Skip to content

Conversation

@ywangd
Copy link
Member

@ywangd ywangd commented Feb 17, 2022

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

Copy link
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks Yang

@ywangd ywangd added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Feb 17, 2022
@elasticsearchmachine elasticsearchmachine merged commit 3a903ca into elastic:master Feb 17, 2022
@ywangd ywangd deleted the revert-83627 branch February 17, 2022 12:15
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 17, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.1
8.0

ywangd added a commit to ywangd/elasticsearch that referenced this pull request Feb 17, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
elasticsearchmachine pushed a commit that referenced this pull request Feb 17, 2022
#84101)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
elasticsearchmachine pushed a commit that referenced this pull request Feb 17, 2022
#84102)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
weizijun added a commit to weizijun/elasticsearch that referenced this pull request Feb 18, 2022
* upstream/master: (167 commits)
  Mute FrozenSearchableSnapshotsIntegTests#testCreateAndRestorePartialSearchableSnapshot
  Mute LdapSessionFactoryTests#testSslTrustIsReloaded
  Fix spotless violation from last commit
  Mute GeoGridTilerTestCase#testGeoGridSetValuesBoundingBoxes_UnboundedGeoShapeCellValues
  Small formatting clean up (elastic#84144)
  Always re-run Feature migrations which have encountered errors (elastic#83918)
  [DOCS] Clarify `orientation` usage for WKT and GeoJSON polygons (elastic#84025)
  Group field caps response by index mapping hash (elastic#83494)
  Shrink join queries in slow log (elastic#83914)
  TSDB: Reject the nested object fields that are configured time_series_dimension (elastic#83920)
  [DOCS] Remove note about partial response from Bulk API docs (elastic#84053)
  Allow regular data streams to be migrated to tsdb data streams. (elastic#83843)
  [DOCS] Fix `ignore_unavailable` parameter definition (elastic#84071)
  Make Metadata extend AbstractCollection (elastic#83791)
  Add API specs for OpenID Connect APIs
  Revert "Clean up for superuser role name references (elastic#83627)" (elastic#84096)
  Update Lucene analysis base url (elastic#84094)
  Avoid null threadContext in ResultDeduplicator (elastic#84093)
  Use static empty store files metadata (elastic#84034)
  Preserve context in snapshotDeletionListeners (elastic#84089)
  ...

# Conflicts:
#	x-pack/plugin/rollup/build.gradle
probakowski pushed a commit to probakowski/elasticsearch that referenced this pull request Feb 23, 2022
…lastic#84096)

This reverts commit a9cdbf4.

The role name change does not play well with API key creation.
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Mar 17, 2022
Internal users have hard-coded role descriptors which are not registered
with any role store. This means they cannot simply be retrieved by
names. This PR adds logic to check for internal users and return their
role descriptor accordingly. This change also makes it possible to
finally correct the role name used by the _xpack_security user. A test
for enrollment token is also added to ensure the change to
_xpack_security user do not break the enrollment flow.

Relates: elastic#83627, elastic#84096
ywangd added a commit that referenced this pull request Mar 18, 2022
Internal users have hard-coded role descriptors which are not registered
with any role store. This means they cannot simply be retrieved by
names. This PR adds logic to check for internal users and return their
role descriptor accordingly. This change also makes it possible to
finally correct the role name used by the _xpack_security user. A test
for enrollment token is also added to ensure the change to
_xpack_security user do not break the enrollment flow.

Relates: #83627, #84096
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.0.1 v8.1.0 v8.2.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants