Fix permissions issue with _update_by_query API that requires permission for indices:data/read/scroll/clear #17250
+37
−21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ion for indices:data/read/scroll/clear Signed-off-by: Craig Perkins <[email protected]>
cwperks
requested review from
anasalkouz,
andrross,
ashking94,
Bukhtawar,
CEHENKLE,
dblock,
dbwiddis,
gbbafna,
jainankitk,
kotwanikunal,
linuxpi,
mch2,
msfroh,
nknize,
owaiskazi19,
reta,
Rishikesh1159,
sachinpkale,
saratvemulapalli,
shwetathareja,
sohami and
VachaShah
as code owners
|
❌ Gradle check result for e4f58ca: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
Signed-off-by: Craig Perkins <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #17250 +/- ##
============================================
- Coverage 72.43% 72.42% -0.01%
- Complexity 65725 65752 +27
============================================
Files 5318 5318
Lines 305675 305678 +3
Branches 44350 44350
============================================
- Hits 221408 221381 -27
- Misses 66055 66131 +76
+ Partials 18212 18166 -46 ☔ View full report in Codecov by Sentry. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I discovered an issue with the _update_by_query API where is requires a user to have permissions for
indices:data/read/scroll/clearin order to call this API.The reason for this is that it internally uses scroll to perform the update. Since these are internal calls, I think it would be better to wrap them in a system context which doesn't require authorization so that end users can be permitted to use
_update_by_queryby simply having the permission forindices:data/write/update/byqueryA test to replicate the permissions issue would be added in the security plugin.
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.