-
Notifications
You must be signed in to change notification settings - Fork 24.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix .security-* indices auto-create #44918
Fix .security-* indices auto-create #44918
Conversation
Pinging @elastic/es-security |
@elasticmachine run elasticsearch-ci/bwc |
1 similar comment
@elasticmachine run elasticsearch-ci/bwc |
I don't understand why the proposed fix is the correct solution. From memory, the existing code is there to strip out the mapping type because the put mapping call requires a typeless mapping when we upgrade the mapping. It the absense of any tests, I can't tell why the new behaviour should be considered better than the old version. |
When we construct the create index request we have the option to include or not the type name ( What do you think a test should look like? Should we validate that the create index API creates the index with the correct mapping? What granularity of validation of the created index is appropriate, eg should we check every mapping field, just the |
@elasticmachine run elasticsearch-ci/bwc |
The purpose of this change is to fix something that is broken. But nothing in the PR demonstrates that the broken behaviour is fixed. Next week someone might raise a PR to revert your change, and if they do, all the tests will pass.
That sounds like a bug in core. Is that behaviour intentional? Shouldn't we be fixing this in the mapping merge instead of just ignoring broken behaviour? |
.security-7
and.security-tokens-7
are auto-created when they do not exist, using settings and mappings in the plugin resources. This bug is caused by the way we construct thecreate-index
request.Specifically, when there exists an index template that matches these indices, the mappings in the template override the mappings of the index (not vice-versa), even if the mappings in the template are empty. The reasons are entirely tied to the intricacies of mapping merging after the typeless remodeling.
For example:
//
.security-tokens-7
is recreated , but errors...