[Transform] mark old data frame transform roles deprecated (#57655)
mark old data frame transform roles deprecated fixes #50087
This commit is contained in:
Hendrik Muhs
parent
c1c8817eae
commit
e91b975878
|
|
@ -207,7 +207,7 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
|
||||||
new RoleDescriptor.ApplicationResourcePrivileges[] {
|
new RoleDescriptor.ApplicationResourcePrivileges[] {
|
||||||
RoleDescriptor.ApplicationResourcePrivileges.builder()
|
RoleDescriptor.ApplicationResourcePrivileges.builder()
|
||||||
.application("kibana-*").resources("*").privileges("reserved_ml_user").build()
|
.application("kibana-*").resources("*").privileges("reserved_ml_user").build()
|
||||||
}, null, null, MetadataUtils.DEFAULT_RESERVED_METADATA, null))
|
}, null, null, MetadataUtils.getDeprecatedReservedMetadata("Please use the [transform_admin] role instead"), null))
|
||||||
// DEPRECATED: to be removed in 9.0.0
|
// DEPRECATED: to be removed in 9.0.0
|
||||||
.put("data_frame_transforms_user", new RoleDescriptor("data_frame_transforms_user",
|
.put("data_frame_transforms_user", new RoleDescriptor("data_frame_transforms_user",
|
||||||
new String[] { "monitor_data_frame_transforms" },
|
new String[] { "monitor_data_frame_transforms" },
|
||||||
|
|
@ -221,7 +221,7 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
|
||||||
new RoleDescriptor.ApplicationResourcePrivileges[] {
|
new RoleDescriptor.ApplicationResourcePrivileges[] {
|
||||||
RoleDescriptor.ApplicationResourcePrivileges.builder()
|
RoleDescriptor.ApplicationResourcePrivileges.builder()
|
||||||
.application("kibana-*").resources("*").privileges("reserved_ml_user").build()
|
.application("kibana-*").resources("*").privileges("reserved_ml_user").build()
|
||||||
}, null, null, MetadataUtils.DEFAULT_RESERVED_METADATA, null))
|
}, null, null, MetadataUtils.getDeprecatedReservedMetadata("Please use the [transform_user] role instead"), null))
|
||||||
.put("transform_admin", new RoleDescriptor("transform_admin",
|
.put("transform_admin", new RoleDescriptor("transform_admin",
|
||||||
new String[] { "manage_transform" },
|
new String[] { "manage_transform" },
|
||||||
new RoleDescriptor.IndicesPrivileges[]{
|
new RoleDescriptor.IndicesPrivileges[]{
|
||||||
|
|
|
||||||
|
|
@ -50,8 +50,8 @@ import org.elasticsearch.common.util.set.Sets;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
import org.elasticsearch.transport.TransportRequest;
|
import org.elasticsearch.transport.TransportRequest;
|
||||||
import org.elasticsearch.xpack.core.action.XPackInfoAction;
|
import org.elasticsearch.xpack.core.action.XPackInfoAction;
|
||||||
import org.elasticsearch.xpack.core.ilm.action.GetLifecycleAction;
|
|
||||||
import org.elasticsearch.xpack.core.ilm.action.DeleteLifecycleAction;
|
import org.elasticsearch.xpack.core.ilm.action.DeleteLifecycleAction;
|
||||||
|
import org.elasticsearch.xpack.core.ilm.action.GetLifecycleAction;
|
||||||
import org.elasticsearch.xpack.core.ilm.action.PutLifecycleAction;
|
import org.elasticsearch.xpack.core.ilm.action.PutLifecycleAction;
|
||||||
import org.elasticsearch.xpack.core.ilm.action.StartILMAction;
|
import org.elasticsearch.xpack.core.ilm.action.StartILMAction;
|
||||||
import org.elasticsearch.xpack.core.ilm.action.StopILMAction;
|
import org.elasticsearch.xpack.core.ilm.action.StopILMAction;
|
||||||
|
|
@ -1277,6 +1277,11 @@ public class ReservedRolesStoreTests extends ESTestCase {
|
||||||
for (RoleDescriptor roleDescriptor : roleDescriptors) {
|
for (RoleDescriptor roleDescriptor : roleDescriptors) {
|
||||||
assertNotNull(roleDescriptor);
|
assertNotNull(roleDescriptor);
|
||||||
assertThat(roleDescriptor.getMetadata(), hasEntry("_reserved", true));
|
assertThat(roleDescriptor.getMetadata(), hasEntry("_reserved", true));
|
||||||
|
if (roleDescriptor.getName().equals("data_frame_transforms_admin")) {
|
||||||
|
assertThat(roleDescriptor.getMetadata(), hasEntry("_deprecated", true));
|
||||||
|
} else {
|
||||||
|
assertThat(roleDescriptor.getMetadata(), not(hasEntry("_deprecated", true)));
|
||||||
|
}
|
||||||
|
|
||||||
Role role = Role.builder(roleDescriptor, null).build();
|
Role role = Role.builder(roleDescriptor, null).build();
|
||||||
assertThat(role.cluster().check(DeleteTransformAction.NAME, request, authentication), is(true));
|
assertThat(role.cluster().check(DeleteTransformAction.NAME, request, authentication), is(true));
|
||||||
|
|
@ -1318,7 +1323,7 @@ public class ReservedRolesStoreTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testDataFrameTransformsUserRole() {
|
public void testTransformUserRole() {
|
||||||
final TransportRequest request = mock(TransportRequest.class);
|
final TransportRequest request = mock(TransportRequest.class);
|
||||||
final Authentication authentication = mock(Authentication.class);
|
final Authentication authentication = mock(Authentication.class);
|
||||||
|
|
||||||
|
|
@ -1330,6 +1335,11 @@ public class ReservedRolesStoreTests extends ESTestCase {
|
||||||
for (RoleDescriptor roleDescriptor : roleDescriptors) {
|
for (RoleDescriptor roleDescriptor : roleDescriptors) {
|
||||||
assertNotNull(roleDescriptor);
|
assertNotNull(roleDescriptor);
|
||||||
assertThat(roleDescriptor.getMetadata(), hasEntry("_reserved", true));
|
assertThat(roleDescriptor.getMetadata(), hasEntry("_reserved", true));
|
||||||
|
if (roleDescriptor.getName().equals("data_frame_transforms_user")) {
|
||||||
|
assertThat(roleDescriptor.getMetadata(), hasEntry("_deprecated", true));
|
||||||
|
} else {
|
||||||
|
assertThat(roleDescriptor.getMetadata(), not(hasEntry("_deprecated", true)));
|
||||||
|
}
|
||||||
|
|
||||||
Role role = Role.builder(roleDescriptor, null).build();
|
Role role = Role.builder(roleDescriptor, null).build();
|
||||||
assertThat(role.cluster().check(DeleteTransformAction.NAME, request, authentication), is(false));
|
assertThat(role.cluster().check(DeleteTransformAction.NAME, request, authentication), is(false));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue