[Test] Fix FollowIndexSecurityIT by granting needed previleges #84467
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
ywangd
added
>test
|
Pinging @elastic/es-security (Team:Security) |
ywangd
commented
Mar 1, 2022
Comment on lines
-9
to
-10
| - manage_leader_index | ||
| - view_index_metadata |
There was a problem hiding this comment.
Neither of these privileges are documented as part of CCR. So the documentation is broken for more than just the retention lease renewal action. I added a comment here to track necessary documentation changes.
tvernum
approved these changes
Mar 1, 2022
ywangd
added a commit
to ywangd/elasticsearch
that referenced
this pull request
Mar 1, 2022
…ic#84467) CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
💚 Backport successful
|
elasticsearchmachine
pushed a commit
that referenced
this pull request
Mar 1, 2022
… (#84471) CCR user on the leader cluster needs more privileges than what are documented (#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with #61308. Resolves: #84156 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
Hello @ywangd, I just noticed the same failure has happened on 7.17 branch recently: https://gradle-enterprise.elastic.co/s/p2tu4w364dzs6 Do you mind back-porting the fix there as well? |
ywangd
added a commit
to ywangd/elasticsearch
that referenced
this pull request
Mar 31, 2022
…ic#84467) CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
|
Raised backport (#85514) for 7.17 |
elasticsearchmachine
pushed a commit
that referenced
this pull request
Mar 31, 2022
… (#85514) CCR user on the leader cluster needs more privileges than what are documented (#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with #61308. Resolves: #84156
|
Thank you! |
tlrx
added a commit
to tlrx/elasticsearch
that referenced
this pull request
Apr 25, 2022
Now elastic#84467 has been backported to 7.17 (elastic#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in elastic#85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes elastic#84888
tlrx
added a commit
that referenced
this pull request
Apr 26, 2022
…86140) Now #84467 has been backported to 7.17 (#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in #85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes #84888
tlrx
added a commit
to tlrx/elasticsearch
that referenced
this pull request
Apr 26, 2022
…lastic#86140) Now elastic#84467 has been backported to 7.17 (elastic#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in elastic#85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes elastic#84888
tlrx
added a commit
to tlrx/elasticsearch
that referenced
this pull request
Apr 26, 2022
…lastic#86140) Now elastic#84467 has been backported to 7.17 (elastic#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in elastic#85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes elastic#84888
elasticsearchmachine
pushed a commit
that referenced
this pull request
Apr 26, 2022
…86140) (#86172) Now #84467 has been backported to 7.17 (#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in #85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes #84888
elasticsearchmachine
pushed a commit
that referenced
this pull request
Apr 26, 2022
…86140) (#86174) Now #84467 has been backported to 7.17 (#85514) the recent failures are always due to monitoring docs not being indexed in monitoring indices within 30s. Similarly to what has been done for `AutoFollowIT.testAutoFollowPatterns()` in #85278 which reduced the number of failures, we can wait longer in `FollowIndexSecurityIT.testAutoFollowPatterns()` for monitoring docs to be indexed. Closes #84888
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CCR user on the leader cluster needs more privileges than what are
documented (#61308). Specifically it needs to renew the retention lease
at a fixed time interval. This PR fixes it by granting the "manage"
index privilege to the CCR user on the leader cluster.
Note we still want to revisit privileges required CCR or at least fix
our documentation. This will be tracked with #61308.
Resolves: #84156