Elasticsearch: Add index privilege for refresh/flush separate to manage
Original comment by @tvernum:
See: https://discuss.elastic.co/t/what-is-the-security-realm-recommended-in-es-5-6/117841/3
_refresh_ and _flush are currently part of manage which is a fairly destructive privilege (e.g. it includes delete, and close). However, flush and refresh are not destructive, and will eventually happen anyway, these APIs just trigger them earlier.
It would be good to have a high-level index privilege for refresh, and maybe flush (bearing in mind that flush is more expensive, and needed far less often).
elasticmachine
All 11 comments
I suggest we move the following:
indices:admin/refresh
indices:admin/flush
indices:admin/synced_flush
indices:admin/forcemerge
to a newly created index privilege named maintenance.
I am tempted to add indices:admin/refresh to the read as well and indices:admin/flush,
indices:admin/synced_flush, and indices:admin/forcemerge to write.
WDYT @tvernum ?
albertzaharovits
on 3 Oct 2019
For reference here are all the index admin actions:
# monitor
indices:monitor/stats
indices:monitor/recovery
indices:monitor/segments
indices:monitor/shard_stores
indices:monitor/upgrade
# view_index_metadata
indices:monitor/settings/get
indices:admin/aliases/get
indices:admin/get
indices:admin/mapping/get
indices:admin/mappings/fields/get
indices:admin/validate/query
indices:admin/ilm/explain
# manage
indices:admin/create
indices:admin/delete
indices:admin/close
indices:admin/open
indices:admin/aliases
indices:admin/upgrade
indices:admin/template/put
indices:admin/resize
indices:admin/settings/update
indices:admin/mapping/put
indices:admin/template/delete
indices:admin/rollover
indices:admin/cache/clear
indices:admin/refresh
indices:admin/flush
indices:admin/synced_flush
indices:admin/forcemerge
indices:admin/analyze
indices:admin/template/get
Heya @tvernum !
May I please get your input on the before proposal from https://github.com/elastic/elasticsearch/issues/29998#issuecomment-537895624 , to group indices:admin/refresh, indices:admin/flush, indices:admin/synced_flush, and indices:admin/forcemerge under a new index privilege named maintenance?
albertzaharovits
on 29 Dec 2019
I think a maintenance privilege covering those 4 actions makes sense.
tvernum
on 2 Jan 2020
hi @albertzaharovits
are the roles need to be excluded from manage ?
amirhmd
on 2 Jan 2020
I suppose you mean to ask if the actions should be excluded from the manage privilege.
The answer is no. There should be no changes to existing privileges. Only add the new maintenance privilege containing the 4 actions.
albertzaharovits
on 3 Jan 2020
ok understood
amirhmd
on 3 Jan 2020
hi @albertzaharovits
I already added the new privilege grouping 4 requested actions. but when it comes to testing I follow the current approach in IndexPriviledgeTests but it getting access denied for the added test. could you advise on this?
amirhmd
on 4 Jan 2020
hi @amirhmd . Best course of action is to open the PR as is, with the test failing, and we'll iterate on it together.
albertzaharovits
on 6 Jan 2020
Hi @albertzaharovits could you please check https://github.com/elastic/elasticsearch/pull/50643?
amirhmd
on 6 Jan 2020
50643 closed this enhancement request, a new maintenance index privilege has been introduced.
albertzaharovits
on 10 Jun 2020
Related issues
clintongormley
路
3Comments
rjernst
路
3Comments
ppf2
路
3Comments
Praveen82
路
3Comments
rpalsaxena
路
3Comments