OpenSearch/qa/reindex-tests-with-security
javanna 4bb6e856f3 Authorize composite actions based on their action name only, subrequests and their indices will be later authorized individually
Eagerly authorizing CompositeIndicesRequests allowed the security plugin to fail fast up until now, but it makes it very hard to reason about each specific item in a multi items request. Either all items fail, or none do. We would rather want to adopt a similar behaviour to es core, where individual items fail without affecting other items that are part of the same request. We can rely on the fact that es core always authorizes both main action and every subaction too, and skip authorization for the main action. By subaction we mean either all sub search requests in msearch, as well as each shard level get in mget or shard level bulk request for bulk.

 BulkRequestInterceptor was converted to intercept BulkShardRequests rather than BulkRequest as that is where bulk is authorized after this change.

 Split IndicesAndAliasesResolverIntegrationTests into ReadActionsTests and WriteActionsTests as they require different set of permissions, lots of tests added.

Explicitly listing the composite actions makes sure that the actions that can bypass security are known, somebody adding a similar action must to add it to the list, so we know it doesn't happen by mistake. At this point the CompositeIndicesRequest can be used as a marker interface only (it is not really needed but can be used to verify that composite actions use a request that implements such interface).

Given that we don't authorize composite actions based on their indices anymore, but only their sub-requests which implement IndicesRequest, printing out the indices names in the audit log for requests like bulk and msearch is confusing. Removed support for that.

Authorize composite indices actions based on their name only, their indices will be authorized at the sub-request/shard level

Rather than simply granting bulk, mget, msearch etc. and relying on authorization at the sub-request/shard level, we check that the current user can at least execute the action. This justifies the grant line that gets written in the audit log, the action is potentially possible without looking at the indices. Each specific item will fail or succeed later and will yield its own specific audit log entry.

Original commit: elastic/x-pack-elasticsearch@4570caf019
2016-10-13 16:05:02 +02:00
..
src/test Authorize composite actions based on their action name only, subrequests and their indices will be later authorized individually 2016-10-13 16:05:02 +02:00
build.gradle Build: Reorganize src roots 2016-10-01 09:46:43 +02:00
roles.yml Moved directories around 2016-09-29 12:03:14 +02:00