Skip to content

[DOCS] Adds more authorization info for CCR APIs #35606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lcawl merged 3 commits into from
Nov 21, 2018
Merged

[DOCS] Adds more authorization info for CCR APIs #35606

lcawl merged 3 commits into from
Nov 21, 2018

Conversation

@lcawl
Copy link
Contributor

@lcawl lcawl commented Nov 15, 2018

Related to #35557

This PR adds authorization details for the remainder of the cross-cluster replication APIs.

@lcawl lcawl added >docs General docs changes WIP v7.0.0 :Distributed Indexing/CCR Issues around the Cross Cluster State Replication features :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v6.6.0 v6.5.1 labels Nov 15, 2018
@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 15, 2018

Pinging @elastic/es-distributed

@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 15, 2018

Pinging @elastic/es-security

@lcawl lcawl removed the v6.5.1 label Nov 19, 2018
@lcawl lcawl force-pushed the lcawley-ccr-auth2 branch from 5f57261 to f273830 Compare November 21, 2018 01:21
martijnvg
martijnvg reviewed Nov 21, 2018
View reviewed changes
Copy link
Member

@martijnvg martijnvg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lcawl Thanks! I left a few comments.

docs/reference/ccr/apis/get-ccr-stats.asciidoc Outdated

==== Authorization

If the {es} {security-features} are enabled, you must have `read` and `monitor`
Copy link
Member

@martijnvg martijnvg Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cluster monitor privileges are needed to use this api in the follower cluster.

Copy link
Contributor Author

@lcawl lcawl Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming this is instead of read and monitor index privileges. If that's not correct, please let me know.

docs/reference/ccr/apis/follow/post-unfollow.asciidoc

==== Authorization

If the {es} {security-features} are enabled, you must have `manage_follow_index`
Copy link
Member

@martijnvg martijnvg Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only manage_follow_index is needed in the follower cluster.

Copy link
Contributor Author

@lcawl lcawl Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, thanks!

docs/reference/ccr/apis/follow/get-follow-stats.asciidoc Outdated

==== Authorization

If the {es} {security-features} are enabled, you must have `read` and `monitor`
Copy link
Member

@martijnvg martijnvg Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cluster monitor privileges are needed to use this api in the follower cluster.

Copy link
Contributor Author

@lcawl lcawl Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto, I'm not certain if it also needs cluster monitor privileges or only needs them.

docs/reference/ccr/apis/auto-follow/get-auto-follow-pattern.asciidoc Outdated

//==== Authorization

//TBD
Copy link
Member

@martijnvg martijnvg Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same as put and delete auto follow pattern APIs.

Copy link
Contributor Author

@lcawl lcawl Nov 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, thanks!

@lcawl lcawl removed the WIP label Nov 21, 2018
martijnvg
martijnvg approved these changes Nov 21, 2018
View reviewed changes
Copy link
Member

@martijnvg martijnvg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lcawl lcawl added the v6.5.2 label Nov 21, 2018
@lcawl lcawl merged commit 7820918 into elastic:master Nov 21, 2018
@lcawl lcawl deleted the lcawley-ccr-auth2 branch November 21, 2018 23:02
lcawl added a commit that referenced this pull request Nov 21, 2018
@lcawl
[DOCS] Adds more authorization info for CCR APIs (#35606)
12f8b5d
lcawl added a commit that referenced this pull request Nov 21, 2018
@lcawl
[DOCS] Adds more authorization info for CCR APIs (#35606)
6bd369a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martijnvg martijnvg martijnvg approved these changes

Assignees

No one assigned

Labels

:Distributed Indexing/CCR Issues around the Cross Cluster State Replication features >docs General docs changes :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v6.5.2 v6.6.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lcawl @elasticmachine @martijnvg @colings86