mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-15 17:35:41 +00:00
If security is enabled today with ccr then the follow index api will fail with the fact that system user does not have privileges to use the shard changes api. The reason that system user is used is because the persistent tasks that keep the shards in sync runs in the background and the user that invokes the follow index api only start those background processes. I think it is better that the system user isn't used by the persistent tasks that keep shards in sync, but rather runs as the same user that invoked the follow index api and use the permissions that that user has. This is what this PR does, and this is done by keeping track of security headers inside the persistent task (similar to how rollup does this). This PR also adds a cluster ccr priviledge that allows a user to follow or unfollow an index. Finally if a user that wants to follow an index, it needs to have read and monitor privileges on the leader index and monitor and write privileges on the follow index.
53 lines
1.5 KiB
Groovy
53 lines
1.5 KiB
Groovy
import com.carrotsearch.gradle.junit4.RandomizedTestingTask
|
|
import org.elasticsearch.gradle.BuildPlugin
|
|
|
|
evaluationDependsOn(xpackModule('core'))
|
|
|
|
apply plugin: 'elasticsearch.esplugin'
|
|
esplugin {
|
|
name 'x-pack-ccr'
|
|
description 'Elasticsearch Expanded Pack Plugin - CCR'
|
|
classname 'org.elasticsearch.xpack.ccr.Ccr'
|
|
hasNativeController false
|
|
requiresKeystore true
|
|
extendedPlugins = ['x-pack-core']
|
|
}
|
|
archivesBaseName = 'x-pack-ccr'
|
|
|
|
integTest.enabled = false
|
|
|
|
compileJava.options.compilerArgs << "-Xlint:-try"
|
|
|
|
// Instead we create a separate task to run the
|
|
// tests based on ESIntegTestCase
|
|
task internalClusterTest(type: RandomizedTestingTask,
|
|
group: JavaBasePlugin.VERIFICATION_GROUP,
|
|
description: 'Java fantasy integration tests',
|
|
dependsOn: test.dependsOn) {
|
|
configure(BuildPlugin.commonTestConfig(project))
|
|
classpath = project.test.classpath
|
|
testClassesDir = project.test.testClassesDir
|
|
include '**/*IT.class'
|
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
|
}
|
|
|
|
check {
|
|
dependsOn = [internalClusterTest, 'qa:multi-cluster:followClusterTest', 'qa:multi-cluster-with-security:followClusterTest']
|
|
}
|
|
|
|
internalClusterTest.mustRunAfter test
|
|
|
|
dependencies {
|
|
compileOnly "org.elasticsearch:elasticsearch:${version}"
|
|
compileOnly "org.elasticsearch.plugin:x-pack-core:${version}"
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
}
|
|
|
|
dependencyLicenses {
|
|
ignoreSha 'x-pack-core'
|
|
}
|
|
|
|
run {
|
|
plugin xpackModule('core')
|
|
}
|