Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use alias name from rollover request to query indices stats (#40774)
In `TransportRolloverAction` before doing rollover we resolve source index name (write index) from the alias in the rollover request. Before evaluating the conditions and executing rollover action, we retrieve stats, but to do so we used the source index name resolved from the alias instead of alias from the index. This fails when the user is assigned a role with index privilege on the alias instead of the concrete index. This commit fixes this by using the alias from the request. After this change, verified that when we retrieve all the stats (including write + read indexes) we are considering only source index. Closes #40771
- Loading branch information
Showing
3 changed files
with
281 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
139 changes: 139 additions & 0 deletions
139
...k/plugin/src/test/resources/rest-api-spec/test/security/authz/31_rollover_using_alias.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
--- | ||
|
||
setup: | ||
- skip: | ||
features: headers | ||
|
||
- do: | ||
cluster.health: | ||
wait_for_status: yellow | ||
|
||
- do: | ||
security.put_role: | ||
name: "alias_write_manage_role" | ||
body: > | ||
{ | ||
"indices": [ | ||
{ "names": ["write_manage_alias"], "privileges": ["write", "manage"] } | ||
] | ||
} | ||
- do: | ||
security.put_user: | ||
username: "test_user" | ||
body: > | ||
{ | ||
"password" : "x-pack-test-password", | ||
"roles" : [ "alias_write_manage_role" ], | ||
"full_name" : "user with privileges to write, manage via alias" | ||
} | ||
- do: | ||
indices.create: | ||
index: logs-000001 | ||
body: | ||
settings: | ||
index: | ||
number_of_shards: 1 | ||
number_of_replicas: 0 | ||
|
||
- do: | ||
indices.put_alias: | ||
index: logs-000001 | ||
name: write_manage_alias | ||
|
||
--- | ||
teardown: | ||
- do: | ||
security.delete_user: | ||
username: "test_user" | ||
ignore: 404 | ||
|
||
- do: | ||
security.delete_role: | ||
name: "alias_write_role" | ||
ignore: 404 | ||
|
||
- do: | ||
indices.delete_alias: | ||
index: "logs-000001" | ||
name: [ "write_manage_alias" ] | ||
ignore: 404 | ||
|
||
- do: | ||
indices.delete: | ||
index: [ "logs-000001" ] | ||
ignore: 404 | ||
|
||
--- | ||
"Test rollover, index via write alias of index": | ||
|
||
# index using alias | ||
- do: | ||
headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user | ||
create: | ||
id: 1 | ||
index: write_manage_alias | ||
body: > | ||
{ | ||
"name" : "doc1" | ||
} | ||
- do: | ||
headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user | ||
create: | ||
id: 2 | ||
index: write_manage_alias | ||
body: > | ||
{ | ||
"name" : "doc2" | ||
} | ||
- do: | ||
indices.refresh: {} | ||
|
||
# rollover using alias | ||
- do: | ||
headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user | ||
indices.rollover: | ||
alias: "write_manage_alias" | ||
wait_for_active_shards: 1 | ||
body: | ||
conditions: | ||
max_docs: 1 | ||
|
||
- match: { old_index: logs-000001 } | ||
- match: { new_index: logs-000002 } | ||
- match: { rolled_over: true } | ||
- match: { dry_run: false } | ||
- match: { conditions: { "[max_docs: 1]": true } } | ||
|
||
# ensure new index is created | ||
- do: | ||
indices.exists: | ||
index: logs-000002 | ||
|
||
- is_true: '' | ||
|
||
# index using alias | ||
- do: | ||
headers: { Authorization: "Basic dGVzdF91c2VyOngtcGFjay10ZXN0LXBhc3N3b3Jk" } # test_user | ||
create: | ||
id: 3 | ||
index: write_manage_alias | ||
body: > | ||
{ | ||
"name" : "doc3" | ||
} | ||
- do: | ||
indices.refresh: {} | ||
|
||
# check alias points to the new index and the doc was indexed | ||
- do: | ||
search: | ||
rest_total_hits_as_int: true | ||
index: write_manage_alias | ||
|
||
- match: { hits.total: 1 } | ||
- match: { hits.hits.0._index: "logs-000002"} |