Skip to content

[DOCS] Adds authorization info for CCR APIs #35557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 21, 2018
Merged

[DOCS] Adds authorization info for CCR APIs #35557

merged 3 commits into from
Nov 21, 2018

Conversation

@lcawl
Copy link
Contributor

@lcawl lcawl commented Nov 14, 2018

Related to elastic/stack-docs#149 (comment)

This PR adds an "Authorization" section to two cross-cluster replication APIs, similar to what exists for other X-Pack APIs. The other CCR APIs can be augmented in subsequent PRs.

@lcawl lcawl added >docs General docs changes v7.0.0 :Distributed Indexing/CCR Issues around the Cross Cluster State Replication features v6.5.0 v6.6.0 labels Nov 14, 2018
@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 14, 2018

Pinging @elastic/es-distributed

@lcawl lcawl mentioned this pull request Nov 14, 2018
Merged
martijnvg
martijnvg approved these changes Nov 15, 2018
View reviewed changes
Copy link
Member

@martijnvg martijnvg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left two comments - LGTM otherwise.

docs/reference/ccr/apis/follow/post-resume-follow.asciidoc Outdated

==== Authorization

If the {es} {security-features} are enabled, to use this API you must have
Copy link
Member

@martijnvg martijnvg Nov 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also the monitor privilege is needed in both clusters.

docs/reference/ccr/apis/follow/post-pause-follow.asciidoc Outdated

==== Authorization

If the {es} {security-features} are enabled, to use this API you must have
Copy link
Member

@martijnvg martijnvg Nov 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I should have better described my comment in the other PR, but in the case of pause follow, only manage_ccr is needed. The reason is that it just stops the follow tasks. (resume follow is different as it start shard following and then uses the privileges of the user that invoked resume follow api to read from leader and write in into follower)

@martijnvg
Copy link
Member

martijnvg commented Nov 15, 2018

@lcawl I just realized that it would be good if put-follow.asciidoc also had an authorization header. It should be the same as in post-resume-follow.asciidoc, but then also the manage_follow_index index privilege is required in the follower cluster (to allow a user to create follow indices via the put follow api).

@lcawl
Copy link
Contributor Author

lcawl commented Nov 15, 2018

@martijnvg I've updated the authorization text (and added it for put-follow.asciidoc). When you have a moment, can you take another look?

@lcawl lcawl mentioned this pull request Nov 15, 2018
Merged
martijnvg
martijnvg approved these changes Nov 16, 2018
View reviewed changes
Copy link
Member

@martijnvg martijnvg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a small note. Otherwise 👍 and thanks for documenting this!

docs/reference/ccr/apis/follow/post-resume-follow.asciidoc Outdated

If the {es} {security-features} are enabled, you must have `write` index
privileges for the follower index and `read` index privileges for the leader
index. You must have `manage_ccr` and `monitor` cluster privileges on the
Copy link
Member

@martijnvg martijnvg Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The monitor indices privilege in both clusters is needed instead of monitor cluster privilege.

Copy link
Contributor Author

@lcawl lcawl Nov 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I've fixed those details

docs/reference/ccr/apis/follow/put-follow.asciidoc Outdated

If the {es} {security-features} are enabled, you must have `write` and
`manage_follow_index` index privileges for the follower index and `read` index
privileges for the leader index. You must have `manage_ccr` and `monitor`
Copy link
Member

@martijnvg martijnvg Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

@lcawl
Copy link
Contributor Author

lcawl commented Nov 20, 2018

retest this please

@lcawl
Copy link
Contributor Author

lcawl commented Nov 21, 2018

Verified successful gradlew checks

@lcawl lcawl merged commit 04a087f into elastic:master Nov 21, 2018
@lcawl lcawl deleted the lcawley-ccr-auth branch November 21, 2018 00:23
lcawl added a commit that referenced this pull request Nov 21, 2018
@lcawl
[DOCS] Adds authorization info for CCR APIs (#35557)
87cb628
lcawl added a commit to lcawl/elasticsearch that referenced this pull request Nov 21, 2018
@lcawl
[DOCS] Adds authorization info for CCR APIs (elastic#35557)
768b107
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martijnvg martijnvg martijnvg approved these changes

@jasontedor jasontedor Awaiting requested review from jasontedor

Assignees

No one assigned

Labels

:Distributed Indexing/CCR Issues around the Cross Cluster State Replication features >docs General docs changes v6.5.0 v6.6.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lcawl @elasticmachine @martijnvg @colings86