Use the Index Access Control from the scroll search context #60640
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
albertzaharovits
changed the title
albertzaharovits
changed the title
albertzaharovits
added
the
:Security/Authorization
Collaborator
|
Pinging @elastic/es-security (:Security/Authorization) |
ywangd
reviewed
Aug 5, 2020
| } | ||
|
|
||
| void ensureIndicesAccessControlForScrollThreadContext(SearchContext searchContext) { | ||
| if (licenseState.isSecurityEnabled() && searchContext.scrollContext() != null) { |
Member
There was a problem hiding this comment.
Are there valid cases where searchContext.scrollContext() is null?
Contributor
Author
There was a problem hiding this comment.
I don't know the circumstances , but they are not important in this context because I can rely on the fact that validateSearchContext has the same validation.
Contributor
Author
There was a problem hiding this comment.
I mean, if you're asking informatively, I would expect that regular searches don't have a scroll context. If you're asking as a reviewer, I say I replicated the validation that the handler called just before onPreFetch/QueryPhase has.
ywangd
reviewed
Aug 5, 2020
| searchContext.scrollContext().getFromContext(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); | ||
| IndicesAccessControl threadIndicesAccessControl = | ||
| securityContext.getThreadContext().getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); | ||
| if (false == scrollIndicesAccessControl.equals(threadIndicesAccessControl)) { |
Member
There was a problem hiding this comment.
If what we are after is identity equality, I'd personally prefer to have scrollIndicesAccessControl != threadIndicesAccessControl to help with clarity and perphaps more future proof.
Contributor
Author
There was a problem hiding this comment.
Okay, I suppose identity equality is what this check is all about. I've made the suggested change, thanks.
Contributor
Author
|
@elasticmachine run elasticsearch-ci/2 |
albertzaharovits
deleted the
index_access_control_on_scroll_search_thread_context
branch
albertzaharovits
added a commit
to albertzaharovits/elasticsearch
that referenced
this pull request
Aug 5, 2020
…60640) When the RBACEngine authorizes scroll searches it sets the index access control to the very limiting IndicesAccessControl.ALLOW_NO_INDICES value. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.
albertzaharovits
added a commit
to albertzaharovits/elasticsearch
that referenced
this pull request
Aug 5, 2020
…60640) When the RBACEngine authorizes scroll searches it sets the index access control to the very limiting IndicesAccessControl.ALLOW_NO_INDICES value. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.
albertzaharovits
added a commit
that referenced
this pull request
Aug 5, 2020
When the RBACEngine authorizes scroll searches it sets the index access control to the very limiting IndicesAccessControl.ALLOW_NO_INDICES value. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.
albertzaharovits
added a commit
that referenced
this pull request
Aug 5, 2020
When the RBACEngine authorizes scroll searches it sets the index access control to the very limiting IndicesAccessControl.ALLOW_NO_INDICES value. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.
albertzaharovits
added a commit
that referenced
this pull request
Aug 5, 2020
When the RBACEngine authorizes scroll searches it sets the index access control to the very limiting IndicesAccessControl.ALLOW_NO_INDICES value. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.
albertzaharovits
added a commit
that referenced
this pull request
Aug 27, 2020
The check introduced by #60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
albertzaharovits
added a commit
that referenced
this pull request
Aug 27, 2020
The check introduced by #60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
albertzaharovits
added a commit
that referenced
this pull request
Aug 27, 2020
The check introduced by #60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
albertzaharovits
added a commit
that referenced
this pull request
Aug 27, 2020
The check introduced by #60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
albertzaharovits
added a commit
to albertzaharovits/elasticsearch
that referenced
this pull request
Aug 27, 2020
The check introduced by elastic#60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
albertzaharovits
added a commit
that referenced
this pull request
Aug 27, 2020
The check introduced by #60640 for scroll searches, in which we log if the index access control before the query and fetch phases differs from when the scroll context is created, is too strict, leading to spurious warning log messages. The check verifies instance equality but this assumes that the fetch phase is executed in the same thread context as the scroll context validation. However, this is not true if the scroll search is executed cross-cluster, and even for local scroll searches it is an unfounded assumption. The check is hence reduced to a null check for the index access. The fact that the access control is suitable given the indices that are actually accessed (by the scroll) will be done in a follow-up, after we better regulate the creation of index access controls in general.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the
RBACEngineauthorizes scroll searches it sets the index access control to the very limitingIndicesAccessControl.ALLOW_NO_INDICESvalue. This change will set it to the value for the index access control that was produced during the authorization of the initial search that created the scroll, which is now stored in the scroll context.