensure the change to
_xpack_security user do not break the enrollment flow.

Relates: #83627, #84096
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
>non-issue :Security/Security Security issues without another label Team:Security Meta label for security team v8.0.1 v8.1.0 v8.2.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants