mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 21:18:31 +00:00
aece28c286
After a write operation on an index, a post-operation global checkpoint sync fires. Previously, this action fired on the same user as executed the write action. If the user did not have priviledges for this action, the global checkpoint sync would fail. With an upstream change in core, this action now fires as the system user. This commit adds a test that create a user that has minimal write permissions on an index, but none that would imply it could execute the global checkpoint sync. This then serves as a test that the upstream change to fire the global checkpoint sync as the system user is correct. This test must run as a mulit-node test so that a replica is a assigned so that the global checkpoint sync fires in the first place. This test does indeed fail without the upstream change, and passes with it. Relates elastic/x-pack-elasticsearch#2744 Original commit: elastic/x-pack-elasticsearch@bf7e771756
15 lines
450 B
YAML
15 lines
450 B
YAML
test:
|
|
# this privileges must be kept minimal or the user could inadvertently be
|
|
# granted permissions that would enable the global checkpoint sync to run
|
|
# as this user leading to tests that should fail if the global checkpoint
|
|
# sync does not run as the system user to pass for when they should not
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: [ 'test-index' ]
|
|
privileges:
|
|
- create_index
|
|
- monitor
|
|
- write
|
|
|