Skip to content

POC support read_failures #122007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 54 commits into from
Closed

POC support read_failures #122007

wants to merge 54 commits into from

Conversation

n1v0lg
Copy link
Contributor

@n1v0lg n1v0lg commented Feb 7, 2025

  • Have you signed the contributor license agreement?
  • Have you followed the contributor guidelines?
  • If submitting code, have you built your formula locally prior to submission with gradle check?
  • If submitting code, is your pull request against main? Unless there is a good reason otherwise, we prefer pull requests against main and will backport as needed.
  • If submitting code, have you checked that your submission is for an OS and architecture that we support?
  • If you are submitting this code for a class then read our policy for that.

n1v0lg added 30 commits January 30, 2025 12:06
@n1v0lg
WIP failure store security
1335ba6
@n1v0lg
Authz
b68affc
@n1v0lg
Fix
1bbce4f
@n1v0lg
Merge branch 'main' into failure-store-security-poc
552309b
@n1v0lg
Fix compilation
d8aa0f9
@n1v0lg
Fix wildcard handling
9e97332
@n1v0lg
WIP failure store check
4d9cf2f
@n1v0lg
Moar
95af75e
@n1v0lg
Merge branch 'main' into failure-store-security-poc
39ff7a7
@n1v0lg
merge
61ae8ac
@n1v0lg
Try handling wildcards
3202566
@n1v0lg
Handle restricted indices
90aca93
@n1v0lg
TODOs and REST IT
de81400
@n1v0lg
Handle concrete failure index access with wildcards
fbc86e2
@n1v0lg
Add test
ecbe06c
@n1v0lg
Merge branch 'main' into failure-store-security-poc
24567ad
@n1v0lg
Handle wildcard and clean up
9275a69
@n1v0lg
More
4f51d2b
@n1v0lg
Moar
33d91e8
@n1v0lg
Merge branch 'main' into failure-store-security-poc
cd9fd3b
@n1v0lg
Simplify
2e4f374
@n1v0lg
More coverage
c194cd3
@n1v0lg
Test concrete index access
51be855
@n1v0lg
More coverage
754e615
@n1v0lg
Tweak
9b8b405
@n1v0lg
Nit
ccd8a5d
@n1v0lg
Merge branch 'main' into failure-store-security-poc
707a9a9
@n1v0lg
Rework all the things
91456e8
@n1v0lg
Merge branch 'failure-store-security-poc' of github.com:n1v0lg/elasti…
e6de849 
…csearch into failure-store-security-poc
@n1v0lg
More
5103c66
@n1v0lg n1v0lg self-assigned this Feb 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 7, 2025

It looks like this PR modifies one or more .asciidoc files. These files are being migrated to Markdown, and any changes merged now will be lost. See the migration guide for details.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 7, 2025

Warning

It looks like this PR modifies one or more .asciidoc files. These files are being migrated to Markdown, and any changes merged now will be lost. See the migration guide for details.

@n1v0lg n1v0lg mentioned this pull request Feb 19, 2025
Merged
n1v0lg added a commit that referenced this pull request Mar 4, 2025
@n1v0lg
Failure store access - selector-aware role building (#122715)
989ddbe 
This PR adds the `read_failure_store` index privilege and extends the role building logic to support selector-aware authorization. Note that this PR only concerns building roles; the actual authorization logic implementation will follow in a separate PR. The overall approach is based on the proof-of-concept PR (#122007). 

The purpose of the `read_failure_store` index privilege is to support granting selective access to the failure store of a data stream via the `::failures` selector in search and related APIs. A role with the `read_failure_store` index privilege grants access to the failure store, without granting access to the data in a data stream. Conversely, the existing `read` privilege only grants access to data and _not_ the failure store. 

This requires changes to both the role building logic, and authorization. Going forward, each named index privilege is assigned a selector it grants access to, e.g., `read` grants access to the implicit `::data` selector, `read_failure_store` grants access to `::failures`. When building a role from role descriptors, we partition its underlying index groups by selector access such that any given group grants access to a single selector (with the exception of `all`, which grants access to all selectors). 

This PR implements this partitioning logic and sets up roles to implement selector-aware authorization in a follow up. Note that parts of the code make assumption around the existence of only two distinct selectors (`::data` and `::failures`) to simplify the implementation; however, it's possible to generalize these sections to support more selectors in the future, if necessary. 

Closes: ES-10872
georgewallace pushed a commit to georgewallace/elasticsearch that referenced this pull request Mar 11, 2025
@n1v0lg @georgewallace
Failure store access - selector-aware role building (elastic#122715)
5f67b42 
This PR adds the `read_failure_store` index privilege and extends the role building logic to support selector-aware authorization. Note that this PR only concerns building roles; the actual authorization logic implementation will follow in a separate PR. The overall approach is based on the proof-of-concept PR (elastic#122007). 

The purpose of the `read_failure_store` index privilege is to support granting selective access to the failure store of a data stream via the `::failures` selector in search and related APIs. A role with the `read_failure_store` index privilege grants access to the failure store, without granting access to the data in a data stream. Conversely, the existing `read` privilege only grants access to data and _not_ the failure store. 

This requires changes to both the role building logic, and authorization. Going forward, each named index privilege is assigned a selector it grants access to, e.g., `read` grants access to the implicit `::data` selector, `read_failure_store` grants access to `::failures`. When building a role from role descriptors, we partition its underlying index groups by selector access such that any given group grants access to a single selector (with the exception of `all`, which grants access to all selectors). 

This PR implements this partitioning logic and sets up roles to implement selector-aware authorization in a follow up. Note that parts of the code make assumption around the existence of only two distinct selectors (`::data` and `::failures`) to simplify the implementation; however, it's possible to generalize these sections to support more selectors in the future, if necessary. 

Closes: ES-10872
@n1v0lg n1v0lg closed this Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@n1v0lg n1v0lg

Labels
v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@n1v0lg @elasticsearchmachine